Scanning Prerequisites

     

    For a successful discovery, the target workstation should be ping-able from the ServiceDesk Plus MSP server using the name which the ServiceDesk Plus MSP discovers. In case of Non-English Operating System, TCP port 7 has to be opened in the firewall.

    In ServiceDesk Plus MSP, the scanning for Windows Workstation is done using WMI (Windows Management Instrumentation) and does not involve any client side software installed in the host.

     

    Windows Management Instrumentation (WMI) is an interface which allow management information to be shared between management applications so that the data from any source can be accessed in a common way.

    The accessibility of the data using WMI is been controlled by the RPC and DCOM settings.

     

     

    RPC (Remote Procedure Call)

     

    RPC (Remote Procedure Call) dynamic port allocation instructs the RPC program to use a particular random port above 1024 and the static TCP ports 135 and 445. Customers using firewalls may want to control the ports which RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (TCP) ports.

     

    Opening of all these ports above 1024 might not be feasible. However, you can restrict the usage of these random port to some specific ports (say 5000, 5001, 5002) by adding manually into the Registry Editor for REG_MULTI_SZ value. Once these ports are been added in the registry, you have to open the TCP ports including 135 and 445.

    In case of Windows Firewall, the Remote Administration for the administrators in each workstation has to be enabled.

     

     

    DCOM (Distributed Component Object Model)

     

    WMI has default impersonation, authentication, and authentication service (NTLM or Kerberos) settings that the target computer requires. For this, ensure that the correct DCOM (Distributed Component Object Model) settings and WMI namespace security settings are enabled for the connection. You can configure DCOM settings for WMI using the DCOM Config utility (DCOMCnfg.exe) found in Administrative Tools in Control Panel. This utility exposes the settings that enable certain users to connect to the computer remotely through DCOM. Members of the Administrators group are allowed to remotely connect to the computer by default. With this utility you can set the security to start, access, and configure the WMI service.

     

    Configuring RPC and DCOM settings

     

    Setting up the RPC and DCOM settings in each target workstation are not so easy. You can run the scripts provided here to set the default RPC and DCOM settings required by WMI. 

     

    A. For Windows Firewall and DCOM option 

    1. Download the file scan_setup.txt

    2. Copy the file as "scan_setup.vbs" in the target workstation.

    3. Execute the script using Cscript from command prompt as follows:  
      DIR_OF_SCRIPT_FILE> CSCRIPT scan_setup.vbs

    4. Restart the Workstation.

    NOTE: This script can also be configured as Logon Script in the Domain Controller, to configure Firewall for all computers in the domain.  

     

    B. For Configuring your Router/Firewall (To restrict WMI ports)

     

    As mentioned above one random port will be chosen by the OS above 1024 for WMI requests. This range can be minimized by modifying the System Registry. Given below is the procedure to modify the registry using a script.

    1. Download the file wmi_port_setup.txt

    2. Copy the file as "wmi_port_setup.vbs" in the target workstation.

    3. Edit the script and specify the range of port that will be opened in the Firewall for WMI.

    4. Execute the script using Cscript from command prompt as follows:
      DIR_OF_SCRIPT_FILE> CSCRIPT wmi_port_setup.vbs

    5. Restart the Workstation.

    6. Open the Ports configured using the script in the Firewall.

     

    Zoho Corp. All rights reserved.