Windows Management Instrumentation in VB.NET

In this article I will explain you about Windows Management Instrumentation in VB.NET.
  • 13460

Windows Management Instrumentation (WMI) helps to ease administrative enterprise system management tasks such as starting and stopping remote services and rebooting a remote machine. With WMI you can create management applications to control and modify operating system elements contained in systems, applications, networks, and devices such as CPUs, disks, memory, services, and network status. But you are required to have authorization to perform the relevant tasks. All of the .NET WMI classes live in the System.Management namespace.

Although WMI is a great feature, it may prove to be a security risk because intruders may use WMI objects accidentally or maliciously to their advantage without your control. If you have no intention of using the features of WMI on your network, you may want to disable it on certain computers. Note that all of the WMI operations are controlled by the Windows Management Instrumentation Windows service on computers on which Windows NT, 2000, or XP is installed.

WMI is an interface designed to interact with parts of the Windows operating system. Without it we would have to address administrative tasks individually rather than remotely and automatically. WMI works with the Common Information Model Object Manager (CIMOM). CIMOM is a database of objects representing different operating system elements such as applications and services. CIMOM provides a common interface to these operating system elements.

WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM). WBEM is an industry initiative to develop a standardized technology for accessing management information such as details about the state of system memory, inventories of currently installed client applications, and other information about client status in an enterprise environment. WMI enables the Common Information Model (CIM) designed by the Distributed Management Task Force (DMTF) to represent systems, applications, networks, and other managed components. CIM can model every component in the managed environment, regardless of the data source location. As well as data modeling, WMI provides a powerful set of basic services that include query-based information retrieval and event notification.

CIM is a model for describing overall management information in a network or enterprise environment. It comprises both a specification and a schema. The specification defines the details for integration with other management models, while the schema provides the actual model descriptions.

More details about WBEM, CIM, and other DMTF standards are available at

WMI can help you accomplish a horde of tasks:

  • Control remote workstations and severs in bulk from your own workstation

  • Audit or configure Windows 2000 systems automatically and remotely

  • Centrally archive Windows NT event logs

  • Block server render down with WMI event notification

  • Integrate WMI with Active Directory

  • Manipulate remote processes and files

  • Identify, list, and adjust all the services on a server

  • Identify, list, and adjust all the NT file system partitions on a server that have less than 10 percent free space

  • Execute a backup on a Microsoft Exchange Server machine and then dump the transaction log

  • Use any existing WMI method to launch a program on a server remotely

  • Set up an event consumer that subscribes to a system that watches for a specific event in the system log and sends an SMS (System Management Service) or e-mail message when that event occurs

  • Reconfigure an event consumer to request a system event whenever a server's CPU use exceeds 85 percent

WMI has a query language named WQL (Windows Management Instrumentation Query Language). WQL is a subset of the American National Standards Institute Structured Query Language (ANSI SQL) with small semantic changes to support WMI. For example, you can perform a WQL query such as "SELECT * FROM Win32_Processor" on the root\CIMV2 namespace path.

The code samples in Listings 21.39 through 21.46 demonstrate various ways to employ WMI in the VB.NET.

Listing 21.39: Retrieving Local WMI Objects

Dim mo As New ManagementObject("Win32_Share.Name=""X$""")
        Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))

Listing 21.40: Retrieving Remote WMI Objects

        Dim path As New ManagementPath()
        path.Path = "Win32_Share.Name=""X$"""
        path.Server = "MCBcomputer"
        path.NamespacePath = "root\CIMV2"
        Dim mo As New ManagementObject(path)
        Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))

Listing 21.41: Enumerating WMI Objects

Dim mc As New ManagementClass("Win32_Share")
        Dim mcCollection As ManagementObjectCollection = mc.GetInstances() 
        For Each mo As ManagementObject In mcCollection
          Console.WriteLine("'{0}' path is '{1}'", mo("__RELPATH"), mo("Path"))

Listing 21.42: Performing Queries on WMI Objects

Dim query As New ManagementObjectSearcher("SELECT * FROM Win32_Service WHERE 
        Dim queryCollection As ManagementObjectCollection = query.[Get]()
        For Each mo As ManagementObject In queryCollection
          Console.WriteLine("Service: '{0}'", mo("DisplayName"))

