Embed Size (px)
Citation preview
WMI ScriptingWMI Scripting
What Is WMI?What Is WMI?
• WMI is the core management-enabling technology built into Windows 2000, Windows XP, and the Windows Server 2003 family of operating systems.
• Based on industry standards overseen by the Distributed Management Task Force (DMTF)
• Almost all—Windows resources can be accessed, configured, managed, and monitored
• WMI is the core management-enabling technology built into Windows 2000, Windows XP, and the Windows Server 2003 family of operating systems.
• Based on industry standards overseen by the Distributed Management Task Force (DMTF)
• Almost all—Windows resources can be accessed, configured, managed, and monitored
Windows 2003/XP/2000 systems management
Windows 2003/XP/2000 systems management
• retrieve performance data• Manage:
– event logs – file systems – printers – processes – registry settings – scheduler, security – services – Shares– ….
• retrieve performance data• Manage:
– event logs – file systems – printers – processes – registry settings – scheduler, security – services – Shares– ….
Network management Network management
• You can create WMI-based scripts to manage network services such as: – DNS – DHCP – SNMP-enabled devices.
• You can create WMI-based scripts to manage network services such as: – DNS – DHCP – SNMP-enabled devices.
Real-time health monitoringReal-time health monitoring
• Using WMI event subscriptions, you can write scripts to: – monitor and respond to event log entries as
they occur, – file system and registry modifications– other real-time operating system changes.
• Using WMI event subscriptions, you can write scripts to: – monitor and respond to event log entries as
they occur, – file system and registry modifications– other real-time operating system changes.
Windows .NET Enterprise Server management
Windows .NET Enterprise Server management
• You can write scripts to manage – Microsoft® Application Center– Operations Manager – Systems Management Server – Internet Information Server – Exchange Server – SQL Server
• You can write scripts to manage – Microsoft® Application Center– Operations Manager – Systems Management Server – Internet Information Server – Exchange Server – SQL Server
Example 1Example 1
Set refWMI = GetObject("winMgmts:")Set colDrives = refWMI.ExecQuery( _ "SELECT * FROM Win32_LogicalDisk")
For Each refDrive In colDrives WScript.Echo _ "Device '" & refDrive.DeviceID & "' has " _ & refDrive.FreeSpace & " bytes free"Next
Set refWMI = GetObject("winMgmts:")Set colDrives = refWMI.ExecQuery( _ "SELECT * FROM Win32_LogicalDisk")
For Each refDrive In colDrives WScript.Echo _ "Device '" & refDrive.DeviceID & "' has " _ & refDrive.FreeSpace & " bytes free"Next
Example 2Example 2
Set refWMI = GetObject("winMgmts:")Set colDrives = refWMI.ExecQuery( _ "SELECT * FROM Win32_LogicalDisk WHERE
DriveType='3'")
For Each refDrive In colDrives WScript.Echo _ "Device '" & refDrive.DeviceID & "' has " _ & (Round(refDrive.FreeSpace/1048576)) & "Mb free"Next
Set refWMI = GetObject("winMgmts:")Set colDrives = refWMI.ExecQuery( _ "SELECT * FROM Win32_LogicalDisk WHERE
DriveType='3'")
For Each refDrive In colDrives WScript.Echo _ "Device '" & refDrive.DeviceID & "' has " _ & (Round(refDrive.FreeSpace/1048576)) & "Mb free"Next
Remote computerRemote computer
strComputer = “compname"
Set wbemServices = _
GetObject("winmgmts:\\" & strComputer)
Set wbemObjectSet = wbemServices.InstancesOf( _ "Win32_LogicalMemoryConfiguration")
For Each wbemObject In wbemObjectSet
WScript.Echo "Total Physical Memory (kb): " & _ wbemObject.TotalPhysicalMemory
Next
strComputer = “compname"
Set wbemServices = _
GetObject("winmgmts:\\" & strComputer)
Set wbemObjectSet = wbemServices.InstancesOf( _ "Win32_LogicalMemoryConfiguration")
For Each wbemObject In wbemObjectSet
WScript.Echo "Total Physical Memory (kb): " & _ wbemObject.TotalPhysicalMemory
Next
WMI ArchitectureWMI ArchitectureThe key to WMI’s power is that it enforces separation between Providers who offer a WMI interface and Applications who use that interface. There is only one point of contact between them, namely the CIM Object Manager.
The key to WMI’s power is that it enforces separation between Providers who offer a WMI interface and Applications who use that interface. There is only one point of contact between them, namely the CIM Object Manager.
ProvidersProviders• Typically created by device driver writers, or
developers who want to provide WMI access to their programs.
• Almost invariably written in C++
• Specify WMI classes and their implementations
• Typically created by device driver writers, or developers who want to provide WMI access to their programs.
