{"id":2003,"date":"2015-05-28T00:00:00","date_gmt":"2015-05-28T00:00:00","guid":{"rendered":"https:\/\/test.simple-talk.com\/uncategorized\/powershell-day-to-day-admin-tasks-wmi-cim-and-pswa\/"},"modified":"2018-05-01T07:56:31","modified_gmt":"2018-05-01T07:56:31","slug":"powershell-day-to-day-admin-tasks-wmi-cim-and-pswa","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/powershell-day-to-day-admin-tasks-wmi-cim-and-pswa\/","title":{"rendered":"PowerShell Day-to-Day Admin Tasks: WMI, CIM and PSWA"},"content":{"rendered":"<h4>The series so far:<\/h4>\n<ol>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/automating-day-to-day-powershell-admin-tasks---jobs-and-workflow\/\">Automating Day-to-Day PowerShell Admin Tasks \u2013 Part 1: Jobs and Workflow<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/powershell-day-to-day-admin-tasks-wmi,-cim-and-pswa\/\">PowerShell Day-to-Day Admin Tasks \u2013 Part 2: WMI, CIM and PSWA<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/powershell-day-to-day-admin-tasks-monitoring-performance\/\">PowerShell Day-to-Day Admin Tasks \u2013 Part 3: Monitoring Performance<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/powershell-day-to-day-sysadmin-tasks-securing-scripts\/\">PowerShell Day-to-Day Admin Tasks \u2013 Part 4: Securing Scripts<\/a><\/li>\n<li>PowerShell Day-to-Day Admin Tasks \u2013 Part 5: Events and Monitoring<\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/powershell-day-to-day-admin-tasks-part-6-real-time-it-dashboard\/\">PowerShell Day-to-Day Admin Tasks - Part 6: Real Time IT Dashboard<\/a><\/li>\n<\/ol>\n\n<p>This article is the second part of our series dedicated to daily system administrative tasks. In the first part, we saw how to use Jobs and Workflows. You now know that it is possible to launch them as a background, to plan them and also to execute several commands simultaneously. Here we are going to learn to interact with our systems (servers and workstations)<\/p>\n<p>We shall see several access methods via PowerShell:<\/p>\n<ul>\n<li><strong>WMI<\/strong> &#8211; Windows Management Instrumentation. It is the Microsoft implementation of Web-Based Enterprise Management (WBEM) allowing access to data. WMI uses the Common Information Model (CIM) to describe objects such as systems, applications, network equipments,&#8230;<\/li>\n<li><strong>CIM<\/strong> &#8211; Common Information Model. It is a set of standards that describes how information is structured and represented at the heart of the system. It was created by the DMTF (Distributed Management Task Force), a working group to which Microsoft belongs.<\/li>\n<li><strong>PSWA<\/strong> &#8211; PowerShell Web Access. This new function allows secure access to a Windows PowerShell console from a browser so as to interact with any system, even if it is outside the domain.<\/li>\n<\/ul>\n<p>These technologies are too broad in scope to describe in full here, but you will find numerous sources of documentation on the internet to help you understand them. The objective of this guide is to give you a preview of what is possible to do, but most of all to explain how they will be useful in your daily routine, whatever the type of Windows system administration you are doing.<\/p>\n<h1>Windows Management Instrumentation<\/h1>\n<h3>The reading of information<\/h3>\n<p>Let&#8217;s start with the oldest of these technologies &#8211; WMI. This is best envisaged as a database of all the information contained by the device, such as the discs, the services, or the BIOS. SQL Server, for example, is a WMI device. You will be able to gather a group of data and therefore recover the properties of a multitude of objects. You must understand that the operating system knows everything about your device (remaining disc space, IP address, means of consumer service most used &#8230;). So the first command that you will use to question your device is <strong>Get-<\/strong><strong>WmiObject<\/strong> followed by WMI class.