Monday, August 1, 2011

Change TCP Port Range for DCOM with WMI

WMI - Windows Management Instrumentation - is used by many different type of applications for different purposes but most recently our team used it for an application to monitor file integrity on servers for PCI compliance requirement. The software we used for file integrity monitoring is called nCircle File Integrity Monitor (nFIM) from nCircle. As a security measure we decided to use non-default range of ports for WMI and DCOM.  I was tasked to make WMI work with dynamic ports since nFIM utilizes DCOM to connect to a range of TCP ports. Here is how we made it work for each server.

1. Log on to the server in question
2. Go to Administrative Tools
3. Click on Component Services
4. Expand Component Services tree until My Computer
5. Right click my computer and go the tab shown in the image below
Click on image for full view

You can further narrow down the security for DCOM by specifying trusted endpoints as shown in the image below.
Click on image for full view