Powershell與WMI Provider的簡介和使用(新增和設定rigistry key)

目的：了解如何使用Powershell使用WMI Provider

目標：1、經由Powershell Console呼叫WMI Provider來修改rigistry key和設定其default value。

      2、經由Powershell Script呼叫WMI Provider來修改rigistry key和設定其default value。

WMI Provider簡介

WMI是Windows system的資訊database，經由 WMI Service連結到database來query database的資訊。

經由以下的步驟可以經由開啟WMI Control Properties來看到 WMI的詳細資訊(Name space)

1、經由Administrative Tools打開 "Computer Management"

2、展開 "Services and Applications."

3、Right-click "WMI Control" 和選擇Properties.

WMI Namespace 底下包含許多classes， class則由properties和methods所組成。我們可以經由PowerShell 來使用WMI 的class做一些系統環境的設定。

以下顯示如何使用Get-WmiObject cmdlet來list出 Namespace的classes

Example：使用Get-WmiObject cmdlet來list出root\ cimv2的classes

Get-WmiObject -List -Namespace "root\ cimv2 "

EExample：List出WMI Class的Properties和Methods

using the "Get-Member" cmdlet來list出Win32_Processor class的Properties和Methods

Get-WmiObject -Class "Win32_Processor" -Namespace "root\CIMV2" | Get-Member

Note：

或使用以下的方式

Note：

Win32 classes，例如 Win32_NetworkAdapter 或Win32_Process是在monitor和manage 系統的hardware和features。 一般而言，這些classes是屬於root\cimv2 WMI namespace。

而Win32_Processor WMI class 顯示一個device能夠interpret一系列在電腦執行的windows OS指令，在multiprocessor computer，, 每一個processor都存在一個Win32_Processor 的instance。

以下的syntax包含Win32_ Processor WMI class的所有inherited properties和MEMBER。

Syntax    

[Provider("CIMWin32")]class Win32_Processor : CIM_Processor

{

  uint16   AddressWidth;

  uint16   Architecture;

  uint16   Availability;

  string   Caption;

  uint32   ConfigManagerErrorCode;

  boolean  ConfigManagerUserConfig;

  uint16   CpuStatus;

  string   CreationClassName;

  uint32   CurrentClockSpeed;

  …

    …

  …

  string   SystemCreationClassName;

  string   SystemName;

  string   UniqueId;

  uint16   UpgradeMethod;

  string   Version;

  uint32   VoltageCaps;

};

Members

The Win32_Processor class has these types of members:

• Methods
• Properties

Methods

The Win32_Processor class has these methods.

Method	Description
Reset	Not implemented. For more information about how to implement this method, see the Reset method in CIM_Processor.
SetPowerState	Not implemented. For more information about how to implement this method, see the SetPowerState method in CIM_Processor.

Rigistry key的WMI Provider為何

System Registry Provider

The System Registry provider enables management applications to retrieve and modify data in the system registry, and receive notifications when changes occur. The registry can be located on a local or remote computer. The _Win32Provider instance name is RegProv; the property provider name is RegPropProv; and the event provider name is RegistryEventProvider. For more information, see Modifying the System Registry.

The provider has the following __Win32Provider instances:

l   "RegProv"

l   "RegistryEventProvider"

l   "RegPropProv"

The System Registry provider supports the following classes located in the \root\defaultnamespace:

Event class	Description
RegistryEvent	Abstract class from which the other registry event classes are derived.
RegistryKeyChangeEvent	Represents changes to a specific registry key.
RegistryTreeChangeEvent	Represents changes to a specific key or its subkeys.
RegistryValueChangeEvent	Represents changes to a single value of a specific key.
StdRegProv	Contains methods that manipulate system registry keys and values.

StdRegProv class

The StdRegProv class contains methods that manipulate system registry keys and values. StdRegProv is preinstalled in the WMI namespaces root\default and root\cimv2.

Syntax

[Provider("RegProv"), Dynamic]class StdRegProv

  {

};

Members

The StdRegProv class has these types of members:

• Methods

Methods

The StdRegProv class has these methods.

