Windows Management Instrumentation in VB.NET
In this article I will explain you about Windows Management Instrumentation in VB.NET
Windows Management Instrumentation (WMI) helps to ease administrative enterprise system management tasks such as starting and stopping remote services and rebooting a remote machine. With WMI you can create management applications to control and modify operating system elements contained in systems, applications, networks, and devices such as CPUs, disks, memory, services, and network status. But you are required to have authorization to perform the relevant tasks. All of the .NET WMI classes live in the System.Management namespace.
Although WMI is a great feature, it may prove to be a security risk because intruders may use WMI objects accidentally or maliciously to their advantage without your control. If you have no intention of using the features of WMI on your network, you may want to disable it on certain computers. Note that all of the WMI operations are controlled by the Windows Management Instrumentation Windows service on computers on which Windows NT, 2000, or XP is installed.
WMI is an interface designed to interact with parts of the Windows operating system. Without it we would have to address administrative tasks individually rather than remotely and automatically. WMI works with the Common Information Model Object Manager (CIMOM). CIMOM is a database of objects representing different operating system elements such as applications and services. CIMOM provides a common interface to these operating system elements.
WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM). WBEM is an industry initiative to develop a standardized technology for accessing management information such as details about the state of system memory, inventories of currently installed client applications, and other information about client status in an enterprise environment. WMI enables the Common Information Model (CIM) designed by the Distributed Management Task Force (DMTF) to represent systems, applications, networks, and other managed components. CIM can model every component in the managed environment, regardless of the data source location. As well as data modeling, WMI provides a powerful set of basic services that include query-based information retrieval and event notification.
CIM is a model for describing overall management information in a network or enterprise environment. It comprises both a specification and a schema. The specification defines the details for integration with other management models, while the schema provides the actual model descriptions.
More details about WBEM, CIM, and other DMTF standards are available at http://www.dmtf.org/standards/.
WMI can help you accomplish a horde of tasks:
- Control remote workstations and severs in bulk from your own workstation
- Audit or configure Windows 2000 systems automatically and remotely
- Centrally archive Windows NT event logs
- Block server render down with WMI event notification
- Integrate WMI with Active Directory
- Manipulate remote processes and files
- Identify, list, and adjust all the services on a server
- Identify, list, and adjust all the NT file system partitions on a server that have less than 10 percent free space
- Execute a backup on a Microsoft Exchange Server machine and then dump the transaction log
- Use any existing WMI method to launch a program on a server remotely
- Set up an event consumer that subscribes to a system that watches for a specific event in the system log and sends an SMS (System Management Service) or e-mail message when that event occurs
- Reconfigure an event consumer to request a system event whenever a server's CPU use exceeds 85 percent
WMI has a query language named WQL (Windows Management Instrumentation Query Language). WQL is a subset of the American National Standards Institute Structured Query Language (ANSI SQL) with small semantic changes to support WMI. For example, you can perform a WQL query such as "SELECT * FROM Win32_Processor" on the root\CIMV2 namespace path.
The code samples in Listings 21.39 through 21.46 demonstrate various ways to employ WMI in the .NET Framework.
