PowerShell 脚本中的 WMI 事件筛选器查询

您在查询中处理 WQL，并且只能有一个 INSIDE 值 - 请参阅 https://learn.microsoft.com/en-gb/windows/desktop/WmiSdk/within-clause，因此您必须选择 300(秒 = 5 分钟(或 900(秒 = 15 分钟(或介于两者之间的折衷值。

您的组合 SELECT 语句如下所示

SELECT * FROM __InstanceOperationEvent WITHIN 900 WHERE TargetInstance ISA 'SMS_Package' AND TargetInstance.Name LIKE 'drivers - %' OR TargetInstance.Name LIKE 'BIOS - %'

将 WITHIN 值更改为您认为最适合您需求的值。

您是否需要同时使用驱动器和 BIOS，或者您可以使用参数驱动的开关语句在它们之间交换？

像这样的东西

Function WMI-InstanceFilter {
[CmdletBinding()]
param (
[ValidateSet('Bios', 'Drivers' )]
[string]$InstanceType
)
# Function Started
LogTraceMessage "*** Function WMI-InstanceFilter Started ***"
Write-Verbose "*** Function WMI-InstanceFilter Started ***"
switch ($InstanceType) {
'Bios' {
$query = "SELECT * FROM __InstanceOperationEvent Within 900 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'drivers - %'"
}
'Drivers' {
$query = "SELECT * FROM __InstanceOperationEvent Within 300 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'BIOS - %'"
}
}
$PropertyHash = @{
QueryLanguage = "WQL"
Query = $query
Name = "Name"
EventNameSpace="root/sms/site_$($SiteCode)"
}
$Script:InstanceFilter = New-CimInstance -Namespace root/subscription -ClassName __EventFilter -Property $PropertyHash -Verbose -ErrorAction Stop
}