Managing Windows networks using scripts - Part 3: Understanding WMI

  Part 1: Basic concepts

Part 2: Complete the script

Mitch Tulloch

This section will introduce you to the principles of Windows Management Instrumentation (WMI) how it can be scriped using VBScript.

In the first two parts of this series we learned how to change the IP address of a network adapter on a Windows computer using VBScript. We also know about the many basic concepts of Windows scripting such as class (class), object (object), attribute (property), method (method) and different types of variables like string variable (string), array variables, integers, collection variables. At the end of part one, a simple script accomplishes the task of changing addresses, and the second part adds many other important support features such as defining variables, deploying error control, and receiving human information. Use the input, display the output data validation and interpret the script with comments.

Our final script works as expected, but there are still many things that are hard to understand. For example, the following command line:

Set objWMIService = GetObject ("winmgmts:" & strComputer & "rootcimv2")

In the first part we have the comment: 'This command line connects to the namespace rootcimv2 on the local machine by defining an object named objWMIService and placing it equal to the control returned from the GetObject' method.

What does this mean? What is WMI and how does it work? Why is this concept important to write a good script to administer Windows machines?

Understanding WMI

WMI was born from the period of Windows 98 or earlier. Previously it was called another Web-Based Enterprise Management (WBEM), ie Web-based Enterprise Management Tool. WBEM is a collaborative technology developed by Microsoft, Cisco, Intel, Compaq and BMC Software to support the management of server and desktop systems in an enterprise environment. WMI provides a model for presenting, storing, and querying configuration, status information, or other aspects of operations of Windows machines. Developers can use WMI to write scripts or manage source code to view or edit configuration settings on a Windows machine, view the status of Windows applications, services, and perform a lot of organic tasks. Other benefits of an administrator such as deploying, maintaining, debugging Windows networks.

In other words, referring to WMI refers to:

1. Windows operating system: works on Windows environment and for machines running Microsoft Windows.
2. Management: can be used to manage these computers.
3. Instrumentation: provides many tools to view and edit things running inside these computers.

You can liken a Windows computer like a car and WMI like a power source or electrical device that allows a meter to show the speed, engine temperature, RPM . of the car. These watchmaker controls themselves are not WMI. You need to show how to get information from the electrical panel and show it in a readable form. Writing VBScript using WMI is the same as creating intermediate meter tables, contacting the device below the car and displaying object information so you can tell you what to do and control which engine is perform. In other words, Windows integrates all of these built-in tools via WMI. You just need to know how to take them out to do what you want, such as changing your IP address, viewing the time zone, rebooting the remote computer, displaying a list of installed patches .

WMI Namespace

So far, we still don't know about how WMI works? Not really. In fact, to understand WMI requires us to be patient and have some basic knowledge. Let's start by looking at WMI namespaces. In WMI terminology, namespaces are a logical database of classes and their instances. Here is a simple script called ShowNamespaces.vbs, listing all WMI namespaces under the original namespace:

Set objWMIService = GetObject ("winmgmts: .root")
Set colNamespaces = objWMIService.InstancesOf ("__ NAMESPACE")

For Each objNamespace In colNamespaces
WScript.Echo objNamespace.Name
next

And the script running results on a Windows XP machine are:

C: scripts> cscript ShowNamespaces.vbs

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

SECURITY
RSOP
Cli
SecurityCenter
WMI
CIMV2
Policy
Microsoft
DEFAULT
directory
subscription

Each of these namespaces can be a source that allows you to query status-related information or configure some elements of a Windows computer (usually that configuration can also be edited). These namespaces are organized in a hierarchical structure like the directory structure on the hard drive. For example, we can display all namespaces under the namespace original rootCIMV2 by changing the first line in the script as follows:

Set objWMIService = GetObject ("winmgmts: .rootCIMV2")

When the script has been changed, the result is in the form:

C: scripts> cscript ShowNamespaces.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

ms_409
Applications

In fact, rootCIMV2 is the default WMI namespace on Windows machines. This means that if you do not describe a namespace to connect to in the first line of the script, WMI will automatically connect to namespace rootCIMV2 automatically. So if we change the first line to:

Set objWMIService = GetObject ("winmgmts:")

the result is the same as above. Note that we can remove the previous part in winmgmts: .rootCIMV2. Recall from lesson one that the previous part shows the local machine and by default WMI assumes that you want to work with the local machine. But in fact, when writing scripts, people often use variables (and define them). So here we can use a more common script to display namespaces:

Option Explicit
On Error Resume Next
Dim strComputer
Dim strWMINamespace
Dim objWMIService
Dim colNamespaces
Dim objNamespace

strComputer = "."
strWMINamespace = "rootCIMV2"

Set objWMIService = GetObject ("winmgmts:" & strComputer & strWMINamespace)
Set colNamespaces = objWMIService.InstancesOf ("__ NAMESPACE")

For Each objNamespace In colNamespaces
WScript.Echo objNamespace.Name
next

Why do we need to learn all these issues? The main reason is because of flexibility! For example, if we need to run the script on a remote machine, we can change the variable strComputer to the address of the remote machine. Or if you need to display another part of the namespace, we can add a few lines to the script so that it receives user input on the strWMINamespace variable.

WMI provider

Finding the right namespace is the first challenge (although most cases connecting to the default namespace is enough). In addition, you need to find the right provider to query or update the data on the system you are targeting. Below is the script called ShowProviders.vbs, showing all WMI providers for the namespace rootCIMV2:

Option Explicit
On Error Resume Next
Dim strComputer
Dim strWMINamespace
Dim objWMIService
Dim colWin32Providers
Dim objWin32Provider

strComputer = "."
strWMINamespace = "rootCIMV2"

Set objWMIService = GetObject ("winmgmts:" & strComputer & strWMINamespace)
Set colWin32Providers = objWMIService.InstancesOf ("__ Win32Provider")

For Each objWin32Provider In colWin32Providers
WScript.Echo objWin32Provider.Name
next

And the result after running this script on a Windows XP machine is:

C: scripts> cscript ShowProviders.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Win32_WIN32_TSLOGONSETTING_Prov
MS_NT_EVENTLOG_PROVIDER
Win32_WIN32_TSENVIRONMENTSETTING_Prov
SCM Event Provider
ProviderSubSystem
VolumeChangeEvents
NamedJobObjectLimitSettingProv
HiPerfCooker_v1
WMIPingProvider
Microsoft WMI Forwarding Event Provider
Win32_WIN32_TSNETWORKADAPTERSETTING_Prov
SystemConfigurationChangeEvents
Win32_WIN32_TERMINALSERVICE_Prov
Win32_WIN32_TSREMOTECONTROLSETTING_Prov
Win32_WIN32_TSNETWORKADAPTERLISTSETTING_Prov
Win32_WIN32_COMPUTERSYSTEMWINDOWSPRODUCTACTIVATIONSETTING_Prov
Win32_WIN32_TSSESSIONDIRECTORY_Prov
CmdTriggerConsumer
Standard Non-COM Event Provider
SessionProvider
WBEMCORE
RouteEventProvider
WhqlProvider
Win32_WIN32_TSSESSIONSETTING_Prov
Win32_WIN32_TERMINALTERMINALSETTING_Prov
Win32_WIN32_TSCLIENTSETTING_Prov
Win32_WIN32_TERMINALSERVICESETTING_Prov
WMI Kernel Trace Event Provider
Win32_WIN32_PROXY_Prov
NamedJobObjectProv
MS_Shutdown_Event_Provider
SECRCW32
Win32ClockProvider
MS_Power_Management_Event_Provider
Win32_WIN32_WINDOWSPRODUCTACTIVATION_Prov
RouteProvider
Cimwin32A
Msft_ProviderSubSystem
Win32_WIN32_TERMINALSERVICETOSETTING_Prov
NamedJobObjectSecLimitSettingProv
Win32_WIN32_TSSESSIONDIRECTORYSETTING_Prov
Win32_WIN32_TSPERMISSIONSSETTING_Prov
Win32_WIN32_TSACCOUNT_Prov
Win32_WIN32_TERMINAL_Prov
MSIProv
DskQuotaProvider
NetDiagProv
Win32_WIN32_TSGENERALSETTING_Prov
CIMWin32
NamedJobObjectActgInfoProv
NT5_GenericPerfProvider_V1
WMI Self-Instrumentation Event Provider
MS_NT_EVENTLOG_EVENT_PROVIDER

It sounds too much! But using this list of providers, you can easily search on MSDN for more information about a specific provider and look for support methods.

WMI classes

Besides namespace and provider, you also need to understand WMI classes if you want to increase the power of WMI for Windows administration activities on scripts. Class is a sample of the object type you can manage with WMI. For example, the class named Win32_LogicalDisk is a logical disk pattern on Windows machines, and WMI uses this class to create an instance of Win32_LogicalDisk for each installed disk.

