Shulou(Shulou.com)06/03 Report--

What is WMI?

WMI can collect a large amount of system information from a computer. But sometimes the information is not easy to understand, and the documents are not friendly enough. WMI is an external technology, and PowerShell only interacts with its interface.

At the top level, WMI is organized into namespaces. Think of a namespace as a folder associated with a particular product or technology. For example, "root\ CIMv2", which contains all the Windows operating system and computer hardware information. The "root\ MicrosoftDNS" namespace contains all the information about the DNS server (assuming you have installed the role on your computer).

In the namespace, WMI is divided into a series of classes, each of which is a snap-in that can be used for WMI queries. For example, the "Antivirus-Product" class in "root\ SecurityCenter" is designed to store antispyware information, and the "Win32_LogicalDisk" class in "root\ CIMv2" is designed to hold information about logical disks. But even if a class exists on a computer, it doesn't mean that the computer actually has the corresponding component installed. For example, regardless of whether the tape driver is installed or not, the "Win32_TapeDrive" class exists on all versions of Windows. Not all computers contain the same WMI namespace or class.

The Future of WMI

For most of the life cycle of WMI, Microsoft has not put too much effort into its internal control (which has improved recently). Microsoft has developed a series of programming standards for WMI, but the product group is more or less focused on how to implement classes and whether to document them. The result is that WMI becomes chaotic.

So-called "WMI Cmdlets", such as "Get-WmiObject" and "Invoke-WmiMethod"-these are legacy commands, meaning they still work, but Microsoft will not invest in their subsequent development. They interact with remote procedure calls (RPC), that is, they can only pass through the firewall if the firewall supports state review (which is actually very difficult).

New versions of "CIM Cmdlets", such as "Get-CimInstance" and "Invoke-CimMethod"-- they are more or less equivalent to the old version of "WMI Cmdlets", but they interact through WS-MAN (implemented by the Windows remote management service) to replace the original RPCs.

In Windows Server 2012 R2 and later, the old version of WMI is disabled by default, so use CIM whenever possible. In addition, CIM cmdlet can use the old RPC (or DCOM) protocol to communicate, so when communicating with old machines, you can only use CIM cmdlet.

When performing WMI filtering, the filtering syntax is passed to WMI, not handled by PowerShell, so you must use the syntax specified by WMI instead of the built-in PowerShell operator.

Get-WmiObject win32_process-filter {name='notepad.exe'} | Invoke-WmiMethod-Name Terminate

The (weak) advantage of WMI

Although the RPC network traffic required by WMI is difficult to penetrate the firewall, WMI can be applied to the largest number of computers (currently); CIM only requires newer and simpler WS-MAN traffic, but WS-MAN is not installed by default in older versions of Windows.

WMI serial and parallel execution

The Get-WMIObject command is connected to one or more remote computers, but it is inefficient to implement it in a serial manner.

Note: gwmi is the abbreviation of Get-WMIObject

Gwmi-class win32_bios-computer server-r2,localhost | format-table @ {label='ComputerName';expression= {$_. _ _ SERVER}}, @ {label='BIOSSerial';expression= {$_ .SerialNumber}}, @ {label='OSBuild';expression= {gwmi-class\ win32_operatingsystem-computer $_. _ _ SERVER | select-object-expand BuildNumber}}-autosize

Any command specified in the-ScriptBlock parameter (or an alias for that parameter,-Command) is sent to each specified computer in parallel. You can access up to 32 computers at the same time (unless you change the-ThrottleLimit parameter to allow access to more or fewer computers at the same time), so when you specify more than 32 computer names, only the first 32 computers will start executing the command. When the first 32 computers are coming to an end, the remaining computers can begin to execute these commands. In addition, when execution is finished on all computers, the parent job of the upper layer returns a complete state.

Note: Get-CimInstance is a new way to write Get-WMIObject.

Invoke-command-ScriptBlock {Get-CimInstance-ClassName win32_process}-ComputerName WIN8-Credential DOMAIN\ Administrator

Note: some of the contents of this article refer to the third edition of powershell practical Guide.

Please refer to for more information

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.