Transcript Unit OS 12: Scripting

Unit OS12: Scripting
12.1. Windows Management Instrumentation
Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze
Copyright Notice
© 2000-2005 David A. Solomon and Mark Russinovich
These materials are part of the Windows Operating
System Internals Curriculum Development Kit,
developed by David A. Solomon and Mark E.
Russinovich with Andreas Polze
Microsoft has licensed these materials from David
Solomon Expert Seminars, Inc. for distribution to
academic organizations solely for use in academic
environments (and not for commercial use)
2
Roadmap for Section 12.1.
Scripting Introduction
Windows Management Instrumentation (WMI)
Historical View on Windows Management
WMI Architecture
WMI Scripting Examples
WMI-based Tools
UNIX Scripting Support for Windows
3
Scripting Introduction
A script is a sequence of instructions
Like a program, but its not compiled
Instructions are dynamically interpreted by a
scripting engine
Because scripts are plain-text source and not
compiled, they are easy to change and to share
4
Scripting Support
Scripting support requires
An engine that reads the scripting language and
interprets it
Integration via the scripting engine to interactive
functionality
Windows includes an extensible scripting
engine:
Natively supports VB (Visual Basic) and J (Java)
script
Provides rich interaction with operating system
environment via Windows Management
Instrumentation
5
Microsoft Windows Management
Instrumentation (WMI)
WMI is the core management-enabling technology
for Windows
Built into Windows 2000, Windows XP, and
Windows Server 2003
Originally released in 1998 as an add-on with Windows
NT 4.0 Service Pack 4
Based on industry standards
Overseen by the Distributed Management Task Force
(DMTF)
Universal
Almost all Windows resources can be accessed,
configured, managed, and monitored via WMI
6
WMI Background
WMI is an implementation of Web-Based Enterprise
Management (WBEM),
which is a standard that the Distributed Management Task Force
(DMTF) defines
WMI was added to address two short-comings in previous
versions of NT:
Remote monitoring & management
Scripting
WMI is in Windows 2000 and later
Addon for NT 4
Limited version available Win9x/ME
7
Applicability of WMI
WMI-based scripts using COM automation
Windows Script Host / VBScript / ActivePerl
Built-in WMI tool with XP (except Home Edition) and Server
2003: WMI Console (WMIC)
System management
WMI helps to retrieve performance data, manage event logs, file
systems, printers, processes, registry settings, scheduler,
security, services, shares, and numerous other operating system
components and configuration settings
Network management
WMI-based scripts can manage network services such as DNS,
DHCP, and SNMP-enabled devices
8
Applicability of WMI (contd.)
Real-time health monitoring
WMI event subscriptions can monitor and respond to
event log entries as they occur, file system and
registry modifications, and other real-time operating
system changes
WMI event subscriptions and notifications are to WMI
what SNMP traps are in the SNMP world
Windows Server management
WMI scripts can manage Microsoft Application
Center, Operations Manager, Systems Management
Server, Internet Information Server, Exchange Server,
and SQL Server
9
NT Monitoring Infrastructure:
a historical view - before WMI
There are two native system monitoring mechanisms
that have been in NT since its inception:
Event viewer
Performance Monitor
Both can work remotely, but suffer several drawbacks
with respect to general system management:
Separate groups of APIs
Unidirectional
Limited to only performance data and event log
10
NT Management Infrastructure
(a historical view - before WMI)
The NT management mechanisms:
Service Control Manager
Registry
Can change configuration, but no notifications/events
NET API
For managing computer membership in domains
Querying computer OS version
Configuring user and group accounts
Limitations of these:
Non-general: limited management
Can’t manage all aspects of a computer’s system configuration,
software, or hardware devices, for example
Not natively scriptable, Non-extensible
11
WMI’s Features
Works locally and remotely
Fine-grained
