No doubt about it, Windows requires a lot of moving pieces. The moving pieces include system and device drivers. Most of the time, we don't think about drivers because they simply work; but when they don't, we, and your end users, definitely know. Windows 7, and to a certain extent Windows Server 2008 R2 offer a variety of features, including Windows Management Instrumentation (WMI), to troubleshoot and manage devices.

Start with Device Manager

The first place we can look for help is with the Device Manager Management console. You can either navigate through the control panel, or select it from the computer management console. I like taking a short cut by clicking Start ' Run and entering devmgmt.msc. If you don't have Windows configured to display the Run dialog box, enter devmgmt.msc into the Start menu Search box and double-click the result. You should see something like Figure 1.


Figure 1 The Device Manager Management Console

Unfortunately, this only connects to the local computer. However, if you open the Computer Management console and connect to a remote computer, the Device Manager snapin will connect to the remote computer, albeit in a read-only mode. The other alternative is to open an empty MMC, add the Device Manager snapin and specify the computer. This would be a handy technique if you have a handful of systems where you want to view device information.

Once you have the device manager open, you aren't limited to the current display. Under the View menu you can select an alternate display. For example, you might want to see devices grouped by connection as I do in Figure 2.


Figure 2 Devices Grouped by Connection

Any way you set it up, you can select a device, right-click and select Properties. Or you can simply double-click to also open properties. Figure 3 shows the properties for my display device.


Figure 3 Display Device Properties

The General tab provides a quick summary. The Resources tab provides very technical information about system resources the device is consuming like memory and IRQs. Back in the days of NT4 this was critical information. Fortunately modern Windows operating systems handle all of the nitty-gritty for us and avoids conflicts.


Figure 4 Device Resources

Depending on the device, you might not get a Resources tab. The Details tab will vary by device and driver but generally shows you a variety of properties, selected from the drop down.


Figure 5 Device Details

The Driver tab will be of most interest as depicted in Figure 6.


Figure 6 Device Driver

From here we can get version information which can be critical when troubleshooting a problem. Clicking Driver Details brings up even more information on a more granular level.


Figure 7 Device Driver Details

However, the real strength with the Device Driver tab is the ability to update the driver or roll back to a previous version. When you choose to update, Windows will ask if you want to search for an updated driver or specify a location. The latter is helpful if you've downloaded and extracted new files and you know exactly where to go. If new drivers are found, follow the prompts to install. More than likely you will need to reboot.

Should you not like the results of the new driver, you can elect to roll back to the previous version by clicking the Roll Back Driver button. This should provide a warning message like Figure 8.


Figure 8 Device Driver Rollback Message

If you are committed, click Yes and follow the prompts.

Lastly, you can also elect to disable or enable a device by clicking the appropriate button. The bottom line is that if you need to do any sort of device modification it is best done interactively and locally through the device manager. But if you are only at the information gathering stage, or perhaps building an audit report, there are another of other tools at your disposal. These tools are especially useful when querying remote systems for device information.

MSInfo32

Another great graphical tool is MSInfo32. In the Run dialog or from a command prompt type MSInfo32. You can also search for the program from the search box on the Start menu.


Figure 9 MSInfo32

If you expand Components you can see your devices. In Figure 10 you can see information for the display device driver.


Figure 10 Display Device Information in MSInfo32

Perhaps of most interest is the Problem Devices section under Components. For the most part it should only show disabled devices but if something is not working as expected you should find it listed here.

If you'd like, you can export the current information to a text file. Under File select Export and enter the name and path of a file. For more complete documentation use the Save feature to create an NFO file. This might take a minute or so to complete, but then you'll have the entire system documented. You can open saved NFO files in MSInfo32. Unfortunately there is no way to save a single section like Components. On the other hand, you can connect to a remote computer under View ' Remote Computer or using the keyboard shortcut Ctrl R. Or launch the utility specifying a remote computer name.

msinfo32 /computer win7-22

You can also create either nfo files from the command line

msinfo32 /computer win7-22 /nfo c:\work\win7-22.nfo

Or text files.

msinfo32 /computer win7-22 /report c:\work\win7-22-info.txt

If MSInffo32 gives you more information than you really want, another tool in device toolbox is DriverQueryy.exe

Using DriverQuery.exe

DriverQuery.exe is a command line tool. To view the utility help run the command with the /? Switch.

Driverquery /?

If you run only the command you'll get a table of all local device driver information. Figure 11 shows you what you can expect.


Figure 11 DriverQuery.exe

What I like about this utility is that you can connect to a remote machine along with alternate credentials.

driverquery /s server01 /u mydomain\administrator /p P@ssw0rd

Because there is a lot of information, you can customize the output. For example, perhaps you'd like to see the results as a list.

driverquery /s server01 /fo list /si

The /SI parameter adds useful information about signed drivers. Or maybe you need a CSV file that you can open up in Microsoft Excel.

driverquery /s server01 /fo csv > c:\work\driverinfo.csv

Or to get absolutely everything use the /v switch to enable verbose output. Be aware that you can't use verbose output with the signed drivers switch.

driverquery /s server01 /fo csv /v > c:\work\driverinfo-verbose.csv

Using the data filtering tools in Microsoft Excel you can easily find the device configuration information you are seeking.

If you are trying to build a big picture report on devices across the enterprise, using driverquery in batch file is certainly possible, but I think you'll find PowerShell much easier to use.

