Contribute
C#

Windows Management Instrumentation in C#


This article has been excerpted from book "The Complete Visual C# Programmer's Guide" from the Authors of C# Corner.

Windows Management Instrumentation (WMI) helps to ease administrative enterprise system management tasks such as starting and stopping remote services and rebooting a remote machine. With WMI you can create management applications to control and modify operating system elements contained in systems, applications, networks, and devices such as CPUs, disks, memory, services, and network status. But you are required to have authorization to perform the relevant tasks. All of the .NET WMI classes live in the System.Management namespace. 

Although WMI is a great feature, it may prove to be a security risk because intruders may use WMI objects accidentally or maliciously to their advantage without your control. If you have no intention of using the features of WMI on your network, you may want to disable it on certain computers. Note that all of the WMI operations are controlled by the Windows Management Instrumentation Windows service on computers on which Windows NT, 2000, or XP is installed. 

WMI is an interface designed to interact with parts of the Windows operating system. Without it we would have to address administrative tasks individually rather than remotely and automatically. WMI works with the Common Information Model Object Manager (CIMOM). CIMOM is a database of objects representing different operating system elements such as applications and services. CIMOM provides a common interface to these operating system elements. 

WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM). WBEM is an industry initiative to develop a standardized technology for accessing management information such as details about the state of system memory, inventories of currently installed client applications, and other information about client status in an enterprise environment. WMI enables the Common Information Model (CIM) designed by the Distributed Management Task Force (DMTF) to represent systems, applications, networks, and other managed components. CIM can model every component in the managed environment, regardless of the data source location. As well as data modeling, WMI provides a powerful set of basic services that include query-based information retrieval and event notification. 

CIM is a model for describing overall management information in a network or enterprise environment. It comprises both a specification and a schema. The specification defines the details for integration with other management models, while the schema provides the actual model descriptions. 

More details about WBEM, CIM, and other DMTF standards are available at http://www.dmtf.org/standards/. 

WMI can help you accomplish a horde of tasks:

  • Control remote workstations and severs in bulk from your own workstation
  • Audit or configure Windows 2000 systems automatically and remotely
  • Centrally archive Windows NT event logs
  • Block server render down with WMI event notification
  • Integrate WMI with Active Directory
  • Manipulate remote processes and files
  • Identify, list, and adjust all the services on a server
  • Identify, list, and adjust all the NT file system partitions on a server that have less than 10 percent free space
  • Execute a backup on a Microsoft Exchange Server machine and then dump the transaction log
  • Use any existing WMI method to launch a program on a server remotely
  • Set up an event consumer that subscribes to a system that watches for a specific event in the system log and sends an SMS (System Management Service) or e-mail message when that event occurs
  • Reconfigure an event consumer to request a system event whenever a server's CPU use exceeds 85 percent

WMI has a query language named WQL (Windows Management Instrumentation Query Language). WQL is a subset of the American National Standards Institute Structured Query Language (ANSI SQL) with small semantic changes to support WMI. For example, you can perform a WQL query such as "SELECT * FROM Win32_Processor" on the root\CIMV2 namespace path. 

The code samples in Listings 21.39 through 21.46 demonstrate various ways to employ WMI in the .NET Framework. 

Listing 21.39: Retrieving Local WMI Objects 

            ManagementObject mo = new ManagementObject("Win32_Share.Name=\"X$\"");
            mo.Get();
            Console.WriteLine("Win32_Share.Name=\"X$\" path is {0}", mo["Path"]);

Listing 21.40: Retrieving Remote WMI Objects 

            ManagementPath path = new ManagementPath();
            path.Path = "Win32_Share.Name=\"X$\"";
            path.Server = "MCBcomputer";
            path.NamespacePath = @"root\CIMV2";
            ManagementObject mo = new ManagementObject(path);
            Console.WriteLine("Win32_Share.Name=\"X$\" path is {0}", mo["Path"]);

Listing 21.41: Enumerating WMI Objects 

            ManagementClass mc = new ManagementClass("Win32_Share");
            ManagementObjectCollection mcCollection = mc.GetInstances();

            foreach (ManagementObject mo in mcCollection)
            {
                Console.WriteLine("'{0}' path is '{1}'", mo["__RELPATH"], mo["Path"]);
            }

Listing 21.42: Performing Queries on WMI Objects 

            ManagementObjectSearcher query =
            new ManagementObjectSearcher(
            "SELECT * FROM Win32_Service WHERE Started=true");
            ManagementObjectCollection queryCollection = query.Get();

            foreach (ManagementObject mo in queryCollection)
            {
                Console.WriteLine("Service: '{0}'", mo["DisplayName"]);
            }

Listing 21.43: Calling a WMI Object Method to Create TEMP Share to C:\TEMP

            ManagementClass mc = new ManagementClass("Win32_Share");

            // Get the methods in parameters
            ManagementBaseObject inParams =
            mc.GetMethodParameters("Create");

            // Setup method parameters
            inParams["Name"] = "TEMP";
            inParams["Path"] = @"C:\TEMP";
            inParams["Type"] = 0;
            ManagementBaseObject outParams =
            mc.InvokeMethod("Create", inParams, null);

