Using WMI to manage and monitor Windows Server and desktop operating systems can be a great way to query information. In this review of AdRemSoftware's WMI Tester, we will look at the features and functionality of this free tool to test WMI connectivity.

When it comes to managing and monitoring Windows environments, including Windows client operating systems and Windows Server, Windows Management Instrumentation (WMI) is a really powerful tool. However, WMI can be notoriously challenging, especially when used for remote management. This can be due to issues with connectivity, permissions, firewall, and even problems with the WMI query itself.  What if there were a utility that could help test and troubleshoot WMI connectivity to a Windows endpoint as well as provide an easy way to write and test WMI queries in WMI query language (WQL)?

AdRemSoftware, the company that makes NetCrunch networking monitoring software, makes a freely available utility that can make WMI testing and queries easier. It is called the WMI Tester. In this review of the WMI Tester utility, we will see what the app can do and how it makes WMI much easier.

What is Windows Management Instrumentation (WMI)? ^

First off, it would be beneficial to take a closer look at Windows Management Instrumentation (WMI) to see what it is and how we interact with it for management and monitoring purposes.

As we have already mentioned, WMI is a means to manage and monitor specific data on local or remote Windows machines. WMI is the proprietary Microsoft implementation of a framework known as Web-Based Enterprise Management (WBEM), which is a well-known standard for management information access in an enterprise.

WMI is used to query Windows information for parts of the operating system itself as well as other Microsoft solutions such as System Center Operations Manager (SCOM) and Windows Remote Management (WinRM).

An entity known as the Distributed Management Task Force (DMTF) maintains a Common Information Model (CIM) that represents endpoints such as network devices, systems, applications, and others. CIM is the model used by WMI for remote local and remote connectivity.

While WMI is available in Windows Server and client operating systems by default, the various WMI providers available may depend on the specific version of Windows running on the endpoint as well as the features and solutions that are installed. ***Note*** An exception to using WMI to connect remotely includes the Starter, Basic, and Home editions of Windows, as these do not allow remote WMI queries. An example of a common WMI provider that can be queried for useful information is the Active Directory WMI provider.

Microsoft provides a resource listing some of the more well-known WMI providers available to interact with.

WMI query language

One of the really neat things you can do with WMI is query it, much like you would a SQL database table using something called WMI Query Language (WQL). With WQL, you can write queries on WMI to query specific information from WMI providers. Three different types of queries are possible with WQL. These include:

  • Data queries
  • Event queries
  • Schema queries

An example WQL query to find the various event logs looks like the following:

In theory, WMI is easy to interact with for querying all kinds of information from your Windows environment. However, in practice, it is common to run into issues with querying WMI for information, especially on remote Windows endpoints. Why is this? What are the common troubleshooting points to take note of with WMI troubleshooting?

Troubleshooting WMI ^

Typically, most troubleshooting of WMI is related to trying to query information about a remote Windows computer. WMI connects to remote Windows computers using DCOM. DCOM can be troublesome, especially with permissions.

In addition to these permission-related issues and misconfiguration of remote DCOM access, WMI relies on network communication for proper access. One of the challenges with WMI is the wide range of ports used for access by default. It uses TCP port 135 as well as a wide dynamic range of ports, including ports 1024 to 65535. Keeping these points in mind when establishing WMI connectivity to your remote Windows endpoints can help to narrow down any WMI errors you may receive.

Changes in AdRemSoftware's Free WMI Tool Offering ^

Some time ago, AdRemSoftware offered a product called the WMI Tool, which was available as a free download. However, this tool is no longer available for free. WMI Tool has now been incorporated into NetCrunch, AdRemSoftware's premiere network monitoring solution.

AdRemSoftware has reduced the functionality of the free WMI offering, now the WMI Tester. Previously, the free WMI Tool was a more fully featured tool than the WMI Tester, providing a more powerful interface, tools, and information by default. Again, this WMI utility is now part of the NetCrunch "tools."

Adremsoft WMI Tool is now part of NetCrunch's monitoring software

AdremSoftware WMI Tool is now part of NetCrunch's monitoring software

When the WMI Tool is compared with the new WMI Tester utility, one of the more powerful features is the Query Builder. With the WMI Tool, the Query Builder made writing WQL queries much easier as you could basically pick the objects and write the query using the wizard.

The WMI Tool provided a more powerful WMI query builder

The WMI Tool provided a more powerful WMI query builder

AdRemSoftware has reduced the functionality of the free download of their WMI Tester utility so that it is only a very light implementation of the WMI Tool without some of the more advanced features, such as the Query Builder.

While the functionality is reduced in the WMI Tester, it is still useful. It can quickly test connectivity to your remote Windows endpoint. It also provides an easy way to see whether your WQL query includes the correct syntax and returns the desired/expected information.

The screenshot below shows running a specified query against a Windows endpoint, resulting in an RPC error noted in the output.

Discovering errors connecting to a remote Windows endpoint

Discovering errors connecting to a remote Windows endpoint

As you can see in the following screenshot, there are built-in WQL queries to return information on the operating system, services, processes, logs, partitions, network, print jobs, and more.

WMI Tester includes several WMI WQL queries by default

WMI Tester includes several WMI WQL queries by default

Testing a WQL query will display the results in the bottom pane of the WMI Tester app

Testing a WQL query will display the results in the bottom pane of the WMI Tester app

Creating a new WQL query allows naming the query, selecting the namespace, and entering the WQL query code.

Creating a new WQL query test

Creating a new WQL query test

 

Adding a new connection for a remote WMI query test is as easy as adding an IP address/FQDN and entering the username and password to make the WMI connection.

Adding a new WMI connection to the WMI Tester

Adding a new WMI connection to the WMI Tester

Conclusion ^

Compared to the previously free download called the WMI Tool, WMI Tester is quite a bit lighter in features and functionality. While this is a little disappointing, the WMI Tool is now included as part of the native tools in NetCrunch, which is AdRemSoftware's monitoring platform.

WMI Tester provides a simple interface that can help you test connectivity to a Windows endpoint as well as write WMI Query Language (WQL) code to query specific information. It also has several prebuilt WQL queries that can provide a starting point for testing various WMI information.

Check out AdRemSoftware's free download of WMI Tester here.

Read 4sysops without ads by becoming a member!

Your question was not answered? Ask in the forum!

2+

Users who have LIKED this post:

  • avatar
  • avatar
Share
3 Comments
  1. Great tool to add to Admins Swiss Army Knife smiley

    0

    • Remote WMI queries are usually a bit slow, not speaking of that many companies to close the high random ports used by WMI. It is bit more friendly for me use Powershell and if needed query WMI/CIM session with Invoke-Command locally.

       

      0

    • But tool looks fine, will check it out as well for sure 🙂

      0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account