CODEWITHSUNDEEP
powershellwmi
Jeff
Jeff

Reputation: 4413

Specify port when calling WMI in powershell?

WMI queries run off port 135 (from what google tells me). Can you specify a different port when trying to do a WMI query?

Alternatively, can you use the system.managment.managementScope object and specify a port when connecting? Perhaps like this:

\\computername:port\root\cimv2\

If the answer to both of these is "no," then can you connect a different way and once connected, run a wmi query?

Reason for this question:

I have a mixed environment, and I need to query some servers behind a firewall. I cannot specify a timeout value for WMI queries, so I need a way to connect to these boxes without a new firewall rule.

Upvotes: 0

Views: 12237

Answers (1)

OneLogicalMyth
OneLogicalMyth

Reputation: 188

WMI uses port 135 to negotiate, then the DCOM selects a random port between 1024 and 65535. Making it hard to for a fixed port. Not very friendly for firewalls...

As a comment from Jeff, said above you have to tell the machine you are connecting to, to limit the port it uses.

In windows server 2003 you could not limit the port which was chosen, so for those I run my script on that server and then push the results back on known port. My script uses the standard SQL port as all information is stored on the database.

For windows server 2008 R2 you can limit the port it uses, this can be done by running the following on each server;

  1. At the command prompt, type winmgmt -standalonehost
  2. Stop the WMI service by typing the command net stop "Windows Management Instrumentation"
  3. Restart the WMI service again in a new service host by typing net start "Windows Management Instrumentation"
  4. Establish a new port number for the WMI service by typing netsh firewall add portopening TCP 24158 WMIFixedPort

Steps and more information can be found here (as Jeff gave): Setting Up a Fixed Port for WMI

Its not the best solution but the only one I know of, I have been building scripts for a large server environment for a long time now. The way I have always handled it is to have a script in each location (DMZ etc) and then push the data back on a known port.

I hope you find this useful.

Upvotes: 3

Related Questions