Using the Windows Powershell Script for Remote WMI Access

Document created by Dave Murphy Employee on Jul 20, 2017Last modified by Jijius Jabez on Aug 11, 2017
Version 2Show Document
  • View in full screen mode

The Windows Powershell script configures a Windows Server 2008 machine for Remote WMI/DCOM Communication with CloudTest. This script adds exceptions in the Windows Firewall for the following services:

  • COM+ Network Access
  • Remote Administration
  • Windows Management Instrumentation (WMI)

CloudTest uses the default RFC port range of 49157-49256. Additionally, a Windows registry key is changed by this script.

To change this port range, or to learn more about the Windows Registry key, refer to Customizing the Powershell Scriptbelow. If the changes above are acceptable, use the instructions in the following section to get started.

 

Running the Powershell Script
  1. While logged on as an Administrator, start the Powershell application from the Start Menu in Windows server 2008.
  2. Execute the command on the right from the Powershell command line.

Set-ExecutionPolicy unrestricted

  1. Next, execute the command on the right substituting the actual user name.  

     

.\configureRemoteDCOM.ps1 <username>

Customizing the Powershell Script
    • The Windows Powershell script modifies the Windows Registry to restrict RPC Dynamic Port allocation to a specific 100 (minimum) port range. The Windows Powershell Script opens a default CloudTest port range of "49157-49256". In order to communicate with the RFC Server, ports for this range are opened in the Windows Firewall.

If this port range isn't acceptable, change the following script variables to the desired value before running the script:

$rpcPorts = "49157-49256"
$portStart = 49157
$portEnd = 49256

 

This range must be higher than 5000 as ports below 5000 might already be in use by some other application.

 

    • The Windows Powershell script also changes the ownership of a necessary registry key from Trusted Installer to the Administrators group, since this task cannot be performed by CloudTest itself. Thus, the Windows Powershell script checks if Windows Server 2008 R2 is running and, if yes, changes the ownership of this key to the "Administrators" group.

Note: In Windows Server 2008 R2, the default owner of the registry key:

 

HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}
is "Trusted Installer".

Subsequently, the script sets up the registry key:

HKEY_CLASSES_ROOT\CLSID\{76A64158-CB41-11D1-8B02-00600806D9B6}

to allow access to the Root/CIMV2 namespace of WMI.

  • Finally, the script sets up Remote DCOM Communication and WMI Access Permissions for the provided username in the Windows Registry. Refer to Securing a Remote WMI Connection for additional information about WMI remotes.

 

Next Steps

 

Attachments

    Outcomes