What us CIM
Where can i find information on CIM which i believe was then the basis of WMI (microsoft implementation).
Also does anyone have experience with CIM being used as a tool for maluciously locking down a targets computer in the event of a targeted attack.
Also any information on the remote deployment of Domain joining used in another persons computer without their permission(or with it) due to domain group policies overriding local group policies in their hierrarchial structure??
Id be happy to know how to prevent this from occuring and also how to rectify it if it does.
Thanks in advance
Also does anyone have experience with CIM being used as a tool for maluciously locking down a targets computer in the event of a targeted attack.
Also any information on the remote deployment of Domain joining used in another persons computer without their permission(or with it) due to domain group policies overriding local group policies in their hierrarchial structure??
Id be happy to know how to prevent this from occuring and also how to rectify it if it does.
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi,
What is the actual problem you have? CIM itself is unable to be turned to malicious tools - only discovering info about a target, but even then it needs authentication, and if you *already* have that, it's too late (for the victim).
With regards domain joining - attackers can do all manner of bad things just in memory, so never even touching storage, so joining the domain is not in an attackers list.
So, if you believe you are being attacked, the attack is very crude. It sounds more like accidental issues. Can't tell without more info. CIM is not your problem whatever the issue.
Mike
What is the actual problem you have? CIM itself is unable to be turned to malicious tools - only discovering info about a target, but even then it needs authentication, and if you *already* have that, it's too late (for the victim).
With regards domain joining - attackers can do all manner of bad things just in memory, so never even touching storage, so joining the domain is not in an attackers list.
So, if you believe you are being attacked, the attack is very crude. It sounds more like accidental issues. Can't tell without more info. CIM is not your problem whatever the issue.
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'fred hakim' (https:#a43165843)
-- 'David Johnson, CD' (https:#a43165845)
-- 'Michael B. Smith' (https:#a43166124)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'fred hakim' (https:#a43165843)
-- 'David Johnson, CD' (https:#a43165845)
-- 'Michael B. Smith' (https:#a43166124)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
TL;DR As we’ve seen, WMI provides admins with a powerful tool for monitoring remote processes and machines and can be utilized when building a EUMA to provide automatic alerts on suspicious user activity. This makes it a great tool for detecting and defeating insider threats, attempts to get around security policies, or simply to keep an eye on the way in which your systems are being used.
If you want to learn more about how to use WMI to perform insider surveillance, you can download our detailed guide here.
there is no set-wmi only get-wmi wmi/cim are for collecting information not setting any property.