I want to search for a file on remote machine. I don't know the EXACT file path but I know its under C:\Windows\System
My query is something like this in WMI
string querystr = "SELECT * FROM CIM_DataFile Where Path='C:\\Windows\\System'";
ObjectQuery query = new ObjectQuery(querystr );
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Scope, query);
I get invalid query error.
Is the query valid ? Any way to specify Path Under ?
You have two issues in your code
you must double escape the \ char, because this is a reserved symbol in the WMI
the path property must not include the drive.
try this sample
using System;
using System.Collections.Generic;
using System.Management;
using System.Text;
namespace GetWMI_Info
{
class Program
{
static void Main(string[] args)
{
try
{
string ComputerName = "localhost";
ManagementScope Scope;
if (!ComputerName.Equals("localhost", StringComparison.OrdinalIgnoreCase))
{
ConnectionOptions Conn = new ConnectionOptions();
Conn.Username = "";
Conn.Password = "";
Conn.Authority = "ntlmdomain:DOMAIN";
Scope = new ManagementScope(String.Format("\\\\{0}\\root\\CIMV2", ComputerName), Conn);
}
else
Scope = new ManagementScope(String.Format("\\\\{0}\\root\\CIMV2", ComputerName), null);
Scope.Connect();
string Drive = "c:";
//look how the \ char is escaped.
string Path = "\\\\Windows\\\\System32\\\\";
ObjectQuery Query = new ObjectQuery(string.Format("SELECT * FROM CIM_DataFile Where Drive='{0}' AND Path='{1}' ", Drive, Path));
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(Scope, Query);
foreach (ManagementObject WmiObject in Searcher.Get())
{
Console.WriteLine("{0}",(string)WmiObject["Name"]);// String
}
}
catch (Exception e)
{
Console.WriteLine(String.Format("Exception {0} Trace {1}",e.Message,e.StackTrace));
}
Console.WriteLine("Press Enter to exit");
Console.Read();
}
}
}
Related
Tried to search for something similar but could not find.
I have file on a remote machine which I want to query for it`s details like version, date, etc.
How do I do that when I need to enter credentials for that machine?
FileVersionInfo does not give option to do so.
Thanks
Update:
As I said above I checked what FIleVersionInfo gives me (and also tried it) and that will not work for me.
I also tried using WMI and failed with (although it looked like the direction I need)
Here is the WMI code I tried - haven`t got much far:
var computerName = "IP_ADDRESS";
ConnectionOptions conn = new ConnectionOptions();
conn.Username = "username";
conn.Password = "password";
conn.Authority = "ntlmdomain:DOMAIN";
conn.Impersonation = ImpersonationLevel.Impersonate;
conn.EnablePriviledges = true;
var scope = new ManagementScope(String.Format("\\\\{0}\\root\\CIMV2", computerName), conn);
scope.Connect();
string Drive = "c:";
string Path = "\\\\inetpub\\\\wwwroot\\\\FOLDER\\\BIN\\\File.dll";
ObjectQuery Query = new ObjectQuery(string.Format("SELECT * FROM CIM_DataFile Where Drive='{0}' AND Path='{1}' ", Drive, Path));
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, Query);
foreach (ManagementObject WmiObject in Searcher.Get())
{
Console.WriteLine("{0}", (string)WmiObject["Name"]);// String
}
I mainly need the file properties version and date.
Thanks
Thanks to #Draken comment above I`ve added missing properties on the ConnectionOptions and also fixed my mistake on the domain name.
Here is the code I use to get to the file in the network PC
var computerName = "IP_ADDRESS";
ConnectionOptions conn = new ConnectionOptions();
conn.Username = "username";
conn.Password = "password";
conn.Authority = "ntlmdomain:DOMAIN";
conn.Impersonation = ImpersonationLevel.Impersonate;
conn.EnablePriviledges = true;
var scope = new ManagementScope(String.Format("\\\\{0}\\root\\CIMV2", computerName), conn);
scope.Connect();
string Drive = "c:";
string Path = "\\\\inetpub\\\\wwwroot\\\\FOLDER\\\BIN\\\File.dll";
ObjectQuery Query = new ObjectQuery(string.Format("SELECT * FROM CIM_DataFile Where Drive='{0}' AND Path='{1}' ", Drive, Path));
ManagementObjectSearcher Searcher = new ManagementObjectSearcher(scope, Query);
foreach (ManagementObject WmiObject in Searcher.Get())
{
Console.WriteLine("{0}", (string)WmiObject["Name"]);// String
}
For my application needs, I would like to get current DateTime from server PC connected with LAN. After googled, I found an MSDN Article. But it is written in vb. How can i do it in c#? Any clue?
Thanks.
