Leveraging Windows Management Instrumentation


Right out of the box, Windows 2003 has a number of items that give it excellent insight into its own operation. Event viewers , SNMP traps, and performance monitors have long been available to Windows systems to allow it to track its own health. Windows 2003 has made these and many other monitoring components available through a central mechanism called Windows Management Instrumentation, or WMI.

Understanding WMI

WMI is Microsoft's implementation of WBEM, or Web-Based Enterprise Management. WBEM was designed to provide one method for accessing management data that originates from disparate sources. WBEM has been developed over the years by a consortium of companies that all shared a common vision for how monitoring should be implemented. The old methods of proprietary monitoring subsystems for each operating system or platform have made way for an open standard for monitoring, independent from platform or OS-specific APIs. Like most " open standards," various companies have created their own implementation but these exist as supersets of the original WBEM requirements and follow the standards of Common Information Model and Desktop Management Interface as set forth by the Distributed Management Task Force.

Excellent Source for WMI Scripts

The Internet is an excellent source for finding commonly used WMI scripts. Rather than reinvent the wheel, you can check to see if another scripter has already created a script that does what you need.


Uses for WMI

WMI enables you to query the system for events and cause those events to trigger actions. Actions can be as simple as adding entries to a log file or as complex as changing system parameters and rebooting a system. Windows 2003 ships with several built-in providers for accessing specific subsystems:

  • Performance Monitor Provider ” Provides access to Windows NT Performance Monitor data.

  • Registry Provider ” Provides access to system Registry data.

  • Registry Event Provider ” Sends events when changes occur to Registry keys, values, or trees.

  • SNMP Provider ” Provides access to events and data from SNMP devices.

  • Windows NT Event Log Provider ” Provides access to data and event notifications from the Windows NT Event Log.

  • Win32 Provider ” Provides access to data from the Win32 subsystem.

  • WDM Provider ” Provides access to data and events from device drivers that conform to the WMI interface.

  • Shadow Copy Provider ” Supplies management functions for the Windows Server 2003 Shared Folders feature.

  • Storage Volume Provider ” Enumerates all volumes known to the Windows Mount manager and manages volume drive letters , mount points, and storage quotas.

By using these providers, WMI can be leveraged to act on information captured from these sources. For example, Event notification could be used to detect hardware events or errors. The event could then be passed to the WMI for corrective action based on the specific event that occurred. For example, a Network Interface Card (NIC) detects the presence of an Ethernet signal and sends notification to a script that disables the Wireless Network Interface Card to eliminate the possibility of a wireless connection being used as an entry point to a wired network.

Similarly, the Event Log Provider could pass an event to a WMI script that watched for a specific Event ID and would trigger a restart of a service to fix a known bug. This can be especially useful with internal software that is still under development. If an application were known to have a memory leak, WMI could watch the process and restart a specific service when the process consumed over 256MB of memory, or some other threshold. At the same time the WMI script could alert a developer via e-mail and pass specific system parameters based on WMI queries that could help the developer troubleshoot the process.

There Are Additional Providers

There are additional providers above and beyond the ones included in Windows 2003. When adding services such as load balancing or clustering, check to see if specific WMI providers are available so that those functions can be accessed via WMI as well.




Microsoft Windows Server 2003 Insider Solutions
Microsoft Windows Server 2003 Insider Solutions
ISBN: 0672326094
EAN: 2147483647
Year: 2003
Pages: 325

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net