Last time we’ve dealt with objects: PowerShell for Beginners (Part 8): The Power of PowerShell – Getting in Touch with Objects (Get-Member, Select-Object). Of course, I was thinking something. Part 8 is a prerequisite for this part. We are now going to make a huge step forward. And this part is full of examples. But before we begin, the answer of the last exercise. We will also have a quick review what we’ve learned so far in Part 8.
All parts of the series can be found here: PowerShell for Beginners (Series)
Review (Part 8)
Here are the assignments and the solutions from part 8:
Attributes
Create a directory C:\Temp1. Create a text file testfile1.txt in C:\Temp1. Use only PowerShell. If you need assistance use the help (Get-Help). Open the file. Now show the following attributes with Select-Object or another technique: The name of the file, the file extension and the date of last access.
Let’s create a new directory and a new file.
New-Item -ItemType Directory -Path C:\Temp1; New-Item -ItemType File -Path C:\Temp1\testfile1.txt
The next task is to show only a few attributes. Run Get-Member to explore all of them.
Get-ChildItem C:\Temp | Get-Member
We now find the attributes Name, Extension and LastAccessTime. Let’s put this all together in Select-Object.
Get-ChildItem C:\temp1\testfile1.txt | Select-Object Name,Extension,LastAccessTime
Methods
Calculate back 10 years using Get-Date from today. Answer the following question: Which day of the year was that? (1..365?)
The next task is to calculate 10 years back. For this we can use the .NET method.
(Get-Date).AddYears(-10)
Now use Get-Member to find the attribute DayOfYear. Just add that to the last command.
(Get-Date).AddYears(-10).DayOfYear
Review Part 8
You have to deal with Objects. Otherwise you will never realize the power of PowerShell. Use Get-Member to explore objects. Attributes show you what an Object is. Use Select-Object to retrieve attributes. Methods can change or do something. Put the command and the method values in brackets.
The Power of WMI
Windows Management Instrumentation is a basic Windows technology. WMI (Windows Management Instruments) provides read and write access to almost all Windows settings. WMI is one of the most important interfaces for the administration and remote maintenance of workstations and servers.
WMI is a Windows service. Open Windows PowerShell. Run
wmimgmt.msc
To give you a little foretaste of what’s coming up the further parts of this post a quick and powerful example.
Which software is installed on Client01? Note, that I’m logged on another computer. This is a remote call.
Get-WmiObject win32_product -ComputerName client01 | Select-Object Name,InstallDate
Get-WmiObject has to be used to explore WMI Objects. But there’s also Get-CIMInstance. This could be a little confusing. Just remember WMI = CIM and CIM =WMI.
For the further part, I will use Get-CIMInstance, because it’s the newer and more flexbile command. More about this later.
Get-CimInstance win32_product -ComputerName client01 | Select-Object Name,InstallDate
Summary
WMI (Windows Management Instruments) provides read and write access to almost all Windows settings. WMI is one of the most important interfaces for the administration. There are two important cmdlets: Get-WmiObject and Get-CimInstance.
Exploring WMI Objects
Do you remember my 2 step method from part 8 to explore objects? The same goes here, with WMI.
1. Inquiry of all possibilities: Run Get-Member
Get-CimInstance win32_product | Get-Member -MemberType property
2. Call the attribute or method with (). or select-object or select
Get-CimInstance win32_product | Select-Object Name,InstallDate ,InstallSource,Vendor,Packagename
The question is now how to find all WMI Classes? So far, we’ve only looked at win32_product.
To view all WMI Classes run Get-WmiObject with the list parameter.
Get-WmiObject -List
A huge number of objects fill the screen.
Another option is – if you know about what you’re searching for – using Get-CimInstance and pressing TAB. For example if you want to view something about your BIOS then type
Get-CimInstance win32_bi
and press TAB. The third one is the right one.
It is impossible to go through all instances and classes here. That’s why from now on we will focus on examples you can build on.
What have we learned so far?
Run Get-WmiObject -List for discovering WMI Objects. Run Get-CimInstance and press TAB to discover WMI Objects.
WMI Examples
win32_OperatingSystem
One of the most used wmi queries is related to win32_operatingsystem.
Get-CimInstance win32_operatingsystem
Hmm… Are you impressed? Not really. REMEMBER the 2 step method. There’s more. Find it out!
Get-CimInstance win32_operatingsystem | Get-Member -MemberType property
What do you think about this command:
Get-CimInstance win32_operatingsystem | Select-Object InstallDate,LastBootUpTime,SystemDrive,Version,Serialnumber,OSType,FreePhysicalMemory,Status,NumberOfUsers,WindowsDirectory
win32_UserAccount
Another useful WMI instance is win32_useraccount.
Get-CimInstance Win32_UserAccount
There’s more. Again: Run Get-Member!
Get-CimInstance Win32_UserAccount | Get-Member
There we find hidden attributes. Let’s display some of them!
Get-CimInstance Win32_UserAccount | Select-Object Name,SID,PasswordChangeable,PasswordExpires,PasswordRequired,Status
I am now anticipating something that will be the subject of the next part. What if we want to display the properties of one user. How to achieve this? For this, we can use Where-Object. Let’s assume we want to list all user names that contain the value “schwarzen” in the name.
Here we go:
Get-CimInstance Win32_UserAccount | Where-Object Name -like '*schwarzen*' | Select-Object Name,SID,PasswordChangeable,PasswordExpires,PasswordRequired,Status
Ok, filtering and Where-Object will be the topic of the next post. Let’s move to the next useful instance.
Win32_PhysicalMemory
Do you know the Everest tool? It’s a hardware inventory tool. From now on we don’t need this 3rd party tool anymore. 😉 If you want to find out your type of memory (for example if you have to replace your memory) run
Get-WmiObject win32_physicalmemory | Format-Table Manufacturer,Banklabel,Configuredclockspeed,Devicelocator,Capacity,Serialnumber -autosize
Why Format-Table and not Select-Object? I wanted a sweeter view in table format.
Win32_ComputerSystem
Don’t forget to run Get-Member for discovering all the properties you see in the example below.
Get-CimInstance Win32_ComputerSystem | Select-Object Name,Manufacturer,ThermalState,KeyboardPasswordStatus,NumberOfProcessors
WMI Remoting (Side Note for Active Directory Administrators)
Before we come to the end of this article one more piece of information for Active Directory Systems Engineers. If you are working in an Active Directory environment, then you are able to execute remote WMI queries.
For example, you would like to find out which software is installed on computer dc01 run Get-CimInstance or Get-WmiObject and use the ComputerName parameter.
Get-CimInstance win32_product -ComputerName dc01 | Select-Object Name,InstallDate
Exercise
Here’s the exercise to the next part.
Retrieve information about your hard disk. Use Get-WmiObject or Get-CimInstance. First, search for the WMI Object and once you’ve found it show the Name, the Partitions, the Model, the Firmware and the Serial Number.
See you next time with the topic: Powershell for Beginners (Part 10): Filtering and Where-Object.
Patrick Gruenauer, MVP Powershell
Categories: PowerShell
My name is Patrick Gruenauer. From Austria.
SID-500.COM 
Thx for great article. One remark is that you should avoid using win32_product WMI class as it is evil! 😉
reference: https://mcpmag.com/articles/2017/07/27/gathering-installed-software-using-powershell.aspx
LikeLike
Thank you for the hint.
LikeLike