Below is a script called ShowClasses.vbs that displays all the classes (possibly manageable objects) of the rootCIMV2 namespace:

Option Explicit
On Error Resume Next
Dim strComputer
Dim strWMINamespace
Dim objWMIService
Dim colClasses
Dim objClass

strComputer = "."
strWMINamespace = "rootCIMV2"

Set objWMIService = GetObject ("winmgmts:" & strComputer & strWMINamespace)
Set colClasses = objWMIService.SubclassesOf ()

For Each objClass In colClasses
WScript.Echo objClass.Path_.Path
next

And some results after running this script on Windows XP machine:

C: scripts> cscript ShowClasses.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

XPROOTCIMV2: __ SystemClass
XPROOTCIMV2: __ thisNAMESPACE
XPROOTCIMV2: __ Provider
XPROOTCIMV2: __ Win32Provider
XPROOTCIMV2: __ IndicationRelated
XPROOTCIMV2: __ EventGenerator
XPROOTCIMV2: __ TimerInstruction
XPROOTCIMV2: __ IntervalTimerInstruction
.
XPROOTCIMV2: MSFT_WMI_GenericNonCOMEvent
XPROOTCIMV2: MSFT_WmiSelfEvent
XPROOTCIMV2: Msft_WmiProvider_OperationEvent
XPROOTCIMV2: Msft_WmiProvider_ComServerLoadOperationEvent
XPROOTCIMV2: Msft_WmiProvider_InitializationOperationFailureEvent
XPROOTCIMV2: Msft_WmiProvider_LoadOperationEvent
XPROOTCIMV2: Msft_WmiProvider_OperationEvent_Pre
XPROOTCIMV2: Msft_WmiProvider_DeleteClassAsyncEvent_Pre
XPROOTCIMV2: Msft_WmiProvider_GetObjectAsyncEvent_Pre
.
XPROOTCIMV2: Win32_ComputerSystemEvent
XPROOTCIMV2: Win32_ComputerShutdownEvent
XPROOTCIMV2: Win32_SystemTrace
XPROOTCIMV2: Win32_ModuleTrace
XPROOTCIMV2: Win32_ModuleLoadTrace
XPROOTCIMV2: Win32_ThreadTrace
XPROOTCIMV2: Win32_ThreadStartTrace
XPROOTCIMV2: Win32_ThreadStopTrace
XPROOTCIMV2: Win32_ProcessTrace
XPROOTCIMV2: Win32_ProcessStartTrace
XPROOTCIMV2: Win32_ProcessStopTrace
.

Once again you find it too much and confusing, but using this list you can find on MSDN information related to a specific WMI class more easily. From there can find out the properties and methods associated with it.

Use WMI

Let's use practical things that are said above theory. One of the above script classes displays as Win32_TimeZone and we will use it to display the configured time zone on the computer. First, we need to find more information about this class on MSDN (type search keyword "Win32_TimeZone class"). From the results page, we can find the properties and methods of this class to support (albeit actually In fact, this particular class has only properties, no methods) and uses the information found to write the script you want.

One test showed that the attribute we need to find is Caption, because this is the most readable form of time zone information stored on the machine. Below is a script called DisplayTimeZone.vbs that we will use to query information from WMI and display it:

Option Explicit
On Error Resume Next
Dim strComputer
Dim strWMINamespace
Dim strWMIQuery
Dim objWMIService
Dim colItems
Dim objItem

strComputer = "."
strWMINamespace = "rootCIMV2"
strWMIQuery = "SELECT * FROM Win32_TimeZone"

Set objWMIService = GetObject ("winmgmts:" & strComputer & strWMINamespace)
Set colItems = objWMIService.ExecQuery (strWMIQuery)

For Each objItem In colItems
WScript.Echo objItem.Caption
next

And here's the script's run:

C: scripts> cscript DisplayTimeZone.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

(GMT-06: 00) Central Time (US & Canada)

See how this script works. First, you can see them based on many of the scripts created above. In other words, we start by connecting WMI, using the following command:

Set objWMIService = GetObject ("winmgmts:" & strComputer & strWMINamespace)

But the next order is new:

Set colItems = objWMIService.ExecQuery (strWMIQuery)

What we do here is execute a query on WMI to gather information from it. The query is defined earlier, using the following command:

strWMIQuery = "SELECT * FROM Win32_TimeZone"

This SELECT type SQL statement will return all (asterisks) what the Win32_TimeZone provider has for us and store the result in a collection named colItems. Then, repeat the operation of each object in the collection (only one object is returned by the query) and display the Caption property of the object, which is the following string:

(GMT-06: 00) Central Time (US & Canada)

Try this exercise

We will learn more about WMI scripting in later articles, but now let's try a small exercise. Copy the contents of the DisplayTimeZone.vbs script above into Notepad (remember to turn off Word Wrap) and save it as the PageFile.vbs file. Now, change a line in the script (actually a small part of the line) so that when the script runs, it will show the system path and pagefile name instead of the time zone. Tip: Find on MSDN for more information about Win32_PageFile class. We will give the answer to this test in the next part of the series.