Listing 21.43: Calling a WMI Object Method to Create TEMP Share to C:\TEMP

Dim mc As New ManagementClass("Win32_Share")
        ' Get the methods in parameters
        Dim inParams As ManagementBaseObject = mc.GetMethodParameters("Create")
        ' Setup method parameters
inParams("Name") = "TEMP"
inParams("Path") = "C:\TEMP"
inParams("Type") = 0
        Dim outParams As ManagementBaseObject = mc.InvokeMethod("Create", inParams, Nothing)
        ' inspect out parameters for return value
        Dim retVal As UInteger = CUInt(outParams("ReturnValue"))

Listing 21.44: Managing Remote WMI Connections
        Dim options As New ConnectionOptions()
        options.Authentication = AuthenticationLevel.[Call]
        options.Impersonation = ImpersonationLevel.Impersonate
        options.EnablePrivileges = True
        options.Locale = "MS_409"
        options.Username = "MCBDOMAIN\mcb"
        options.Password = "password"
        Dim ms As New ManagementScope("\\MCBcomputer\root\CIMV2", options)
        ' Explicit connection to WMI namespace
        Dim mo As New ManagementObject("Win32_Share.Name=""X$"""
        ' Reuse existing connection for this
        ' ManagementObject retrieval
        mo.Scope = ms 
        ' Connection scope used when object is retrieved here!
        Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))

Listing 21.45: Rebooting a Remote Computer with WMI (reboot1.vb)

Imports System.Management 
Class RemoteWMI
    Private Shared Sub Main(ByVal args As String())
        'Connect to the remote computer
        Dim co As New ConnectionOptions()
        co.Username = "mcb"
        co.Password = "password"
        Dim ms As New ManagementScope("\\MCBcomputer\root\cimv2", co) 
        'Query remote computer across the connection
        Dim oq As New ObjectQuery("SELECT * FROM Win32_OperatingSystem")
        Dim query1 As New ManagementObjectSearcher(ms, oq)
        Dim queryCollection1 As ManagementObjectCollection = query1.[Get]() 
        For Each mo As ManagementObject In queryCollection1
            Dim ss As String() = {""}
            mo.InvokeMethod("Reboot", ss)
    End Sub
End Class

Listing 21.46: Clearing the Application Logs

Imports System.Management 
Namespace ClearEventLog
    Class ClearEventLog
        <STAThread()> _
        Private Shared Sub Main(ByVal args As String())
                ' create conncetion options
                Dim options As New ConnectionOptions()
                options.Authentication = AuthenticationLevel.[Call]
                options.Impersonation = ImpersonationLevel.Impersonate
                options.EnablePrivileges = True
                options.Locale = "MS_409"
                ' LocaleID
                options.Username = "mcb"
                ' username for connection
                options.Password = "mindcracker"
                ' password for the
                ' create management scope for CIM/WMI
                Dim ms As New ManagementScope("\\MCBComputer\root\CIMV2", options) 
                ' query Application event log
                Dim query1 As New ManagementObjectSearcher("select * from Win32_NTEventLogFile
                where LogfileName='Application'"
                ' get the query collection
                Dim queryCollection1 As ManagementObjectCollection = query1.[Get]() 
                ' clear the Application event log
                For Each mo As ManagementObject In queryCollection1
                    Dim inParams As ManagementBaseObject = mo.GetMethodParameter
                    Dim outParams As ManagementBaseObject = mo.InvokeMethod("ClearEventLog",
                    inParams, Nothing)
                    If 0 = CInt(CUInt(outParams.Properties("ReturnValue").Value)) Then
                        Console.WriteLine("not cleared!!!")
                    End If
            Catch e As Exception
                Console.WriteLine("Error: {0}", e.ToString())
            End Try
        End Sub
    End Class
End Namespace


Hope this article would have helped you in understanding Windows Management Instrumentation in VB.NET.


More Articles

© 2020 DotNetHeaven. All rights reserved.