Enabling WMI Monitoring on a Windows Device

This guide explains how to enable and configure Windows Management Instrumentation (WMI) on a single Windows device so a remote monitoring system can collect data from it.

Before You Begin

  • You are logged in as an Administrator on the Windows machine.
  • The device is part of a workgroup or domain with network access from the monitoring system.
  • You know the IP address or hostname of the monitoring server.
  • The Windows Network Profile on the machine is set to Private.

To set the network profile to Private:

  1. Open Settings > Network & Internet.
  2. Select the current network type (for example, Ethernet or Wi-Fi).
  3. Click the network you are connected to.
  4. Under Network Profile, select Private.

Startup the WMI Service

  1. Press Win + R, type services.msc, and press Enter.
  2. Scroll down and locate Windows Management Instrumentation.
  3. Right-click it and select Properties.
  4. Set Startup type to Automatic.
  5. If the service is not running, click Start.
  6. Click OK to apply the changes.

Allowing WMI Traffic Through Windows Firewall

  1. Open Control Panel > System and Security > Windows Defender Firewall.
  2. Click Allow an app or feature through Windows Defender Firewall on the left.
  3. Click Change settings, then click Allow another app....
  4. If needed, add Windows Management Instrumentation and make sure it is allowed.
  5. Ensure WMI is allowed on Domain and/or Private networks.
  6. Click Advanced settings on the left.
  7. In Inbound Rules, enable the following rules if they exist but are disabled:
  • Windows Management Instrumentation (Async-In)
  • Windows Management Instrumentation (DCOM-In)
  • Windows Management Instrumentation (WMI-In)

For each of these inbound rules:

  1. Open the rule’s properties.
  2. Go to the Scope tab.
  3. Under Local IP address, click Add.
  4. Add the IP address of your monitoring server or the subnet used by your monitoring system.

Ensure that any additional firewalls or network layers allow RPC port 135 and the dynamically assigned DCOM ports used by WMI.

Setting Up a User Account for WMI Connectivity

  1. Open Control Panel > Administrative Tools > Computer Management.
  2. Expand Local Users and Groups, then click Users.
  3. Right-click the user account that will be used for monitoring and select Properties (or create a new user).
  4. Go to the Member Of tab.
  5. Click Add.
  6. Enter Administrators or another group with WMI rights and click OK.

Assigning WMI Rights to the Selected User

  1. Press Win + R, type wmimgmt.msc, and press Enter.
  2. Right-click WMI Control (Local) and select Properties.
  3. Go to the Security tab.
  4. Expand Root, then select CIMV2.
  5. Click Security.
  6. Click Add, enter the monitoring user account, and click OK.
  7. Grant the following permissions:
  • Enable Account
  • Remote Enable

Optional permissions:

  • Execute Methods
  • Read Security

Connecting the Device to Your Monitoring Tool

In your monitoring platform, configure WMI access to the device with:

  • The device’s IP address.
  • The monitoring user’s username and password.

Once applied, the monitoring system should be able to perform WMI queries remotely.

FAQ

Does Radar use the device IP or hostname for WMI/CIM?

Answer: Radar uses the IP address of the device for all WMI/CIM communication, not the hostname.

How do I add a device IP to TrustedHosts on the collector?

Answer: Run the following PowerShell command on the collector device, replacing ip_address with the device’s actual IP:

Set-Item WSMan:\localhost\Client\TrustedHosts -Concatenate -Value "ip_address"
WMI is still failing. What should I check?

Answer: Confirm the following:
- The WMI service is running.
- Firewall rules allow RPC port 135 and DCOM dynamic ports.
- The monitoring user credentials are correct.
- The device is set to a Private network profile.
- The device IP has been added to TrustedHosts if required.

Was this article helpful?
0 out of 0 found this helpful