Windows 11 24H2 26100 has WMIC disabled by default

[HuFlungDu]

When installing an agent on Windows 11 24H2 26100 (Early preview), I receive the error:

..\microscript\ILibDuktape_ScriptContainer.c:1667 (0,0) uncaught: ‘cannot read property \x27split\x27 of null

I can't verify for sure that this is coming from WMIC missing because it doesn't give me a stack trace, but meshagent does use WMIC and attempt to parse the results, and it is what is in common with the devices on which I have seen this occur, so it seems probable.

WMIC was deprecated in 2021, and it seems like the chickens are finally coming home to roost on this. It also looks like it may need to be replaced with a powershell script, according to this blog post.

[si458]

This isn't a bug but something wrong with ur setup of windows

Please see issues in main meshcentral about this issue https://github.com/Ylianst/MeshCentral/issues/3791

Also here in meshagent repo too https://github.com/Ylianst/MeshAgent/issues/121

[HuFlungDu]

Yeah, it's not a "bug" currently, it's fixable by installing WMIC (The linked post does not fix it, because the issue is that the wmic executable does not exist on the system), but Microsoft is already in the process of removing the WMIC executable, so this will eventually become a problem that is only solvable by modifying the agent source. Even now, the agent does not work on default windows installations from 24H2 26100, and requires an additional installation step which is not documented anywhere as far as I can tell. It's probably a good idea to update the code now, before it becomes totally broken on future windows versions.

[si458]

if you can share the steps how you installed the WMIC on those version of windows, we can add it to the docs to help others 👍

[HuFlungDu]

Open an administrator powershell and run:

DISM /Online /Add-Capability /CapabilityName:WMIC~~~~

This will work as long as you have permissions to do so. Some organizations will block that capability, though. I don't think there's any way around it if your organization does that.

[dinger1986]

basically need to change the WMIC commands to powershell,

For example (I think cause no very little about JS

 execFile('powershell', ['-Command', 'Get-WmiObject -Query "SELECT OSLanguage FROM Win32_OperatingSystem" | Select-Object -ExpandProperty OSLanguage'], (error, stdout, stderr) => {

could replace

https://github.com/Ylianst/MeshAgent/blob/81877a334900b065af79e1faf3df85fb3e5f238f/modules/util-language.js#L982

[si458]

@dinger1986 if u check the code tho wmic is listed in quite a few places including meshcentral and meshagent

[dinger1986]

14 functions or commands need replaced, most have drop in replacements ie restarting a service can be done with net stop/net start

[HuFlungDu]

I would like to try to take a stab at tackling this, but I can't find any information about building the agent and the testing process, etc. Is there any documentation about building the agent on different environments and then testing the newly built code? Just open the sln in visual studio(?), build, and replace the executables in my meshcentral instance? Just guesses, I'm not so familiar with this part of the meshcentral process.

[si458]

I would like to try to take a stab at tackling this, but I can't find any information about building the agent and the testing process, etc. Is there any documentation about building the agent on different environments and then testing the newly built code? Just open the sln in visual studio(?), build, and replace the executables in my meshcentral instance? Just guesses, I'm not so familiar with this part of the meshcentral process.

That's basically the process!

If it's all C code you need to change, open VS then edit n build, copy, restart let it autouodate machines or download and reinstall For windows agents

However, if you have to change any of the modules in the modules folder, u have to change them. Then, convert them into the tuktape js, then build the meshagent

I'll write a docs later how to do it for you, the is already a few guide in issues explaining how to do it, just can't find links at moment

[dinger1986]

I would like to try to take a stab at tackling this, but I can't find any information about building the agent and the testing process, etc. Is there any documentation about building the agent on different environments and then testing the newly built code? Just open the sln in visual studio(?), build, and replace the executables in my meshcentral instance? Just guesses, I'm not so familiar with this part of the meshcentral process.

I have looked through the code and found all the references, it should be just a case of replacing the wmic commands with native powershell commands but the outputs will need to be checked that they are the same, there is references both in the client and the server so both places will need changed, Im on the unofficial mesh discord if that helps?

[HuFlungDu]

I have looked through the code and found all the references, it should be just a case of replacing the wmic commands with native powershell commands but the outputs will need to be checked that they are the same, there is references both in the client and the server so both places will need changed, I'm on the unofficial mesh discord if that helps?

Yeah, mostly they are replaceable with Get-CimInstance, I've run through both the server and the client and found the replacements for each of them. The output formatting is very different, however, so they need to be parsed very differently. The upside is that, with Select-Object, the parsing should actually be much less work. Mostly it's just a matter of getting it built and testing. The only one I haven't found a great replacement with is:

https://github.com/Ylianst/MeshAgent/blob/81877a334900b065af79e1faf3df85fb3e5f238f/modules/win-info.js#L31

My current plan is Get-CimInstance Win32_QuickFixEngineering, but that doesn't give all the same info as the one I'm replacing. Since the parsing of that command just grabs EVERYTHING it sees there, I can't validate what this should look like. Do you happen to know what wmic qfe does under the hood, or how to make the Get-CimInstance output all the same info as the original?

