Embotics® vCommander® uses Microsoft’s Windows Management Instrumentation (WMI) protocol to retrieve information about installed software and services during Guest OS Scans, and to run workflow steps.

To do so, vCommander logs into localhost and uses it as a proxy to connect to Windows guests. When unable to connect using localhost as a proxy, vCommander falls back to attempting to login to guests directly using the credentials you have configured in Embotics vCommander.

This means that you must configure both the Windows firewall on the vCommander application server and the guests to allow these connections. Follow the process below to do so, depending on your operating system.

Important: Remember when creating or enabling rules for the Windows Firewall that you must activate the rules for the correct firewall profile. For more information on firewall profiles, refer to the Microsoft documentation.

Windows 2012, 2008 R2, 2008 and 7

---

You will create a custom rule in the Windows Firewall.

1. Log in as Administrator and issue the command wf.msc from the Start menu. For Windows 2012, issue the command from the powershell prompt.
2. In the left-hand pane, select Inbound Rules under Windows Firewall with Advanced Security.
3. In the Actions pane, click New Rule.
4. Choose Custom and click Next.
   
   
5. Leave All programs selected and cick Next.
   
   
6. Set Protocol Type to TCP. Set Local Port to RPC Dynamic Ports. Click Next.
   
   
7. On the Scope page, you can restrict the rule to particular local or remote IPs. If you restrict the rule for local IPs, you must make sure this is the address vCommander will use to perform the Guest OS scan, or it will fail. If you are a high-security environment, restrict the rule to the vCommander server address as the allowed remote IP. Click Next.
   
   
8. Leave Allow the connection selected and click Next.
   
   
9. Choose the profiles for which the rule will be enabled, and click Next.
   
   
10. Provide a meaningful Name and Description and click Finish.
    
    

Windows 2003

---

The Windows Firewall included with Server 2003 does not include a predefined rule that is suitable for enabling Guest OS scanning by vCommander. Follow the process below to configure the rule using the command line.

1. Log in to the VM using the Administrator account.
2. Click Start > Run and enter cmd. Click OK.
   
   
   
3. From the command prompt, execute the command:
   netsh firewall set service RemoteAdmin enable

   

Configuring Firewalls from Other Vendors

---

If you have firewalls or other security software installed on either the vCommander server or the Windows guests you wish to scan, please contact the vendor providing the details for the Windows firewall as described above. The vendor’s support team or documentation will cover establishing equivalent rules that will allow the scanning to complete successfully.

See Also

---

• Configuring Windows for Guest OS Scans and Workflow Steps Using Group Policy
• Guest OS Scans and/or Steps Fail After Embotics vCommander™ Service Account Change
• Auditing Guest OS Scan Failures