Environment
Situation
The following article outlines the required procedures for inventorying and monitoring Windows XP SP2 based workstations with Windows Firewall enabled.
Resolution
In order to Inventory and monitor a server Recon will utilize the remote machine’s WMI and Performance Monitor Counters. WMI and Windows Performance Monitor utilize RPC/DCOM which use TCP ports 135 and 445 as well as random/dynamically assigned ports above 1024. For more information on the ports being used by PowerRecon please see TID 7920571
Windows Firewall does not support dynamic TCP/UDP ports exceptions and in order to inventory and monitor servers which use Windows Firewall Microsoft recommends performing one of the following:
Option 1 - Using NETSH:
- On the remote Server, click Start Run and type: cmd to open command prompt
- In command prompt type netsh firewall set service RemoteAdmin enable and click Enter
Option 2 - Using Group Policy Editor:
- On the remote Server, click Start Run and type: gpedit.msc to open Group Policy Editor
- Under the Local Computer Policy heading, open the Computer Configuration folder
- Open the Administrative Templates folder
- Open the Network folder
- Open the Network Connections folder
- Open the Windows Firewall folder
- If the computer is in the domain, then open the Domain Profile folder; otherwise, open the Standard Profile folder
- Click Windows Firewall: Allow remote administration exception
- On the Action menu, select Properties
- Click Enable, and then click OK
For more details and for alternative method (using Scripts), please refer to the following MSDN article:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp
** Please be advised that the above has not been certified by PlateSpin and the information is provided as it.