Windows:WMI Verbindung über das Netzwerk testen
Aus znilwiki
Unter Windows XP, Windows Server 2003 / 2003 R2, Windows Vista, Windows 7, Windows Server 2008 / 2008 R2
lässt sich die Funktion der WMI Schnittstelle eines entfernten Rechners schnell in einer Eingabeaufforderung testen:
WMIC /NODE:Rechnername /USER:Domäne\Benutzername /PASSWORD:Passwort CPU
Klappte das nicht:
- Firewall mal abschalten bzw. Ausnahme eintragen
- In Arbeitsgruppen unter Windows Vista / 7 : UAC Modus ausschalten
Für Arbeitsgruppen unter Windows 7 gibt es auch ein Script um WMI zu ermöglichen:
Stammt von: http://community.spiceworks.com/scripts/show/866-enable-secure-work-group-scanning-in-windows-7-good-for-unknowns-and-issues-with-wmi-and-firewalls
REM Spiceworks "enable scanning" script for Windows 7, tailored to a workgroup. Changes firewall settings to allow remoteadmin to the spiceworks server only, opens WMI, DCOM to the server only and opens basic pinging. Preemptively deletes the WMI repository then rebuilds and re-registers the files in case of of WMI issues. Creates passworded admin account "SysAdmin", clears windows update temp files and resets automatic updates.
REM In the next line replace XXX.XXX.XXX.XXX with your server IP, and on line 73 replace p455w0rd with a secure password.
set AdmIP=XXX.XXX.XXX.XXX
REM MUST be run from an ADMINISTRATOR COMMAND PROMPT
REM Major sources are from the following posts:
REM http://community.spiceworks.com/scripts/show/181-resolving-spiceworks-unknowns-unofficial
REM http://community.spiceworks.com/how_to/show/377
REM http://community.spiceworks.com/education/projects/Windows_Firewall
REM http://community.spiceworks.com/how_to/show/317
REM http://community.spiceworks.com/topic/36751-spiceworks-script-for-unknowns-and-permission-or-firewall-issue-workgroup
REM Apologies to any I've missed
REM disabling the Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) service
net stop sharedaccess
REM disabling WMI
net stop winmgmt /y
REM clearing WBEM repository and rebuilding it
cd /d %windir%\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp en-us\cimwin32.mfl
mofcomp rsop.mof
mofcomp en-us\rsop.mfl
REM Registering all items in wbem folder
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
REM for /f %%s in ('dir /b /s *.exe') do call :FixSrv %%s
for /f %%s in ('dir /b *.mof') do mofcomp %%s
REM note different directory for .mfl files
cd %windir%\system32\wbem\en-us
for /f %%s in ('dir /b *.mfl') do mofcomp %%s
cd %windir%\system32\wbem
net stop winmgmt
net start winmgmt
gpupdate /force
REM Enable Ping
REM old version: netsh firewall set icmpsetting 8
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
REM Instead of opening 1000 ports, enable remoteadmin to the spiceworks server only
netsh advfirewall firewall add rule name="Allow RemoteAdmin to Spiceworks" dir=in protocol=tcp remoteip=%AdmIP% action=allow enable=yes
REM Dcom setup
reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d "2" /f
reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyImpersonationLevel /t REG_DWORD /d "3" /f
REM Setting up remote account access
REM Disabling Forceguest - Unless this is disabled, all remote logins are guest only
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v forceguest /t REG_DWORD /d "0" /f
REM Disable UAC for remote logins - safe as long as remoteadmin rules are set to server IP or subnet ONLY
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d "1" /f
REM Enabling "SysAdmin" Account. Move along. Nothing to see here.
REM Per http://community.spiceworks.com/topic/36751-spiceworks-script-for-unknowns-and-permission-or-firewall-issue-workgroup
net user SysAdmin p455w0rd /ADD
net localgroup Administrators SysAdmin /ADD
REM hides account from login screen
REM Thanks cyberbill for the correction
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v SysAdmin /t REG_DWORD /d "0" /f
REM Win7 Firewall setup
REM Setting up WMI components individually to limit services access to Spiceworks server only
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP remoteip=%AdmIP% localport=135
netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP remoteip=%AdmIP% localport=any
netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow remoteip=%AdmIP%
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP remoteip=%AdmIP% localport=any
REM To undo WMI firewall changes using separate rules for DCOM, WMI, callback sink and outgoing connections
REM 1. To disable the DCOM exception.
REM netsh advfirewall firewall delete rule name="DCOM"
REM 2. To disable the WMI service exception.
REM netsh advfirewall firewall delete rule name="WMI"
REM 3. To disable the sink exception.
REM netsh advfirewall firewall delete rule name="UnsecApp"
REM 4. To disable the outgoing exception.
REM netsh advfirewall firewall delete rule name="WMI_OUT"
REM Check winmgmt is started, there are occasionally problems with it not starting on win7
net start winmgmt
REM Resetting Automatic Updates
net stop bits
net stop wuauserv
del /f /s /q %windir%\SoftwareDistribution\*.*
net start bits
net start wuauserv
REM Forcing AU detection and resetting authorization tokens...
wuauclt.exe /resetauthorization /detectnow
echo Please reboot
Loading comments...