Tip: Windows internals using wmi

C

Colin Brown

Recently I was looking for remote management tools and came across
"Windows Management Instrumentation". There is a python interface
available:

http://tgolden.sc.sabren.com/python/wmi.html

I was amazed how easy it became to access just about anything under
the hood (later versions of NT, 2000, XP) using a couple of lines of code!
If you have privileged access to remote computers you can interrogate
them as well. My attempts to modify things were less successful :-(

Colin Brown
PyNZ

With python, win32all and wmi installed, try these code snippets
to get some idea of what is available:

-------------------------------
import wmi
w = wmi.WMI()
for process in w.Win32_Process():
if process == 'python':
print process
-------------------------------
import wmi
c = wmi.WMI()
list = c.classes
out = []
for item in list:
if item[:1] <> '_':
out.append(item)

open('classes.txt','w').write('\r\n'.join(out))
print 'View classes.txt in a browser'
---------------------------
import wmi
c = wmi.WMI()
for x in c.Win32_NetworkAdapter():
print x
--------------------------
 
T

Tim Golden

Colin Brown said:
Recently I was looking for remote management tools and came across
"Windows Management Instrumentation". There is a python interface
available:

http://tgolden.sc.sabren.com/python/wmi.html

I was amazed how easy it became to access just about anything under
the hood (later versions of NT, 2000, XP) using a couple of lines of code!

Well it's always nice to know one's code is being
used - thank you for the free advertising! Just in
case it wasn't well-known, you can get WMI patches
for Win9x and NT4 (not 3.51, I think) which is
essential for those of us still running quite a number
of older machines.

I suspect you've already seen it, but the cookbook page
(http://tgolden.sc.sabren.com/python/wmi_cookbook.html)
is always happy to receive new examples of things you've
found useful. Just email me with your examples.

The business of remote administration can be quite
a pain. You need to go through the levels of WMI,
DCOM, NT/2K(3) and possibly AD security to get the
access you want. I'm trying to put together a useful
hints page - any experience you have (good or bad)
will be gratefully received.

TJG
 
H

Hamster

Hi

This run OK on my Windows-XP, but no-run on Windows-2000 :


def wprocess(lstSuppr=[]):
import win32com,win32com.client
WMIService
=win32com.client.GetObject(r'winmgmts:{impersonationLevel=impersonate}!//.\r
oot\cimv2')
listProcess = WMIService.ExecQuery('Select * from Win32_Process')
for item in listProcess:
print ''
print 'Nom :',item.Name
print 'Ligne de commande :',item.CommandLine
print 'Descriptif :',item.Description
print 'Path d\'exécution :',item.ExecutablePath
print 'Statut :',item.Status
print 'Pririté :',item.Priority
print 'Caption :',item.Caption
print 'IdProcess :',item.ProcessId
print 'IdProcess Parent :',item.ParentProcessId
if item.name in lstSuppr:
try:
item.Terminate()
except:
pass


#wprocess()
wprocess(['notepad.exe','WINWORD.EXE']) # supprime certains process





@-salutations
 
M

MetalOne

Can WMI be used to change environment variables such as PATH.
The Environment Variables Dialog in Windows is complete crap.
I might like to write a new environment variable editor in Python.
 
C

Colin Brown

MetalOne said:
Can WMI be used to change environment variables such as PATH.
The Environment Variables Dialog in Windows is complete crap.
I might like to write a new environment variable editor in Python.

----------------------------------------------------------------------------
---------------------------
Hi MetalOne

I am not an expert on wmi having only just chanced upon it myself. However
some quick browsing gives:

The documentation for Win32_Environment (Google Win32_Environment) says that
wmi returns registry
information but does not provide methods for changing them.

From: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322756#3f
Use Windows Management Instrumentation
Windows Management Instrumentation (WMI) is a component of the Microsoft
Windows operating system and is the Microsoft implementation of Web-Based
Enterprise Management (WBEM). WBEM is an industry initiative to develop a
standard technology for accessing management information in an enterprise
environment. You can use WMI to automate administrative tasks (such as
editing the registry) in an enterprise environment. You can use WMI in
scripting languages that have an engine on Windows and handle Microsoft
ActiveX objects. You can also use the WMI Command-Line utility (Wmic.exe) to
modify the Windows registry.

For additional information about WMI, visit the following Microsoft Web
site:
http://msdn.microsoft.com/library/en-us/wmisdk/wmi/wmi_start_page.asp

For additional information about the Wmic.exe, click the following article
number to view the article in the Microsoft Knowledge Base:
290216 A Description of the Windows Management Instrumentation Command-Line
Utility

Following down these links gets to:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/ht
ml/scripting06112002.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/ht
ml/scripting08132002.asp

These are well worth a look if you want to know what wmi is all about. Table
1 indicates that you use the "Registry provider" wmi interface for
modifying registry settings. I do not know if the python wmi interface
supports this.