• Almost invariably written in C++
• Specify WMI classes and their implementations
ApplicationsApplications• Created by developers or sysadmins who
want to access WMI data
• Typically written in C++ or VB or VBScript or JScript
• Specify instructions for accessing WMI class instances (objects), reading their Properties and executing their Methods
• Created by developers or sysadmins who want to access WMI data
• Typically written in C++ or VB or VBScript or JScript
• Specify instructions for accessing WMI class instances (objects), reading their Properties and executing their Methods
The CIM Object ManagerThe CIM Object Manager
• Keeps a record of what WMI classes are available on a system and which providers are responsible for servicing them.
• Retrieves WMI objects or classes on behalf of an application, talking to Providers as necessary.
• Keeps a record of what WMI classes are available on a system and which providers are responsible for servicing them.
• Retrieves WMI objects or classes on behalf of an application, talking to Providers as necessary.
Three ways to retrieve an object:
Three ways to retrieve an object:
• Ask for it specifically by name
• Ask what objects of a certain type are “in stock”
• Browse the Repository
• Ask for it specifically by name
• Ask what objects of a certain type are “in stock”
• Browse the Repository
Retrieve an object by nameRetrieve an object by name
Method One – using SWbemServices.Get():
Set refWMI = GetObject(“winMgmts:”)
Set refDir = refWMI.Get(“Win32_Directory.Name=‘c:\’”)
Method Two – a more compact version:
Set refDir = GetObject(“winMgmts:”).Get( _
“Win32_Directory.Name=‘c:\’”)
Method Three – directly in a Moniker:
Set refDir = GetObject(“winMgmts:Win32_Directory.Name=‘c:\’”)
Method One – using SWbemServices.Get():
Set refWMI = GetObject(“winMgmts:”)
Set refDir = refWMI.Get(“Win32_Directory.Name=‘c:\’”)
Method Two – a more compact version:
Set refDir = GetObject(“winMgmts:”).Get( _
“Win32_Directory.Name=‘c:\’”)
Method Three – directly in a Moniker:
Set refDir = GetObject(“winMgmts:Win32_Directory.Name=‘c:\’”)
Anatomy of a MonikerAnatomy of a MonikerwinMgmt:\\mango\root\cimv2:Win32_LogicalDisk.DeviceID=‘c:’
WMI NamespacesWMI NamespacesThe WMI world is split into namespaces. Namespaces are:
• Hierarchically organised
• Isolated from each other
When connecting to WMI on a machine, the connection is made to a specific namespace.
The WMI world is split into namespaces. Namespaces are:
• Hierarchically organised
• Isolated from each other
When connecting to WMI on a machine, the connection is made to a specific namespace.
Retrieve objects by typeRetrieve objects by type
Method One – a data query:
Set refWMI = GetObject(“winMgmts:”)
Set colDirectories = refWMI.ExecQuery( _
“SELECT * FROM Win32_Directory”)
Method Two – retrieve a class and get its instances:
Set refWMI = GetObject(“winMgmts:”)
Set refDirectoryClass = refWMI.Get(“win32_Directory”)
Set colDirectories = refDirectoryClass.Instances_()
Method Three – a more concise version:
Set colDirectories = _
GetObject(“winMgmts:Win32_Directory”).Instances_()
Method One – a data query:
Set refWMI = GetObject(“winMgmts:”)
Set colDirectories = refWMI.ExecQuery( _
“SELECT * FROM Win32_Directory”)
Method Two – retrieve a class and get its instances:
Set refWMI = GetObject(“winMgmts:”)
Set refDirectoryClass = refWMI.Get(“win32_Directory”)
Set colDirectories = refDirectoryClass.Instances_()
Method Three – a more concise version:
Set colDirectories = _
GetObject(“winMgmts:Win32_Directory”).Instances_()
Browse the repositoryBrowse the repositoryList all classes:
Set refWMI = GetObject(“winMgmts:”)
Set colClasses = refWMI.ExecQuery( _
“SELECT * FROM meta_class”)
For Each refClass In colClasses
WScript.Echo refClass.Path_.Class
Next
Set colClasses = Nothing
Set refWMI = Nothing
List all classes:
Set refWMI = GetObject(“winMgmts:”)
Set colClasses = refWMI.ExecQuery( _
“SELECT * FROM meta_class”)
For Each refClass In colClasses
WScript.Echo refClass.Path_.Class
Next
Set colClasses = Nothing
Set refWMI = Nothing
Listing installed ProductsListing installed ProductsOption ExplicitDim refWMIDim colInstProductsDim refProduct
