Allow WMI/PowerShell Remote Access on a Device (Standard 8)
7/8/2014
Learn how to allow WMI and Powershell remote access on your Windows Embedded 8 Standard (Standard 8) device.
For VAMT 3.0 to activate a device remotely, the device must have Windows Management Instrumentation (WMI) and Windows PowerShell enabled for remote access. For more information, see Configure Client Computers.
Prerequisites
- Your device has Windows Embedded 8 Standard (Standard 8) installed.
- You have administrator user rights to your device.
To enable WMI/PowerShell remote access on a device
If your device is in a workgroup, you may need to disable Remote UAC. Open a command prompt with administrator user rights and type the following to disable Remote UAC:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
Type the following to enable the Remote Administration exception:
netsh advfirewall set service RemoteAdmin enable
Type the following to enable WMI traffic at a command prompt by using a WMI rule:
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Type the following to establish a firewall exception for DCOM port 135:
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
Type the following to establish a firewall exception for the WMI service:
netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
Type the following to establish a firewall exception for the sink that receives callbacks from a remote device:
netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
Type the following to establish a firewall exception for outgoing connections to a remote device that the local computer is communicating with asynchronously:
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any