Windows Management Instrumentation (WMI) is a powerful framework that allows administrators to manage and monitor Windows-based systems. It provides a standardized interface for accessing system information, enabling various administrative tasks and automation processes. When WMI is enabled, it unlocks a range of functionalities, such as querying system configurations, monitoring system health, and automating administrative tasks. This makes it an essential tool for effective system management.
Enabling WMI is crucial for maintaining a well-functioning IT environment. It allows for seamless integration with management tools, enhances monitoring capabilities, and supports the automation of routine tasks. By leveraging WMI, administrators can ensure efficient system management, improve productivity, and maintain system integrity across their networks.
This section covers the methods of enabling WMI on Windows. We will cover five methods, including service manager, PowerShell, group policy, firewall, and enabling remote WMI requests.
Method 1: Enabling WMI via Services Manager
Services Manager is a tool for Windows devices that allows the management and simplification of all the tasks related to Windows services. To enable WMI using Services Manager, follow the steps below:
Step 1: Navigate to the search bar beside the Start menu and type `services.msc`.
Step 2: Once the Services screen opens, look for Windows Management Instrumentation in the list and verify if its status is Running. If not, right-click on the service and select Start from the dropdown.
Step 3: Additionally, ensure that the Startup Type is set to Automatic.
This enables the WMI services on the Windows device, providing an interface to the operating system’s access management information.
We have created a YouTube video to help you understand this guide better and faster.
How To: Enable the WMI Monitoring Service in Windows
Method 2: Enabling WMI with PowerShell
You can use Windows PowerShell to connect to the WMI on a remote computer. Although the remote connections in WMI depend on their configurations, you can establish the connection with a remote computer via PowerShell script.
If you want to connect to a remote computer using the same credentials you used to log in and intend to request impersonation (by default, its level is set to 3), the following is an example command:
However, if you want to connect to a remote computer using different credentials and set the impersonation level to 3, the following are the example commands:
Similarly, you can connect to a group of remote computers in the same domain and to a remote computer in a different domain. For further details, refer to Microsoft’s official documentation.
Method 3: Enabling WMI via Group Policy (GPO)
To enable Windows Management Instrumentation (WMI) via Group Policy (GPO), you can configure the necessary settings to allow users or groups to access WMI services across multiple computers in a domain. To do so, follow the steps below:
Step 1: Press `Win + R`, type `gpmc.msc`, and press `Enter` to open the Group Policy Management Console.
Step 2: Navigate to the appropriate Organizational Unit (OU) where you want to apply the policy. Then right-click on the OU and select `Create a GPO in this domain, and Link it here...` or choose an existing GPO to edit.
Step 3: Right-click the GPO and select `Edit` to open the Group Policy Management Editor.
Step 4: Go to `Computer Configuration` > `Policies` > `Windows Settings` > `Security Settings` > `System Services`.
Step 5: Find `Windows Management Instrumentation` in the list of services. Next, double-click on it to open its properties. Then set the startup type to `Automatic` to ensure the WMI service starts automatically with the system.
Step 6: Still in the Group Policy Management Editor, go to `Computer Configuration` > `Policies` > `Administrative Templates` > `Network` > `Network Connections` > `Windows Firewall` > `Domain Profile`. Next, enable the policy `Allow inbound remote administration exception` to allow remote WMI queries.
Step 7 (Optional): If you need to set specific permissions for users or groups to access WMI, you can do so by configuring a script or using additional tools like `wmimgmt.msc` to set permissions on the WMI namespaces.
Step 8: Close the Group Policy Management Editor and ensure the GPO is linked to the correct OU and that it is enabled.
Step 9 (Optional): On client machines, you can run `gpupdate /force` in the Command Prompt to apply the new policy settings immediately.
Method 4: Allowing WMI Through the Firewall
Accessing WMI services on the local machine is possible for all the users, but if it is about accessing these services over the remote server, you have to allow the firewall. To do so, follow the steps below:
Step 1: Navigate to the search bar beside the Start menu and type cmd.
Step 2: Right-click on the Command Prompt app and select Run as administrator from the dropdown.
Step 3: Once it opens, enter the following command:
copyCopied!
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
This should enable the WMI traffic through the Windows firewall.