Bidirectional:
A WMI “provider” can export functional interface and event
notification services
Extensible
Developers can write their own providers
Driver writers can leverage WMI-provider framework, called
the WDM provider, to management-enable their hardware
Natively scriptable
Also natively .NET programmable when .NET Framework is
present
12
WMI Architecture - a closer look
Database
application
Web browser
ODBC (deprecated)
WINRM
ActiveX
controls
C/C++
application
Management
applications
Windows Management API
COM/DCOM
CIM repository
CIM Object Manager (CIMOM)
WMI
infrastructure
COM/DCOM
SNMP provider
Win32 provider
Registry
provider
Providers
SNMP objects
Win32 objects
Registry
objects
Managed
objects
13
WMI Architecture
Management applications:
Windows applications that access and display or process the data that
they obtain about managed objects
Ex. Perfmon or event viewer replacement
WMI Infrastructure
Implemented as a Windows Service: Winmgmt.exe
Its heart is the CIM Object Manager (CIMOM)
Glue that binds management applications to providers
Also serves as object-class store, and as storage for persistent object
properties
Infrastructure APIs
Primary API is COM
Others layer on top of COM:
ODBC adapter
WMI ActiveX control
Scripting API
14
WMI Managed Resources
Logical or physical component, which is exposed and
manageable by using WMI
disks, peripheral devices, event logs, files, folders, file systems,
networking components,
OS subsystems, performance counters, printers, processes,
registry, security, services, shares,
SAM users and groups, Active Directory, Windows Installer,
Windows Driver Model (WDM) device drivers, SNMP
Management Information Base (MIB)
A WMI managed resource communicates with WMI
through a provider
15
WMI Infrastructure
The middle layer is the WMI infrastructure
Allows for definition of and accessed to configuration and
management data
WMI consists of three primary components:
the CIM Object Manager (CIMOM),
the Common Information Model (CIM) repository,
WMI providers
WMI scripting library is a fourth, small component
16
WMI Providers
Intermediary between WMI and a managed resource
request information from, and send instructions to WMI
managed resources on behalf of consumer applications and
scripts
Hide the implementation details unique to a managed
resource
Managed resource is exposed based on WMI's uniform access
model
WMI providers use managed resources’ native APIs, and
communicate with the CIMOM using WMI APIs
17
WMI Providers (contd.)
Extensible architecture
Add-on providers can expose management functions unique to
a product
Application Center, Operations Manager, Systems
Management Server, Internet Information Server, and SQL
Server, Exchange Server, Microsoft Office, and many 3rd-party
applications include WMI providers
Providers are implemented as DLLs or stand-alone
executables
Residing in %SystemRoot%\system32\wbem
WMI includes many built-in providers for Windows:
Performance API, Registry, Event Manager, Active Directory,
SNMP, WDM, more
WMI SDK lets third-parties develop provider
18
WMI Providers (contd.)
WMI providers are COM or DCOM servers
Export objects that have properties and methods
Define classes that are stored in CIMOM repository
WMI executes in-process providers (as opposed to
those in dedicated application processes) in a separate
process
Prevents corruption of the RPC service
The process is placed in a Job to limit resource consumption
19
List of Standard WMI Providers
Provider
DLL
Namespace
Description
Active Directory
provider
dsprov.dll
root\directory\ldap
Maps Active Directory objects to WMI.
Event Log provider
ntevt.dll
root\cimv2
Manage Windows event logs, for example, read,
backup, clear, copy, delete, monitor, rename, compress,
uncompress, and change event log settings.
Performance
Counter provider
wbemperf.dll
root\cimv2
Provides access to raw performance data.
Registry provider
stdprov.dll
root\default
Read, write, enumerate, monitor, create, and delete
registry keys and values.
SNMP provider
snmpincl.dll
root\snmp
Provides access to SNMP MIB data and traps from
SNMP-managed devices.
WDM provider
wmiprov.dll
root\wmi
Provides access to information on WDM device drivers.