<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS &gt;  Get-WmiObject Win32_Processor | Format-List * <\/pre>\n<p>The WMI classes are organized in the <strong>Namespace<\/strong><strong>. <\/strong>Given that the auto-completion does not function with this command, I can recover the complete WMI classes available on my system in this manner:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-WmiObject -List | ? {$_.name -Match \"Win32\"}<\/pre>\n<div class=\"note\">\n<p class=\"note\">Note: For the version number three of PowerShell, I recommend the CIM cmdlets for ease of use. (See the following section)<\/p>\n<\/div>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure1.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure1-640x265.png\" alt=\"2195-figure1-640x265.png\" width=\"640\" height=\"265\" \/><\/a><\/p>\n<p class=\"caption\">Figure1 &#8211; List of WMI classes<\/p>\n<p>A lot of information is returned. On the left, we have the names of the classes, then the methods associated with each class of the namespace (by default: <strong>ROOT\\cimv2)<\/strong>.<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    gwmi -Namespace \"root\" -class \"__Namespace\" | Select Name <\/pre>\n<p>I can therefore change namespace to obtain information about the IIS role of my exchange server:<\/p>\n<p class=\"Listing\">PS &gt; Get-WmiObject -list -Namespace &#8220;root\/MicrosoftIISv2&#8221;<\/p>\n<div class=\"note\">\n<p class=\"note\">Note: You must have IIS Server installed to run the above query in the Namespace &#8220;root\/MicrosoftIISv2&#8221;. Depending on the device that you are questioning, certain specific roles may be installed or not.<\/p>\n<\/div>\n<p>By this means, I can now, for example, obtain the path of each IIS folder:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-WMIObject -class \"IIsSetting\" -namespace \"root\\microsoftiisv2\" | select Path, Name <\/pre>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure2.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure2-640x248.png\" alt=\"2195-figure2-640x248.png\" width=\"640\" height=\"248\" \/><\/a><\/p>\n<p class=\"caption\">Figure2 &#8211; List of exchange folders<\/p>\n<h3>Data alteration<\/h3>\n<p>That&#8217;s great because I can obtain lots of valuable information, but are they only in &#8220;read-only&#8221; mode? No way! It is definitely possible to alter some information. Let&#8217;s imagine the following example: you have just migrated your DNS servers that have a new IP address. What happens? You are obliged to modify the network configuration of all your servers. <br \/>\n To do this, I shall search for the method to use in the class <strong>Win32_NetworkAdapterConfiguration<\/strong>:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-WmiObject -Class \"Win32_NetworkAdapterConfiguration\" | Get-Member -MemberType method<\/pre>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure3.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure3-640x249.png\" alt=\"2195-figure3-640x249.png\" width=\"640\" height=\"249\" \/><\/a><\/p>\n<p class=\"caption\">Figure3 &#8211; List of methods (class Win32_NetworkAdapterConfiguration)<\/p>\n<p>We are going to make use of the <strong>SetDNSServerSearchOrder<\/strong> method. My variable <strong>$<\/strong><strong>wmi<\/strong> contains the network card activated on my server.<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt; $wmi = Get-WmiObject win32_networkadapterconfiguration -filter \"ipenabled = 'true'\" \r\nPS&gt; $wmi.SetDNSServerSearchOrder(\"172.26.10.10\")\r\n<\/pre>\n<p>This command may be executed on remote devices. We shall see this in the following section.<\/p>\n<h3>Scriptomatic<\/h3>\n<p>I can read and modify the WMI information as I wish, but I have to admit that it is still difficult to find it. Fortunately, there is a great tool created by Ed Wilson that is called <strong>Scriptomatic<\/strong> <strong>Powershell<\/strong><strong> Version. <\/strong>You can <a href=\"http:\/\/download.cnet.com\/Windows-PowerShell-Scriptomatic\/3000-2383_4-75452611.html\">download it here<\/a>.<\/p>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure4.