You are here: Home > Products > Network Inventory Explorer > User Manual > WMI Access Troubleshooting Guide

WMI Access Troubleshooting Guide

The network inventory program uses WMI (Windows Management Instrumentation) for accessing the remote computer's data directly, without installing additional software. You need administrative rights on remote computers and some specific security policy settings for successfully gathering data with WMI. The firewall can block WMI. Some versions of MS Windows do not support WMI. Please read the following topics carefully if you have difficulties with WMI operation.

1. If you cannot access WMI data on the remote computer please check the following possible causes


1.1. The remote computer is not online.

1.2. The service "Windows Management Instrumentation Driver Extensions" (or other WMI-related service, like RPC) has been disabled on the remote computer.
Windows NT, Windows 95, and Windows 98 do not support WMI. You can download and install WMI Core on such computers.
Learn more details about WMI support in various versions of Windows in the topics 1.7 and 2.1.

1.3. You do not have local Administrator rights on the remote computer.
You must have the rights of the domain administrator to be able to view information about users PCs.

1.4. A firewall is blocking access to the remote computer.
The remote computer's firewall should allow DCOM protocol (RPC - Remote Procedure Call) and remote computer management.
Learn how to configure a built-in Windows XP firewall for allowing DCOM in the topics 2.2-2.5.

1.5. Sharing and security model is set to "Guest only" (Windows XP, 2003).
On a Windows XP Pro or Windows 2003 Server computer, make sure that remote logons are not being coerced to the GUEST account (aka "ForceGuest", which is enabled by default on computers that are not attached to a domain). To do this, open the Local Security Policy editor (e.g. by typing 'secpol.msc' into the Run box, without quotes). Expand the "Local Policies" node and select "Security Options". Now scroll down to the setting titled "Network access: Sharing and security model for local accounts". If this is set to "Guest only", change it to "Classic" and restart the computer.

1.6. You are using a blank password (Windows XP).
In XP Professional, accounts with blank passwords can no longer be used to log on to the computer remotely over the network. Turn this restriction off in the Local Security Policy editor (bad idea) or cease using blank passwords.

1.7. Some connections between operating system versions are not supported:
  • You cannot connect to a computer that is running Windows XP Home Edition.
  • A computer running Windows NT cannot connect to an operating system later than Windows 2000, such as Windows XP or Windows Server 2003.
  • Accessing a Windows Server 2003 computer from Windows 98 or Windows 95 is not supported.
  • Windows 2000 computers must have Service Pack 2 installed to be able to connect to Windows XP and later operation systems.


  • 2. Configuring Windows for successful working with WMI


    2.1. Configure and launch WMI under Windows 95, Windows 98, Windows Me.
    The WMI application must be placed to the startup section, and DCOM connections must be enabled:
    a. In the registry, find the section HKLM\SOFTWARE\MICROSOFT\OLE and set the EnableDCOM value to "Y", and EnableRemoteConnect to "Y" (it is "N" by default).
    b. In the registry, find the section HKLM\SOFTWARE\Microsoft\wbem\cimom and set the AutostartWin9X value to "2". Set EnableAnonConnections to "1".
    c. Add a link to the Winmgmt.exe file into the Startup directory. The file is stored in the \Windows\WBEM folder.

    2.2. Allow for remote administration (Windows XP Guide).
    a. Click "Start", click "Run", type "gpedit.msc", and then click "OK".
    b. Under "Console Root", expand "Computer Configuration", expand "Administrative Templates", expand "Network", expand "Network Connections", expand "Windows Firewall", and then click "Domain Profile".
    c. Right-click Windows Firewall: Allow remote administration exception, and then click "Properties".
    d. Click "Enabled", and then click "OK".

