Shulou(Shulou.com)05/31 Report--

This article will explain the example analysis of PowerShell WMI for you in detail. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

What is CIM/WMI?

CIM: common Information Model (CIM) is a DMTF standard [DSP0004] that describes the structure and behavior of managed resources, such as storage, network, or software components.

WMI:Windows Management Instrumentation (WMI) is a CIM server that implements the CIM standard on Windows.

What is WS-Man/WinRM?

WS-Man:WS-Management (WS-Man) protocol is a firewall-friendly protocol based on SOAP, which is used to manage the communication between clients and CIM servers.

WinRM:Windows remote Management (WinRM) is a Microsoft implementation of the WS-Man protocol on Windows.

What is WQL?

The administrative client uses WMI query language (WQL) to query data in WMI.

WQL is very similar to the CIM query language (CQL) defined by DMTF, but not exactly the same.

What is the new CIM Cmdlet?

PowerShell 2.0 is provided with WMI and WsMan cmdlet.

Why is there another set of cmdlet in 3. 0?

WMI cmdlet, such as Get-WmiObject, can be run on DCOM and applies only to WMI/Windows.

WsMan cmdlet, such as Get-WsManInstance, work through the WS-Man protocol, but they are not friendly to system administrators.

The new Cim cmdlet offers the best of both worlds

Rich PowerShell experience, no need for XML

Through WsMan (remote default) and DCOM (local default)

Use non-Windows devices that implement the WSMan protocol

Simplify the discovery of class namespaces in WMI

The old WMI and WsMan Cmdlet are still supported in Win8. It is easy to change the script to the new standards-based CIM cmdlet.

Get the list of CIM cmdlet

Get-Command-Module CimCmdlets

What is a connection?

An association represents the relationship between two or more instances of a managed resource, such as disks and volumes or directories and files.

Given an instance of a class, the CIM server returns all instances associated with the given instance.

You can also filter the results by specifying the name of the target class or associated relationship.

What are various CIM operations?

The CIM class should implement methods (called external methods) that are clearly defined in its specification and a set of standard predefined methods.

Predefined methods are called intrinsic, and they are

Enumerate instances of a class

Enumerate associated instances

Get the instance by executing the query on the server

Get a specific instance of a class

Create a new class instance

Modify an instance of a class

Delete an instance of a class

Call an external method on a class or instance

Enumerate classes in the namespace

Get class schema

Subscription indication

Unsubscribe instruction

You will notice that CIM cmdlet is modeled based on CIM operations.

What is the CIM instruction?

The CIM indication is a representation of events in the managed system.

The CIM client can subscribe to receive instructions by providing an indication type and a filter expression that selects the events to be delivered to the client.

What is CimSession?

CimSession represents the connection to the CIM server.

CimSession does not have a physical permanent connection to the server, so CimSession is a very lightweight client connection object.

CimSession can be used to manage any server that supports the WsMan protocol.

Create a CIM-based cmdlet

Developers and senior IT professionals can use CDXML to wrap existing CIM classes to provide a more friendly abstraction of PS tasks.

For more information, see (original link to invalidate).

Developers can use native code to create cmdlet by implementing the CIM class and writing CDXML.

More information

WMI blog: http://blogs.msdn.com/b/wmi/

PowerShell blog: http://blogs.msdn.com/b/powershell/

Script Center: http://technet.microsoft.com/enus/scriptcenter/bb410849

Script expert: http://blogs.technet.com/b/heyscriptingguy/

Finding namespaces and classes in WMI the new CIM Cmdlet released in PowerShell 3.0 makes it easier to discover WMI namespaces and classes.

Use Tab for the CIM Cmdlet parameter (Tab + Space in ISE displays the drop-down menu)

Find the top-level namespace

Get-CimInstance-Namespace

Use Tab to complete class name completion if no namespace is specified, classes in the default root/cimv2 namespace are displayed

Get-CimInstance-ClassName * Bios

Get-CimInstance-Namespace root/Microsoft/Windows/smb-ClassName

Note: using Tab completion applies only to local machines.

Use Get-CimClass for an advanced class search to list all classes in the root/cimv2 namespace

Get-CimClass

List the classes that contain Stop* methods

Get-CimClass-MethodName Stop*

Lists classes with a property named Handle

Get-CimClass-PropertyName Handle

Find classes with Association qualifiers that end with * Partition

Get-CimClass-ClassName * Partition-QualifierName Association

Get-CimClass-Namespace root/Microsoft/Windows/smb-class * Smb*-QualifierName Indication

Note: Get-CimClass is only applicable to computers that support Schema retrieval operations to obtain data from WMI to find instances of the Win32_Service class.

Get-CimInstance-ClassName Win32_Service

Get-CimInstance output via Microsoft.Management.Infrastructure.CimInstance#

Get data through WQL query

Get-CimInstance-Query "Select * from Win32_Service Where Name like 'app%'"

Get only a subset of attributes-typically used to reduce network / memory footprint

Get-CimInstance-ClassName Win32_Service-KeyOnly

Get-CimInstance-ClassName Win32_Service-Property Name,Status

The variable $A Cim instance holds a snapshot of the state of the server object on the client

$a = Get-CimInstance-ClassName Win32_Process

Note: the objects passed as input objects will not be changed.

