1

I have a Windows Server 2012 R2 virtual machine with two network interfaces. I would like to be able to query WMI on one interface and block all WMI request on the other. So far, no matter what I've tried, Windows firewall will either block both interfaces or neither.

I've tried using the sources tab on the firewall rule named "Windows Management Instrumentation (WMI-In)" to specify a local address. I've also tried using PowerShell Set-NetFirewallInterfaceFilter to specify only a single interface.

I've used Wireshark to verify that the traffic is going to the expected IP addresses. I've been testing the wmi connectivity by using the PowerShell command gwmi -computername 172.16.136.x win32_computersystem

Improve this question
6
  • What network profile and firewall profile is the server using for both interfaces? Try enabling the firewall rule for the appropriate network/firewall profile and disabling for the other. Commented Aug 16, 2016 at 17:57
  • Thanks. I gave that a try, but since the server is joined to the domain it doesn't appear that I can change the network profile of the interface. When I tried, I received the error: Set-NetConnectionProfile : Unable to set the NetworkCategory due to one of the following possible reasons: not running PowerShell elevated; the NetworkCategory cannot be changed from 'DomainAuthenticated'; user initiated changes to NetworkCategory are being prevented due to the Group Policy setting 'Network List Manager Policies'. Commented Aug 16, 2016 at 18:33
  • Isn't one network profile listed as Domain and the other listed as Public or Private? Commented Aug 16, 2016 at 18:42
  • No, they are both listed as domain. When I execute Get-NetConnectionProfile | ft InterfaceAlias, NetworkCategory both interfaces have the NetworkCategory of DomainAuthenticated . Both of these interfaces are on the same network. Commented Aug 16, 2016 at 19:00
  • I see. Why is the server dual-homed on the same network? Commented Aug 16, 2016 at 19:21

1 Answer 1

Reset to default
1

if your network interfaces and their corresponding network adapters happen to have a one-to-one relationship, then yes you can restrict WMI to a given interface.

I'm not sure how this might be accomplished by PowerShell cmdlets but given how wildly diverse the terminology and consequently sparse the documentation can be from Microsoft regarding "the PowerShell way" (which I happen to be a massive fan of regardless of critique), I would research later. You can accomplish what you want via GUI (firewall.cpl) with the advanced dialog box.

See the screenshot for how to accomplish this:firewall with advanced security control panel applet

For a given network profile, assuming you have configured the governing profile to your specification, you could simply check the boxes to administratively enable/disable as-needed.

Cheers!

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.