cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 8

Using RPC during device scan

Jump to solution

Hello Thwack team,

In my lab, I have free IPMonitor 10.9.1 running on Windows Server 2012R2.  Service runs as Local System.  Target is a Windows 10 Home PC.  No domains, just straight Workgroup.  I can use WMI Explorer 2.0 and connect via RPC to target when I specify a local administrator.  In IPM, I created a credential with that local administrator information.  When I try and add the Windows 10 Home as a new device, I scan the IP with the IPM credentials.  IPM tries for a while but just comes back with PING and some other metric. 

I then tried to just create a monitor and bypass a device scan.  I used CPU and said use RPC.  Gave it IP and credentials and it immediately came back with

No CPUs were found at "192.168.111.22". To resolve this issue, ensure that:

The IP Address / Domain Name, UDP Port and Community Name are entered correctly.

A firewall is not blocking access to the remote device.

Like I said - WMI Explorer works just fine.  I've addressed firewall.

Any help would be appreciated.

J

0 Kudos
1 Solution
Level 8

I found the answer for my situation.

  1. It seems device scan will use WMI/RPC when you specify a credential.  (Solarwinds please correct me on this)
  2. Since I'm using Workgroups, authentication is performed locally.
    • To use local administrator "Admin", you must prefix with .\     so .\Admin
  3. I knew firewalls would need attention.  In my case it's Norton so just create a Norton firewall rule to allow your IPM server access.
  4. Finally, this is Windows 10 Home which has a greatly reduced functionality.  You must enable a locval policy.
    • In this case the policy is LocalAccountTokenFilterPolicy
    • I did this by running this command as administrator:  winrm quickconfig
    • C:\WINDOWS\system32>winrm quickconfig

    • WinRM is not set up to receive requests on this machine.

    • The following changes must be made:

    • Start the WinRM service.

    • Set the WinRM service type to delayed auto start.

    • Make these changes [y/n]? y

    • WinRM has been updated to receive requests.

    • WinRM service type changed successfully.

    • WinRM service started.

    • WinRM is not set up to allow remote access to this machine for management.

    • The following changes must be made:

    • Enable the WinRM firewall exception.

    • Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

    • Make these changes [y/n]? y

    • WinRM has been updated for remote management.

    • WinRM firewall exception enabled.

    • Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

I'm now able to add WMI monitors from my IPM server to my Windows 10 Home PCs.

J

View solution in original post

0 Kudos
1 Reply
Level 8

I found the answer for my situation.

  1. It seems device scan will use WMI/RPC when you specify a credential.  (Solarwinds please correct me on this)
  2. Since I'm using Workgroups, authentication is performed locally.
    • To use local administrator "Admin", you must prefix with .\     so .\Admin
  3. I knew firewalls would need attention.  In my case it's Norton so just create a Norton firewall rule to allow your IPM server access.
  4. Finally, this is Windows 10 Home which has a greatly reduced functionality.  You must enable a locval policy.
    • In this case the policy is LocalAccountTokenFilterPolicy
    • I did this by running this command as administrator:  winrm quickconfig
    • C:\WINDOWS\system32>winrm quickconfig

    • WinRM is not set up to receive requests on this machine.

    • The following changes must be made:

    • Start the WinRM service.

    • Set the WinRM service type to delayed auto start.

    • Make these changes [y/n]? y

    • WinRM has been updated to receive requests.

    • WinRM service type changed successfully.

    • WinRM service started.

    • WinRM is not set up to allow remote access to this machine for management.

    • The following changes must be made:

    • Enable the WinRM firewall exception.

    • Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

    • Make these changes [y/n]? y

    • WinRM has been updated for remote management.

    • WinRM firewall exception enabled.

    • Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

I'm now able to add WMI monitors from my IPM server to my Windows 10 Home PCs.

J

View solution in original post

0 Kudos