Previous Topic

Next Topic

Book Contents

Book Index

Set Up a Group Policy to Allow WMI on Your Domain

Before stepping through this approach for setting up WMI on a domain, be aware that:

To set up a group policy to allow WMI on your domain:

  1. Run the Group Policy Management Editor:

    Note: The Group Policy Management Console is an MMC snap-in that is available on your domain controller or on any machine where it is installed. It is often accessed from Administrative Tools. For additional assistance with the MMC snap-in, see

    1. Expand the tree to Computer Configuration>Policies>Windows Settings>Security Settings>Windows Firewall with Advanced Security>Windows Firewall with Advanced Security: LDAP://…>Inbound Rules.
  2. Add a New Rule:
    1. On the context menu, select New Rule.

      Local Group Policy Editor Console

    The New Rule Wizard opens, displaying the Rule Type page.

    New Inbound Rule Wizard - Rules Type page

    1. Select Predefined, and then in the drop-down select Windows Management Instrumentation (WMI).
    2. Click Next.

      The Predefined Rules page opens.

      New Inbound Rule Wizard - Predefined Rules page

    3. Choose WMI-In and DCOM-In.
    4. Click Next.

      The Action page opens.

      New Inbound Rule Wizard - Action page

    5. Select Allow the connection.
    6. Click Finish.

After the rules are created, edit them to add additional restrictions, such as limiting calls from specific machines and/or networks, which could require more advanced security options to be enabled.

See Also

Windows Firewall Considerations