Version: 7
restore

Contents

Method

RunWmiInstanceMethod

ModuleNativeServices
LibraryCore
Action

Run a WMI object method.

Parameters

Namespace (string): The WMI namespace to use, e.g. "root\ccm". From v3.1, this parameter is optional and defaults to "root\cimv2".

Query (string): WMI query to select the object(s) to run the method on.

Method (string): The name of the method to run.

AllInstances (boolean): Whether to run the method on all object instances (if there is more than one) or just the first.

Additional parameters for the specific method call. Their names are prefixed with "Param_".

Return values

The accumulated output, if any, from the method invocation(s).

Example
 NativeServices.RunWmiInstanceMethod(Namespace:"root\\cimv2", Query:"SELECT * FROM Win32_Process WHERE Name = 'notepad.exe'", AllInstances:True, Method:"Terminate", Param_Reason:"1");
Platforms
  • Windows
Notes

Avoid using " SELECT * FROM... " in your WMI query for instructions, especially when used as the last statement in an instruction. Instead, you should SELECT specific columns, which you would use in the instruction schema.

This is because:

  • WMI queries may return a different number of columns depending on circumstances, which may cause a conflict with the instruction output schema
  • WMI structure may change in future
  • Returning specific columns is more efficient as the Agent will need to process less data
  • Specifying column names is easier to understand.