In order for us to assess your machines correctly we need WMI to be working and accessible across the network
We use WMI (Windows Management Interface) to collect information from your Microsoft Windows Machines during our scanning, this allows us to identify issues, vulnerabilities and other configuration information about the devices we are scanning and thus we are able to report back to you whether there are any items that need remediation; it is therefore essential that WMI is working on your Windows machines and our scanning account (ScanAdmin) has access to the WMI of those machines remotely (as in across the network).
We therefore need you to check and confirm that WMI is accessible on your machines prior to our assessment taking place – this is easy to achieve using the WBEMTEST application, locally on the machine (confirm WMI is working locally) and across the network (one machine to the other to confirm remote access).
Generally WMI works fine and doesn’t have any issues, however, occasionally you will need to remediate issues with WMI and we have provided some basic information on our website, available here.
Our assessors will provide some assistance if required, however, we are unable to make wholesale changes to your infrastructure and as we do not know all the policies and configurations you have in place it is very difficult for us to provide specific advice and troubleshooting for WMI issues.
WBEMTEST
Search for WBEMTEST and run as an Administrator
Click on the CONNECT button
In the NAMESPACE box type in \\ and then then IP address of a remote machine followed by another \ and root\cimv2 as already displayed
\\192.168.0.10\root\cimv2
In our example, above, we have used 172.10.182.20 as the IP address of a remote host and then followed that with the remaining path to the root\cimv2 WMI namespace.
Next enter some credentials, ideally those provided to Cyber Tec Security, to test a connection on WMI to the root\cimv2 namespace.
You can then click on the CONNECT button, which, if all is correct, will connect you to WMI on the remote machine. It doesn't display any success message, but likewise, it will not display an error, if you connect successfully, it will appear as below.
If you received an "Access is denied" message, most likely the username or password is incorrect, the account is locked out or disabled.
Other errors, will typically be Firewall Rules (blocking WMI access) or WMI Services not running or worst case, WMI access not available to the user who is attempting to authenticate.
KEY FIXES
- Re-Run our setup scripts which correct these sorts of issues
- Check Firewall (our scripts will not sort firewall rules for anything other than Microsoft Windows Defender) to ensure WMI is allowed (remember our firewall rules are to and from our data centre, if you are connecting from elsewhere, this may be a local rule issue)
- Check that the test account is a local administrator, DCOM user and Remote Management user of the machine you are testing to.
- Worst case, you may have to look at our manual WMI setup requirements which are detailed in our manual setup article here