Tell Me Everything About Everything

Tell Me Everything About Everything!

When novices first write WMI scripts, they nearly all begin by asking for every property from every instances of a class. For example, the queries will say "tell me everything about every process". (This is also referred to as the infamous "select * query".) This approach can often return an overwhelming amount of data, particularly when you are querying a class such as installed software or processes and threads. Rarely would one need to have so much data. Typically, when looking for installed software, you’re looking for information about a particular software package.

There are, however, several occasions when I want to use the "tell me everything about all instances of a particular class" query, including the following:

• During development of a script to see representative data

• When troubleshooting a more directed query, for example, when I’m possibly trying to filter on a field that does not exist

• When the returned data are so few that being more precise doesn’t make sense

To return all information from all instances

1. Make a connection to WMI by using the Get-WmiObject cmdlet

2. Use the query argument to supply the WQL query to the Get-WmiObject cmdlet

3. In the query, use the Select statement to choose everything: Select *.

4. In the query, use the From statement to indicate the class from which you wish to retrieve data. For example, From Win32_Share.

In the next script, you make a connection to the default namespace in WMI and return all the information about all the shares on a local machine. This is actually good practice because, in the past, numerous worms have propagated through unsecured shares, and you might have unused shares around-a user might create a share for a friend and then forget to delete it. In the script that follows, called  ListShares.ps1, all the information about shares present on the machine are reported. The information returned by the  ListShares.ps1 will include the properties for the WIN32_Share class which are detailed in Table 6-1.

 ListShares.Ps1

 $strComputer = "." $wmiNS = "root\cimv2" $wmiQuery = "Select * from win32_share" $objWMIServices = Get-WmiObject -computer $strComputer -namespace $wmiNS `    -query $wmiQuery  $objWMIServices | Format-List *

Table 6-1: Win32_Share Properties
Open table as spreadsheet

Data Type	Property	Meaning
Boolean	AllowMaximum	Allow maximum number of connections? True or false
string	Caption	Short, one-line description
string	Description	Description
datetime	InstallDate	When the share was created (optional)
uint32	MaximumAllowed	Number of concurrent connections allowed Only valid when AllowMaximum is set to false
string	Name	Share name
string	Path	Physical path to the share
string	Status	Current status of the share: degraded, OK, or failed
uint32	Type	Type of resource shared: disk, file, printer, etc.

Q. What is the syntax for a query that returns all properties of a given object?

A. Select * returns all properties of a given object.

Q. What is one reason for using Select * instead of a more directed query?

A. In troubleshooting, Select * is useful because it returns any available data. In addition, Select * is useful in trying to characterize the data that might be returned from a query.