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure4-640x451.png\" alt=\"2195-figure4-640x451.png\" width=\"640\" height=\"451\" \/><\/a><\/p>\n<p class=\"caption\">Figure4 &#8211; A glimpse of the Scriptomatic Powershell Version<\/p>\n<p>Once the tool is launched, all you need to do is to choose the namespace and then select a WMI class. Then, magic! The PowerShell command sets itself up automatically with all the necessary arguments in use. The &#8220;Run&#8221; button lets you execute the task directly. You will appreciate that this tool will simplify your daily admin work and save you a lot of search time.<\/p>\n<div class=\"note\">\n<p class=\"note\">Note: remember to activate the &#8216;<em>display class properties<\/em><em>&#8216;<\/em> option:<\/p>\n<\/div>\n<p class=\"illustration\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure5.png\" alt=\"2195-figure5.png\" width=\"285\" height=\"111\" \/><\/p>\n<p class=\"caption\">Figure5 &#8211; Display of the properties<\/p>\n<h1>Common Information Model<\/h1>\n<p>Since the third version of PowerShell, a new module has been introduced in Windows Server\u00a02012 and Windows\u00a08 that is called CIMCmdlets. It has been added so as to replace the legacy WMI cmdlets. If you regularly use WMI, then you will not be lost when moving to the new cmdlets as there are lots of similarities.<\/p>\n<p>The first command to use is <strong>Get-<\/strong><strong>CimInstance<\/strong>:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-CimInstance -Class Win32_Process <\/pre>\n<p>You will notice that it is possible to make requests on the WMI classes. To give a simple summary:<\/p>\n<ul>\n<li><strong>Get-<\/strong><strong>WmiObject<\/strong> is replaced by <strong>Get-<\/strong><strong>CimInstance<\/strong><\/li>\n<li><strong>Get-<\/strong><strong>WmiObject<\/strong><strong> -list<\/strong> is replaced by <strong>Get-<\/strong><strong>CimClass<\/strong><\/li>\n<\/ul>\n<p>Let&#8217;s see in detail the new functionality presented by CIM<\/p>\n<h2>The auto-completion<\/h2>\n<p>One of the major shortcomings of WMI is the difficulty of searching for information. With CIM, you may use the &#8220;TAB&#8221; button so as to finalise your command and to obtain the list of available namespace or classes. For example:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS &gt; Get-CimInstance -Namespace [press &lt;TAB&gt;]\r\n    \r\nPS &gt; Get-CimClass -ClassName *disk* [press &lt;TAB&gt;]\r\n<\/pre>\n<div class=\"note\">\n<p class=\"note\">Note: the &#8220;auto-completion&#8221; does not work with CIM session.<\/p>\n<\/div>\n<h2>WS-Management<\/h2>\n<p>WS-Management is a protocol of communication for the management of servers, equipment, and applications. CIM communicates, by default, through this protocol but it is possible to &#8220;force&#8221; another protocol in order to remotely access a device. We shall see this now.<\/p>\n<h1>Remote WMI \/ CIM<\/h1>\n<p>You probably do not wish to connect each device in order to execute your PowerShell commands. In which case, there is an interesting key word <strong>&#8211;<\/strong><strong>computername<\/strong>. The latter may be used with WMI and CIM so as to interrogate a remote device. Let&#8217;s imagine that I wish to recover the Hot Fix installed on a server:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-WmiObject -ClassName \"Win32_QuickFixEngineering\" -ComputerName ADM11 | sort Description <\/pre>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure6.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure6-640x302.png\" alt=\"2195-figure6-640x302.png\" width=\"640\" height=\"302\" \/><\/a><\/p>\n<p class=\"caption\">Figure6 &#8211; List of Hot Fix<\/p>\n<div class=\"note\">\n<p class=\"note\">Note: The DCOM protocol is used by WMI. DCOM, the Distributed Component Object Model, allows communication between components, in contrast to CIM which uses WS-Man.<\/p>\n<\/div>\n<p>If you execute the command using the key word <strong>&#8211;<\/strong><strong>computername<\/strong> then a temporary session is created, and subsequently destroyed after the results have been sent:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    New-CimInstance -ClassName CIM_Service -Namespace root\\cimv2 -ComputerName ADM11<\/pre>\n<p>If you perform several remote actions, you&#8217;d want to re-use the sessions so as to get the best performance on your device. You can do this by creating a permanent CIM session. The mechanism is similar to the PowerShell sessions:<\/p>\n<p class=\"Listing\">PS &gt; $session = New-CimSession -ComputerName ADM11<\/p>\n<p class=\"Listing\">PS &gt; $instance2 = Get-CimInstance -ClassName CIM_Service -Namespace root\\cimv2 -CimSession $session<\/p>\n<p>I can list the active sessions on the device:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-CimSession<\/pre>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure7.