0
PowerShell and WMI Eventing for IT Pros<br />Ravikanth C<br />
About me<br />Lead Engineer at Dell<br />Windows PowerShell MVP<br />Developer on several PowerShell projects on Codeplex<...
Agenda<br />What is WMI?<br />WMI and PowerShell<br />WMI Events – An Introduction<br />Intrinsic Events<br />Extrinsic Ev...
What is WMI?<br />Windows Management Instrumentation<br />Microsoft’s implementation of WBEM<br />Set of classes that supp...
VBScript vs PowerShell<br />VBScript<br />PowerShell<br />set objWMIService = GetObject("winmgmts:" _<br />& "{impersonati...
WMI and PowerShell<br />PowerShell v2 has 5 WMI cmdlets<br />Get-WmiObject<br />Register-WmiEvent<br />Invoke-WmiMethod<br...
WMI Events – An Introduction<br />Events generated by operating system and several other components<br />Register-WMIEvent...
WMI Events - Hierarchy<br />
WMI Events – Intrinsic Events<br />Represent changes to standard WMI data model<br />WMI uses polling to detect a change<b...
WMI Events – Extrinsic Events<br />Represent events that do not directly link to standard WMI model<br />Example: Windows ...
WMI Events – Timer Events<br />Two types of Timer Events<br />AbsoluteTimer Events<br />IntervalTimer Events<br />Win32_Lo...
WMI Events – Event Consumers<br />Temporary Consumers<br />Event registration dies as soon as the host exits<br />Register...
Thank YouQ/A<br />
Upcoming SlideShare
Loading in...5
×

PowerShell and WMI Eventing for IT Pros

1,541

Published on

This session was done at Bangalore IT Pro UG meet on 20th August 2011. This was an introductory session to WMI eventing in PowerShell.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,541
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "PowerShell and WMI Eventing for IT Pros"

  1. 1. PowerShell and WMI Eventing for IT Pros<br />Ravikanth C<br />
  2. 2. About me<br />Lead Engineer at Dell<br />Windows PowerShell MVP<br />Developer on several PowerShell projects on Codeplex<br />Author of<br />Free eBook: WMI Query Language via PowerShell<br />Free eBook: Layman’s guide to PowerShell 2.0 remoting<br />Co-author on Quest’s SharePoint 2010 & PowerShell cheat sheet<br />Blog at http://www.ravichaganti.com/blog<br />
  3. 3. Agenda<br />What is WMI?<br />WMI and PowerShell<br />WMI Events – An Introduction<br />Intrinsic Events<br />Extrinsic Events<br />Timer Events<br />WMI event consumers<br />Temporary<br />Permanent<br />Q & A<br />
  4. 4. What is WMI?<br />Windows Management Instrumentation<br />Microsoft’s implementation of WBEM<br />Set of classes that supply management information<br />Manage Windows environment faster & easier<br />Available since NT 4<br />Myths<br />WMI is too hard<br />IT admins can’t use WMI for automation<br />
  5. 5. VBScript vs PowerShell<br />VBScript<br />PowerShell<br />set objWMIService = GetObject("winmgmts:" _<br />& "{impersonationlevel=impersonate}!" _<br />& ".rootcimv2")<br />set colProcesses = objWMIService.ExecQuery _<br />("SELECT * FROM Win32_Process")<br />for each objProcess in colProcesses<br />WScript.Echo "Name : " + objProcess.Name<br />WScript.Echo "Handle : " + objProcess.Handle<br />WScript.Echo "Handles: " + Cstr(objProcess.HandleCount)<br />WScript.Echo "ThreadCount : " + Cstr(objProcess.ThreadCount)<br />next<br />Get-WmiObject –Class Win32_Process<br />
  6. 6. WMI and PowerShell<br />PowerShell v2 has 5 WMI cmdlets<br />Get-WmiObject<br />Register-WmiEvent<br />Invoke-WmiMethod<br />Remove-WmiObject<br />Set-WmiInstance<br />Get-WmiObject for traversing WMI classes and Objects<br />Default name space is rootcimv2<br />List all Win32 WMI classes<br />Get-WmiObject-NamespaceRootCimv2-List|?{$_.Name-like'*Win32*'}<br />
  7. 7. WMI Events – An Introduction<br />Events generated by operating system and several other components<br />Register-WMIEvent can be used to subscribe to events<br />Not all WMI classes are event classes<br />Requires Admin privileges<br />Can monitor remote systems<br />Complex event registrations require knowledge of WQL<br />Event Query Types<br />Intrinsic Events<br />Extrinsic Events<br />Timer Events<br />
  8. 8. WMI Events - Hierarchy<br />
  9. 9. WMI Events – Intrinsic Events<br />Represent changes to standard WMI data model<br />WMI uses polling to detect a change<br />Derived from __IntrinsicEvent class and includes<br />__InstanceCreationEvent<br />__InstanceDeletionEvent<br />__InstanceModificationEvent<br />__InstanceOperationEvent<br />Syntax<br />SELECT Property_List FROM EventClass WITHIN PollingIntervalWHERE TargetInstance | PreviousInstanceISA WMIClassNameAND TargetInstance.WMIClassPropertyName = Value <br />
  10. 10. WMI Events – Extrinsic Events<br />Represent events that do not directly link to standard WMI model<br />Example: Windows Registry Provider Events, Power Management Events<br />Derived from __ExtrinsicEvent class<br />Registry Event Provider<br />RegistryValueChangeEvent<br />RegistryKeyChangeEvent<br />RegistryTreeChangeEvent<br />
  11. 11. WMI Events – Timer Events<br />Two types of Timer Events<br />AbsoluteTimer Events<br />IntervalTimer Events<br />Win32_LocalTime and Win32_CurrentTime replaced the legacy __AbsoluteTimerInstructionand __IntervalTimerInstructionclasses<br />Not really required for a regular system admin job<br />
  12. 12. WMI Events – Event Consumers<br />Temporary Consumers<br />Event registration dies as soon as the host exits<br />Register-WmiEvent<br />Permanent Consumers<br />Event registration available even after a system reboot<br />5 Types of built-in types<br />Log File<br />Commandline<br />ActiveScript<br />SMTP<br />EventLog<br />PowerEvents Module for permanent consumers<br />http://powerevents.codeplex.com<br />
  13. 13. Thank YouQ/A<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×