Skip to main content

Configure WMI

🖥️ WMI Prerequisites

🎯 Purpose

Ensure information collection from Windows machines via WMI (Windows Management Instrumentation), a key component for remote administration.

Simplify setup

Save time by using our automatic installation script with a single command.

Download the script here

How to use:

  1. Download the installation script.

  2. Edit the environment variables in the file to match your network.

  3. Make the script executable depending on your system:

    • Linux

      chmod +x watchman-wmi-configuration.sh

    • Windows

      Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

  4. Run the script on each target machine in your network.

  5. Done! 🎉

🪟 Configuration Steps

1. ✅ Enable the WMI service

  • Open services.msc
  • Find Windows Management Instrumentation
  • Make sure the service is running
  • If not, right-click > Start

2. 🔥 Configure Windows Firewall

WMI uses multiple dynamic ports. To ensure it works properly:

Option 1: Enable predefined rules
  • Open Windows Defender Firewall with Advanced Security
  • Go to Inbound Rules
  • Enable the following rules if disabled:
    • Windows Management Instrumentation (WMI-In)
    • Remote Administration (RPC)
    • DCOM-In
Option 2: Manually add required ports

📌 By default, WMI uses TCP port 135 for DCOM, plus a dynamic range of RPC ports.

For more control, restrict WMI to a specific port:

New-Item -Path "HKLM:\Software\Microsoft\Rpc\Internet" -Force
New-ItemProperty -Path "HKLM:\Software\Microsoft\Rpc\Internet" -Name "Ports" -PropertyType MultiString -Value "5985"
New-ItemProperty -Path "HKLM:\Software\Microsoft\Rpc\Internet" -Name "PortsInternetAvailable" -Value "Y" -PropertyType String
New-ItemProperty -Path "HKLM:\Software\Microsoft\Rpc\Internet" -Name "UseInternetPorts" -Value 1 -PropertyType DWord

Then create a firewall rule allowing inbound TCP traffic on the chosen port (e.g., 5985).

3. 🔐 Required access rights

The account used for WMI access must:

  • Be a local administrator on the remote machine, or
  • Have the necessary permissions to query WMI objects.
Best practices:
  • Create a dedicated account for WMI collection with restricted rights if needed
  • Test WMI access with:
Get-WmiObject -Class Win32_OperatingSystem -ComputerName <MACHINE_NAME> -Credential (Get-Credential)

⚠️ If you encounter issues, verify that the DCOM service is enabled and that the machine is reachable on the network.