Versions Compared

Old Version 7

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version Current

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is the Windows short domain name. It is not the fully qualified domain. IE, mydomain, not mydomain.open-audit.com. It is often referred to as the NetBios Name.

The SHORTDOMAIN can be omitted and the query will validate the credentials against the local machine being queried.

...

Standard WMI queries are catered to. For more information, see the WMI reference at Microsoft - https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-reference

Other useful links

Connecting to WMI remotely - https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with-vista?redirectedfrom=MSDN

Target Client Configuration (from the Open-AudIT wiki)

Example

On the command line.

Code Block
marku@test:/usr/local/nmis8/bin$ ./wmic -U WINDEVDOMAIN/administrator%my_admin_password //10.152.0.40 "selectSelect * from Win32_OperatingSystem"
CLASS: Win32_OperatingSystem
BootDevice|BuildNumber|BuildType|Caption|CodeSet|CountryCode|CreationClassName|CSCreationClassName|CSDVersion|CSName|CurrentTimeZone|DataExecutionPrevention_32BitApplications|DataExecutionPrevention_Available|DataExecutionPrevention_Drivers|DataExecutionPrevention_SupportPolicy|Debug|Description|Distributed|EncryptionLevel|ForegroundApplicationBoost|FreePhysicalMemory|FreeSpaceInPagingFiles|FreeVirtualMemory|InstallDate|LargeSystemCache|LastBootUpTime|LocalDateTime|Locale|Manufacturer|MaxNumberOfProcesses|MaxProcessMemorySize|MUILanguages|Name|NumberOfLicensedUsers|NumberOfProcesses|NumberOfUsers|OperatingSystemSKU|Organization|OSArchitecture|OSLanguage|OSProductSuite|OSType|OtherTypeDescription|PAEEnabled|PlusProductID|PlusVersionNumber|PortableOperatingSystem|Primary|ProductType|RegisteredUser|SerialNumber|ServicePackMajorVersion|ServicePackMinorVersion|SizeStoredInPagingFiles|Status|SuiteMask|SystemDevice|SystemDirectory|SystemDrive|TotalSwapSpaceSize|TotalVirtualMemorySize|TotalVisibleMemorySize|Version|WindowsDirectory
\Device\HarddiskVolume2|14393|Multiprocessor Free|Microsoft Windows Server 2016 Datacenter|1252|1|Win32_OperatingSystem|Win32_ComputerSystem|(null)|WINNOW|0|True|True|True|3|False||False|256|2|2444088|943512|3478896|20201021053937.000000+000|0|20210531040349.499770+000|20210604010119.214000+000|0409|Microsoft Corporation|4294967295|137438953344|(en-US)|Microsoft Windows Server 2016 Datacenter|C:\Windows|\Device\Harddisk0\Partition3|0|57|8|8|(null)|64-bit|1033|400|18|(null)|False|(null)|(null)|False|True|3|(null)|00376-40000-00000-AA947|0|0|1048576|OK|400|\Device\HarddiskVolume3|C:\Windows\system32|C:|0|5241572|4192996|10.0.14393|C:\Windows

Using WMI with NMIS Attributes

The Windows user account being used must be a member of the Administrators group on the target device. By default, members of the active directory group "Domain Admins" are members of the clients Administrators group. Your specific Active Directory may have another Active Directory group you would prefer to use. As long as the user account is a member of the Administratos group on the target machine, it should work fine at least as far as access rights are concerned.

Use the IP address of the target in HostnameHost Name/IPAddress IP Address field.

Use shortdomain/username in the WMI Username field.

Use your password in the WMI Password field.

Other useful links

Connecting to WMI remotely - https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-remotely-starting-with-vista?redirectedfrom=MSDN

Target Client Configuration (from the Open-AudIT wiki)

Connecting to WMI on a Remote Computer - https://docs.microsoft.com/en-us/windows/win32/wmisdk/connecting-to-wmi-on-a-remote-computer