Wait, what about the WMI Cmdlets, like I want to cover tasks we face everyday while administering Windows devices. We will look at:<\/p>\n I also want to show the pros and cons of each method, and where one stands out from the others.<\/p>\n If I had to pick a favorite, it would be this one. Bringing an object-oriented “feel” to WMI, this .NET namespace makes WMI management intuitive. Plus, if you are a C# developer, this will feel like home.<\/p>\n To perform a query, we need an instance of the ManagementObjectSearcher<\/strong> class. There are three constructors worth looking at:<\/p>\n Once we have the searcher, we call the Get<\/strong> method to return the ManagementObjects<\/strong>.<\/p>\n The This is how it looks like using the second and third constructors.<\/p>\n We could either call a method on the ManagementObject<\/strong> resultant from our query operation, like Terminate<\/strong>, or call a method on the WMI Class object. Let’s create a new process using the Create<\/strong> method.<\/p>\n If the method succeeds, you should be presented with a PowerShell console, and the Output Parameters<\/strong>:<\/p>\n We are going to use the Updating and deleting.<\/p>\n The WMI Scripting API is nothing more than the exposure of the WMI COM interfaces through a Runtime Callable Wrapper. Or WMI COM Object, for short. This method of managing WMI is not as straight forward as the System.Management<\/strong> namespace, but its implementation gives great flexibility.<\/p>\n To start, we need to instantiate a SWbemLocator<\/strong> object, which will be the interface to the other objects, and obtain a SWbemServices<\/strong> object, by connecting to the server.<\/p>\n Then, we use the ExecQuery<\/strong> method, from the SWbemServices<\/strong> object to perform our query. This method returns a SWbemObjectSet<\/strong>, which is a collection of SWbemObjects<\/strong>. Its properties are under the Properties_<\/strong> property.<\/p>\n First, we need to create an instance of the __Properties<\/strong> class, which holds the input parameters for the Create<\/strong> method. Then, we use the The Let’s replicate our last example using the Scripting API.<\/p>\n Updating and deleting.<\/p>\n When you just want to perform a WMI query to analyze data, and not necessarily interact with it, you cannot beat the CIM Cmdlets. They are extremely fast, and provide unique tools like auto-complete for class and namespace names and easy class retrival with Performing queries with the CIM Cmdlets is very pleasant. One line does it all.<\/p>\n The parameters are very similar to the The auto-complete<\/em> feature in Visual Studio Code.<\/p>\n The CIM Cmdlets introduces a unique way of calling WMI Methods. The results of a CIM query are called CimInstances<\/strong>, and you cannot call instance methods like you would with the other two options. Instead, you call another Cmdlet called And the result:<\/p>\n Have a hard time remembering parameters? Me too! Luckily auto-complete<\/em> also works with them.<\/p>\n If you used the old WMI Cmdlets before, this will look familiar.<\/p>\n Updating and deleting.<\/p>\n The System.Management<\/strong> namespace is great for acquiring instances of objects or classes. The aliases like Using the WMI Scripting API is great when you have to build whole scripts to manage WMI. Once you have the SWbemServices<\/strong> object you can work with pretty much anything else. It is also rewarding performance-wise, compared to the previous method, since you are working with the RCW interfaces directly. The System.Management<\/strong> namespace will wrap these interfaces to provide abstraction. But this comes at a cost. If you want to retrieve single objects or perform queries to analyze data, this method can be a little annoying to work with.