Ask the Community
Groups
Configure GPO to Allow WMI access to all workstations in a Domain Environment - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>Make sure you are editing your group policy object from a Windows 7 or Server 2008 R2 machine to ensure you are editing the policy with the same client-side extension present.</p> <p>1. Open up Group Policy Management on your domain controller.<br><img alt="" src="https://rapidfiretools.desk.com/customer/portal/attachments/429295" class="embedImage-img importedEmbed-img"></img><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/f41013b3-8fba-418d-8de2-2241f5de3a90/gpo%20icon.bmp" class="embedImage-img importedEmbed-img"></img><br><br> 2. Edit the group policy object you wish to put these settings into or create a new one.<br><img alt="" src="https://rapidfiretools.desk.com/customer/portal/attachments/429299" class="embedImage-img importedEmbed-img"></img><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/a3de3471-8e1a-4102-9a18-39f2ac157daf/edit%20GPO.bmp" class="embedImage-img importedEmbed-img"></img><br><br> 3. Right Click the new GPO, click Edit, and Expand the Computer Config > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules node.<br><img alt="" src="https://rapidfiretools.desk.com/customer/portal/attachments/429303" class="embedImage-img importedEmbed-img"></img><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/b2b75981-0b4e-49e0-b06c-b7c8b5253db1/expand%20GPO.bmp" class="embedImage-img importedEmbed-img"></img></p> <p>4. Right-click in the working area and choose New Rule...</p> <p><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/adfbf5d7-eca7-472c-a768-2aef25f81adc/working%20area.bmp" class="embedImage-img importedEmbed-img"></img></p> <p>5. Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, Next.</p> <p><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/bcfac706-0421-44a3-8ad5-f1f03c962c51/new%20inbound%20rule.bmp" class="embedImage-img importedEmbed-img"></img><br><img alt="" src="https://rapidfiretools.desk.com/customer/portal/attachments/429306" class="embedImage-img importedEmbed-img"></img></p> <p>6. There are a number of options here, but I tend to just select (WMI-In) and (DCOM-In) option with the Domain profile value. If you aren't sure what you need, then just remember you can come back and add the others later. Next button.</p> <p><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/7bd40b99-3c0f-4450-95f9-e8228f7e9e6e/chose%20profile.bmp" class="embedImage-img importedEmbed-img"></img><br><img alt="" src="https://rapidfiretools.desk.com/customer/portal/attachments/429308" class="embedImage-img importedEmbed-img"></img><br><br> 7. Allow the connection > Finish.</p> <p><img alt="" src="https://hf-files-oregon.s3.amazonaws.com/hdprapidfiretools_kb_attachments/2019/01-03/ebddd4c5-0992-4c81-9f4a-fbf3cc7b2dd9/allow%20connection.bmp" class="embedImage-img importedEmbed-img"></img><br><img alt="" src="https://rapidfiretools.desk.com/customer/portal/attachments/429309" class="embedImage-img importedEmbed-img"></img><br><br> 8. Link the GPO to the desired OU containing your Workstations and or Servers</p> </article> </main>