All posts tagged: WMI Query Language

WMI Query Language (WQL) – Event Queries: Extrinsic Events

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events (this post) 10. WMI query language – Schema queries In this part of the WQL series, we shall look at extrinsic events. Extrinsic events represent events that do not directly link to standard WMI model. For example, Windows registry defines extrinsic events for all registry change events. For intrinsic events, having a WMI provider isn’t mandatory. This is mostly because they are defined within the standard WMI model and WMI takes care of these …

WMI Query Language (WQL) – Event Queries: Intrinsic Events

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events (this post) 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries In this part of the WQL series, I will introduce intrinsic WMI events. Intrinsic events are used to monitor a resource represented by a class in the CIM repository. In other words, the intrinsic events occur in response to a change in the standard WMI data model. WMI creates intrinsic events for objects stored in the WMI repository. A provider generates intrinsic events for dynamic classes, but WMI …

WMI Query Language (WQL) – Event Queries: Syntax

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax (This post) 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries The WMI query syntax for event queries is a bit different and deserves a discussion. So, before we delve in to the types of event queries, let us first look at the syntax for WQL event queries. As we discussed earlier, we use SELECT statement for event queries too. We can combine this with other keywords such as WITHIN, HAVING, and GROUP to change how we …

WMI Timer Events in PowerShell using Win32_LocalTime

This is not a part of the WQL series I am doing. I happend to take a look at the WMI timer events while providing feedback to an upcoming (cool) PowerEvents module by Trevor (@pcgeek86). BTW, this module will be released on November 30th. So, watch out for the annoncement. Coming to the subject of this post, in WMI, there are 3 types of events possible. They are Timer events, Intrinsic events, and extrinsic events. My WQL series will soon cover intrinsic and extrensic events. Very few people have written about WMI timer events in the past but this particular post on The SysAdmins blog discusses good amount of details. In today’s post, I am going to write about WMI timer events in PowerShell and how to use Register-WMIEvent cmdlet to create a temporary consumer to consume these events. In general, WMI timer events are generated by WMI infrastructure at a point in time. In the good old days of Windows 2000, we had to capture these by creating an instance of classes derived from the __TimerInstruction class. Also, there are two types of …

WMI Query Language (WQL) – Event Queries: Introduction

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction (this post) 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries In this post, I will write a bit about basics of WMI events and how Register-WMIEvent cmdlet can be used. To start with, here is an excerpt from Microsoft Scripting guide that introduces WMI events: Just as there is a WMI class that represents each type of system resource that can be managed using WMI, there is a WMI class that represents each type of WMI …

WMI Query Language (WQL) – Data Queries: References Of

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of (this post) 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries Per MSDN documentation, the REFERENCES OF statement Retrieves all association instances that refer to a particular source instance. The REFERENCES OF statement is similar to the ASSOCIATORS OF statement in its syntax. However, rather than retrieving endpoint instances, it retrieves the intervening association instances. That is very cryptic for beginners like you and me. So, let us look at an example to understand this. If …

WMI Query Language (WQL) – Data Queries: Associators Of

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of (this post) 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries As we saw in the previous post, Select queries can be used to retrieve instances of WMI class. But select queries are not the only way to query for instances. We can also use Associators Of keyword to the same. However, there is a difference. Select queries always return a collection of instances of a WMI class where as “Associators Of” returns a collection of …

WMI Query Language (WQL) – Data Queries: SELECT, FROM, and WHERE

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE (this post) 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries In this part of the series on WQL, we will look at what are data queries and how some of the WQL keywords & operators can be used to retrieve information from WMI repository. Also, as mentioned earlier, there are many other tools that consume WQL queries to retrieve information from WMI. However, in this series, I shall use only PowerShell to demostrate WQL. WQL data …