All posts filed under: wmi

Monitoring Volume Change Events in PowerShell using WMI

While I was preparing a few demo scripts for a Bangalore IT Pro UG meet session, I tumbled upon on WMI event class Win32_VolumeChangeEvent. This one is interesting. It is derived from Win32_DeviceChangeEvent class and gives us the ability to monitor local drive events directly.For example, you can get a notification when a local drive or mount point gets removed or added. The following table shows a list of event types we can monitor. Note This class may not be there on Windows XP. I have not verified this fact. Value Meaning 1 Configuration Changed 2 Device Arrival 3 Device Removal 4 Docking Let us see a few examples: Adding a new local drive We can monitor a local drive addition using the following query:

Using this, you can monitor removable drives such as external hard drives and flash drives.  Removal of a local drive To monitor the removal of local drive events, we can use the following query:

Registering for the above events

Once we have these event registrations done, we …

Attaching scripts or tasks to Windows event log entries using PowerShell and WMI

During a few load test iterations on a SharePoint farm, I started seeing some SQL exceptions in the application log of SharePoint servers. If you are familiar with SharePoint platform, you may have seen these events such as event ID 3355. This event complains that the SharePoint server cannot connect to SQL server. This need not really mean that the DB server is offline. So, to find out the real reason behind these event logs, I needed to start some trace activities whenever event ID 3355 gets logged. Initially, I was looking for eventtriggers.exe which is meant for attaching a script or task to an event log. However, I could neither find this on Windows Server 2008 R2 nor an external download. So, I wanted to look at other options I had. ┬áI found that there are multiple ways to achieve this. Attach to script or task to the event in Windows Event Viewer You can find this option in event viewer. This link is available in the actions pane of event viewer upon selecting …

Watch-Process: PowerShell to monitor local or remote process creation or deletion

After answering this question on StackOverflow, I started writing a simple function, for my own use, to monitor remote process creation or termination. I do lot of SharePoint installs on remote machines in my lab environment. This involves installing prerequisite software and SharePoint 2010 bits. I need a way to wait for the remote process to terminate and then do something based on the exit code of the process. This function is very useful to me. I don’t have to worry about event registrations every time I want to monitor a remote process. For the sake of sharing with others, I added monitoring of remote process creation also. If you think you can do this using Wait-Process, go head and explore it yourself. So, here it is: PoshCode: Update1: removed if ($computerName -eq “.”) check. Thanks to @cjwarwickps for the quick feedback. Update2: This results in a blocking call. This means, if you embed a call to Watch-Process in your script, your script just waits for this to complete before proceeding. I have not …