Provides background information about Windows Management Instrumentation
(WMI) and Windows PowerShell.
This topic provides information about WMI technology, the WMI cmdlets for
Windows PowerShell, WMI-based remoting, WMI accelerators,
and WMI troubleshooting. This topic also provides links to more information
Windows Management Instrumentation (WMI) is the Microsoft implementation
of Web-Based Enterprise Management (WBEM), which is an industry
initiative to develop a standard technology for accessing management
information in an enterprise environment. WMI uses the Common Information
Model (CIM) industry standard to represent systems, applications,
networks, devices, and other managed components. CIM is developed and
maintained by the Distributed Management Task Force (DMTF). You can use
WMI to manage both local and remote computers. For example, you can use
WMI to do the following:
-- Start a process on a remote computer.
-- Restart a computer remotely.
-- Get a list of the applications that are installed on a local or
-- Query the Windows event logs on a local or remote computer.
The WMI Cmdlets for Windows PowerShell
Windows PowerShell implements WMI functionality through a set of cmdlets
that are available in Windows PowerShell by default. You can use these
cmdlets to complete the end-to-end tasks necessary to manage local and
The following WMI cmdlets are included.
Get-WmiObject Gets instances of WMI classes or information
about the available classes.
Invoke-WmiMethod Calls WMI methods.
Register-WmiEvent Subscribes to a WMI event.
Remove-WmiObject Deletes WMI classes and instances.
Set-WmiInstance Creates or modifies instances of WMI classes.
The following command displays the BIOS information for the local
C:\PS> get-wmiobject win32_bios | format-list *
The following command displays information about the WinRM service
for three remote computers.
C:\PS> get-wmiobject -query "select * from win32_service where name='WinRM'" -computername server01, server01, server03
The following more complex command exits all instances of a program.
C:\PS> $np = get-wmiobject -query "select * from win32_process where name='notepad.exe'"
C:\PS> $np | remove-wmiobject
While the ability to manage a local system through WMI is useful, it is
the remoting capabilities that make WMI a powerful administrative tool.
WMI uses Microsoft's Distributed Component Object Model (DCOM) to
connect to and manage systems. You might have to configure some systems
to allow DCOM connections. Firewall settings and locked-down DCOM
permissions can block WMI's ability to remotely manage systems.
WMI Type Accelerators
Windows PowerShell includes WMI type accelerators. These WMI type
accelerators (shortcuts) allow more direct access to a WMI objects
than a non-type accelerator approach would allow.
The following type accelerators are supported with WMI:
[WMISEARCHER] - A shortcut for searching for WMI objects.
[WMICLASS] - A shortcut for accessing the static properties
and methods of a class.
[WMI] - A shortcut for getting a single instance of a class.
[WMISEARCHER] is a type accelerator for a ManagementObjectSearcher.
It can take a string constructor to create a searcher that you can then
do a GET() on.
PS> $s = [WmiSearcher]'Select * from Win32_Process where Handlecount > 1000'
PS> $s.Get() |sort handlecount |ft handlecount,__path,name -auto
handlecount __PATH name
----------- ------ ----