I have got a solution from another answer. It's perfectly working for me.
try
{
string pc = "pcname";
//string domain = "yourdomain";
//ConnectionOptions connection = new ConnectionOptions();
//connection.Username = some username;
//connection.Password = somepassword;
//connection.Authority = "ntlmdomain:" + domain;
string wmipath = string.Format("\\\\{0}\\root\\CIMV2", pc);
//ManagementScope scope = new ManagementScope(
// string.Format("\\\\{0}\\root\\CIMV2", pc), connection);
ManagementScope scope = new ManagementScope(wmipath);
scope.Connect();
ObjectQuery query = new ObjectQuery(
"SELECT * FROM Win32_LocalTime");
ManagementObjectSearcher searcher =
new ManagementObjectSearcher(scope, query);
foreach (ManagementObject queryObj in searcher.Get())
{
Console.WriteLine("-----------------------------------");
Console.WriteLine("Win32_LocalTime instance");
Console.WriteLine("-----------------------------------");
Console.WriteLine("Date: {0}-{1}-{2}", queryObj["Year"], queryObj["Month"], queryObj["Day"]);
Console.WriteLine("Time: {0}:{1}:{2}", queryObj["Hour"], queryObj["Minute"], queryObj["Second"]);
}
}
catch (ManagementException err)
{
Console.WriteLine("An error occurred while querying for WMI data: " + err.Message);
}
catch (System.UnauthorizedAccessException unauthorizedErr)
{
Console.WriteLine("Connection error (user name or password might be incorrect): " + unauthorizedErr.Message);
}
I want to use c# and WMI to start a process remotely in another computer. I've made some initial research and found out that i ultimately have to use a processclass. The "Win32_Process" was the first thing that seemed obvious to be used, however, it seems it is limited to represent only local processes. What other Windows process classes can I use?
Here is what the code when using Win32_ScheduledJob class:
static public String RemoteConnect()
{
try
{
ConnectionOptions conn = new ConnectionOptions();
conn.Username = #"JV";
conn.Password = #"Nazpal6180";
conn.EnablePrivileges = true;
conn.Impersonation = System.Management.ImpersonationLevel.Impersonate;
ManagementScope scope = new ManagementScope("\\\\phsd194-JV\\root\\cimv2", conn);
//scope.Options.Impersonation = System.Management.ImpersonationLevel.Impersonate;
//scope.Options.EnablePrivileges = true;
scope.Connect();
ManagementPath managementPath = new ManagementPath("Win32_ScheduledJob");
ObjectGetOptions objectGetOptions = new ObjectGetOptions();
ManagementClass classInstance = new ManagementClass(scope, managementPath, objectGetOptions);
object[] objectsIn = new object[7];
objectsIn[0] = "calc.exe";
objectsIn[1] = "********140000.000000+480";
objectsIn[5] = true;
object outParams = classInstance.InvokeMethod("Create", objectsIn);
String response = "Creation of the process returned: " + outParams;
return response;
}
catch (ManagementException err)
{
String response = "An error occurred while trying to execute the WMI method: " + err.Message;
//Console.WriteLine("An error occurred while trying to execute the WMI method: " + err.Message);
return response;
}
}
As you point in your comments, the Win32_Process.Create method cannot be used to start an interactive process remotely, so as workaround you can use the Win32_ScheduledJob class with the Create method.
Check this sample app, which start the notepad in a remote machine in one minute , (Assuming which the time of the remote machine is the same of the local machine, if not you can get the local time using Win32_LocalTime or Win32_UtcTime from the remote machine and then convert to UTC).
using System;
using System.Collections.Generic;
using System.Text;
using System.Management;
namespace ConsoleApplication11
{
class Program
{
private static string DateTimetoUTC(DateTime dateParam)
{
string buffer = dateParam.ToString("********HHmmss.ffffff");
TimeSpan tickOffset = TimeZone.CurrentTimeZone.GetUtcOffset(dateParam);
buffer += (tickOffset.Ticks >= 0) ? '+' : '-';
buffer += (Math.Abs(tickOffset.Ticks) / System.TimeSpan.TicksPerMinute).ToString("d3");
return buffer;
}
static void Main(string[] args)
{
try
{
ConnectionOptions conn = new ConnectionOptions();
conn.Username = "theusername";
conn.Password = "password";
//connectoptions.Authority = "ntlmdomain:";
conn.EnablePrivileges = true;
ManagementScope scope = new ManagementScope(#"\\192.168.52.128\root\cimv2", conn);
scope.Connect();
Console.WriteLine("Connected");
ObjectGetOptions objectGetOptions = new ObjectGetOptions();
ManagementPath managementPath = new ManagementPath("Win32_ScheduledJob");
ManagementClass classInstance = new ManagementClass(scope, managementPath, objectGetOptions);
ManagementBaseObject inParams = classInstance.GetMethodParameters("Create");
inParams["Command"] = #"notepad.exe";
//the itme must be in UTC format
string StartTime = DateTimetoUTC(DateTime.Now.AddMinutes(1));
Console.WriteLine(StartTime);
inParams["StartTime"] = StartTime;
ManagementBaseObject outParams = classInstance.InvokeMethod("Create", inParams, null);
Console.WriteLine("JobId: " + outParams["JobId"]);
Console.ReadKey();
}
catch(ManagementException err)
{
Console.WriteLine("An error occurred while trying to execute the WMI method: " + err.Message);
Console.ReadKey();
}
}
}
}
I believe C# has just a Process class. I've used it for starting remote processes before.
