Windows Discovery: Does WinRM//WinRMs really requires only 1 firewall port open.

Cedric Creton
Tera Expert

Hello wide team!

 

Accordingly to docs, using winrm (TCP 5985 ) or winrms (TCP 5986) requires only one port opening, right?

(ICMP Ping mandatory or not?)

So no TCP/135?

no WINS (legacy I confess)

no NETBIOS (legacy I confess)

 

 

Including in Shazaam?

 

Many thanks in advance for your experiences.

 

Cedric

2 REPLIES 2

Doci1
Kilo Sage

we are using wmi, so I cannot tell you about winrm, but for wmi is enough only 135 and ping is not mandatory.

Cedric Creton
Tera Expert

Thanks Doci1,

A colleage of mine told me 2 thinks this morning:

"I remember few years back when validating credentials, it was failing in environment wehere 135 was not opened, but this did not prevent successful discovery"
 
and also
 
"one thing to consider is wmi queries in powershell
get-wmiobject still uses wmi comms (135 and high ports) as far as I read, so these will probably fail. Not sure how about the recent patterns, tendency was to slowly replace these with cim instance calls, which goes via wirnm ports"
 
=> Guess I have to review the patterns 😞