初识WMI

       久闻WMI大名，最近正好得点闲就开始学习WMI。WMI（Microsoft®Windows®Management Instrumentation ）从字面上就可以看出这是一个Windows 的管理支持技术，也就是说如果您要创建 Windows 管理应用程序或者管理 Windows 服务器、工作站，WMI会给你提供强大的支持。本文结束后有段摘自MSDN关于什么是WMI的一段话，大家看看就明白WMI是多么的强大。磁盘、事件日志、文件、文件夹、文件系统、网络组件、操作系统设置、性能数据、打印机、进程、注册表设置、安全性、服务、共享、用户、组甚至硬件设备都可以通过它来管理。简直是Windows管理的终极武器。

       那么WMI如此的强大，那它难不难呢？不难。大家看看下面的例子，这是一个监视进程的创建并显示的例子

strComputer = "." Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2") Set colMonitoredProcesses = objWMIService. _            ExecNotificationQuery("select * from __instancecreationevent " _         & " within 1 where TargetInstance isa 'Win32_Process'") i = 0 Do While i = 0     Set objLatestProcess = colMonitoredProcesses.NextEvent     Wscript.Echo objLatestProcess.TargetInstance.Name Loop

  首先定义目标机器，strComputer = "." 表示监视的是本地机器，如果你要对远程机器进程进行监视，那该怎么办呢？修改strComputer的值，比如改为strComputer = "TargetClient1",这个TargetClient1就是远程机器的机器名，IP也可以。当然目标机器要安装并启动WMI同时你也要有目标机器的管理权限。

然后是连接WMI服务，Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2")

最后检索WMI 托管资源，并回显资源的属性。 

就是怎么简单，一个WMI的脚本就写好了，你可以在记事本（当然也可以是别的文本编辑器了）上写好，保存为MonProcCreate.vbs的文件然后你就可以通过Windows script Host来执行。执行命令如下所示：

        cscript MonProcCreate.vbs

执行脚步后，如果我们启动计算器程序，就会在监视窗口出现calc.exe也就是监视到计算器程序启动了。这样一个简单的进程创建监视程序就完成了。它是如此的简单有效，不能不让人佩服wmi的强大。

        下面再写个监视文件创建的例子

strComputer = "." Set objWMIService = GetObject("winmgmts:" _  & "{impersonationLevel=impersonate}!//" & strComputer & "/root/cimv2") Set colMonitoredEvents = objWMIService.ExecNotificationQuery _  ("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE " _  & "Targetinstance ISA 'CIM_DirectoryContainsFile' AND " _  & "TargetInstance.GroupComponent= " _  & "'Win32_Directory.Name=""D:Download""'") Do  Set objLatestEvent = colMonitoredEvents.NextEvent  Wscript.Echo objLatestEvent.TargetInstance.PartComponent Loop

 还是上面那些步骤，这个监视的是本机D:/Download目录下文件的创建并显示。

在这我抛砖引玉对WMI做了个基本的介绍，具体就看各位自己的发挥了，有什么好的WMI脚本可以贴出来大家共享，如果是xp以上版本的系统WMIC这个工具还是很好用的。

      What Is WMI?

Originally released in 1998 as an add-on component with Windows NT 4.0 Service Pack 4, WMI is the core management-enabling technology built into Windows 2000, Windows XP, and the Windows Server 2003 family of operating systems. Based on industry standards overseen by the Distributed Management Task Force (DMTF), WMI is the instrumentation and plumbing through which all—well, almost all—Windows resources can be accessed, configured, managed, and monitored.

To grasp the power and breadth of WMI, consider how you managed and monitored Windows workstations and servers yesteryear, and perhaps even today. You probably used, or use, numerous graphical administrative tools to manage Windows resources, such as disks, event logs, files, folders, file systems, networking components, operating system settings, performance data, printers, processes, registry settings, security, services, shares, users, groups, and so on.

Although the graphical tools provided a functional management solution, what did they all have in common? One answer is, prior to WMI, all Windows graphical administrative tools relied on Win32 application programming interfaces (APIs) to access and manage Windows resources. Why? Because the only way you could programmatically access Windows resources before WMI was through the Win32 APIs. This situation left Windows system administrators without an easy way to automate common system administrative tasks using popular scripting languages, because most scripting languages cannot call Win32 APIs directly. WMI changes that by providing a consistent model and framework through which all Windows resources are described and exposed to the outside world. And best of all, system administrators can use the WMI Scripting Library to create system administrative scripts to manage any Windows resource exposed through WMI!

Using Windows Script Host and Microsoft Visual Basic® Scripting Edition (VBScript), or any scripting language supporting COM automation (for example, ActiveState Corporation's ActivePerl), you can write scripts to manage and automate the following aspects of your enterprise systems, applications, and networks:

• Windows Server 2003, Windows XP Professional, and Windows 2000 systems management. You can write scripts to retrieve performance data, manage event logs, file systems, printers, processes, registry settings, scheduler, security, services, shares, and numerous other operating system components and configuration settings.

• Network management. You can create WMI-based scripts to manage network services such as DNS, DHCP, and SNMP-enabled devices.

• Real-time health monitoring. Using WMI event subscriptions, you can write scripts to monitor and respond to event log entries as they occur, file system and registry modifications, and other real-time operating system changes. Conceptually, WMI event subscriptions and notifications are to WMI what SNMP traps are in the SNMP world.

• Windows .NET Enterprise Server management. You can write scripts to manage Microsoft® Application Center, Operations Manager, Systems Management Server, Internet Information Server, Exchange Server, and SQL Server.