Configure the firewall between your server and the Internet as follows:
• Deny all incoming traffic from the Internet to your server.
• Permit incoming traffic from all clients to TCP port 135 (and UDP port 135, if necessary) on your server.
• Open Port 445 (WMI)
• Permit incoming traffic from all clients to the TCP ports (and UDP ports, if necessary) on your server in the Ports range(s) specified above.
• If you are using callbacks, permit incoming traffic on all ports where the TCP connection was initiated by your server.”
WMI queries will succeed only if you add the User account to local admin group. Refer to the Microsoft knowledgebase articles for the way to do this. For example: Leverage Group Policies with WMI Filters: support.microsoft.com/kb/555253/en-us
For user rights for WMI access, see: www.mcse.ms/archive68-2005541196.html
See also: Service overview and network port requirements for the Windows Server system (support.microsoft.com/kb/832017/)