Windows System Administration Management using Python

Managing the activities of Windows System Administration manually can be exhausting. What if we could set up a few Python codes instead of managing these tasks manually. In the following tutorial, we will discover one such module that allows the program to perform different processes based on System Administration. This Python module is known as the WMI module.

WMI, abbreviated for Windows Management Instrumentation, is an implementation of Microsoft to the Common Information Model (short for CMI) for the DMTF, which is a vendor-neutral, industry-standard method of demonstrating the Management Information. It allows the programmers to query almost any piece of data from any computer executing the required agent with the appropriate permissions.

Python offers the wmi module that acts as a lightweight wrapper around available WMI classes and functionalities and could be utilized by the Systems Administrators in order to query data from the local or remote Windows machines.

In this tutorial, we will understand how to use the wmi module to perform various activities based on Windows System Administration. But before we get to it, let us begin by installing the required module.

How to Install the Python wmi Module?

In order to install the Python module, we need 'pip', a framework to manage packages required to install the modules from the trusted public repositories. Once we have 'pip', we can install the wmi module using the command from a Windows command prompt (CMD) or terminal as shown below:

Syntax:

Verifying the Installation

Once the module is installed, we can verify it by creating an empty Python program file and writing an import statement as follows:

File: verify.py

Now, save the above file and execute it using the following command in a terminal:

Syntax:

If the above Python program file does not return any error, the module is installed properly. However, in the case where an exception is raised, try reinstalling the module, and it is also recommended to refer to the official documentation of the module.

Establishing a Connection

In the following section, we will begin by establishing a connection to a machine. Most of the time, we will connect to the local machine with the help of the following Python syntax:

Syntax:

# connecting to local machine
my_connection = wmi.WMI()

Suppose we want to connect to a remote machine. In that case, we must provide a machine name (or IP Address) and use the following parameters such as 'user' and 'password' to pass the credentials so that we can authenticate the account to establish a remote WMI connection.

Example:

# importing the required module
import wmi

# connecting to a remote machine
my_connection = wmi.WMI("13.78.128.231", user = r"mango", password = "mango@123")

Finding a WMI Class

Now we have the connection established; however, to query specific information regarding the system, we must first find out the WMI class that can deliver that information. We can also use the 'classes' property of WMI objects such as wmi.WMI().classes, in order to return the list of WMI classes.

From these extracted classes, we can filter out particular keywords to find a specific class we are looking for, as shown in the following example:

Example:

# importing the required module
import wmi

# connecting to a local machine
my_connection = wmi.WMI()

# extracting the class names from WMI
for className in my_connection.classes:
    if 'Process' in className:
        print(className)

Output:

Win32_ProcessStartTrace
Win32_PerfFormattedData_PerfOS_Processor
Win32_PerfFormattedData_PerfProc_Process
Win32_SessionProcess
Win32_PerfRawData_PerfProc_Process
Win32_PerfRawData_Counters_PerProcessorNetworkInterfaceCardActivity
Win32_PerfRawData_LSM_UserInputDelayperProcess
Win32_PerfFormattedData_Counters_ProcessV2
Win32_PerfFormattedData_LSM_UserInputDelayperProcess
Win32_PerfFormattedData_Counters_PerProcessorNetworkInterfaceCardActivity
Win32_Processor
Win32_ProcessTrace
CIM_OSProcess
CIM_ProcessExecutable
CIM_Processor
CIM_AssociatedProcessorMemory
Win32_ComputerSystemProcessor
Win32_PerfFormattedData_GPUPerformanceCounters_GPUProcessMemory
Win32_PerfRawData_HvStats_HyperVHypervisorLogicalProcessor
Win32_PerfFormattedData_Counters_ProcessorInformation
CIM_ProcessThread
CIM_Process
Win32_PerfFormattedData_Counters_PerProcessorNetworkActivityCycles
Win32_AssociatedProcessorMemory
Win32_PerfRawData_HvStats_HyperVHypervisorRootVirtualProcessor
Win32_PerfFormattedData_Counters_SecurityPerProcessStatistics
Win32_ProcessStartup
Win32_PerfRawData_GPUPerformanceCounters_GPUProcessMemory
Win32_PerfRawData_Counters_ProcessorInformation
Win32_PerfRawData_Counters_ProcessV2
Win32_PerfRawData_Counters_PerProcessorNetworkActivityCycles
Win32_PerfRawData_Counters_SecurityPerProcessStatistics
Win32_PerfFormattedData_HvStats_HyperVHypervisorLogicalProcessor
Win32_Process
Win32_PerfFormattedData_HvStats_HyperVHypervisorRootVirtualProcessor
Win32_NamedJobObjectProcess
Win32_SystemProcesses
Win32_ProcessStopTrace
Win32_PerfRawData_PerfOS_Processor

Explanation:

In the above snippet of code, we have imported the wmi module and established a connection to the local machine. We have then extracted the class names from the wmi module using the for-loop iterating through each class available in the module.

