Leveraging WMI (Part 3)

by May 6, 2022

The new Get-CimInstance cmdlet lets you query WMI locally, and there is (limited) support for remote queries: you can specify the -ComputerName parameter, but you cannot use alternative credentials.

That’s because Get-CimInstance uses separate network sessions for remote access which provide you with many more options. For example, once you establish a network session, you can use it for multiple queries. Here is how to remotely query WMI information – start with establishing your network session:

# establish network session $credential = Get-Credential -Message 'Your logon details' $computername = '127.0.0.1' # one or more comma-separated IP addresses or computer names  # note that IP addresses only work with NTFS authentication.  # using computer names in AD is more secure (Kerberos)  $options = New-CimSessionOption -Protocol Wsman -UICulture en-us # optional $session = New-CimSession -SessionOption $option -Credential $credential -ComputerName $computername # output live session $session 

The result is one or more sessions, one per specified computer:

 Id : 1 Name : CimSession1 InstanceId : e7790bc5-6b0d-4920-a6b9-d7b9676aae74 ComputerName : 127.0.0.1 Protocol : WSMAN 

When you use IP addresses or computers outside your Active Directory, make sure you have enabled NTFS authentication on the client computer (not the server). The following line activates NTFS authentication and requires local admin privileges:

 PS> Set-Item -Path WSMan:localhostClientTrustedHosts -Value * -Force 

Once you have setup your network session, you can use it for multiple WMI queries:

Get-CimInstance -ClassName Win32_BIOS -CimSession $session Get-CimInstance -ClassName Win32_StartupCommand -CimSession $session 

When you are done, never forget to close the network session so it won’t hang around on the server for an extended period of time:

Remove-CimSession -CimSession $session 


Twitter This Tip! ReTweet this Tip!