From C# (.NET 4.0), we're making a WMI call like this:
var connectOptions = new ConnectionOptions
{
Authority = "ntlmdomain:" + paramValues.Domain,
Username = paramValues.UserName,
Password = paramValues.Password
};
var scopeString = #"\\" + paramValues.Server + #"\root\cimv2";
var scope = new ManagementScope(scopeString, connectOptions);
scope.Connect();
var queryString = String.Format("SELECT * FROM Win32_NTLogEvent WHERE LogFile = 'Security' AND TimeGenerated > '{0:yyyyMMddHHmm00.000000+0000}'";,
paramValues.StartTime);
var query = new ObjectQuery(queryString);
var searcher = new ManagementObjectSearcher(scope, query);
var queryCollection = searcher.Get();
This works fine, with the exception of a failure against only one of our servers. In that case, the searcher.Get() call hangs. Looking at the network traffic through Wireshark reveals that the Event Log entries are being correctly returned, but at some point the remote server simply terminates the TCP connection.
I found a WMI Tester utility online (http://www.paessler.com/tools/wmitester) that appears not to be written against the .NET framework (using DCOM). I can supply the same credentials and the same WMI query using that tool and get back the expected results.
Am I right to suspect that something is different between the .NET code and the DCOM call, or am I chasing the wrong thing? So far this is the only difference between the working and non-working code that I can find.
Related
I wish to search for recently modified text file which has Indicator in the filename on remote machine in same domain. The (UNC) path for the directory looks like
\\MachineName\Applications\Indicator\myFolder
I tried something like this :
ConnectionOptions options = new ConnectionOptions();
options.Username = username;
options.Password = password;
ManagementScope scope = new ManagementScope("\\\\MachineName\\root\\cimv2", options);
scope.Connect(); // returns true i.e IsConnected=true
ObjectQuery query = new ObjectQuery(string.Format("SELECT * FROM CIM_DataFile where path=\\MachineName\Applications\Indicator\myFolder"); //This query is just for trial purpose.
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection queryCollection = searcher.Get(); //Code breaks here
I get the following error :
'queryCollection.Count' threw an exception of type
'System.Management.ManagementException'
Message is InvalidQuery
Can someone help me with 2 things:
Why is this simple code breaking?
Can someone help me with WMI query to get the recently modified file in the specified directory?
PS: Please let me know if any additional info is needed. Thanks!
My requirement is to get installed software details of vm machine of azure and store the details in db. but when I try to get the details using System.Management class I am getting the below error
System.Runtime.InteropServices.COMException: 'The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)'
below is my sample code I am using to get the software details
string SoftwareQuery = "SELECT * FROM Win32_Product";
ConnectionOptions connection = new ConnectionOptions();
connection.Username = "bla bla";
connection.Password = "Password";
connection.EnablePrivileges = true;
connection.Impersonation = ImpersonationLevel.Impersonate;
ManagementScope managementScope = new ManagementScope(#"\\xxxx.xxxx.cloudapp.azure.com:3389\root\CIMV2", connection);
managementScope.Path = ManagementPath.DefaultPath;
managementScope.Connect();
ObjectQuery queryObj = new ObjectQuery(SoftwareQuery);
ManagementObjectSearcher searcher = new ManagementObjectSearcher(managementScope, queryObj);
foreach (ManagementBaseObject managementObj in searcher.Get())
{
//get the software list here
}
Note: The above code is working on intranet properly
Please let me know anyone have solution on this.
It might be related to the Windows Management Instrumentation service being in a stopped state. Take a look at Starting and Stopping the WMI Service.
Hope it helps!
I'm having trouble connecting to remote computer to grab a list of processes running.
For my test machine I'm using the username #"ownme\veritas". The password is just "veritas".
The sample domain is "ownme".
return new System.Management.ConnectionOptions()
{
//certainly these variables have been checked and are correct
Username = UserCredential.DomainUser,
Password = UserCredential.Password
};
This is where I'm trying to do the connection. I don't know, but this might actually be the issue here. It could also be I didn't fill out enough fields in the ConnectionOptions above.
I referred to these two articles:
https://www.experts-exchange.com/questions/23514935/How-to-use-GetProcess-for-remote-sytems.html
https://msdn.microsoft.com/en-us/library/system.management.connectionoptions.authentication.aspx
I can't figure out what I'm doing wrong
ManagementScope scope = new ManagementScope($"\\\\{computer.DnsHostname}\\root\\cimv2", connectionOptions);
scope.Connect();
//Error: Access is denied
var processes = System.Diagnostics.Process.GetProcesses(dnsHostName);
GetProcesses will use the current users credentials to connect to the remote machine, not the credentials you specified via ConnectionOptions.
You need to use the WMI scope object that you created with the correct credentials to issue a query for the processes like this:
//..
SelectQuery query = new SelectQuery("select * from Win32_Process"); //query processes
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query))
{
using (ManagementObjectCollection collection = searcher.Get())
{
foreach (var process in collection) //loop through results
{
var name = process["name"]; //process name
//Do something with process
}
}
}
I didn't realize this was such a highly viewed question: I found the answer a long time ago. I actually didn't use WMI to do it. We actually filed a ticket with Microsoft and the discounted us for free after they gave us the answer. The answer is:
LogonUser + NEW_CREDENTIALS
I am trying to get Server Network Protocol (SQL Server) using WMI.
I had written small application:
---------------------------C# code--------------------------
ManagementScope scope = new ManagementScope(#"\\computerName\root\Microsoft\SqlServer\ComputerManagement");
scope.Options.Username = "Administrator";
scope.Options.Password = "Password";
scope.Connect();
var query = new ObjectQuery(#"SELECT * FROM ServerNetworkProtocol");
var searcher = new ManagementObjectSearcher(scope, query);
var managementObjectCollection = searcher.Get();
var result = managementObjectCollection.Cast<ManagementObject>().ToList(); //<---- FileNotFoundException
var s = result.First()["ProtocolName"].ToString();
MessageBox.Show(String.Format("Protocol name: {0}", s));
And when I run the application, I will receive System.IO.FileNotFoundException.
I tested the query using WBEMTest Utility and everything is okey (with Administrator credentials).
Later I had written test service and put the same code, and service works correctly without any exceptions.
I suppose the problem related with credentials.
Can anyone explain more detailed what's wrong. What permissions need to run this query (if problem with credentials) and how I can resolve the issue.
I will be appreciated for any help.
just check credential and change one line :
ManagementScope scope = new ManagementScope(#"\\computerName\root\Microsoft\SqlServer\ComputerManagement10");
I need to check a group of servers to see whether the anti virus is up-to-date and running. Tricky thing is that they are spread over Windows 2003 and 2008 servers and I need to be able to check them all.
Is there any way of doing this with C# or VB.NET?
I have briefly looked around using WMI, but it appears on 2008/win7 computers Microsoft has changed what information they give back to you.
In summary, I need the following:
AV name
AV version
AV Up-to-Date
AV Enabled/Running
Can anyone help?
Sample can be found here using WMI as you mentioned. The poster states this is being done on a Win 7 machine; so the code below should get you started...
ConnectionOptions _connectionOptions = new ConnectionOptions();
//Not required while checking it in local machine.
//For remote machines you need to provide the credentials
//options.Username = "";
//options.Password = "";
_connectionOptions.EnablePrivileges = true;
_connectionOptions.Impersonation = ImpersonationLevel.Impersonate;
//Connecting to SecurityCenter2 node for querying security details
ManagementScope _managementScope = new ManagementScope(string.Format("\\\\{0}\\root\\SecurityCenter2", ipAddress), _connectionOptions);
_managementScope.Connect();
//Querying
ObjectQuery _objectQuery = new ObjectQuery("SELECT * FROM AntivirusProduct");
ManagementObjectSearcher _managementObjectSearcher =
new ManagementObjectSearcher(_managementScope, _objectQuery);
ManagementObjectCollection _managementObjectCollection = _managementObjectSearcher.Get();
if (_managementObjectCollection.Count > 0)
{
foreach (ManagementObject item in _managementObjectCollection)
{
Console.WriteLine(item["displayName"]);
//For Kaspersky AntiVirus, I am getting a null reference here.
//Console.WriteLine(item["productUptoDate"]);
//If the value of ProductState is 266240 or 262144, its an updated one.
Console.WriteLine(item["productState"]);
}
}
Depending on how your environment is setup you may need to specify your security and permissions. You should also note that some antivirus products (like McAfee) do not make data available through WMI.
You can query the Antivirus information from WMI using this snippet:
string computer = Environment.MachineName;
string wmipath = #"\\" + computer + #"\root\SecurityCenter";
string query = #"SELECT * FROM AntivirusProduct";
ManagementObjectSearcher searcher = new ManagementObjectSearcher(wmipath, query);
ManagementObjectCollection results = searcher.Get();
foreach (ManagementObject result in results)
{
// do something with `result[value]`);
}