Difference between revisions of "WMI client (WMIC) for Linux"

Latest revision as of 11:47, 1 February 2016

Windows Management Instrumentation (WMI)[edit]

WMI Allows you to remotely execute commands and query parameters on a Windows Host

Linux[edit]

In order to be able to communicate with WMI from Linux you need to install this functionability.
For Ubuntu 14.04:
Download this libraries and install them:

 dpkg -i libwmiclient1_1.3.14-3_amd64.deb
 dpkg -i wmi-client_1.3.14-3_amd64.deb

Required: python-support

sudo apt-get install python-support

Examples[edit]

get the size of the WorkingSet of the process “java.exe” running on the remote host 192.168.20.20[edit]

wmic -U Administrator%mysecret //192.168.20.20 "Select WorkingSetSize from Win32_Process Where CommandLine like '%java.exe%'"

Get process ID for process[edit]

wmic -U Administrator%mysecret //10.140.10.10 "Select ProcessId from Win32_Process Where CommandLine like '%java.exe%'"

Get WorkingSetSize for process[edit]

wmic -U Administrator%mysecret //10.140.10.10 "Select WorkingSetSize from Win32_Process Where CommandLine like '%java.exe%'"

Get thread count for process[edit]

wmic -U Administrator%mysecret //10.140.10.10 "Select ThreadCount from Win32_Process Where CommandLine like '%java.exe%'"

Get private bytes for process[edit]

wmic -U Administrator%mysecret //10.140.10.10 "Select PrivateBytes from Win32_PerfFormattedData_PerfProc_Process Where IDProcess='%java.exe%'"

Get free physical memory for host[edit]

wmic -U Administrator%mysecret //10.140.10.10 "Select FreePhysicalMemory from Win32_OperatingSystem"

Windows host config[edit]

Step 1: DCOM permission[edit]

Open Dcomcnfg
Expand Component Service -> Computers -> My computer
Go to the properties of My Computer
Select the COM Security Tab
Click on "Edit Limits" under Access Permissions, and ensure "Everyone" user group has "Local Access" and "Remote Access" permission.
Click on the "Edit Limit" for the launch and activation permissions, and ensure "Everyone" user group has "Local Activation" and "Local Launch" permission.
Highlight "DCOM Config" node, and right click "Windows Management and Instruments", and click Properties.
<Please add the steps to check Launch and Activation Permissions, Access Permissions, Configuration Permissions based on the default of Windows Server 2008>

Step 2: Permission for the user to the WMI namespace[edit]

Open WMImgmt.msc
Go to the Properties of WMI Control
Go to the Security Tab
Select "Root" and open "Security"
Ensure "Authenticated Users" has "Execute Methods", "Provider Right" and "Enable Account" right; ensure Administrators has all permission

Step 3: Verify WMI Impersonation Rights[edit]

Click Start, click Run, type gpedit.msc, and then click OK.
Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
Expand Security Settings, expand Local Policies, and then click User Rights Assignment.
Verify that the SERVICE account is specifically granted Impersonate a client after authentication rights.

The windows machine you are connecting to must have LAN Manager Authentication level set to:
Send LM & NTLM - use NTLMv2 session security if negotiated

Start --> run --> gpedit.msc
Navigate to: Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options
In the right panel look for “Network Security : LAN Manager authentication level"

Remote admin must be enabled: from cmd type:

netsh firewall set service type = remoteadmin mode = enable

@@ Line 24: / Line 24: @@
 === Get free physical memory for host ===
   wmic -U Administrator%mysecret //10.140.10.10 "Select FreePhysicalMemory from Win32_OperatingSystem"
+== Windows host config ==
+=== Step 1: DCOM permission ===
+# Open Dcomcnfg
+# Expand Component Service -> Computers -> My computer
+# Go to the properties of My Computer
+# Select the COM Security Tab
+# Click on "Edit Limits" under Access Permissions, and ensure "Everyone" user group has "Local Access" and "Remote Access" permission.
+# Click on the "Edit Limit" for the launch and activation permissions, and ensure "Everyone" user group has "Local Activation" and "Local Launch" permission.
+# Highlight "DCOM Config" node, and right click "Windows Management and Instruments", and click Properties.
+# <Please add the steps to check Launch and Activation Permissions, Access Permissions, Configuration Permissions based on the default of Windows Server 2008>
+=== Step 2: Permission for the user to the WMI namespace ===
+# Open WMImgmt.msc
+# Go to the Properties of WMI Control
+# Go to the Security Tab
+# Select "Root" and open "Security"
+# Ensure "Authenticated Users" has "Execute Methods", "Provider Right" and "Enable Account" right; ensure Administrators has all permission
+=== Step 3: Verify WMI Impersonation Rights ===
+# Click Start, click Run, type gpedit.msc, and then click OK.
+# Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
+# Expand Security Settings, expand Local Policies, and then click User Rights Assignment.
+# Verify that the SERVICE account is specifically granted Impersonate a client after authentication rights.
+The windows machine you are connecting to must have LAN Manager Authentication level set to: <br />
+Send LM & NTLM - use NTLMv2 session security if negotiated<br />
+# Start --> run --> gpedit.msc
+# Navigate to: Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options
+# In the right panel look for “Network Security : LAN Manager authentication level"
+Remote admin must be enabled:
+from cmd type:
+ netsh firewall set service type = remoteadmin mode = enable