Method	Description
CheckAccess	Verifies that the user has the specified access permissions.
CreateKey	Creates a subkey.
DeleteKey	Deletes a subkey.
DeleteValue	Deletes a named value.
EnumKey	Enumerates subkeys.
EnumValues	Enumerates the named values of a key.
GetBinaryValue	Gets the binary data value of a named value.
GetDWORDValue	Gets the DWORD data value of a named value.
GetExpandedStringValue	Gets the expanded string data value of a named value.
GetMultiStringValue	Gets the multiple string data values of a named value.
GetQWORDValue	Gets the QWORD data values of a named value. Windows Server 2003 and Windows XP:  This method is not available.
GetSecurityDescriptor	Gets the security descriptor for a key. Windows Server 2003 and Windows XP:  This method is not available.
GetStringValue	Gets the string data value of a named value.
SetBinaryValue	Sets the binary data value of a named value.
SetDWORDValue	Sets the DWORD data value of a named value.
SetExpandedStringValue	Sets the expanded string data value of a named value.
SetMultiStringValue	Sets the multiple string values of a named value.
SetQWORDValue	Sets the QWORD data values of a named value. Windows Server 2003 and Windows XP:  This method is not available.
SetSecurityDescriptor	Sets the security descriptor for a key. Windows Server 2003 and Windows XP:  This method is not available.
SetStringValue	Sets the string value of a named value.

Remarks

StdRegProv supplies only methods

Example：使用Get-WmiObject cmdlet來list出root\default的classes

Get-WmiObject -List -Namespace "root\default"

Note：

StdRegProv 必須下以下的command(額外加-list)，才能使用GET-MEMBER

Along with creating instance of a WMI class, the Get-WMIObject cmdlet can also used for listing the WMI classes using the -list parameter. Once we have that list, we can filter any of the specific classes we want through this list.

Powershell如何使用WMI Provider

使用以下的sample來示範，主要為呼叫WMI Provider的StdRegProv class來新增registry key和設定default的value。

l   Method1、使用Powershell console

1、設定變數

Note：

變數也可以使用以下的方式宣告

看變數的宣告值為何

讀取單一的變數值

2、connect到WMI的StdRegProv class

使用$objService = [WMIClass] "root\default: StdRegProv"

或則

$objService = Get-WmiObject -class StdRegProv -Namespace "root\default″ -list

或則

$objService = Get-WmiObject –Namespace "root\default" –List | where-object { $_.Name –eq "StdRegProv" }

或則

$objService =new-object System.Management.ManagementClass "Root\default:StdRegProv"

Note：

連結到StdRegProv class，可以使用get-member來查看method

3、新增一個registry sub Key

Note：

return value為0，才算成功。

如果不適使用administraor權限來執行，會得到以下的return value。

4、新增一個registry value Key和設定default value

Note：

如果下以下的語法，則會新增一個registry key (MyValueName)

5、結果如下：

l   Method2、使用power shell script

###$regKey = @{ "HKEY_CLASSES_ROOT" = 2147483648; "HKEY_CURRENT_USER" = 2147483649;

###"HKEY_LOCAL_MACHINE" = 2147483650; "HKEY_USERS" = 2147483651; "HKEY_CURRENT_CONFIG" = ###2147483653 }

###$strComputer = "."

HKEY_LOCAL_MACHINE" = 2147483650

$strSubkeyname = "SOFTWARE\MyKey"

$strValue=" MyValue"

###$objService = Get-WmiObject –Namespace "root\default" –List | where-object { $_.Name –eq ###"StdRegProv" }

###$objService = [WMIClass] "root\default: StdRegProv"

###$objService = Get-WmiObject –class StdRegProv -Namespace "root\CIMV2″ -ComputerName $strComputer

$objService = [WMIClass] "root\default: StdRegProv"

$objService.CreateKey($HKEY_LOCAL_MACHINE, $strSubkeyname)

$objService.SetStringValue($HKEY_LOCAL_MACHINE, $strSubkeyname, "", $strValue)

1、使用notepad或其他編輯工具編輯script，將其存成.ps1檔案。

2、使用powershell console執行script檔。