HP DL360 HP Insight Management WBEM Providers for Windows Server 2003 and Wind - Page 22

Windows Server 2008 Firewall configuration, Firewall configuration introduction

Get HP DL360 - ProLiant - G3 PDF manuals and user guides
UPC - 613326948835
View all HP DL360 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

Windows Server 2008 Firewall configuration Firewall configuration introduction This section describes a configuration method for enabling direct remote WMI access on a server running the Windows Server® 2008 Firewall. There are many methods to establish remote communication with WMI. Locally privileged programs can establish communication with WMI locally and serve up a private or standardized remote management interface. The SMH and Windows Remote Management (an implementation of WS Management) are examples. This documentation does not apply to these or other indirect methods of WMI related communication, only to direct remote connections to WMI. Firewall configurations for indirect WMI communication methods are independent of establishing a direct remote connection to WMI. In addition to being used to set up the firewall, some user privileges are used in creating direct remote WMI access. For example, when the user is not an Administrator, some privileges might not exist by default. For more information, see Security requirements for the Insight Providers (on page 10) and the MSDN article Securing a Remote WMI Connection (http://msdn2.microsoft.com/enus/library/aa393266.aspx). Firewall configuration You can establish direct remote WMI access on a computer running the Windows Server® 2008 Firewall, but the default configuration does not provide for this access. However, by using the built-in firewall rules, you can enable remote WMI access with two commands. Locally execute the following commands on the Windows Server® 2008 machine that is providing WMI access (on a computer running the Insight Providers on Windows Server® 2008): netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes Output: Updated 4 rule(s). Ok. The commands enable all firewall rules contained in the specified firewall group. If the command output does not confirm that the rules were updated, check that the group name and each word in the command are correct. The following is an example of a group name with spacing highlighted in bold: "WindowsManagementInstrumentation(WMI)" This first command is equivalent to selecting the Windows Management Instrumentation (WMI) checkbox in the Control Panel > Windows Firewall > Settings > Exceptions tab. An additional firewall rule is needed to enable a remote user to establish a WMI session. It can be enabled with the following command: Windows Server 2008 Firewall configuration 22

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
Windows Server 2008 Firewall configuration
22
Windows Server 2008 Firewall configuration
Firewall configuration introduction
This section describes a configuration method for enabling direct remote WMI access on a server running
the Windows Server® 2008 Firewall.
There are many methods to establish remote communication with WMI. Locally privileged programs can
establish communication with WMI locally and serve up a private or standardized remote management
interface. The SMH and Windows Remote Management (an implementation of WS Management) are
examples.
This documentation does not apply to these or other indirect methods of WMI related communication,
only to direct remote connections to WMI. Firewall configurations for indirect WMI communication
methods are independent of establishing a direct remote connection to WMI.
In addition to being used to set up the firewall, some user privileges are used in creating direct remote
WMI access. For example, when the user is not an Administrator, some privileges might not exist by
default.
For more information, see Security requirements for the Insight Providers (on page
10
) and the MSDN
article Securing a Remote WMI Connection (
us/library/aa393266.aspx
).
Firewall configuration
You can establish direct remote WMI access on a computer running the Windows Server® 2008
Firewall, but the default configuration does not provide for this access. However, by using the built-in
firewall rules, you can enable remote WMI access with two commands.
Locally execute the following commands on the Windows Server® 2008 machine that is providing WMI
access (on a computer running the Insight Providers on Windows Server® 2008):
netsh advfirewall firewall set rule group="Windows Management
Instrumentation (WMI)" new enable=yes
Output:
Updated 4 rule(s).
Ok.
The commands enable all firewall rules contained in the specified firewall group. If the command output
does not confirm that the rules were updated, check that the group name and each word in the command
are correct. The following is an example of a group name with spacing highlighted in bold:
"Windows
<SPACE>
Management
<SPACE>
Instrumentation
<SPACE>
(WMI)"
This first command is equivalent to selecting the Windows Management Instrumentation (WMI) checkbox
in the
Control Panel > Windows Firewall > Settings > Exceptions
tab.
An additional firewall rule is needed to enable a remote user to establish a WMI session. It can be
enabled with the following command: