1 Reply Latest reply on Sep 6, 2019 9:00 PM by slim724

    Using RPC during device scan

    slim724

      Hello Thwack team,

       

      In my lab, I have free IPMonitor 10.9.1 running on Windows Server 2012R2.  Service runs as Local System.  Target is a Windows 10 Home PC.  No domains, just straight Workgroup.  I can use WMI Explorer 2.0 and connect via RPC to target when I specify a local administrator.  In IPM, I created a credential with that local administrator information.  When I try and add the Windows 10 Home as a new device, I scan the IP with the IPM credentials.  IPM tries for a while but just comes back with PING and some other metric. 

       

      I then tried to just create a monitor and bypass a device scan.  I used CPU and said use RPC.  Gave it IP and credentials and it immediately came back with

       

      No CPUs were found at "192.168.111.22". To resolve this issue, ensure that:

      The IP Address / Domain Name, UDP Port and Community Name are entered correctly.

      A firewall is not blocking access to the remote device.

       

      Like I said - WMI Explorer works just fine.  I've addressed firewall.

       

      Any help would be appreciated.

       

      J

        • Re: Using RPC during device scan
          slim724

          I found the answer for my situation.

           

          1. It seems device scan will use WMI/RPC when you specify a credential.  (Solarwinds please correct me on this)
          2. Since I'm using Workgroups, authentication is performed locally.
            • To use local administrator "Admin", you must prefix with .\     so .\Admin
          3. I knew firewalls would need attention.  In my case it's Norton so just create a Norton firewall rule to allow your IPM server access.
          4. Finally, this is Windows 10 Home which has a greatly reduced functionality.  You must enable a locval policy.
            • In this case the policy is LocalAccountTokenFilterPolicy
            • I did this by running this command as administrator:  winrm quickconfig
            • C:\WINDOWS\system32>winrm quickconfig

            • WinRM is not set up to receive requests on this machine.

            • The following changes must be made:

            •  

            •  

            • Start the WinRM service.

            • Set the WinRM service type to delayed auto start.

            •  

            •  

            • Make these changes [y/n]? y

            •  

            •  

            • WinRM has been updated to receive requests.

            •  

            •  

            • WinRM service type changed successfully.

            • WinRM service started.

            • WinRM is not set up to allow remote access to this machine for management.

            • The following changes must be made:

            •  

            •  

            • Enable the WinRM firewall exception.

            • Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

            •  

            •  

            • Make these changes [y/n]? y

            •  

            •  

            • WinRM has been updated for remote management.

            •  

            •  

            • WinRM firewall exception enabled.

            • Configured LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.

           

          I'm now able to add WMI monitors from my IPM server to my Windows 10 Home PCs.

           

          J