WIM- It is implemented as a service process within a shared service host. (svchost)
The name of WMI server is Winmgmt.
WMI Server (WinMgmt) starts when the first management application or script makes a call to connect WMI namespace.
Depending on the setup WMI service may shutdown or go into low memory profile when not being called by a management application.
Svchost.ece (Service host): is implemented as a service process within a shared servive host which can contain the WMI service (winmgmt).
The default startup type of WMI service is automatic.
WMIPRVSE.EXE - This is the provider host for WMI
WMI Repository | CIM Repository
CIM repository is a language independent database of the namesapce, classes, Objects and instances within an enterprise environment which are stored in a static form.
COM | Component Object Model: Com is a language independent, distributed, object-oriented system that creates a binary software component which can interact.
DCOM | Distributed component object model: Dcom is an extension of COM, which helps locate or interact with components or objects located on a different system, remote computer or even on the internet.
WMI Providers: WMI providers acts as intermediators between WMI objects and WMI service. WMI provider hosts a separate container for each query or instance. (WMIPRSE.EXE)
WMI MANAGED OBJECTS: WMI objects are instances of WMI classes. Each WMI Object represents a specific managed resource, such as a hard disk driver, a printer a piece of software, a service or a system process.
DEFAULT NAMESPACE:
Root\ Default
Root\ CMIV2
What is CIM?
CIM (Common information model) is an extensible, object oriented data model which contains information about different parts of an enterprise.
It is a cross-platform standard maintained/managed by DMTF.
Through WMI, developers can use the CIM to create classes that represents various entities such as hard disk drives, SSD, applications, network routers etc.
Windows Remote Management (WinRM) is the Windows implementation of WS-Management, an industry-standard Web services-based protocol. WinRM provides a secure, efficient way for management applications and scripts to communicate with local and remote computers. The Windows service that WinRM installs and uses is also named WinRM.
The following is a list of components and features that are supplied by WinRM and hardware monitoring:
WinRM Scripting API: This scripting API enables you to obtain data from remote computers using scripts that perform WS-Management protocol operations. Windows Remote Management scripting objects are implemented as a layer above the WS-Management Protocol. The scripting objects enable you to obtain data or manage resources on local and remote computers.
Winrm.cmd: This command–line tool for system management is implemented in a Visual Basic Scripting Edition file (Winrm.vbs) written using the WinRM scripting API. This tool enables an administrator to configure WinRM and to get data or manage resources.
Winrs.exe: This command line tool enables administrators to remotely execute most Cmd.exe commands using the WS-Management protocol.
WinRM Listener
A management service that implements WS-Management protocol to send and receive messages. WinRM is a listener service. A listener is defined by a transport (HTTP or HTTPS) and an IPv4 or IPv6 address. You can create more than one WinRM listener instance on a single computer by giving them a different TCP/IP address or port number.
Command lines tools used to WinRM.
WinRM qucikconfig => Used to configure WinRM with default settings. QuickConfig = qc
WinRM enumerate Winrm/Config/listener => this command is used to locate or enumerate listener and the address. Enumerate=e.
WinRM get Winrm/config => used to check the status of Winrm existing configuration settings.
Winrm set Winrm/config/client/auth @{digest="flase"}
Winrm set winrm/config/service/auth @{
This is used to change or set the authentication type.
Question: What is BMC?
Base board management controller. BMC is a specialized micro-controller embedded in a computer's motherboard which acts as the brain of the system monitoring, remote management and other auxiliary functions making it an integral component for server management.
Component that depends on WinRM
Event forwarding, Winrs and PowerShell remoting.
Event forwarding
EventLog forwarding is a feature that was introduced in Windows Server 2008.
The purpose of this feature was to create forward all the logs of a number of machines in a single collector in order to have all the events in a single place
Event Collector service
The Event Collector service uses the WS-Management protocol to collect events from remote computers. With the Event Collector service, you can create subscriptions to Windows events on remote computers and hardware events generated by baseboard management controllers (BMCs). BMCs must support the WS-Management protocol.
