Configuration – HP Integrity rx3600 Server User Manual
Page 8
3 Microsoft Windows Server™ 2008 Firewall configuration
This section describes a configuration method for enabling direct remote WMI access on a server
running the Microsoft Windows Server 2008 Firewall. These configuration steps were derived
from testing on RC1 of Microsoft Windows Server 2008, and so might not apply to the latest
version of Microsoft Windows Server 2008 Firewall.
There are many methods to establish remote communication with WMI. Locally privileged programs
can establish communication with WMI locally and serve up a private or standardized remote
management interface. The System Management Homepage (SMH) and Windows Remote
Management (an implementation of WS Management) are examples.
This documentation does not apply to these or other indirect methods of WMI related communication,
only to direct remote connections to WMI. Firewall configurations for indirect WMI communication
methods are independent of establishing a direct remote connection to WMI.
Apart from setting up the firewall, some user privileges are a consideration in allowing direct
remote WMI access. For example, when the user is not an Administrator, some privileges might
not exist by default.
For more information, see the Microsoft® Windows Server™ 2008 R2 on HP Integrity Servers
Installation Guide, Microsoft® Windows Server™ 2008 SP2 on HP Integrity Servers Installation
Guide, and the Securing a Remote WMI Connection MSDN article at
.
Configuration
You can establish direct remote WMI access on a computer running the Windows Server 2008
Firewall, but the default configuration does not allow it. However, by using the built-in firewall
rules, you can enable remote WMI access in as little as two commands.
You execute the following commands locally on the Windows Server 2008 machine that is providing
WMI access (that is, on a computer running the Insight Providers on Windows Server™ 2008).
netsh advfirewall firewall set rule group=”Windows Management
Instrumentation (WMI)” new enable=yes
Output: Updated 4 rule(s).
Ok.
The command enables all firewall rules contained in the specified firewall group. If the command
output does not confirm that the rules were updated, check that the group name and each word
in the command are correct. The group name with spacing emphasized is below:
”Windows
This first command is equivalent to selecting the Windows Management Instrumentation (WMI)
checkbox in the Control Panel
→Windows Firewall→Settings→Exceptions tab.
An additional firewall rule is needed to allow a remote user to establish a WMI session. You can
enable it with the following command:
netsh advfirewall firewall set rule name=”Network Discovery (NB-Name-In)” new enable=yes
This command updates a portion of a rule group (a single rule). You can also be enable it in the
GUI, as follows:
1.
Click Administrative Tools
→Windows Firewall with Advanced Security→Inbound Rules.
2.
Enable the “Network Discovery (NB-Name-In)” rule(s).
3.
Select the rule, and click Action
→Enable Rule.
This rule and an equivalent rule appear in the Network Discovery and the File and
Printer Sharing
firewall rule groups, respectively.
8
Microsoft Windows Server™ 2008 Firewall configuration