When novices first write WMI scripts, they nearly all begin by asking for every property from every instances of a class. For example, the queries will say "tell me everything about every process". (This is also referred to as the infamous "select * query".) This approach can often return an overwhelming amount of data, particularly when you are querying a class such as installed software or processes and threads. Rarely would one need to have so much data. Typically, when looking for installed software, you’re looking for information about a particular software package.
There are, however, several occasions when I want to use the "tell me everything about all instances of a particular class" query, including the following:
During development of a script to see representative data
When troubleshooting a more directed query, for example, when I’m possibly trying to filter on a field that does not exist
When the returned data are so few that being more precise doesn’t make sense
To return all information from all instances
Make a connection to WMI by using the Get-WmiObject cmdlet
Use the query argument to supply the WQL query to the Get-WmiObject cmdlet
In the query, use the Select statement to choose everything: Select *.
In the query, use the From statement to indicate the class from which you wish to retrieve data. For example, From Win32_Share.
In the next script, you make a connection to the default namespace in WMI and return all the information about all the shares on a local machine. This is actually good practice because, in the past, numerous worms have propagated through unsecured shares, and you might have unused shares around-a user might create a share for a friend and then forget to delete it. In the script that follows, called ListShares.ps1, all the information about shares present on the machine are reported. The information returned by the ListShares.ps1 will include the properties for the WIN32_Share class which are detailed in Table 6-1.
ListShares.Ps1
$strComputer = "." $wmiNS = "root\cimv2" $wmiQuery = "Select * from win32_share" $objWMIServices = Get-WmiObject -computer $strComputer -namespace $wmiNS ` -query $wmiQuery $objWMIServices | Format-List *
Data Type | Property | Meaning |
---|---|---|
Boolean | AllowMaximum | Allow maximum number of connections? True or false |
string | Caption | Short, one-line description |
string | Description | Description |
datetime | InstallDate | When the share was created (optional) |
uint32 | MaximumAllowed | Number of concurrent connections allowed Only valid when AllowMaximum is set to false |
string | Name | Share name |
string | Path | Physical path to the share |
string | Status | Current status of the share: degraded, OK, or failed |
uint32 | Type | Type of resource shared: disk, file, printer, etc. |
Q. What is the syntax for a query that returns all properties of a given object?
A. Select * returns all properties of a given object.
Q. What is one reason for using Select * instead of a more directed query?
A. In troubleshooting, Select * is useful because it returns any available data. In addition, Select * is useful in trying to characterize the data that might be returned from a query.