标签:管理员 ott reg 对象 put packet 类对象 each model
使用WMI或CIMWMI是英文“Windows Management Instrumentation”的缩写,翻译过来是Windows管理规范。
通俗的讲,WMI是一个技术或者规范,微软根据它开发出了一系列的东西。
主要有以下内容:
1、WMI 有一组 API
WMI有一组对外暴露的API,可供其他语言,如C#、VBScript
和PowerShell
来调用。
2、WMI 有一个存储库
尽管WMI的多数实例数据都不存储在WMI中,但是WMI确实有一个存储库,用来存放提供程序提供的类信息,或者称为类的蓝图或者Schema
3、WMI 有一个 Service
WMI有一个一直运行的Windows服务,名称为Winmgmt
,可以响应用户的访问。
PowerShell有两个Cmdlet,分别为Get-WinObject
和Get-CimInstance
。
这两个cmdlet可以结合"-class <WMI-Class>
"以及一些其他参数进行使用。
WMI cmdlet 已弃用 ,建议使用Get-CimInstance
替代Get-WinObject
Get-WmiObject的语法结构:
Get-WmiObject
[[-Class] <System.String>]
[[-Property] <System.String[]>]
[-Amended]
[-AsJob]
[-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}]
[-Authority <System.String>]
[-ComputerName <System.String[]>]
[-Credential <System.Management.Automation.PSCredential>]
[-DirectRead]
[-EnableAllPrivileges]
[-Filter <System.String>]
[-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}]
[-Locale <System.String>]
[-Namespace <System.String>]
[-ThrottleLimit <System.Int32>]
[<CommonParameters>]
Get-WmiObject
[[-Class] <System.String>]
[-Amended]
[-AsJob]
[-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}]
[-Authority <System.String>]
[-ComputerName <System.String[]>]
[-Credential <System.Management.Automation.PSCredential>]
[-EnableAllPrivileges]
[-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}]
[-List]
[-Locale <System.String>]
[-Namespace <System.String>]
[-Recurse]
[-ThrottleLimit <System.Int32>]
[<CommonParameters>]
Get-WmiObject
[-Amended]
[-AsJob]
[-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}]
[-Authority <System.String>]
[-ComputerName <System.String[]>]
[-Credential <System.Management.Automation.PSCredential>]
[-DirectRead]
[-EnableAllPrivileges]
[-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}]
[-Locale <System.String>]
[-Namespace <System.String>]
-Query <System.String>
[-ThrottleLimit <System.Int32>]
[<CommonParameters>]
使用Get-WmiObject -List
可以列出所有的 WMI对象的类,后接名称可以过滤查询,支持通配符。
查询:Get-WmiObject -List *_processor | Format-Table -Wrap
NameSpace:ROOT\cimv2
Name Methods Properties
---- ------- ----------
CIM_Processor {SetPowerState, Rese {AddressWidth, Availability, Caption, ConfigManagerErrorCode...
t} }
Win32_Processor {SetPowerState, Rese {AddressWidth, Architecture, AssetTag, Availability...}
t}
Win32_PerfFormattedData_PerfOS_Proc {} {C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec,
essor Caption...}
Win32_PerfRawData_PerfOS_Processor {} {C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec,
Caption...}
使用Get-WmiObject -Class <WMI-Class>
可以查询指定的 WMI类对象,其中-Class
可以省略。
查询主机CPU信息:Get-WmiObject win32_processor
Caption : Intel64 Family 6 Model 158 Stepping 13
DeviceID : CPU0
Manufacturer : GenuineIntel
MaxClockSpeed : 3000
Name : Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
SocketDesignation : U3E1
WMI类会自带一些方法和属性,上面列出的:
左边的就是属性,右侧的是属性的值。
可以通过".<PropertyName>
"获取属性的值,通过”.<MethodName>()
“调用WMI对象的方法。
(Get-WmiObject win32_processor).Name
PS C:\> (Get-WmiObject win32_processor).Name
Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz
引用WMI对象的方法
可以配合 Get-Member
查询WMI对象的使用方法。
PS C:\> Get-WmiObject -Class Win32Service | where {$.Name -eq ‘winrm‘}
ExitCode : 0
Name : WinRM
ProcessId : 0
StartMode : Auto
State : Stopped
Status : OK上面命令执行后,查到了一个对象(WinRM服务对象,当前为关闭状态),将其通过管道(|)传递给Get-Member 可以查询此对象的方法和属性
(Get-WmiObject -Class Win32Service | where {$.Name -eq ‘winrm‘}) | Get-Member -MemberType Method
TypeName:System.Management.ManagementObject#root\cimv2\Win32_Service
Name MemberType Definition
---- ---------- ----------
Change Method System.Management.ManagementBaseObject Change(System.String DisplayName, System.Stri...
ChangeStartMode Method System.Management.ManagementBaseObject ChangeStartMode(System.String StartMode)
Delete Method System.Management.ManagementBaseObject Delete()
GetSecurityDescriptor Method System.Management.ManagementBaseObject GetSecurityDescriptor()
InterrogateService Method System.Management.ManagementBaseObject InterrogateService()
PauseService Method System.Management.ManagementBaseObject PauseService()
ResumeService Method System.Management.ManagementBaseObject ResumeService()
SetSecurityDescriptor Method System.Management.ManagementBaseObject SetSecurityDescriptor(System.Management.Manag...
