WMI (Windows Management Instrumentation)
Windows Management Instrumentation Device Driver allows Iotellect Server to manage Microsoft Windows computers. Like with all other types of devices, data collected via WMI is converted into unified form to allow access from different Iotellect facilities. See Devices article for more information about the "normalized" representation of devices in Iotellect.
With Iotellect Server's WMI driver, you can:
read and write properties of WMI objects.
fetch information using WMI Query Language (WQL) request.
call methods provided by WMI objects
subscribe for WMI events.
WMI device driver allows to monitor and manage WMI-enabled computers locally or remotely via either COM or Distributed COM (DCOM) calls. The DCOM-based technology allows to access WMI computers from any, even non-Windows platform, but requires the client computer to be properly configured for remote access (see Configuring Remote Access to WMI). The COM technology allows to invoke WMI functions "directly" without any additional manipulations on client computer, but can be used only on a Windows-based Iotellect Server.
 | WMI device driver doesn’t work with Windows systems that received DCOM+authentication+hardening">DCOM authentication hardening updates unless Local mode is enabled in the driver settings. |
Driver Information
Driver Plugin ID: | com.tibbo.linkserver.plugin.device.wmi |
Global Settings
None defined.
User Level Settings
None defined.
Device Account Properties
Connection Properties
Connection settings define how Iotellect Server communicates with a certain WMI computer. These settings can be accessed using Edit Device Properties action of the Device Context. Here is a list of available connection properties:
Setting | Description | |
WMI Connection Type | Base technology: DCOM or Direct calls.
| |
Local | Only for Direct connections. If checked, the device will connect to local WMI services; no additional connection credentials are needed in this case. If unchecked, driver connects to a remote WMI services using the credentials provided below. | |
Address | IP address or host name of a WMI computer.
| |
Domain | Windows Domain name (optional). | |
User | Name of Windows User Account used to access WMI via DCOM. | |
Password | Password of the Windows User Account. | |
Authentication Level | Only for Direct connections. The authentication level controls security requirements that client requests from its server. The authentication levels from the client and server are compared during the handshake, and the higher level security protection setting is used for the connection. The different authentication levels are described as follows, from lowest level security protection to the highest: | |
Authentication Level | Description | |
|---|---|---|
None | No authentication is performed during the communication between client and server. All security settings are ignored. | |
Connect | The normal authentication handshake occurs between the client and server, and a session key is established but that key is never used for communication between the client and server. All communications after the handshake are non-secure. | |
Call | Only the headers of the beginning of each call are signed. The rest of the data exchanged between the client and server is neither signed nor encrypted. Most SSPs do not support this authentication level and silently promote it to Packet. | |
Packet | The header of each packet is signed but not encrypted. The packets themselves are not signed or encrypted. | |
Packet Integrity | Each packet of data is signed in its entirety but is not encrypted. Because all of the data are signed by the sender, the recipient can be certain that none of the data has been tampered with during transit. | |
Packet Privacy | Each data packet is signed and encrypted. This helps protect the entire communication between the client and server.
| |
All Namespaces | Defines whether the driver should discover assets (WMI classes) in all available WMI namespaces. | |
Namespaces | Defines a list of WMI namespaces that will be scanned to look up assets (WMI classes). Specified by:
| |
Group View | Driver supports two types of asset view representation:
| |
Connection Timeout | Timeout for TCP-level connections. | |
Execution Timeout | Timeout for WMI operations. | |
To apply this option for an existing device, you should invoke Reset Device Driver action.WQL Requests
The WQL Requests table defines queries that can be used to retrieve fine-grained information from WMI device: certain properties of objects or objects that meets specified conditions.
Setting | Description |
Name | Request name. |
Description | Request description. |
Expressions | Forces treating WQL Request field as expression. This expression must resolve to a WQL query string. |
WQL Request | WQL query text. |
Timeout | Timeout for query execution. |
Allow Incomplete | Controls what happens when full query result was not retrieved before Timeout expiration. If Allow Incomplete is enabled, the query result table will contain partial results that were received during Timeout. If Allow Incomplete is disabled, the query execution will fail and query result variable will switch to error state. It value will be equal to previous correctly received value in this case. |
WQL Event Requests
The WQL Event Requests table defines queries that are used to subscribe to WMI events.