<\/p>\n<\/li>\n The CIM cmdlets are number one on performance when querying multiple-object datasets. The CimInstance<\/strong> object is great to work with, specially when combining with other known objects, like the PSCustomObject<\/strong>. On the other hand, calling methods is not as straight forward as on the previous methods. And to access methods like Put<\/strong>, Get<\/strong> or Delete<\/strong> can be challenging.<\/p>\n<\/li>\n<\/ul>\n Let’s create our own Namespace under root, and implement a custom class! We will use the System.Management<\/strong> namespace, but now you can use what you learn to implement this using the other methods as well.<\/p>\n And just like that, we have our own Namespace, Class and Instance! The results on WmiExplorer<\/strong>.<\/p>\n If you made it to the end, hopefully now you have the right tool for the right job, regarding WMI. There is no winner, all of them are good in specific situations. What they all have in common is that they, together, will make you a better System Administrator.<\/p>\n Thank you for following along on this journey, and I see you next time!<\/p>\nGet-WmiObject<\/code>? There are two reasons we are not covering these today. These commands are only available for Windows PowerShell, and you will come to learn that the System.Management<\/strong> namespace is very similar. If you are still resisting trying PowerShell 7, I could not recommend it enough.<\/p>\nThe Procedure<\/h2>\n
\n
The System.Management Namespace<\/h2>\n
Querying<\/h3>\n
\n
ManagementObjectSearcher(String)<\/code> \n\n
ManagementObjectSearcher(String, String)<\/code> \n\n
ManagementObjectSearcher(ManagementScope, ObjectQuery)<\/code> \n\n
$query = \"Select * From Win32_Process Where Name = 'powershell.exe'\"\n$searcher = [wmisearcher]($query)\n$result = $searcher.Get()<\/code><\/pre>\n$result<\/code> variable holds an instance of the ManagementObjectCollection<\/strong> class. This collection contains all the Win32_Process<\/strong> instances in the form of ManagementObjects<\/strong>.<\/p>\n$result = $searcher.Get()\n$result | Format-Table -Property ProcessId, Name, ExecutablePath -AutoSize\n\n```Output\nProcessId Name ExecutablePath\n--------- ---- --------------\n 4116 powershell.exe C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe<\/code><\/pre>\n$query = \"Select * From Win32_Process Where Name = 'powershell.exe'\"\n$scope = 'root\\cimv2'\n$searcher = [wmisearcher]::new($scope, $query)\n$result = $searcher.Get()\n\n# Or\n\n$query = [System.Management.ObjectQuery]::new(\"Select * From Win32_Process Where Name = 'powershell.exe'\")\n$scope = [System.Management.ManagementScope]::new('root\\cimv2')\n$scope.Connect()\n$searcher = [System.Management.ManagementObjectSearcher]::new($scope, $query)\n$result = $searcher.Get()<\/code><\/pre>\nCalling a WMI Method<\/h3>\n
$commandLine = 'powershell.exe -ExecutionPolicy Bypass -Command \"Write-Output ''Howdy! From WMI!''; Read-Host\"'\n$processClass = [wmiclass]'Win32_Process'\n# The parameters are: CommandLine, CurrentDirectory and ProcessStartupInformation.\n$processClass.Create($commandLine, $null, $null)<\/code><\/pre>\n__GENUS : 2\n__CLASS : __PARAMETERS\n__SUPERCLASS :\n__DYNASTY : __PARAMETERS\n__RELPATH :\n__PROPERTY_COUNT : 2\n__PROPERTY_COUNT : 2\n__DERIVATION : {}\n__SERVER :\n__NAMESPACE :\n__PATH :\nProcessId : 11896\nReturnValue : 0\nPSComputerName :<\/code><\/pre>\nCreating, Updating and Deleting a WMI Class Instance<\/h3>\n
