WMI – getting started

Posted on July 6, 2004 by Dominick Baier

Recently i did some fair amount of WMI investigations for a client. Surely – i used WMI before, e.g. to quickly set up some admin scripts or to realize my great ifconfig tool :)

But this time i wanted to learn it from the ground up, and i must say that this stuff is very, very powerful.

WMI is a technology to manage nearly every aspect of your Windows landscape. The CIM repository (that’s where the schema of the manageable objects is stored) includes over 10,000 classes out of the box – and you can extend the repository with so called providers. Some providers are included but have to be installed manually. e.g. the SNMP provider which gives you a way to access the SNMP protocol (and thus everything that’s exposed by SNMP) through WMI. Other popular add-on providers are SQL Server (everything that Enterprise Manager can do) and Exchange (complete monitoring in E2K and monitoring and configuration in E2K3)

Standard providers include:

  • The WIN32 Provider
  • Performance Counter Provider
  • Directory Services Provider
  • Event Log Provider
  • Windows Installer Provider
  • Terminal Services Provider

A provider consists of a piece of code that actually retrieves or sets the information and a schema that describes the exposed information (properties) and what actions can be performed on that class (methods). That schema is described in a MOF (Management Object Format compare to SNMP MIB) file. These files have IDL format (yes – Interface Definition Language…remember COM?) and get compiled and added to the repository with a tool called mofcomp.exe (you can find all the stuff in windowssystem32wbem).

WMI is more than hacking up some scripts – you have to understand the basic structure of the CIM and how classes relate to each other – after that you just have to find the right classses for the your job and figure out how to set the properties and properly call the methods.

Some terminology:

Class
Schema of a exposed object – contains definitions for properties and methods. Classes support the notion of an identity. Every class includes at least one ‘key property’ which will make the various instances of the class unique (think database primary key). You can use this key property to directly access instances through monikers (more on that later)

Qualifiers, Methods_, Properties_
Think of them as the metadata for WMI. The Methods_ and Properties_ property expose the property and methods definitions so you can reflect against them. Qualifiers describe the datatypes and their allowed ranges, e.g. if a property is readonly or read/write, in, out, in/out parameters a.s.o. Have a look at the Scriptomatic Tool which uses this metadata to build scripts.

Instance (or Object)
Instances are a concrete manifestations of a class that represents a specific Management Object, e.g. i have 15 instances of the class win32_NetworkAdapter on my local machine. Every instance has a unique key property called Index.
You normally access WMI to get some instances of a class (e.g. via WQL query) and interrogate or manipulate this class with its properties and methods, e.g. after choosing a particular instance of my network adapter, i can set a IP address a.s.o.

Associator
Think of a associator as something like a primary/foreign key relationship between WMI classes which you can traverse, e.g. after enumerating the network adapters you want to display every protocol binding and the configuration details for each adapter – theres a association called win32_ProtocolBinding which points from the win32_NetworkAdapter to the win32_NetworkProtocol and win32_SystemDriver classes. You can traverse these association to retrieve the corresponding information from these objects.

OK – enough for now – i have some topics on WMI lined up for this blog, they will include some clarifications on how to connect to WMI repositories (and those security details), some samples scripts and more info on WMIC (a WMI command line tool – and yes – i will present another way of changing the IP address from the command line, too :)

btw – i am currently rewriting ifconfig to include my new WMI knowledge – so i will explain some of the concepts of accessing WMI from managed code in the future – so stay tuned.

Some links to get you started:

 

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a comment