Scribd Logo
Upload

Welcome to Scribd!

  • 7 views

    Apply GPO for MAP Tool Ver 3.2

    Uploaded by

    Amr Awad
    Apply GPO for MAP Tool Ver 3.2

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Apply GPO for MAP Tool Ver 3.2

    Uploaded by

    Amr Awad
    7 views13 pages
    Apply GPO for MAP Tool Ver 3.2

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Apply GPO for MAP Tool Ver 3.2

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    7 views13 pages

    Apply GPO for MAP Tool Ver 3.2

    Uploaded by

    Amr Awad
    Apply GPO for MAP Tool Ver 3.2

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 13

    Apply GPO for Software Asset Management

    Contents
    Create Group Policy and Assign it ................................................................................................................. 2
    Apply Services Start Action Settings: ............................................................................................................ 3
    Configure WinRM Service ............................................................................................................................. 5
    Apply Firewall Rule Settings: ......................................................................................................................... 7
    Apply Settings for MGADiag Tool: .............................................................................................................. 12
    GP Settings for MAP Tool

    Create Group Policy and Assign it


    1. Open Group Policy Management Console form Administrative Tools
    2. Right click Group Policy Object and select new

    3. Create a new GPO and name it “SAM FW Rule”


    4. From Group Policy Management Console select OUs that contain target Computers  right click
    and select link and existing GPO  choose “SAM FW Rule”.
    5. The role will be applied to target computers object next time of GPO interval apply.

    EBLA Computer Consultancy 2


    GP Settings for MAP Tool

    Apply Services Start Action Settings:


    1. Go to Computer Configuration  Preferences  Control Panel Settings  Services  right click
     and select new Service

    2. Set the following settings to the service


    a. Start Up: Automatic
    b. Service Name: Remote Registry
    c. Service Action: Start Service
    d. Then select Ok
    3. Repeat same steps for Windows Management Instrumentation
    a. Start Up: Automatic
    b. Service Name: Windows Management Instrumentation
    c. Service Action: Start Service
    d. Then select Ok
    4. Repeat same steps for Windows Remote Management (WS-Management)
    a. Start Up: Automatic
    b. Service Name: WinRM
    c. Service Action: Start Service
    d. Then select Ok

    EBLA Computer Consultancy 3


    GP Settings for MAP Tool

    EBLA Computer Consultancy 4


    GP Settings for MAP Tool

    5. Close the GPO you have just created.

    Configure WinRM Service


    1. Go to Computer Configuration  Polices  Administrative Templates  Windows Components
     Windows Remote Management (WinRM)  WinRM Service.
    2. From the right side select Allow automatic configuration of listeners (Server 2008 R2 and later).
    Or Allow Remote Server management through WinRM (Server 2012), and type * as snapshot
    below.

    EBLA Computer Consultancy 5


    GP Settings for MAP Tool

    3. From the right side select Allow Basic authentication configuration  Enable and OK
    4. From the right side select Allow CredSSP authentication  Enable and OK
    5. From the right side select Allow unencrypted traffic  Enable and OK
    6. From the right side select Turn on Compatibility HTTP Listener  Enable and OK
    7. From the right side select Turn on Compatibility HTTPS Listener  Enable and OK

    EBLA Computer Consultancy 6


    GP Settings for MAP Tool

    Apply Firewall Rule Settings:


    1. Right click the new “SAM FW Rule” and select Edit
    2. Go to Computer Configuration  Polices  Administrative Templates  Network  Network
    Connection  Windows Firewall  Domain Profile & Standard Profile

    3. From the right side select Windows Firewall: Allow Inbound File and Print sharing exception.
    Enable the policy and type the IP Address of the PC that has MAP tool installed. “Replace
    XX.XX.XX.XX with the IP address of machine running MAP tool”

    EBLA Computer Consultancy 7


    GP Settings for MAP Tool

    4. From the right side select Windows Firewall: Allow ICMP Exception.
    5. Enable the policy and select allow inbound echo request

    6. From the right side select Windows Firewall: Define inbound port exception. Enable the policy
    and select show to put the values for required MAP tool ports as snapshot below:

    EBLA Computer Consultancy 8


    GP Settings for MAP Tool

    135:TCP:*:Enabled:135 Port Enabled


    139:TCP:*:Enabled:139 Port Enabled
    445:TCP:*:Enabled:445 Port Enabled
    5985:TCP:*:Enabled:5985 Port Enabled
    137:UDP:*:Enabled:137 Port Enabled
    138:UDP:*:Enabled:138 Port Enabled

    7. From the right side select Windows Firewall: Allow inbound remote administration exception Enable
    the policy and type the IP Address of the PC that has MAP tool installed. “Replace XX.XX.XX.XX with
    the IP address of machine running MAP tool”

    EBLA Computer Consultancy 9


    GP Settings for MAP Tool

    Apply Firewall Rule Settings:


    8. Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall
    with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules node.
    9. Right-click in the working area and choose New Rule>Predefined option, and select Windows
    Management Instrumentation (WMI ) from the drop-down list, Next. Then select all as snapshot

    EBLA Computer Consultancy 10


    GP Settings for MAP Tool

    below.

    10. Allow the connection > Finish.


    11. Right-click in the working area and choose New Rule>Predefined option, and select Windows
    Remote Management from the drop-down list, Next. Then check all Rules, Next.
    12. Right-click in the working area and choose New Rule>Predefined option, and select Windows
    Remote Management (Compatibility) from the drop-down list, Next. Then check all Rules, Next.
    13. Allow the connection > Finish.
    14. You can confirm the 14, 15, 16, 17 and 18 steps as snapshot below.

    15. For checking if GP applied to target PC, open any PC that exist under target Computers  open
    Control Panel  open Windows Firewall  on the left side select advance settings
    16. Under inbound rules you should find the rules created applied.
    17. Open Services Console and check the status of remote registry, WMI status and WinRM.

    EBLA Computer Consultancy 11


    GP Settings for MAP Tool

    Apply Settings for MGADiag Tool:

    1. Create a share on a file server.


    2. Make sure Everyone has at least MODIFY access to that share.
    3. Note the name of the server and the name of the share.
    4. Copy the script file SAMSoftwareInventory-V2.vbs to the domain controller, that provided with
    the SAM Engineer
    5. Then go to Computer Configuration  Polices  Windows Setting  Scripts. Double click
    Startup to open the dialog to enter script details.
    6. Click add after clicking the Startup scripts dialog, Click Add, and Browse.
    7. After copying the script to the GPO location, before closing the file dialog, right click on the file
    and select edit, Scroll down in the file until you see the strServerPATHvariable and modify with
    your file share.

    8. Then save file and click ok.

    EBLA Computer Consultancy 12


    GP Settings for MAP Tool

    9. Then click Ok.

    EBLA Computer Consultancy 13

    You might also like