WMI - WinRM Scan
WMI - WinRM Scan scans devices, enriches them and fetches local users for:
- Devices (only) returned by the selected query or assets selected on the relevant asset page.
Required Fields
These fields must be configured to run the Enforcement Action.
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Port - Enter a port to connect to. The default is 5986.
-
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes.
Additional Fields
These fields are optional.
-
Connection ID from Active Directory adapter - Enter the ID of the Active Directory adapter connection you want to use to run this action.
-
Proxy Server Hostname - Enter the address of the proxy server used for the connection. For example,
http://proxy.example.com:8080/. -
Use SSL - Select whether to use SSL for the WinRM connection.
-
User Name and Password - The credentials of a user account that has permission to scan assets.
-
Fetch software licenses information
-
Fetch Local Users - Enable to fetch local users. Then, select whether to fetch builtin administrators and/or logon policy.
-
Gateway Name - Select the Gateway through which to connect to perform the action.
APIs
Axonius uses the following APIs:
- https://learn.microsoft.com/en-us/powershell/module/cimcmdlets/get-ciminstance?view=powershell-7.5
- https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1
- https://learn.microsoft.com/pt-br/powershell/module/microsoft.powershell.localaccounts/get-localuser?view=powershell-5.1
- https://learn.microsoft.com/pt-br/powershell/module/microsoft.powershell.localaccounts/get-localgroup?view=powershell-5.1
- https://learn.microsoft.com/pt-br/powershell/module/microsoft.powershell.localaccounts/get-localgroupmember?view=powershell-5.1
Required Permissions
The stored credentials, or those provided in Connection and Credentials, must have the following permission(s) to perform this Enforcement Action:
Permission to run the following Powershell cmdlets: Get-CimInstance, Get-WmiObject, Get-LocalUser, Get-LocalGroup, Get-LocalGroupMember
Permission to secedit and query the following WMI tables: Win32_UserProfile, Win32_UserAccount, Win32_GroupUser, Win32_Processor, Win32_BIOS, Win32_OperatingSystem, Win32_LogicalDisk, Win32_QuickFixEngineering, Win32_ComputerSystem, Win32_Battery, Win32_TimeZone, Win32_BaseBoard, Win32_NetworkAdapterConfiguration, Win32_Process, Win32_Service, Win32_Share, MSFT_NetTCPConnection, Win32_PnPEntity, SoftwareLicensingProduct
For more details about other Enforcement Actions available, see Action Library.
Updated about 17 hours ago