'connect to WMI and retrieve collection of Win32_ProductsSet refWMI = GetObject("winmgmts:")If Err <> 0 Then
WScript.Echo "Could not connect to WMI"WScript.Quit
End If
Set colInstProducts = refWMI.InstancesOf("Win32_Product")
'Loop through Products adding report entriesFor Each refProduct in colInstProducts
WScript.echo refProduct.Name & " (Version: " & refProduct.Version & ")" & chr(13)
Next
Set ColInstProducts = NothingSet refWMI = Nothing
Option ExplicitDim refWMIDim colInstProductsDim refProduct
'connect to WMI and retrieve collection of Win32_ProductsSet refWMI = GetObject("winmgmts:")If Err <> 0 Then
WScript.Echo "Could not connect to WMI"WScript.Quit
End If
Set colInstProducts = refWMI.InstancesOf("Win32_Product")
'Loop through Products adding report entriesFor Each refProduct in colInstProducts
WScript.echo refProduct.Name & " (Version: " & refProduct.Version & ")" & chr(13)
Next
Set ColInstProducts = NothingSet refWMI = Nothing
WMI Architecture WMI Architecture
• The WMI architecture consists of three primary layers – Managed resources – WMI infrastructure – Consumers
• The WMI architecture consists of three primary layers – Managed resources – WMI infrastructure – Consumers
Managed Resources Managed Resources
• Windows resources that can be managed using WMI include:– computer system – disks – peripheral devices – event logs – files – folders – file systems – networking components, – operating system subsystems, performance counters, printers,
processes, registry settings, security, services, shares, SAM users and groups, Active Directory, Windows Installer, Windows Driver Model (WDM) device drivers ….
• Windows resources that can be managed using WMI include:– computer system – disks – peripheral devices – event logs – files – folders – file systems – networking components, – operating system subsystems, performance counters, printers,
processes, registry settings, security, services, shares, SAM users and groups, Active Directory, Windows Installer, Windows Driver Model (WDM) device drivers ….
WMI Infrastructure WMI Infrastructure
• WMI consists of three primary components: – the Common Information Model Object Manager
(CIMOM) – the Common Information Model (CIM) repository – providers.
• Together, the three WMI components provide the infrastructure through which configuration and management data is defined, exposed, accessed, and retrieved
• WMI consists of three primary components: – the Common Information Model Object Manager
(CIMOM) – the Common Information Model (CIM) repository – providers.
• Together, the three WMI components provide the infrastructure through which configuration and management data is defined, exposed, accessed, and retrieved
WMI Providers WMI Providers
• WMI providers act as an intermediary between WMI and a managed resource
• Providers hide the implementation details on WMI's standards-based, uniform access model
• Providers are generally implemented as dynamic link libraries (DLLs) residing in the %SystemRoot%\system32\wbem directory
• WMI providers act as an intermediary between WMI and a managed resource
• Providers hide the implementation details on WMI's standards-based, uniform access model
• Providers are generally implemented as dynamic link libraries (DLLs) residing in the %SystemRoot%\system32\wbem directory
Active Directory provider Active Directory provider
• File: dsprov.dll
• Namespace: root\directory\ldap
• Maps Active Directory objects to WMI
• File: dsprov.dll
• Namespace: root\directory\ldap
• Maps Active Directory objects to WMI
Event Log provider Event Log provider
• ntevt.dll
• root\cimv2
• Manage Windows event logs, for example, read, backup,clear, copy, delete, monitor, rename, compress, uncompress, and change event logsettings.
• ntevt.dll
• root\cimv2
• Manage Windows event logs, for example, read, backup,clear, copy, delete, monitor, rename, compress, uncompress, and change event logsettings.
Performance Counter provider Performance Counter provider
• wbemperf.dll
• root\cimv2
• Provides access to raw performance data.
• wbemperf.dll
• root\cimv2
• Provides access to raw performance data.
