Networking

Build queries and explore the windows WMI database with WMI Explorer

Using WMI Explorer, you can easily navigate WMI tables and form WMI queries that select the precise data you're looking for.

Note: WMI Explorer is available free for personal use only. It can be downloaded at http://www.ks-soft.net/hostmon.eng/downpage.htm#utils.

The information contained in the WMI database can be a great resource for documentation or troubleshooting. WMI is generally accessed via scripting or managed code, and it's very efficient. However, one challenge with WMI is discovering what information is available. There are hundreds of tables in the WMI database, many of them with pertinent information — this is where WMI Explorer comes in.

WMI Explorer allows you to manually navigate the WMI tables and explore them with a GUI, but the end result will still be the same — a script that selects the exact data needed. Let's explore the application:

The top half of the window is a list of WMI tables. Select one to see if there are any rows of data contained in the table. For instance, select the Win32_OperatingSystem table.

You'll notice an instance appears in the bottom-left area of the window. Select the item that appears there — this is the row of data in the WMI table. Now, the properties in the bottom-right corner of the application populate with data. You can scroll through and investigate to see if any information is useful to you. From here, it's very easy to create a PowerShell WMI query to obtain this data.

Notice along the bottom of the WMI Explorer window, there's a "Query" area. This tells you the query that was run to select the information being displayed. The query in my example was:

select * from Win32_OperatingSystem

To execute this same query in PowerShell, you could enter the following:

Get-WmiObject Win32_OperatingSystem | select *

If you wanted to select only the OSArchitecture and InstallDate, you could run the following:

Get-WmiObject Win32_OperatingSystem | select OSArchitecture,InstallDate

Some of the WMI tables contain a lot of information that isn't necessarily what you're looking for. You will see this often in areas like Win32_NetworkAdapterConfiguration. This isn't much of a problem when you're visually stepping through WMI explorer, but if you're automating documentation or querying a remote system's WMI you may want to weed out the exceptions.

You can pick out the values that make the valid rows unique and use them to form your WMI query. Here's an example that selects all values from the Win32_NetworkAdapterConfiguration table that don't have a null value in their DatabasePath property:

Get-WmiObject Win32_NetworkAdapterConfiguration | select * | where-object{$_.DatabasePath -ne $null}

This is a very simple example of WMI's potential, but it illustrates the point. Using an application like WMI Explorer to navigate WMI and discover some of the data it contains can give great insight into systems and be a boon to documentation efforts.

About

Harold Ogden is a Systems and Security Architect in the higher education industry. He has experience in both technical and managerial roles, and strives to bring common sense to the worlds of Information Technology and Information Security.

Editor's Picks