wmi-firewall-exceptions.ps1

# http://msdn.microsoft.com/en-us/library/jj980508(v=winembedded.81).aspx
# http://wiki.splunk.com/Deploy:HOWTO_Enable_WMI_Access_for_Non-Admin_Domain_Users
# http://blogs.technet.com/b/ashleymcglone/archive/2011/04/18/powershell-remoting-exposed-how-to-command-your-minions.aspx

# disable Remote UAC:
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
# enable the Remote Administration exception:
netsh advfirewall set service RemoteAdmin enable
# enable WMI traffic at a command prompt by using a WMI rule:
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
# establish a firewall exception for DCOM port 135:
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
# establish a firewall exception for the WMI service:
netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
# establish a firewall exception for the sink that receives callbacks from a remote device:
netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
# establish a firewall exception for outgoing connections to a remote device that the local computer is communicating with asynchronously:
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any