Working with WMI (Windows Management Instrumentation)

    Working with WMI (Windows Management Instrumentation)

    One of the most useful jobs for PowerShell is to create a bank of WMI based scripts. Furthermore, scripting WMI with PowerShell is much easier and more efficient than WMI with VBScript.

    What is WMI?

    WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), with some enhancements in the initial version of it, WBEM is a industry initiative to develop a standard technology for accessing management information in an enterprise environment that covers not only Windows but also many other types of devices like routers, switches, storage arrays …etc. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. CIM is developed and maintained by the Distributed Management Task Force (DMTF).

    To list out all the available WMI Objects available, execute the following command.

    Get-WmiObject -List

    Wow, there are many WMI Objects available.

    Let us see some examples on what we can do with PowerShell and WMI.

    Get-WmiObject win32_computersystem — gives the details of the local computer system

    PS C:\> Get-WmiObject win32_computersystem
     
     
    Domain              : winadmin.org
    Manufacturer        : VMware, Inc.
    Model               : VMware Virtual Platform
    Name                : DC01
    PrimaryOwnerName    : Windows User
    TotalPhysicalMemory : 2146877440

    If you want to query a remote system, then use Get-WmiObject win32_computersystem -ComputerName vc01

    PS C:\> Get-WmiObject win32_computersystem -ComputerName vc01
     
     
    Domain              : winadmin.org
    Manufacturer        : VMware, Inc.
    Model               : VMware Virtual Platform
    Name                : VC01
    PrimaryOwnerName    : Windows User
    TotalPhysicalMemory : 8589328384

    If we are not providing any credentials, then PowerShell will use the logged in user’s credentials. If the logged in user does not have access to target computersystem, you will receive an error that access is denied.

    we need to use the command as follows:
    Get-WmiObject win32_computersystem -ComputerName vc01 -Credential winadmin\wintel

    This will prompt for a password.

    Let us see some more examples.

    PS C:\> Get-WmiObject win32_operatingsystem
     
     
    SystemDirectory : C:\Windows\system32
    Organization    :
    BuildNumber     : 9600
    RegisteredUser  : Windows User
    SerialNumber    : 00252-70000-00000-AA535
    Version         : 6.3.9600
     
     
     
    PS C:\> Get-WmiObject win32_operatingsystem | select Caption, CSDVersion
     
    Caption                                                     CSDVersion
    -------                                                     ----------
    Microsoft Windows Server 2012 R2 Standard

    Here CSDVersion is Service Pack version.

    PS C:\> Get-WmiObject win32_bios
     
     
    SMBIOSBIOSVersion : 6.00
    Manufacturer      : Phoenix Technologies LTD
    Name              : PhoenixBIOS 4.0 Release 6.0
    SerialNumber      : VMware-56 4d 65 8a 54 68 57 32-85 4e 79 44 7c 0c f8 ca
    Version           : INTEL  - 6040000
    PS C:\> Get-WmiObject win32_logicaldisk
     
     
    DeviceID     : C:
    DriveType    : 3
    ProviderName :
    FreeSpace    : 52686172160
    Size         : 64055406592
    VolumeName   :
     
    DeviceID     : D:
    DriveType    : 5
    ProviderName :
    FreeSpace    : 0
    Size         : 4477562880
    VolumeName   : IR2_SSS_X64FREV_EN-US_DV5

    Get-WmiObject win32_process : Displays all the processes running on local machine.

    PS C:\> Get-WmiObject win32_process | select Name
     
    Name
    ----
    System Idle Process
    System
    smss.exe
    csrss.exe
    wininit.exe
    csrss.exe
    winlogon.exe
    services.exe
    lsass.exe
    svchost.exe
    svchost.exe
    dwm.exe
    vmacthlp.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    spoolsv.exe
    Microsoft.ActiveDirectory.WebServices.exe
    dfsrs.exe
    dns.exe
    ismserv.exe
    VGAuthService.exe
    vmtoolsd.exe
    dfssvc.exe
    WmiPrvSE.exe
    svchost.exe
    vds.exe
    dllhost.exe
    msdtc.exe
    taskhostex.exe
    explorer.exe
    vmtoolsd.exe
    powershell.exe
    conhost.exe
    powershell.exe
    conhost.exe
    WmiPrvSE.exe
    WmiApSrv.exe

    Get-WmiObject win32_service : Displays all the services available on local machine. (You can also use Get-Service also).

    So it is up to you what to use and how to use. Try to remember as many keywords as possible. There are many accounts I worked where there was no internet access.  ..


    © 2019 WinAdmin.org . All Rights Reserved.
    Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
    Ok Decline