Setting | Description |
Name | Request name. |
Description | Request description. |
Expressions | Forces treating WQL Request field as expression. This expression must resolve to a WQL query string. |
WQL Request | Text of WQL event query. |
Next Event Reading Timeout | Specified how long to wait for new events during the WQL Request execution. Too long timeouts are not recommended because those timeouts will put device synchronization on hold. If some events were not received before this timeout has elapsed, those events will anyway be retrieved during the next synchronization cycle. |
Device Assets
For each WMI class driver creates an asset of the same name. By enabling an asset, user asks driver to fetch all the instances of a corresponding class. Most assets are disabled by default, just few often-used classes are enabled.
| Some WMI classes may have thousands or even millions of instances. Enabling these classes may cause device synchronization slowdown and exceeding resource consumption. Use WQL requests to fetch data precisely. |
Device Settings
WMI device driver creates device setting variables as follows:
For each enabled asset (WMI class) it creates a variable of the same name.
For each query defined in WQL Requests table it creates a variable of the same name.
The WMI Event variable that stores information about WMI event subscriptions is created.
Device Operations
WMI driver creates a device context function and a corresponding action for every method provided by enabled WMI classes. These actions are grouped by class names.
When invoked, WMI action requests object path and method parameters, then calls the method for the object, converts output and displays it as a result table.
It's also possible to specify a custom timeout before any WMI method call.
The driver also provides Execute WQL Query operation that allows to execute an arbitrary WQL query and returns its results
Device Events
WMI driver allows to monitor WMI events. Subscription for WMI events is performed by adding WQL Event Requests in device properties. Driver subscribes for and/or unsubscribes from event notifications when this table is changed.
Connection Handling
WMI driver makes the device Online if:
connection to a DCOM server on the specified computer using user name, domain and password provided is established
access to the specified WMI namespace is acquired using the DCOM connection.
Synchronization Details
WMI devices are synchronized with Iotellect Server like any other devices. Synchronization includes the following steps:
Reading assets definitions (if they were not read yet or were reset).
 | Each asset element relates to a WMI class of the same name. |
Device metadata acquisition:
For each enabled asset driver fetches definition of a corresponding WMI class including its properties and methods specifications.
For each query specified in the WQL Requests table driver creates a variable that will contain results.
Adds a WMI Events variable that controls all WMI event subscriptions specified in the WQL Event Requests table.
Reading/writing device settings:
Driver reads properties of all instances for classes defined by assets.
Writes changed properties of WMI objects back to managed device.
Executes all WQL requests putting fetched data in the query variables.
Manages WMI event subscription according to the WMI Event variable.
WMI Data Conversion
WMI objects are converted to Iotellect tables as follows:
A table comprises data of one or several (array of) WMI objects.
Each object is presented by a single data record.
The table contains the Object Path field that identifies object using its path in WMI namespace.
Other fields in the table reflect properties of the WMI object. The following table shows how WMI types are converted to Iotellect types and vice versa:
WMI Type | Iotellect Type |
Unsigned 8-bit integer | Integer |
Signed 8-bit integer | Integer |
Unsigned 16-bit integer | Integer |
Signed 16-bit integer | Integer |
Unsigned 32-bit integer | Integer |
Signed 32-bit integer | Integer |
Unsigned 64-bit integer | Long |
Signed 64-bit integer | Long |
UCS-2 string | String |
Boolean | Boolean |
IEEE 4-byte floating-point | Float |
IEEE 8-byte floating-point | Double |
Datetime | Date |
Reference | String |
16-bit UCS-2 character | String |
Object | Data Table |
Arrays | Data Table |
Class and property qualifiers (Key, Write, Abstract, etc.) are used to refine conversion.
Was this page helpful?