On Oct 5, 4:59 pm, Karl Mitschke <karlmitsc
...@somestate.gov> wrote:
> I have 600 Windows servers (99% Server 2003, 1% Server 2008)
> I need to allow a domain user account to access WMI information remotly.
> So, I need a way to:
> 1) Enable the firewall to allow remote wmi calls.
> 2) Enable remote DCOM.
> 3) Modify the WMI security to allow access to the Root\CIMV2 namespace for
> my account.
> I can do all this manually, but I don't want to touch all 600 servers.
> Does anyone have a script or any c# code snippets to allow this?
> Thanks
> Karl
You can do this fairly easily if all the servers are under active
directory by configuring a GPO.
If they are, you can do this....
1. Using the Group Policy Editor, click Computer Configuration, click
Windows Settings, click Security Settings, click Local Policies, and
then click Security Options. In Network access: Sharing and security
model for local accounts, click Classic – local users authenticate as
themselves.
2. Using the Group Policy Editor, click Computer Configuration, click
Administrative Templates, click Network, click Network Connections,
click Windows Firewall, and then click Domain Profile.
3. In Windows Firewall: Allow remote administration exception, click
Enabled. In Allow unsolicited incoming messages from, type the IP
address or subnet of the computer performing the inventory.
4. In Windows Firewall: Allow file and print sharing exception, click
Enabled. In Allow unsolicited incoming messages from, type the IP
address or subnet of the computer performing the inventory.
After saving the policy changes, don't forget you need to wait for the
policy settings to be applied to the client computers, which can take
up to two hours.
Kind Regards
- Dave
|