Method 5: Enabling Remote WMI Requests
To allow the WMI users to access the remote server, it is significant to enable the remote WMI requests. To do so, follow the steps below:
Step 1: Navigate to the search bar beside the Start menu and type Computer Management.
Step 2: Once the Computer Management screen opens, click on Services and Applications from the sidebar.
Step 3: Right-click on WMI Control and select Properties from the dropdown menu.
Step 4: From the WMI Control Properties dialogue box, click on the Security tab and then the Security option on the bottom right of the screen.
Step 5: Select the group of users from the list you want to enable the WMI services for and click on Add.
Step 6: Under the Permission for Administrators section, enable the Allow checkbox for the Remote Enable option and click on OK.
This opens your remote server to accept the WMI requests.
Configuring Firewall and DCOM
If your account is a non-administrator on the target server, you need to grant DCOM remote launch permission to that set of users. Additionally, you have to enable the firewall for which the steps have been covered in Method 04.
To grant the permissions for activation and DCOM remote launch, follow the steps below:
Step 1: Navigate to the search bar beside the Start menu and type Run. Once the dialogue box opens, type dcomcnfg and click on OK.
Step 2: Expand the Component Services from the sidebar succeeded by the Computer. Right-click on My Computer and select Properties from the dropdown.
Step 3: From the My Computer Properties screen, click on the COM Security tab.
Step 4: Click on the Edit Limits button under the Launch and Active Permissions.
Step 5: If the intended user account/group of users is not present in the list, click on Add to include it.
Step 6: Once done, enable the Allow checkboxes for Remote Launch and Remote Activation options for these users.
Step 7: Lastly, click on OK to close the dialogue box.
We have created a YouTube video to help you understand this guide better and faster.
How to enable DCOM setting on Windows
Part 2: How to Check if WMI is Enabled?
Checking if WMI is enabled is an important step to allow access to the remote server. Two of the methods to do so are as follows:
Check Using Services Manager
Step 1: 1.Navigate to the search bar beside the Start menu and type services.msc.
Step 2: 2.Once the Services screen opens, look for Windows Management Instrumentation in the list and verify if its status is Running.
Checking Using PowerShell
If you are checking it on a local machine, enter the following command in the PowerShell:
copyCopied!
Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem"
For remote machines, use the following command:
copyCopied!
Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" -ComputerName [Your Computer Name]
Part 3: Advanced WMI Configuration
This section explores the details of two advanced WMI configurations, which can add more value regarding security and troubleshooting.
1 Setting Up Remote WMI Connections
When setting up remote connections, you can keep a few points in consideration for enhanced security. These include:
Step 1: Open the firewall specifically for the DCOM port, which is 135. To do so, utilize the following command:
Step 3: When enabling and configuring the DCOM permissions, ensure they are enabled only for the required group of users. Additionally, the authorized users should only have the required level of permissions.
Step 4: Audit and monitor the WMI access (further details on it are covered in the next section).
2 Enabling WMI Logging
Enabling WMI logging is an effective method to troubleshoot the problems in the WMI scripts. However, it is recommended to only enable the logging when performing the troubleshooting process. Having them enabled all the time can be expensive in terms of CPU usage. The steps to enable the logging include:
Step 1: Navigate to the search bar beside the Start menu and type Event Viewer. Once the dialogue box opens, click the View option in the navigation bar and select Show Analytics and Debug Logs from the dropdown menu.
Step 2: Expand the folders from the sidebar in the order: Applications and Services Logs > Microsoft > Windows > WMI-Activity and click on Trace.
Step 3: Once the screen opens, click the Enable Log under the Actions bar on the right.
Step 4: Click on OK once the prompt box opens.
After enabling the logs, you can visualize them on the Trace screen.
AirDroid Business is an Windows and Android device management solution that can be used to enroll, manage, and monitor large fleet devices. With the centralized platform, organizations are able to deploy smartphones, tablets, rugged devices and others dedicated devices like kiosks and digital signage.
It's available for Cloud Deployment & On-Premises Deployment.
Key features include: remote access & control, Google Play apps & enterprise's apps management, policy, single & multi-apps kiosk mode, alerts & automated workflows, geofencing & location tracking, file transfer, notification, user management, reports, etc.
For more than 8 years, Maverick has dig deep into IT and mobile device management. He delivers practical MDM solution tips and strategies for various endpoints management.
Leave a Reply.