Pages

Showing posts with label WMI. Show all posts
Showing posts with label WMI. Show all posts

WMI / WQL Easy Editor

/ Labels: , / Comments: (0)

This is a good tool

http://wqlqueryrunner.codeplex.com/

 

 

image2.jpg
Project Description
WQL Query Runner is (or would be) a tool for WMI SQL query testing.
There are different types of WQL queries. My plan is to support creating all of them, and the first type for which I decided to add support are WQL event queries.
WMI is the Microsoft implementation of WBEM, the industry initiative for computer and network management. It allows you to manage most computer assets in a uniform way. There are several APIs that you can use to access WMI, and most of them utilize WQL queries. WQL is a query language derived from SQL - you can think of it as a simplified SQL language.
The main difficulty when creating WQL queries is not its syntax, but choosing the right WMI objects to SELECT data from and the goal of the utility is to make constructing and testing WQL queries easier.
There are different types of WQL queries, and my plan is to support creating all of them, and the first for which I decided to add support are WQL event queries. The utility provides a way to enter and test event WQL queries locally and also features a wizard that attempts to walk you through all WQL event query elements.
image3.jpg
As you can see, this is my first .Net project. I am a system administrator, not a developer, so creating this application involved a lot of learning with little success. So why did I decide to start this? In short, because noone else did. There are several tools out there that help you work with WMI, like WMI tester (wbemtest.exe) that comes with Windows, WMI Tools (a free Microsoft download), WMI Scriptomatic (also a free download from the Microsoft Scripting guys) and WMI Code Creator, but none of these tools concentrate solely on WQL queries - WMI Tester and WMI Tools facilitate browsing the WMI schema, and Scriptomatic and Wmi Code Creator allow you to generate VBScript, C# (and other) code.
It's also been great fun. So until someone that really knows what he's doing starts a similar project, I will continue to work on this one.
2011-02-19
Added a new form to the project that allows you to run ordinary (data) WQL queries. The form is called WQL Query Editor and is similar to the old SQL Server 2000 Query Analyzer.
queryeditor2.jpg
You can browse available WMI namespaces and classes on the local computer using the TreeView control on the right hand side and execute queries entered in the upper RichTextBox. The results are shown in the lower RichTextBox and can also be viewed in a DataGridView control.
Query Editor can be started from the main window context menu:
queryeditor1.jpg
or by using a command line switch:
WqlQueryRunner.exe queryeditor
WQL Query Editor takes a couple of seconds to show because it enumerates all available WMI namespace when it starts.

Checking Patch Statuses through WMI

/ Labels: , , / Comments: (0)

Normally the optimal and quickest way to determine if a patch has definitely been installed on a system is to use WMI. That's where the SCCM client primarily gets its information from to report back to its parent. There are several ways you can go about but the ways i've found to be ideal for me are described below:

Through the command prompt:

  1. On the system which you wish to query, open up command prompt

  2. Run "Wmic /namespace:\\root\ccm\softwareupdates\updatesstore path CCM_UpdateStatus get status, Article, Bulletin, UniqueId"

  3. This will show you ALL updates on the particular system. I've added additional information for reference but you can always play around with what you wish to see returned.

  4. This is best for an overview and you can quickly do a find or filter to determine a patch status if you pipe it to a txt file.

Through the Wbemtest User Interface:

  1. Start "WBEMTEST" from a run prompt

  2. Connect to the namespace "\\<computername>\root\ccm\softwareupdates\updatesstore

  3. Select the Query button and using WQL, create a statement that suits your needs. Some examples are below:

      • Searching for a Missing Patch that is for Web Components would be:

        • select * from ccm_updatestatus where status = "missing" and title like "%web%"

      • Searching for all installed patches would be:

        • select * from ccm_updatestatus where status = 'installed'

Depending on your requirements / needs, have fun! Wbemtest is very useful for quick references to WMI to determine patch statuses whenever you are suspecting the integrity of data received from SCCM due to possible sync issues.

WMI delete

/ Labels: / Comments: (0)

To delete a class

You can delete a class in the current namespace with Delete Class on the Windows Management Instrumentation Tester dialog box.

  1. Open the Windows Management Instrumentation Tester dialog box.
  2. In the Windows Management Instrumentation (WMI) Tester dialog box, click Connect.
  3. In the Namespace box, type the path to the namespace that you want to connect to.
    Example?
    • To connect to the namespace where the Win32 provider classes reside, type:
      root\cimv2
  4. Click Connect.
  5. Click Delete Class.
  6. In the Get Class Name dialog box, type the name of the class you want to delete, and then click OK.
    A dialog box is displayed to warn you that the class might have derived classes or instances. This dialog box is displayed even if there are no derived classes or instances.
  7. If you are sure you want to delete the class, click Yes to delete the class.

Notes

  • Performing this task on the local computer does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
  • Performing this task on a remote computer requires that you are a member of the Administrators group on the remote computer, or that you have been delegated the appropriate authority.
  • To open the Windows Management Instrumentation Tester dialog box, click Start, click Run, and then type WBEMTest.exe.

The following WMI namespaces are created by SMS 2003:

/ Labels: , , , / Comments: (0)

The following WMI namespaces are created by SMS 2003:

  • root\ccm

  • root\CCM\VulnerabilityAssessment

  • root\CCM\Events

  • root\CCM\invagt

  • root\CCM\SoftMgmtAgent

  • root\CCM\LocationServices

  • root\CCM\DataTransferService

  • root\CCM\Messaging

  • root\CCM\Policy

  • root\CCM\SoftwareMeteringAgent

  • root\CCM\ContentTransferManager

  • root\CCM\Scheduler

  • root\cimv2\sms

  • root\SmsDm

  • root\sms

  • root\sms\inv_schema

  • root\sms\site_<sitecode>