All posts filed under: wmi

Learn WMI Query Language using PowerShell

These posts in the form of an ebook now available [download id=”25″ format=”4″] Back in July, I started a series of articles on WMI query language. There has been lot of delay in finishing up the series and when I did finish it, there were several issues with my blog. I had to re-write last two parts of the series. So, lot of links you might have bookmarked may not be valid since the entire blog content went through a churn. So, I thought it will be good to publish one post with links to all articles in this series. So, here it is — all 10 parts of the series. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language …

WMI Query Language (WQL) – Schema Queries

These posts in the form of an ebook now available [download id=”25″ format=”4″] Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries (this post) In this last and final part of this series, we will look at how to use WQL for querying the WMI schema. Schema queries are used to retrieve class definitions (rather than class instances) and schema associations. In simple words, if you need to find out what type of information (this is what schema really means) a specific class holds, you use …

WMI Query Language (WQL) – Event Queries: Extrinsic Events

These posts in the form of an ebook now available [download id=”25″ format=”4″] Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events (this post) 10. WMI query language – Schema queries In this part of the WQL series, we shall look at extrinsic events. Extrinsic events represent events that do not directly link to standard WMI model. For example, Windows registry defines extrinsic events for all registry change events. For intrinsic events, having a WMI provider isn’t mandatory. This is mostly because they are defined within the standard WMI model and WMI takes …

WMI Query Language (WQL) – Event Queries: Intrinsic Events

These posts in the form of an ebook now available [download id=”25″ format=”4″] Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events (this post) 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries In this part of the WQL series, I will introduce intrinsic WMI events. Intrinsic events are used to monitor a resource represented by a class in the CIM repository. In other words, the intrinsic events occur in response to a change in the standard WMI data model. WMI creates intrinsic events for objects stored in the WMI repository. A provider generates intrinsic events for dynamic …

WMI Query Language (WQL) – Event Queries: Syntax

These posts in the form of an ebook now available [download id=”25″ format=”4″] Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax (This post) 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries The WMI query syntax for event queries is a bit different and deserves a discussion. So, before we delve in to the types of event queries, let us first look at the syntax for WQL event queries. As we discussed earlier, we use SELECT statement for event queries too. We can combine this with other keywords such as WITHIN, HAVING, and GROUP to …

Workarounds for DayOfWeek Timer events when using Win32_LocalTime

In my earlier post, I showed how Win32_LocalTime WMI class can be used to capture timer events. As mentioned there, WMI events can be quite helpful in creating complex scheduling tasks. For example, you can specify to run a script every Thursday of every fourth week of a month in the third quarter of every year. However, there is a bug in Win32_LocalTime that currently blocks this. I created a support incident with MS and reported this bug to them. I got a response that this indeed is a bug and they provided a workaround to solve this temporarily. Let us see this with an example. I will use the same scenario I mentioned earlier: every Thursday of every fourth week of a month in the third quarter of every year

Observe how I used DayOfWeek property twice in the query. This is the workaround. This event fires only when DayOfWeek is used this way. However, the side effect of this is: the event fires on both Thursday (4) and Friday (5). We can …

WMI Timer Events in PowerShell using Win32_LocalTime

This is not a part of the WQL series I am doing. I happend to take a look at the WMI timer events while providing feedback to an upcoming (cool) PowerEvents module by Trevor (@pcgeek86). BTW, this module will be released on November 30th. So, watch out for the annoncement. Coming to the subject of this post, in WMI, there are 3 types of events possible. They are Timer events, Intrinsic events, and extrinsic events. My WQL series will soon cover intrinsic and extrensic events. Very few people have written about WMI timer events in the past but this particular post on The SysAdmins blog discusses good amount of details. In today’s post, I am going to write about WMI timer events in PowerShell and how to use Register-WMIEvent cmdlet to create a temporary consumer to consume these events. In general, WMI timer events are generated by WMI infrastructure at a point in time. In the good old days of Windows 2000, we had to capture these by creating an instance of classes derived from the __TimerInstruction class. Also, there are two types of …

WMI Query Language (WQL) – Event Queries: Introduction

These posts in the form of an ebook now available [download id=”25″ format=”4″] Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction (this post) 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries In this post, I will write a bit about basics of WMI events and how Register-WMIEvent cmdlet can be used. To start with, here is an excerpt from Microsoft Scripting guide that introduces WMI events: Just as there is a WMI class that represents each type of system resource that can be managed using WMI, there is a WMI class that represents each …