Windows WMI uses the RPC and DCOM subsystems in Windows. The ports that are used in WMI are auto-negotiated between hosts.
The following outlines instructions to limit the number of ports that DCOM will use.
Follow these instructions on each monitored host.
- Open regedt32.exe
- Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
- If there is no subkey titled “Internet”, create one.
- Inside the Internet key, create a REG_MULTI_SZ value named “Ports”. Each line of the Ports value should specify a range of ports available to DCOM. For this example, add a single line that reads “3000-3100”.
- Add a new REG_SZ value named “PortsInternetAvailable”, set it to “Y”
- Add a new REG_SZ value named “UseInternetPorts”, set it to “Y”
- Open up TCP port 135 to internal traffic. (It may also be necessary to open up UDP 135)
- Open up the DCOM port range (e.g. 3000-3100) to internal traffic.
See the following link for more information: