Do I need admin permissions for WMI discovery?

Not necessarily, but the account used for discovery must have the appropriate WMI permissions, including Remote Enable on the relevant WMI namespace. In many environments, using a local or domain administrator account simplifies configuration and avoids permission issues.

Which firewall and DCOM settings are required?

The Windows firewall must allow inbound rules for Windows Management Instrumentation (WMI), and the target device must permit Distributed Component Object Model (DCOM) and Remote Procedure Call (RPC) communication. These settings allow remote WMI queries to reach the system and retrieve inventory data.

When should I use an agent instead of agentless discovery?

Agentless discovery is useful for quickly identifying devices and collecting basic inventory information, especially during initial scans or audits. Agent-based methods are better suited for continuous monitoring, deeper management capabilities, and environments where more detailed telemetry is required.

Agentless Discovery For Windows Devices in InvGate Asset Management

Q: What is agentless discovery for Windows?

Agentless discovery for Windows is a method of identifying devices and collecting system information remotely without installing software agents on each machine. It typically uses Windows Management Instrumentation (WMI) to retrieve hardware, operating system, and configuration data.

Agentless discovery for Windows devices plays an important role in maintaining visibility across modern IT environments. Why? Because according to data from StatCounter, Windows accounts for about 67% of desktop operating systems worldwide, and its presence is typically even higher in corporate environments.

This is where agentless discovery becomes especially valuable. By leveraging Windows Management Instrumentation (WMI) to collect information remotely, organizations can gather detailed asset data without installing agents on every machine. In this article, we explain how agentless discovery works for Windows devices and how to configure WMI so InvGate Asset Management can retrieve inventory data from your network.

InvGate Asset Management

ITAM software

4.8 Gartner

★ ★ ★ ★ ★

See it

What is agentless discovery for Windows devices?

Agentless discovery for Windows devices is a method of identifying and collecting asset information from Windows machines remotely. Instead of relying on local agents, this approach uses network scanning and remote data collection techniques to discover devices and retrieve information directly from the operating system.

For Windows environments, this typically relies on WMI, a built-in Windows management framework that allows authorized tools to query system information remotely. By enabling remote WMI access, tools like InvGate Asset Management can collect inventory data from Windows devices as part of their discovery sources.

How does agentless discovery for Windows devices benefit IT teams?

Many IT environments contain devices that are not fully managed, such as newly connected machines, remote computers, or systems where installing an agent is not practical. Agentless discovery for Windows devices helps IT teams detect these machines and retrieve key system information without requiring prior deployment, improving visibility across the network and supporting more reliable Windows device discovery.

In practice, agentless discovery is commonly used to identify and inventory devices quickly, while agent-based methods are better suited for continuous monitoring and deeper management capabilities. Together, they provide a balanced approach to maintaining reliable asset visibility.

How to set up agentless discovery for Windows devices in InvGate Asset Management

To enable agentless discovery for Windows devices, you need to allow WMI remote access and ensure the appropriate permissions and network settings are in place. Once configured, InvGate Asset Management can query Windows machines remotely and retrieve asset data as part of its discovery process.

In the following steps, we explain the required configuration on Windows devices and how to enable WMI-based discovery within InvGate Asset Management.

Prerequisites

Before configuring agentless discovery for Windows devices, make sure the following conditions are met:

The target Windows devices are reachable from the network where InvGate Asset Management Discovery runs (correct network scope and routing).
Valid credentials are available for the discovery process.
The discovery account has the necessary permissions to query Windows devices remotely through WMI.
The Windows firewall allows WMI and remote management traffic.
Distributed Component Object Model (DCOM) remote calls are permitted on the target devices.
Supported Windows versions are being used.

Expected results

Once the configuration is complete, the discovery process should be able to:

Detect Windows devices during network scans.
Retrieve hardware and operating system information.
Populate the asset inventory with data such as hostname, OS version, and hardware details.

If these results appear in the discovery output, the configuration is working correctly.

Step 1: Enable remote WMI requests

WMI for Windows devices - InvGate Asset Management. To allow agentless discovery for Windows devices, the target machine must permit remote queries through WMI. This requires granting the appropriate WMI permissions to the account that will perform the discovery.

Follow these steps on the target Windows device:

Open Computer Management from Administrative Tools.
In the left panel, expand Services and Applications.
Right-click WMI Control and select Properties.
Go to the Security tab and click Security.
Select the Root namespace.
Add the user or group that will run discovery if it is not already listed.
Enable the Remote Enable permission for that user or group.
Apply the changes and close the configuration window.

Once this permission is granted, the discovery process can query system information remotely through WMI.

Step 2: Allow WMI through Windows firewall

For agentless discovery for Windows devices to work, Windows must allow inbound traffic required for remote Windows Management Instrumentation queries. This typically involves enabling the WMI rule group in the Windows firewall.

You can enable the required firewall rules using the following command on the target device:

netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes

This command enables the firewall rules that allow remote WMI requests.

If the discovery process cannot retrieve data, common errors may include:

"RPC server unavailable" – usually indicates that required RPC/DCOM ports are blocked by the firewall or the target machine is unreachable.
"Access denied" – typically means the discovery credentials lack sufficient permissions for remote WMI queries.
"The requested operation requires elevation (Run as administrator)" – the command prompt or PowerShell session must be opened with administrative privileges to modify firewall rules.

Verifying firewall rules, credentials, network reachability, and administrative privileges usually resolves these issues.

Note: Remote WMI communication also relies on DCOM and Remote Procedure Call (RPC) services, which must be available for remote queries to succeed.

Step 3: Enable DCOM calls on the remote machine

Remote WMI queries rely on DCOM to communicate with Windows devices. If the discovery account is not a local administrator on the target machine, DCOM permissions must allow remote access.

Follow the configuration steps described in the official Microsoft documentation to enable the required DCOM permissions.

Step 4: Enable WMI on InvGate Asset Management

InvGate Discovery in InvGate Asset Management.

Once WMI access is enabled on the target devices, you must configure the discovery integration in InvGate Asset Management so the platform can query those machines during network scans.

Follow these steps:

In your InvGate Asset Management instance, go to Settings > Network > Discovery sources.
Create or edit an InvGate Discovery integration.
Complete the discovery configuration form by specifying the parameters used to scan the network.

During this configuration, you can select the network protocols used to identify and inventory devices on your network. The available discovery protocols include:

DNS
ICMP
mDNS
NetBIOS
SNMP (v1, v2, and v3)
TCP
UPnP
WMI

For some protocols, you may need to define the corresponding credentials and network port used during IT asset discovery. Once WMI is enabled as part of the discovery configuration, InvGate Discovery will be able to query Windows devices remotely and retrieve inventory information from them.

This configuration becomes part of your broader network discovery process, which identifies devices across the network and collects asset data automatically. For a deeper explanation, see our guide on network discovery.

Note: WMI discovery is available starting from InvGate Proxy v3.26.0 or later.

To sum up

Enabling agentless discovery for Windows devices allows IT teams to identify and inventory Windows machines without deploying agents on each device. By configuring WMI access and enabling it within InvGate Asset Management discovery sources, organizations can expand visibility across their network and collect reliable asset data from systems that may not yet be fully managed.

This approach is especially useful during initial discovery, audits, or when mapping existing environments, helping teams build a more complete and accurate asset inventory.

Once configured, you can include WMI in your regular network discovery scans to continuously detect Windows devices and keep your inventory up to date.

Ready to see it in practice? Start your 30-day free trial of InvGate Asset Management or contact our team to learn how to improve discovery and inventory coverage across your environment.

Agentless Discovery For Windows Devices: How to Set up WMI in InvGate Asset Management