160 likes | 179 Views
PowerShell and WMI. Empowering admins and engineers worldwide. IT Administrators & Engineers Security teams IT Managers. Who needs WMI?. Why WMI?. Providers Namespaces Classes Instance Properties Instance Methods Static properties Static methods System classes
E N D
PowerShell and WMI Empowering admins and engineers worldwide.
IT Administrators & Engineers • Security teams • IT Managers Who needs WMI? Presentation by Trevor Sullivan
Why WMI? Presentation by Trevor Sullivan
Providers • Namespaces • Classes • Instance Properties • Instance Methods • Static properties • Static methods • System classes • WMI qualifiers (metadata) WMI Architecture Presentation by Trevor Sullivan
Select * from <EventClass> within <seconds> where <criteria> WMI Eventing Presentation by Trevor Sullivan
WMI Tools Presentation by Trevor Sullivan
What is a type accelerator? System.Management Namespace • [wmiclass] = ManagementClass • [wmi] = ManagementObject • [wmisearcher] = ManagementObjectSearcher WMI Type Accelerators Presentation by Trevor Sullivan
Type Accelerator Examples Presentation by Trevor Sullivan
Get-WmiObject • Register-WmiEvent • Get-EventSubscriber • Unregister-Event • Invoke-WmiMethod • (Get-WmiObject … …).MethodName(); • ([wmiclass]"class_name").MethodName(); • Remove-WmiObject • (Get-WmiObject … …) | % { $_.Delete() }; • Set-WmiInstance • [wmiclass]"win32_environment").CreateInstance(); WMI Cmdlets Presentation by Trevor Sullivan
WMI Cmdlet Examples Presentation by Trevor Sullivan
WMI Event Cmdlet Examples Presentation by Trevor Sullivan
WMI Event Cmdlet Examples Presentation by Trevor Sullivan
Permanent WMI Events Presentation by Trevor Sullivan
Get-CimAssociatedInstance • Get-CimClass • Get-CimInstance • Get-CimSession • Invoke-CimMethod • New-CimInstance • New-CimSession • New-CimSessionOption • Register-CimIndicationEvent • Remove-CimInstance • Remove-CimSession • Set-CimInstance Use WinRM and avoid DCOM / RPC nightmares! PowerShell v3 Presentation by Trevor Sullivan
Browse WMI with SAPIEN WMI Explorer • http://www.sapien.com/downloads • Try out the WMI cmdlets and type accelerators • Learn about WMI eventing • http://powerevents.codeplex.com/ Call to action Presentation by Trevor Sullivan
Thanks for coming! Presentation by Trevor Sullivan