WMI Static Port configuration


Step one:  Set the DCOM config to use a static port....
Basically, run "dcomcnfg" from command prompt. Navigate the tree to My Computer > DCOM Config > Windows Management and Instrumentation, select properties of that folder.
Go to the Endpoints tab
Select Properties button for Connection-oriented TCP/IP
Use static endpoint, set the port.
Step 2:  Configure WMI to use a fixed port
  1. At the command prompt, type winmgmt -standalonehost
  2. Stop the WMI service by typing the command net stop "Windows Management Instrumentation"
  3. Restart the WMI service again in a new service host by typing net start "Windows Management Instrumentation"
  4. Establish a new port number for the WMI service by typing netsh firewall add portopening TCP 24158 WMIFixedPort
Still testing this myself, so not 100% certain it works.

Another way,

use the Component Services Manager to set the range that the random port is allocated from to something small and then manually open each one. 
To do this you start the Component Services Manager again and right click on My Computer and select Properties. 
Click the Default Protocols tab and double click on the entry “Connection oriented TCP/IP”. 
Use the Add button to add a suitable range of ports say 5000-5010 and click OK. After this all COM+/DCOM services will select a port in this range. 
To open the ports open the Windows Firewall from the Control Panel, and add one entry for each port in the range 5000 to 5010 and one for port 135 random ports only need to be open on the remote machine. 
After a restart, which is the only way to reinitialise the RPC service, you should find it all works
I have found interesting KB http://support.microsoft.com/kb/832017. It says WMI ports are
In Windows Server 2008 and later versions, and in Windows Vista and later versions, the default dynamic port range changed to the following range:
  • Start port: 49152
  • End port: 65535
Windows 2000, Windows XP and Windows Server 2003 use a dynamic port range of 
  • Start port: 1025
  • End port: 5000

And this works for me.  On FW open two range of ports 1025-5000 and 49152-65535.



Run-->wf.msc
Opened Windows Firewall, Goto Inbound Rule -   Right Click --> New Rule -->Predifined-->> Select from list: Windows Management Instrumentation (WMI) -> Next--> Select All--> Next --> Allow or Deny Connection (Select as you want) --> Finish.
You can do it to manage all computers through Group Policy in Domain, Then:
Open DOmain controller PC--> Open Group Policy --> Right click on OU which you want to manage computers in--> Create new rule--> Edit--> Goto Computer Management--> Policy -->Windows Settings --> Security Settings-->Windows Firewall with advanced Security-->Inbound Rule--> Right Click--> New rule--> Predifined-> Select from list Windows Management Instrumentation (WMI)  Next--> Select All--> Next --> Allow or Deny Connection (Select as you want) --> Finish.
HOPE it's that you want.


Ref:
https://msdn.microsoft.com/en-us/library/bb219447(v=vs.85).aspx

Comments

Post a Comment

Popular posts from this blog

Optimizing your JVM for Best Performance

The better your JVM performs, the better your installation of Tomcat will perform. It's as simple as that. Getting the most out of your JVM is a matter of configuring its settings to match your real-world performance needs as closely as possible. Update your JVM to the latest version, establish some accurate benchmarks so you have a way of quantifying any changes you make, and then get down to business. Effective Memory Management The main thing to consider when tuning your JVM for Tomcat performance is how to avoid wasting  memory  and draining your server's power to process requests. Certain automatic JVM processes, such as garbage collection and memory reallocation, can chew through memory if they occur more frequently than necessary. You can make sure these processes only occur when they need to by using the JAVA_OPTS -Xmx and -Xms switches to control how JVM handles its heap memory. If your JVM is invoking garbage collection too frequently, use the -Xmx switch to s
Read more

How do I disable FOREIGN KEY checking for the time of database schema migration?

How do I disable  FOREIGN KEY  checking for the time of database schema migration? Currently I found engine-based commands like: PostgreSQL:  SET CONSTRAINTS ALL DEFERRED; MSSQL:  EXEC sp_msforeachtable "ALTER TABLE ? NOCHECK CONSTRAINT all"; MySQL:  SET FOREIGN_KEY_CHECKS = 0; HSQLDB:  SET REFERENTIAL_INTEGRITY FALSE; DB2:  SET INTEGRITY FOR table OFF; SQLite 3.7.16:  PRAGMA foreign_keys = false; Oracle 11g seems to have no such command at all Syntax significantly differ, in case of MSSQL I'm unable to recover previously disabled constraints (if any).
Read more