A Brief Guide About Windows Management Instrumentation (WMI)

The framework for management information and activities on Windows-based operating systems is called Windows Management Instrumentation (WMI).

WMI also provides management data to other components of the operating system and products, such as SCOM (System Center Operations Manager) or Windows Remote Management.

What is Windows Management Instrumentation (WMI?)

WMI is a platform for managing and monitoring the operating system and other Microsoft applications and services on personal computers, servers, and other network devices.

WMI provides a comprehensive, scalable, and easy-to-use programming interface that provides programmatic access to information and services on Microsoft-managed computers and other network devices.

It is used to discover and monitor the operating system, services, and applications on the computer, as well as registry and file system data. It is also used to create and manage scripts and programs that automate the management and administration of the computer.

It employs the WQL (Windows Query Language) programming language to query information and conduct operations on the operating system, computers, and devices.

It also gives you access to PowerShell, one of the most powerful and flexible administration tools for Windows, which you may use to create automation scripts.

Furthermore, WMI enables you to construct custom applications that provide additional functionality for the management and administration of Windows systems and applications.

Users who need to monitor their machines’ state, do basic troubleshooting, and collect performance data will find WMI handy.

What is the purpose of WMI?

WMI is useful in a Windows enterprise network because it simplifies the operation and management of enterprise network components by delivering data to other products for further enhancement and scalability.  

The whole purpose of WMI is to provide a unified management framework experience across all aspects of a Windows system, such as:

• Operating system components
• Processes and threads
• Services
• Devices
• Drivers
• Applications
• User accounts
• Security settings

The purpose of the WMI invention leads to reduced cost and time in operations and development related to windows systems. WMI also enables you to monitor system events and collect performance data. This data can be used to troubleshoot problems or to track trends over time.

WMI is most commonly used to automate administrative chores and gain access to data without dealing directly with the operating system. As a result, WMI is a fantastic alternative for administrators and software developers that need to automate time-consuming processes.

Everything from monitoring system performance to acquiring application data is possible with it. It enables developers to create smarter, more intelligent applications while also ensuring that IT administrators can complete their tasks with minimal effort.

WMI provides a reference implementation for accessing system information and is a key tool for managing and monitoring Windows systems. It’s the cornerstone for Azure Machine Learning and AzureML, and it’s used to power a wide range of third-party products.

Use of WMI

Windows Management Instrumentation (WMI) is Microsoft’s delivery of Web-Based Enterprise Management (WBEM), an industry initiative to develop standardized technologies for accessing corporate governance information.

WMI represents systems, applications, networks, devices, and other managed components using the Common Information Model (CIM) industry standard. The Distributed Management Task Force (DMTF) creates and maintains CIM.

WMI design is versatile, supporting a wide range of administration and management duties, as well as providing a flexible and extensible architecture that allows manufacturers to write new WMI providers to support new devices, applications, and other advancements.

Other uses are:

• Comprehensive management of Windows operating system and Microsoft networking devices and services.
• It can be used to connect the remote computers to access WMI data  
• Discovers information about the system, such as what programs are running and what services are set up.
• To retrieve information about hardware specifications and perform actions, such as shutting down or rebooting the system.
• Launching applications, starting, halting, configuring services, and accessing data.
• Developers of management applications can use this API to create scripts in Visual Basic or Windows Scripting Host (WSH).

WMI Architecture

WMI (Windows Management Instrumentation) is a Microsoft technology initially presented in Windows 2000. It allows programmers to construct management programs that work with any system that supports WMI.

Let’s see the architecture and terminology of WMI.

The flow of WMI architecture starts from Objects: A component such as a hard drive, network card, Operating System, or service is a managed object (That can be managed via WMI). WMI infrastructure receives data from an object through a provider. It provides and receives messages from WMI and hands them over to the object.

A WMI provider comprises a DLL and a Managed Object Format (MOF) file that monitors events and data from objects. WMI categorizes providers according to the functionality provided by the provider’s interface.

There are numerous built-in WMI providers in Windows, including an Active Directory provider, Boot Configuration Data (BCD) WMI provider, Distributed File System (DFS) provider, Event Log provider, Hyper-V WMI provider, Win32 provider, Registry provider, and SNMP provider.

The WMI infrastructure is a component of the Microsoft Windows operating system known as the WMI service (winmgmt). The WMI Core and the WMI Repository are the two parts of the WMI infrastructure.

The WMI repository is a hierarchical data storage organized by WMI namespaces, often known as the Common Information Model (CIM). The WMI service establishes a number of namespaces upon system start-up, including root default, rootcimv2, and root subscription.

In addition, the service produces a default set of class definitions, which includes the Win32 and WMI system classes. Other WMI namespaces may be created by additional WMI providers, and each namespace contains several WMI objects.

The WMI service acts as an intermediary between the providers, management applications, and the WMI repository. Only static data about objects is stored in the repository, such as the classes defined by providers. WMI obtains most data dynamically from the provider when a client requests it. 

A WMI consumer is a management application or script that communicates with the WMI infrastructure. Using the COM API for WMI or the Scripting API for WMI, a management program can query, itemize data, run provider methods, and subscribe to events.

