Windows WMI uses the RPC and DCOM subsystems in Windows. The ports that are used in WMI are auto-negotiated between hosts. In order to effectively use WMI between fire walled hosts, you can limit the number of ports used by the DCOM subsystem and only open those ports.
The following outlines instructions to limit the number of ports that DCOM will use.
Follow these instructions on each monitored host.
- Open regedt32.exe
- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
- If there is no subkey titled “Internet”, create one.
- Inside the Internet key, create a REG_MULTI_SZ value named “Ports”. Each line of the Ports value should specify a range of ports available to DCOM. For this example, add a single line that reads “3000-3100”.
- Add a new REG_SZ value named “PortsInternetAvailable”, set it to “Y”
- Add a new REG_SZ value named “UseInternetPorts”, set it to “Y”
- Open up TCP port 135 to internal traffic. (It may also be necessary to open up UDP 135)
- Open up the DCOM port range (e.g. 3000-3100) to internal traffic.
See the following link for more information: