- Documentation Center
- English
- Total Network Inventory 2
- White paper
- Scanning Microsoft Windows assets
Scanning Microsoft Windows assets
Table of contents
Technology
Windows Management Instrumentation (WMI) is Microsoft's implementation of Web-Based Enterprise Management (WBEM) standard for Windows operating systems. TNI 2 gathers data on hardware and software through the WMI interfaces.
Using WMI technology TNI 2 gathers software and hardware data as well as computer registry data.
There are three methods for scanning Windows-based computers.
Remote scanning via SMB protocol
How it works
- Executable tniwinagent.exe (agent) is uploaded to the administrator share admin$ on the remote computer.
- TNI main unit connects to the Service manager on the target PC, installs the agent as a service and starts it.
- The agent gathers data and saves it into a compressed file. Then it stops.
- Main unit imports the resulting file into the storage.
- Agent service is uninstalled, executable is deleted.
Requirements for the target machine:
| CPU | 500 MHz |
| RAM | 64 MB |
| HDD space | 0.5 MB |
| TCP ports | 139, 445 |
| Services | Server Windows Management Instrumentation (WMI) Remote Procedure Call (RPC) Remote Registry |
| Resources | ipc$ admin$ |
| Protocols | SMB NetBIOS (for Windows NT4) TCP/IP |
| Windows version | NT4 / 2000 / XP Pro / Vista / 2000 Server / 2003 Server / 2008 Server / 7 |
Remote scanning via RPC protocol
How it works
TNI main unit connects directly to WMI service on the target PC via RPC protocol and gathers data remotely.
Disadvantages
- Significant traffic is generated.
- Scanning speed depends on connection quality.
- All the data processing is performed by the main unit. This considerably increases the consumption of system resources when scanning large networks.
Requirements for the target machine:
| CPU | 500 MHz |
| RAM | 64 MB |
| HDD space | 0.5 MB |
| TCP ports | 139 and random ports above 1024 |
| Services | Windows Management Instrumentation (WMI) Remote procedure call (RPC) |
| Protocols | RPC TCP/IP |
| Windows version | 95 / 98 / NT4 / 2000 / XP Pro / Vista / 2000 Server / 2003 Server / 2008 Server / 7 |
Manual scanning
How it works
- Executable tniwinagent.exe (agent) is copied to the target PC manually and run. Upon completion of it's work the agent creates a file with the gathered data.
- The resulting data file is manually moved to TNI 2 storage.
Additionally
The agent can be run by domain logon script, task scheduler or startup.
Agent tniwinagent.exe command line parameters:
/path:"\\server\share"— allows setting path to folder, where data file will be placed;/delay:XX— specifies the number of seconds to wait before starting actual scan./overwrite— overwrites the data file in case target folder already contains an older version of it.
Requirements for the target machine
| CPU | 500 MHz |
| RAM | 64 MB |
| HDD space | 0,5 MB |
| Services | Windows Management Instrumentation (WMI) |
| Windows version | NT4 / 2000 / XP / Vista / 2000 Server / 2003 Server / 2008 Server / 7 |
Scanning overhead
All scanning methods require CPU time and a variety of disk operations execution that is why an insignificant loss of efficiency may occur while scanning a computer. Scanning usually takes 1-2 minutes.
Online scanning methods (on demand) generate network traffic:
| Method | To remote computer (upload) | From remote computer (download) |
| SMB | 0.31 MB | 0.06 MB |
| RPC | 10 MB | 18 MB |
Numbers in the table are overall average including service data size (packet headers, etc.).
High traffic during RPC scanning is a result of gathering data from registry by WMI, and it depends on the number of applications and services installed on the remote computer.
Page last modified 08:27, 11 Aug 2011 by Zak