Reference Guide
Table Of Contents
- OpenManage Integration for Microsoft System Center Version 7.3 for Microsoft Endpoint Configuration Manager and System Center Virtual Machine Manager Security Configuration Guide
- Contents
- Tables
- PREFACE
- Security Quick Reference
- Product and Subsystem Security
- Miscellaneous Configuration and Management
● In PowerShell run the command: PSRemoting.
If the PSRemoting command is disabled, run enable the PSRemoting command using the following commands.
○ Run the command: Enable-PSRemoting.
○ In the confirmation message, type Y.
● In PowerShell, run the command: Get-ExecutionPolicy.
If the policy is not set to RemoteSigned, then set it to RemoteSignedusing the following commands.
○ Run the command: Set-ExecutionPolicy RemoteSigned.
○ In the confirmation message, type Y.
Configuring user access to WMI for MECM
To configure user access to WMI remotely:
About this task
NOTE: Make sure that firewall of the system does not block the WMI connection.
Steps
1. To access the Distributed Component Object Model (DCOM) remotely, provide permissions to the enrolled MECM user. To
grant user permissions for DCOM:
● Launch dcomcnfg.exe.
● From the left pane, in the Component Services console, expand Computers, right-click My Computer, and select
properties.
● On COM Security:
○ From Access Permissions, click Edit Limits and select Remote Access.
○ From Launch and Activation Permission, click Edit Limits and select Local Launch, Remote Launch, and Remote
Activation.
2. To access the DCOM Config Windows Management and Instrumentation (WMI) components, provide user permissions to
the enrolled user. To grant user permissions for DCOM Config WMI:
● Launch dcomcnfg.exe
● Expand My Computer > DCOM Config.
● Right- click Windows Management and Instrumentation and select Properties.
● On Security, from Launch and Activation Permission, click Edit and select the Remote Launch and Remote Activation
● Permissions
3. Set the namespace security and grant permissions. To set namespace security and grant permissions:
● Launch wmimgmt.msc.
● In WMI Control pane, right-click WMI Control, select Properties, and then select Security.
● Navigate to ROOT\SMS Namespace.
● Select the Execute Methods, Provider Write, Enable Account, and the Remote Enable permissions.
● Navigate to Root\cimv2\OMIMSSC.
● Select the Execute Methods, Provide Write, Enable Account, and the Remote Enable permissions .
Alternatively, the Configuration Manager user becomes a member of the SMS_Admin group, and you can grant Remote
Enable to the existing permissions of the group.
24
Miscellaneous Configuration and Management