The purpose of WMI is to define a proprietary set of environment-independent specifications which allow management information to be shared between management applications. WMI prescribes enterprise management standards and related technologies for Windows that work with existing management standards, such as Desktop Management Interface (DMI) and SNMP. WMI complements these other standards by providing a uniform model. This model represents the managed environment through which management data from any source can be accessed in a common way.
Because WMI abstracts the manageable entities with CIM and a collection of providers, the development of a provider implies several steps. The major steps can be summarized as follows:
Create the manageable entity model
Define a model
Implement the model
Create the WMI provider
Determine the provider type to implement
Determine the hosting model of the provider
Create the provider template with the ATL wizard
Implement the code logic in the provider
Register the provider with WMI and the system
Test the provider
Create consumer sample code.
Importance of WMI providers
Since the release of the first WMI implementation during the Windows NT 4.0 SP4 era (as an out-of-band download), Microsoft has consistently added WMI providers to Windows:
Under Windows NT 4.0, Microsoft had roughly 15 WMI providers available once WMI was installed
When Windows 2000 was released, there were 29 WMI providers as part of the operating system installation
With the release of Windows Server 2003, Microsoft included in the platform more than 80 WMI providers
Windows Vista includes 13 new WMI providers, taking the number close to around 100 in all
Many customers have interpreted the growth in numbers of providers as a sign that WMI has become at Microsoft the "ubiquitous" management layer of Windows, even if Microsoft has never made this commitment explicit.
Because of a constant increasing exposure of management data through WMI in Windows, people in the ITsystems management field started to develop scripts and automation procedures based on WMI. Beyond the scripting needs, most leading management-software packages, such as MOM, SCCM, ADS, HPOpenView for Windows (HPOV), BMC Software or CA, Inc. are WMI-enabled and capable of consuming and providing WMI information through various User Interfaces. This enables administrators and operators not capable of scripting or programming on top of WMI to enjoy the benefits of WMI without even learning about it. However, if they want to, because WMI is scriptable, it gives them the opportunity to consume WMI information from scripts or from any WMI-aware enterprise-management software.
For someone willing to develop one or many WMI providers, WMI offers many features out of the box. Here are the most important advantages:
Automation interfaces: Because WMI comes with a set of automation interfaces ready to use, all management features supported by a WMI provider and its set of classes get the scripting support for free out-of-the box. Beyond the WMI class design and the provider development, the Microsoft development and test teams are not required to create, validate and test a scripting model as it is already available from WMI.
.NET Management interfaces: Because the System.Management namespace  relies on the existing COM/DCOM plumbing, the created WMI provider and its set of WMI classes becomes automatically available to all .NET applications independently of the language used (e.g. C#, VB.NET). Beyond the WMI class design and the provider development, like for scripting, the Microsoft development and test teams are not required to create, validate and test new assemblies to support a new namespace in the .NET Framework as this support is already available from WMI for free.
C/C++ COM/DCOM programming interfaces: Like most components in Windows, COM/DCOM programmers can leverage the features of the provider they develop at the COM/DCOM interfaces level. Like in previous environments (scripting and .NET Framework), a COM/DCOM consumer just needs to interact with the standard set of WMI COM interfaces to leverage the WMI provider capabilities and its set of supported WMI classes. To make all management information available from the native APIs, the WMI provider developer just needs to interact with a set of pre-defined WMI COM interfaces. This will make the management information available at the WMI COM level automatically. Moreover, the scripting COM interface object model is very similar to the COM/DCOM interface object model, which makes it easy for developers to be familiar with the scripting experience.
