Print

Working with WMI (Windows Management Instrumentation)

Working with WMI (Windows Management Instrumentation)

One of the most useful jobs for PowerShell is to create a bank of WMI based scripts. Furthermore, scripting WMI with PowerShell is much easier and more efficient than WMI with VBScript.

What is WMI?

WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), with some enhancements in the initial version of it, WBEM is a industry initiative to develop a standard technology for accessing management information in an enterprise environment that covers not only Windows but also many other types of devices like routers, switches, storage arrays …etc. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. CIM is developed and maintained by the Distributed Management Task Force (DMTF).

To list out all the available WMI Objects available, execute the following command.

Get-WmiObject -List

Wow, there are many WMI Objects available.

Let us see some examples on what we can do with PowerShell and WMI.

Get-WmiObject win32_computersystem — gives the details of the local computer system

PS C:\> Get-WmiObject win32_computersystem
 
 
Domain              : winadmin.org
Manufacturer        : VMware, Inc.
Model               : VMware Virtual Platform
Name                : DC01
PrimaryOwnerName    : Windows User
TotalPhysicalMemory : 2146877440

If you want to query a remote system, then use Get-WmiObject win32_computersystem -ComputerName vc01

PS C:\> Get-WmiObject win32_computersystem -ComputerName vc01
 
 
Domain              : winadmin.org
Manufacturer        : VMware, Inc.
Model               : VMware Virtual Platform
Name                : VC01
PrimaryOwnerName    : Windows User
TotalPhysicalMemory : 8589328384

If we are not providing any credentials, then PowerShell will use the logged in user’s credentials. If the logged in user does not have access to target computersystem, you will receive an error that access is denied.

we need to use the command as follows:
Get-WmiObject win32_computersystem -ComputerName vc01 -Credential winadmin\wintel

This will prompt for a password.

Let us see some more examples.

PS C:\> Get-WmiObject win32_operatingsystem
 
 
SystemDirectory : C:\Windows\system32
Organization    :
BuildNumber     : 9600
RegisteredUser  : Windows User
SerialNumber    : 00252-70000-00000-AA535
Version         : 6.3.9600
 
 
 
PS C:\> Get-WmiObject win32_operatingsystem | select Caption, CSDVersion
 
Caption                                                     CSDVersion
-------                                                     ----------
Microsoft Windows Server 2012 R2 Standard

Here CSDVersion is Service Pack version.

PS C:\> Get-WmiObject win32_bios
 
 
SMBIOSBIOSVersion : 6.00
Manufacturer      : Phoenix Technologies LTD
Name              : PhoenixBIOS 4.0 Release 6.0
SerialNumber      : VMware-56 4d 65 8a 54 68 57 32-85 4e 79 44 7c 0c f8 ca
Version           : INTEL  - 6040000
PS C:\> Get-WmiObject win32_logicaldisk
 
 
DeviceID     : C:
DriveType    : 3
ProviderName :
FreeSpace    : 52686172160
Size         : 64055406592
VolumeName   :
 
DeviceID     : D:
DriveType    : 5
ProviderName :
FreeSpace    : 0
Size         : 4477562880
VolumeName   : IR2_SSS_X64FREV_EN-US_DV5

Get-WmiObject win32_process : Displays all the processes running on local machine.

PS C:\> Get-WmiObject win32_process | select Name
 
Name
----
System Idle Process
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
dwm.exe
vmacthlp.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
spoolsv.exe
Microsoft.ActiveDirectory.WebServices.exe
dfsrs.exe
dns.exe
ismserv.exe
VGAuthService.exe
vmtoolsd.exe
dfssvc.exe
WmiPrvSE.exe
svchost.exe
vds.exe
dllhost.exe
msdtc.exe
taskhostex.exe
explorer.exe
vmtoolsd.exe
powershell.exe
conhost.exe
powershell.exe
conhost.exe
WmiPrvSE.exe
WmiApSrv.exe

Get-WmiObject win32_service : Displays all the services available on local machine. (You can also use Get-Service also).

So it is up to you what to use and how to use. Try to remember as many keywords as possible. There are many accounts I worked where there was no internet access.  ..