Remote Installation Prerequisites
Table of Contents
This document is a comprehensive list of the remote installation prerequisites you'll need for Network Discovery.
Overview
If you have experience and are well-versed in network monitoring and management, here's the overview of what you need to do:
- You've entered valid domain admin credentials in the discovery profile with remote access rights,
- A domain controller is available on the network you've specified in the profile, and
- The target devices are domain-joined and the RPC port 135 is open. One way to accomplish this is by adding WMI to the “Allow apps to communicate through Windows Defender Firewall” list.
Detailed Remote Installation Prerequisites
To be able to install the Syncro agent remotely, you'll need to ensure the following prerequisites.
Remote Machine Requirements
- The remote machine is accessible by IP address.
- Remote machine admin’s credentials are provided.
- The remote machine’s operating is Windows.
Configure User Permissions
- User is a member of the Administrator and Distributed COM Users groups.
- DCOM (for remote WMI access) is enabled (Run dcomcnfg from the Run dialog. Navigate to Component Services > Computers > My Computer). Right-click My Computer and select Properties. Go to the Default Properties tab).
- Enable Distributed COM on the remote computer is checked.
- Default Authentication Level is set to Connect.
- Default Impersonation Level is set to Identify or higher.
See also: Configure User Permissions.
WMI & RPC Requirements
- Verify the WMI service is running.
- RPC service is running.
- WMI and RPC are allowed in the Firewall rules.
Detailed Instructions
Verify the WMI Service is Running
To verify that the WMI service is running, follow these steps:
- Log in to the VM.
- Open the Services application (services.msc).
- Locate Windows Management Instrumentation.
- Ensure the service is running. If not, start it and set its Startup type to Automatic.
Configure the Firewall for WMI
To configure the firewall for WMI, follow these steps:
- Navigate to Control Panel > System and Security > Windows Defender Firewall > Advanced Settings to open Windows Defender Firewall.
- Add an Inbound Rule:
- Click Inbound Rules > New Rule.
- Select Predefined > Windows Management Instrumentation (WMI).
- Allow the connection and complete the wizard.
- Enable DCOM (for remote WMI access):
- Run dcomcnfg from the Run dialog.
- Navigate to Component Services > Computers > My Computer.
- Right-click My Computer and select Properties.
- Go to the Default Properties tab:
- Ensure Enable Distributed COM on this computer is checked.
- Set Default Authentication Level to Connect.
- Set Default Impersonation Level to Identify or higher.
Configure User Permissions
To grant DCOM permissions, follow these steps:
- Open Component Services (dcomcnfg).
- Navigate to Component Services > Computers > My Computer.
- Right-click My Computer > Properties > COM Security tab.
- In Access Permissions, click Edit Limits:
- Add or modify the user/group and ensure Remote Access is allowed.
- In Launch and Activation Permissions, click Edit Limits:
- Add or modify the user/group and ensure all permissions are allowed.
To grant WMI namespace permissions, follow these steps:
- Press Win + R, type wmimgmt.msc, and press Enter to open WMI Control.
- Right-click WMI Control (Local) > Properties.
- Go to the Security tab.
- Select the namespace (e.g., Root\CIMv2).
- Click Security, add the user, and grant Execute Methods, Enable Account, and Remote Enable permissions.