1) Make sure that the scanning account is an administrator on the target computer.
2) Make sure that the scanning account's password is not expired.
3) Check the DCom Security settings.
This script can configure the necessary DCOM and windows firewall settings: download script
Access Permissions: Edit Default...
Self (Local access, Remote access)
System (Local access)
Administrators (Local access, Remote access) !!important
Launch and Activation Permissions: Edit Default...
System (Local launch, Local activation)
Administrators (Local launch, Remote launch, Local activation, Remote activation) !!important
Interactive (Local launch, Local activation)
To make it easier you can reset DCOM to the default permission from this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Make sure EnableDCOM is set to Y
Delete all other values in this key (don't delete any subkeys)
4) Only necessary for workgroup computers:
If you are scanning Windows Vista or Windows 7 in a workgroup you need to disable UAC (for computers in a domain this is not required)
More info on this link: Handling_remote_connections_under_uac
- Optionally you can disable UAC for remote administrator only:
Start "regedit.exe"
Go to key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
Create new Dword value: LocalAccountTokenFilterPolicy
Set LocalAccountTokenFilterPolicy to "1"
Set Classic security model:
Start/run "secpol.msc"
Navigate to Local Policies\Security Options
Network Access: Sharing security model for local accounts - Set to Classic
Restart the computer.
5) Make sure that the "Windows Management Instrumentation" service is set to automatic and is started on the client.
6) If WMI still doesn't work download the WMI Diagnose tools from Microsoft.
7) Use this script to repair WMI on a computer.
8) Try removing and re-adding the computer to the domain as a last resort.