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure7-640x188.png\" alt=\"2195-figure7-640x188.png\" width=\"640\" height=\"188\" \/><\/a><\/p>\n<p class=\"caption\">Figure7 &#8211; List of CIM sessions<\/p>\n<p>It is important to understand which protocol to use, because this will affect the firewall rules. Here is a summary below:<\/p>\n<p>And below are a few examples:<\/p>\n<p>1\/ WMI with <strong>&#8211;<\/strong><strong>computername<\/strong>:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-WmiObject -Class Win32_logicalDisk -ComputerName ADM11 <\/pre>\n<p>2\/ CIM without <strong>&#8211;<\/strong><strong>computername<\/strong>:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-CimInstance -ClassName Win32_logicalDisk <\/pre>\n<p>3\/ CIM with <strong>&#8211;<\/strong><strong>computername<\/strong><strong>:<\/strong><\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS &gt;     Get-CimInstance -ClassName Win32_logicalDisk -ComputerName ADM11 <\/pre>\n<p>Let&#8217;s now imagine that I wish to interact with a device that has only the PowerShell version 2 installed, I have to force PowerShell to use the DCOM protocol:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt; $Option = New-CimSessionOption -Protocol DCOM\r\n        \r\nPS&gt; $Session = New-CimSession -ComputerName ADM11 -SessionOption $Option -Name CimSessionWithDCOM\r\n        \r\nPS&gt; Get-CimInstance -ClassName CIM_OperatingSystem -CimSession $Session | Select-Object LocalDateTime, CSName, OSArchitecture, Status \r\n<\/pre>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure8.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure8-640x243.png\" alt=\"2195-figure8-640x243.png\" width=\"640\" height=\"243\" \/><\/a><\/p>\n<p class=\"caption\">Figure8 &#8211; Utilisation of DCOM protocol<\/p>\n<p>We notice that our CIM session has been created with the DCOM protocol, in contrast with the previous session that used WSMAN by default.<\/p>\n<div class=\"note\">\n<p class=\"note\">Note: For better visibility, the parameter <strong>&#8211;<\/strong><strong>Name<\/strong> allows you to name your session.<\/p>\n<\/div>\n<h1>Maximising the system&#8217;s performance<\/h1>\n<p>We are now going to focus on the concept of the &#8216;filter&#8217; in PowerShell and WMI commands. This point seems to me to be important if you wish to optimize performance and really understand what happens in the background. Let&#8217;s take the following example:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Get-WmiObject -Class Win32_Service | where {$_.StartMode -eq \"Auto\"} <\/pre>\n<p>The previous command executes a filter on the type of service with the help of the condition WHERE then displays the result. At first glance, there is no difference with the following command and the argument <strong>-filter<\/strong>:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS &gt;  Get-WmiObject -Class Win32_Service -filter \"StartMode = 'Auto'\" <\/pre>\n<p>As a system administrator, the main concern will be the availability of the devices. Then, let&#8217;s analyze what happens with the performances during the execution of these commands:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;  measure-command {Get-WmiObject -Class Win32_Service | where {$_.StartMode -eq \"Auto\"}} \r\n    \r\nPS&gt; measure-command {Get-WmiObject -Class Win32_Service -filter \"StartMode = 'Auto'\"} \r\n<\/pre>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure9.