Frequently Asked Questions.



Q: How to Connect with HARDiNFO to remote Windows Vista?

A:
Connecting to a remote computer running Windows Vista or Windows Server 2008 may require changes to settings for Windows Firewall, User Account Control (UAC), or DCOM.

Windows Firewall Settings

Starting with Windows Vista, WMI settings for Windows Firewall settings enable only WMI connections, rather than other DCOM applications as well.

An exception must be set in the firewall for WMI on the remote target computer. The exception for WMI allows WMI to receive remote connections and asynchronous callbacks to Unsecapp.exe. For more information, see Setting Security on an Asynchronous Call.

If a client application creates its own sink, that sink must be explicitly added to the firewall exceptions to allow callbacks to succeed.

The exception for WMI also works if WMI has been started with a fixed port, using the winmgmt /standalonehost command. For more information, see Setting Up a Fixed Port for WMI.

You can enable or disable WMI traffic through the Windows Firewall UI.

To enable or disable WMI traffic using firewall UI

  1. In the Control Panel, click Security and then click Windows Firewall.
  2. Click Change Settings and then click the Exceptions tab.
  3. In the Exceptions window, select the check box for Windows Management Instrumentation (WMI) to enable WMI traffic through the firewall. To disable WMI traffic, clear the check box.

You can enable or disable WMI traffic through the firewall at the command prompt.

To enable or disable WMI traffic at command prompt using WMI rule group

    • Use the following commands at a command prompt. Type the following to enable WMI traffic through the firewall.

      netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

      Type the following command to disable WMI traffic through the firewall.

      netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=no

Rather than using the single WMI rule group command, you also can use individual commands for each of the DCOM, WMI service, and sink.

To enable WMI traffic using separate rules for DCOM, WMI, callback sink and outgoing connections

  1. To establish a firewall exception for DCOM port 135, use the following command.

    netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135

  2. To establish a firewall exception for the WMI service, use the following command.

    netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any

  3. To establish a firewall exception for the sink that receives callbacks from a remote computer, use the following command.

    netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow

  4. To establish a firewall exception for outgoing connections to a remote computer that the local computer is communicating with asynchronously, use the following command.

    netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any

To disable the firewall exceptions separately, use the following commands.

To disable WMI traffic using separate rules for DCOM, WMI, callback sink and outgoing connections

  1. To disable the DCOM exception.

    netsh advfirewall firewall delete rule name="DCOM"

  2. To disable the WMI service exception.

    netsh advfirewall firewall delete rule name="WMI"

  3. To disable the sink exception.

    netsh advfirewall firewall delete rule name="UnsecApp"

  4. To disable the outgoing exception.

    netsh advfirewall firewall delete rule name="WMI_OUT"

User Account Control Settings

Starting with Windows Vista, under User Account Control (UAC) access-token filtering can affect which operations are allowed in WMI namespaces or what data is returned. Under UAC, all accounts in the local Administrators group run with a standard user access token, also known as UAC access-token filtering. An administrator account can run a script with an elevated privilege—"Run as Administrator".

When you are not connecting to the built-in Administrator account, UAC affects connections to a remote computer differently depending on whether the two computers are in a domain or a workgroup. For more information about UAC and remote connections, see User Account Control and WMI.

DCOM Settings

DCOM settings are unchanged in Windows Vista. For more information, see Securing a Remote WMI Connection. However, UAC affects connections for nondomain user accounts. If you connect to a remote computer using a nondomain user account included in the local Administrators group of the remote computer, then you must explicitly grant remote DCOM access, activation, and launch rights to the account.

 

 

  Q: I cannot connect with HARDiNFO Enterprise to remote computers running Windows 2000 or XP. Why?
 A: First make sure that you have administrator rights, the same user and password on all computers, and static IP addresses unless you have a DNS Server. If you did all this, but you still get the error message "Bad Namespace r User Account", then follow the steps below...
NOTE: This Windows problem has been solved in Windows XP SP2.

On each remote computer to which HARDiNFO cannot connect, you must make the following changes...

STEP 1 - Required only for WinXP



STEP 2 - Required only for WinXP




STEP 3 - Required for Win2000 and XP
Using Windows Explorer or My Computer, right-click on the c:\windows folder and select properties, you can also do this for the following folders c:\windows\system32 and c:\windows\system32\wbem


Now you should be able to connect to the remote computers using HARDiNFO. If you still have problems, please don't hesitate to contact us

 

 

IMPORTANT!
    If HARDiNFO still cannot connect to a remote computer and you get the error Bad User Name or Namespace, try to enter the the user name in this format \\computername\username or if you have a domain then you can enter the user name in this format domain\username or username@domain (note this last format cannot be used on Windows 2000). The remote computer must have a static IP address if a domain server is not available.

XP Service Pack 2 Note: You must disable the Firewall or enable the RPC ports. An alternative is to go to the command prompt and type this command line (on all remote computers): Netsh firewall set service RemoteAdmin
   
   If you cannot connect with HARDiNFO to other domains in a network with multiple domains then try to install HARDiNFO on the domain controller.

NOTE: If HARDiNFO cannot connect to local computer then please verify that the WMI services are running. You can start these services from Control Panel->Administrative Tools->Computer Management.



for more information please visit our support forum http://forum.usro.net


Copyright ©1998-2010 by Ultimate Systems, Inc. All Rights Reserved.