For a successful discovery, the target workstation should be ping-able
from the ServiceDesk Plus server using the name which the ServiceDesk
Plus discovers. In case of Non-English Operating System, TCP
port 7 has to be opened in the firewall.
Windows Management Instrumentation
(WMI) is an interface
which allow management information to be shared between management applications
so that the data from any source can be accessed in a common way.
RPC (Remote Procedure Call)
RPC (Remote Procedure Call) dynamic port allocation instructs the RPC program to use a particular random port above 1024 and the static TCP ports 135 and 445. Customers using firewalls may want to control the ports which RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (TCP) ports.
Opening of all these ports above 1024
might not be feasible. However, you can restrict the usage of these random
port to some specific ports (say 5000,
by adding manually into the Registry
Editor for REG_MULTI_SZ
value. Once these ports are been added in the registry, you have to open
the TCP ports including 135 and 445.
DCOM (Distributed Component Object Model)
WMI has default impersonation, authentication, and authentication service (NTLM or Kerberos) settings that the target computer requires. For this, ensure that the correct DCOM (Distributed Component Object Model) settings and WMI namespace security settings are enabled for the connection. You can configure DCOM settings for WMI using the DCOM Config utility (DCOMCnfg.exe) found in Administrative Tools in Control Panel. This utility exposes the settings that enable certain users to connect to the computer remotely through DCOM. Members of the Administrators group are allowed to remotely connect to the computer by default. With this utility you can set the security to start, access, and configure the WMI service.
Setting up the RPC and DCOM settings in each target workstation are not so easy. You can run the scripts provided here to set the default RPC and DCOM settings required by WMI.
A. For Windows Firewall and DCOM option
NOTE: This script can also be configured as Logon Script in the Domain Controller, to configure Firewall for all computers in the domain.
B. For Configuring your Router/Firewall (To restrict WMI ports)
As mentioned above one random port will be chosen by the OS above 1024 for WMI requests. This range can be minimized by modifying the System Registry. Given below is the procedure to modify the registry using a script.