The two most common protocols for monitoring Microsoft products are Simple Network Management Protocol (SNMP) and Windows Management Instrumentation (WMI). They are both natively supported in Windows and Windows Server, and neither one requires you to install third-party add-ons to start monitoring. This article explains the difference between the two protocols and helps you choose the one that works better for your scenario.
Latest posts by Jasmin Kahriman (see all)

Some vendors offer SNMP as a third-party Windows add-on, but that is a discussion for another time.

What is SNMP? ^

SNMP is a common network monitoring protocol used to monitor Windows devices or any other network-based devices. Microsoft introduced it in Windows 95. Although still natively available in Windows, it is deprecated; Microsoft no longer provides any support for it and does not plan to work on further development.

Even so, you can still install SNMP and use it. Note that it is not enabled by default.

If you are using systems or builds older than Windows 10 1803, you can install SNMP using Control Panel > Program and Features > Add or remove programs. If you are using operating systems or builds newer than Windows 10 1803, you must use PowerShell to install SNMP.

For example, to install SNMP in Windows 11, you need to execute the following PowerShell command:

Add-WindowsCapability -Online -Name "SNMP.Client~~~~0.0.1.0"
Install SNMP in Windows 11

Install SNMP in Windows 11

If you are using Windows Server with Desktop Experience, you can install it via Server Manager > Features. If you are using Windows Server Core or Hyper-V Server Core, you need to use PowerShell.

Install SNMP service on Windows Server

Install SNMP service on Windows Server

SNMP comes in three versions: SNMP v1, SNMP v2c, and SNMP v3. SNMP v1 and SNMP v2c are unencrypted, and SNMP v3 provides authentication and encryption. Microsoft supports only SNMP v1 and SNMP v2c. It has never implemented SNMP v3.

SNMP v1 and SNMP v2c use something called a community string. If the community string in a Windows product and the community string in a network-monitoring product match, monitoring is possible. If they don't match, it won't work. A community string is like a shared keyword.

You should configure your Windows machines to accept only SNMP queries from your network management system (NMS).

Windows and Windows Servers also support SNMP Traps. SNMP Traps are used to collect different event activities, such as changes within Windows.

What is WMI? ^

WMI stands for Windows Management Instrumentation. As the name implies, it is a Windows-related service, and it can't be used on any other target system.

WMI is natively supported and enabled in Windows clients and Windows Servers. For it to work, you need to provide your NMS with valid Windows credentials that can respond to WMI queries. In some cases, it will work with the standard user; in others, you need to use a local or domain administrator.

WMI is service-based, and it needs to be on.

The WMI service in the Services app

The WMI service in the Services app

WMI is based on the Distributed Component Object Model (DCOM) and helps execute remote commands on a remote Windows machine.

Microsoft provides a list of WMI queries that are being used by network monitoring companies to gather the metrics. For example, to query logicaldisk, you need to execute the following WMI query:

get Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName

You can check out other WMI queries at the Microsoft page Useful WMIC Queries.

Querying metrics manually is not a common thing to do. All the network monitoring products include already predefined WMI queries that you only need to execute.

WMI vs SNMP: what to choose? ^

Although WMI is enabled by default, SNMP is not. You need to enable and configure it.

WMI requires standard or admin credentials. SNMP uses a community string.

WMI consumes more resources than SNMP. SNMP is known as a lightweight protocol. But which is better also depends on what kind of metrics you want to get.

For example, SNMP can provide more bandwidth metrics (network in, network out, network total, unicast, multicast, broadcast, errors) than WMI (network in, network out, network total). WMI can give you Windows Update Status; SNMP can't.

WMI can get more metrics from Windows Server roles and features like Active Directory, Microsoft SQL, and SharePoint.

Whether you are using SNMP or WMI, you can get metrics for such features as CPU, RAM, Disk, and services.

SNMP supports SNMP Traps. WMI does not. However, in WMI you can use event logs.

On Windows-based machines, it takes more time to configure SNMP than to configure WMI. The good thing is that configuring SNMP can be automated. I wrote an article about it on my blog: "Automate SNMP configuration in Windows domain network."

Conclusion ^

SNMP and WMI are two common protocols used to monitor Microsoft-based products. They don't replace each other; they complement each other. Both are natively supported in Windows and Windows Servers. WMI is enabled by default. SNMP is not.

With respect to monitoring, they can gather the same or similar metrics. By design, though, some metrics can be gathered only by using WMI, others only by using SNMP.

Subscribe to 4sysops newsletter!

What you should choose depends on what metrics you need and what you want to achieve with your monitoring.

avatar
0 Comments

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account