Windows Management Instrumentation (WMI)

>>Windows Management Instrumentation (WMI)

Windows Management Instrumentation (WMI)

Windows Management Instrumentation (WMI) has been around since Windows 2000 and is incredibly useful for exposing internal system goodies to network admins and users alike.

It’s easiest to think of WMI as the underlying database engine for the Windows operating system. Even though this statement isn’t 100% accurate, the model works from a usage perspective. WMI catalogs and exposes all hardware and software specific to the current box while also providing real-time state based information about each specific piece, or object. Programmers can find all the system configuration information needed for their software by querying the capability of the system at run-time and determining how best to utilize those features or to determine if the workstation will support the software at all. And, a technician can use WMI for determining some state of the workstation by running command-line queries. This includes hardware, software, system information and other hardware or software states such as fan speeds and temperatures.

This information can be queried remotely and, fed into scripting engines to get some serious work done. Amazing!

The tool I’ll talk about is WMIC. It is the command line tool used for interfacing with WMI. If you’re feeling curious, start up your command line and try out some of the following examples for fun and edutainment!

  • Want to know the make and model of your workstation? At the command line type “wmic computersystem get model” press the enter key and the command line will display the model information back to you.
  • Want a serial number from your box without checking the sticker on the back? : “wmic bios get serialnumber” returns that. This is especially useful for laptops that have their serial number hidden underneath the battery.
  • You can also chain your WMI queries by delimiting with a comma : “wmic baseboard get product, manufacturer, version, serialnumber” will give you a nice table of information about the system board without having to remove any screws.
  • Finally, if you want to see what options are available on a specific alias or object, you can use the ‘get’ command by itself to have WMI spit out all the available options : “wmic computersystem get” (This can get messy as it spits out literally all available options for that object, so it may be better to google the specifics of what you’re looking for)

In that last example, I used “computersystem” to display the known WMI options for the comptuersystem object, you can use this same technique with “bios”, “baseboard”, and the many other WMI objects in the database. Dig a little deeper, use “wmic alias list brief” to get a list of the commonly used object queries for wmic. Now that you have the basic idea on how to perform queries on your local box, let’s take it for a test drive out on the network.

WMIC allows us to reach out and query remote workstations, provided we’re logged in as an administrator, and work with it as if it were local. We accomplish this by using the ‘/node:’ switch. We can specify either a Computer Name or an IP address on the network to make queries against.

  • For example: “wmic /node:192.168.100.32 baseboard get product, manufacturer, version, serialnumber” will return the make, model, version, and serial number of the motherboard of my server living at 192.168.100.32.

The ability to fetch all this data from workstations and servers is certainly useful on its own, but that power can be leveraged even further with the use of scripting or automation tools. Windows® Powershell, immediately comes to mind, and in fact has its own set of WMI commandlets. Scripting tools like Powershell have great capability to analyze, change, and make choices based on polled data from WMI. In addition, a scripting tool like Powershell has no problem running the same set of script logic against a list of workstations that you can either feed it or ask a domain controller for. This is the real power of this tool, and what it was designed for. Deep in the archives of MSDN, Microsoft specifically states, that the purpose of exposing WMI via WMIC was specifically to “make the job of administering Windows a whole lot easier”.

As I stated before, WMI is not only limited to hardware queries. It can also perform very detailed information about software installed on and running on a workstation. It is also capable of querying and modifying the Windows registry; locally and remotely. I’ll leave the discovery of those invocations up to the reader; Google tends to be an amazing tech resource if you know what you’re looking for. Like any remotely administered process, it is best to fully understand what you’re doing before you dispatch a command. 😊 If you perform regular network administration tasks and have not used this insanely powerful tool, I highly recommend it!

2017-11-22T12:26:46+00:00