Windows Management Instrumentation (WMI) isan industry-standard technology for accessing management information in an enterprise environment.  It provides users with information about the status of local and remote Windows computer systems, providing discovery, profiling, and reporting with values retrieved from WMI-enabled devices.

Also, we recommend that your Active Directory credentials be read-only, unique, and non-expiring. 

The return values from WMI-enabled devices enhance the following aspects of Asset Manager:

1. Discovery
2. Profiling
3. Services - Identifies installed/running services such as Windows Defender, HBSS/McAfee Agent, and Tanium Agent
   
   • Install status
   • Enabled/disabled status
   • Last-scan time
   • Version

Device attributes discovered through WMI Discovery will augment that device's profile. Also, notifications pertaining to the profiling of WMI-responsive Windows devices are expected to be made available at about the same time.

About WMI

Some basics on WMI Discovery in Asset Manager Enterprise Edition:

1. WMI Discovery relies on port 135 to function; port 135 must be responsive in order to generate targets for WMI.  When your company's Active Directory administrator is asked to create a new user with WMI permissions (or give WMI permissions to an existing user), the admin will need to enable port 135 in the company's Active Directory Firewall Rules Group Policy. 
   
2. WMI access is credentialed with proper DCOM and UAC settings provided by your Windows Domain Controller administrator. This means that your system administrator will need to manually input or import WMI credentials to a collector's WMI configuration. It also means that every device in the WMI-configured zone will be tested using every credential. Asset Manager WMI Discovery tries credentials in the order they are provided and uses the first one that works.
3. The overhead on the Asset Manager system of testing many credentials against each device may be significant. WMI queries take ~ 800ms per WMI responsive device (per credential). Asset Manager runs 10 threads at a time so, in aggregate, the Asset Manager system can handle approximately 10 WMI responders per second.
4. Your company's users with domain admin level authorization will have WMI-access to all devices on the domain by default.
5. It is recommended the user "Asset Manager" be made a domain admin, unique to Asset Manager, and non-expiring in order to configure WMI security settings globally, domain-wide.
6. Windows Domain Admin level access is recommended because each Windows machine has its own setting and there is no standard Windows AD group policy setting one can apply to allow WMI access for non domain admin users.
7. If adding Windows Domain Admin Users to Asset Manager is not permitted, then you can resort to a power shell script to create a non-admin, read only user.  Here are some online documents (see related links) that lists the steps you can take to create a script that contains the appropriate security descriptors.  The documents also explain how to subsequently place the script into a Windows AD GPO as a startup script and have your computers get the updated security settings at boot time.
8. The Asset Manager system prioritizes the testing of WMI credentials in the top-down order in which they are listed. Asset Manager encrypts the WMI credentials before storing them in its database. Cloud and SNMP credentials are encrypted in the same way. 

Considerations

In configuring WMI Discovery, the following are recommendations and things to keep in mind:

1. We recommend that you create one collector for each set of WMI credentials and set the CIDR range in Discovery Spaces to contain only devices that will respond successfully to those credentials: This will minimize the amount of time it will take to scan the networkThis will minimize the chance the WMI credential can be locked out (TIP: Increase the account lockout threshold) This will enable you to optimize the rescan interval for WMI.
2. We recommend that you setup a specific Active Directory account for use with Asset Manager and WMI Discovery. This will enable you to tailor the permissions and settings of the account to minimize access and make it read-only.
3. Expiration of Windows credential—Be aware that if the Windows credentials expire, the Asset Manager system won't be able to retrieve data.
4. WMI attributes expire after 14 days; all other device attributes expire after 2 days.

WMI Dashboards

On the Asset Manager main menu, in Dashboards, the are two WMI dashboards available: WMI Summary and WMI Troubleshooting

Following is a summary of the widgets on these dashboards:

Browse to Dashboards > WMI and select an option:

See What Services are Running

You can input the IP address of any WMI-responsive device in a selected zone (or click a link in a WMI dashboard widget) to display a comprehensive list of all services running on the box (e.g., Windows Defender and Tanium status information.)

1. On the Asset Manager GUI, browse to Search > Device Details.

2. Input an IP address and zone name.

3. Click Search and the WMI Services tab.

   All services running on the box display.  You can see the total number of records that were returned below the table.

Search the Services

You can use the control at the bottom of the results table to page through the results or use the Search bar to filter out all the records that don't match your criteria

A description of each of the table columns follows:

• Name:Unique identifier of the service that provides an indication of the functionality that is managed.
• Started:Indicates whether or not the service is started.
• State:Current state of the base service.

The values are:
* Stopped
* Start Pending
* Stop Pending
* Running 
* Continue Pending 
* Pause Pending 
* Paused
* Unknown

• Status:Current status of the object. Various operational and non-operational statuses can be defined. Operational statuses include: "OK", "Degraded", and "Pred Fail" (an element, such as a SMART-enabled hard disk drive, may be functioning properly but predicting a failure in the near future). Non-operational statuses include: "Error", "Starting", "Stopping", and "Service". The latter, "Service," could apply during mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. 

The values are:
* OK
* Error 
* Degraded 
* Unknown
* Pred Fail 
* Starting 
* Stopping
* Service 
* Stressed 
* NonRecover 
* No Contact 
* Lost Comm 

See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-service  for information from Microsoft on their Win32_Service class.

Accurately Identify All Windows Devices

Use the Attributes tab to check security compliance. You could check, for example, to ensure that  all Windows systems are Windows 10 or later.

Run WMI Discovery

This new discovery type in Settings > Zones uses credentials you supply and input manually or import. You can supply WMI credentials

WMI Queries

A description of each WMI query is available in the lower right-hand corner of the Properties panel, under Comment.

WMI Map Highlighting

Asset Manager is able to highlight WMI_OS, WMI_OS_Version, and WMI_OS_ServicePack on its maps. The capability to highlight on a Asset Manager zone map all nodes that have specific services (e.g., Windows Defender, McAfee, Tanium) installed and/or running is planned for development.