Enabling WMI on remote computers

 Top  Previous  Next

Enabling monitoring of Windows counters

 

WMI (used by Inventory, WinTools and Windows performance counters monitoring) is fully enabled by default on Windows 2003 Server. But you need to perform several operations if you would like to get information from computers with Windows XP Professional, Vista, Windows 7, and newer. To speed up the whole operation we prepared a program (WMIEnable.exe) which automatically performs all necessary operations. To enable WMI, just run this program on the remote machine. You can run it from the login script, thus enabling WMI on all Windows machines in your network at once. If any other firewall is used on the remote machine, the following ports must be opened: TCP 135, 139, 445, 593.

 

To use WinTools or get inventory of Windows XP Home machine you need to remember that this systems must have exactly the same user and password as the user logged in on the machine running netTools and nVision.

 

WMIEnable

 

This program enables WMI on the Windows computers. This is exact list of operations performed by this program:

 

1.DCOM is enabled by setting registry key [HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM] value to "Y".
2.Remote UAC on Windows Vista is enabled by setting registry key [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy] value to 1.
3.The WMI ports (TCP 135, 139, 445, 593) are opend on the Windows firewall by performing the following command: netsh firewall set service RemoteAdmin
4.Access to WMI on Windows Vista is enabled by adding firewall exception for "Windows Management Instrumentation (WMI)".
5.Authorization model is set to "Local user authorize as themselves" by setting registry key [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\forceguest] value to 0.

 

In almost all cases the system restart is not necessary and WMI will be enabled right after the program execution, but you can also force Windows system restart after the above parameters are set by running the program with the /restart parameter. The program will not restart the system if it's not able to change system settings.

 

If the WMI is still not working

 

If you have run the WMIEnable program and WMI is still not working, then verify the following:

 

1.Enter Local Security Settings (secpol.msc /s) and select Local Policies -> User Rights Assignement -> Access this computer from network. Check if all necessary users/groups are added here. At least the Administrators group or Administrator should be present.
2.Enter Group Policy Settings (gpedit.msc) and select Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network access: Sharing and security model for local accounts. Set it to "Classic - local user authorize as themselves".
3.Check if WMI is operational by running the following command: "wbemtest". WMI is running if this program can run properly.
4.Check if the following services are running:
COM+ Event System
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
WMI Performance Adapter
Workstation

 

Memory leaks with outdated Rpcrt4.dll

 

If monitoring Windows counters, please make sure that you have the latest Rpcrt4.dll installed. All previous versions cause serious memory leaks in the system, which can lead to the system crash. This problem is described by Microsoft at http://support.microsoft.com/?kbid=911262

For Windows XP your Rpcrt4.dll should have version 5.1.2600.2810 or higher.