Chapter 13 Call WMI methods on WMI classes

Methods

There are instance methods and Static methods:

Instance methods, which means they only work on an instance of a class.
Static methods, which mean they do not operate on an instance of the class. For example, the Terminate method from the WIN32_Process class is an instance method—it will only operate against a specific instance of the WIN32_Process class. If you do not have a reference to a process, you cannot terminate the process— which makes sense.

Terminate process

There are at least four choices to stop the process:

■ You can call the method directly using dotted notation (because there is only one instance of notepad).

■ You can store the reference in a variable and then terminate it directly.

■ You can use the Invoke-WmiMethod cmdlet.

■ You can use the [wmi] type accelerator.

^{Terminate method}

Notice that each time the method is called, a ReturnValue property is returned from the method call. This value is used to determine if the method completed successfully.

(gwmi win32_process -Filter "name = 'notepad.exe'").terminate()

Note Tab expansion does not enumerate the terminate method when the underlying object is an array; therefore, this is one instance where you will need to type out the entire method name.

The second way of calling the terminate method directly is to use WMI to return an instance of the object, store the returned object in a variable, and then call the method via dotted notation.

Invoke-WmiMethod cmdlet

If you want to use the Invoke-WmiMethod Windows PowerShell cmdlet to call an instance method, you must pass a path to the instance to be operated upon. The easiest way to obtain the path to the instance is to first perform a WMI query, and then to use the __RelPath system property( relative path).

If working against a remote machine, you will want the complete path to the instance. The complete path includes the machine name and the WMI namespace, as well as the class and the key to the class. The complete path appears in the __Path system property.

[wmi] type accelerator

Another way to call an instance method is to use the [wmi] type accelerator. The [wmi] type accelerator works with WMI instances. Therefore, if you pass a path to the [wmi] type accelerator, you can call instance methods directly.

For example, we can get an instance of notepad and pass the value of the __RELPATH system property to the [wmi] type accelerator. This command returns the entire instance of the WIN32_Process class. That is, it returns all properties and methods that are available.

PS C:\> notepad
PS C:\> $a = gwmi win32_process -Filter "name = 'notepad.exe'"
PS C:\> [wmi]$a.__RELPATH | select name
name
----
notepad.exe
PS C:\> ([wmi]$a.__RELPATH).terminate()
__GENUS : 2
__CLASS : __PARAMETERS
__SUPERCLASS :
__DYNASTY : __PARAMETERS
__RELPATH :
__PROPERTY_COUNT : 1
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
ReturnValue : 0
PSComputerName :

Using WMI to work with static methods

Look up the class in the Windows Management Instrumentation Tester (WbemTest). The WbemTest utility always exists with WMI. To find it, you can type WbemTest from within Windows PowerShell.

when using the Get-WmiObject cmdlet with the Win32_ SecurityDescriptorHelper class, nothing happens.

Static methods do not use an instance of the WMI class— the Get-WmiObject command does not work with Win32_SecurityDescriptorHelper because Get-WmiObject returns instances of the class. With this WMI class, there are no instances.

The easiest way to work with the static WMI method is to use the [wmiclass] type accel- erator. The SDDLToBinarySD method will translate a Security Descriptor De nition Language (SDDL) string into binary byte array security descriptor (binary SD) format. The best way to talk about this technique is to walk through an example of converting an SDDL string to binary SD format. First, you need to obtain an SDDL string—you can do that by using the Get-Acl cmdlet. The rst thing to do is give the Get-Acl cmdlet (ACL stands for Access Control List) the path to a le on your computer. Then store the resulting object in the $acl variable, and examine the SDDL string associated with the le by querying the SDDL property. These two lines of code appear here:

$acl = Get-Acl C:\bootmgr 

$acl.Sddl

In Windows PowerShell, double colons are required to call a static method. For example, to obtain the sine of a 45 degree angle, use the SIN static method from the system.math class. This appears here:

[math]::sin(45)

Exercise:

Start five copies of Notepad:

1..5 | % {notepad}

Use Remove-WmiObject cmdlet to kill the process:

gwmi win32_process -Filter "name = 'notepad.exe'" | Remove-WmiObject

Store the returned WMI objects in a variable named $process:

$process = gwmi win32_process -Filter "name = 'notepad.exe'"

Call the terminate method from the $process variable. The command appears here:

$process.terminate()