Wednesday, October 27, 2010

A WMI Search-Filter Thingy Script Thingy

I worked on this for a couple of hours. It could use a lot more work and embellishment (such as specifying the namespaces in the data file, etc.), but here goes. It reads a text file to scan the local computer for matching WMI class properties (currently only within the CIMv2 namespace). I hope it helps someone. Enjoy!
'****************************************************************
' Filename..: wmi_rule.vbs
' Author....: Scriptzilla / skatterbrainz.blogspot.com
' Date......: 10/27/2010
' Purpose...: evaluate wmi class property value matches using data file
'****************************************************************

scriptPath = Replace(wscript.ScriptFullName, "\" & wscript.ScriptName, "")

ruleFile = scriptPath & "\wmi_rules.txt"
Const ForReading = 1
Const ForWriting = 2
Set objFSO = CreateObject("Scripting.FileSystemObject")
On Error Resume Next
Set objFile = objFSO.OpenTextFile(ruleFile, ForReading)
If err.Number = 0 Then
Do Until objFile.AtEndOfStream
strLine = Trim(objFile.Readline)
If strLine <> "" And Left(strLine,1) <> "'" And Left(strLine,1) <> ";" Then
arrRule = Split(strLine, ",")
For each item in arrRule
arrPair = Split(item, "=")
Select Case arrPair(0)
Case "Class": wmi_class = arrPair(1)
Case "Property": wmi_prop = arrPair(1)
Case "Value": wmi_val = arrPair(1)
Case "MatchType": wmi_match = arrPair(1)
End Select
Next

If WMIRule(wmi_class, wmi_prop, wmi_val, wmi_match) = True Then
wscript.echo "class....... " & wmi_class
wscript.echo "property.... " & wmi_prop
wscript.echo "value....... " & wmi_val
wscript.echo "matchtype... " & wmi_match
wscript.echo "result ----> TRUE"
wscript.echo
Else
wscript.echo "class....... " & wmi_class
wscript.echo "property.... " & wmi_prop
wscript.echo "value....... " & wmi_val
wscript.echo "matchtype... " & wmi_match
wscript.echo "result ----> FALSE"
wscript.echo
End If
End If
Loop
objFile.Close
Else
wscript.echo "fail: unable to open rule file for input"
End If
Set objFSO = Nothing

'----------------------------------------------------------------

Function WMIRule(w_class, w_prop, w_val, w_match)
Dim objClass, objProp, strName, strValue, retval
Dim objWMIService, wmiQuery, colItems, objItem

strComputer = "."
Set objWMIService = objWMI(strComputer, "classes")

wmiQuery = "select * from " & w_class

Set colItems = objWMI(strComputer, wmiQuery)

For each objItem in colItems
For Each objProp In objItem.Properties_
strName = objProp.Name
If Ucase(strName) = Ucase(w_prop) Then
'wscript.echo vbTab & "property --> " & w_prop
If IsArray(objProp.Value) Then
strValue = Join(objProp.Value, ";")
Else
strValue = Trim(objProp.Value)
End If
End If
Next

If strValue <> "" And Not IsNull(strValue) Then
If w_match = "EQUAL" Then
If strValue = w_val Then
retval = True
End If
Else
If InStr(strValue, w_val) > 0 Then
retval = True
End If
End If
End If
Next
WMIRule = retval
End Function


Function objWMI(strComputer, strWQL)
'On Error Resume Next
Dim wmiNS, objWMIService, objSWbemLocator, objSWbemServices
Dim strUID, strPwd

wmiNS = "\root\cimv2"
strUID = ""
strPwd = ""

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")

On Error Resume Next

Set objSWbemServices = objSWbemLocator.ConnectServer(strComputer, wmiNS, strUID, strPwd)

Select Case Err.Number
Case -2147024891:
wscript.echo "error: access denied!"
Exit Function
End Select

On Error GoTo 0

Select Case UCase(strWQL)
Case "CLASSES":
Set objWMI = objSWbemServices
Case Else:
Set objWMI = objSWbemServices.ExecQuery(strWQL)
End Select

Set objSWbemServices = Nothing
Set objSWbemLocator = Nothing
End Function

And here is the data "rules" file that spells out the class properties to search...

'------------------------------------------------------------------------------
' wmi_rules.txt
'------------------------------------------------------------------------------
' each row denotes a rule to be tested within root\cimv2 namespace (for now)
' each row contains the WMI: class, property, value, and matchtype
' class = win32 class name
' property = the name of a given class property
' value = the value you wish to test for
' matchtype = EQUAL or LIKE
'------------------------------------------------------------------------------
Class=win32_ComputerSystem,Property=Model,Value=dc7900,MatchType=LIKE
Class=win32_OperatingSystem,Property=Caption,Value=Microsoft Windows 7 Enterprise,MatchType=LIKE
Class=win32_OperatingSystem,Property=OSArchitecture,Value=64-bit,MatchType=EQUAL
Class=win32_Service,Property=Name,Value=VMAuthdService,MatchType=EQUAL

No comments:

Post a Comment