Using Minimize WMI usage feature
Know more about the optional feature, Minimize WMI usage feature.
The BigFix content uses Windows Management Interface (WMI) query to detect if an ESU key is installed on a Windows 7, Windows 2012, or 2008 endpoint. WMI queries are relatively expensive, lasting approximately a second, and utilization of the first CPU core can be higher than the BigFix cap of 2% during query time (because WMI is a Windows subsystem that does not obey BigFix’s CPU throttling). In most cases this effect is negligible; however, during endpoint configurations WMI queries can take much longer than usual, making WMI’s CPU usage more noticeable on machines with few CPU cores. Please use the “Minimize WMI” feature to reduce the number and frequency of WMI queries used for ESU patching.
Understanding Minimize WMI feature
The Minimize WMI feature creates a client setting, _BESClient_WinESU_Keys, which is used to hold a list of ESU keys currently installed on an endpoint. When the Minimize WMI feature is enabled on an endpoint, this client setting is used (instead of WMI queries) to determine the endpoint’s applicability to ESU patches.
- Fewer WMI queries resulting in less CPU overhead when evaluating ESU patch Fixlet applicability.
- Easy access to ESU key info via client setting in addition to the analysis properties.
- More up-to-date key information in the ESU Key Information analysis: the ESU Keys Installed (WMI) property is updated every 6 hours to minimize WMI overhead, but the ESU Keys Installed (client setting) property is updated every report.
- The ESU key client setting can get out of sync with the actual keys installed on the endpoint if keys are manually added, activated, or removed. The “ESU Key Management: Synchronize Client Setting to WMI” Fixlet (Fixlet ID 10) is provided to help you prevent drift.
How to enable the Minimize WMI feature
Deploying the “ESU Key Management: Add Client Setting to Minimize WMI Usage” Fixlet (Fixlet ID 11) will add the _BESClient_WinESU_MinimizeWMI setting and set it to 1, enabling the feature.
How to disable the Minimize WMI feature
Deploying the “ESU Key Management: Remove Client Setting to Minimize WMI Usage” Fixlet (Fixlet ID 12) will remove the _BESClient_WinESU_MinimizeWMI setting, disabling the feature.
It also removes the _BESClient_WinESU_Keys setting from the endpoint so that the list of ESU keys in it does not become stale.
Technical Details
Client setting _BESClient_WinESU_MinimizeWMI must exist and be set to a value other than 0 to enable the feature.
Client setting _BESClient_WinESU_Keys hold a list of ESU keys on the endpoint. The format of each key is the same as the values reported in the “ESU Keys Installed (WMI)” property in the ESU Key Information analysis, and the values are pipe-separated. Example: “Year1:ABCDE:Active|Year2:FGHIJ:Inactive”.
If _BESClient_WinESU_MinimizeWMI is set, both the Install and Activate MAK task (Fixlet ID 1) and the Uninstall MAK task (Fixlet ID 2) will update _BESClient_WinESU_Keys to the current value(s) in WMI upon successful completion. If WMI shows no ESU keys, the _BESClient_WinESU_Keys client setting is deleted.
The “ESU Key Management: Synchronize Client Setting to WMI” Fixlet (Fixlet ID 10) becomes relevant on endpoints whose _BESClient_WinESU_Keys setting is out of sync with WMI.
If _BESClient_WinESU_MinimizeWMI is set, ESU related WMI queries and their frequencies are as follows:
- “ESU Keys Installed (WMI)” property (evaluation): every 6 hours
- “ESU Key Management: Synchronize Client Setting to WMI” Fixlet (applicability): once per client evaluation loop
- “ESU Key Management: Synchronize Client Setting to WMI” policy action (action reapply if relevant): configurable, 1-4 hours recommended
The following ESU Key Management Fixlets and tasks use WMI queries in their action script:
- Install and Activate MAK
- Uninstall MAK
- Synchronize Client Setting to WMI
Recommendations
Customers who enable the Minimize WMI feature should run the “ESU Key Management: Synchronize Client Setting to WMI” Fixlet as a policy action in order to periodically populate the client setting with the actual ESU key list as reported by WMI. We recommend a “reapply when relevant” interval between 1 and 4 hours as a starting point, but you can customize the interval to your environment (for example, 1 day may be sufficient if you’re confident no manual ESU key manipulation will occur in your environment).