All posts filed under: wmi

Monitoring Volume Change Events in PowerShell using WMI

While I was preparing a few demo scripts for a Bangalore IT Pro UG meet session, I tumbled upon on WMI event class Win32_VolumeChangeEvent. This one is interesting. It is derived from Win32_DeviceChangeEvent class and gives us the ability to monitor local drive events directly.For example, you can get a notification when a local drive or mount point gets removed or added. The following table shows a list of event types we can monitor. Note This class may not be there on Windows XP. I have not verified this fact. Value Meaning 1 Configuration Changed 2 Device Arrival 3 Device Removal 4 Docking Let us see a few examples: Adding a new local drive We can monitor a local drive addition using the following query:

Using this, you can monitor removable drives such as external hard drives and flash drives.  Removal of a local drive To monitor the removal of local drive events, we can use the following query:

Registering for the above events

Once we have these event registrations done, we …

Attaching scripts or tasks to Windows event log entries using PowerShell and WMI

During a few load test iterations on a SharePoint farm, I started seeing some SQL exceptions in the application log of SharePoint servers. If you are familiar with SharePoint platform, you may have seen these events such as event ID 3355. This event complains that the SharePoint server cannot connect to SQL server. This need not really mean that the DB server is offline. So, to find out the real reason behind these event logs, I needed to start some trace activities whenever event ID 3355 gets logged. Initially, I was looking for eventtriggers.exe which is meant for attaching a script or task to an event log. However, I could neither find this on Windows Server 2008 R2 nor an external download. So, I wanted to look at other options I had. ┬áI found that there are multiple ways to achieve this. Attach to script or task to the event in Windows Event Viewer You can find this option in event viewer. This link is available in the actions pane of event viewer upon selecting …

Watch-Process: PowerShell to monitor local or remote process creation or deletion

After answering this question on StackOverflow, I started writing a simple function, for my own use, to monitor remote process creation or termination. I do lot of SharePoint installs on remote machines in my lab environment. This involves installing prerequisite software and SharePoint 2010 bits. I need a way to wait for the remote process to terminate and then do something based on the exit code of the process. This function is very useful to me. I don’t have to worry about event registrations every time I want to monitor a remote process. For the sake of sharing with others, I added monitoring of remote process creation also. If you think you can do this using Wait-Process, go head and explore it yourself. So, here it is: PoshCode: http://poshcode.org/2560 Update1: removed if ($computerName -eq “.”) check. Thanks to @cjwarwickps for the quick feedback. Update2: This results in a blocking call. This means, if you embed a call to Watch-Process in your script, your script just waits for this to complete before proceeding. I have not …

eBook: WMI Query Language via PowerShell

If you read the WQL series of posts on this blog, you may be aware by now that I was working on converting that series in to an eBook. So, finally, I made it. This ebook has 9 chapters (56 pages of WMI and PowerShell goodness) and here is the high-level content outline: Introduction Tools for the job WMI Data queries WMI Event Queries: Introduction Intrinsic Event Queries Extrinsic Event Queries Timer Events WMI Schema Queries WMI Event consumers As you see above, the content of this book much more than what was there in the blog posts. I have included a bonus chapter (WMI event consumers) to show how permanent event consumers can be create using both WMI and the PowerEvents module by @pcgeek86. I’ve spent almost 38hrs of editing on this book. This is excluding the hours my friends — Shay Levy, @Alexandair, Philip LaVoie, and Robert Robelo — spent reviewing the content. I am very thankful to them for spending their weekend reviewing this ebook and providing the feedback. Their feedback really …

Monitoring file creation using WMI and PowerEvents module

There are several ways we can create a file monitoring script using PowerShell. There is also a cmdlet in PowerShellPack called Start-FileSystemWatcher to monitor file /folder changes. However, none of these methods survive a exit at the console or wherever the script is running. This is because all these methods create a temporary event consumer. As I’d mentioned in an earlier post, Trevor’s PowerEvents module makes it very easy to create permanent event consumers in PowerShell. In today’s post, we shall look at how we can do that. Before we dig into that, let us first see how we can create a file monitoring script using PowerShell. Many people use CIM_DirectoryContainsFile class and create an event listener. This is how we use do that class in PowerShell.

As you see in the above output, what we get as a part of event data is just that string contained in $Event.SourceEventArgs.NewEvent.TargetInstance.PartComponent. Of course, if you are RegEx lover, you’d just parse that and find the name (extension, etc) of the new file that just got …

Creating complex scheduled tasks using WMI Timer events and PowerEvents Module

A few weeks ago, I wrote about WMI Timer events using Win32_LocalTime and then mentioned how to work around the DayOfWeek issue. In today’s post, I will show you how to use WMI timer events to create complex scheduled tasks. As system administrators, you may have to create scheduled jobs for performing various sysadmin tasks. We generally use Task Scheduler for such jobs. However, using the regular OS task scheduler, there is no easy way to create a scheduled task that occurs — for example — every Thursday of every fourth week of a month in the third quarter of every year. As I mentioned in my earlier posts, this is one area where WMI timer events are quite useful.

However, the major drawback of Register-WMIEvent is that the event registration is alive only until the PowerShell consle window is open. So, for this task to execute, you must have the console window open at all times. This is because Register-WMIEvent creates only a temporary event consumer. So, how do we create a permanent …