Earlier today Coretech released a brand new tool that we call Coretech WMI and PowerShell Explorer. For information about downloading and installing the tool checkout this blog post from Kaido Järvemets. 

The tool has two main features, a WMI and a PowerShell explorer. This blog post will explain how you can use the WMI feature.

Working with Coretech WMI and PowerShell Explorer

Connect to the local computer Root\Cimv2 Namespace

  1. Launch the Coretech WMI and PowerShell Explorer as Administrator. From the upper left corner, expand the Menu and click Connect.

    image

  2. In the Connect dialog box, type the Namespace or use the Browse button to browse for existing namespaces on the local computer. In the example you will connect to the Root\CimV2 namespace.

    image

    image

  3. From the list select Root\cimv2 and double click to add the namespace. 

    image

  4. Click Connect.
  5. With a successful connection you are now able to browse all the Root\cimv2 classes.

    image

Connect to a remote computer

  1. Launch the Coretech WMI and PowerShell Explorer as Administrator. From the upper left corner, expand the Menu and click Connect.
  2. In the Connect dialog box, delete the existing computer name.
  3. Fill in the User name and Password
  4. Type the Namespace or use the Browse button to browse for existing namespaces on the local computer. In the example you will connect to the Root\CimV2 namespace.

    image

  5. Click Connect to connect to the name space. 

Notice: When connecting to a remote computer, some classes requires that you change the Authentication to PacketPrivacy. The 6 different Authentication levels:

  1. None – No authentication in performed
  2. Connect – Authentication is performed only when the client establishes a relationship with the application
  3. Call – Authentication is performed only at the beginning of each call when the application receives the request
  4. Packet – Authentication is required for all data received from the client.
  5. PacketIntegrity All data transferred between the client and the application is authenticated and verified.
  6. PacketPrivacy – The properties of the other authentication levels are used, and all data is encrypted.

How to query information from specific WMI class

Once connected to a namespace, you can use Query tab to query the WMI class instances. In the example below a query will list all installed MSU updates listed in the Win32_QuickFixEngineering class.

  1. Connect to the Root\cimv2 namespace.
  2. In Filter type Win32_QuickFix or select the class from the list of classes.

    image

  3. Select the class Win32_QuickFixEngineering class and select Query tab.
  4. Notice that the a query that will list all instances from the class is pre-created and ready to be executed (Select * from Win32_QuickFixEngineering).

    image

  5. Click Execute to run the query and list the class instances.

    image

  6. By default * will return all columns, you can customize the query to return specific columns by typing Select HotfixId, InstalledOn from Win32_QuickFixEngineering

    image

How to export out Query results

All results from a query can be exported to a CSV file.

  1. Execute a WMI query.
  2. Right click any instance in the query result and select Export Query result.

    image

  3. The Export feature automatically creates a CSV file on the desktop.

    image

How to export namespace methods

The Coretech WMI and PowerShell utility can also be used to export all methods from a namespace. In the example below all methods from the root\cimv2 namespace will be exported

  1. Connect to root\cimv2.
  2. Select the NameSpace Methods tab.

    image

  3. Click Get Methods to get a list of all the methods in the root\cimv2 namespace.

    image