WMI script master incomplete manual

xiaoxiao2021-03-18  216

To become a WMI script master, you have to know what is WMI, you will introduce something about WMI. Windows Management Code (Windows Management Instrument is a core Windows management technology; users can manage local and remote computers using WMI. WMI provides a continuous approach to day-to-day management through programming and scripting languages. Users can: 1. Start a process on the remote computing machine. 2. Set a process running at a specific date and time. 3. Remotely start the computer. 4. Get the list of installed programs for local or remote computers. 5. Query the Windows event log of local or remote computers. WMI applicable environments is also aimed, WMI applies to all latest versions of Windows. WMI is included in Windows ME, Windows 2000, Windows XP, and Windows Server 2003. For Windows 98 and Windows NT 4.0, you can access http://www.microsoft.com/downloads and search "Windows Management Instrumentation (WINDOWS 95/98 / NT 4.0)". Note: You need to install Service Pack 4 or later before you install and run WMI on Windows NT 4.0. Other software required by WMI includes: 1. Microsoft Internet Explorer 5.0 or later. 2. Windows Script Host (WSH). Windows 2000, Windows XP, Windows Server 2003, and WSH included with Windows ME, not WSH included with Windows NT4 or Windows 98. You can download the latest version of WSH http://www.microsoft.com/downloads. WSH from the following address - included in Windows XP and Windows Server 2003 - is WSH 5.6. To make the WMI script can run normally, the WMI service (WINMGMT) in Windows is running so that more features in WMI can be implemented. Ok, some basic information about WMI will say this. If you want to see more MSDNs that can go to Microsoft website. Let's talk about the basic elements written by the WMI script. Take a look at the code below: // This script is the boot configuration parameter that views the system startup. Let's take a look at the architecture written in WMI scripts. ON Error Resume Next // This line is more important, it defines the variable of the host, which can be the unit or remote host, the machine on the domain, the parameters "." Is to indicate that this machine, want to implement other The machine can fill in the host name or IP of other machines.

Strcomputer = "." The line below is the WMI object management space "/ root / CIMv2" of the host through GetObject. If it is authenticated by NT (Authentication), it can be used without the username and password, Non-chairs or non-domains will add more parameters, set objwmiservice = getObject ("WinMgmts: //") // Execute the Query of the WMI data object / / use the following statement remote Set objLocator = CreateObject ( "WbemScripting.SWbemLocator") Set objService = objLocator.ConnectServer (strComputer, "root / cimv2", "administrator", "a") Set colItems = objWMIService.ExecQuery ( "Select * from win32_bootconfiguration ", 48) // Use an array to list the related for Each Objitem in colitemswscript.echo" BootDirectory: "& objitem.bootdirectoryNext From the above example you can see that a WMI requires: 1. Get the host's WMI object management space 2. Execute the query 3 of the WMI data object. It's not difficult to use the array of architectures to list related learning, just take a few times, but learning WMI's first problem is its subset object, because we don't know what it's a subset object, this Writing the program will not be heart. It is not difficult to know that the objects like this will be, as long as you find a lot in Microsoft's MSDN, but if you find it, you may have to find a long time or not enough, is it a bit difficult? In fact, Microsoft's website has a tool called "scriptomatic", only more than 100 K, you find that you really use the "scriptomatic.hta" file for that talent 12k, you will find it is a subset of you after you click Open. Data lists, and there are examples.

The above is the subset parameters in "Win32_BIOS", is it easy to implement the WMI script? Friends, I have remembered that there is such a vulnerability in most months: it is a guest user permission to use WMI script to implement an example of an account, in fact, a problem with security of WMI namespace. Let's turn on the MMC on your computer to see how to set up WMI security privileges. Play "MMC" on the run menu, then select "Add / Delete Management Unit" on the File menu, and then press "Add" on the "Independence" tab (default) to "Add" to "Add Independent Management Unit "List. Then press "Add" all the way, "OK" is OK. Return to the main interface of the MMC, then right-click the "WMI" unit to select "Properties". Click the Security tab in the WMI Control Properties dialog. A folder called root, the front band plus ( ) will appear. If necessary, expand this tree structure and locate the namespace you want to set the permissions. Click the Security Setting button. A group of users and permissions are displayed. If the user is in this list, please modify the permissions as needed. If the user is no longer in this list, click Add button and add users from the location of the account (local computer, domain, etc.). Tip: To view and set up NAMESPACE security, users must have read security settings and editing security settings permissions. System administrators have these permissions by default, and can give privileges to other users in need, if a user needs remote access to namespaces, must select remote enable permissions for it. By default, user privileges set for a namespace is only valid for the namespace. If you want the user to access the namespace and all submodetes, or only the subnamespace can only be accessed, click the Advanced button. Click Edit and specify the range of allowed access in the dialog that appears. This will prevent such things, but through the security settings of such WMI namespaces, you can also become a place where the back door is configured, so it cannot be seen in the construction of a safe system. Today's WMI technology is introduced here, the article is written, it is inevitable that there is a problem, please give pointers to the younger brother. Author: Zhongshan eight

转载请注明原文地址:https://www.9cbs.com/read-130013.html

New Post(0)