WMI Query Language via PowerShell

WMI Query Language via PowerShell

Ravikanth Chaganti

Explore basics of WMI Query Language, different types of WMI queries, and learn how PowerShell can be used to retrieve WMI management information using WQL.

Table of Contents

Introduction .................................................................................................................................................. 5 Introducing WMI Query Language............................................................................................................ 5 WMI Query Types ..................................................................................................................................... 6 Data Queries ......................................................................................................................................... 6 Event Queries........................................................................................................................................ 6 Schema Queries .................................................................................................................................... 7 WQL Keywords.......................................................................................................................................... 7 WQL Operators ......................................................................................................................................... 8

Tools for the job .......................................................................................................................................... 10 WBEMTEST.............................................................................................................................................. 10 WMI Administrative Tools ...................................................................................................................... 12 [WMISEARCHER] type accelerator.......................................................................................................... 14 PowerShell WMI cmdlets........................................................................................................................ 15

WMI Data Queries ...................................................................................................................................... 17 SELECT, FROM, and WHERE .................................................................................................................... 17 Using Operators .................................................................................................................................. 18 ASSOCIATORS OF .................................................................................................................................... 21 ClassDefsOnly...................................................................................................................................... 23 AssocClass ........................................................................................................................................... 24 ResultClass .......................................................................................................................................... 24 ResultRole ........................................................................................................................................... 24 Role ..................................................................................................................................................... 28 RequiredQualifier and RequiredAssocQualifier .................................................................................. 28 REFERENCES OF....................................................................................................................................... 29

WMI Event Queries: Introduction............................................................................................................... 31 Event Query Types .................................................................................................................................. 33 Intrinsic Events .................................................................................................................................... 33 Extrinsic Events ................................................................................................................................... 33 Timer Events ....................................................................................................................................... 33 WQL Syntax for event queries ................................................................................................................ 34 WITHIN ................................................................................................................................................ 34

[1]

GROUP................................................................................................................................................. 35 HAVING ............................................................................................................................................... 36 BY ........................................................................................................................................................ 36 Intrinsic Event Queries ................................................................................................................................ 38 __InstanceCreationEvent........................................................................................................................ 39 __InstanceDeletionEvent ........................................................................................................................ 39 __InstanceModificationEvent ................................................................................................................. 39 Extrinsic Event Queries ............................................................................................................................... 43 Monitoring registry value change events ............................................................................................... 43 Monitoring registry key change events .................................................................................................. 44 Monitoring registry tree change events ................................................................................................. 45 Timer Events ............................................................................................................................................... 46 WMI Schema Queries ................................................................................................................................. 49 Using __this............................................................................................................................................. 50 Using __Class .......................................................................................................................................... 50 WMI Event Consumers ............................................................................................................................... 51 Temporary Event consumers .................................................................................................................. 51 Permanent Event consumers.................................................................................................................. 51 Creating an event filter ....................................................................................................................... 53 Creating a logical consumer ................................................................................................................ 53 Binding Event Filter and Consumer..................................................................................................... 54 Introducing PowerEvents........................................................................................................................ 54 Creating an event filter ....................................................................................................................... 55 Creating an event consumer ............................................................................................................... 55 Binding Event filter and consumer...................................................................................................... 55

[2]

This book is dedicated to Andrew Tearle, the most passionate PowerSheller and a good friend. Rest in peace Andy.

[3]

Acknowledgements I would like to thank Shay Levy (MVP), Aleksandar Nikolic (MVP), Philip LaVoie, and Robert Robelo for providing their feedback. Their feedback really helped shape the ebook and include extra content that was not planned initially. Also, thanks to everyone who read my blog posts on WMI query language and provided feedback. Your encouragement and support helped me write quite a bit about WQL and now this ebook.

[4]

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download