Remoting capabilities over DCOM and SOAP: More than simply offering local COM capabilities, as management is all about remoting, WMI offers the DCOM transport. In addition, SOAP transport will be available in Windows Server 2003R2 through the WS-Management initiative led by Microsoft, Intel, Sun Microsystems and Dell. This initiative allows running any scripts remotely or to consume WMI data through a specific set of interfaces handling SOAP requests/responses. The advantage for the WMI provider developer is that when he exposes all his features through WMI, Windows Remote Management/WS-Management can in turn consume that information as well (embedded objects in WMI instances are not supported in Windows Server 2003 R2. It is however a target for Vista). All the layering to WS-Management and the mapping of the CIM data model to SOAP comes for free out of the WMI/WS-Management solution. In the event DCOM must be used, implementing DCOM requires the presence of a proxy DLL deployed on each client machine. As WMI is available in the Windows operating system since Windows 2000, these issues are eliminated.
Support for Queries: WMI offers support for WQL queries out of the box. This means that if a provider is not designed to support queries, WMI supports it by using an enumeration technique out of the provider.
Eventing capabilities: WMI offers the capability to notify a subscriber for any event it is interested in. WMI uses the WMI Query Language (WQL) to submit WQL event queries and defines the type of events to be returned. The eventing mechanism, with all related callbacks, is part of the WMI COM/DCOM and automation interfaces. Anyone writing a WMI provider can have the benefit of this functionality at no cost for his customers. It will be up to the consumer to decide how it wants to consume the management information exposed by the WMI provider and its related set of WMI classes.
Code template generator: To speed up the process of writing a WMI provider including all COM/DCOM interfaces and related definitions, the WMI team developed the WMI ATL Wizard to generate the code template implementing a provider. The code generated is based on the WMI class model initially designed by the developer. The WMI provider developer will be able to interface the pre-defined COM/DCOM interfaces for the WMI provider with its set of native APIs retrieving the management information to expose. The exercise consists in filling the “gaps” in the provider code to create the desired interfacing logic.
Predictability: Predictability is an important concern for IT professionals because it defines the capability of someone having an experience with a set of interfaces managing a Windows component to apply this knowledge right away, intuitively, to any other manageable Windows component without having relearn everything from ground up. Predictability for a customer is a real gain as it increases the Return of Investment (ROI). A person facing such a situation simply expects things to work the same way based on his previous experience. The constant increase of COM programming/scriptable interfaces has a huge impact on the predictability, as this makes it difficult for customers to automate, manage Windows and leverage their existing knowledge. WMI with CIM address this problem by always exposing the same programming object model (COM/DCOM, Automation, .NET) whatever the manageable entity is.
Protect existing customer investments: Protecting customers and partners investment motivates customers to invest in technologies. As Microsoft did invest a lot these past years in writing WMI providers, customers and partners invested in tools leveraging the WMI capabilities of Windows. Therefore, they naturally continue to exploit these capabilities instead of having to use a new set of specific interfaces for each Windows manageable component. A specific set of interfaces means having a specific set of agents or in-house developed software based on a new model or set of interfaces especially dedicated to a component or technology. By leveraging the capabilities of WMI today, customers and partners can leverage the work investment made in the past while minimizing their costs in developments, learning curves and new discoveries. This will also have a great impact on the stability and reliability of their infrastructure as they continue to leverage an existing implementation with an improved technology.
Provide a logical and unified administration model: As briefly described before in the introduction, this model is based on an industry standard called CIM defined by the DMTF (http://www.dmtf.org). The CIM class-based schema is defined by a consortium of constructors and software developers that meets the requirements of the industry. This implies that not only Microsoft leverages the WMI capabilities, but also any other third party constructors or developers write their own code to fit into the model. For instance, Intel is doing this for some of their network driver adapters and software. HP is leveraging existing WMI providers and implementing their own WMI providers in their HP Open View Enterprise Management software. IBM consumes WMI from the Tivoli management suite, MOM and SMS are also consuming and providing WMI information. Lastly, Windows XP SP2 leverages WMI to get information status from anti-virus software and firewalls.
