PDA

View Full Version : How to Fix WMI Remote Access (& Suggestion for D7)


NETWizz
11-16-2011, 02:54 PM
Shout Out... D7 is great.

Anyway, it does a fabulous job fixing WMI, but I have seen where I can connect to \root\cimv2 locally but cannot connect from ANY remote computer (using Active Directory Credentials).

The problem was that DCOM was not working; in fact, HKEY_LOCAL_Machine\SOFTWARE\Microsoft\Ole was missing this:

EnableDCOM REG_SZ Y


To the author that makes D7, your tool is fantastic, and I know it is intended for Computer Techs who generally deal with computers in workgroups, but someone might think they have a WMI issue when the repositories are okay, but DCOM is not enabled, so there is no Remote Access via the network.

Symptoms would be:
No Hardware/Software Inventory
Cannot Shutdown/Reboot remote computer via WMI
etc. etc. etc.

This article has the solution:
http://community.spiceworks.com/help/Troubleshooting_WMI

This one does too:
http://www.lansweeper.com/kb/WMI-Access-is-denied.aspx


Just thought I would point it out. Oh, and Lansweeper comes with an excellent "Connection Tester" that will test a WMI connection to a remote computer and report any problems.

dbdawn
11-16-2011, 04:22 PM
So is this the solution to the problem in your other thread here (http://www.technibble.com/forums/showthread.php?t=31907)?

NETWizz
11-16-2011, 07:26 PM
Yes it is. Four of those 5 systems were already re-imaged; since, it takes only about 15 minutes.

Today, I figured I may as well fix the last one... Sure enough it now scanned.

FoolishTech
11-16-2011, 08:48 PM
I've run into the DCOM issue before, when I used to work for a company that used Level Platforms, it utilized WMI to gather info on workstations and was more often than not, broken when we were first setting up LPI...

It's a good idea to add that fix to D7, I'll look into it.

Give me some time, I am moving this weekend and will be very busy!

FoolishTech
11-17-2011, 03:51 PM
Got the fixes added to D7's Repair WMI/WBEM (now with DCOM!) function.

Specifically, I added these fixes from info I gathered from the articles you provided:

Write Reg Values to HKLM\Software\Microsoft\Ole:


EnableDCOM - Y

(enables DCOM)

Write Reg Values to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\system:


LocalAccountTokenFilterPolicy - 1

(disables UAC on Vista/7 for the remote admin only, not local)

Write Reg Values to HKLM\SYSTEM\CurrentControlSet\Control\Lsa:


forceguest - 0

(equivalent of Start/run "secpol.msc" > Navigate to Local Policies\Security Options > Network Access: Sharing security model for local accounts - Set to Classic)

Delete Reg Values from HKLM\Software\Microsoft\Ole:


DefaultLaunchPermission
MachineAccessRestriction
MachineLaunchRestriction
LegacyImpersonationLevel

(removes any permissions for DCOM)

NETWizz
11-17-2011, 10:42 PM
Well, Thank You! Nice product by the way!

Joseph_
01-04-2012, 02:53 AM
thanks for sharing :D