Don't you love undocumented details? Take, for instance, the Windows Management Instrumentation service. This lets you query and control nearly any aspect of a Windows system. For instance, this morning I wanted to query the registry from VBScript. The line to get an object to query the registry goes something like this:
set reg = getobject("winmgmts:\\" & computerName & "\root\default:StdRegProv")
In most examples on the Web, computerName ends up being ".", the current computer. This works very well. But I didn't really want to query the registry on my own computer. I wanted to query the registry on 50 of a client's computers to audit the installation of a particular software package. Every workstation that I queried came back with error 462: "The remote server machine does not exist or is unavailable." Oddly, I could successfully connect to the registries on Windows 2003 and Windows 2000 Server systems.
Windows XP includes a command-line utility called reg which can query the registry on remote computers. It worked on all of the workstations. Why did it work when the line of script does not?
The reg utility does not use WMI. It opens a pipe called \\computerName\IPC$\winreg, then gets a query object from that pipe. All of the workstations run Windows XP Pro SP2 or Windows Vista Business with the firewall enabled. I have the firewall set to enable file sharing on all of the workstations, so the reg utility worked fine.
After a few hours of research, I found an MSDN Technet article entitled Enable or Disable the Remote Administration Exception which lists the following command:
netsh firewall set service type = remoteadmin mode = enable
Run this on each workstation, and it allows WMI to work through the firewall. You can also set a group policy. Open the appropriate policy and go to Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile. Open the properties for Windows Firewall: Allow remote administration exception and choose Enabled.
And that is today's implementation detail.
Thursday, January 24, 2008
Subscribe to:
Posts (Atom)