aiowmi

For our monitoring solution InfraSonar we prefer a nonintrusive monitoring approach using a Linux appliance. This monitoring appliance uses open standards to retrieve monitoring data such as performance and availability metrics from the monitored assets.

When hardening changes in DCOM were implemented for CVE-2021-26414 via Windows updates, we noticed Windows server system logs getting flooded with event ID 10036 errors:

The server-side authentication level policy does not allow the user WMITEST\Administrator
SID (S-1-5-21-3969764004-348989262-1652888677-500) from address 192.168.21.108 to
activate DCOM server. Please raise the activation authentication level at least to
RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

As many other vendors, we were using a compiled wmic binary to query Windows hosts remotely from Linux. As this binary is derived from a no longer maintained Samba fork we knew we had to roll up our sleeves and create a proper maintainable solution ourselves!

As they say: “Preparation is the key to success”. That’s why we started with requirements engineering, which involved going through a huge amount of WMI documentation released by Microsoft.

However, this preparation phase has paid off as it has helped us immensely in developing a super functional Python library specifically for WMI. This library is now being used in production for InfraSonar and made freely available as an open source solution.

We hope this helps others who rely on WMI queries from a non-Microsoft operating system.

As everyone knows, creating and maintaining open source libraries is an effort that requires community support in the form of contributors, testers, and sponsors. Feel free to contact us if you think you can contribute in any way!