Windows Discovery: Does WinRM//WinRMs really requires only 1 firewall port open.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2025 05:47 AM
Hello wide team!
Accordingly to docs, using winrm (TCP 5985 ) or winrms (TCP 5986) requires only one port opening, right?
(ICMP Ping mandatory or not?)
So no TCP/135?
no WINS (legacy I confess)
no NETBIOS (legacy I confess)
Including in Shazaam?
Many thanks in advance for your experiences.
Cedric
Labels:
- Labels:
-
Discovery
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2025 09:40 PM
we are using wmi, so I cannot tell you about winrm, but for wmi is enough only 135 and ping is not mandatory.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-09-2025 11:31 PM
Thanks Doci1,
A colleage of mine told me 2 thinks this morning:
"I remember few years back when validating credentials, it was failing in environment wehere 135 was not opened, but this did not prevent successful discovery"
and also
"one thing to consider is wmi queries in powershell
get-wmiobject still uses wmi comms (135 and high ports) as far as I read, so these will probably fail. Not sure how about the recent patterns, tendency was to slowly replace these with cim instance calls, which goes via wirnm ports"
get-wmiobject still uses wmi comms (135 and high ports) as far as I read, so these will probably fail. Not sure how about the recent patterns, tendency was to slowly replace these with cim instance calls, which goes via wirnm ports"
=> Guess I have to review the patterns 😞
