Working with WMI (Windows Management Instrumentation)
One of the most useful jobs for PowerShell is to create a bank of WMI based scripts. Furthermore, scripting WMI with PowerShell is much easier and more efficient than WMI with VBScript.
What is WMI?
WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), with some enhancements in the initial version of it, WBEM is a industry initiative to develop a standard technology for accessing management information in an enterprise environment that covers not only Windows but also many other types of devices like routers, switches, storage arrays …etc. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. CIM is developed and maintained by the Distributed Management Task Force (DMTF).
To list out all the available WMI Objects available, execute the following command.
Wow, there are many WMI Objects available.
Let us see some examples on what we can do with PowerShell and WMI.
Get-WmiObject win32_computersystem — gives the details of the local computer system
PS C:\> Get-WmiObject win32_computersystem Domain : winadmin.org Manufacturer : VMware, Inc. Model : VMware Virtual Platform Name : DC01 PrimaryOwnerName : Windows User TotalPhysicalMemory : 2146877440
If you want to query a remote system, then use Get-WmiObject win32_computersystem -ComputerName vc01
PS C:\> Get-WmiObject win32_computersystem -ComputerName vc01 Domain : winadmin.org Manufacturer : VMware, Inc. Model : VMware Virtual Platform Name : VC01 PrimaryOwnerName : Windows User TotalPhysicalMemory : 8589328384
If we are not providing any credentials, then PowerShell will use the logged in user’s credentials. If the logged in user does not have access to target computersystem, you will receive an error that access is denied.
we need to use the command as follows:
Get-WmiObject win32_computersystem -ComputerName vc01 -Credential (Get-Credential)
This will prompt for a Username and password.
Let us see some more examples.
PS C:\> Get-WmiObject win32_operatingsystem SystemDirectory : C:\Windows\system32 Organization : BuildNumber : 9600 RegisteredUser : Windows User SerialNumber : 00330-52470-32472-AAOEM Version : 10.0.19041
PS C:\> Get-WmiObject win32_operatingsystem | select Caption, CSDVersion Caption CSDVersion ------- ---------- Microsoft Windows Server 2012 R2 Standard
Here, CSDVersion is Service Pack
PS C:\> Get-WmiObject win32_bios SMBIOSBIOSVersion : 6.00 Manufacturer : Phoenix Technologies LTD Name : PhoenixBIOS 4.0 Release 6.0 SerialNumber : VMware-56 4d 65 8a 54 68 57 32-85 4e 79 44 7c 0c f8 ca Version : INTEL - 6040000
PS C:\> Get-WmiObject win32_logicaldisk DeviceID : C: DriveType : 3 ProviderName : FreeSpace : 52686172160 Size : 64055406592 VolumeName : DeviceID : D: DriveType : 5 ProviderName : FreeSpace : 0 Size : 4477562880 VolumeName : IR2_SSS_X64FREV_EN-US_DV5
Get-WmiObject win32_process : Displays all the processes running on local machine.
PS C:\> Get-WmiObject win32_process | select Name Name ---- System Idle Process System smss.exe csrss.exe wininit.exe csrss.exe winlogon.exe services.exe lsass.exe svchost.exe svchost.exe dwm.exe vmacthlp.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe spoolsv.exe Microsoft.ActiveDirectory.WebServices.exe dfsrs.exe dns.exe ismserv.exe VGAuthService.exe vmtoolsd.exe dfssvc.exe WmiPrvSE.exe svchost.exe vds.exe dllhost.exe msdtc.exe taskhostex.exe explorer.exe vmtoolsd.exe powershell.exe conhost.exe powershell.exe conhost.exe WmiPrvSE.exe WmiApSrv.exe
Get-WmiObject win32_service : Displays all the services available on local machine. (You can also use Get-Service for the same).
So it is up to you what to use and how to use. Try to remember as many keywords as possible. There are many accounts I worked where there was no internet access. ..