💡
PowerShell gives two related administration interfaces for accessing knowledge on a pc: WMI and CIM.
Sysadmins have been utilizing WMI for years, after which Microsoft gave us knowledge entry by way of CIM with the rollout of PowerShell v3.0. What is the distinction between these administration interfaces? Which one must you use, and why?
Desk of Contents
A historical past lesson on WMI and CIM
Home windows Administration Interface (WMI) is a widely known administration interface that may entry knowledge about a pc. A lesser-known truth is that WMI is predicated on the “Widespread Data Mannequin” customary of the right way to show managed knowledge in an easy-to-read format. Should you’re paying shut consideration, you may see that the abbreviation for Widespread Data Mannequin is CIM.
Wait. What? Aren’t CIM and WMI completely different?
Really, they’ve extra in frequent than not. Let’s dive in and take a better look.
The “Widespread Data Mannequin” (CIM) is an open-source customary for accessing and displaying details about a pc. It is an business customary that is been round for a few years, however it has no technique included to entry knowledge on a distant laptop. WMI is Microsoft’s model of CIM. Microsoft added DCOM and RPC to the CIM administration framework, together with different small adjustments, and known as it the Home windows Administration Interface. WMI was Microsoft’s answer for the right way to use CIM on distant computer systems over a community. The primary knock towards WMI is that it is not very firewall-friendly. It is advisable to poke a bunch of massive holes in a firewall to make it work.
WMI and CIM Community Necessities
It is simple to see that WMI and CIM entry the identical set of knowledge. Right here I’m querying the Win32_operatingsystem knowledge retailer with every cmdlet and you will discover the output is equivalent:
PS C:> Get-WmiObject win32_operatingsystem | Format-Checklist
SystemDirectory : C:WINDOWSsystem32
Group :
BuildNumber : 17763
RegisteredUser : Home windows Consumer
SerialNumber : 00331-60000-00000-AA085
Model : 10.0.17763
PS C:> Get-CimInstance Win32_OperatingSystem | Format-Checklist
SystemDirectory : C:WINDOWSsystem32
Group :
BuildNumber : 17763
RegisteredUser : Home windows Consumer
SerialNumber : 00331-60000-00000-AA085
Model : 10.0.17763
Take note, on this instance; I queried knowledge from my native PC. When accessing native knowledge, WMI and CIM are practically equivalent apart from minor beauty variations within the output. Nevertheless, accessing from a distant PC is completely different between the 2 on the community degree. For a WMI connection to succeed, the distant laptop should allow incoming community visitors on TCP ports 135, 445, and extra dynamically assigned ports between 1024 to 1034. The dynamic vary of ports and the variety of ports wanted to make a profitable connection make safety execs nervous about utilizing WMI on a company community.
In 2012, Microsoft addressed these considerations by releasing a brand new model of WMI known as Home windows Distant Administration (WinRM) or extra generally known as PSRemoting. It makes use of the Net Companies for Administration protocol (WS-Man) for knowledge switch between computer systems as a substitute of DCOM and desires solely two ports to make a safe connection.
From a safety perspective, the default configuration for PSRemoting is safe by default. Home windows Distant Administration (WinRM) is the service on a Home windows laptop that creates and maintains the connection to a different laptop on a Home windows community. WinRM makes use of the WSMan protocol to switch knowledge between computer systems securely. The WSMan protocol makes use of ports 5985 and 5986 and people ports join by way of HTTP and HTTPS. All visitors is encrypted by default, even when utilizing an insecure protocol like HTTP. Additionally, PSRemoting leverages Energetic Listing for authentication. By default, PSRemoting makes use of Kerberos to authenticate customers and decide what degree of entry they need to have on the distant laptop. WMI has related controls you possibly can put in place, however they’re much tougher to configure and should not safe by default.
What’s in a reputation
New cmdlets have been created in PowerShell v3.0 to make the most of WinRM. These new cmdlets are known as “CIM-based” cmdlets, that means they work with the CIM customary. CIM is within the title of just about all of the cmdlets. The one exception is Invoke-Command:
PS C:> Get-Command -noun cimsession
CommandType Title Model Supply
----------- ---- ------- ------
Cmdlet Get-CimSession 1.0.0.0 CimCmdlets
Cmdlet New-CimSession 1.0.0.0 CimCmdlets
Cmdlet Take away-CimSession 1.0.0.0 CimCmdlets
PS C:> Get-Command -noun ciminstance
CommandType Title Model Supply
----------- ---- ------- ------
Cmdlet Get-CimInstance 1.0.0.0 CimCmdlets
Cmdlet New-CimInstance 1.0.0.0 CimCmdlets
Cmdlet Take away-CimInstance 1.0.0.0 CimCmdlets
Cmdlet Set-CimInstance 1.0.0.0 CimCmdlets
Anytime you employ these cmdlets, you’re utilizing the safer technique of knowledge switch known as PSRemoting. The confusion comes from Microsoft utilizing the title CIM within the cmdlets. That may be a little bit of a misnomer as a result of the older WMI cmdlets AND the brand new CIM cmdlets are all CIM primarily based. The distinction between WMI and CIM cmdlets is the protocols and safety in use when accessing a distant laptop. As soon as they get to the distant laptop and authenticate, WMI and CIM entry the identical knowledge.
Which administration interface must you use
Indubitably, WMI is being deprecated. PowerShell at the moment depends closely on PSRemoting and the security measures included. Microsoft launched the CIM primarily based cmdlets and PSRemoting with PowerShell v3.0. Any laptop operating Home windows 7 or better and Server 2008 SP2 and better can AND ought to use PSRemoting as a substitute of WMI. When you have a contemporary laptop, you possibly can AND ought to use PSRemoting. Shifting from WMI to CIM is normally so simple as swapping the Get-WMIObject cmdlet with Get-CIMInstance. If you make the change, you’re rising your safety tremendously.
It’s unlucky that Microsoft used the phrase CIM of their newer cmdlets. CIM has at all times been in use however the brand new cmdlets make it seem CIM is one thing new. Now that you realize the historical past and the variations between WMI and CIM, I like to recommend you cease utilizing WMI wherever doable and changing it with PSRemoting and CIM-Based mostly cmdlets.
Thanks for studying, I might like to know what you assume. Go away me a message within the remark part on the backside of the web page.
