Hello everyone
I’m banging my head trying to read a wmi method output.
@JGStew already tried to answer a similar question in the past (here) but linked to an analysis which, unless I’m totally off-track, does not relate very well to the initial question, since allows to retrieve PROPERTIES, such as “EncryptionMethod” in the quoted analisys, but not data obtained from METHODS .
To follow the provided example, let’s imagine I’m trying to extract data from the GetHardawareTestStatus method from the same WMI location, eg: ROOT\CIMV2\Security\MicrosoftVolumeEncryption
As you can see in the following screenshot screenshot, the EncryptionMethod (value: 0) is a readily available PROPERTY, but the same is not true for the GetHardwareTestStatus method:
for wich you need explicitly invoke it (in Vinay Pamnani’s WMI Explorer: click Win32_EncryptableVolume->Select one of the instances->Right click it->Execute Method->GetHardwareTestStatus->Execute)
I don’t believe this is possible. Relevance is designed to be strictly read-only query language. Running methods may in some cases violate this read-only case.
The way around this is to run something on the command line, have it output the results to a file, then read those results with an analysis property. You can have this done through a policy action that repeats on a regular basis so that the results stay fresh.
Thanks James
since we have a very large environment, we were looking for a more efficient way (we already did have a VB Script that queried some ‘difficult to read’ data and then we used bigfix to read it), but I was searching for a way to make it more efficient using relevance instead to query directly wmi… but it seems I’ve come to a show-stopper here