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure9-640x342.png\" alt=\"2195-figure9-640x342.png\" width=\"640\" height=\"342\" \/><\/a><\/p>\n<p class=\"caption\">Figure9 &#8211; Performance analysis<\/p>\n<p>When the parameter <strong>-filter <\/strong>is used, there is less demand place on your WMI repository and it therefore sends back the results more quickly because <strong>-Filter<\/strong> uses the WMI Query Language (WQL), which is a subset of SQL.With the &#8220;where&#8221; condition, results are filtered when retrieving the objects. In our example, the execution goes from 121 to 80 milliseconds. So, when you question a remote device with <strong>&#8211;<\/strong><strong>filter<\/strong> parameter, your data passes through network in a shorter time-period. The network administrators will be happy to hear that.<\/p>\n<h1>PowerShell Web Access<\/h1>\n<p>PowerShell Web Access allows a PowerShell console to be reached on a remote server from any browser that supports JavaScript. To do this, one just needs to install an IIS application on a server that will be used as a gateway to access PowerShell on any system on which WinRM is activated.<\/p>\n<p>Requirements are:<\/p>\n<ul>\n<li>Active Directory (AD DS)<\/li>\n<li>Certificate Authority (AD CS) will give you a certificate for the hosting server <strong>PowerShell Web Access<\/strong>.<\/li>\n<\/ul>\n<p>To summarize, I have described in the following diagram an example of the implementation of a structure with <strong>PS<\/strong><strong>W<\/strong><strong>A<\/strong>. It is possible not to open your Web Access Gateway on the outside:<\/p>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure10.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure10-640x313.png\" alt=\"2195-figure10-640x313.png\" width=\"640\" height=\"313\" \/><\/a><\/p>\n<p class=\"caption\">Figure10 &#8211; Implementation diagram ofPSWA<\/p>\n<p>Installation<\/p>\n<p>Firstly, you need to install thePSWA feature on your gateway server:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Install-WindowsFeature -Name WindowsPowerShellWebAccess -IncludeAllManagementTools <\/pre>\n<p>Or in GUI mode:<\/p>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure11.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure11-640x453.png\" alt=\"2195-figure11-640x453.png\" width=\"640\" height=\"453\" \/><\/a><\/p>\n<p class=\"caption\">Figure11 &#8211; Addition of thePSWA feature<\/p>\n<p>Then you must install the web application in IIS:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS &gt;     Install-PswaWebApplication <\/pre>\n<div class=\"note\">\n<p class=\"note\">Note: I strongly advise against the option <strong>&#8211;<\/strong><strong>UseTestCertificate<\/strong>. This automatically places a test certificate on the site. I highly recommend the use of a certificate signed by the certificate authority. Then you will need to add it in the &#8220;binding&#8221; section for the HTTPS protocol of your IIS site.<\/p>\n<\/div>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure12.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure12-640x245.png\" alt=\"2195-figure12-640x245.png\" width=\"640\" height=\"245\" \/><\/a><\/p>\n<p class=\"caption\">Figure12 &#8211; Installation of the IIS application<\/p>\n<p>You may access the web interface at this address: <code><strong>https:\/\/adm01.demo.local\/pswa<\/strong><\/code><\/p>\n<p class=\"illustration\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure13.png\" alt=\"2195-figure13.png\" width=\"567\" height=\"517\" \/><\/p>\n<p class=\"caption\">Figure13 &#8211; Access to the web interface ofPSWA<\/p>\n<p>You may indicate the communication protocol of your choice (DCOM or WSMAN) in the &lt;&lt;\u00a0Optional connection settings\u00a0&gt;&gt;<\/p>\n<p>The last stage consists of establishing authorisation rules. One must thereby define just one rule per server and per user. My advice is to use Active Directory groups to reduce the number of rules.<\/p>\n<p>The following example gives access to the server ADM11.demo.local for the group &lt;&lt;\u00a0PSWAdmins\u00a0&gt;&gt;:<\/p>\n<pre class=\"lang:ps theme:powershell-output\">PS&gt;    Add-PswaAuthorizationRule -ComputerName ADM11.demo.local -UserGroupName \"demo.local\\PSWAdmins\" -ConfigurationName Microsoft.PowerShell \u00a0<\/pre>\n<p>The last parameter (<strong>&#8211;<\/strong><strong>ConfigurationName<\/strong>) indicates the Endpoint PowerShell on the targeted system. By default, the Endpoint is &#8220;Microsoft.PowerShell&#8221;, but it is possible to create other specific Endpoint to limit modules or commands accessible by one user.