Some WMI tools can also be useful during the design and development phases. These tools are:
The MOF compiler (MOFComp.exe): The Managed Object Format (MOF) compiler parses a file containing Managed Object Format statements and adds the classes and class instances defined in the file to the CIM repository. The MOF format is a specific syntax to define CIM class representation in an ASCII file (e.g. MIB are to SNMP what MOF files are to CIM). MOFComp.exe is included in every WMI installation. Every definition existing in the CIM repository is initially defined in an MOF file. MOF files are located in %SystemRoot%\System32\WBEM. During the WMI setup, they are loaded in the CIM repository.
The WMI Administrative Tools: The WMI Administrative Tools are made of four tools: WMI CIM Studio, WMI Object Browser, WMI Event Registration and WMI Event Viewer. The most important tool for a WMI provider developer is WMI CIM Studio as it helps in the initial WMI class creation in the CIM repository. It uses a web interface to display information and relies on a collection of ActiveX components installed on the system when it runs for the first time. WMI CIM Studio provides the ability to:
Connect to a chosen system and browse the CIM repository in any namespace available.
Search for classes by their name, by their descriptions or by property names.
Review the properties, methods and associations related to a given class.
See the instances available for a given class of the examined system.
Perform Queries in the WQL language.
Generate an MOF file based on selected classes.
Compile an MOF file to load it in the CIM repository.
WinMgmt.exe: WinMgmt.exe is not a tool; it is the executable that implements the WMI Core service. Under the Windows NT family of operating systems, WMI runs as a service. On computers running Windows 98, Windows 95 or Windows Me, WMI runs as an application. Under the Windows NT family of operating systems, it is also possible to run this executable as an application, in which case, the executable runs in the current user context. For this, the WMI service must be stopped first. The executable supports some switches that can be useful when starting WMI as a service or as an application. WMI provider developers who may want to debug their providers essentially need to run the WMI service as an application.
WBEMTest.exe: WBEMTest.exe is a WMI tester tool, which is delivered with WMI. This tool allows an administrator or a developer to perform most of the tasks from a graphical interface that WMI provides at the API level. Although available under all Windows NT-based operating systems, this tool is not officially supported by Microsoft. WBEMTest provides the ability to:
Enumerate, open, create and delete classes.
Enumerate, open, create and delete instances of classes.
Select a namespace.
Perform data and event queries.
Execute methods associated to classes or instances.
Execute every WMI operation asynchronously, synchronously or semi-asynchronously.
The WMI command line tool (WMIC): WMIC is a command-line tool designed to ease WMI information retrieval about a system by using some simple keywords (aliases). WMIC.exe is only available under Windows XP Professional, Windows Server 2003, Windows Vista, Windows 7 and Windows Server 2008. By typing “WMIC /?” from the command-line, a complete list of the switches and reserved keywords is available.
There is a Linux port of WMI command line tool, written in Python, based on Samba4 called 'wmi-client'
WBEMDump.exe: WBEMDump is a tool delivered with the Platform SDK. This command line tool comes with its own Visual C++ project. The tool can show the CIM repository classes, instances, or both. It is possible to retrieve the same information as that retrieved with WMIC. WBEMDump.exe requires more specific knowledge about WMI, as it doesn’t abstract WMI as WMIC. However, it runs under Windows NT 4.0 and Windows 2000. It is also possible to execute methods exposed by classes or instances. Even if it is not a standard WMI tool delivered with the system installation, this tool can be quite useful for exploring the CIM repository and WMI features.
WMIDiag.vbs: The WMI Diagnosis Tool is a VBScript downloadable from Microsoft here and is a tool for testing and validating WMI on Windows 2000 and greater. The download includes pretty thorough documentation and the tool supports numerous switches. When run, it will generate up to four text files which: list the steps taken (the LOG file), an overview of the results (REPORT file), a statistics file (in comma separated values format), and optionally a file listing of the providers registered on the machine (PROVIDERS, also in comma separated values format). The report file that is generated includes a list of the issues identified and potential ways to fix them.
WMI Explorer: The WMI Explorer Tool is a freely available and opensource program downloadable here and is a tool for enumerating and querying WMI providers in a graphical user interface.
