In my previous entry,
WMI - Introduction I covered the basics of how WMI worked and how to write a simple script utilizing WMI technology. Today we will cover some more in depth information regarding WMI and scripting, along with some more advanced WMI queries.
WMI ClassesIntroudction to Object-Oriented Programming & ClassesThe concept of classes within WMI is borrowed from
object-oriented programming, object-oriented programming was born in the 60's and the first programming language implementing the idea of classes was
Simula 67.
SmallTalk, which was developed at Xerox, took the idea even further by using objects to represent everything, becoming the first "pure" object-oriented language. The fundamental concept to understand about object-oriented programming is that an
object represents an instance of a physical or logical thing. In effect we can then represent a car as an object. All cars have similar properties, they have four wheels, seats, a stearing wheel, a gas petal... They also can do similar things such as accellerate, slow down, turn... We represent these definitions of an object in a blueprint called a class.
A class is a logical representation of an object that defines what properties an object has and also what an object can do. Properties represent characteristics of an objects and methods represent what an object can do. Once we have a class, or blueprint, to use we can create an instance of this class, the instance is what we refer to as an object.
It is not neccessary to have a full understanding of object-oriented programming to work with WMI and VBScript, however a solid understanding of the fundamentals will greatly aide your ability to comprehend how the internals of WMI work as well enable you to understand how VBScript objects interact and work together.
Object-Oriented Internet ResourcesWikiPedia Object-Oriented Programming ArticleObject Oriented FAQUnderstanding Object Oriented ProgrammingOOPSLA (Object-Oriented Programming, Systems, Languages and Applications) International ConferenceWMI ClassesWMI classes are symbolic represenations of hardware and software items that a computer has. Nearly everything about your computer is represented in WMI by a class, from DVD-ROM drives to event logs, more than likely there is a class that represents information about your computer that you need access to. WMI classes are almost always created by
compiling a
MOF (Managed Object Format) file and adding them to the WMI Repository. The exception to this rule is the core system classes. The core system classes, which can be identified by the double underscore (
__) preceding their name, are present in all namespaces and built into the foundation of WMI. The core system classes provide the following: Event and provider registration, event notification and security.
Querying WMI and Executing MethodsIn the below script we utilize the WMI class
Win32_Process . This class is extremely useful as it gives us information to all the processes that are currently running on a local or remote computer system. In the script below we do two things:
- Query all instances of running processes that match our requirements.
- Terminate all processes that were returned.
Take a look at the script below, and look through each line code. If you want launch a few copies of notepad on your system and run the script to see how it functions.
Option Explicit
Dim oSWbemServices
Dim sHost
Dim sNamespace
Dim sQuery
Dim oProcessColl
Dim oProcess
sHost = "."
sNamespace = "\root\cimv2"
sQuery = "SELECT Name, ProcessID FROM Win32_Process WHERE Name = 'notepad.exe'"
Set oSWbemServices = GetObject("winmgmts:\\" & sHost & sNamespace)
Set oProcessColl= oSWbemServices.ExecQuery(sQuery)
For Each oProcess In oProcessColl
WScript.Echo "Terminating " & oProcess.Name
WScript.Echo "ProcessID: " & oProcess.ProcessID
oProcess.Terminate
Next
WQL - The WHERE ClauseThe first part of this script I would like to take a look at is the WQL query we execute to retreive all the instances of notepad.exe.
SELECT Name, ProcessID FROM Win32_Process WHERE Name = 'notepad.exe'
This query looks basically the same as the query we used in the last article to retreive network adapters, however this one has a couple of significant differences. First instead of using the generic asterik to specify we are retrieving all fields that are defined in the class we specify two fields; Name and ProcessID. This can speed up query execution time as well reduce the overall memory footprint of your script. In general it is a best practice to specify only the class fields that you will use in your script instead of retreiving all fields. The second noteable difference in this query is the addition of the
WHERE clause on the end of the script. The WHERE clause acts a filter so that we only return class instances that match our criteria. We therefore are relying on the WMI system to filter out instances accordingly instead of having to do these comparisons our selves. If you are familiar with SQL then the WQL's WHERE clause will feel right at home. For those of you that are not I highly reccommend you checkout the
MSDN WQL WHERE Clause entry, or brush up on SQL a little bit. You are not limited to merely to string tests you can combine comparisons of all types of fields that results in a very powerful filtering method.
Executing WMI Class MethodsSo we execute our WQL query and retreive a collection of all class instances that have the name "notepad.exe", from here we decide that we must terminate all of these instances. This brings us to the second part of this script which is different from the ones we have previously used. WMI method calling. Earlier we talked about object oriented programming and how the WMI uses the object oriented paradigm to describe data. Many WMI classes have methods that you can call to perform certain operations upon the class instances. As you can see we call the
Terminate method to kill any processes that we found matching our query.
Wrap Up & ExerciseOnce you understand how to query WMI retrieve and output the results and execute WMI methods you have learned the basics and can develop all sorts of scripts that we help you automate mundane tasks, or acclompish things with SMS that normally would not be possible. For instance let's say your upgrading a software package and due to the requirements the end-user will most likely be logged in to the machine and running the application you need to upgrade. This can be a difficult a thing to accomplish normally but with the power of WMI scripts you can now handle this easily. For a homework exercise I have a little challenge for you:
Investigate the WMI class
Win32_Service and write a script that will restart the "Task Scheduler" service on a list of machines you specify in the script. I'll post my script here in a week so stay tuned! I hope you learned a little something new about WMI, and will start to see how great of tool this can be to use in your day to day job.
Resources
WMI Classes ReferenceWin32_ProcessWQL WHERE ClauseMOF (Managed Object Format)
