Classes Remove an Object

WMI returns live, editable objects so place be careful while removing on object:

PS C:\Windows\system32> Get-WmiObject -Class win32_process | where-object {$_.Name -eq “notepad.exe”} | Remove-WmiObject

PS C:\Windows\system32> Get-CimInstance -ClassName win32_process -Filter “Name = ‘notepad.exe'” | remove-ciminstance

PS C:\Windows\system32> Get-WmiObject -class win32_process -filter ‘Name = “calculator.exe”‘

PS C:\Windows\system32> Get-WmiObject -class win32_process –list

Exploring Methods:

Find all the classes in a namespace which contain method(s):

PS C:\Windows\system32> Get-WmiObject -list | Where-Object {$_.methods}

PS C:\Windows\system32> Get-CimClass -methodname *

PS C:\Windows\system32> Get-CimClass -MethodName *create*

PS C:\Windows\system32> get-wmiobject -class win32_process -list | select -ExpandProperty methods

PS C:\Windows\system32> (Get-WmiObject -Class win32_process -List).methods

PS C:\Windows\system32> Get-CimClass -ClassName win32_process

Listing parameters of a method in a class:

PS C:\Windows\system32> Get-CimClass -ClassName win32_process | select -ExpandProperty cimclassmethods | where name -eq “Create” | select -ExcludeProperty Parameters

Using Methods:-

We can use the create method of win32_process class to run processes/executables

PS C:\Windows\system32> Invoke-WmiMethod -class win32_process -name create -ArgumentList calc.exe

PS C:\Windows\system32> Invoke-CimMethod -ClassName Win32_Process -MethodName Create -Arguments @{CommandLine = “clac.exe”}

Cmdlets:set-wmiinstance:-

Used to update properties of WMI object.

See get-writeableproperties.ps1 to list writable properties of a class.

PS C:\Windows\system32> Get-WmiObject -Class win32_printer -filter “Name = ‘Microsoft XPS Document Writer'” | Set-WmiInstance -Arguments @{comment = “wmi Comment”}

PS C:\Windows\system32> Get-CimInstance -classname win32_printer -filter “Name = ‘Microsoft XPS Document Writer'” | Set-CimInstance -Property @{comment = “CIM Comment”}

@Saksham Dixit