    2.3. Grant DCOM Remote Launch permissions (Windows XP Guide).
    a. Click "Start", click "Run", type "DCOMCNFG", and then click "OK".
    b. In the "Component Services" dialog box, expand "Component Services", expand "Computers", and then expand "My Computer".
    c. On the toolbar, click the "Configure My Computer" button. The "My Computer" dialog box appears.
    d. In the "My Computer" dialog box, click the "COM Security" tab.
    e. Under "Launch and Activate Permissions", click "Edit Limits".
    f. In the "Launch Permission" dialog box, follow these steps if your name or your group does not appear in the "Groups or user names list":
      1) In the "Launch Permission" dialog box, click "Add".
      2) In the "Select Users", "Computers", or "Groups" dialog box, add your name and the group in the "Enter the object names to select" box, and then click "OK".
    g. In the "Launch Permission" dialog box, select your user and group in the "Group or user names" box. In the "Allow" column under "Permissions for User", select "Remote Launch", and then click OK.

    2.4. Open the DCOM port (Windows XP Guide).
    Before you enable ports in "Windows Firewall", make sure that the "Windows Firewall": Allow local port exceptions setting in "Group Policy" is enabled. To do this, follow these steps:
    a. Click "Start", click "Run", type "gpedit.msc", and then click OK.
    b. Under "Console Root", expand "Computer Configuration", expand "Administrative Templates", expand "Network", expand "Network Connections, expand "Windows Firewall", and then click "Domain Profile".
    c. Right-click "Windows Firewall": Allow local port exceptions, and then click "Properties".
    d. Click Enabled, and then click OK.

    Note: You can also use the "Windows Firewall: Define port exceptions" setting to configure local port exceptions.

    The DCOM port is TCP 135. To open the DCOM port, follow these steps:
    a. Click "Start", and then click "Control Panel".
    b. Double-click "Windows Firewall", and then click the "Exceptions" tab.
    c. Click "Add Port".
    d. In the "Name" box, type "DCOM_TCP135", and then type "135" in the "Port number" box.
    e. Click "TCP", and then click "OK".
    f. Click "OK".

    Note: You can also type the following command at a command prompt to open a port:
    netsh firewall add portopening TCP 135 DCOM_TCP135

    2.5. Add the program to the Windows Firewall Exceptions list (Windows XP Guide).
    Before you define program exceptions in "Windows Firewall", make sure that the "Windows Firewall": Allow local program exceptions setting in Group Policy is enabled:
    a. Click "Start", click "Run", type "gpedit.msc", and then click "OK".
    b. Under "Console Root", expand "Computer Configuration", expand "Administrative Templates", expand "Network", expand "Network Connections", expand "Windows Firewall", and then click "Domain Profile".
    c. Right-click "Windows Firewall": Allow local program exceptions, and then click "Properties".
    d. Click "Enabled", and then click "OK".

    Note: You can also use the "Windows Firewall: Define program exceptions" setting to configure local program exceptions.

    To add the program to the "Windows Firewall Exceptions" list, follow these steps:
    a. Click "Start", and then click "Control Panel".
    b. Double-click "Windows Firewall", and then click the "Exceptions" tab.
    c. Click "Add Program".
    d. Locate the file NetworkInventoryExplorer.exe (in the program folder, inside "Program Files"), and then click "OK".
    e. Click "OK".

    You can also type the following command at a command prompt to add a program to the Windows Firewall Exception list:
    netsh firewall add allowedprogram path_to_the_program_folder\NetworkInventoryExplorer.exe NetworkInventoryExplorer ENABLE

    2.6. WMI is broken.
    Sometimes, WMI stops working after a system update (on your or remote PC). If all computers are not polled from your PC via WMI, the problem is likely on your PC. If only some computers are not polled from your PC, WMI can be broken on those PCs. If WMI has stopped working try to fix it using the following instruction: How to fix broken WMI

     

    Learn more:

    Configuring WMI Access Remotely Using Group Policy
    WMI Polling Errors Displayed by the Program
    Frequently Asked Questions (FAQ)

     

    Related Links: