Software: Apache. PHP/5.5.15 uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 SYSTEM Safe-mode: OFF (not secure) C:\Windows\System32\WindowsPowerShell\v1.0\en-US\ drwxrwxrwx |
Viewing file: about_WMI_Cmdlets.help.txt (8.67 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | TOPIC about_WMI_cmdlets SHORT DESCRIPTION Provides background information about Windows Management Instrumentation (WMI) and Windows PowerShell. LONG DESCRIPTION This topic provides information about WMI technology, the WMI cmdlets for Windows PowerShell, WMI-based remoting, WMI accelerators, and WMI troubleshooting. This topic also provides links to more information about WMI. About WMI Windows Management Instrumentation (WMI) is the Microsoft implementation of Web-Based Enterprise Management (WBEM), which is an industry initiative to develop a standard technology for accessing management information in an enterprise environment. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. CIM is developed and maintained by the Distributed Management Task Force (DMTF). You can use WMI to manage both local and remote computers. For example, you can use WMI to do the following: -- Start a process on a remote computer. -- Restart a computer remotely. -- Get a list of the applications that are installed on a local or remote computer. -- Query the Windows event logs on a local or remote computer. The WMI Cmdlets for Windows PowerShell Windows PowerShell implements WMI functionality through a set of cmdlets that are available in Windows PowerShell by default. You can use these cmdlets to complete the end-to-end tasks necessary to manage local and remote computers. The following WMI cmdlets are included. Cmdlet Description ------------------ ---------------------------------------------- Get-WmiObject Gets instances of WMI classes or information about the available classes. Invoke-WmiMethod Calls WMI methods. Register-WmiEvent Subscribes to a WMI event. Remove-WmiObject Deletes WMI classes and instances. Set-WmiInstance Creates or modifies instances of WMI classes. Sample Commands The following command displays the BIOS information for the local computer. C:\PS> get-wmiobject win32_bios | format-list * The following command displays information about the WinRM service for three remote computers. C:\PS> get-wmiobject -query "select * from win32_service where name='WinRM'" -computername server01, server01, server03 The following more complex command exits all instances of a program. C:\PS> notepad.exe C:\PS> $np = get-wmiobject -query "select * from win32_process where name='notepad.exe'" C:\PS> $np | remove-wmiobject WMI-Based Remoting While the ability to manage a local system through WMI is useful, it is the remoting capabilities that make WMI a powerful administrative tool. WMI uses Microsoft's Distributed Component Object Model (DCOM) to connect to and manage systems. You might have to configure some systems to allow DCOM connections. Firewall settings and locked-down DCOM permissions can block WMI's ability to remotely manage systems. WMI Type Accelerators Windows PowerShell includes WMI type accelerators. These WMI type accelerators (shortcuts) allow more direct access to a WMI objects than a non-type accelerator approach would allow. The following type accelerators are supported with WMI: [WMISEARCHER] - A shortcut for searching for WMI objects. [WMICLASS] - A shortcut for accessing the static properties and methods of a class. [WMI] - A shortcut for getting a single instance of a class. [WMISEARCHER] is a type accelerator for a ManagementObjectSearcher. It can take a string constructor to create a searcher that you can then do a GET() on. For example: PS> $s = [WmiSearcher]'Select * from Win32_Process where Handlecount > 1000' PS> $s.Get() |sort handlecount |ft handlecount,__path,name -auto handlecount __PATH name ----------- ------ ---- 1105 \\SERVER01\root\cimv2:Win32_Process.Handle="3724" powershell... 1132 \\SERVER01\root\cimv2:Win32_Process.Handle="1388" winlogon.exe 1495 \\SERVER01\root\cimv2:Win32_Process.Handle="2852" iexplore.exe 1699 \\SERVER01\root\cimv2:Win32_Process.Handle="1204" OUTLOOK.EXE 1719 \\SERVER01\root\cimv2:Win32_Process.Handle="1912" iexplore.exe 2579 \\SERVER01\root\cimv2:Win32_Process.Handle="1768" svchost.exe [WMICLASS] is a type accelerator for ManagementClass. This has a string constructor that takes a local or absolute WMI path to a WMI class and returns an object that is bound to that class. For example: PS> $c = [WMICLASS]"root\cimv2:WIn32_Process" PS> $c |fl * Name : Win32_Process __GENUS : 1 __CLASS : Win32_Process __SUPERCLASS : CIM_Process __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Process __PROPERTY_COUNT : 45 __DERIVATION : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : SERVER01 __NAMESPACE : ROOT\cimv2 __PATH : \\SERVER01\ROOT\cimv2:Win32_Process [WMI] is a type accelerator for ManagementObject. This has a string constructor that takes a local or absolute WMI path to a WMI instance and returns an object that is bound to that instance. For example: PS> $p = [WMI]'\\SERVER01\root\cimv2:Win32_Process.Handle="1204"' PS> $p.Name OUTLOOK.EXE WMI Troubleshooting The following problems are the most common problems that might occur when you try to connect to a remote computer. Problem 1: The remote computer is not online. If a computer is offline, you will not be able to connect to it by using WMI. You may receive the following error message: "Remote server machine does not exist or is unavailable" If you receive this error message, verify that the computer is online. Try to ping the remote computer. Problem 2: You do not have local administrator rights on the remote computer. To use WMI remotely, you must have local administrator rights on the remote computer. If you do not, access to that computer will be denied. To verify namespace security: a. Click Start, right-click My Computer, and then click Manage. b. In Computer Management, expand Services and Applications, right-click WMI Control, and then click Properties. c. In the WMI Control Properties dialog box, click the Security tab. Problem 3: A firewall is blocking access to the remote computer. WMI uses the DCOM (Distributed COM) and RPC (Remote Procedure Call) protocols to traverse the network. By default, many firewalls block DCOM and RPC traffic. If your firewall is blocking these protocols, your connection will fail. For example, Windows Firewall in Microsoft Windows XP Service Pack 2 is configured to automatically block all unsolicited network traffic, including DCOM and WMI. In its default configuration, Windows Firewall rejects an incoming WMI request, and you receive the following error message: "Remote server machine does not exist or is unavailable" More Information about WMI For more information about WMI, see the following topics in the MSDN (Microsoft Developer Network) library: "About WMI: http://go.microsoft.com/fwlink/?LinkId=142212 "WMI Troubleshooting" http://go.microsoft.com/fwlink/?LinkId=142213 And, see "Secrets of Windows Management Instrumentation - Troubleshooting and Tips" in the Microsoft TechNet Script Center: http://go.microsoft.com/fwlink/?LinkId=142214 SEE ALSO Online version: http://go.microsoft.com/fwlink/?LinkId=142219 Get-WmiObject Invoke-WmiMethod Register-WmiEvent Remove-WmiObject Set-WmiInstance |
:: Command execute :: | |
--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.1404 ]-- |