Finding Methods and Properties of WMI Class

Even if we know the name of WMI Class, we will still need the precise name of the property these classes provide and methods that can carry out particular operations. In order to retrieve methods and properties of an as specific WMI class, we can create a WMI connection and utilize the Dot operator (.) and 'Class Name' in order to access namespace, then 'properties' or 'methods' attribute to return a Python List of property/method names.

Let us consider the following example demonstrating the same:

Example:

# importing the wmi module
import wmi
# printing all properties
print("Properties of WMI class:")
print(wmi.WMI().Win32_Process.methods.keys())

# printing all methods
print("\nMethods of WMI class:")
print(wmi.WMI().Win32_Process.properties.keys())

Output:

Properties of WMI class:
dict_keys(['Create', 'Terminate', 'GetOwner', 'GetOwnerSid', 'SetPriority', 'AttachDebugger', 'GetAvailableVirtualSize'])

Methods of WMI class:
dict_keys(['Caption', 'CommandLine', 'CreationClassName', 'CreationDate', 'CSCreationClassName', 'CSName', 'Description', 'ExecutablePath', 'ExecutionState', 'Handle', 'HandleCount', 'InstallDate', 'KernelModeTime', 'MaximumWorkingSetSize', 'MinimumWorkingSetSize', 'Name', 'OSCreationClassName', 'OSName', 'OtherOperationCount', 'OtherTransferCount', 'PageFaults', 'PageFileUsage', 'ParentProcessId', 'PeakPageFileUsage', 'PeakVirtualSize', 'PeakWorkingSetSize', 'Priority', 'PrivatePageCount', 'ProcessId', 'QuotaNonPagedPoolUsage', 'QuotaPagedPoolUsage', 'QuotaPeakNonPagedPoolUsage', 'QuotaPeakPagedPoolUsage', 'ReadOperationCount', 'ReadTransferCount', 'SessionId', 'Status', 'TerminationDate', 'ThreadCount', 'UserModeTime', 'VirtualSize', 'WindowsVersion', 'WorkingSetSize', 'WriteOperationCount', 'WriteTransferCount'])

Explanation:

In the above snippet of code, we have imported the required module. We have then used the WMI() to establish a connection with a remote machine. We have then written the name of the WMI class followed by the Dot operator (.) along with the keywords 'properties' and 'methods' to print all the properties and methods for the users.

Handling Process

Since we have gathered the information regarding the methods and properties of class 'Win32_Process', we will now use the class name of WMI followed by an open & close parenthesis in order to return objects of the WMI class.

Let us consider the following example demonstrating the same:

Example:

# importing the wmi module
import wmi
# establishing the connection with a local machine
my_connection = wmi.WMI()
# processing list
for process in my_connection.Win32_Process():
    print("ID: {0}\nHandle Count: {1}\nProcess Name: {2}\n".format(
        process.ProcessId, process.HandleCount, process.Name
        )
    )

Output:

ID: 0
Handle Count: 0
Process Name: System Idle Process

ID: 4
Handle Count: 5863
Process Name: System

ID: 160
Handle Count: 0
Process Name: Registry

ID: 540
Handle Count: 57
Process Name: smss.exe

ID: 788
Handle Count: 773
Process Name: csrss.exe

ID: 892
Handle Count: 149
Process Name: wininit.exe

ID: 912
Handle Count: 765
Process Name: csrss.exe

ID: 964
Handle Count: 714
Process Name: services.exe

ID: 984
Handle Count: 1571
Process Name: lsass.exe

ID: 568
Handle Count: 267
Process Name: winlogon.exe

ID: 1056
Handle Count: 1746
Process Name: svchost.exe

ID: 1084
Handle Count: 33
Process Name: fontdrvhost.exe
.
.
.
ID: 14104
Handle Count: 301
Process Name: python3.9.exe

Explanation:

In the above snippet of code, we have imported the wmi module and established a successful connection with the local machine. We extracted the process list using the for-loop iterating through each process with their ID, Handle Count, and Name of the process.