StartService Method System.Management.ManagementBaseObject StartService()
StopService Method System.Management.ManagementBaseObject StopService()
UserControlService Method System.Management.ManagementBaseObject UserControlService(System.Byte ControlCode)
根据查询结果可以看到,有”StartService“方法,可以直接调用此方法,启动WinRM服务。
(Get-WmiObject -Class Win32Service | where {$.Name -eq ‘winrm‘}).StartService()
PS C:\> (Get-WmiObject -Class Win32_Service | where {$_.Name -eq ‘winrm‘}).StartService()
__GENUS : 2
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH :
__PROPERTY_COUNT : 1
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
ReturnValue : 2
PSComputerName :
结果验证
Get-WmiObject -Class Win32Service | where {$.Name -eq ‘winrm‘}
PS C:\> Get-WmiObject -Class Win32_Service | where {$_.Name -eq ‘winrm‘}
ExitCode : 0
Name : WinRM
ProcessId : 24460
StartMode : Auto
State : Running
Status : OK
注意:开启或关闭服务,需要管理员权限的Powershell执行。
使用”Get-WmiObject -List <ClassName>
“查询WMI类名称,使用”Get-WmiObject <ClassName>
“直接使用WMI类,同时配合Get-Member
查询对象的方法和属性。
? PowerShell 版本 3.0 中引入了 通用信息模型 (CIM) cmdlet。CIM cmdlet 的设计目的是使其可以同时在 Windows 和非 Windows 计算机上使用。
? 由于 WMI cmdlet 已弃用,因此建议使用 CIM cmdlet 代替 WMI cmdlet。
? 可以通过Get-CimClass
命令查询CIM类的名称,支持通配符,-Class
可省略。
Get-CimClass *_processor
PS C:\> Get-CimClass *_processor
NameSpace:ROOT/cimv2
CimClassName CimClassMethods CimClassProperties
------------ --------------- ------------------
CIM_Processor {SetPowerState, R... {Caption, Description, InstallDate, Name...}
Win32_Processor {SetPowerState, R... {Caption, Description, InstallDate, Name...}
Win32_PerfFormattedData_PerfOS_P... {} {Caption, Description, Name, Frequency_Object...}
Win32_PerfRawData_PerfOS_Processor {} {Caption, Description, Name, Frequency_Object...}
使用CIM类是用的Get-CimInstance
命令。使用方法和”Get-WmiObject
“类似,只是显示的东西比”Get-WmiObject
“更少。
Get-CimInstance -Class Win32_Processor
PS C:\> Get-CimInstance -Class Win32_Processor
DeviceID Name Caption MaxClockSpeed SocketDesignation
-------- ---- ------- ------------- -----------------
CPU0 Intel(R) Core(TM) i7-9700 CPU @ 3.00GHz Intel64 Family 6 Model 158 Stepping 13 3000 U3E1
”Get-CimInstance
“和”Get-WmiObject
“使用方式类似,只是有一个专门的命令可以查询WMI或CIM类的信息。
附录 1: 其他 WMI命令
PS C:\> Get-Command *WMI* -CommandType Cmdlet
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Get-WmiObject 3.1.0.0 Microsoft.PowerShell.Management
Cmdlet Invoke-WmiMethod 3.1.0.0 Microsoft.PowerShell.Management
Cmdlet Register-WmiEvent 3.1.0.0 Microsoft.PowerShell.Management
Cmdlet Remove-WmiObject 3.1.0.0 Microsoft.PowerShell.Management
Cmdlet Set-WmiInstance 3.1.0.0 Microsoft.PowerShell.Management
附录 2: 其他 CIM命令
PS C:\> Get-Command -Module CimCmdlets
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Export-BinaryMiLog 1.0.0.0 CimCmdlets
Cmdlet Get-CimAssociatedInstance 1.0.0.0 CimCmdlets
Cmdlet Get-CimClass 1.0.0.0 CimCmdlets
Cmdlet Get-CimInstance 1.0.0.0 CimCmdlets
Cmdlet Get-CimSession 1.0.0.0 CimCmdlets
Cmdlet Import-BinaryMiLog 1.0.0.0 CimCmdlets
Cmdlet Invoke-CimMethod 1.0.0.0 CimCmdlets
Cmdlet New-CimInstance 1.0.0.0 CimCmdlets
Cmdlet New-CimSession 1.0.0.0 CimCmdlets
Cmdlet New-CimSessionOption 1.0.0.0 CimCmdlets
Cmdlet Register-CimIndicationEvent 1.0.0.0 CimCmdlets
Cmdlet Remove-CimInstance 1.0.0.0 CimCmdlets
Cmdlet Remove-CimSession 1.0.0.0 CimCmdlets
Cmdlet Set-CimInstance 1.0.0.0 CimCmdlets
参考:
1.WMI入门(一):什么是WMI https://www.cnblogs.com/ceachy/archive/2013/03/21/WMI_What.html
2.使用WMI:
https://docs.microsoft.com/zh-cn/powershell/scripting/learn/ps101/07-working-with-wmi
标签:管理员 ott reg 对象 put packet 类对象 each model
原文地址:https://blog.51cto.com/3chou/2563030