Enterprise Systems Management with WMI

Jeffery Hicks MCSE, MCT Principal Architect JDH Information Technology Solutions jhicks@jdhitsolutions.com

What is WMI?
n n n

Windows Management Instrumentation Based on Industry Standards Enterprise Management of hardware and software elements

JDH Information Technology Solutions

A Brief History of WMI

JDH Information Technology Solutions

WMI Overview
n n n

Winmgmt.exe CIM Repository WMI

Client information Service Status Hardware details Query Language

JDH Information Technology Solutions

WMI Architecture
n n n n

Applications CIM WMI Providers Managed Objects

JDH Information Technology Solutions

WMI SDK
n n n n n

Documentation Sample scripts and applications Object Browser Event Registration/Event Viewer CIM Studio

JDH Information Technology Solutions

WMI CIM Studio

JDH Information Technology Solutions

Scripting WMI
WMI Paths SWebmLocator Monikers Properties & Methods

JDH Information Technology Solutions

WMI Paths
n n n n

Root\Default Root\Security Root\CIMv2 Others

JDH Information Technology Solutions

Security
n n n n

Impersonation Current or Alternate Credentials Authentication level Privileges

JDH Information Technology Solutions

Impersonation levels
Name wbemImpersonationLevelAnonymous wbemImpersonationLevelIdentify wbemImpersonationLevelImpersonate Value 1 2 3 Moniker name Anonymous Identify Impersonate Meaning Hides the credentials of the caller. Calls to WMI may fail with this impersonation level. Allows objects to query the credentials of the caller. Calls to WMI may fail with this impersonation level. Allows objects to use the credentials of the caller. This is the recommended impersonation level for WMI Scripting API calls. Allows objects to permit other objects to use the credentials of the caller. This impersonation, which will work with WMI Scripting API calls but may constitute an unnecessary security risk, is supported only under Windows 2000.

wbemImpersonationLevelDelegate

Delegate

Set objInst = GetObject("WinMgmts:{impersonationLevel=impersonate, & _ "!root/cimv2:Win32_service='ALERTER'")

JDH Information Technology Solutions

Authentication levels
Name wbemAuthenticationLevelDefault wbemAuthenticationLevelNone WbemAuthenticationLevelConnect WbemAuthenticationLevelCall WbemAuthenticationLevelPkt WbemAuthenticationLevelPktIntegrity WbemAuthenticationLevelPktPrivacy Value 0 1 2 3 4 5 6 Moniker name Default None Connect Call Pkt PktIntegrity PktPrivacy Meaning WMI uses the default Windows Authentication setting. Uses no authentication. Authenticates the credentials of the client only when the client establishes a relationship with the server. Authenticates only at the beginning of each call when the server receives the request. Authenticates that all data received is from the expected client. Authenticates and verifies that none of the data transferred between client and server has been modified. Authenticates all previous impersonation levels and encrypts the argument value of each remote procedure call.

Set objInst = GetObject("WinMgmts:{"authenticationLevel=pktPrivacy}"& _ "!root/cimv2:Win32_service='ALERTER'")

JDH Information Technology Solutions

Classes and Instances

n

Classes are abstract templates for managed objects Instances are real-world representations of a class.

JDH Information Technology Solutions

SWbemLocator
Methods ConnectServer Properties Security

Dim oLoc,oSwbemSvc Set oLoc=CreateObject(WbemScripting.SwbemLocator) Set oSwbemSvc=oLoc.ConnectServer oSwbemSvc.Security_.impersonationLevel=3

JDH Information Technology Solutions

ConnectServer
oLoc=CreateObject(WbemScripting.SWbemLocator) owbemServices = oLoc.ConnectServer( strServer,strNameSpace,strUser,strPassword, strLocale,strAuthority)

Example Connect to server SRV01 with different credentials objwbemServices = objwbemLocator.ConnectServer( \\SRV01,Root\cimv2,AdminXP,Secret61Pass)

JDH Information Technology Solutions

SWbemServices
Dim oLoc,oSwbemSvc Set oLoc=CreateObject(WbemScripting.SwbemLocator) Set oSwbemSvc=oLoc.ConnectServer oSwbemSvc.Security_.impersonationLevel=3

SWbemServices Methods AssociatorsOf DeleteAsync ExecNotificationQuery ExecQueryAsync InstancesOf ReferencesToAsync AssociatorsOfAsync ExecMethod ExecNotificationQueryAsync Get InstancesOfAsync SubclassesOf
JDH Information Technology Solutions

Delete ExecMethodAsync ExecQuery GetAsync ReferencesTo SubclassesOfAsync

Monikers
With SWbemServices Dim oLoc,oSwbemSvc Set oLoc=CreateObject(WbemScripting.SwbemLocator) Set oSwbemSvc=oLoc.ConnectServer(MyServer) oSwbemSvc.Security_.impersonationLevel=3 Set oRef=oSwbemSvc.InstancesOf(Win32_LogicalDisk) With Moniker Dim oWMI Set oWMI=GetObject(winmgmts:{impersonationlevel= _ impersonate}!Myserver//root//cimv2:Win32_LogicalDisk _ =C:)

JDH Information Technology Solutions

InstancesOf
Dim oWMI Set oWMI=GetObject("Winmgmts:").InstancesOf _ ("Win32_Process") for each item in oWMI wscript.echo item.Name & vbtab & item.Handle Next Set oWMI=Nothing