WMI creates a standardized interface for remotely and locally retrieving management data. The uniform interface abstracts from the operating system’s application programming interfaces (APIs). This allows apps and scripts to collect management data without needing to know about the operating system API.  

How to run a WMI query?

A feature of the WMI platform’s versatility is the ability to query its repository in order to obtain details about the class, instance, or schema data. These metrics are connected to the inventory of local and distant systems, operating systems, software, and other administrative activities.

Type of Queries

Broadly there are two types of queries used to retrieve information from the WMI repository:

Synchronous Query: It is a query that keeps control of your application’s operation throughout the query. It is easier than an asynchronous call because it only takes one interface call. For large searches or network-based inquiries, it may, however, freeze up your application.

Asynchronous Query: When the speed of a system or network will be impacted by querying a sizable group of data, an Asynchronous query is a preferable kind to use.

WQL (WMI Query Language)

One of the popular methods to query WMI is the WMI Query Language.

The SQL (Structured Query Language) is used in the database environment, and WQL is used in WMI. They both have a similar syntax structure.

Select, From, and Where are the fundamental WQL statements that are utilized to launch the query.

A typical WMI query starts by selecting all the properties from a WMI class using the “Select” command. The asterisk (“*”) is used to select every property from a WMI class. One can use the “From” keyword to specify the WMI class to query after choosing the properties (one or more properties, or all of them). You may check the SQL cheatsheet for the exact syntax.

WQL can be executed through WMI Tester (wbemtest.exe), which is by default installed with the Windows operating system. WMI queries also can be executed through Windows PowerShell, VBScript, and C language.

Type of WQL Queries

The WQL queries are utilized to get three different types of information.

Object Queries: Information about Windows system resources can be retrieved using these queries.

Event Queries: These queries are used to track changes to event logs, the initiation of processes, the status of services, the availability of computers, or the amount of free disc space, among other entities or occurrences.

Schema Queries: These queries are used to obtain details about the structure of the WMI schema.

Running a Query

Let’s see how to run an object query.

The following method states how to check WIN_32 processes on a local system.

The tool WMI Tester is executed through the command line by entering wbemtest.exe.

The following window will pop up.

To connect to the WMI namespace that contains the class you want to query (RootCimv2 in most cases): click on connect tab.

To run the query, click on the ‘Query’ tab as shown below:

Then enter the query for which you want to retrieve the information. For example, let’s retrieve all processes running on the local system by running:

select * From Win32_process

After clicking the apply tab, you will get the below results

The above GUI-based execution can also be carried out at command prompt through PowerShell:

In the PowerShell platform, to get the list of all win_32 processes, the below code is used:

Get-WmiObject -Class Win32_Process

To get all the PowerShell query parameters, visit the Microsoft PowerShell Management page.

To run this query in VBScript and C language, the Microsoft documentation page would provide complete insights.

One other method to query the WMI repository is through the WMIC command:

• Run CMD from a command prompt
• Type WMIC and enter to start the program
• Then the command prompt will change to wmic:rootcli>

Admins can run WMI queries from this prompt.

For example, to load CPU information of a local system, the command will be:

wmic:rootcli> WMIC CPU

The results/information will be displayed in the command prompt.

AddressWidth  Architecture  AssetTag                Availability  Caption                                 Characteristics  ConfigManagerErrorCode  ConfigManagerUserConfig  CpuStatus  CreationClassName  CurrentClockSpeed  CurrentVoltage  DataWidth  Description                             DeviceID  ErrorCleared  ErrorDescription  ExtClock  Family  InstallDate  L2CacheSize  L2CacheSpeed  L3CacheSize  L3CacheSpeed  LastErrorCode  Level  LoadPercentage  Manufacturer  MaxClockSpeed  Name                                      NumberOfCores  NumberOfEnabledCore  NumberOfLogicalProcessors  OtherFamilyDescription  PartNumber              PNPDeviceID  PowerManagementCapabilities  PowerManagementSupported  ProcessorId       ProcessorType  Revision  Role  SecondLevelAddressTranslationExtensions  SerialNumber            SocketDesignation  Status  StatusInfo  Stepping  SystemCreationClassName  SystemName  ThreadCount  UniqueId  UpgradeMethod  Version  VirtualizationFirmwareEnabled  VMMonitorModeExtensions  VoltageCaps
64            9             To Be Filled By O.E.M.  3             Intel64 Family 6 Model 142 Stepping 10  252                                                               1          Win32_Processor    1801               7               64         Intel64 Family 6 Model 142 Stepping 10  CPU0                                      100       205                  1024                       6144         0                            6      31              GenuineIntel  1801           Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz  4              4                    8                                                  To Be Filled By O.E.M.                                            FALSE                     BFEBFBFF000806EA  3                        CPU   TRUE                                     To Be Filled By O.E.M.  U3E1               OK      3                     Win32_ComputerSystem     RENEE-HP     8                      51                      FALSE                          TRUE

For more information about WMIC Alias and verbs, visit Microsoft wmic.

FAQs on WMI

Conclusion

In general, Windows Management Instrumentation is a strong tool that can be used to handle a wide range of various Windows system-related features. WMI may be a very helpful tool for anyone dealing with Windows systems, despite the fact that it may initially seem intimidating.