Welcome to Little-dixie Q&A, where you can ask questions and receive answers from other members of the community.

How do I set up WMI on the computer for spiceworks?

0 votes
asked Jan 16, 2013 in Wireless At The Library by kgarnett (950 points)

1 Answer

0 votes
How I set up target computers (desktops, laptops and servers) to be discovered by SpiceWorks using WMI. This SBS covers Windows XP SP2 or higher, Windows Vista, Windows 7, Server 2003 and Server 2008. I will modify later if I find I am missing something. This is a Step-By-Step document created by Paul Luciano, MCSE.

 

** NOTE **

In sections 2 and 3, I have broken the steps down for different operating systems. Please pay attention so you use the correct steps corresponding to the operating system you are using.

 

1.           

Admin ID

TARGET: All Operating Systems

 

1. Set up an administrator ID that will be used on all computers in the network. This will have local (or domain) administrator and WMI rights.

2. Ensure that the ID and PW are entered into SpiceWorks

 

2.           

Allow Ping

TARGET: XP, Vista, 7 and Server 2008

 

Ping the target computer from a remote PC. If the ping fails (ERROR: Request timed out), follow these steps.

 

Windows XP

1. Click Start

2. Click Control Panel

3. Double-click Windows Firewall

4. Click the Advanced tab

5. Click the Settings… button under ICMP

6. Check the Allow incoming echo request checkbox

7. Click OK three times

 

Windows 7

1. From the Start menu, search for Windows Firewall with Advanced Security.

2. Click it to bring up the application.

3. From the left pane, click Inbound Rules.

4. In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).

5. Right-click each rule and choose Enable Rule.

 

Windows Server 2008

1. Click Start

2. Click Control Panel

3. Double-click Administrative Tools

4. Double-click Windows Firewall with Advanced Security

5. From the left pane, click Inbound Rules.

6. Find the rule File and Printer Sharing (Echo Request – ICMPv4-In)

7. Right-click the rule and choose Enable Rule.

8. Close the window

 

3.           

Enable Group Policy

TARGET: All Operating Systems

 

You need to set a policy on the computer to allow access

 

Windows XP, Server 2003, Vista, 7

1. Click start

2. Click run

3. Type mmc

4. I clicked on "File" then "Add/Remove Snap-in".

5. I clicked on the "Add" button.

6. I selected "Group Policy Editor" and clicked on "Add".

7. Click Finish

8. Click Close

9. Click Close

10. Navigate to here:

 

Console Root

|- Local Computer Policy

|- |- Computer Configuration

|- |- |- Administrative Templates

|- |- |- |- Network

|- |- |- |- |- Network Connections

|- |- |- |- |- |- Windows Firewall

|- |- |- |- |- |- |- Standard Profile *

 

11. Double click on "Windows Firewall: Allow remote administration exception"

12. Set the configuration to "Enabled"

13. Type localsubnet in the "Allow unsolicited incoming messages from" field

14. Click OK

15. Click Start

16. Click Run

17. Type cmd and press Enter

18. Type gpupdate and press enter

19. You should see the following:

 

C:\Documents and Settings\Administrator>gpupdate

Refreshing Policy...

 

User Policy Refresh has completed.

Computer Policy Refresh has completed.

 

* Under Windows Firewall there is also Domain Profile. It is possible you can use either or both. I used Standard Profile and it worked.

 

Windows Server 2008

1. Follow steps 1 through 10

2. Step 11, double-click on Windows Firewall: Allow inbound remote administration exception

3. All steps after are the same

 

4.           

Link Admin ID to WMI Control

TARGET: All Operating Systems

 

1. Click Start

2. Enter compmgmt.msc in the search field

3. The Computer Management screen appears

4. Expand Services & Applications

5. Click on WMI Control

6. Right-click and choose Properties

7. Select the Security tab

8. Highlight Root

9. Click the Security button

10. Add the ID mentioned in PART ONE

11. Grant the ID Allow permissions for EM, FW, PW, PrW, EA, RE, RS and ES

12. Click the OK button

13. Click the OK button

 

NOTE: I have been liberal with granting permissions to a local admin ID. You should modify the settings to suit your own network security needs.

 

5.           

Link Admin ID to DCOM

TARGET: All Operating Systems

 

1. Click Start

2. Enter dcomcnfg.exe in the search field

3. Expand Component Services

4. Expand Computers

5. Right-click on My Computer

6. Choose Properties

7. Click on the Default Properties tab

8. Check the Enable Distributed…computer checkbox

9. Check the Enable COM…computer checkbox

10. Verify the Default Authentication Level: is set to Connect

11. Verify the Default Impersonation Level: is set to Identify

12. Click the Apply button

13. Click on COM Security tab

14. Click the Edit Limits… button under Launch and Activation Permissions

15. Add the ID mentioned in PART ONE

14. Grant the ID Allow permissions for LL, RL, LA and RA

15. Click the OK button

16. Click the OK button

 

NOTE: I have been liberal with granting permissions to a local admin ID. You should modify the settings to suit your own network security needs.

 

NOTE: I have received this popup: Windows Security Alert – Do you want to keep blocking this program? Microsoft Management Console. I click the Unblock button.

 

NOTE: For Windows 7 and Server 2008, I received this message after step 12. Click Yes.

 

You are about to modify machine wide DCOM settings, this will effect all the applications on the machine, some applications may not work correctly as a result. Update DCOM settings?

 

6.           

Local Security Policy

TARGET: XP only

 

1. Click Start

2. Enter secpol.msc in the search field

3. This will open up the Local Security Policy window.

4. Click Local Policies

5. Click Security Options

6. Scroll down to Network Access

7. Choose “Sharing and security model for local accounts"

8. This should be set to "Classic-local users authenticate as themselves"

9. Click OK

10. Exit Local Policy

 

7.           

Disable UAC

TARGET: Vista and 7 only

 

1. Click Start

2. Type UAC in the Search programs and files field

3. Click on the "Change User Account Control Settings" link

4. Move the slider to the Never notify position

5. Click OK

6. If prompted to restart, do not, we will restart later

 

8.           

Restart the Computer

TARGET: All operating systems

 

Restart the computer for all changes to take effect

 

9.           

Test the Connection

NOTE: Use this code until you are shown a serial number (or the word None)

 

1. Click Start

2. Enter cmd in the search field

3. Enter the following at the c:\> prompt

 

wmic /user:[username] /password:[password] /node:[IP address or hostname] systemenclosure get serialnumber

 

[username] is the admin ID we set on each computer

[password] is the admin ID password we set on each computer

[IP address or hostname] is the FQDN or the IP address of the target computer

 

e.g. wmic /user:administrator /password:secretpassword /node:192.168.2.100 systemenclosure get serialnumber

 

4. Press the Enter button

 

Result should be:

 

SerialNumber

None (or the actual computer serial number – like Dell service tag)

 

10.        

Network Scan in Spiceworks

1. Log into Spicworks

2. Click the Settings hyperlink

3. Click the Network Scan hyperlink

4. Enter the scan range in the Scan Entries section if you have not done already.

5. Add the Windows account mentioned in Step 1 if you have not done already.

6. Click the Start Network Scan hyperlink

7. The computer should be discovered properly by SpiceWorks
answered Jan 16, 2013 by kgarnett (950 points)
...