WMI

Overview

This node executes Windows Management Instrumentation (WMI) queries and commands using different execution engines. It allows users to perform WQL (WMI Query Language) queries, retrieve data from WMI aliases, invoke actions on WMI aliases, or list available WMI aliases. The node supports multiple engines including a Node.js library, native Windows WMIC command, Python Impacket scripts, and a Linux Samba WMIC CLI.

Common scenarios include:

• Gathering system information such as processes, services, or OS details remotely or locally.
• Managing Windows services by starting or stopping them via WMI calls.
• Automating administrative tasks on Windows hosts from n8n workflows.
• Querying remote Windows machines for monitoring or inventory purposes.

Practical example:

• Use the "Call" operation with alias service and action startservice to start a Windows service remotely.
• Use the "Query" operation to run a WQL query like SELECT * FROM Win32_Process WHERE Name = 'notepad.exe' to find running processes.

Properties

Name	Meaning
Engine	Execution engine to use: - Node WMI (Node-Wmi): Node.js library supporting WQL, works outside Windows. - WMIC (Wmi-Query): Local WMIC command on Windows host. - Impacket (Python DCOM): Python script requiring python3 + impacket. - WMIC CLI (Linux Samba): Samba wmic binary on Linux for remote WQL queries (only query operation).
Preflight Check	(Only for Impacket engine) Whether to verify before execution that Python interpreter is available and the impacket module can be imported (fail-fast check).
Alias	WMIC alias name (e.g., os, process, service). Required for "get" and "call" operations.
Action	Action to execute on the alias (for "call" operation), e.g., startservice, stopservice.
Format	Output format. Only JSON is implemented.
Timeout (Ms)	Maximum wait time in milliseconds for each item before aborting. Minimum allowed is 1000 ms.
Verbose Logging	Enable detailed debug logging (does not print passwords).

Output

The node outputs an array of items where each item contains a json field with a data property holding the results of the WMI operation. The structure of data depends on the operation and query executed:

• For query operations, data is an array of objects representing the rows returned by the WQL query.
• For get operations, data contains the properties retrieved from the specified alias.
• For call operations, data contains the result of the invoked action on the alias.
• For listAlias operation, data is an array listing available WMIC aliases.

If an error occurs and the node is configured to continue on fail, the output item will contain an error property describing the issue.

The node does not output binary data.

Dependencies

• Requires credentials containing host, user, password, and optionally domain and namespace for WMI access.
• Depending on the selected engine:
  • Node WMI: Requires the node-wmi npm package.
  • WMIC: Requires n8n to run on Windows with the wmic command available.
  • Impacket: Requires Python 3 and the impacket Python module installed on the host machine. The path to the Python interpreter can be set via environment variable if not in default locations.
  • WMIC CLI: Requires the Samba wmic binary installed on Linux hosts.

Troubleshooting

• Engine WMIC only works on Windows: Attempting to use the WMIC engine on non-Windows platforms throws an error.
• Missing or invalid credentials: The node requires valid host, username, and password fields; missing these causes errors.
• Timeouts: Queries or commands exceeding the specified timeout will abort with a timeout error.
• Impacket preflight failure: If the Python interpreter or impacket module is missing or not importable, the node fails fast when preflight check is enabled.
• Invalid WQL query or alias: Errors may occur if the WQL syntax is incorrect or the alias/action does not exist.
• Parsing errors: When using WMIC CLI, output parsing errors can happen if the command output format changes or is unexpected.
• Error message "Cannot convert undefined or null to object": This likely indicates invalid credentials or query issues.

To resolve:

• Verify platform compatibility with chosen engine.
• Ensure credentials are complete and correct.
• Increase timeout if operations take longer.
• Install required dependencies (Python, impacket, node-wmi, Samba wmic).
• Validate WQL queries and alias names.
• Enable verbose logging to get detailed debug information without exposing sensitive data.

Links and References

• Windows Management Instrumentation (WMI) Documentation
• WMI Query Language (WQL) Reference
• Node WMI GitHub Repository
• Impacket Python Library
• Samba WMIC Tool