Set Up a Group Policy to Allow WMI on Your Domain
Before stepping through this approach for setting up WMI on a domain, be aware that:
- This is one approach for configuring WMI access. Domain experts might choose alternate methods more appropriate for your environment.
- Depending on the version of Windows running, the screens and options might look different.
- Group policies take some time to propagate through your network. These options can be configured, but it is not unusual for several hours to pass before all machines implement changes.
To set up a group policy to allow WMI on your domain:
- Run the Group Policy Management Editor:
Note: The Group Policy Management Console is an MMC snap-in that is available on your domain controller or on any machine where it is installed. It is often accessed from Administrative Tools. For additional assistance with the MMC snap-in, see http://technet.microsoft.com/en-us/library/cc731745.aspx.
- Expand the tree to Computer Configuration>Policies>Windows Settings>Security Settings>Windows Firewall with Advanced Security>Windows Firewall with Advanced Security: LDAP://…>Inbound Rules.
- Add a New Rule:
- On the context menu, select New Rule.
The New Rule Wizard opens, displaying the Rule Type page.
- Select Predefined, and then in the drop-down select Windows Management Instrumentation (WMI).
- Click Next.
The Predefined Rules page opens.
- Choose WMI-In and DCOM-In.
- Click Next.
The Action page opens.
- Select Allow the connection.
- Click Finish.
After the rules are created, edit them to add additional restrictions, such as limiting calls from specific machines and/or networks, which could require more advanced security options to be enabled.