Win32 provider
cimwin32.dll
root\cimv2
Provides information about the computer, disks,
peripheral devices, files, folders, file systems,
networking components, printers, processes, security,
services, shares, etc.
Windows Installer
provider
msiprov.dll
root\cimv2
Provides access to information about installed software.
20
CIMOM
WMI information broker
All WMI requests and data flow through the CIMOM
Implemented inside Windows Management Instrumentation
service, winmgmt.exe
CIMOM provides core services:
Provider registration
Request routing
Remote access
Security
Query processing - WMI Query Language (WQL)
Event processing
21
CIM Repository
Configuration and management information from
different sources can be uniformly represented
with a schema
The CIM is the schema, also called the object
repository or class store that models the managed
environment and defines every piece of data
exposed by WMI
CIM classes generally represent dynamic resources
Instances of resources can be stored in the CIM,
but are generally dynamically retrieved by a
provider based on a consumer request
22
CIM Classes
CIM classes consist of properties and methods.
Properties describe the configuration and state of a WMI
managed resource
Methods are executable functions that perform actions on the
WMI managed resource
On Windows XP CIM consists of the following files in
%SystemRoot%\system32\wbem\Repository\FS\
index.btr - Binary-tree (btree) index file
index.map - Transaction control file
objects.data - CIM repository where managed resource
definitions are stored
objects.map - Transaction control file
23
WMI Scripting Library
Set of automation objects
Scripting languages, such as VBScript, Jscript, and ActiveState's
ActivePerl access the WMI infrastructure via these objects
Provides a consistent and uniform scripting model for the WMI
infrastructure
WMI scripting library is implemented in a single DLL
named wbemdisp.dll,
Resides in %SystemRoot%\system32\wbem directory
Includes a type library named wbemdisp.tlb.
WMI scripting type library can be used to reference WMI
constants from XML-based Windows Script Files, WSH scripts
with a .wsf extension
24
WMI Consumers
Consumers are the top layer
A consumer is a script, enterprise management
application, Web-based application, or other
administrative tool, that accesses and controls
management information available through the WMI
infrastructure.
Many management applications serve dual roles as
both WMI consumer and WMI provider
Application Center, Operations Manager, and Systems
Management Server are examples
25
Exploring the CIM
WMI Control
WMI Control (wmimgmt.msc) is a Microsoft Management
Console (MMC) snap-in that allows you to configure WMI
settings on a local or remote computer
WMI Tester
WMI Tester (wbemtest.exe) is a general-purpose, graphical
tool for interacting with the WMI infrastructure
Built into Windows
You can use WMI Tester to browse the CIM schema and
examine managed resource class definitions
WMI Tester can also be used to perform the same actions your
WMI-based scripts perform, such as retrieving instances of
managed resources and running queries
26
Exploring the CIM (contd.)
WMI Command-line
Released as part of Windows XP Professional and Server 2003, the
WMI Command-line tool (wmic.exe) provides a command line interface
to the WMI infrastructure
You can use wmic.exe to perform common WMI tasks from the
command line, including browsing the CIM and examining CIM class
definitions
CIM Studio
CIM Studio, part of the WMI SDK, provides a Web-based interface to
interact with the WMI infrastructure
TechNet Scripts
EnumClasses.vbs, EnumInstances.vbs, and EnumNamespaces.vbs
TechNet Script Center http://www.microsoft.com/technet/community/scriptcenter/default.mspx
27
WMI Scripts
The most popular interface is the scripting interface
No need for third-party tools
Look like stand-alone utilities, but easily modifiable
Cscript.exe is the command-line interface to Windows
Script Host (WSH)
Cscript scriptname.extension [options..]
For help, type Cscript /?
