1 00:00:00,440 --> 00:00:02,480 [Autogenerated] So what is W. M. I. You 2 00:00:02,480 --> 00:00:05,000 may have seen these three letters. They 3 00:00:05,000 --> 00:00:06,220 normally when you do a search in 4 00:00:06,220 --> 00:00:08,120 PowerShell, it may come up. So what does 5 00:00:08,120 --> 00:00:10,990 it actually mean? What w. M. I stands for? 6 00:00:10,990 --> 00:00:13,650 Windows management instrumentation. It is 7 00:00:13,650 --> 00:00:16,170 Microsoft's implementation off the Web 8 00:00:16,170 --> 00:00:19,430 based Enterprise Management Protocol or W 9 00:00:19,430 --> 00:00:22,980 B M, allowing access to data from specific 10 00:00:22,980 --> 00:00:26,670 machines that you might be accessing. So 11 00:00:26,670 --> 00:00:29,520 what could w I be used for? Well, it could 12 00:00:29,520 --> 00:00:31,850 be used to set security settings on a 13 00:00:31,850 --> 00:00:33,980 specific device a Windows machine, for 14 00:00:33,980 --> 00:00:36,470 example. You can also do the opposite and 15 00:00:36,470 --> 00:00:38,870 collect that security information or other 16 00:00:38,870 --> 00:00:42,190 details about those devices. We could also 17 00:00:42,190 --> 00:00:44,940 set and change user permissions if needed, 18 00:00:44,940 --> 00:00:47,380 as well as configure system properties, 19 00:00:47,380 --> 00:00:49,540 which are normally things stored in the 20 00:00:49,540 --> 00:00:52,670 registry or key value pairs of data that 21 00:00:52,670 --> 00:00:56,790 you wish to store. We can also use it for 22 00:00:56,790 --> 00:00:59,670 scheduling. Process is to actually run on 23 00:00:59,670 --> 00:01:02,010 either local machines or even remote 24 00:01:02,010 --> 00:01:04,790 machines if needed. We can also manage 25 00:01:04,790 --> 00:01:07,610 code execution, so configure when things 26 00:01:07,610 --> 00:01:09,830 would run and when they wouldn't run. 27 00:01:09,830 --> 00:01:12,230 We can also manage error logging. So 28 00:01:12,230 --> 00:01:14,420 we can make adjustments to that, utilizing 29 00:01:14,420 --> 00:01:16,330 the W. M. I And then, of course, we can 30 00:01:16,330 --> 00:01:19,100 manage drives on the machines themselves. 31 00:01:19,100 --> 00:01:21,190 So how much storage space, what type of 32 00:01:21,190 --> 00:01:23,990 disc They are etcetera. Now it's important 33 00:01:23,990 --> 00:01:26,020 to understand what the W. M. I 34 00:01:26,020 --> 00:01:29,200 architectures is actually made up off. So 35 00:01:29,200 --> 00:01:30,910 when we look at this, it's kind of broken 36 00:01:30,910 --> 00:01:34,020 down into a series of components. Are 37 00:01:34,020 --> 00:01:36,650 first one is obviously the W M I kind of 38 00:01:36,650 --> 00:01:39,580 API or the Windows Management API, which 39 00:01:39,580 --> 00:01:42,190 is where we would make the connection from 40 00:01:42,190 --> 00:01:44,680 within the PowerShell cmdlet that will 41 00:01:44,680 --> 00:01:47,670 then talk to a .NET or the .NET Framework 42 00:01:47,670 --> 00:01:50,540 rapper, which then communicates to the 43 00:01:50,540 --> 00:01:52,980 devices. So let's take a Windows 10 device 44 00:01:52,980 --> 00:01:56,010 here, where we would utilize either D com 45 00:01:56,010 --> 00:01:58,280 or win RM. And then you'll see we've got 46 00:01:58,280 --> 00:02:00,270 another acronym here called SIM, which 47 00:02:00,270 --> 00:02:01,950 we'll talk about a little bit later. But 48 00:02:01,950 --> 00:02:04,470 basically decomp will allow me to create a 49 00:02:04,470 --> 00:02:07,770 specific type of connection that goes to 50 00:02:07,770 --> 00:02:10,400 the device. And on the d calm side, we can 51 00:02:10,400 --> 00:02:12,360 actually use W. M I, which we're talking 52 00:02:12,360 --> 00:02:14,380 about, as well as Sim, which we'll talk 53 00:02:14,380 --> 00:02:16,280 about in the future. And then, of course, 54 00:02:16,280 --> 00:02:18,720 when RM is the SIM version of that 55 00:02:18,720 --> 00:02:21,170 connection underneath all of This is 56 00:02:21,170 --> 00:02:23,710 what's called the SIM Object manager and 57 00:02:23,710 --> 00:02:25,640 then the same database. I want you to 58 00:02:25,640 --> 00:02:28,890 imagine that as every component and every 59 00:02:28,890 --> 00:02:31,720 setting and every piece of hardware 60 00:02:31,720 --> 00:02:35,040 attached or part of that Windows 10 device 61 00:02:35,040 --> 00:02:37,800 is stored in a large database, and we're 62 00:02:37,800 --> 00:02:40,240 going to utilize PowerShell to be able to 63 00:02:40,240 --> 00:02:44,410 retrieve that information outwards. So 64 00:02:44,410 --> 00:02:46,900 what are the W? My components were the 65 00:02:46,900 --> 00:02:49,500 first one is the W. My service, which is 66 00:02:49,500 --> 00:02:52,020 an implementation of the Windows W my 67 00:02:52,020 --> 00:02:55,060 system. So this is the process that runs, 68 00:02:55,060 --> 00:02:57,350 and it has the display name of Windows 69 00:02:57,350 --> 00:03:00,500 management instrumentation. It acts as the 70 00:03:00,500 --> 00:03:03,540 intermediary between the W, my providers, 71 00:03:03,540 --> 00:03:06,550 the repository and any applications it 72 00:03:06,550 --> 00:03:10,680 will automatically run at startup next 73 00:03:10,680 --> 00:03:13,210 other managed objects. These are any 74 00:03:13,210 --> 00:03:15,990 logical or physical component or service 75 00:03:15,990 --> 00:03:18,680 that can be managed via W. M. I. This 76 00:03:18,680 --> 00:03:20,840 includes a vast array of components 77 00:03:20,840 --> 00:03:22,900 because essentially any parameter or 78 00:03:22,900 --> 00:03:25,460 object that can be accessed by other 79 00:03:25,460 --> 00:03:27,050 Windows tools, for example, like 80 00:03:27,050 --> 00:03:29,620 performance monitor can also be accessed 81 00:03:29,620 --> 00:03:33,410 via dubbed me. There's also W I providers, 82 00:03:33,410 --> 00:03:36,150 which are objects that monitor events and 83 00:03:36,150 --> 00:03:39,130 data from specific objects in the OS. 84 00:03:39,130 --> 00:03:40,340 There are many different types of 85 00:03:40,340 --> 00:03:42,730 providers. Some are general, some are 86 00:03:42,730 --> 00:03:45,440 device specific, and Windows comes with 87 00:03:45,440 --> 00:03:49,520 numerous built in W. My providers. Next 88 00:03:49,520 --> 00:03:52,070 are the classes. These are used by the W 89 00:03:52,070 --> 00:03:54,910 my provider to pass data to the W my 90 00:03:54,910 --> 00:03:57,220 services. They contain events and 91 00:03:57,220 --> 00:03:59,630 properties that allow for the actual 92 00:03:59,630 --> 00:04:02,960 capture and setting of data. W My classes 93 00:04:02,960 --> 00:04:05,290 are pre defined, and they will start with 94 00:04:05,290 --> 00:04:06,950 a double underscore at the beginning of 95 00:04:06,950 --> 00:04:09,620 the name and then Leslie. We have our 96 00:04:09,620 --> 00:04:12,490 methods. These are attached to particular 97 00:04:12,490 --> 00:04:15,170 classes and allow actions to be performed 98 00:04:15,170 --> 00:04:17,560 based on data included in them. For 99 00:04:17,560 --> 00:04:19,890 instance, methods could be used to start 100 00:04:19,890 --> 00:04:23,180 and stop processes on a remote machine. 101 00:04:23,180 --> 00:04:25,240 Methods could be accessed via scripting 102 00:04:25,240 --> 00:04:27,810 application or or via the network 103 00:04:27,810 --> 00:04:31,690 management application. Next is our W my 104 00:04:31,690 --> 00:04:33,740 repository, which is a database that 105 00:04:33,740 --> 00:04:36,590 stores all of the static data that relate 106 00:04:36,590 --> 00:04:39,300 to the W M E components. Then, of course, 107 00:04:39,300 --> 00:04:41,660 we have the same object manager, which is 108 00:04:41,660 --> 00:04:43,990 a system that sits between the management 109 00:04:43,990 --> 00:04:46,620 application and the providers. Then we 110 00:04:46,620 --> 00:04:48,910 have the API, which provides a way for the 111 00:04:48,910 --> 00:04:51,340 applications to access the infrastructure 112 00:04:51,340 --> 00:04:52,860 that's connected. And then, of course, we 113 00:04:52,860 --> 00:04:55,650 have a consumer, which is the entity that 114 00:04:55,650 --> 00:04:58,210 sends the queries to the objects via the 115 00:04:58,210 --> 00:05:00,240 object manager. So I suppose if you're 116 00:05:00,240 --> 00:05:02,720 looking at the consumer, it could be, for 117 00:05:02,720 --> 00:05:04,180 example, the PowerShell would be the 118 00:05:04,180 --> 00:05:06,520 consumer off that where we execute the 119 00:05:06,520 --> 00:05:10,120 command and it retrieves the information. 120 00:05:10,120 --> 00:05:12,280 Now from a W. My perspective. What's the 121 00:05:12,280 --> 00:05:14,800 kind of structure here? So, first off, we 122 00:05:14,800 --> 00:05:17,700 have name spaces, and the name spaces are 123 00:05:17,700 --> 00:05:20,000 in the file system structure that 124 00:05:20,000 --> 00:05:23,860 organizes the objects into functions. Then 125 00:05:23,860 --> 00:05:26,230 we have class instances, which are the 126 00:05:26,230 --> 00:05:28,650 objects that is stored within the name 127 00:05:28,650 --> 00:05:31,290 spaces themselves. And then we have things 128 00:05:31,290 --> 00:05:33,480 such as operating system and applications. 129 00:05:33,480 --> 00:05:36,800 Specific data is then exposed via those 130 00:05:36,800 --> 00:05:38,980 class instances, so you could almost 131 00:05:38,980 --> 00:05:40,800 imagine it is like a folder structure 132 00:05:40,800 --> 00:05:43,700 Unnamed spaces, a folder class instances 133 00:05:43,700 --> 00:05:46,350 are sub folders, and then operating system 134 00:05:46,350 --> 00:05:49,000 and application data is kind of files in 135 00:05:49,000 --> 00:05:51,510 there. You have access to each of those 136 00:05:51,510 --> 00:05:53,920 components, and you can instantiate a name 137 00:05:53,920 --> 00:05:56,180 space to be able to see the class 138 00:05:56,180 --> 00:06:01,000 instances and then go into the class instances to get the data on the methods