Login
    Contents x
    Windows Management Instrumentation (WMI)
    • 14 Jun 2022
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Windows Management Instrumentation (WMI)

    • Updated on 14 Jun 2022
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Windows Management Instrumentation (WMI) is a set of specifications from Microsoft for consolidating the management of devices and applications in a Windows network. WMI provides users with information about the status of local or remote computer systems.

    Types of Assets Fetched

    This adapter fetches the following types of assets:

    • Devices

    Parameters

    1. Hostnames / IPs / CIDRs List (required) - Specify a comma-separated list of hostnames, IP addresses or CIDRs to be scanned.
    2. User Name and Password (required) - The credentials for a user account that has the permissions to run a WMI scan on the provided asset list specified in the Hostnames / IPs / CIDRs List field.
    3. DNS Servers (optional, default: empty) - Specify a comma-separated list of DNS servers to be used to resolve the hostnames specified in the Hostnames / IPs / CIDRs List field.
      • If supplied, Axonius will use the specified DNS server to resolve the hostnames specified in the Hostnames / IPs / CIDRs List field. For each asset, the first response will be the one to be used.
      • If not supplied or if no response has been received from any of the specified DNS servers, the default DNS server will be used.
    4. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    image.png

    Advanced Settings

    Note:

    From version 4.6 Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

    1. Number of parallel connections (required, default: 5) - Specify the number of connections to be opened to control the performance of the scan.
    NOTE

    For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.


    Required Ports

    • 135(RPC)
    • 445 (SMB)
    • Random port in the range 1024-65535

    Setting up a fixed port for WMI

    WMI runs as part of a shared service host with ports assigned through DCOM by default. However, you can set up the WMI service to run as the only process in a separate host and specify a fixed port. For more details, see Microsoft Documentation - Setting Up a Fixed Port for WMI.



    To set up a fixed port for WMI:

    1. At the command prompt, type:
    winmgmt -standalonehost
    1. Stop the WMI service by typing:
    net stop "Windows Management Instrumentation"

    or:

     net stop winmgmt
    1. Restart the WMI service again in a new service host by typing:
    net start "Windows Management Instrumentation"

    or:

    net start winmgmt
    1. Establish a new port number for the WMI service by typing (e.g. the following example will establish port TCP 24158):
    netsh firewall add portopening TCP 24158 WMIFixedPort



    To undo any changes you make to WMI, type:

    winmgmt /sharedhost

    Then stop and start the winmgmt service again.

    Required Permissions

    The value supplied in User Name and Password must be able to execute PowerShell code which queries the provided asset list specified in the Hostnames / IPs / CIDRs List field.

    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout