All posts tagged: wmi

Monitoring file creation using WMI and PowerEvents module

There are several ways we can create a file monitoring script using PowerShell. There is also a cmdlet in PowerShellPack called Start-FileSystemWatcher to monitor file /folder changes. However, none of these methods survive a exit at the console or wherever the script is running. This is because all these methods create a temporary event consumer. As I’d mentioned in an earlier post, Trevor’s PowerEvents module makes it very easy to create permanent event consumers in PowerShell. In today’s post, we shall look at how we can do that. Before we dig into that, let us first see how we can create a file monitoring script using PowerShell. Many people use CIM_DirectoryContainsFile class and create an event listener. This is how we use do that class in PowerShell.

As you see in the above output, what we get as a part of event data is just that string contained in $Event.SourceEventArgs.NewEvent.TargetInstance.PartComponent. Of course, if you are RegEx lover, you’d just parse that and find the name (extension, etc) of the new file that just got …

Creating complex scheduled tasks using WMI Timer events and PowerEvents Module

A few weeks ago, I wrote about WMI Timer events using Win32_LocalTime and then mentioned how to work around the DayOfWeek issue. In today’s post, I will show you how to use WMI timer events to create complex scheduled tasks. As system administrators, you may have to create scheduled jobs for performing various sysadmin tasks. We generally use Task Scheduler for such jobs. However, using the regular OS task scheduler, there is no easy way to create a scheduled task that occurs — for example — every Thursday of every fourth week of a month in the third quarter of every year. As I mentioned in my earlier posts, this is one area where WMI timer events are quite useful.

However, the major drawback of Register-WMIEvent is that the event registration is alive only until the PowerShell consle window is open. So, for this task to execute, you must have the console window open at all times. This is because Register-WMIEvent creates only a temporary event consumer. So, how do we create a permanent …

Learn WMI Query Language using PowerShell

These posts in the form of an ebook now available Back in July, I started a series of articles on WMI query language. There has been lot of delay in finishing up the series and when I did finish it, there were several issues with my blog. I had to re-write last two parts of the series. So, lot of links you might have bookmarked may not be valid since the entire blog content went through a churn. So, I thought it will be good to publish one post with links to all articles in this series. So, here it is — all 10 parts of the series. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: …

WMI Query Language (WQL) – Schema Queries

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries (this post) In this last and final part of this series, we will look at how to use WQL for querying the WMI schema. Schema queries are used to retrieve class definitions (rather than class instances) and schema associations. In simple words, if you need to find out what type of information (this is what schema really means) a specific class holds, you use schema queries.Here is …

WMI Timer Events in PowerShell using Win32_LocalTime

This is not a part of the WQL series I am doing. I happend to take a look at the WMI timer events while providing feedback to an upcoming (cool) PowerEvents module by Trevor (@pcgeek86). BTW, this module will be released on November 30th. So, watch out for the annoncement. Coming to the subject of this post, in WMI, there are 3 types of events possible. They are Timer events, Intrinsic events, and extrinsic events. My WQL series will soon cover intrinsic and extrensic events. Very few people have written about WMI timer events in the past but this particular post on The SysAdmins blog discusses good amount of details. In today’s post, I am going to write about WMI timer events in PowerShell and how to use Register-WMIEvent cmdlet to create a temporary consumer to consume these events. In general, WMI timer events are generated by WMI infrastructure at a point in time. In the good old days of Windows 2000, we had to capture these by creating an instance of classes derived from the __TimerInstruction class. Also, there are two types of …

Quick PowerShell Tip: Get Process commandline information

This morning I answered a quetion on TechNet Windows PowerShell forum regarding retrieving a process commandline arguments. You cannot do this using Get-Process cmdlet. I thought I should share it here as well. Let us look at an example. I started a PowerShell process by passing a .PS1 script name to it. For the sake of demo, this script just sleeps for a long time. I used Start-> Run option to run the following commandline   PowerShell.exe C:\scripts\Testravi.ps1    Get-Process has no commandline property to see the arguments I just sent to PowerShell.exe  However, Win32_Process WMI class provides the commandline arguments information. This calss has a property called CommandLine. So, we can use Get-WMIObject cmdlet to see the commandline arguments passed to PowerShell.exe. To do this,  

This will filter the process information for the PowerShell process and output the commandline property value.