HP Integrity rx7620 HP Insight Management WBEM Providers on Integrity Servers - Page 19
Microsoft Windows Server™ 2008 Firewall configuration
View all HP Integrity rx7620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
6 Microsoft Windows Server™ 2008 Firewall configuration This section describes a configuration method for enabling direct remote WMI access on a server running the Microsoft Windows Server 2008 Firewall. These configuration steps were derived from testing on RC1 of Microsoft Windows Server 2008, and so might not apply to the latest version of Microsoft Windows Server 2008 Firewall. There are many methods to establish remote communication with WMI. Locally privileged programs can establish communication with WMI locally and serve up a private or standardized remote management interface. The System Management Homepage (SMH) and Windows Remote Management (an implementation of WS Management) are examples. This documentation does not apply to these or other indirect methods of WMI related communication, only to direct remote connections to WMI. Firewall configurations for indirect WMI communication methods are independent of establishing a direct remote connection to WMI. Apart from setting up the firewall, some user privileges are a consideration in allowing direct remote WMI access. For example, when the user is not an Administrator, some privileges might not exist by default. For more information, see "Security requirements for the Insight Providers" (page 11) and the Securing a Remote WMI Connection MSDN article at http://msdn2.microsoft.com/en-us/library/ aa393266.aspx. Configuration You can establish direct remote WMI access on a computer running the Windows Server 2008 Firewall, but the default configuration does not allow it. However, by using the built-in firewall rules, you can enable remote WMI access in as little as two commands. You execute the following commands locally on the Windows Server 2008 machine that is providing WMI access (that is, on a computer running the Insight Providers on Windows Server™ 2008). netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes Output: Updated 4 rule(s). Ok. The command enables all firewall rules contained in the specified firewall group. If the command output does not confirm that the rules were updated, check that the group name and each word in the command are correct. The group name with spacing emphasized is below: "WindowsManagementInstrumentation(WMI)" This first command is equivalent to selecting the "Windows Management Instrumentation (WMI)" checkbox in the Control Panel→WIndows Firewall→Settings→Exceptions tab. An additional firewall rule is needed to allow a remote user to establish a WMI session. It can be enabled with a similar command: netsh advfirewall firewall set rule name="Network Discovery (NB-Name-In)" new enable=yes This command updates a portion of a rule group (a single rule). It can also be done in the GUI, as follows: 1. Click Administrative Tools→Windows Firewall with Advanced Security→Inbound Rules. 2. Enable the "Network Discovery (NB-Name-In)" rule(s). Configuration 19