Home > Developer > Windows

How to solve WMI problems in Windows

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

How to solve WMI problems in Windows XP SP2

Article No.: 875605-view all products used in this article | close all this page
  • Summary
  • Introduction
    • WMI problems in Windows XP SP2
    • Allow Remote Management
    • Grant DCOM remote start permission
    • Open DCOM Port
    • Add the client application to the Windows Firewall exception list
    • Example
  • Reference
  • Attribute
  • Provide feedback
& Amp; lt; style & amp; gt;. tocTitle, # tocDiv {display: none ;}& amp; lt;/style & amp; gt; Summary Some security lock changes in Microsoft Windows XP Service Pack 2 (SP2) may cause issues related to Windows Management Instrumentation (WMI), which may be particularly serious in remote solutions. For example, Windows Firewall in Windows XP SP2 is enabled by default. In addition, the DCOM restrictions in Windows XP SP2 are different from those in earlier Windows versions.Back to the top | provides feedback on security changes. When you access WMI in Microsoft Windows XP SP2, you may receive an "access denied" error message. If an asynchronous query is used, a non-Windows XP SP2-based computer may also be accessed from a Windows XP SP2-based computer. Back to the top | provide feedback on solving WMI-related problems in Windows XP SP2

When you solve WMI-related problems, you must first determine whether the problem is local or remote. Therefore, try to access WMI locally to eliminate the possibility of network failure. If the problem persists when you access WMI locally, it indicates that the problem is irrelevant to the security change in Windows XP SP2.
If no problem occurs when accessing WMI locally, it indicates that the problem may be related to Windows Firewall and DCOM. To perform remote WMI operations from computer A to computer B, you must establish a dcom connection from computer A to computer B on computer B, you must configure Windows Firewall and DCOM to allow this connection. If the WMI operation is synchronous or semi-synchronous, only one connection is required. However, if the WMI operation is asynchronous, another connection from computer B to computer A is required.

Collapse the image and expand the image.

To establish connection 1 between computer A and computer B, follow these steps:

  1. If Windows Firewall is enabled on computer B, the "Windows Firewall: Allow Remote Management exceptions" setting should be enabled. By default, Windows Firewall is enabled in Windows XP SP2.
    For more information about how to enable this setting, see allow remote management.
  2. If the user who sends the remote request is not an administrator, make sure that the user has the DCOM remote start permission on computer B.
    For more information, see granting DCOM remote start permissions.

Connection 2 is required only when asynchronous WMI operations are used. We recommend that you use semi-sync as much as possible. This has little impact on performance. The semi-sync operation can achieve the same effect without the need for reverse connections.
To use asynchronous operations, follow these steps:

  1. If Windows Firewall is enabled on computer A, open the DCOM port. By default, Windows Firewall is enabled in Windows XP SP2.
    For more information about how to open the DCOM port, see open the DCOM port section.
  2. On computer A, add the client application to the Windows Firewall exception list so that reverse connections can be completed.
    Client Applications are often Unsecapp.exe applications. The Unsecapp.exe application is used to send the result back to the client in a process. The process may not have the permission to become a DCOM Service. Scripts and Microsoft. NETSystem. ManagementThe namespace must rely on the Unsecapp.exe application to receive the results of asynchronous operations.
    For more information about how to add client applications to the Windows Firewall exception list, see add client applications to the Windows Firewall exception list section.
  3. If the reverse connection is created as an anonymous connection, grant the remote start permission in DCOM to the Anonymous Logon account on computer. When the following conditions are met, the reverse connection will be created as an anonymous connection:
    • Computer B is a member of a working group.
    • Computer B is not in the same domain as computer A, and the domain where computer B is located is not A trusted domain.

    For more information, see granting DCOM remote start permissions.

