Vista brings a new event forwarding feature for Windows Administrators. Event forwarding allows configuring a central event collector machine to collect events from other computers. This feature has a complete UI support in event viewer.

Here is a basic tutorial on how to get started.

Scenario:

1. Collect events from Machine2 using a collector on Machine1.
2. Both Machines are in domain.
3. User configuring subscriptions on Machine1 is administrator on Machine2

I intentionally simplified this to get up and running smoothly.

Steps:

Goto Machine2 ( Event source)

1. On command line Run "winrm quickconfig" this command will setup necessary configuration.
2. Goto Machine1 ( Event collector)
3. Type eventvwr
4. Click on Subscriptions node, Create subscription
5. Give SubscriptioName: TestSubscription
6. SelectEvents: Select which events you want to receive
7. Click Add: Choose Machine2
8. On Advanced Choose SpecificUser and provide credentials.
9. OK, OK

Thats it:).

Now your subscription is setup to receive events from Machine2. You can see these events in WindowsLogs/ForwadedEvents channel.There are various delivery modes, security mechanisms available which I will go in detail in future.

This fucntionality is built suing the brand new eventing system in Vista and uses WS-Management as transport.

 Blog Help

Following are simple steps on how to start using WinRM.

1.       Create a listener.

2.       Use winrm command line to do simple operations.

Create listener:

The easiest way of creating a listener is to use  quickconfig feature of winrm commandline tool. This operation creates a HTTP listener, configures the firewall to enable an exception  to allow requests on port 80.

C:\>winrm quickconfig

WinRM is not set up to allow remote access to this machine for management.

The following changes must be made:

Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

Make these changes [y/n]? y

WinRM has been updated for remote management.

Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

Get operation:

Now that we have a listener configured lets do a simple get operation to win32_operatingsytem.

C:\>winrm get cimv2/win32_operatingsystem -r:localhost

Win32_OperatingSystem

    BootDevice = \Device\HarddiskVolume1

    BuildNumber = 5461

    BuildType = Multiprocessor Free

    Caption = Microsoftr Windows VistaT Ultimate

    CodeSet = 1252

    CountryCode = 1

    CreationClassName = Win32_OperatingSystem

    CSCreationClassName = Win32_ComputerSystem

    CSDVersion = null

    CSName = RAVIBLHPC

    CurrentTimeZone = -420

    DataExecutionPrevention_32BitApplications = false

    DataExecutionPrevention_Available = false

    DataExecutionPrevention_Drivers = false

    DataExecutionPrevention_SupportPolicy = 2

    Debug = false

    Description

    Distributed = false

    EncryptionLevel = 256

    ForegroundApplicationBoost = 2

    FreePhysicalMemory = 1323404

    FreeSpaceInPagingFiles = 2150864

    FreeVirtualMemory = 3251308

    InstallDate

        Datetime = 2006-06-21T18:09:54-07:00

    LargeSystemCache = null

    LastBootUpTime

        Datetime = 2006-07-08T09:08:04.992607-07:00

    LocalDateTime

        Datetime = 2006-07-08T10:37:54.831-07:00

    Locale = 0409

    Manufacturer = Microsoft Corporation

    MaxNumberOfProcesses = 4294967295

    MaxProcessMemorySize = 2097024

    MUILanguages = en-US

    Name = Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition2

    NumberOfLicensedUsers = 0

    NumberOfProcesses = 64

    NumberOfUsers = 3

    Organization

    OSArchitecture = 32-bit

    OSLanguage = 1033

    OSProductSuite = 256

    OSType = 18

    OtherTypeDescription = null

    PAEEnabled = false

    PlusProductID = null

    PlusVersionNumber = null

    Primary = true

    ProductType = 1

    QuantumLength = 1

    QuantumType = 1

    RegisteredUser = ravib

    SerialNumber = 78427-006-8119405-70438

    ServicePackMajorVersion = 0

    ServicePackMinorVersion = 0

    SizeStoredInPagingFiles = 2402944

    Status = OK

    SuiteMask = 272

    SystemDevice = \Device\HarddiskVolume2

    SystemDirectory = C:\Windows\system32

    SystemDrive = C:

    TotalSwapSpaceSize = null

    TotalVirtualMemorySize = 4426492

    TotalVisibleMemorySize = 2095744

    Version = 6.0.5461

    WindowsDirectory = C:\Windows

Enumerate operation:

Try this command to enumerate all win32_process instances.

winrm enumerate cimv2/win32_process –r:localhost

 Blog Help

WinRM ( windows remote management) is the Microsoft implementation of WS-Management protocol  built in the operating system.  WinRM first shipped in Windows Server 2003 R2 and enhanced in Windows Vista. WS-Management is a DMTF standard http://www.dmtf.org/standards/wsman/. The protocol is based on standard WS-* specifications that support following operations.

GET/PUT/CREATE/DELETE invidual management resources

ENUMERATE contents of containers and collections

SUBSCRIBE to events emitted by managed resources.

EXECUTE specific management methods with strongly typed input and output.

WinRM is a standard SOAP based firewall friendly protocol that allows hardware and operating systems from different vendors to interoperate. The main goal of this standard is to make management devices and systems easier in a heterogeneous systems.

Self managing operating system should be the goal for a complex system like Windows. While we work on that goal, we continue to provide great tools and technologies that help both administrators , application delvelopers.

I work in management infrastructure group in windows which develops following technologies.

• Windows Management Instrumention( aka WMI )
• Windows Eventlog
• Tash scheduler
• WinRM, implementation of WS-Management protocol in windows.

I want to write about some tips in using these technologies as well and try to explain cool new ways of using these technologies.