How to confirm WMI access through DCOM and WinRM

Last updated on: March 8th, 2021

Ways to access WMI

vScope accesses WMI on a target machine in two ways.

  • DCOM (the default way)
    • Executes queries remotely
    • High Round-trip time (RTT) between vScope and target machine times affects scan time negatively
  • WinRM (recommended)
    • Executes queries locally on target machine
    • High Round-trip time (RTT) between vScope and target machine does not affects scan time negatively

We always recommend using WinRM when possible since it will be multitudes faster than using DCOM.

Verify WMI access

To verify access to a remote machine you can use PowerShell:

  1. Open PowerShell on a machine that is not the same as the target machine
  2. In all PowerShell commands below, replace
    1. REMOTEMACHINE with the remote machine name.
    2. MYDOMAIN\MYUSER with the same username used in vScope to scan the remote machine.
  3. Running the command will open a dialog box where you enter the password.

WMI access through DCOM (default)

DCOM access

To test that you are able to connect to the remote machine with DCOM, execute the following command:

New-CimSession -ComputerName REMOTEMACHINE -SessionOption (New-CimSessionOption -Protocol Dcom) -Credential "MYDOMAIN\MYUSER"

WMI access through DCOM

If you have access to the remote machine with DCOM, execute the following command to verify access to WMI through DCOM:

Get-WmiObject -ComputerName REMOTEMACHINE -Credential "MYDOMAIN\MYUSER" -Query "SELECT * FROM Win32_ComputerSystem"

WinRM

WinRM access

To test that you are able to connect to the remote machine with WinRM, execute the following command:

Test-WSMan -ComputerName REMOTEMACHINE -Credential "MYDOMAIN\MYUSER" -Authentication default

WMI access through WinRM

If you have access to the remote machine with WinRM, execute the following command to verify access to WMI through WinRM:

Get-WSManInstance -ComputerName REMOTEMACHINE -Credential "MYDOMAIN\MYUSER" -Enumerate -ResourceURI wmicimv2/* -Filter "SELECT * FROM Win32_ComputerSystem"

 

Leave a Reply