Listing 21.39: Retrieving Local WMI Objects
Dim mo As New ManagementObject("Win32_Share.Name=""X$""")
mo.[Get]()
Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))
Listing 21.40: Retrieving Remote WMI Objects
Dim path As New ManagementPath()
path.Path = "Win32_Share.Name=""X$"""
path.Server = "MCBcomputer"
path.NamespacePath = "root\CIMV2"
Dim mo As New ManagementObject(path)
Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))
Listing 21.41: Enumerating WMI Objects
Dim mc As New ManagementClass("Win32_Share")
Dim mcCollection As ManagementObjectCollection = mc.GetInstances()
For Each mo As ManagementObject In mcCollection
Console.WriteLine("'{0}' path is '{1}'", mo("__RELPATH"), mo("Path"))
Next
Listing 21.42: Performing Queries on WMI Objects
Dim query As New ManagementObjectSearcher("SELECT * FROM Win32_Service WHERE Started=true")
Dim queryCollection As ManagementObjectCollection = query.[Get]()
For Each mo As ManagementObject In queryCollection
Console.WriteLine("Service: '{0}'", mo("DisplayName"))
Next
Listing 21.43: Calling a WMI Object Method to Create TEMP Share to C:\TEMP
Dim mc As New ManagementClass("Win32_Share")
' Get the methods in parameters
Dim inParams As ManagementBaseObject = mc.GetMethodParameters("Create")
' Setup method parameters
inParams("Name") = "TEMP"
inParams("Path") = "C:\TEMP"
inParams("Type") = 0
Dim outParams As ManagementBaseObject = mc.InvokeMethod("Create", inParams, Nothing)
' inspect out parameters for return value
Dim retVal As UInteger = CUInt(outParams("ReturnValue"))
Listing 21.44: Managing Remote WMI Connections
Dim options As New ConnectionOptions()
options.Authentication = AuthenticationLevel.[Call]
options.Impersonation = ImpersonationLevel.Impersonate
options.EnablePrivileges = True
options.Locale = "MS_409"
options.Username = "MCBDOMAIN\mcb"
options.Password = "password"
Dim ms As New ManagementScope("\\MCBcomputer\root\CIMV2", options)
' Explicit connection to WMI namespace
ms.Connect()
Dim mo As New ManagementObject("Win32_Share.Name=""X$""")
' Reuse existing connection for this
' ManagementObject retrieval
mo.Scope = ms
' Connection scope used when object is retrieved here!
mo.[Get]()
Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))
Listing 21.45: Rebooting a Remote Computer with WMI (reboot1.cs)
Imports System.Management
Class RemoteWMI
Private Shared Sub Main(ByVal args As String())
'Connect to the remote computer
Dim co As New ConnectionOptions()
co.Username = "mcb"
co.Password = "password"
Dim ms As New ManagementScope("\\MCBcomputer\root\cimv2", co)
'Query remote computer across the connection
Dim oq As New ObjectQuery("SELECT * FROM Win32_OperatingSystem")
Dim query1 As New ManagementObjectSearcher(ms, oq)
Dim queryCollection1 As ManagementObjectCollection = query1.[Get]()
For Each mo As ManagementObject In queryCollection1
Dim ss As String() = {""}
mo.InvokeMethod("Reboot", ss)
Console.WriteLine(mo.ToString())
Next
End Sub
End Class
Listing 21.46: Clearing the Application Logs
Imports System.Management
Namespace ClearEventLog
Class ClearEventLog
<STAThread()> _
Private Shared Sub Main(ByVal args As String())
Try
' create conncetion options
Dim options As New ConnectionOptions()
options.Authentication = AuthenticationLevel.[Call]
options.Impersonation = ImpersonationLevel.Impersonate
options.EnablePrivileges = True
options.Locale = "MS_409"
' LocaleID
options.Username = "mcb"
' username for connection
options.Password = "mindcracker"
' password for the
' create management scope for CIM/WMI
Dim ms As New ManagementScope("\\MCBComputer\root\CIMV2", options)
' query Application event log
Dim query1 As New ManagementObjectSearcher("select * from Win32_NTEventLogFile where LogfileName='Application'")
' get the query collection
Dim queryCollection1 As ManagementObjectCollection = query1.[Get]()
' clear the Application event log
For Each mo As ManagementObject In queryCollection1
mo.[Get]()
Dim inParams As ManagementBaseObject = mo.GetMethodParameters("ClearEventLog")
Dim outParams As ManagementBaseObject = mo.InvokeMethod("ClearEventLog", inParams, Nothing)
mo.Dispose()
Console.WriteLine()
If 0 = CInt(CUInt(outParams.Properties("ReturnValue").Value)) Then
Console.WriteLine("cleared!")
Else
Console.WriteLine("not cleared!!!")
End If
Next
Catch e As Exception
Console.WriteLine("Error: {0}", e.ToString())
End Try
End Sub
End Class
End Namespace
Conclusion
Hope this article would have helped you in understanding Windows Management Instrumentation in VB.NET