Collecting Windows System Information using WMI

Policy Server communicates with the Agent which uses Windows Management Instrumentation (WMI) to obtain Windows system information on end users Windows devices.

System information for domain joined machines can also be collected through agentless WMI query. See: WMI Node Info Scan

  1. Go to Policy in the top panel.
  2. Go to Policy > Node Policy > Agent Action in the left Policy panel.
  3. Click Tasks > Create to create new Agent Action.
  4. For Name, type unique name. (e.g. WMI Identify Internal Battery)

Under General section:

  1. For CWP Message, add message to be displayed in accordance with the Policy.
  2. For Label, add labels to help categorize your plugins with custom labels that appear in the "Description" field.

Under Agent Actions section:

  1. For Boolean Operator, choose AND or OR to add optional conditions.
  2. For Settings, click Add and select your optional conditions. Criteria/Operator/Value
  3. For Plugin, select Collect System Information Using WMI from drop-down.
  4. For Settings: Namespace, select appropriate Namespace from drop-down or define Namespace in: User Defined Namespace (e.g. rootCIMV2)
  5. For Settings: WMI Query, type in optional queries separated by semicolon. (e.g. SELECT Caption FROM Win32_Battery)
  6. For Execution Interval, adjust Periodic Interval. (seconds - months)
  7. Click Update.
  8. Go to Node Policy in the left Policy panel.
  9. Click the Default Policy in Node Policy window.
  10. Find Agent Action section, click Assign.
  11. Find and double click newly created Agent Action. (e.g. WMI Identify Internal Battery)
  12. Click Add.
  13. Click Update.

See WMI Results

You can wait for the Policy to run on the defined schedule or you can Run Actions Now to see results immediately.

  1. Click Policy in the top panel.
  2. Go to Node Policy in the left Policy panel.
  3. Click Checkbox of Default Policy.
  4. Click Tasks > Run Actions Now. (Wait a few minutes for this Action to run)
  5. Go to Management > Node, find and click on IP of Windows Node with Agent Installed.
  6. Find and click System tab.
  7. Find WMI Status section to view WMI results.

Creating Node Group for WMI Results

Create a Node Group based off of the WMI results from the Agent Action created from above. This Node Group then allows you to identify and enforce policies depending on your network requirements.

  1. Click Policy in the top panel.
  2. Go to Group > Node in the left Policy panel.
  3. Click Tasks > Create

Under General section:

  1. For Category, Choose default or Create New. (This allows you to categorize your Node Groups)
  2. For ID, type unique name. (e.g. WMI Internal Battery Group)
  3. For Description: (Brief description of what this Node Group is for)
  4. For Status:, select Enabled.

Under Condition section:

  1. For Boolean, select "AND" or “OR”. (”AND” all conditions have to apply. “OR” any of the conditions have to apply)
  2. For Settings, click Add. (These are the various conditions to be applied for proper grouping)
  3. For Options, select WMI.
  4. For Operator, select appropriate option from drop-down. (e.g. class/property value are equal to)
  5. For Value, type appropriate class/property value. (e.g. Win32_Battery/Caption, Internal Battery)
  6. Click Add.
  7. Click Save.

WMI Query Examples:

WMI Name Namespace WMI Query
Battery Info rootCIMV2 SELECT Caption FROM Win32_Battery
HDD Vendor rootCIMV2 SELECT Caption FROM Win32_DiskDrive
HDD Size rootCIMV2 SELECT Size FROM Win32_DiskDrive
HDD Model rootCIMV2 SELECT Model FROM Win32_DiskDrive
HDD Serial rootCIMV2 SELECT SerialNumber FROM Win32_DiskDrive
Volume Serial rootCIMV2 SELECT VolumeSerialNumber FROM Win32_LogicalDisk
Graphics Card Info rootCIMV2 SELECT Caption, DriverVersion FROM win32_VideoController
Graphics Card Resolution rootCIMV2 SELECT CurrentHorizontalResolution, CurrentVerticalResolution FROM Win32_VideoController
HP Driver Version rootCIMV2 SELECT * FROM Win32_PnPSignedDriver WHERE Devicename LIKE 'HP%'
NDIS Driver Version rootCIMV2 SELECT * FROM Win32_PnPSignedDriver WHERE Devicename LIKE 'NDIS%'
Printer Info rootCIMV2 SELECT Drivername FROM Win32_Printer
DHCP service rootCIMV2 SELECT Description, DHCPEnabled, IPEnabled FROM Win32_NetworkAdapterConfiguration
NIC Traffic Info rootCIMV2 SELECT BytesSentPersec,BytesReceivedPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface

WMI Node Group Examples: (Sample of the use of Operator: Equal to or Not Equal to, and Greater than or Less than)

Node Group Options Operator Value
WMI Internal Battery WMI class/property, value are equal to Win32_Battery/Caption, Internal Battery
WMI HDD Size WMI class/property, value are less then Win32_DiskDrive/Size, 536870912000