As you probably know, Windows Management Instrumentation (WMI) is Microsoft's implementation of the Distributed Management Task Force's (DMTF's) Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards. Ach--that's a whole lot of acronyms!

Because the WMI repository contains any Windows system's configuration details, we administrators make use of WMI all the time. In point of fact, Windows PowerShell Desired State Configuration (DSC) uses the same Managed Object Format (MOF) data description language as WMI does.

AdRem Software, makers of the NetCrunch network management/monitoring software, offers a free tool called, appropriately enough, WMI Tools, that gives us quick and easy visibility into local and/or remote computer's WMI repositories.

Go ahead and download the AdRem NetCrunch WMI Tools and install it on your administrative workstation. You can then follow along with me as I give you quick tour of the product’s features.

WMI Tool general navigation ^

As you can see in the following screenshot, the NetCrunch WMI Tool looks to be nothing more than a garden-variety Windows desktop application.

The WMI Tools user interface

The WMI Tools user interface

The NetCrunch WMI Tool exposes a target system's WMI repository in a number of ways:

  • General Info: Operating system/uptime metadata
  • Processes: View and terminate running processes
  • Services: Start, pause, stop, and adjust startup type of installed services
  • Event Log: Examine all events that normally display in Event Viewer
  • System Hardware: Read-only access to installed hardware
  • Operating System: Read-only access to disks, users, shares, environment variables, and so forth
  • WMI Explorer: Query for and view WMI namespaces, classes, and instances

Exploring the WMI Tool's possibilities ^

To connect to a remote computer, simply click the chain link icon on the toolbar and specify the remote system's host name. One downside to remote WMI is that it uses the antiquated Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM) protocols. This means that you might have to adjust the Windows Firewall configuration on both your source and destination computers.

The WMI Tools support remote connections over DCOM and RPC

The WMI Tools support remote connections over DCOM and RPC

To export data from NetCrunch WMI Tool, simply navigate to the desired view node and click File > Export. The export file is in Extensible Markup Language (XML) format. Of course, you can click File > Print to make paper and/or PDF copies as desired.

Click Tools > Options to open the Options dialog box. As shown in the next screenshot, you can view the repository in the security context of another user, as well as set an auto-refresh interval.

Setting program options

Setting program options

Sadly, although NetCrunch WMI Tool v8.0.0.16 allowed me to specify Other User for its authentication mode, the tool never presented a dialog to enter alternate credentials.

Using the WMI Explorer ^

Microsoft created the WMI Query Language (WQL) to give Windows administrators a Structured Query Language (SQL)-like syntax for searching the WMI repository. For example, we use WQL to construct WMI filters for selectively applying Group Policy Objects (GPOs).

We also can run WQL queries in Windows PowerShell. For instance, the following pipeline retrieves hard-disk-related information for a remote server named mem2.

Invoke-Command -ComputerName mem2 -ScriptBlock { Get-WmiObject -Query 'SELECT * FROM Win32_LogicalDisk' }

To get started using WQL queries in NetCrunch WMI Tool, navigate to WMI Explorer and look at the built-in list of sample queries. For instance, click Logical Disks to view your target system's hard disk volume layout.

Now, then: Right-click that Logical Disks query and select Modify from the shortcut menu. This action opens the Query Builder Wizard. Building a query in the WMI Tool involves the following general steps:

  • Deciding whether to use the Query Builder or to write the WQL expression yourself
  • If you use the Query Builder, choose your query's namespace, class, and instance
  • Customize the query by including Boolean conditions (equal, less than, greater than, and so forth)

Let's create a new query that displays UEFI/BIOS information. From the WMI tool, click Actions > New, and select Type in Query Command in the Query Builder Wizard.

In Windows, we use the root\CIMV2 namespace, so simply type in the following WQL query in the Query: field:


The next screenshot shows the Query Builder Wizard interface:

Building a new WQL query

Building a new WQL query

Note the Preview button. That's a handy way to run a quick "sanity check" to ensure that your WQL syntax is valid. Once you finish the wizard, your stored query shows up, alphabetically sorted along the built-in queries.

Final thoughts ^

The AdRem NetCrunch WMI Tool is a neat offering. It's fast, and it works as advertised, for the most part. And you can't beat the price!

Subscribe to 4sysops newsletter!

Maybe it's just me, but I prefer to use the WMI Explorer open-source tool, mainly because WMI Explorer makes both browsing the WMI repository, as well as writing queries, easier. In addition, WMI Explorer actually shows you the underlying WQL when you select an WMI instance graphically.

1 Comment
  1. Garry Schindler 7 years ago

    First I want to say thanks for 4Sysops 🙂 I’m still new to your site, so I hope this is not a repeat question. I need some guidance on WMI and connection issues. Our MS Domain has been setup with firewall rules to allow for WMI. Out of several hundred units, I have about 20 that I cannot connect to using WMI. The only tool I was advised to help me “debug” these problems was Paesslers’ WMITester ( On the units with connection issues, running that tool remotely returns – Port Error 135:RPC Server not accessible. But, running this tool on the machine itself will work. Fortunately due to your article I was able to try the NetCrunch WMI Tool remotely – which returns RPC servers is unavaible 800706BA. This also runs fine locally. While it sounds like a firewall issue, the firewall rules are set in a GPO.

    Where can I find some good detailed resource material on debug steps for this issue?

    Thank you much!

Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account