Windows Management Instrumentation in VB.NET

In this article I will explain you about Windows Management Instrumentation in VB.NET
  • 3335

Windows Management Instrumentation (WMI) helps to ease administrative enterprise system management tasks such as starting and stopping remote services and rebooting a remote machine. With WMI you can create management applications to control and modify operating system elements contained in systems, applications, networks, and devices such as CPUs, disks, memory, services, and network status. But you are required to have authorization to perform the relevant tasks. All of the .NET WMI classes live in the System.Management namespace.

Although WMI is a great feature, it may prove to be a security risk because intruders may use WMI objects accidentally or maliciously to their advantage without your control. If you have no intention of using the features of WMI on your network, you may want to disable it on certain computers. Note that all of the WMI operations are controlled by the Windows Management Instrumentation Windows service on computers on which Windows NT, 2000, or XP is installed.

WMI is an interface designed to interact with parts of the Windows operating system. Without it we would have to address administrative tasks individually rather than remotely and automatically. WMI works with the Common Information Model Object Manager (CIMOM). CIMOM is a database of objects representing different operating system elements such as applications and services. CIMOM provides a common interface to these operating system elements.

WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM). WBEM is an industry initiative to develop a standardized technology for accessing management information such as details about the state of system memory, inventories of currently installed client applications, and other information about client status in an enterprise environment. WMI enables the Common Information Model (CIM) designed by the Distributed Management Task Force (DMTF) to represent systems, applications, networks, and other managed components. CIM can model every component in the managed environment, regardless of the data source location. As well as data modeling, WMI provides a powerful set of basic services that include query-based information retrieval and event notification.

CIM is a model for describing overall management information in a network or enterprise environment. It comprises both a specification and a schema. The specification defines the details for integration with other management models, while the schema provides the actual model descriptions.

More details about WBEM, CIM, and other DMTF standards are available at http://www.dmtf.org/standards/.

WMI can help you accomplish a horde of tasks:

  • Control remote workstations and severs in bulk from your own workstation
  • Audit or configure Windows 2000 systems automatically and remotely
  • Centrally archive Windows NT event logs
  • Block server render down with WMI event notification
  • Integrate WMI with Active Directory
  • Manipulate remote processes and files
  • Identify, list, and adjust all the services on a server
  • Identify, list, and adjust all the NT file system partitions on a server that have less than 10 percent free space
  • Execute a backup on a Microsoft Exchange Server machine and then dump the transaction log
  • Use any existing WMI method to launch a program on a server remotely
  • Set up an event consumer that subscribes to a system that watches for a specific event in the system log and sends an SMS (System Management Service) or e-mail message when that event occurs
  • Reconfigure an event consumer to request a system event whenever a server's CPU use exceeds 85 percent

WMI has a query language named WQL (Windows Management Instrumentation Query Language). WQL is a subset of the American National Standards Institute Structured Query Language (ANSI SQL) with small semantic changes to support WMI. For example, you can perform a WQL query such as "SELECT * FROM Win32_Processor" on the root\CIMV2 namespace path.

The code samples in Listings 21.39 through 21.46 demonstrate various ways to employ WMI in the .NET Framework.

Listing 21.39: Retrieving Local WMI Objects

    Dim mo As New ManagementObject("Win32_Share.Name=""X$""")
    mo.[Get]()
    Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))


Listing 21.40: Retrieving Remote WMI Objects


    Dim path As New ManagementPath()
    path.Path =
"Win32_Share.Name=""X$"""
    path.Server = "MCBcomputer"
    path.NamespacePath = "root\CIMV2"
    Dim mo As New ManagementObject(path)
    Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))


Listing 21.41: Enumerating WMI Objects


    Dim mc As New ManagementClass("Win32_Share")
    Dim mcCollection As ManagementObjectCollection = mc.GetInstances()
    For Each mo As ManagementObject In mcCollection
        Console.WriteLine("'{0}' path is '{1}'", mo("__RELPATH"), mo("Path"))
    Next


Listing 21.42: Performing Queries on WMI Objects

    Dim query As New ManagementObjectSearcher("SELECT * FROM Win32_Service WHERE Started=true")
    Dim queryCollection As ManagementObjectCollection = query.[Get]()
    For Each mo As ManagementObject In queryCollection
        Console.WriteLine("Service: '{0}'", mo("DisplayName"))
    Next


