This article provides step-by-step instructions on how to enable the necessary network settings for optimum Network Discovery results. These include:
- GPO Configuration for Windows Firewall (Inbound Rules)
- Domain configuration for allowing ICMP
- GPO Configuration for Windows Services
- Third-party Firewalls
GPO Configuration for Windows Firewall (Inbound Rules)
Allow Windows Management Instrumentation (WMI) service to operate through Windows
Firewall
This includes the following rules:
- Windows Management Instrumentation (ASync-In)
- Windows Management Instrumentation (WMI-In)
- Windows Management Instrumentation (DCOM-In)
Step 1. On the domain controller, go to Group Policy Management and edit the Default Domain Policy.
Step 2. Under Computer Configuration, navigate to Policies > Windows settings > Security settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound rules > right-click and select New rule.
Step 3. Under the Rule Type window, select Predefined: Windows Management Instrumentation (WMI), then click Next.
Step 4. Under Rules, select all three then click Next:
Step 5. On the next page, select Allow the Connection, then click on Finish.
Domain Configuration
Allow ICMP (Internet Control Message Protocol) to operate through Windows Firewall
Step 1. Go to Group Policy Management and edit the Default Domain Policy.
Step 2. Under Computer Configuration, navigate to Policies > Windows settings > Security settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound rules > right-click and select New rule.
Step 3. In the Rule Type window, select Custom rule > Next.
Step 4. In the Program window, select All programs, then click Next.
Note: In order to use This program path, you will need to white-list all of the .exe files from all Atera's packages (these can be found under C:\Program Files\ATERA Networks\AteraAgent\Packages).
Step 5. Select ICMPv4 as the Protocol type and click on Next.
Step 6. Under the Scope window, select Any IP address for both sections, then click on Next.
Step 7. Under Action, select Allow the connection > Next.
Step 8. Under Profile, select the relevant option according to the endpoints' network (you can select all three), then click on Next.
Step 9. Add a name for the rule and a description (optional) and save it by clicking on Finish.
In the end, this is how the ICMP & WMI rules should look like.
GPO Configuration for Windows Services
The following four services need to be set up on Automatic startup:
- Remote procedure call (RPC)
- Remote Registry
- Windows Management Instrumental
- Windows update
Step 1. On the domain controller, go to Group Policy Management and edit the Default Domain Policy.
Step 2. Under Computer Configuration navigate to Policies > Windows Settings > Security Settings > System Services.
Step 3. Right-click on each service > Properties > Check Define this policy settings > Automatic > click OK.
Third-Party Firewalls
Make sure third-party firewalls are disabled or configured similarly to Windows Firewall as above.
Note: By default, the computer Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes. In addition to background updates, the Group Policy for the computer is always updated when the system starts. Therefore, you will need to allow the GPO to update, then you can run a scanning through Network Discovery.