The Sam360 Management Point gathers inventory from remote devices by querying the WMI and/or Remote Registry services on the device to be scanned. The scan performance can be improved if ‘File Sharing’ is also enabled and available on the target device.

The services used during the scan process use the following ports by default.

Service Port
WMI 135
Remote Registry 139
File Sharing 139 & 445

 

In certain circumstances access to these ports may be blocked by Windows Firewall on the target device. This can slow down the scan process, reduce the amount of data that can be collected or even result in a failed scan. If the target devices are part of a Windows domain, it’s possible to remotely update the Windows Firewall configuration to facilitate the scan process using Group Policy.

To update Windows Firewall to enable WMI and File Sharing access using Group Policy

  1. Log on to a domain controller or any device with Windows Group Policy Management Editor installed
  2. Launch Group Policy Management Console (Also known as GPMC) by pressing the Windows logo key + R to open the RUN dialog box. Type gpmc.msc in the text box, and then click OK or press ENTER.
  3. Expand the target Forest & Domain and select which Group Policy should be updated with the Firewall configuration updates. Selecting ‘Default Domain Policy’ will usually ensure that the update will be applied to all devices on the domain.
  4. Right Click the appropriate Policy and click Edit to launch the Group Policy Management Editor
  5. Expand the Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules node.
  6. Click Action, then New Rule
  7. Choose the Predefined option, select Windows Management Instrumentation (WMI) from the drop-down list and click Next.
  8. Select Windows Management Instrumentation (WMI-In), Next
  9. Click ‘Allow the Connection’, Finish.
  10. Click Action, then New Rule
  11. Choose the Predefined option, select File and Printer Sharing from the drop-down list and click Next.
  12. Select File and Printer Sharing (NB-Session-In) and File and Printer Sharing (SMB-In), Next
  13. Click ‘Allow the Connection’, Finish.
  14. Close the Group Policy Management Console

The policy will generally be applied to all active targeted devices within 24 hours and access to the WMI, Remote Registry and File Sharing services no longer be blocked by Windows Firewall.

Rate This Article :

Leave A Comment

Partner First

Enabling data driven IT projects

Get Support

    support@sam360.com
    Mon-Fri: 09:00 – 18:00 UTC
  • +353 1 566 6390‬

Find Us

NCI Research Centre, IFSC Dublin 1, Ireland
Go to Top