WMI and CIM are used for information management. Information security experts comment that some vendors use WMI to provide information.
Now, we will concentrate on win32_product. The win32_product class provides information on all installed software. Although there are differences between Get-WmiObject and Get-CimInstance.
As for navigating the classes. Get-CimInstance allows you to navigate through the possible classes by pressing TAB or typing win32_ and pressing CTRL + Space.
Some experts recommend proceeding with Get-CimInstance.
Get all the software installed on the local host. Now we concentrate on collecting information about the installed software. To do so, I recommend modifying the output. Now, simply run Get-Member to explore all the properties.
Since we have a list of our software currently installed. Now a list of remote device software must be retrieved.
To get the installed software from remote devices, computer security experts say you must make sure that WinRM is enabled on your devices. WinRM is enabled by default in Windows Server 2012/2016, but not in the Client’s operating systems.
The information security expert will create a small test environment, with only 2 computers (server02 and client01). You will get the Active Directory Computer Names of a specific organizational unit and then run Get-CimInstance against them.
(Get-ADComputer -Filter * -Searchbase “OU=Test,DC=sid-500,DC=com”).Name | Out-File C:\Temp\Computer.txt | notepad C:\Temp\Computer.txt
Review your list carefully.
Get-CimInstance -ComputerName (Get-Content C:\Temp\Computer.txt) -ClassName win32_product -ErrorAction SilentlyContinue| Select-Object PSComputerName, Name, PackageName, InstallDate | Out-GridView
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.