Wireless networking example
In the .NET framework, the ManagementClass class represents a Common Information Model (CIM) management class. A WMI class can be a Win32_LogicalDisk in the case of a disk drive, or a Win32_Process, such as a running program like Notepad.exe.
This example shows how "MSNdis_80211_ServiceSetIdentifier" WMI class is used to find the SSID of the Wi-Fi network that the system is currently connected to in the language C#:
The "MSNdis_80211_ServiceSetIdentifier" WMI class is only supported on Windows XP and Windows Server 2003.
WMI driver extensions
The WMI extensions to WDM provide kernel-level instrumentation such as publishing information, configuring device settings, supplying event notification from device drivers and allowing administrators to set data security through a WMI provider known as the WDM provider. The extensions are part of the WDM architecture; however, they have broad utility and can be used with other types of drivers as well (such as SCSI and NDIS). The WMI Driver Extensions service monitors all drivers and event trace providers that are configured to publish WMI or event trace information. Instrumented hardware data is provided by way of drivers instrumented for WMI extensions for WDM. WMI extensions for WDM provide a set of Windows device driver interfaces for instrumenting data within the driver models native to Windows, so OEMs and IHVs can easily extend the instrumented data set and add value to a hardware/software solution. The WMI Driver Extensions, however, are not supported by Windows Vista and later operating systems.
Active Scripting (formerly known as ActiveX Scripting) is the technology used in Windows to implement component-based scripting support. It is based on OLE Automation (part of COM) and allows installation of additional scripting engines in the form of COM modules.
The Common Information Model (CIM) is an open standard that defines how managed elements in an IT environment are represented as a common set of objects and relationships between them. The Distributed Management Task Force maintains the CIM to allow consistent management of these managed elements, independent of their manufacturer or provider.
DesktopX was a shareware desktop enhancement program that allowed users to build their own custom desktops. Amongst its features was a complete widget engine for Windows as well as a desktop object system. User creations could be exported as .desktop files or as widgets. The program was distributed with Object Desktop as well as stand-alone.
DesktopX was released by Alberto Riccio in 1999 as VDE (Verona Desktop Enhancer), and bought in 2000 by Stardock. Mini-applications created with it were called "object packs" but later rebranded as "widgets" to standardize the term.
Most users used DesktopX to build alternative desktop environments. The mini-application creation ability was there from the start but did not gain widespread use until the release of DesktopX 2 in 2003. Current versions run on Windows 2000 and above.
DesktopX is no longer for sale by its author and is not actively supported.
The Desktop Management Interface (DMI) generates a standard framework for managing and tracking components in a desktop, notebook or server computer, by abstracting these components from the software that manages them. The development of DMI, 2.0 version June 24, 1998, marked the first move by the Distributed Management Task Force (DMTF) into desktop-management standards.
Before the introduction of DMI, no standardized source of information could provide details about components in a personal computer.
Due to the rapid development of DMTF technologies, such as Common Information Model (CIM), the DMTF defined an "End of Life" process for DMI, which ended on March 31, 2005.
From 1999, Microsoft required OEMs and BIOS vendors to support the DMI interface/data-set in order to have Microsoft certification.
Goverlan Reach Systems Management is a remote support software created and distributed by Goverlan, Inc.
Goverlan is an on-premises client management software designed for medium to large enterprises for remote control, active directory management, global configuration change management, and reporting within a Windows IT Infrastructure.
KDE Platform 4 was a collection of libraries and software frameworks by KDE that served as technological foundation for KDE Software Compilation 4 distributed under the GNU Lesser General Public License (LGPL). KDE Platform 4 was the successor to KDElibs and the predecessor of KDE Frameworks 5. KDE Platform 4 is the only version of KDE Platform, see KDE’s brand repositioning.
