PowerShell with WMI Overview

Enterprise 2019-09-18 08:45:32 views: null

What is WMI

WMI can collect a lot of information from the computer system. But sometimes this information is not easy to understand, the other documents are also not friendly. WMI is an external technology, PowerShell only its interface to interact with it.

At the top level, WMI are organized into namespaces (namespaces). Namespace can be thought of as a file related to a particular product or technology clip. For example, "root \ CIMv2", the namespace contains all Windows operating systems and computer hardware information. The "root \ MicrosoftDNS" namespace contains all the information about the DNS server (assuming you have installed on your computer that role) is.

In a namespace, is divided into a set of WMI classes, each unit is used to manage WMI query. For example, in the "root \ SecurityCenter" the "Antivirus-Product" category information is designed to hold anti-spyware software; in "root \ CIMv2" of "Win32_LogicalDisk" classes are designed to hold logical disk information. However, even if there is a class on a computer, the computer does not mean that actually correspond components are installed. For example, regardless of whether the tape drive is installed. "Win32_TapeDrive" category exists on all versions of Windows. Not all computers contain the same WMI namespace or class.

WMI's future

In most WMI life cycle, Microsoft will not put too much focus on its internal control (recently improved). Microsoft WMI has developed a series of programming standards, but more or less the product group to focus on how to achieve and whether the document of its kind. The result is that makes WMI become confused.

The so-called "WMI Cmdlets", such as "Get-WmiObject" and "Invoke-WmiMethod" - these are the legacy command, meaning that they are still able to work, but Microsoft will not follow them into development. They call (RPC) to interact with the remote procedure, that is, only (in fact very difficult) in the state to review firewall support through the firewall.

The new version of "CIM Cmdlets", such as "Get-CimInstance" and "Invoke-CimMethod" - they are more or less equivalent to the old version of "WMI Cmdlets", but they (implemented by the Windows Remote Management Services through WS-MAN ) interaction, replace the original RPCs.

In 2012 R2 as well as an updated version of Windows Server, the older version of WMI is disabled by default, so use CIM as possible. In addition, CIM cmdlet can use the old RPC (or DCOM) protocol, therefore when communicating with old machines, you can also use only CIM cmdlet.

In the implementation of WMI filtering, filtering syntax is passed to the WMI, rather than handled by PowerShell, WMI so you must use the syntax specified to replace the built-in PowerShell operators.

Get-WmiObject win32_process -filter {name='notepad.exe'} |Invoke-WmiMethod -Name Terminate

WMI's (slight) advantage

Although WMI RPC network communication required is difficult to penetrate the firewall, but the largest number of computers WMI can apply (for current); CIM only need to update a simpler WS-MAN communication, but in older versions of Windows by default, and not installed WS-MAN.

Serial and parallel execution WMI

Get-WMIObject command to connect with one or more remote computers, but implemented through a serial manner, the efficiency is relatively low.
Note: gwmi is an abbreviation Get-WMIObject

gwmi -class win32_bios -computer server-r2,localhost | format-table @{label='ComputerName';expression={$_.__SERVER}},
@{label='BIOSSerial';expression={$_.SerialNumber}},
@{label='OSBuild';expression= {gwmi -class \win32_operatingsystem -computer $_.__SERVER | select-object -expand BuildNumber}} -autosize

-ScriptBlock specified in the parameter (or parameter is an alias, -Command) any commands are sent in parallel to each computer specified. You can simultaneously access up to 32 computers (unless you change the -ThrottleLimit parameter allows simultaneous access to more or fewer computers), so when you specify more than 32 computer name, only the first 32 computers will begin to execute the command . When the front end is about 32 computer, the computer can begin the remaining execute these commands. In addition, when the end is executed on all computers, upper parent job will return a complete state.
Note: the Get-CimInstance is Get-WMIObject the new wording

invoke-command -ScriptBlock { Get-CimInstance -ClassName win32_process } -ComputerName WIN8 -Credential DOMAIN\Administrator

Note: This article is part of the reference book "powershell combat Guide Third Edition"

For more information, please refer to
PowerShell with WMI Overview

Guess you like

Origin blog.51cto.com/543925535/2438751
Recommended
Ranking
稀疏数组(狂神)
Windows11 system configuration Pycharm installation tutorial
[From the springboard machine ssh to the intranet target server] Configure vscode to achieve remote connection
Architecture python program
C language test code binary tree search
Questions about University website maintenance
echarts sized digital dashboards
Layui table click event
fantasy function
Windows turns on CPU virtualization + turns off Hyper-V
Daily
More
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)

Code World

© 2018 codetd.com