How to enable WMI monitoring on a single Windows device

If you have a domain controller and would rather not enable WMI device by device, please see How to enable WinRM with domain controller Group Policy.

Auvik uses the Windows Remote Management (WinRM) protocol to access Windows Management Instrumentation (WMI) data. This article walks you through how to enable and configure WinRM so you can use Auvik to remotely manage a single Windows device.

As you work through the steps, you may find your Windows servers are pre-configured with some of the required settings. But it’s a good idea to work through each step anyway to confirm all your settings are correct.

Prerequisites:

• You are logged in as an Administrator on the Windows machine.
• The device is part of a workgroup or domain with network access from the monitoring system.
• You know the IP or hostname of the monitoring server.
• The Network Profile on the machine MUST be set to private.To do this:
  • Open Settings > Network & Internet > [Network Type, e.g., Ethernet or Wi-Fi].
  • Click on the network you're connected to.
  • Under Network Profile, select Private.

Enable the WMI Service

1. Press Win + R, type services.msc, and press Enter.
2. Scroll down and find Windows Management Instrumentation.
3. Right-click it, then click Properties.
4. Set the Startup type to Automatic.
5. Click Start if the service isn’t running.
6. Click OK to apply.

Configure Windows Firewall to Allow WMI

1. Open Control Panel > System and Security > Windows Defender Firewall.
2. On the left, click Allow an app or feature through Windows Defender Firewall.
3. Click Change settings, then Allow another app....
4. Add Windows Management Instrumentation (WMI) if it's not listed.
5. Make sure it's allowed for Domain or Private.
6. Go to Advanced Settings (left sidebar).
7. In Inbound Rules, enable (if it is not):
   • Windows Management Instrumentation (Async-In)
   • Windows Management Instrumentation (Dcom-In)
   • Windows Management Instrumentation (WMI-In)
     • In each of these, click Scope
     • Under Local IP Address, click Add
     • Add either the IP address of your collector or the subnet of your collector

Create or Modify a User for WMI Access

1. Open Control Panel > Administrative Tools > Computer Management.
2. Go to Local Users and Groups > Users.
3. Right-click the user you’ll use for monitoring, click Properties.
4. Go to the Member Of tab:
   • Click Add.
   • Type Administrators (or a custom group that has WMI rights).
   • Click OK.

Grant WMI Permissions to the User

1. Open Start > Run, type wmimgmt.msc, press Enter.
2. In WMI Control, right-click WMI Control (Local) > Properties.
3. Go to the Security tab.             
4. Expand Root, select CIMV2.                  
5. Click Security.
6. Click Add, enter the monitoring user, and click OK.
7. Grant the user:
   • Enable Account
   • Remote Enable
   • (Optionally, Execute Methods and Read Security)

Click OK and apply changes.

Test WMI Access from the Monitoring System

From Auvik, configure it to use:

• The IP or hostname of the device
• The username/password of the user you just configured

If the device is reachable and configured properly, it should respond to WMI queries.

Notes

• WMI monitoring relies on ports 135 (RPC) and dynamically assigned ports (by DCOM). Ensure these are not blocked.
• For environments with many devices, use Group Policy for bulk configuration.