Get-CimInstance-InputObject $a [0]

If you have scripts that use WMI cmdlet, you can easily migrate them to a new CIM CmdletPeeping into CimInstanceCimInstance class with the following properties. CimInstanceProperties-the list of properties for this class. CimClass-CIM provides the schema for this class .CimClass.CimClassMethods-methods supported by this class .CimSystemProperties-Note: for Cim Schema to be accurate, CIM Server must support class schema retrieval operations. CimInstance is portable-supports complete serialization and deserialization of Get-CimInstance Win32_Service-Filter 'Name Like "app%" | export-clixml t1.xml$x = import-clixml.\ t1.xml$x [0] .pstypenamesdiff ($x) (Get-CimInstance win32_service-Filter' Name Like "app%") Working with Associations uses filter condition DriveType==3 (hard drive) to get instances of Win32_LogicalDisk class

$disk1, $diskn = Get-CimInstance-class Win32_LogicalDisk-Filter 'DriveType = 3'

Get the associated instance disk1

Get-CimAssociatedInstance-CimInstance $disk1

Given an instance of Win32_LogicalDisk, give a specific type of associated instance

Get-CimAssociatedInstance-CimInstance $disk1-ResultClassName Win32_DiskPartition

Find the services on which the WinRM service depends

$service = Get-CimInstance Win32_Service-Filter 'Name Like "winrm%"'

Get-CimAssociatedInstance-InputObject $service-Association Win32_DependentService

Call the CIM method to see which methods are in a class

C = Get-CimClass Win32_Process

You can also use the .CimClass property of CimInstance

$c.CimClassMethods

Call a method in an instance

A = Get-CimInstance Win32_Process-Filter "Name Like 'PowerShell%'"

$a binds to the InputObject parameter

$a | Invoke-CimMethod-MethodName GetOwner

Calling class static methods-icim is an alias for Invoke-CimMethod

Icim-ClassName Win32_Process-MethodName Create-Arguments @ {CommandLine= "calc.exe"}

Create an instance by performing the CIM operation-CIM internally supports creating, modifying, and deleting instance methods

New-CimInstance-Class Win32_Environment-Property @ {Name= "testvar"; VariableValue= "testvalue"; UserName= "fareast\ osajid"}

Modify an instance

A = Get-CimInstance-Class Win32_Environment-Filter "Name='testvar'" #; VariableValue= "testvalue"; UserName= "fareast\ osajid"}

Set-CimInstance-InputObject $a-Property @ {VariableValue= "ChangedValue"}-PassThru

The same result can be achieved by setting the VariableValue property of $a to update the object on the server, call Set-CimInstance

$a.VariableValue = "ChangedValue"

Set-CimInstance-InputObject $a-PassThru

Delete an instance

Remove-CimInstance-InputObject $a

Event-CIM Indications

$filter = "SELECT * FROM CIM_InstModification WHERE TargetInstance ISA 'Win32_LocalTime'"

Subscribe to events using a filter

Register-CimIndicationEvent-Query $filter-SourceIdentifier "Timer"

Use the PowerShell event mechanism to get events

Get-Event-SourceIdentifier Timer

Unregister-Event-SourceIdentifier "Timer"

Subscribe to the event

$Action = {$process = $Event.SourceEventArgs.NewEvent;write-host New process Name = $process.ProcessName Id = $process.ProcessId}

Register-CimIndicationEvent-ClassName Win32_ProcessStartTrace-Action $Action-SourceIdentifier "ProcessWatch"

Unregister-Event-SourceIdentifier "ProcessWatch"

Working with remote serversCIM Cmdlet has-ComputerName and-CimSession parameters for managing remote servers

Get-CimInstance Win32_Service-ComputerName Server1

By default, the WsMan protocol (including localhost or 127.0.0.1) is used when passing ComputerName

If you perform multiple operations on the same server, it is recommended that you create a CimSession

$s = New-CimSession-CN server1

Gcim Win32_Service-CimSession $s

There are two ways to manage low-level Windows servers to manage low-level Windows servers to install Windows Management Framework 3.0 (recommended) or to use the DCOM protocol

$so = New-CimSessionOption-Protocol DCOM$s = New-CimSession-CN server1-SessionOption $soGet-CimInstance Win32_Service-CimSession $s

The PSComputerName property of CimInstance displays the source computer name

Gcim Win32_Process-CN server1,server2 | Select Name, PsComputerName

If you pass CN (ComputerName) or CimSession to get the CimInstance, you don't have to specify it again for subsequent operations.

Gcim Win32_Process-CN server1,server2 | icim-MethodName GetOwner

This is the end of this article on "sample Analysis of PowerShell WMI". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.