What is WMI?

Windows Management Instrumentation (WMI)

Windows Management Instrumentation (WMI) is a set of Microsoft specifications for consolidating the management of devices and applications in a network from Windows computing systems. WMI was first introduced and can be utilised on computers running Windows 95, Windows 98 and NT and later editions of Windows. WMI is the Microsoft implementation of Web Based Enterprise Management (WBEM), which is built on the Common Information Model (CIM), a computer industry standard for defining device and application characteristics so that system administrators and management programs can control devices and applications from multiple manufacturers or sources in the same way.

WMI provides users with information about the status of local or remote computer systems. It also supports such actions as the configuration of security settings, setting and changing system properties, setting and changing permissions for authorized users and user groups, assigning and changing drive labels, scheduling processes to run at specific times, backing up the object repository, and enabling or disabling error logging.


When used as an alternative to SNMP (Simple Network Management Protocol), WMI can provide much of the same monitoring and management data currently available with SNMP based polling with the addition of Windows specific communications and security features.
Note: Due to specific characteristics of WMI polling requests, polling a single WMI enabled object uses approximately five times the resources required to poll the same or similar object with SNMP on the same polling frequency.
For more information about WMI, see the Microsoft article, About WMI. (© 2017 Microsoft, available at https://msdn.microsoft.com/, obtained on May 8th, 2017.)

WMI Monitoring


  • Account settings used by Solarwinds server and application performance monitor automatically.
  • Doesn’t try to monitor RAM as a volume.
  • Uses correct reboot time for uptime metrics.


  • WMI-only devices cannot use custom pollers (UnDP).
  • Significantly more firewall ports required.
  • Will not work across a NAT-ed WAN connection (VPN).
  • One password change in Active Directory can disable monitoring.
  • Cannot monitor topology.
  • Less efficient compared with SNMP respectively, use of CPU, RAM and bandwidth on both node and poller.

SNMP Monitoring


  • Fewer ports need to be open on Firewall.
  • No single point of failure for access.
  • Efficient use of CPU, RAM and bandwidth (on both node and poller).


  • Cannot monitor Windows Volume Mount points.
  • Difficult to configure earlier versions of Windows (NT, W2k, 98, 95).
  • Requires non-default configuration actions on each node (enabling snmp agent, setting RO string, etc).
  • Changing SNMP string requires enterprise-wide changes.
  • Uses SNMP service start time for uptime metrics, rather than actual server reboot time.
  • Windows Server 2016 does not support SNMP V3 but it still works.

If you have any comments regarding your experiences monitoring environments using either SNMP or WMI, please comment below.