Subscription
A subscription can be configured in two ways:
Collector initiated
Source initiated
Collector Initiated
With a Collector Initiated subscription the collector will have to establish outbound WinRM connection and Pull events from the clients.
It has the following requirements:
The WinRM service has to be enabled on the client.
This service is enabled by the default on the server operating systems but it is disabled by default on client operating systemsThe client has to be reachable over the network and a firewall rule needs to be configured to accept the incoming traffic
The collector will have to contact each clients to pull the events, for this reason this solution is not really scalable and it is not the preferred option
Source Initiated
With a Source Initiated subscription the collector will wait for incoming connection coming from the clients.
It has the following requirements:
The collector has to be reachable by the clients
A policy has to be deployed to the clients to point them to the collector
Wecutil.exe is a Windows Event Collector utility that enables an administrator to create and manage subscriptions to events forwarded from remote event sources that support the WS-Management protocol. Commands, options, and option values are case-insensitive for this utility.
Enables you to create and manage subscriptions to events that are forwarded from remote computers. The remote computer must support the WS-Management protocol.
The Task Scheduler service allows you to perform automated tasks on a chosen computer. With this service, you can schedule any batch file, program, or document to run at a time that is convenient for you or when a specific event occurs.
Task Scheduler monitors the time or event criteria you choose and then executes the task when those criteria are met.
Task Scheduler is automatically installed on Windows operating systems, and is started each time the operating system is started. It can be run through the Task Scheduler graphical user interface (GUI) or by using the command line.
By default, you must be a member of the Administrators, Backup Operators, or Server Operators group on the local computer, to view, add, edit, or delete scheduled tasks, or to disable, pause, or restart the Task Scheduler service.
With Task Scheduler, you can:
Schedule a task to run daily, weekly, monthly, or at certain times (such as system startup).
Change the schedule for a task.
Stop a scheduled task.
Customize how a task runs at a scheduled time.
MSI
The Microsoft Installer (MSI) is a software installation and configuration tool developed by Microsoft Corporation. It is used to package, distribute, and deploy software on Windows operating systems. MSI packages are built using the Windows Installer technology, which provides a consistent and reliable method for installing, configuring, and maintaining software on Windows systems.
Features of MSI
Transactional installation: MSI packages support a transactional installation process, which ensures that the installation completes successfully or rolls back to the original state if an error occurs.
Customizable installation: MSI packages can be customized to suit the specific needs of an organization or end-user. This includes options for silent installations, custom dialogs, and custom actions.
Self-healing: MSI packages can detect and repair missing or corrupted files and registry keys, ensuring that the software is always in a consistent state.
Patch management: MSI packages support patch management, allowing software to be easily updated without requiring a complete new installation.
Application management: MSI packages can be used to manage software on a Windows system, including installing, configuring, and removing software.
What is MSIX?
=============
MSIX is a Windows app package format that provides a modern packaging experience to all Windows apps. The MSIX package format preserves the functionality of existing app packages and/or install files in addition to enabling new, modern packaging and deployment features to Win32, WPF, and Windows Forms apps. MSIX enables enterprises to stay current and ensure their applications are always up to date. It allows IT Pros and developers to deliver a user centric solution while still reducing the cost of ownership of application by reducing the need to repackage.
Key features
Reliability. MSIX provides a reliable install boasting a 99.96% success rate over millions of installs with a guaranteed uninstall.
Network bandwidth optimization. MSIX decreases the impact to network bandwidth through downloading only the 64k block. This is done by leveraging the AppxBlockMap.xml file contained in the MSIX app package (see below for more details). MSIX is designed for modern systems and the cloud.
Disk space optimizations. With MSIX there is no duplication of files across apps and Windows manages the shared files across apps. The apps are still independent of each other so updates will not impact other apps that share the file. A clean uninstall is guaranteed even if the platform manages shared files across apps.