2024年2月7日发(作者:)

步骤1:Connecting Through Windows Firewall

To successfully connect from Computer A to Computer B when the Windows Firewall is enabled

on Computer B, some configuration of firewall settings is necessary. The following procedure

helps you configure Connection 1.

To configure Connection 1

1. Ensure that the user account that is on Computer A is a local administrator on Computer

B.(电脑A 的配置)

If the user account that is on Computer A is not an administrator on Computer B, but the

user account has Remote Enable permission on Computer B, then the user must also be

given DCOM Remote Launch and Remote Activation privileges on Computer B by

running at the command prompt. For more information, see the remote

launch and activation permissions procedure in Securing a Remote WMI Connection. The

0x80070005 error occurs when this privilege is not set. For more information, see Access

to WMI Namespaces.

2. Allow for remote administration on Computer B.(电脑B的配置)

You can use either the Group Policy editor () or a script to enable the

Windows Firewall: Allow remote administration exception, or use a netsh firewall

command at the command prompt to allow for remote administration on Computer B.

The following command enables this feature.

netsh firewall set service RemoteAdmin enable

If you would rather use the Group Policy editor than the NETSH commands above, use

the following steps in the Group Policy editor () to enable "Allow Remote

Administration" on Computer B.

运行->输入命令:cmd-> 输入命令:

a. Under the Local Computer Policy heading, double-click Computer

Configuration.

b. Double-click Administrative Templates, Network, Network Connections, and

then Windows Firewall.

c. If the computer is in the domain, then double-click Domain Profile; otherwise,

double-click Standard Profile.

d. Click Windows Firewall: Allow remote administration exception.

e. On the Action menu, select Properties.

f. Click Enable, and then click OK.

The following procedure helps you configure Connection 2.

To configure Connection 2

1. (电脑A的配置)If the Windows Firewall is enabled on Computer A, enable the "Allow

Remote Administration" exception (step 2 in the procedure above) and open the DCOM

port TCP 135 on Computer A. If this port is not open, the error 0x800706ba will occur.

You can open port 135 using the following command.

netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

2. (电脑A 的配置)Add the client application or script, which contains the sink for callback

to the Windows Firewall Exceptions List on Computer A. If the client is a script or a

MMC snap-in, the sink is often . For these connections,

add %windir% to the Windows Firewall application

exceptions list. You can add with the following command.

netsh firewall add allowedprogram

program=%windir% name=UNSECAPP

Generally a C++ application has a sink written for the application. In that case, the

application sink should be added to the firewall exceptions.

3. If Computer B is either a member of WORKGROUP or is in a different domain that is

untrusted by Computer A, then Connection 2 is created as an Anonymous connection. An

anonymous connection fails with either the 0x80070005 error or the 0x8007000e error

unless Anonymous connections are given the DCOM Remote Access permission on

Computer A. The steps to grant DCOM remote access permissions are listed in Securing

a Remote WMI Connection.

步骤2:Securing a Remote WMI Connection

假设我是Computer A,在Computer B上做如下配置,包含两部分配置

第一部分配置如下:

The following procedure describes how to grant DCOM remote startup and activation permissions

for certain users and groups. If Computer A is connecting remotely to Computer B, you can set

these permissions on Computer B to allow a user or group that is not part of the Administrators

group on Computer B to execute DCOM startup and activation calls on Computer B.

To grant DCOM remote launch and activation permissions for a user or group

1. Click Start, click Run, type DCOMCNFG, and then click OK.

2. In the Component Services dialog box, expand Component Services, expand

Computers, and then right-click My Computer and click Properties.

3. In the My Computer Properties dialog box, click the COM Security tab.

4. Under Launch and Activation Permissions, click Edit Limits.

5. In the Launch Permission dialog box, follow these steps if your name or your group

does not appear in the Groups or user names list:

a. In the Launch Permission dialog box, click Add.

b. In the Select Users, Computers, or Groups dialog box, add your name and the

group in the Enter the object names to select box, and then click OK.

6. In the Launch Permission dialog box, select your user and group in the Group or user

names box. In the Allow column under Permissions for User, select Remote Launch

and select Remote Activation, and then click OK.

第二部分配置如下:

The following procedure describes how to grant DCOM remote access permissions for certain users

and groups. If Computer A is connecting remotely to Computer B, you can set these permissions on

Computer B to allow a user or group that is not part of the Administrators group on Computer B to

connect to Computer B.

To grant DCOM remote access permissions

1. Click Start, click Run, type DCOMCNFG, and then click OK.

2. In the Component Services dialog box, expand Component Services, expand Computers,

and then right-click My Computer and click Properties.

3. In the My Computer Properties dialog box, click the COM Security tab.

4. Under Access Permissions, click Edit Limits.

5. In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or

user names box. In the Allow column under Permissions for User, select Remote Access,

and then click OK.