I'd go for a server/client architecture where the server can start processes based on some kind of network call.
Is there a way to determine what all users are logged into remote machine, using WMI and C#
After little research I was able to figure it out, although not sure if this is the best way
public void GetCompDet(string ComputerName)
{
CurrentSystem = ComputerName;
ConnectionOptions options = new ConnectionOptions();
ManagementScope moScope = new ManagementScope(#"\\" + ComputerName + #"\root\cimv2");
try
{
moScope.Connect();
}
catch
{
return;
}
ObjectQuery query = new ObjectQuery("select * from Win32_Process where name='explorer.exe'");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(moScope, query);
ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
ManagementOperationObserver mo = new ManagementOperationObserver();
mo.ObjectReady += new ObjectReadyEventHandler(mo_ObjectReady);
m.InvokeMethod(mo, "GetOwner", null);
}
}
void mo_ObjectReady(object sender, ObjectReadyEventArgs e)
{
ManagementObject m = sender as ManagementObject;
LoggedinUser.Enqueue(CurrentSystem + " - >" + e.NewObject.Properties["user"].Value.ToString());
Console.WriteLine(CurrentSystem + " - >" + e.NewObject.Properties["user"].Value.ToString());
}
I've have a problem using the code below to retrieve data from the security log event of my local machine. I tested on various computers: the local machine is a windows xp sp3. The query has no error but it returns 0 record. For remote machines it works perfectly
Anyone can give me a solution?
This is the code:
using System;
using System.Management;
using System.Windows.Forms;
namespace WMISample
{
public class MyWMIQuery
{
public static void Main()
{
try
{
string[] arrComputers = {".","clientN"};
foreach (string strComputer in arrComputers)
{
Console.WriteLine("==========================================");
Console.WriteLine("Computer: " + strComputer);
Console.WriteLine("==========================================");
ManagementObjectSearcher searcher =
new ManagementObjectSearcher(
"\\\\" + strComputer + "\\root\\CIMV2",
"SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security'");
foreach (ManagementObject queryObj in searcher.Get())
{
Console.WriteLine("-----------------------------------");
Console.WriteLine("Win32_NTLogEvent instance");
Console.WriteLine("-----------------------------------");
Console.WriteLine("RecordNumber: {0}", queryObj["RecordNumber"]);
Console.WriteLine("SourceName: {0}", queryObj["SourceName"]);
Console.WriteLine("TimeGenerated: {0}", queryObj["TimeGenerated"]);
}
}
}
catch(ManagementException err)
{
MessageBox.Show("An error occurred while querying for WMI data: " + err.Message);
}
}
}
}
I understood that using the impersonation level for the wmi query in vbs it works.
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Security)}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security'" )
So I have to translate in c#.
Ok so I close this Question using my code.
the code is:
using System;
using System.Management;
namespace WMISample
{
public class MyWMIQuery
{
public static void Main()
{
try
{
ConnectionOptions oConn = new ConnectionOptions();
oConn.Impersonation = ImpersonationLevel.Impersonate;
oConn.EnablePrivileges = true;
string[] arrComputers = {".","clientN"};
foreach (string strComputer in arrComputers)
{
Console.WriteLine("==========================================");
Console.WriteLine("Computer: " + strComputer);
Console.WriteLine("==========================================");
ManagementObjectSearcher searcher = new ManagementObjectSearcher
(
new ManagementScope("\\\\" + strComputer + "\\root\\CIMV2", oConn),
new ObjectQuery( #"SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Security'")
);
foreach (ManagementObject queryObj in searcher.Get())
{
Console.WriteLine("-----------------------------------");
Console.WriteLine("Win32_NTLogEvent instance");
Console.WriteLine("-----------------------------------");
Console.WriteLine("RecordNumber: {0}", queryObj["RecordNumber"]);
Console.WriteLine("SourceName: {0}", queryObj["SourceName"]);
Console.WriteLine("TimeGenerated: {0}", queryObj["TimeGenerated"]);
}
}
}
catch(ManagementException err)
{
MessageBox.Show("An error occurred while querying for WMI data: " + err.Message);
}
}
}
}
try using the local computername instead of ".". so, instead of
string[] arrComputers = {".","clientN"};
you would have
string[] arrComputers = { Environment.GetEnvironmentVariable("computername"), "clientN" };