@si458, there are changes in the modules. I figured out how to get the C built, but I can't figure out how to convert the modules into tuktape; I see that some of the duktape C code contains javascript code as strings, but none of them seem to be the code I'm changing. Is converting a manual process, or is there a compilation tool for that?

[dmikoss]

how to convert the modules into tuktape

I don't know if this is the correct way, but you can integrate JS modules like this (works in windows powershell). Place 'meshagent.exe' in MeshAgent folder, set current directory MeshAgent. Then run commands:

$pwd = "${PWD}".Replace('\', '/') 
./meshagent -exec "require('code-utils').shrink({modulesPath:'${pwd}/modules',filePath:'${pwd}/microscript/ILibDuktape_Polyfills.c'});process.exit();"

Paths must be with forward slashes. ILibDuktape_Polyfills.c will contain JS modules in Base64 form. After recompile agent C code in Visual Studio (don't tried this yet).

[HuFlungDu]

Paths must be with forward slashes. ILibDuktape_Polyfills.c will contain JS modules in Base64 form.

Ah, I didn't consider they might be base64. I had to add "expandedModules" to make it work, but it does work. My concern with this is there are some comments in that file currently, and also some ifdefs, but this method doesn't re-generate them. It kinda looks like those comments might have been added manually, since they aren't wholly consistent, but I'm not sure. Either way, it makes me think this may not be the intended workflow, though it will unblock me for doing the actual important fixes now. I can figure out how to integrate them properly before I PR.

[si458]

ok so pushed a commit which fixes the \x27split\x27 error! used this for help/reference - https://github.com/Ylianst/MeshAgent/issues/89#issuecomment-949901720 basically make ur changes in the modules folder, then run the exec nativeAddCompressedModule command, and it will copy the base64 encoded code into your clipboard then find the line inside ILibDuktape_Polyfills.c and replace its code, and recompile!

also if you wanted you can use this https://github.com/Ylianst/MeshAgent/issues/184#issuecomment-2017615989 and this will compile all modules into the modules_expenses folder but it includes ALL modules, even modules meant for mac/linux on windows which isnt ideal!

[si458]

i have a new agent for people to try if they want! fully compiled with all the bug fixes in the repo including replacing wmic with the win-wmi we already had

1. download zip and extract zip MeshService64.exe.zip
2. backup the MeshService64.exe from inside node_modules/meshcentral/agents/ (or rename to something else)
3. place the new MeshService64.exe back in node_modules/meshcentral/agents/
4. stop meshcentral
5. IMPORTANT: DISABLE AUTO AGENT UPDATE OTHERWISE ALL AGENTS WILL GET AUTO UPDATED!!! set "noAgentUpdate": 1 inside of settings in your config.json
6. start meshcentral
7. IMPORTANT: LET MESHCENTRAL RESIGN/RECUSTOMISE THE SINGLE FILE!
8. skip this step if you dont code-sign yourself copy the new signed agent from inside signed-agents located inside of meshcentral-data to your machine, code-sign the exe however you want/do it, put the new code-signed exe back into agents replacing the old MeshService64.exe (backing up the old code-signed version of yours first), restart meshcentral
9. pick a device and go into its Console tab and run agentupdate
10. you should see the device go offline and then back online, and in theory the date/version will of changed!

edit: you can also then download a new meshagent from the 'addagent' tab and it should work on 24h2 machines for install/run

[mdshoaibumer]

Dear @si458 ,

Thanks for the above help.

I have windows 11 24h2 in my local and i downloaded the provided zip and signed it.

After installing it, the device is showing up in the portal and iam able to take desktop, file transfer, terminal access as expected.

In order to reproduce this ,

we can execute the command in cmd

DISM /Online /Remove-Capability /CapabilityName:WMIC~~~~

Once removed, we can install and verify.

Regards, Shoaib

[si458]

@mdshoaibumer glad it worked! im not gunna push the exe to the main repo until december as i would like others to test to make sure it works and no hidden bugs etc!

[clazie]

Couldn't install agent on Windows 11. Downloaded the zip-file and followed the Post. After that everything worked as expected.

Thanks a lot!

Claus

[si458]

@clazie glad it worked!

I'm thinking next month maybe adding the exe physically into the repo for everyone

Just need a few more people to test first and check all works!

In theory, the blinking cursor should be fixed too

[psflachglas]

I used WMIC only extract the Windows 11 OEM Product key. Now i use: (Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey

Maybe thats helpful to someone.

Source: https://www.deskmodder.de/wiki/index.php/Key_Seriennummer_aus_Bios_UEFI_auslesen_Windows_10****

[si458]

Maybe we could add that into the details page 😄 Make a feature request haha Do it same as the bitlocker key, under padlock and only shown to admin 😀

[rrech]

Updated to the new agent on my machine. Apparently working fine.

