Configuring Remote Access to WMI

Follow the steps presented below to configure WMI for remote access via DCOM.

Configure DCOM

WMI uses DCOM to handle remote calls. Therefore, DCOM should be accessible remotely for the specific user. Refer to Configuring DCOM for Remote Access for details.

WMI Namespace Access Settings

  • Go to Control Panel > Administrative Tools > Computer Management > Services and Applications.
  • Right-click WMI Control and select Properties.
  • Select the Security tab and click the Security button.
  • Add the monitoring user account and check all the needed permissions (including the Remote Enable).

Make sure that the security settings for WMI namespaces are inherited from Root. Alternatively, you can configure security for particular namespaces.

Allow WMI Through Windows Firewall

If the WMI server is running Windows Firewall, then you need to tell it to let remote WMI requests pass through. This can only be done from the command prompt:

netsh firewall set service RemoteAdmin enable

WMI Impersonation Rights

Start Group Policy Editor console by clicking Start, then Run, typing gpedit.msc, and then clicking OK. Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings. Expand Security Settings, expand Local Policies, and then select User Rights Assignment. Make sure that Impersonate a client after authentication rights is granted for SERVICE account.

Registry Permissions

Set full access permissions for the WMI monitoring user to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServersWinReg branch.

If WMI device synchronization with a Windows server fails with an Access Denied error, do the following on the remote machine:

  • Run Registry Editor ('regedit.exe').
  • Find registry key: 'HKEY_CLASSES_ROOTCLSID{76A64158-CB41-11D1-8B02-00600806D9B6}'.
  • Right-click it and select 'Permissions'.
  • Change key owner to 'administrators' group.
  • Give 'Full Control' permission for 'administrators' group.
  • Change key owner back to TrustedInstaller ("NT ServiceTrustedInstaller")
  • Repeat the above operations for all registry keys named {76A64158-CB41-11D1-8B02-00600806D9B6} (e.g. HKEY_LOCAL_MACHINESoftwareClassesWow6432NodeCLSID{76A64158-CB41-11D1-8B02-00600806D9B6} and all other). Those keys can be found by searching the registry.
  • Restart "Remote Registry" service.

Reinitializing WMI Provider to Get Access to Missing Information

In some rare cases WMI performance counters (this is known to happen with Microsoft Exchange 2003 counters) may not be available via WMI because WMI provider uses AutoDiscovery/AutoPurge (ADAP) to build its internal performance counter table. If the services providing the counters are not started when the WMI ADAP process is started, the performance counters are not transferred to WMI.

To work around this problem, you can run the wmiadap.exe /f command to force the transfer of all the performance libraries. To do this, follow these steps:

  • Click Start, click Run, type cmd, and then click OK.
  • At the command prompt, type wmiadap.exe /f, and then press ENTER.
  • Type exit, and then press ENTER to close the command prompt.

Was this page helpful?