ManagementClass.CreateInstance()<\/code> method to create a new instance of the SMS_Collection<\/strong> class and Put<\/strong> to save it to the namespace.<\/p>\n$collection = ([wmiclass]'root\\SMS\\site_PS1:SMS_Collection').CreateInstance()\n$collection.Name = 'AwesomeDeviceCollection'\n$collection.LimitingCollectionID = 'PS1000042'\n$collection.Put()\n# The Get() method updates the $collection object with the new\n# property values populated by the Config Manager.\n$collection.Get()<\/code><\/pre>\n$collection = [wmiclass]\"root\\SMS\\site_PS1:SMS_Collection.CollectionID='PS1000043'\"\n$collection.Name = 'AwesomeDeviceCollection_NewName'\n$collection.Put()\n\n# Deleting\n\n$collection.Delete()<\/code><\/pre>\nThe WMI Scripting API<\/h2>\n
Querying<\/h3>\n
$locator = New-Object -ComObject 'WbemScripting.SWbemLocator'\n$services = $locator.ConnectServer()<\/code><\/pre>\n$result = $services.ExecQuery(\"Select * From Win32_Process Where Name = 'powershell.exe'\")\n$object = $result | Select-Object -First 1\n$value = $object.Properties_['ProcessId'].Value<\/code><\/pre>\nCalling a WMI Method<\/h3>\n
SWbemServices.ExecMethod()<\/code> method to call Create<\/strong>.<\/p>\n$commandLine = 'powershell.exe -ExecutionPolicy Bypass -Command \"Write-Output ''Howdy! From WMI!''; Read-Host\"'\n$parameters = $object.Methods_['Create'].InParameters.SpawnInstance_()\n$parameters.Properties_['CommandLine'].Value = $commandLine\n\n$output = $services.ExecMethod('Win32_Process', 'Create', $parameters)<\/code><\/pre>\n$output<\/code> variable contains a SWbemObject<\/strong>, which is an instance of the Output Parameters<\/strong> property class.<\/p>\n$services.ExecMethod('Win32_Process', 'Create', $parameters)<\/code><\/pre>\nValue : 16172\nName : ProcessId\nIsLocal : True\nOrigin : __PARAMETERS\nCIMType : 19\nQualifiers_ : System.__ComObject\nIsArray : False\n\nValue : 0\nName : ReturnValue\nIsLocal : True\nOrigin : __PARAMETERS\nCIMType : 19\nQualifiers_ : System.__ComObject\nIsArray : False<\/code><\/pre>\nCreating, Updating and Deleting a WMI Class Instance<\/h3>\n
$collection = $services.Get('\\\\.\\root\\SMS\\site_PS1:SMS_Collection').SpawnInstance_()\n$collection.Properties_['Name'].Value = 'AwesomeDeviceCollection'\n$collection.Properties_['LimitingCollectionID'].Value = 'PS1000042'\n$collection.Put_()<\/code><\/pre>\n$collection = $services.Get(\"\\\\.\\root\\SMS\\site_PS1:SMS_Collection.CollectionID='PS1000043'\")\n$collection.Properties_['Name'].Value = 'AwesomeDeviceCollection_NewName'\n$collection.Put_()\n\n# Deleting\n\n$collection.Delete_()<\/code><\/pre>\nThe CIM Cmdlets<\/h2>\n
Get-CimClass<\/code>.<\/p>\nQuerying<\/h3>\n
$result = Get-CimInstance -Query \"Select * From Win32_Process Where Name = 'powershell.exe'\"<\/code><\/pre>\nGet-WmiObject<\/code> ones, and can be used as follows.<\/p>\n$result = Get-CimInstance -ClassName 'Win32_Process' -Filter \"Name = 'powershell.exe'\"<\/code><\/pre>\n![\"Auto-Complete](\"https:\/\/devblogs.microsoft.com\/powershell-community\/wp-content\/uploads\/sites\/69\/2022\/08\/Get-CimInstance_autoComplete.png\")
<\/p>\nCalling a WMI Method<\/h3>\n
