Windows Management Instrumentation (WMI)

   

What is Windows Management Instrumentation (WMI)?

Windows Management Instrumentation (WMI) is the infrastructure for management of data and operations on Windows-based operating systems. It provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Waindows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. 

WMI can be used in all Windows-based applications, and it is mostly useful in enterprise applications and administrative scripts. SCCM, SCOM and orchestrator are the major system center tools that use WMI for fetching all types of Management data.

For example, Once hardware inventory has been initiated for any machine from sccm console, the Management point that is responsible for the particular site of the machine ,will collect all hardware related information that is available in WMI and sends to sccmSQL database. Here the hardware information is represented as Management data. 

It is possible to perform multiple functions just accessing another machine remotely through WMI. 

For example:

• Start a process on a remote computer.
• To schedule a process to run in remote computers
• Reboot a computer remotely.
• Get a list of applications installed on a local or remote computer.
• Query the Windows event logs on a local or remote computer.

How do you Check WMI Connectivity Remotely?

Two ways to check WMI connectivity:

· wmimgmt.msc console - Connecting to the mmc snapshot and querying WMI properties tab is the easiest and straight forward method for verifying WMI connectivity .

If the result shows success and lists all properties, then WMI looks good.

· wbemtest 

Sometimes the aforementioned step will give good result but some problems may arise in connecting remote machines using WMI. So the following steps should be followed to identify the connection status.

How do you check remotely if WMI is working well or not?

wmimgmt.msc from run command

Figure 1: WMI screen of Local machine

Connect to the other computer that should be connected to remotely.

Figure 2: connecting to remote machine

Query the properties:

Figure 3: Tab to connect other machine

Check for the result of the properties:

Figure 4: Querying WMI Properties

If an error “The RPC server is unavailable” is noticed, it could be because of any of the following issues with the system:

· Name of the machine 

· Machines may not be available on the network 

· Name resolution problems

· Permission issue

If computer is successfully connected and the information like processor, OS, version and services pack details is displayed then the WMI connection is successful:

Figure 5: Successful WMI Properties

How to connect to WMI (local or remote computer) by running wbemtest on remote computer?

Sometimes, even after querying the WMI properties successfully there are chances of facing troubles while using WMI remote connections. WMI relies on RPC and DCOM, which does not make it very firewall-friendly. The first step therefore is to attempt to connect to a remote computer using wbemtest tool. WBEMTest is included on every computer that has WMI installed. It can be used to quickly explore or confirm WMI details. However, WBEMTest is only designed to be a support tool and has little support for browsing classes or instances.

Type wbemtest in Run command:

Figure 6: WBEM Test tool Screenshot

Click on Connect and specify the remote machine name, username and password to verify the connectivity of root namespace of remote machine.

The Default Name space is root\cimV2 and there are many namespaces available in WMI. Please specify the namespace in the following format, in order to access namespace of remote machine:

\\server01\root\cimv2

Figure 7: connecting to r root/cimv2 of remote machines

If issues such as “RPC Server is unavailable” or “Access Denied” as follows are noticed it means that there is a problem with network access, firewall or local WMI.

How to run a Query in WMI?

If the user is not aware of any relative classes, it is always encouraged to verify the top classes related with the requirement that are present in root/cimv2 namespace. In the following example, if the service called ccmexec is to be verified:

Before running the query, the classwin32_service and the properties are verified by just selecting the enum classes as highlighted in the following figure:

Figure 8: Screenshot to list of WMI classes

Select Recursive

Figure 9: Screenshot to select Particular classes

From win32_service classes, the class properties can be identified as illustrated in the following screenshot:

Figure 10: Screenshot to hide system properties

How to execute to get required information within WMI?

Go back to namespace called cimV2 illustrated subsequently and run the query using the class information that is identified earlier.

Figure 11: querying the information using WMI query tool

Click on Query and run the query as illustrated in the preceding figure. Click on apply to see the results. Any query which has correct syntax can be executed to get the correct information. 

Figure 12: screenshot of WMI query output

It can be noticed that a lot of classes are available for cimV2 name space. For more information about available classes in WMI namespace called cimV2, click here, with its description and objects within it. Usually multiple classes are available within cimV2 name space. To know more about what each class contains and the objects with in it double click on any class and click on the desired name.