The third requirement of remote auditing is that once the network auditing agent has established a connection with the remote machine that it needs to audit, it must be able to request information about the hardware and software on that machine. This part of the audit process is done (on windows machines) using a service called WMI (Windows Management Instrumentation).
Firstly then, WMI must be installed on any remote machine that we want to audit. WMI has been part of the operating system since the release of Windows ME and Windows 2000, so it will rarely be the case that this is not installed. If you do have machines that are running Windows NT 4.0, Windows 95 or Windows 98 then you can download and install WMI as an OS add on. You'll find further information about that in the Knowledge Base article on our website: Preparing machines for auditing.
Secondly, WMI must be accessible. Remote access to WMI is performed using a protocol called RPC, which uses port 135. For machines running Windows XP SP2 and Windows 2003 this port will typically be blocked by the Windows Firewall that is running on each machine. However, you can enable access to this port using the Group Policy MMC snap-in. When doing so, we would generally advise you only grant access to this port to machines located on your local subnet (granting access to any machines outside the local network could present serious security risks). The article cited above provides links to further information about this.
For machines running Windows 95/98/ME you will also need to ensure DCOM is running. Again, links to further information about this can be found in the Preparing machines for auditing article.