<\/p>\n<p>Below is the PowerShell console that you will get. By sending a WMI command, I notice that I am connected to the PowerShell console of the server ADM11 from my gateway server ADM01.<\/p>\n<p class=\"illustration\"><a href=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure14.png\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/imported\/2195-figure14-640x393.png\" alt=\"2195-figure14-640x393.png\" width=\"640\" height=\"393\" \/><\/a><\/p>\n<p class=\"caption\">Figure14 &#8211; Glimpse of the PowerShell console in the web browser<\/p>\n<p>You may use this console from your smartphone or any other device that has a compatible browser. I shall let you imagine all the possibilities of this function for automating routine admin work in your daily life.<\/p>\n<h1>Conclusion<\/h1>\n<p>We are coming to the end of this article which I hope will help you to automate some of the routine in your daily admin tasks. I&#8217;ve only been able to give an overview of some complex technologies and so there are numerous things to explore. To make sure you get a good start, I advise you to duplicate the examples of the article and adapt them to your daily routine. Then you will be able to improve and create them with some of the more complex functionality that you&#8217;ll find in the references I&#8217;ve given.<\/p>\n<p>In my experience, it is much quicker to use <strong>Get-<\/strong><strong>CimInstance<\/strong> rather than <strong>Get-<\/strong><strong>WmiObject<\/strong> to display results. To know when to use WMI or CIM, my simple rule is:<\/p>\n<ul>\n<li>If the version of Powershell is v1 or v2 then use WMI.<\/li>\n<li>If the version of Powershell is v3 or above then use CIM.<\/li>\n<\/ul>\n<p>Lastly, you will quickly see certain classes are used more frequently than others, notably:<\/p>\n<ul>\n<li>Win32_BIOS<\/li>\n<li>Win32_ComputerSystem<\/li>\n<li>Win32_OperatingSystem<\/li>\n<li>Win32_Service<\/li>\n<\/ul>\n<p>To go further and to link with what I demonstrated in the first part of this series, you may automate your WMI\/CIM requests inside jobs and workflows. Do not hesitate to use Powershell resources to simplify your working life to the maximum.<\/p>\n<p><strong>References<\/strong><\/p>\n<ul>\n<li>Powershell 3 Advanced Administration Handbook &#8211; Sherif Talaat &amp; Haijun Fu<\/li>\n<li>WMI Query Language via PowerShell &#8211;\u00a0 Ravikanth Chaganti<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>WMI (Windows Management Instrumentation) is the basic way of querying and changing basic information about any windows server, including SQL Server or Exchange Server. It provides a logical structure and representation of systems and services that are hosted  on the server and is essential for anyone who is keen to automate routine monitoring and administration work via PowerShell, especially where many servers are involved in the task.&hellip;<\/p>\n","protected":false},"author":158223,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[35],"tags":[4242,4869,4364,4635,4150,4151,4871],"coauthors":[6804],"class_list":["post-2003","post","type-post","status-publish","format-standard","hentry","category-powershell","tag-basics","tag-exchange","tag-monitoring","tag-powershell","tag-sql","tag-sql-server","tag-sysadmin"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/2003","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/158223"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=2003"}],"version-history":[{"count":13,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/2003\/revisions"}],"predecessor-version":[{"id":78638,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/2003\/revisions\/78638"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=2003"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=2003"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=2003"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=2003"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}