Windows Management Instrumentation (WMI)

WMI also known as Windows Management API is a DCOM-RPC API designed to consolidate device and application management across corporate Microsoft networks.

Key features are:

• Status information for local/remote systems

• Configuring security settings on remote machines/applications

• Setting and changing user and group permissions

• Setting/modifying system properties

• Code execution

• Scheduling processes

• Setting up logging

Key components are:

Component Name	Description
WMI service	The Windows Management Instrumentation process, which runs automatically at boot and acts as an intermediary between WMI providers, the WMI repository, and managing applications.
Managed objects	Any logical or physical components that can be managed by WMI.
WMI providers	Objects that monitor events/data related to a specific object.
Classes	These are used by the WMI providers to pass data to the WMI service.
Methods	These are attached to classes and allow actions to be performed. For example, methods can be used to start/stop processes on remote machines.
WMI repository	A database that stores all static data related to WMI.
CIM Object Manager	The system that requests data from WMI providers and returns it to the application requesting it.
WMI API	Enables applications to access the WMI infrastructure.
WMI Consumer	Sends queries to objects via the CIM Object Manager.

WMI is manipulated via CLI using wmic on CMD.exe, cmdlets on Powershell and via the WMI Control snap-in within the Microsoft Management Console (MMC).