Current Core: Nov 6 2024, 3493876492 Agent Time: 2024-12-06 08:25:30.013-03:00. User Rights: 0xffffffff. Platform: win32. Capabilities: 15. Server URL: ---- Built-in LMS: Disabled. OS: Microsoft Windows 11 Pro - 24H2/26100. Modules: amt-apfclient, amt-lme, amt-manage, amt-mei, computer-identifiers, monitor-border, smbios, sysinfo, util-agentlog, wifi-scanner-windows, wifi-scanner, win-console, win-deskutils, win-info, win-securitycenter, win-terminal, win-virtual-terminal, win-volumes. Server Connection: true, State: 1. Node ID: cuIeDSFc3LFp3RHKtW2$pcVT3STOiuxlsgEUQ0AYwh3lXKuM1ZV1s2lsUShPwNHk Application Location: C:\Program Files\Mesh Agent\

[juxeii]

Hi, I am very new to Mesh Central. I have it running in docker, but the Win agent, as described here, is not working in Win11. I tried the exe compiled by @si458, but now I am stuck on what to do. As described, I need to replace the agent exe in node_modules/meshcentral/agents/. But where is this path in my docker container? Does this even make sense? When stoping the container, the node_modules path is gone anway, isn't it? All persistent data I have is on my mapped volumes, and there is the folder signedagents.

When can we expect to have a working exe without the need to do all of this?

Thanks for this amazing software :)

[si458]

@juxeii to do this in docker,

1. docker exec -it [container-id] /bin/bash
2. cd /opt/meshcentral/meshcentral/
3. cp agents/test_agents/* agents/*
4. exit
5. docker restart [container-id]

if you use docker compose DONT DOWN/UP, THIS WILL DESTROY THE CONTAINER!

i will ask @Ylianst if hes happy to move the agents yet ready for the next release

[juxeii]

@si458 Thx. I did that, and the agent starts:

But it is not showing up in MeshCentral. I am behind traefik. According to the connection status, shouldn't it show up?

[si458]

yes it should, do you have sessionrecording enabled at all? if so restart your meshcentral server again and it should appear if not im not too sure? what version of meshcentral are u running? im guessing 1.1.35?

[juxeii]

Yes, 1.1.35 version. Here is the docker-compose

version: '3'

services:
  meshcentral:
    restart: always
    container_name: meshcentral
    image: ghcr.io/ylianst/meshcentral:latest
    ports:
      - 8086:4430
    environment:
      - HOSTNAME=my.domain
      - REVERSE_PROXY=true

    volumes:
      - /volume1/docker/meshcentral/data:/opt/meshcentral/meshcentral-data
      - /volume1/docker/meshcentral/user_files:/opt/meshcentral/meshcentral-files
      - /volume1/docker/meshcentral/backup:/opt/meshcentral/meshcentral-backups
      - /volume1/docker/meshcentral/web:/opt/meshcentral/meshcentral-web
    networks:
      - meshcentral-tier
      - web
    labels:
      - traefik.enable=true
      - traefik.http.routers.meshcentral.entrypoints=http
      - traefik.http.routers.meshcentral.rule=Host(`my.domain`)
      - traefik.http.routers.meshcentral.middlewares=https-redirectscheme@file
      - traefik.http.routers.meshcentral-secure.entrypoints=https
      - traefik.http.routers.meshcentral-secure.rule=Host(`my.domain`)
      - traefik.http.routers.meshcentral-secure.tls=true
      - traefik.http.routers.meshcentral-secure.service=meshcentral
      - traefik.http.services.meshcentral.loadbalancer.server.port=4430
      - traefik.docker.network=web

networks:
  meshcentral-tier:
    driver: bridge
  web:
    external: true

Sorry for dumb question, but what is sessionrecording and why is it needed? Is this enabled in the server or agent/client?

[si458]

@juxeii sessionrecording is an option inside your config.json and all it does is record your sessions for playback later 👍 so it records what you did on the desktop, what fles you transfered and what commands happened https://youtu.be/awaOaxZTg7E?si=vTJwA9RiGdR-KZeD https://youtu.be/nDkNbYE8fT0?si=ZViWWW5aF-_-Wnc-

[juxeii]

@si458 Ok, that is what I thought too. But I do not need this feature. Maybe I have a misunderstanding with MeshCentral. I need an alternative to TeamViewer, AnyDesk etc., so a simple remote control desktop software. So I got MeshCentral up and running and downloaded the (patched) windows agent. I started the agent and kept it running. I was thinking that the agent would pop up at some point in the web interface such that I can remotely control this computer. But it won't show up. So I am confused about recording a session, and how would that fix my issue?!

EDIT: I am working with cloudflare tunnels, maybe here is a configuration issue. The agent shows wss://my.domain:4430/agent.ashx I am not sure if this will pass through the tunnel. Is there a documentation with cloudflare tunnel?

[si458]

@juxeii whats your config.json look like? (hide secret info)