Invoke-CimMethod<\/code>.<\/p>\n$commandLine = 'powershell.exe -ExecutionPolicy Bypass -Command \"Write-Output ''Howdy! From WMI!''; Read-Host\"'\n$result = Get-CimClass -ClassName 'Win32_Process'\n$params = @{\n MethodName = 'Create'\n Arguments = @{\n CommandLine = $commandLine\n }\n}\n$output = $result | Invoke-CimMethod @params\n\n# Or\n$params = @{\n ClassName = 'Win32_Process'\n MethodName = 'Create'\n Arguments = @{\n CommandLine = $commandLine\n }\n}\n$output = Invoke-CimMethod @params<\/code><\/pre>\nInvoke-CimMethod -ClassName 'Win32_Process' -MethodName 'Create' -Arguments @{ CommandLine = $commandLine }<\/code><\/pre>\nProcessId ReturnValue PSComputerName\n--------- ----------- --------------\n 14932 0<\/code><\/pre>\n![\"Auto-Complete](\"https:\/\/devblogs.microsoft.com\/powershell-community\/wp-content\/uploads\/sites\/69\/2022\/08\/Invoke-CimMethod_autoComplete.png\")
<\/p>\nCreating, Updating and Deleting a WMI Class Instance<\/h3>\n
$params = @{\n Namespace = 'root\\SMS\\site_PS1'\n ClassName = 'SMS_Collection'\n Property = @{\n Name = 'AwesomeDeviceCollection'\n LimitingCollectionID = 'PS1000042'\n }\n}\n$collection = New-CimInstance @params<\/code><\/pre>\n$params = @{\n Namespace = 'root\\SMS\\site_PS1'\n Query = \"Select * From SMS_Collection Where Name = 'AwesomeDeviceCollection'\"\n Property = @{\n Name = 'AwesomeDeviceCollection_NewName'\n }\n}\nSet-CimInstance @params\n\n#Or\n\n$params = @{\n Namespace = 'root\\SMS\\site_PS1'\n Query = \"Select * From SMS_Collection Where Name = 'AwesomeDeviceCollection'\"\n}\n$collection = Get-CimInstance @params\n$collection | Set-CimInstance -Property @{\n Name = 'AwesomeDeviceCollection_NewName'\n}\n\n#Deleting\n\n$params = @{\n Namespace = 'root\\SMS\\site_PS1'\n Query = \"Select * From SMS_Collection Where Name = 'AwesomeDeviceCollection'\"\n}\n$collection = Get-CimInstance @params\n$collection | Remove-CimInstance<\/code><\/pre>\nPros and Cons<\/h2>\n
\n
[wmi]<\/code> or [wmiclass]<\/code> makes it easy to work with them, if you know their path. Calling methods is also very intuitive. In the other hand, querying and doing more complex operations can be time-consuming, and can involve more objects to keep track of.<\/p>\n<\/li>\nBonus<\/h2>\n
$namespace = ([wmiclass]'root:__Namespace').CreateInstance()\n$namespace.Name = 'ScriptingBlogCoolNamespace'\n$namespace.Put()<\/code><\/pre>\nPath : \\\\.\\root:__NAMESPACE.Name=\"ScriptingBlogCoolNamespace\"\nRelativePath : __NAMESPACE.Name=\"ScriptingBlogCoolNamespace\"\nServer : .\nNamespacePath : root\nClassName : __NAMESPACE\nIsClass : False\nIsInstance : True\nIsSingleton : False<\/code><\/pre>\n$class = [wmiclass]::new('root\\ScriptingBlogCoolNamespace', '', $null)\n$class['__Class'] = 'CustomClass'\n$class.Qualifiers.Add('Static', $true)\n$class.Properties.Add('Source', 'Custom class with .NET!')\n$class.Properties.Add('PropertyKey', 1)\n## You need a Key property, otherwise WMI wouldn't be able to assemble the path of a new instance.\n$class.Properties['PropertyKey'].Qualifiers.Add('Key', $true)\n$class.Put()<\/code><\/pre>\nPath : \\\\.\\root\\ScriptingBlogCoolNamespace:CustomClass\nRelativePath : CustomClass\nServer : .\nNamespacePath : root\\ScriptingBlogCoolNamespace\nClassName : CustomClass\nIsClass : True\nIsInstance : False\nIsSingleton : False<\/code><\/pre>\n$instance = ([wmiclass]'root\\ScriptingBlogCoolNamespace:CustomClass').CreateInstance()\n$instance.Source = 'CustomInstance!'\n$instance.Put()<\/code><\/pre>\nPath : \\\\.\\root\\ScriptingBlogCoolNamespace:CustomClass.PropertyKey=1\nRelativePath : CustomClass.PropertyKey=1\nServer : .\nNamespacePath : root\\ScriptingBlogCoolNamespace\nClassName : CustomClass\nIsClass : False\nIsInstance : True\nIsSingleton : False<\/code><\/pre>\n![\"Namespace,](\"https:\/\/devblogs.microsoft.com\/powershell-community\/wp-content\/uploads\/sites\/69\/2022\/08\/NamespaceManiputlation.png\")
<\/p>\nConclusion<\/h2>\n
Useful links<\/h2>\n