Using PowerShell and WMI

Much of the device information we've looked at is stored in WMI. And if that's the case, why not t query it directly ourselves? First, we need to identify the classes to use in our query. PowerShell and the Get-WMIObject cmdlet make this pretty simple.

get-wmiobject -list -class win32_*device*

I'm going to show all my code examples using the local computer. But it is relatively trivial to gather information from one or more remote computers using the 'computername parameter.

get-wmiobject win32_pointingdevice | select Name,Manufacturer,Status

You can find other classes by searching for some portion of the device name or type like display.

get-wmiobject -list -class win32_*display*

But I think you'll gather more pertinent information by looking at device driver information using either the Win32_SystemDriver or Win32_PnPSignedDriver.

$pnp=get-wmiobject win32_pnpsigneddriver

All of the signed plug and play drivers have been saved to the variable $pnp. Now we can slice and dice the data at will. For example, what network drivers do I have installed?

$pnp | where {$_.deviceclass -eq "NET"} | select DeviceName,DriverVersion
DeviceName'''''''''''''''''''''''''''''''''''''''''''''''''' DriverVersion
----------'''''''''''''''''''''''''''''''''''''''''''''''''' -------------
VMware Virtual Ethernet Adapter for VMnet8'''''''''''''''''' 4.0.3.0
VMware Virtual Ethernet Adapter for VMnet1'''''''''''''''''' 4.0.3.0
VirtualBox Bridged Networking Driver Miniport''''''''''''''' 4.1.2.0
VirtualBox Bridged Networking Driver Miniport''''''''''''''' 4.1.2.0
VirtualBox Bridged Networking Driver Miniport''''''''''''''' 4.1.2.0
VirtualBox Bridged Networking Driver Miniport''''''''''''''' 4.1.2.0
Microsoft Loopback Adapter'''''''''''''''''''''''''''''''''' 6.1.7600.16385
VirtualBox Host-Only Ethernet Adapter''''''''''''''''''''''' 4.1.2.0
WAN Miniport (SSTP)''''''''''''''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (PPTP)''''''''''''''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (PPPOE)'''''''''''''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (IPv6)''''''''''''''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (IP)''''''''''''''''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (Network Monitor)'''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (L2TP)''''''''''''''''''''''''''''''''''''''''' 6.1.7600.16385
WAN Miniport (IKEv2)'''''''''''''''''''''''''''''''''''''''' 6.1.7601.17514
Bluetooth Device (Personal Area Network)'''''''''''''''''''' 6.1.7600.16385
Bluetooth Device (RFCOMM Protocol TDI)'''''''''''''''''''''' 6.1.7600.16385
Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) 1.0.0.10
Realtek RTL8191SE Wireless LAN 802.11n ...'''''''''''''''' 2007.1.1002.2009
Microsoft Teredo Tunneling Adapter'''''''''''''''''''''''''' 6.1.7600.16385
Microsoft ISATAP Adapter'''''''''''''''''''''''''''''''''''' 6.1.7600.16385
Microsoft ISATAP Adapter'''''''''''''''''''''''''''''''''''' 6.1.7600.16385
Microsoft ISATAP Adapter'''''''''''''''''''''''''''''''''''' 6.1.7600.16385

Or if you simply want an audit trail for this computer, export the results to a PowerShell XML file. You can import the file at a later date for review or comparison.

$pnp | export-clixml \\file01\reports\client1-pnpsigned.xml

The last WMI class we'll look at is Win32_SystemDriver.

$sd=get-wmiobject win32_systemdriver

This class has some very useful properties. By default you can check which devices are running or now. Here's the first system driver object.

$sd[0]
DisplayName : 1394 OHCI Compliant Host Controller
Name''''''' : 1394ohci
State'''''' : Running
Status''''' : OK
Started'''' : True

Of course, there's much more to the object than what you see here. Pipe the variable to Get-Member to see for yourself. Once you know the properties you could build a pretty decent report for this computer.

$sd | select Name,State,StartMode,DisplayName | ft -auto
Name'''''''''''' State'' StartMode DisplayName
----'''''''''''' -----'' --------- -----------
1394ohci'''''''' Running Manual''' 1394 OHCI Compliant Host Controller
ACPI'''''''''''' Running Boot''''' Microsoft ACPI Driver
AcpiPmi''''''''' Stopped Manual''' ACPI Power Meter Driver
adp94xx''''''''' Stopped Manual''' adp94xx
adpahci''''''''' Stopped Manual''' adpahci
adpu320''''''''' Stopped Manual''' adpu320
AFD''''''''''''' Running System''' Ancillary Function Driver for Winsock
agp440'''''''''' Stopped Manual''' Intel AGP Bus Filter
...

It only takes another step to export this to a CSV file or save to text file. Or perhaps you'd like to find all system drivers that should be running automatically but aren't. Here's one approach.

$sd | where {$_.startmode -match "System|Boot|Auto" -AND $_.state -ne "Running"} | select name,startmode,state,displayname,description,pathname
name''''''' : sptd
startmode'' : Boot
state'''''' : Stopped
displayname : sptd
description : sptd
pathname''' : C:\Windows\system32\Drivers\sptd.sys

In fact, let me leave you with a one line command to check a group of computers for this type of situation.

$data=get-wmiobject win32_systemdriver -computername (get-content computers.txt) -filter "state !='running' AND (startmode='System' OR startmode='Boot' OR startmode='Auto')"

Depending on the number of computers you might even consider using the 'Asjob parameter. Once you've received the data, you might look at like this:

$data | Select Name,Startmode,State,Displayname,Description,Pathname, Systemname

As you see, there are a number of ways to get a handle on devices and device drivers in your network. Unfortunately, installing, repairing or rolling back requires an interactive session using the device manager management console. But for reporting alone, you have a several options. So members of Device Squad, are you ready to roll? Let's be careful out there!