  4. Make reverse connections as secure as possible. For more information, visit the following Microsoft Developer Network (MSDN) Website: http://msdn2.microsoft.com/en-gb/library/aa393614.aspx

    Http://msdn2.microsoft.com/en-gb/library/aa393614.aspx)
Allow Remote Management
  1. Click Start, click Run, type gpedit. msc, and click OK ".
  2. Under "console root directory", expand "Computer Configuration", "management template", "network", "network connection", and "Windows Firewall" in sequence ", click "Domain Configuration File ".
  3. Right-click Windows Firewall: Allow Remote Management of exceptions, and then click Properties ".
  4. Click "enabled", and then click "OK ".
Grant DCOM remote start permission
  1. Click Start, click Run, type DCOMCNFG, and click OK ".
  2. In the "component service" dialog box, expand "component service" and "computer", and then expand "my computer ".
  3. On the toolbar, click "Configure My Computer.
    The "my computer" dialog box is displayed.
  4. In the "my computer" dialog box, click the "COM Security" tab.
  5. Under "Start and activate Permissions", click "Edit limits ".
  6. In the "launch permission" dialog box, if your name or your group is not displayed in the "Group or user name" list, follow these steps:
    1. In the "launch permission" dialog box, click "add ".
    2. In the "Select User, computer, or group" dialog box, add your name and group to the "Enter object name to select" box, and then click "OK ".
  7. In the "Start permission" dialog box, select your users and groups in the "Group or user name" box. In the "allow" column under "User Permissions", select "remote start" and click "OK ".
Open DCOM Port

Before enabling ports in Windows Firewall, make sure that the "Windows Firewall: Allow local port exceptions" setting is enabled in group policy. To do this, follow these steps:

  1. Click Start, click Run, type gpedit. msc, and click OK ".
  2. Under "console root directory", expand "Computer Configuration", "management template", "network", "network connection", and "Windows Firewall" in sequence ", click "Domain Configuration File ".
  3. Right-click Windows Firewall: Allow local port exceptions, and then click Properties ".
  4. Click "enabled", and then click "OK ".

Note:: You can also use the "Windows Firewall: Define port exceptions" setting to configure local port exceptions.
DCOM port: TCP 135. To open the DCOM port, follow these steps:

  1. Click Start, and then click Control Panel ".
  2. Double-click "Windows Firewall" and click the "exceptions" tab.
  3. Click Add port ".
  4. In the Name box, type DCOM_TCP135, and then type 135 in the port number box.
  5. Click TCP, and then click OK ".
  6. Click OK ".

Note:: You can also enter the following command at the command prompt to open a Port:

Netsh firewall add portopening[TCP/UDP][Port][Name]Add the client application to the Windows Firewall exception list

Before defining program exceptions in Windows Firewall, make sure that the "Windows Firewall: Allow local program exceptions" setting is enabled in the Group Policy:

  1. Click Start, click Run, type gpedit. msc, and click OK ".
  2. Under "console root directory", expand "Computer Configuration", "management template", "network", "network connection", and "Windows Firewall" in sequence ", click "Domain Configuration File ".
  3. Right-click Windows Firewall: Allow local program exceptions, and then click Properties ".
  4. Click "enabled", and then click "OK ".

Note:: You can also configure local program exceptions using the "Windows Firewall: Define program exceptions" setting.
To add client applications to the Windows Firewall exception list, follow these steps:

  1. Click Start, and then click Control Panel ".
  2. Double-click "Windows Firewall" and click the "exceptions" tab.
  3. Click Add program ".
  4. Find the application you want to add and click OK ".
  5. Click OK ".

Note:: You can also enter the following command at a command prompt to add the program to the Windows Firewall exception list:

Netsh firewall add allowedprogram[<Path> \ ProgramName][ENABLE/DISABLE]Example

When you try to connect Msinfo32.exe to a remote computer running Microsoft Windows XP SP2, you will receive the following error message:

The connection Computer nameCocould not be established. Check to see that the network path name is correct, that you have sufficient permission to access Windows Management Instrumentation, and that Windows Management Instrumentations is installed on the computer.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to solve asvab math problems how to solve functions in math how to solve nan error in javascript how to solve error 404 in php how to solve cryptogram how to solve cryptoquip how to solve http status 404 error in tomcat

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More