Windows Management Instrumentation (WMI) is Microsoft's implementation of Web-Based Enterprise Management (WBEM) standard for Windows operating systems. TNI 2 gathers data on hardware and software through the WMI interfaces.
Using WMI technology TNI 2 gathers software and hardware data as well as computer registry data.
There are three methods for scanning Windows-based computers.
|HDD space||0.5 MB|
|TCP ports||139, 445|
Windows Management Instrumentation (WMI)
Remote Procedure Call (RPC)
NetBIOS (for Windows NT4)
|Windows version ||NT4 / 2000 / XP Pro / Vista / 2000 Server / 2003 Server / 2008 Server / 7|
TNI main unit connects directly to WMI service on the target PC via RPC protocol and gathers data remotely.
|HDD space||0.5 MB|
|TCP ports||139 and random ports above 1024|
|Services||Windows Management Instrumentation (WMI) |
Remote procedure call (RPC)
|Windows version ||95 / 98 / NT4 / 2000 / XP Pro / Vista / 2000 Server / 2003 Server / 2008 Server / 7|
The agent can be run by domain logon script, task scheduler or startup.
Agent tniwinagent.exe command line parameters:
/path:"\\server\share"— allows setting path to folder, where data file will be placed;
/delay:XX— specifies the number of seconds to wait before starting actual scan.
/overwrite— overwrites the data file in case target folder already contains an older version of it.
|HDD space||0,5 MB|
|Services||Windows Management Instrumentation (WMI)|
|Windows version||NT4 / 2000 / XP / Vista / 2000 Server / 2003 Server / 2008 Server / 7|
All scanning methods require CPU time and a variety of disk operations execution that is why an insignificant loss of efficiency may occur while scanning a computer. Scanning usually takes 1-2 minutes.
Online scanning methods (on demand) generate network traffic:
|Method||To remote computer |
|From remote computer |
|SMB||0.31 MB||0.06 MB|
|RPC||10 MB||18 MB|
Numbers in the table are overall average including service data size (packet headers, etc.).
High traffic during RPC scanning is a result of gathering data from registry by WMI, and it depends on the number of applications and services installed on the remote computer.