WMI permissions to check Windows Firewall status

The steps in the OP5 article for setting up a WMI user works well for a lot of checks, however checking the Windows Firewall via

/opt/plugins/check_wmi_plus.pl -H <host> -m checkservice -u <wmiuser> -p <passwd> -a 'MpsSvc'

 fails with a WMI permissions error when only the OP5 KB is followed. The error that you are likely to receive is:

UNKNOWN - The WMI query had problems. This is most likely a WMI permissions error. The process trying to access the WMI namespace most likely does not have the correct WMI permissions. The following link is believed to be relevant for Windows Server 2003, 2008R2 and 2012R2 - http://support.microsoft.com/kb/907460. Wmic error text on the next line.


ERROR: Retrieve result data. NTSTATUS: NT code 0x80041003 – NT code 0x80041003

Disabling Remote UAC can resolve this issue and allow remote checking of the firewall status.

  1. Open regedit on your Windows server
  2. Navigate to: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
  3. Create DWORD (32-bit) Value entry named LocalAccountTokenFilterPolicy and give it value 1 which will disable Remote UAC

The firewall check should now succeed.

OK - Found 1 Services(s), 1 OK and 0 with problems (0 excluded). 'Windows Firewall' (MpsSvc) is Running.|'Total Service Count'=1; 'Service Count OK State'=1; 'Service Count Problem State'=0; 'Excluded Service Count'=0;

If it does not, please make sure your wmi user account is part of the Administrators group, which is also a requirement for this check.

Shopping Cart