Aktionen

Windows:WMI Verbindung über das Netzwerk testen

Aus znilwiki

Unter Windows XP, Windows Server 2003 / 2003 R2, Windows Vista, Windows 7, Windows Server 2008 / 2008 R2
lässt sich die Funktion der WMI Schnittstelle eines entfernten Rechners schnell in einer Eingabeaufforderung testen:

WMIC /NODE:Rechnername /USER:Domäne\Benutzername /PASSWORD:Passwort CPU

Klappte das nicht:

  • Firewall mal abschalten bzw. Ausnahme eintragen
  • In Arbeitsgruppen unter Windows Vista / 7 : UAC Modus ausschalten


Für Arbeitsgruppen unter Windows 7 gibt es auch ein Script um WMI zu ermöglichen:

Stammt von: http://community.spiceworks.com/scripts/show/866-enable-secure-work-group-scanning-in-windows-7-good-for-unknowns-and-issues-with-wmi-and-firewalls

REM Spiceworks "enable scanning" script for Windows 7, tailored to a workgroup. Changes firewall settings to allow remoteadmin to the spiceworks server only, opens WMI, DCOM to the server only and opens basic pinging. Preemptively deletes the WMI repository then rebuilds and re-registers the files in case of of WMI issues. Creates passworded admin account "SysAdmin", clears windows update temp files and resets automatic updates. 

REM In the next line replace XXX.XXX.XXX.XXX with your server IP, and on line 73 replace p455w0rd with a secure password.
set AdmIP=XXX.XXX.XXX.XXX

REM MUST be run from an ADMINISTRATOR COMMAND PROMPT

REM Major sources are from the following posts:
REM http://community.spiceworks.com/scripts/show/181-resolving-spiceworks-unknowns-unofficial
REM http://community.spiceworks.com/how_to/show/377
REM http://community.spiceworks.com/education/projects/Windows_Firewall
REM http://community.spiceworks.com/how_to/show/317
REM http://community.spiceworks.com/topic/36751-spiceworks-script-for-unknowns-and-permission-or-firewall-issue-workgroup
REM Apologies to any I've missed


REM disabling the Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) service
net stop sharedaccess 

REM disabling WMI
net stop winmgmt /y 
 

REM clearing WBEM repository and rebuilding it
cd /d %windir%\system32\wbem
rd /S /Q repository 
regsvr32 /s %systemroot%\system32\scecli.dll 
regsvr32 /s %systemroot%\system32\userenv.dll 
mofcomp cimwin32.mof 
mofcomp en-us\cimwin32.mfl 
mofcomp rsop.mof 
mofcomp en-us\rsop.mfl 


REM Registering all items in wbem folder
for /f %%s in ('dir /b /s *.dll') do regsvr32 /s %%s
REM for /f %%s in ('dir /b /s *.exe') do call :FixSrv %%s 
for /f %%s in ('dir /b *.mof') do mofcomp %%s 
REM note different directory for .mfl files
cd %windir%\system32\wbem\en-us
for /f %%s in ('dir /b *.mfl') do mofcomp %%s 

cd %windir%\system32\wbem

net stop winmgmt 

net start winmgmt 

gpupdate /force 

REM Enable Ping 
REM old version: netsh firewall set icmpsetting 8 
netsh advfirewall firewall set  rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes 

REM Instead of opening 1000 ports, enable remoteadmin to the spiceworks server only
netsh advfirewall firewall add rule name="Allow RemoteAdmin to Spiceworks" dir=in protocol=tcp remoteip=%AdmIP% action=allow enable=yes

REM Dcom setup 
reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d "2" /f 
reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyImpersonationLevel /t REG_DWORD /d "3" /f 
 

REM Setting up remote account access 

REM Disabling Forceguest - Unless this is disabled, all remote logins are guest only
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v forceguest /t REG_DWORD /d "0" /f

REM Disable UAC for remote logins - safe as long as remoteadmin rules are set to server IP or subnet ONLY
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d "1" /f

REM Enabling "SysAdmin" Account. Move along. Nothing to see here.
REM Per http://community.spiceworks.com/topic/36751-spiceworks-script-for-unknowns-and-permission-or-firewall-issue-workgroup
net user SysAdmin p455w0rd /ADD
net localgroup Administrators SysAdmin /ADD
REM hides account from login screen
REM Thanks cyberbill for the correction
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v SysAdmin /t REG_DWORD /d "0" /f

REM Win7 Firewall setup 

REM Setting up WMI components individually to limit services access to  Spiceworks server only

netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP remoteip=%AdmIP% localport=135

netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP remoteip=%AdmIP% localport=any

netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow remoteip=%AdmIP%

netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP remoteip=%AdmIP% localport=any


REM To undo WMI firewall changes using separate rules for DCOM, WMI, callback sink and outgoing connections
REM   1. To disable the DCOM exception.
REM      netsh advfirewall firewall delete rule name="DCOM"
REM    2. To disable the WMI service exception.
REM      netsh advfirewall firewall delete rule name="WMI"
REM    3. To disable the sink exception.
REM      netsh advfirewall firewall delete rule name="UnsecApp"
REM    4. To disable the outgoing exception.
REM      netsh advfirewall firewall delete rule name="WMI_OUT"


REM Check winmgmt is started, there are occasionally problems with it not starting on win7 
net start winmgmt 


REM Resetting Automatic Updates 

net stop bits
net stop wuauserv
del /f /s /q %windir%\SoftwareDistribution\*.*
net start bits
net start wuauserv

REM Forcing AU detection and resetting authorization tokens... 
wuauclt.exe /resetauthorization /detectnow 


echo Please reboot


Kommentar hinzufügen
znilwiki freut sich über alle Kommentare. Sofern du nicht anonym bleiben möchtest, trage deinen Namen oder deine Email-Adresse ein oder melde dich an. Du kannst das Feld auch einfach leer lassen. Bei einem Kommentar wird deine IP-Adresse zusammen mit dem Text, den angegebenen Namen bzw. der Email-Adresse in der Datenbank für die Kommentare dauerhaft gespeichert. Genaueres kannst du hier nachlesen: Datenschutzerklärung