We can also filter these processes with their names and properties to print only selected processes (es). For example, we wanted to select all the processes named as 'code.exe' that are running locally and then filtered out the processes that have to handle count more than 100 with the help of a conditional statement: if<condition>

Let us consider the following script to understand the same:

Example:

# importing the wmi module
import wmi
# establishing the connection with a local machine
my_connection = wmi.WMI()
# filtering specific processes
for process in my_connection.Win32_Process(name = "code.exe"): 
    if process.HandleCount > 100:
        # only processes with Handle Count above 100
        print("ID: {0}\nHandle Count: {1}\nProcess Name: {2}\n".format(
            process.ProcessId, process.HandleCount, process.Name
            )
        )

Output:

ID: 10464
Handle Count: 859
Process Name: Code.exe

ID: 14796
Handle Count: 228
Process Name: Code.exe

ID: 12388
Handle Count: 704
Process Name: Code.exe

ID: 2504
Handle Count: 284
Process Name: Code.exe

ID: 1044
Handle Count: 485
Process Name: Code.exe

ID: 12668
Handle Count: 334
Process Name: Code.exe

ID: 8088
Handle Count: 362
Process Name: Code.exe

ID: 10720
Handle Count: 180
Process Name: Code.exe

ID: 8976
Handle Count: 210
Process Name: Code.exe

ID: 14804
Handle Count: 278
Process Name: Code.exe

Explanation:

In the above snippet of code, we have again imported the wmi module and established the connection with a local machine. We have then used the for-loop to iterate through the processes in the WMI class and specified the name of the process to filter out that required process. We have also included the if conditional statement in order to print those processes details only whose Handle Counts is more than 100.

WMI Module also allows programmers to begin a new process and kill any existing one.

Let us consider the following example demonstrating the same where we have created a new process then stored the Process ID to uniquely identify the process so that we can terminate it later using that ID:

Example:

# importing the wmi module
import wmi
# establishing the connection with the local machine
my_connection = wmi.WMI()

# starting a new process and capturing the process ID
process_id, return_val = my_connection.Win32_Process.Create(CommandLine = "notepad.exe")

# killing the process using process ID
my_connection.Win32_Process(ProcessId = process_id)[0].Terminate()

Explanation:

In the above snippet of code, we have imported the wmi module and established a successful connection with the local machine. We have then started a new process using the Create() function and stored its process ID. At last, we have used the Terminate() function to kill the process.

Handling Services

We can adapt a similar approach in order to list and filter out services working on a machine with the help of the WMI class called Win32_Service.

Let us consider the following snippet of code demonstrating the same:

Example:

# importing the wmi module
import wmi
# establishing connection with a local machine
my_connection = wmi.WMI()
# listing services
for service in my_connection.Win32_Service(StartMode = "Auto", State = "Running"):
    # filtering the service names
    if 'Windows' in service.DisplayName:
        print("Status: {0} \nStart Mode: {1} \nService Name: {2} \nDisplay Name: {3} \n\n".format(
            service.State, service.StartMode, service.Name, service.DisplayName
            )
        )

Output:

Status: Running 
Start Mode: Auto
Service Name: AudioEndpointBuilder
Display Name: Windows Audio Endpoint Builder


Status: Running
Start Mode: Auto
Service Name: Audiosrv
Display Name: Windows Audio


Status: Running 
Start Mode: Auto
Service Name: EventLog
Display Name: Windows Event Log


Status: Running 
Start Mode: Auto
Service Name: FontCache
Display Name: Windows Font Cache Service


Status: Running 
Start Mode: Auto
Service Name: mpssvc
Display Name: Windows Defender Firewall


Status: Running 
Start Mode: Auto
Service Name: StiSvc
Display Name: Windows Image Acquisition (WIA)


Status: Running 
Start Mode: Auto
Service Name: Wcmsvc
Display Name: Windows Connection Manager


Status: Running
Start Mode: Auto
Service Name: Winmgmt
Display Name: Windows Management Instrumentation


Status: Running 
Start Mode: Auto
Service Name: WpnService
Display Name: Windows Push Notifications System Service


Status: Running 
Start Mode: Auto
Service Name: WSearch
Display Name: Windows Search


Status: Running 
Start Mode: Auto
Service Name: WpnUserService_a17f9
Display Name: Windows Push Notifications User Service_a17f9

Explanation:

In the above snippet of code, we have imported the wmi module and established the connection with a local machine. We have then used the for-loop to iterate through the Win32_Services class of the wmi module over the given conditions. We have also used the conditional statement to filter out the required services.

We can perform several other functionalities with these classes, such as starting and stopping service and a lot more.

Next TopicIndentation Error in Python

← prev next →