More providersMore providers
• Registry provider
• SNMP provider
• WDM provider
• Win32 provider
• Windows Installer provider
• ……
• Registry provider
• SNMP provider
• WDM provider
• Win32 provider
• Windows Installer provider
• ……
CIMOM CIMOM
• handles the interaction between consumers and providers
• the CIMOM provides the following core services to the WMI infrastructure:– Provider registration – Request routing – Remote access – Security – Query processing – Event processing
• handles the interaction between consumers and providers
• the CIMOM provides the following core services to the WMI infrastructure:– Provider registration – Request routing – Remote access – Security – Query processing – Event processing
CIM Repository CIM Repository
• storing the blueprints for managed resources
• CIM classes are organized hierarchically
• Classes are grouped into namespaces
• CIM classes consist of properties and methods
• storing the blueprints for managed resources
• CIM classes are organized hierarchically
• Classes are grouped into namespaces
• CIM classes consist of properties and methods
WMI Scripting LibraryWMI Scripting Library
• The WMI scripting library provides the set of automation objects through which scripting languages, such as VBScript, Jscript, and ActiveState's ActivePerl access the WMI infrastructure
• The automation objects in the WMI scripting library provide a consistent and uniform scripting model for the WMI infrastructure
• The WMI scripting library provides the set of automation objects through which scripting languages, such as VBScript, Jscript, and ActiveState's ActivePerl access the WMI infrastructure
• The automation objects in the WMI scripting library provide a consistent and uniform scripting model for the WMI infrastructure
WMI ConsumersWMI Consumers
• Consumers are the top layer. A consumer is a script, enterprise management application, Web-based application, or other administrative tool, that accesses and controls management information available through the WMI infrastructure
• Consumers are the top layer. A consumer is a script, enterprise management application, Web-based application, or other administrative tool, that accesses and controls management information available through the WMI infrastructure
Some toolsSome tools
• Wbemtest
• Scriptomatic
• WMI sdk tools
• Wbemtest
• Scriptomatic
• WMI sdk tools
Namespaces Namespaces
• Namespaces are the partitioning mechanism employed by the CIM and control the scope and visibility of managed-resource class definitions.
• Each namespace in the CIM contains a logical group of related classes representing a specific technology or area of management.
• All classes within a namespace must have a unique class name
• Classes in one namespace cannot be derived from classes in another namespace, which is why you'll find identical system, core, and common classes defined in multiple namespaces
• Namespaces are the partitioning mechanism employed by the CIM and control the scope and visibility of managed-resource class definitions.
• Each namespace in the CIM contains a logical group of related classes representing a specific technology or area of management.
• All classes within a namespace must have a unique class name
• Classes in one namespace cannot be derived from classes in another namespace, which is why you'll find identical system, core, and common classes defined in multiple namespaces
Namespace UsageNamespace Usage
• No namespace:strComputer = "."
Set wbemServices = GetObject("winmgmts:\\" & strComputer)
• Default namespace registry key:– HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WBEM\Scripting\Default Namespace
• Change namespace:strComputer = "."
Set wbemServices = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
• No namespace:strComputer = "."
Set wbemServices = GetObject("winmgmts:\\" & strComputer)
• Default namespace registry key:– HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WBEM\Scripting\Default Namespace
• Change namespace:strComputer = "."
Set wbemServices = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Retrieving the default namespace Retrieving the default namespace
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colWMISettings = objWMIService.InstancesOf("Win32_WMISetting")
For Each objWMISetting in colWMISettings Wscript.Echo "Default namespace for scripting: " & _ objWMISetting.ASPScriptDefaultNamespace Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colWMISettings = objWMIService.InstancesOf("Win32_WMISetting")
For Each objWMISetting in colWMISettings Wscript.Echo "Default namespace for scripting: " & _ objWMISetting.ASPScriptDefaultNamespace Next
Setting the default namespace Setting the default namespace
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colWMISettings = objWMIService.InstancesOf("Win32_WMISetting")
For Each objWMISetting in colWMISettings objWMISetting.ASPScriptDefaultNamespace = "root\cimv2" objWMISetting.Put_Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colWMISettings = objWMIService.InstancesOf("Win32_WMISetting")
For Each objWMISetting in colWMISettings objWMISetting.ASPScriptDefaultNamespace = "root\cimv2" objWMISetting.Put_Next
Listing Namespaces Listing Namespaces
strComputer = "."
Set objServices = GetObject("winmgmts:\\" & strComputer & "\root")
Set colNameSpaces = objServices.InstancesOf("__NAMESPACE")
For Each objNameSpace In colNameSpaces WScript.Echo objNameSpace.NameNext
strComputer = "."
Set objServices = GetObject("winmgmts:\\" & strComputer & "\root")
Set colNameSpaces = objServices.InstancesOf("__NAMESPACE")
For Each objNameSpace In colNameSpaces WScript.Echo objNameSpace.NameNext
Retrieving all CIM namespaces Retrieving all CIM namespaces
strComputer = "."
Call EnumNameSpaces("root")
Sub EnumNameSpaces(strNameSpace)
WScript.Echo strNameSpace
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\" & strNameSpace)
Set colNameSpaces = objWMIService.InstancesOf("__NAMESPACE")
For Each objNameSpace In colNameSpaces Call EnumNameSpaces(strNameSpace & "\" & objNameSpace.Name) Next
End Sub
strComputer = "."
Call EnumNameSpaces("root")
Sub EnumNameSpaces(strNameSpace)
WScript.Echo strNameSpace
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\" & strNameSpace)
Set colNameSpaces = objWMIService.InstancesOf("__NAMESPACE")
For Each objNameSpace In colNameSpaces Call EnumNameSpaces(strNameSpace & "\" & objNameSpace.Name) Next
End Sub
