1

I know when I use spicework to scan my computer is use windows, I know the 135 port is open,any other port open when I use the spicework to scan the pc?

1 Spice up
2

135 is the WMI port. WMI must be opend to scan Windows and the hardware.

In my network I succeded with these commandos.

Win7 (use CMD as administrator=

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

netsh advfirewall firewall set rule group=“windows management instrumentation (wmi)” new enable=yes

netsh firewall set service type=remoteadmin mode=enabledministration" new enable=yes

netsh advfirewall firewall set rule group=“remote administration” new enable=yes

WinXP (CMD as Administrator)

reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v ForceGuest /t REG_DWORD /d 0 /f

netsh firewall set service remoteadmin enable

netsh firewall set service remoteadmin enable subnet

Have fun

1 Spice up
3

I want to to via group poicy to enable the firewall policy but fail to apply, any idea of this problem?

4

in the policy of our domain I have following settings. I have a german server so I don’t know exactly the English path.

Computer Configuration\admin\Network\Network Connection\WindowsFirewall\Domain\

allow incoming port → 135 WMI, 22 SSH

allow remote administration → your ip network.

The other settings from above comment I have use for our outside locations without domain.

1 Spice up
5

Hi there,

Take a look at this article: http://community.spiceworks.com/help/Inventory_WMI

It should go over all the basics of WMI, DNS, and firewall configuration to allow Spiceworks to scan Windows machines on your network.