Listing 21.43: Calling a WMI Object Method to Create TEMP Share to C:\TEMP


    Dim mc As New ManagementClass("Win32_Share")
    ' Get the methods in parameters
    Dim inParams As ManagementBaseObject = mc.GetMethodParameters("Create")
    ' Setup method parameters
    inParams("Name") = "TEMP"
    inParams("Path") = "C:\TEMP"
    inParams("Type") = 0
    Dim outParams As ManagementBaseObject = mc.InvokeMethod("Create", inParams, Nothing)
    ' inspect out parameters for return value
    Dim retVal As UInteger = CUInt(outParams("ReturnValue"))


Listing 21.44: Managing Remote WMI Connections

    Dim options As New ConnectionOptions()
    options.Authentication = AuthenticationLevel.[Call]
    options.Impersonation = ImpersonationLevel.Impersonate
    options.EnablePrivileges =
True
    options.Locale = "MS_409"
    options.Username = "MCBDOMAIN\mcb"
    options.Password = "password"
    Dim ms As New ManagementScope("\\MCBcomputer\root\CIMV2", options)
    ' Explicit connection to WMI namespace
    ms.Connect()
    Dim mo As New ManagementObject("Win32_Share.Name=""X$""")
    ' Reuse existing connection for this
    ' ManagementObject retrieval
    mo.Scope = ms
    ' Connection scope used when object is retrieved here!
    mo.[Get]()
    Console.WriteLine("Win32_Share.Name=""X$"" path is {0}", mo("Path"))


Listing 21.45: Rebooting a Remote Computer with WMI (reboot1.cs)


    Imports System.Management
    Class RemoteWMI
        Private Shared Sub Main(ByVal args As String())
            'Connect to the remote computer
            Dim co As New ConnectionOptions()
            co.Username =
"mcb"
            co.Password = "password"
            Dim ms As New ManagementScope("\\MCBcomputer\root\cimv2", co)
            'Query remote computer across the connection
            Dim oq As New ObjectQuery("SELECT * FROM Win32_OperatingSystem")
            Dim query1 As New ManagementObjectSearcher(ms, oq)
            Dim queryCollection1 As ManagementObjectCollection = query1.[Get]()
            For Each mo As ManagementObject In queryCollection1
                Dim ss As String() = {""}
                mo.InvokeMethod(
"Reboot", ss)
                Console.WriteLine(mo.ToString())
            Next
        End
Sub
    End
Class


Listing 21.46: Clearing the Application Logs

    Imports System.Management
    Namespace ClearEventLog
    Class ClearEventLog
    <STAThread()> _
        Private Shared Sub Main(ByVal args As String())
            Try
                ' create conncetion options
                Dim options As New ConnectionOptions()
                options.Authentication = AuthenticationLevel.[Call]
                options.Impersonation = ImpersonationLevel.Impersonate
                options.EnablePrivileges =
True
                options.Locale = "MS_409"
                ' LocaleID
                options.Username = "mcb"
                ' username for connection
                options.Password = "mindcracker"
                ' password for the
                ' create management scope for CIM/WMI
                Dim ms As New ManagementScope("\\MCBComputer\root\CIMV2", options)
                ' query Application event log
                Dim query1 As New ManagementObjectSearcher("select * from Win32_NTEventLogFile where LogfileName='Application'")
                ' get the query collection
                Dim queryCollection1 As ManagementObjectCollection = query1.[Get]()
                ' clear the Application event log
                For Each mo As ManagementObject In queryCollection1
                    mo.[Get]()
                    Dim inParams As ManagementBaseObject = mo.GetMethodParameters("ClearEventLog")
                    Dim outParams As ManagementBaseObject = mo.InvokeMethod("ClearEventLog", inParams, Nothing)
                    mo.Dispose()
                    Console.WriteLine()
                    If 0 = CInt(CUInt(outParams.Properties("ReturnValue").Value)) Then
                        Console.WriteLine("cleared!")
                    Else
                        Console.WriteLine("not cleared!!!")
                    End If
                Next
                    Catch
e As Exception
                    Console
.WriteLine("Error: {0}", e.ToString())
           
End Try
        End
Sub
    End
Class
    End
Namespace


Conclusion

Hope this article would have helped you in understanding Windows Management Instrumentation in VB.NET

Categories

More Articles

© 2019 DotNetHeaven. All rights reserved.