Right out of the box, Windows 2003 has a number of items that give it excellent insight into its own operation. Event viewers , SNMP traps, and performance monitors have long been available to Windows systems to allow it to track its own health. Windows 2003 has made these and many other monitoring components available through a central mechanism called Windows Management Instrumentation, or WMI. Understanding WMIWMI is Microsoft's implementation of WBEM, or Web-Based Enterprise Management. WBEM was designed to provide one method for accessing management data that originates from disparate sources. WBEM has been developed over the years by a consortium of companies that all shared a common vision for how monitoring should be implemented. The old methods of proprietary monitoring subsystems for each operating system or platform have made way for an open standard for monitoring, independent from platform or OS-specific APIs. Like most " open standards," various companies have created their own implementation but these exist as supersets of the original WBEM requirements and follow the standards of Common Information Model and Desktop Management Interface as set forth by the Distributed Management Task Force. Excellent Source for WMI Scripts The Internet is an excellent source for finding commonly used WMI scripts. Rather than reinvent the wheel, you can check to see if another scripter has already created a script that does what you need. Uses for WMIWMI enables you to query the system for events and cause those events to trigger actions. Actions can be as simple as adding entries to a log file or as complex as changing system parameters and rebooting a system. Windows 2003 ships with several built-in providers for accessing specific subsystems:
By using these providers, WMI can be leveraged to act on information captured from these sources. For example, Event notification could be used to detect hardware events or errors. The event could then be passed to the WMI for corrective action based on the specific event that occurred. For example, a Network Interface Card (NIC) detects the presence of an Ethernet signal and sends notification to a script that disables the Wireless Network Interface Card to eliminate the possibility of a wireless connection being used as an entry point to a wired network. Similarly, the Event Log Provider could pass an event to a WMI script that watched for a specific Event ID and would trigger a restart of a service to fix a known bug. This can be especially useful with internal software that is still under development. If an application were known to have a memory leak, WMI could watch the process and restart a specific service when the process consumed over 256MB of memory, or some other threshold. At the same time the WMI script could alert a developer via e-mail and pass specific system parameters based on WMI queries that could help the developer troubleshoot the process. There Are Additional Providers There are additional providers above and beyond the ones included in Windows 2003. When adding services such as load balancing or clustering, check to see if specific WMI providers are available so that those functions can be accessed via WMI as well. |