JDH Information Technology Solutions

WQL
n n n n n

Subset of ANSI SQL Retrieval Only Data Queries Event Queries Schema Queries

JDH Information Technology Solutions

WQL Examples
Dim objWMI,objSet strQuery="Select Name,Handle,WorkingSetSize, & _ ThreadCount,Priority FROM Win32_Process" Set objWMI=GetObject("winmgmts://") Set objSet=objWMI.ExecQuery(strQuery) For each x in objSet wscript.echo x.name & , & x.handle & , & _ x.Priority & , & x.WorkingSetSize & , & _ x.ThreadCount next

JDH Information Technology Solutions

WMIC
n n n

Command Line WMI Available on XP Query only

JDH Information Technology Solutions

WBEMDUMP
n n n

Part of WMI SDK C:\Program Files\WMI\Utilities Syntax: wbemdump [switches] [Namespace [Class|ObjectPath] ] wbemdump /Q [switches] Namespace QueryLanguage Query

JDH Information Technology Solutions

WBEMDUMP
WBEMDUMP /S /E root\default WBEMDUMP /S /E /M /M2 root\default WBEMDUMP root\default foo WBEMDUMP root\default foo.name=\"bar\" WBEMDUMP /S2 /M root Dumps everything in root\default Dump all class & instance mofs Dumps all instances of the foo class Dumps one instance of the foo class Dumps mofs for all nonsystem classes in all NS's

WBEMDUMP /Q root\default WQL "SELECT * FROM Environment WHERE Name=\"Path\""

JDH Information Technology Solutions

System Information
n n n n

Processor Operating System Hardware devices BIOS

JDH Information Technology Solutions

System Configuration
n n n n n

Installed Software Date and Time Free drive space Display Information Services

n n n n n

Network Processes Registry settings Event log settings Operating System

JDH Information Technology Solutions

System Reboot
' Copyright (c) 1997-1999 Microsoft Corporation ' WMI Sample Script - System reboot (VBScript) ' Invokes the Reboot method of the Win32_OperatingSystem class ' NOTE: You must have the Shutdown privilege to successfully invoke the Shutdown method Set OpSysSet = GetObject("winmgmts:{(Shutdown)}//./root/cimv2").ExecQuery _ ("select * from Win32_OperatingSystem where Primary=true") for each OpSys in OpSysSet OpSys.Reboot() next

JDH Information Technology Solutions

Remote Shutdown
Copyright (c) 1997-1999 Microsoft Corporation WMI Sample Script - REMOTE system shutdown (VBScript) Invokes the Shutdown method of the Win32_OperatingSystem class. Fill in REMOTE_SYSTEM_NAME with the name of the ' remote system to shutdown. NOTE: You must have the RemoteShutdown privilege to successfully invoke the Shutdown method Set OpSysSet = GetObject("winmgmts:{(Debug,RemoteShutdown)}//REMOTE_SYSTEM_ NAME/root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true") for each OpSys in OpSysSet OpSys.Shutdown() next
JDH Information Technology Solutions

Enable DHCP
Copyright (c) 1997-1999 Microsoft Corporation WMI Sample Script - Enable DHCP on adapter (VBScript) This script demonstrates how to enable DHCP use on instance of Win32_NetworkAdapterConfiguration. In this case we specify the adapter with an Index of 0. The correct index should be selected from Win32_NetworkAdapter instances for other interfaces. Supported on NT platforms only Set Adapter = GetObject("winmgmts:Win32_NetworkAdapterConfiguration=0") RetVal = Adapter.EnableDHCP() if RetVal = 0 then WScript.Echo "DHCP Enabled" else WScript.Echo "DHCP enable failed" end if
JDH Information Technology Solutions

Event Notification
n

n n n n

Occurrences of Interest in the managed world Changes to the CIM Repository Event Providers Event Consumers Temporary vs Permanent Subscriptions
JDH Information Technology Solutions

Synchronous Notification
n n

Script halts until query is complete ExecNotificationQuery method to execute Next method to block

JDH Information Technology Solutions

Asynchronous Notification
n n n n

Script Execution continues Able to register for multiple events ExecNotificationQueryAsync Requires IWebmSinkObject

JDH Information Technology Solutions

Sinks
n

Delivery Destination for results of an asynchronous operation or event notification

Async Query CIM

Query Results Script SINK_

JDH Information Technology Solutions

Event Providers and Polling

n

Event Providers

Win32_NTLogEvent SNMP Registry Select * from _InstanceCreationEvent WITHIN 30 where TargetInstance ISA Win32_Process
JDH Information Technology Solutions

Polling interval

Monitoring Applications
n n n n n n

Specific NT Event Log CPU Usage Disk Space Usage Services stopping and starting Processes starting and stopping Dont forget to CANCEL
JDH Information Technology Solutions

Other Applications
n n

VB Applets C++ Programs

JDH Information Technology Solutions

Other Applications

Web Based Tools

JDH Information Technology Solutions

Additional Resources
n

Online

http://www.cramsession.com http://communities.msn.com/WindowsScript http://www.desktopengineer.com http://cwashington.netreach.net http://www.winscriptingsolutions.com http://www.dmtf.org

JDH Information Technology Solutions

Additional Resources
n

Microsoft Courses

Course 2433 - Microsoft Visual Basic Scripting Edition and Microsoft Windows Script Host Essentials Course 2439 - Scripting Using Microsoft Windows Management Instrumentation

JDH Information Technology Solutions

Additional Resources
n

Books

WMI Essentials for Automating Windows Management Marcin Policht Windows Management Instrumentation Matthew Lavey & Ashley Meggitt Scripting Windows 2000 - Jeffrey Honeyman Managing Enterprise Systems with Windows Script Host Stein Borge

JDH Information Technology Solutions

Questions & Answers

Where do you want to go tomorrow?

JDH Information Technology Solutions

Enterprise Systems Mgmt Thank you

jhicks@jdhitsolutions.com

JDH Information Technology Solutions