There is a utility for testing wmi: run wbemtest


Colin Brown
PyNZ
 
J

John J. Lee

Colin Brown said:
news:[email protected]... [...]
The documentation for Win32_Environment (Google Win32_Environment) says that
wmi returns registry information but does not provide methods for changing them.
[...skip to a quote from MS docs...]
environment. You can use WMI to automate administrative tasks (such as
editing the registry) in an enterprise environment. You can use WMI in [...back to MetalOne...]
These are well worth a look if you want to know what wmi is all about. Table
1 indicates that you use the "Registry provider" wmi interface for
modifying registry settings. I do not know if the python wmi interface
[...]

So it *does* allow hanging registry information? You seem to be
contradicting your own introduction.


John
 
T

Tim Golden

Colin Brown said:
Following down these links gets to:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/ht
ml/scripting06112002.asp

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/ht
ml/scripting08132002.asp

These are well worth a look if you want to know what wmi is all about. Table
1 indicates that you use the "Registry provider" wmi interface for
modifying registry settings. I do not know if the python wmi interface
supports this.

May I also recommend:

http://www.microsoft.com/technet/tr...echnet/scriptcenter/scrguide/sas_reg_fzit.asp

which gives something of a worked example.

As to whether the Python wmi interface will handle
this, it depends... The wmi module is a fairly
lightweight wrapper around Mark Hammond's win32com
module, proxying a few GetObject and attribute calls,
so following the example above, this should be possible:

import wmi
c = wmi.WMI (moniker="winmgmts://localhost/root/default")
for i in c.StdRegProv ():
reg = i

reg.EnumValues etc. etc.

However... when I try this on my Win2k machine
I run into two problems:

1) The root\default namespace (which the registry
provider uses) does not have the SubclassesOf method
which the module uses to determine available classes
and give you the easy attribute access.

2) Even when you use the wmi object's instances
method to query for the StdRegProv directly, it
doesn't complain (as it does if, for example,
you ask it for foobar) but it doesn't return
any instances either.

[NB For the purposes of this example
I've patched the WMI __init__ method
to ignore SubclassesOf]
c = wmi.WMI (moniker="winmgmts://localhost/root/default")
print c.instances ("StdRegProv") []
print c.instances ("foobar")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "o:\python-site-packages\wmi.py", line 466, in instances
handle_com_error (error_info)
File "o:\python-site-packages\wmi.py", line 111, in handle_com_error
raise x_wmi, "\n".join (exception_string)
wmi.x_wmi: 0x80041010 - OLE error 0x80041010
Just for the moment this has me flummoxed.
I suspect there's some extra bit of compiling
or setting up that has to be done at the WMI end,
but at present I don't have the time (or the
need for myself) to look. If anyone has any luck,
please let me know and if needs be I'll patch the
module to cope.

Once the wmi object wraps the StdRegProv, everything
else should fall out nicely (but see my earlier
remarks concerning remote security).

TJG
 
C

Colin Brown

Thanks for your comments Tim. Sadly I find myself in the same position
as yourself with regard to need and time to investigate this further.

I note that there is a third article in WMI Scripting Primer's:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/ht
ml/scripting06112002.asp

which states:
"Modifying the Properties of a Managed Resource
In Windows 2000, WMI is primarily a read-only technology. Of the 4,395
properties defined in the Windows 2000 root\cimv2 namespace, only 39
properties are writeable. Those numbers improve in Microsoft® Windows® XP,
where 145 of approximately 6560 properties are writeable. And the numbers
get even better in Windows Server 2003."

It appears to be evolving technology, currently targetted more at inspection
than management!

Colin Brown
PyNZ
 
T

Tim Golden

Colin Brown said:
Thanks for your comments Tim. Sadly I find myself in the same position
as yourself with regard to need and time to investigate this further.

I note that there is a third article in WMI Scripting Primer's:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnclinic/ht
ml/scripting06112002.asp

which states:
"Modifying the Properties of a Managed Resource
In Windows 2000, WMI is primarily a read-only technology. Of the 4,395
properties defined in the Windows 2000 root\cimv2 namespace, only 39
properties are writeable. Those numbers improve in Microsoft® Windows® XP,
where 145 of approximately 6560 properties are writeable. And the numbers
get even better in Windows Server 2003."

It appears to be evolving technology, currently targetted more at inspection
than management!

Colin Brown
PyNZ

Interesting indeed. Further investigation
(which I *really* didn't have the time to do!)
threw up several articles by Microsoft which
talked about having to compile / set something
up / register COM services / other arcane stuff
in order to use the Registry provider.

I can't lay my hands on the URL (and it would
have changed by the time you read this) but it
put me off somewhat -- also, I can't understand
why they didn't just build it in from the start:
it's not as though the Registry is some little-used
backwater of the Operating System!

If you come across anything useful, or find the
energy to get something working with this, let me
know.

Thanks. TJG
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,734
Messages
2,569,441
Members
44,832
Latest member
GlennSmall

Latest Threads

Top