TechNet Scripting Center has more than hundred
Visual Basic scripts that use WMI
www.microsoft.com/technet/community/scriptcenter/default.mspx
Example: start a process on a remote system
Cscript exec.vbs /s servername /e notepad
28
WMI Scripts Remote Process Execution
Excerpt from exec.vbs:
If blnConnect("root\cimv2" , _
strUserName , _
strPassword , _
strServer
, _
objService
) Then
Call Wscript.Echo("")
Call Wscript.Echo("Please check the server name, " _
& "credentials and WBEM Core.")
Exit Sub
End If
strMessage = ""
intProcessId = 0Set objInstance = objService.Get("Win32_Process")
If blnErrorOccurred(" occurred getting a " & _
" Win32_Process class object.") Then Exit Sub
If objInstance is nothing Then Exit Sub
intStatus = objInstance.Create(strCommand, null, null, intProcessId)
29
WMI Scripts Obtain physical memory size
strComputer = ”fin”
# target computer’s name
Set wbemServices = GetObject("winmgmts:\\" & strComputer)
Set wbemObjectSet =
wbemServices.InstancesOf("Win32_LogicalMemoryConfiguration")
For Each wbemObject In wbemObjectSet
WScript.Echo "Total Physical Memory (kb): " &
wbemObject.TotalPhysicalMemory
Next
30
WMI Scripts Retrieve services information
strComputer = ”fin”
# target computer’s name
Set wbemServices = GetObject("winmgmts:\\" & strComputer)
Set wbemObjectSet = wbemServices.InstancesOf("Win32_Service")
For Each wbemObject In wbemObjectSet
WScript.Echo "Display Name:
vbCrLf & _
"
State:
vbCrLf & _
"
" & wbemObject.DisplayName & _
" & wbemObject.State
& _
Start Mode: " & wbemObject.StartMode
Next
31
Wbemtest Utility
32
Services for UNIX Interix Subsystem for Windows
Interix - a full POSIX subsystem for Windows
Interix replaces the original POSIX subsystem on Windows
Full network support
Interoperability between POSIX and Windows subsystems
(CreateProcess())
Services for UNIX (SFU 3.5)
Bundled with many essential UNIX tools (X11R5 clients)
Interix allows to run UNIX applications and scripts on
Windows (after re-compilation)
33
Services for Unix + Interix Features
A complete environment to run UNIX applications and
scripts on Windows
Fully integrated with Windows
Over 300 utilities and tools
A complete software development kit
Support for more than 1900 UNIX APIs
SFU is freely downloadable from
www.microsoft.com/windowsserversystem/sfu/downloads/
34
SFU 3.5 Features
Shells: KornShell and C Shell
Scripting languages: awk, perl, sed, and Tcl/Tk
Admin tools: rsh, rlogin, telnet and xterm
Batch tools: At, cron and batch
35
SFU 3.5 SDK
Support for 1900+ interfaces
ANSI C, POSIX.1 and POSIX.2 interfaces
Development tools: make, RCS, lex, yacc, cc, c89, nm,
ar, strip
Compilers: gcc, g++, g77
Color curses library
BSD-style sockets library support
X11R5 libraries and header files
MS Visual C/C++ support
36
Further Reading
Alain Lissoir, Understand Windows Management Instrumentation (WMI)
Scripting, Digital Press, 2003
Alain Lissior, Leveraging Windows Management Instrumentation (WMI)
Scripting, Digital Press, 2003
Greg Stemp, Dean Tsaltas, and Bob Wells (Microsoft Corporation)
Ethan Wilansky (Network Design Group);
WMI Scripting clinic:
http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnclinic/html/scripting06112002.asp
http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnclinic/html/scripting06112002.asp
http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnclinic/html/scripting06112002.asp
Mark E. Russinovich and David A. Solomon,
Microsoft Windows Internals, 4th Edition, Microsoft Press, 2004.
Windows Management Instrumentation (from pp. 237)
WMI Software Developers Kit (SDK) Documentation
More details about UNIX scripting on Windows in Unit OS-C
37