Configure a device for remote management (Industry 8.1)
June 2, 2016
Learn how to configure your Windows Embedded 8.1 Industry (Industry 8.1) device to enable remote management.
If you have trouble getting Embedded Lockdown Manager (ELM) to remotely connect to your device, you may have to configure your device for remote management. If your device is joined to a domain, some or all of the following configurations may already be configured through Group Policy settings.
Configure a device for remote management
To enable remote management by using a local administrator account
Sign in to the device with an administrator account.
Set the following registry key to disable User Account Control remote restrictions:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system]"LocalAccountTokenFilterPolicy"=dword:00000001
For more information about how to change this registry key, see Description of User Account Control and remote restrictions and How to change the Remote UAC LocalAccountTokenFilterPolicy registry setting.
Restart your device.
To enable Windows Management Instrumentation (WMI) traffic through a firewall
On the Start menu, right-click Command Prompt and then click Run as administrator.
To establish a Windows Firewall exception for WMI traffic, type the following command:
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
Important
When running ELM on an OS that uses a language other than English, use the localized group name.
(Optional) If ELM displays an error message that WMI did not respond or failed to connect, you can use individual commands for DCOM, WMI service, callback sink, and outgoing connections to enable WMI traffic.
To establish a Windows Firewall exception for DCOM port 135, type the following command:
netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
To establish a Windows Firewall exception for the WMI service, type the following command:
netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any
To establish a Windows Firewall exception for the sink that receives callbacks from a remote computer, type the following command:
netsh advfirewall firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
To establish a Windows Firewall exception for outgoing connections to a remote computer that the local computer is communicating with asynchronously, type the following command:
netsh advfirewall firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
For more information about how to enable WMI traffic, see Connecting to WMI Remotely on MSDN.
Important
The WMI service cancels Lockdown feature tasks when there is insufficient physical memory available. To resolve this issue, read the KB article.