About WMI

 

About WMI

 

Windows Management Instrumentation (WMI) is a technology built into Windows that allows for improved manageability of computers in a networked environment.  WMI is Microsoft's implementation of the industry-standard Web Based Enterprise Management (WBEM) protocol.  WMI has both scriptable and programmable interfaces.  Microsoft has published numerous WMI VBScript-based scripts and tools on its web site that show just a fraction of the power and flexibility of WMI (See Helpful WMI Links). But Microsoft's WMI scripting and utilities have drawbacks: scripting solutions require knowledge of the WMI class and property names as well as the scripting language itself.  The WMI tools can be difficult to use and are more suitable for debugging and general exploration of WMI.

 

Hyena leverages WMI by allowing WMI "queries" to be run on one or more computers directly from its GUI interface.   Hyena also allows for WMI operations to be performed on the resulting output, providing for an easy mechanism for updating information for multiple computers at the same time.

 

WMI is such a big area in Windows that entire books have been written about WMI (check out your local bookstore or Amazon.com for WMI books).  Much of the information in these books, however, concentrate on some details whose understanding are not really necessary to get started with WMI.  In fact, some of these details can be so distracting that you may be scared of even using WMI. 

 

In the sections that follow, we attempt to both simplify the use of WMI and explain where it fits into the picture for the typical Windows system administrator.

 

WMI Terms

 

Before a meaningful introduction on WMI, there are several terms that need to be understood that are critical to understanding WMI:

 

Namespace - WMI is divided into a directory-style hierarchy, much like a standard disk directory.  At the top of this hierarchy is the \root container, with other directories under \root.  These "directory paths" are called namespaces. Hyena supports all WMI namespaces, which can be specified when creating a new WMI query.  If left blank, Hyena's WMI functions default to the \root\CIMV2 namespace.

 

Classes - WMI groups its management object groupings into 'classes'.  The Win32_Service class for example will list Windows services, while the Win32_Process class will list processes.   The WMI class name is a starting point for any WMI action.

 

Property - WMI classes have multiple 'properties', which define the information described by the class.  For example, the property name 'ExecutablePath' contains the path and name of an executing process in the Win32_Process class.  Properties are the same as the attributes that describe Active Directory queries.  When discussing WMI, the term "property" will be used to describe the output fields when looking at WMI information.

 

Property Qualifiers - Properties can be read-only or writable, and have predefined data types (numeric, string, true/false, etc.).  String values can sometimes have predefined maximum lengths.  Most properties also have a description that can be used to help understand what the property means.  These items are all called qualifiers of the property, as they help qualify information about the property.

 

System Property - All WMI classes contain a number of predefined 'system' properties.  The names of system properties all start with two underscores, for example __SERVER is the system property for the server name that returns any WMI data.

 

Instances - The term 'instances' is used for each occurrence of 'something' in a WMI class.  For example, the instances of the Win32_Process class are the processes that are executing on a given system; Instances of the Win32_Service class include all of the services defined on a given system.

 

Method - Some WMI classes have one or more functions that can be performed either on the class or on the instances of the class.  These functions are called methods. For example, the WMI Win32_Process class has a "Create" method that can be used on the class itself to create a new process, while the "Terminate" method can be used on instances (processes) of the Win32_Process class to terminate a process.

 

Query - The technique used by Hyena to retrieve WMI class information is to execute queries.  The advantage of WMI queries is that the exact number and order of properties can be specified.  Also, WMI queries support a 'WHERE' condition, which uses a SQL-like syntax to specify conditions for what instance information to retrieve.  For example, the where condition LogFileName="application" when used on the Win32_NtEventLogFile class will only retrieve instances of the Application event log file.

 

WMI Functionality

 

A common question everyone asks when they first learn about WMI is "What can I do with WMI ?".  WMI offers an incredible amount of functionality in several different areas.  These functional areas and how they relate to managing a Windows environment without WMI are as follows:

 

Displaying WMI Property Information - The WMI classes contain information that can be difficult or impossible to obtain in other ways.  For example the Win32_ComputerSystem class contains numerous properties such as 'TotalPhysicalMemory' that are impossible to accurately obtain from a remote system.  Hyena can get some of the information available in the Win32_ComputerSystem class by reading values from the registry, but the registry locations for this information are largely undocumented and its interpretation is unsupported.  WMI not only provides a wealth of information, but provides this information through a supportable and documented interface.

 

Conditional Property Retrieval - The capability to query WMI classes with conditional 'where' clauses creates new opportunities for managing remote computer systems.  For example, the Win32_NtEventLogFile class can be queried to only return event logs from computers which contain more than a specified number of records.

 

Modification of Instance Properties - While most WMI properties are read-only, a number of WMI classes support modification to some properties.  For example, the maximum file size and overwrite options for instances (event logs) of the Win32_NtEventLogFile can be modified.  Since Hyena allows multi-computer execution of WMI queries and multi-instance property modifications, its easy to see the range of powerful management possibilities opened by WMI integration into Hyena.

 

Method Execution - WMI methods can provide additional functionality that is not available elsewhere for remote access.  For example, Windows lacks any built-in mechanism to terminate a process on a remote system.  WMI provides methods to both create and terminate processes on a remote computer.  This functionality is provided without any need to install any additional software or agents on the remote computer : WMI is the remote agent that carries out these actions.