            // inspect out parameters for return value
            uint retVal = (uint)outParams["ReturnValue"];

Listing 21.44: Managing Remote WMI Connections 

            ConnectionOptions options = new ConnectionOptions();
            options.Authentication = AuthenticationLevel.Call;
            options.Impersonation = ImpersonationLevel.Impersonate;
            options.EnablePrivileges = true;
            options.Locale = "MS_409";
            options.Username = @"MCBDOMAIN\mcb";
            options.Password = "password";
            ManagementScope ms =
            new ManagementScope(@"\\MCBcomputer\root\CIMV2", options);

            // Explicit connection to WMI namespace
            ms.Connect();
            ManagementObject mo = new ManagementObject("Win32_Share.Name=\"X$\"");

            // Reuse existing connection for this
            // ManagementObject retrieval
            mo.Scope = ms;

            // Connection scope used when object is retrieved here!
            mo.Get();
            Console.WriteLine("Win32_Share.Name=\"X$\" path is {0}", mo["Path"]);

Listing 21.45: Rebooting a Remote Computer with WMI (reboot1.cs) 

using System;
using System.Management;

class RemoteWMI
{
    static void Main(string[] args)
    {
        //Connect to the remote computer
        ConnectionOptions co = new ConnectionOptions();
        co.Username = "mcb";
        co.Password = "password";
        ManagementScope ms = new ManagementScope(@"\\MCBcomputer\root\cimv2", co);

        //Query remote computer across the connection
        ObjectQuery oq = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");
        ManagementObjectSearcher query1 = new ManagementObjectSearcher(ms, oq);
        ManagementObjectCollection queryCollection1 = query1.Get();

        foreach (ManagementObject mo in queryCollection1)
        {
            string[] ss = { "" };
            mo.InvokeMethod("Reboot", ss);
            Console.WriteLine(mo.ToString());
        }
    }
}

Listing 21.46: Clearing the Application Logs

using System;
using System.Management;

namespace ClearEventLog
{
    class ClearEventLog
    {
        [STAThread]

        static void Main(string[] args)
        {
            try
            {
                // create conncetion options
                ConnectionOptions options = new
                ConnectionOptions();
                options.Authentication = AuthenticationLevel.Call;
                options.Impersonation = ImpersonationLevel.Impersonate;
                options.EnablePrivileges = true;
                options.Locale = @"MS_409"; // LocaleID
                options.Username = @"mcb"; // username for connection
                options.Password = @"mindcracker"; // password for the
                // create management scope for CIM/WMI
                ManagementScope ms = new 
                ManagementScope(@"\\MCBComputer\root\CIMV2",
                options);

                // query Application event log
                ManagementObjectSearcher query1 =
                new ManagementObjectSearcher(@"select * from Win32_NTEventLogFile where LogfileName='Application'");

                // get the query collection
                ManagementObjectCollection queryCollection1 =
                query1.Get();

                // clear the Application event log

                foreach (ManagementObject mo in queryCollection1)
                {
                    mo.Get();
                    ManagementBaseObject inParams =
                    mo.GetMethodParameters("ClearEventLog");
                    ManagementBaseObject outParams =
                    mo.InvokeMethod("ClearEventLog", inParams, null);
                    mo.Dispose();
                    Console.WriteLine();

                    if (0 == (int)(uint)
                    (outParams.
                    Properties["ReturnValue"].Value)
                    )
                        Console.WriteLine("cleared!");
                    else
                        Console.WriteLine("not cleared!!!");
                }
            }

            catch (Exception e)
            {
                Console.WriteLine("Error: {0}", e.ToString());
            }
        }
    }
}

Conclusion

Hope this article would have helped you in understanding Windows Management Instrumentation in C#. See other articles on the website on .NET and C#.

visual C-sharp.jpg
 The Complete Visual C# Programmer's Guide covers most of the major components that make up C# and the .net environment. The book is geared toward the intermediate programmer, but contains enough material to satisfy the advanced developer.

Up Next
    Ebook Download
    View all
    Learn
    View all
    Get Started

    You need to be a premium member to use this feature. To access it, you'll have to upgrade your membership.

    Become a sharper developer and jumpstart your career.

    Basic

    $0

    $

    . 00

    monthly

    For Basic members:

    • Standard Profile
    • Access learning courses
    • Access free e-books
    • 1x point
    Premium

    $20

    $

    . 00

    monthly

    For Premium members:

    • Earn 2x reward points
    • Premium profile with Verified check
    • Premium Avatar with status update
    • Learning courses
    • Unlimited Certifications and badges on profile
    • Unlimited Book downloads
    • Access to Premium content
    • Online Training
    • Unlimited PDF conversions and downloads
    • Professional Resume Writing
    • Interview Preparations Guide
    • 25 messages per month
    • 1 "Kodzu" avatar, basic
    Elite

    $45

    $

    . 00

    monthly

    For Elite members:

    • Bundle E-books
    • Access to all Learn Series
    • Unlimited Apply Jobs