Detection
Detection of the operating system allow to distinguish Windows machines from other machines. It is based on the ping TTL setting, which is (by default) different on Windows OS. This detection is made at the discovery of the neighbor, then every 24 hours.
Beware, in order for this OS detection to work, ICMPv4 traffic needs to be authorized by the firewall (see part Firewall rules to setup)
Deployment
- Targeted machines need to be at least on Windows 7 / Windows Server 2008 R2 (PowerShell 2.0 compatibility)
- Windows need to be installed on the C: disk of targeted machines
- WMI Remote service needs to be enabled on targeted machines (Windows Management Instrumentation service)
- Firewall need to accept WMI and DCOM connections (see part Firewall rules to setup)
In order to deploy the RG agent, an Active Directory domain controller must be present in the network of the target machine. If this is not the case, a local account can be used with the following conditions:
- Either UAC is disabled on the target machines and local administrator credentials are used
- Either UAC is enabled and the default Windows Administrator account is used
To go further on the necessary WMI configurations, you can refer to this tutorial: https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with-vista
Firewall rules to setup
On inquirer agent
File and Printer Sharing (Echo Request - ICMPv4-Out)
Windows Management Instrumentation (WMI-Out)
Windows Management Instrumentation (DCOM-Out)
On targeted machines
File and Printer Sharing (Echo Request - ICMPv4-In)
Windows Management Instrumentation (WMI-In)
Windows Management Instrumentation (DCOM-In)
Firewall rule deployment command
netsh advfirewall firewall set rule name="{rule name}" new enable=yes