Enable client accessibilityfor MPA Tools

Computer Uptime MPA Tools

Enable the WMI Firewall Rules for Client Accessibility in MPA Tools

In this post, we will show you how to enable the WMI Firewall Rules for Client Accessibility in MPA Tools.
After installing MPA Tools, you may find that there is no connectivity to your Windows clients. If this is happening in your environment, then you may need to check that the firewall rules for Windows Management Instrumentation (WMI) are enabled on your client computers. In this post, we would demonstrate how to enable the WMI Firewall Rules for MPA Tools client accessibility using the following methods:

What is WMI?

Windows Management Instrumentation (WMI) is Microsoft’s implementation of the Web-Based Enterprise Management (WBEM) initiative for supported Windows platforms. WBEM is an industry-wide initiative to develop management infrastructure standards to access and combine information from various hardware and software management systems in an enterprise IT environment. WMI is the Microsoft infrastructure for management data and operations on Windows-based operating systems. The ability to obtain management data from remote computers is what makes WMI useful.

What happens when the WMI firewall rules are disabled?

In MPA Tools, when trying to retrieve information about a Windows client, you may see a red status icon for the client accessibility (as shown below). When the WMI rules are disabled, MPA Tools will be unable to retrieve any management data from the client and all the client fields will not be populated with any information.

How to confirm if the WMI firewall rules are disabled?

On the Windows client, go into the system settings and search for “firewall” and then select Windows Defender Firewall.
A screenshot of a computer Description automatically generated

Under Windows Defender Firewall, on the left-hand side menu, select Advanced Settings.

A screenshot of a computer Description automatically generated

The Windows Defender Firewall with Advanced Security management console will appear. Select the Inbound rules. Then scroll down (near to the bottom) and check the status of the firewall rules within the group “Windows Management Instrumentation (WMI)”. If the “Enabled” status is set to No (and if there is no green check icon), then the firewall rules are disabled.
A screenshot of a computer Description automatically generated

Enabling the WMI firewall rules

The WMI firewall rules can be easily enabled on the client by selecting all of the firewall rules within the group “Windows Management Instrumentation (WMI)”. Then in the Action menu on the right-hand side, select Enable Rule.

Using the netsh advfirewall command

The WMI firewall rules can also be enabled using the following Windows command. For multiple clients, it may be easier to deploy this command remotely with PsExec or SCCM. Alternatively, you could deploy a PowerShell script to enable the WMI firewall rules on multiple computers. For more information, see the links below (at the bottom of the post).

Run cmd.exe as an administrator and execute the following command to enable all the firewall rules within the group “Windows Management Instrumentation (WMI)”.

netsh advfirewall firewall set rule group=”Windows Management Instrumentation (WMI)” new enable=yes

Important: This command cannot be deployed to the clients using MPA Tools because unfortunately these firewall rules need to be enabled for MPA Tools to be able to execute the remote command. Without the WMI firewall rules enabled, the command will just time out.

A screenshot of a computer Description automatically generated

After executing the command, we can see that 8 rules are enabled with an “Ok” result. This indicates that the 6x inbound WMI firewall rules + the 2x outbound WMI firewall rules were enabled.

A screenshot of a computer Description automatically generated

Confirm in the Windows Defender Firewall with Advanced Security management console, that all the firewall rules within the group “Windows Management Instrumentation (WMI)” are enabled and have a green check icon next to them.

Important: You will notice that the results of the netsh advfirewall command above shows 8 rules “OK”, which means that this command is enabling the 2x outbound WMI firewall rules as well as the 6x inbound rules (as shown below).

MPA Tools only needs the 6x inbound WMI firewall rules to be enabled. Depending on the security policy for your environment you may not want to enable the 2x outbound WMI firewall rules. In which case, we would recommend using the PowerShell method below.

Using PowerShell

Open a PowerShell ISE or PowerShell window as an administrator and execute the following script snippet to check if the inbound firewall rules within the group “Windows Management Instrumentation (WMI)” are enabled.

$GroupName = “Windows Management Instrumentation (WMI)”
Get-NetFirewallRule -Direction Inbound -DisplayGroup $GroupName | Select Name,DisplayName,DisplayGroup,Enabled,Profile,Direction,Action

If the enabled status for each firewall rule in the group shows as False then the rule is disabled.

A screenshot of a computer program Description automatically generated

Use the following script snippet to enable the inbound firewall rules within the group “Windows Management Instrumentation (WMI)”. You will notice that in the script, we are specifying the “-Direction Inbound” parameter, which ensures that we are targeting only the inbound firewall rules.

$NetFirewallRuleList = Get-NetFirewallRule -Direction Inbound -DisplayGroup “Windows Management Instrumentation (WMI)”

ForEach ($NetFirewallRule in $NetFirewallRuleList) { Enable-NetFirewallRule -Name $NetFirewallRule.Name }

The enabled status for each firewall rule in the group should now show as True.

Once the firewall rules have been enabled, open MPA Tools. Select the relevant client and on the client properties page, click the properties refresh button.

A screenshot of a computer Description automatically generated

MPA Tools should now be able to retrieve management data from the client and all the client fields will start to be populated with the relevant data. The status icon for the client accessibility should now be green (as shown below).

If you would like to learn how to enable the WMI firewall rules using Intune, SCCM or Group Policy, then have a look at the below posts for more information:

 Hope this helps anyone who has experienced any challenges with client accessibility in MPA Tools. Remember if you encounter any issues, please reach out to us for support.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This