Configuring Windows Management Instrumentation

Microsoft's Window Management Instrumentation (WMI) are conditions that consolidate the management of devices in a Microsoft Windows Network. Implementing WMI enables you to manage local and remote Microsoft Windows computers from a central server. EmpowerID uses WMI to manage windows services, application pools and file shares. This document provides instructions on how to configure WMI for use with EmpowerID.

Perform these procedures on any Microsoft Windows Servers that you wish to use to manage local users and groups.

To configure WMI

Step 1: Assign Distributed Component Object Model (DCOM) Permission

  1. Open Dcomcnfg.
  2. From the Console Root tree, navigate to Component Service > Computers > My Computer.
  3. Right-click My Computer and select Properties from the context menu.
  4. From the My Computer Properties window that opens, click the COM Security tab.
  5. In the Access Permissions pane, click Edit Limits.
  6. From the Access Permission window that appears, ensure the Everyone user group has Local Access and Remote Access permissions.
  7. Close the Access Permission window.
  8. Back in the My Computer Properties window, click Edit Limit in the Launch and Activation Permissions pane.
  9. From the Launch and Activation Permission window that appears, ensure the Everyone user group has both the Local Launch and Local Activation permissions.
  10. Close the Launch and Activation Permission window and then close the My Computer Properties window.
  11. Back in the Component Services (Dcomcnfg), click the DCOM Config node.
  12. Right-click Windows Management and Instruments and click Properties.

  13. From the Windows Management and Instrumentation Properties window that appears, click the Security tab.
  14. From the Launch and Activation Permissions pane, click the Edit button.
  15. From the Launch and Activation Permissions window that appears, ensure that the proxy account on the local machine has Local Launch, Remote Launch, Local Activation and Remote Activation permissions allowed.
  16. Click OK to close the Launch and Activation Permission window.
  17. Back in the Security tab of the Windows Management and Instrumentation Properties window, ensure Use Default is selected for Access Permissions.
  18. From the Security tab of the Windows Management and Instrumentation Properties window, click the Edit button in the Configuration Permissions pane.
  19. In the Change Configuration Permission window that appears, ensure that the proxy account on the local machine has Full Control, Read and Special permissions allowed.

Step 2: Assign Permission for the User to the WMI Namespace

  1. Open WMImgmt.msc.
  2. Navigate to the Properties of the WMI Control.
  3. Navigate to the Security tab.
  4. Select Root, open Security.
  5. Ensure the Authenticated Users has the Execute Methods, Provider Right, and Enable Account rights.
  6. Ensure Administrators have all permissions.

Step 3: Verify WMI Impersonation Rights

  1. Click Start.
  2. Click Run.
  3. Type gpedit.msc.
  4. Click OK.
  5. Under Local Computer Policy expand Computer Configuration expand Windows Settings.
  6. Expand Security Settings, expand Local Policies, click User Rights Assignment.
  7. Verify that the Service account is specifically granted Impersonate a client after authentication rights.

Additional Steps for Users on Microsoft Windows XP Only

Users who are operating the Windows XP OS will need to complete additional steps. The following link points to a support topic by Microsoft on how to set security in Windows XP Professional that is installed in a Workgroup.

https://support.microsoft.com/en-us/help/290403/how-to-set-security-in-windows-xp-professional-that-is-installed-in-a-workgroup