WMI and CIM with PowerShell – The Basics

WMI and CIM with PowerShell – The Basics

If you've been working with computers for any length of time you have heard the terms WMI and CIM. CIM (Common Information Model) is a database that h

Lost AD Trust and Your Local Account Doesn’t Work!
Disable/Enable all Network Adapters
PowerShell Web

If you’ve been working with computers for any length of time you have heard the terms WMI and CIM. CIM (Common Information Model) is a database that holds details about all managed elements on a computer system. WMI is actually Microsoft’s CIM-Server for Windows.

OMI or Open Management Instrumentation, is an open source lightweight version of WMI, and began life as NanoWebEm, and is used for Linux and devices (IOT).

WMI/CIM Architecture

Figure 1

Many administrators I have talked to do not know that WinRM is only used for CIM Cmdlets, DCOM is used however for both WMI and CIM Cmdlets.

CIMOM, CIM Object Manager lives in the WBEM folder at C:\Windows\System32\Wbem\Winmgmt.exe. The providers, or .DDLs that do most of the work also live in the same folder as *provider*.dll files.

The CIM database itself lives in C:\Windows\system32\Wbem\repository *.DATA, *.MAP, and *.BTR

WMI commands live in Microsoft.PowerShell.Management module, and CIM commands live in the CimCmdlets module.

In the figure 2 you can see the top-level namespaces. As you can see, the CIMv2 namespace lives within the root namespace, and contains six sub namespaces. All namespaces are built of classes, to find the classes in a namespace is relatively easy with Get-CimClass command. If you do not specify a namespace then Powershell will search in the default namespace which is CIMv2, not the root namespace, if you want to specify the root you must use -namespace root.

CIM Database Root

Figure 2

If you want to see the different methods and properties in a class then you would use something similar to “Get-CimClass -ClassName win32_share -Namespace root/cimv2 | Get-Member”. This provides you with all the different methods and properties associated with the class win32_share. Once know the class name that we want we can then get the Instances by using the “Get-CIMInstance” command. So running “Get-CIMInstance -ClassName Win32_Share ” would provide a list of all the SMB Shares.

If you wanted to see all the available classes in a given namespace such as CIMv2, you could do “Get-CIMClass -namespace root/CIMv2 -class *”, it will be quite a list but you can see what I mean.


Figure 3

There are some very useful GUI tools that you can you that many don’t know of, such as “wbemtest”, Figure 3. WMIExplorer is another great GUI tool, and comes from Codeplex.

Let’s talk about CIM sessions. First, if you do not specify a computer name then the sessions will be to local host using DCOM. If you specify a computer name the session will be to the specified computer using WSMAN.

Creates a local connection using DCOM.
“Get-CIMInstance -ClassName Win32_Bios”
Creates a remote connection using WSMAN.
“Get-CIMInstance -ClassName Win32_Bios -ComputerName DC1”

After these commands are ran the session will be torn down. If we want to keep the session up we need to use the “New-CIMSession” command. Look at these two examples for creating a new CIM session:

#Create DCOM session options and DCOM Session
$o1 = New-CimSessionOption -Protocol DCOM
$s1 = New-CimSession -Computername localhost -SessionOption $o1

# Create a WSMAN based session
$o2 = New-CimSessionOption -Protocol WSMAN
$s2 = New-CimSession -Computername localhost -SessionOption $o2

Now we can use the created CIM Session as many times as we like, such as:
“Get-CimInstance -ClassName Win32_BIOS -CimSession $s1
“Get-CimInstance -ClassName Win32_BIOS -CimSession $s2

To see the CIM Sessions that already exist you can use:
“Get-CimSession” command

To remove a session we can use the following:
“Remove-CimSession $s1” as an example.

Powershell Sessions or CIM Sessions
By now you might be asking why not use PowerShell remoting sessions instead of CIM sessions, and the good news is that you can. There are a few pros and cons that you should be aware of, CIM sessions are limited and don’t provide the management flexibility that PowerShell sessions provide and CIM sessions cannot return objects other than that CIM objects, however CIM sessions take up fewer system resources.

If you are connecting to remote systems it is best to use CIM sessions. In the case of flaky connections it is best to use Powershell sessions and run CIM cmdlets over it because PowerShell sessions are more robust and you can connect/disconnect Powershell sessions whereas you cannot with CIM sessions.