Ik wilde via een script WMI aanroepen op een van de ISA 2004 Servers maar dat werd uiteraard geblokkeerd. Na wat zoeken op Google, kwam ik de onderstaande oplossing tegen. Deze oplossing werkt perfect.

1.First you need to make explicict range form dcom high ports you can use via in the registry (see
Edit the Ports multi-string to your liking. I use 5000-5100, this should be fine amount for a non application server.(see kb above)
Ports 5000-5100 (multi-string)

2. create two basic custom protocols for SMB and dcom,
445 tcp outbound
445 udp send
(no related application filters ticked!)

135 tcp outbound
5000-5100 tcp outbound
(no related application filters ticked!)

3. create the rule, allow, source = trusted admin/monitor box(es), destination localhost, protocols: cust_smb, cust_dcom, all users

4. Edit the System policy
Untick the ‘enable’ for Microsoct Management Console, you don’t need it now because we have created a better rule for our trusted box(es) ( note having this ticked will create a hidden rule that can break wmi scripts and alike).
Untick the ‘force strict rpc compliance’ option for Active Dicrectory
Click ok, apply new configuration, restart the isa server

Je kunt ook de onderstaande reg file gebruiken i.p.v. stap 1 uit te voeren.


Windows Registry Editor Version 5.00




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.