The Kernel-Mode Driver Framework (KMDF) is a driver framework developed by Microsoft as a tool to aid driver developers create and maintain kernel mode device drivers for Windows 2000 and later releases. It is one of the frameworks included in the Windows Driver Frameworks. The current version is 1.27.
The Microsoft Enterprise Library is a set of tools and programming libraries for the Microsoft .NET Framework. It provides APIs to facilitate proven practices in core areas of programming including data access, logging, exception handling and others. Enterprise Library is provided as pluggable binaries and source code, which can be freely used and customized by developers for their own purposes. It also ships with test cases and quickstarts.
MinWin is a term used informally by Microsoft to describe the kernel and operating system components that form the basis of releases of Microsoft Windows starting with Windows Vista. The term was first used in 2003 to describe approximately 95% of the common components of the operating system, but has over time come to refer to a significantly smaller portion. Its most recent and most well-known variation was a minimalistic, self-contained set of Windows components that shipped as part of Windows 7 and Windows Server 2008 R2.
Network management is the process of administering and managing computer networks. Services provided by this discipline include fault analysis, performance management, provisioning of networks and maintaining the quality of service. Software that enables network administrators to perform their functions is called network management software.
Program Files is the directory name of a standard folder in Microsoft Windows operating systems in which applications that are not part of the operating system are conventionally installed. Typically, each application installed under the 'Program Files' directory will have a subdirectory for its application-specific resources. Shared resources, for example resources used by multiple applications from one company, are typically stored in the 'Common Program Files' directory.
Security and Maintenance (formerly known as Action Center, and Security Center in earlier versions) is a component of the Windows NT family of operating systems that monitors the security and maintenance status of the computer. Its monitoring criteria includes optimal operation of antivirus software, personal firewall, as well as the working status of Backup and Restore, Network Access Protection (NAP), User Account Control (UAC), Windows Error Reporting (WER), and Windows Update. It notifies the user of any problem with the monitored criteria, such as when an antivirus program is not up-to-date or is offline.
Terry Myerson (born 1972 or 1973) is a venture partner at Madrona Venture Group and an operating executive at The Carlyle Group. Formerly an Executive Vice President of Microsoft and head of its Windows and Devices Group. He graduated from Duke University in 1992 and founded Intersé Corporation, which Microsoft purchased in 1997. At Microsoft, he led software and engineering teams behind Microsoft Exchange and Windows Phone before his executive promotion in the company's July 2013 reorganization. His plan to leave Microsoft after a transition period was announced in March 2018. Myerson announced his new role in October 2018 via a personal post on his LinkedIn page.
Uptime is a measure of system reliability, expressed as the percentage of time a machine, typically a computer, has been working and available. Uptime is the opposite of downtime.
It is often used as a measure of computer operating system reliability or stability, in that this time represents the time a computer can be left unattended without crashing, or needing to be rebooted for administrative or maintenance purposes.
Conversely, long uptime may indicate negligence, because some critical updates can require reboots on some platforms.
Windows Management Instrumentation Query Language (WQL) is Microsoft's implementation of the CIM Query Language (CQL), a query language for the Common Information Model (CIM) standard from the Distributed Management Task Force (DMTF). It is a subset of ANSI standard SQL with minor semantic changes.WQL is dedicated to WMI and is designed to perform queries against the CIM repository to retrieve information or get event notifications.
The startup process of Windows NT 6 (Windows Vista and Windows Server 2008) and their successors differs from the startup process part of previous versions of Windows.
In this article, unless otherwise specified, what is said about "Windows Vista" also applies to all later NT operating systems. For Windows Vista, the boot sector or UEFI loads the Windows Boot Manager (a file named BOOTMGR on either the system or the boot partition), accesses the Boot Configuration Data store and uses the information to load the operating system. Then, the BCD invokes the boot loader and in turn proceeds to initiate the Windows kernel. Initialization at this point proceeds similarly to previous Windows NT versions.
This page is based on a Wikipedia article written by authors
Text is available under the CC BY-SA 3.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.