fortypoundhead.com

WMIC

Posted On 2007-04-25 by FortyPoundHead
Keywords: Command Reference
Tags: Windows Commandline Windows
Views: 3584


Windows Management Instrumentation Command.
Read a huge range of information about local or remote computers. Also provides a way to make configuration changes to multiple remote machines.

Syntax
Retrieve information about :
WMIC [global_switches] [/locale:ms_409] [options] [format]

Interactive mode:
WMIC

Aliases:
ALIAS - Access local system aliases [CALL]

BASEBOARD - Base board management (motherboard or system board)
BIOS - BIOS management (Basic input/output services)
BOOTCONFIG - Boot configuration

CDROM - CD-ROM
COMPUTERSYSTEM - Computer system [CALL/SET]
CPU - CPU
CSPRODUCT - Computer system product information from SMBIOS.

DATAFILE - DataFiles [CALL]
DCOMAPP - DCOM Applications.
DESKTOP - User''s Desktop
DESKTOPMONITOR - Desktop Monitor
DEVICEMEMORYADDRESS - Device memory addresses
DISKDRIVE - Physical disk drive
DISKQUOTA - Disk space usage for NTFS volumes.[SET]
DMACHANNEL - Direct memory access (DMA) channel

ENVIRONMENT - System environment settings [SET]
FSDIR - Filesystem directory entry [CALL]

GROUP - Group account [CALL]

IDECONTROLLER - IDE Controller
IRQ - Interrupt request line

JOB - Jobs scheduled using the schedule service.[CALL]

LOADORDER - System services that define execution dependencies.
LOGICALDISK - Local storage devices [CALL/SET]
LOGON - LOGON Sessions.

MEMCACHE - Cache memory
MEMLOGICAL - System memory, layout and availability
MEMPHYSICAL - Physical memory management

NETCLIENT - Network Client management.
NETLOGIN - Network login information for a particular user.
NETPROTOCOL - Protocols (and their network characteristics).
NETUSE - Active network connection.
NIC - Network Interface Controller (NIC)
NICCONFIG - Network adapter. [CALL]
NTDOMAIN - NT Domain. [SET]
NTEVENT - NT Event Log.
NTEVENTLOG - NT eventlog file [CALL/SET]

ONBOARDDEVICE - Common adapter devices built into the motherboard.
OS - Operating System/s [CALL/SET]

PAGEFILE - Virtual memory file swapping
PAGEFILESET - Page file settings [SET]
PARTITION - Partitioned areas of a physical disk.
PORT - I/O ports
PORTCONNECTOR - Physical connection ports
PRINTER - Printer device [CALL/SET]
PRINTERCONFIG - Printer device configuration
PRINTJOB - Print job [CALL]
PROCESS - Processes [CALL]*
PRODUCT - Windows Installer [CALL]

QFE - Quick Fix Engineering (patches)
QUOTASETTING - Setting information for disk quotas on a volume. [SET]

REGISTRY - Computer system registry [SET]

SCSICONTROLLER - SCSI Controller [CALL]
SERVER - Server information
SERVICE - Service application [CALL]
SHARE - Shared resourcees [CALL]
SOFTWAREELEMENT - Elements of a software product*
SOFTWAREFEATURE - Subsets of SoftwareElement. [CALL]*
SOUNDDEV - Sound Devices
STARTUP - Commands that run automatically when users logon
SYSACCOUNT - System account
SYSDRIVER - System driver for a base service. [CALL]
SYSTEMENCLOSURE - Physical system enclosure
SYSTEMSLOT - Physical connection points including ports,
slots and peripherals, and proprietary connections points.

TAPEDRIVE - Tape drives
TEMPERATURE - Temperature sensor (electronic thermometer).
TIMEZONE - Time zone data

UPS - Uninterruptible power supply (UPS)
USERACCOUNT - User accounts [CALL/SET]

VOLTAGE - Voltage sensor (electronic voltmeter) data
VOLUME - Local storage volume [CALL/SET]
VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume. [SET]

WMISET - WMI service operational parameters [SET]

New aliases in Windows 2003:
MEMORYCHIP - Memory chip information.
RDACCOUNT - Remote Desktop connection permission [CALL]
RDNIC - Remote Desktop connection on a specific network adapter [CALL/SET]
RDPERMISSIONS - Permissions to a specific Remote Desktop connection [CALL]
RDTOGGLE - Turn Remote Desktop listener on or off remotely[CALL]
RECOVEROS - Blue Screen Information [SET]
SHADOWCOPY - Shadow copy management [CALL]
SHADOWSTORAGE - Shadow copy storage areas [CALL/SET]
VOLUMEUSERQUOTA - Per user storage volume quotas [SET]
Options

By default an alias will return a standard LIST of information, you can also choose to GET one or more specific properties.

Configuration changes can be made, where indicated above with: [CALL or SET ]

The CREATE and DELETE options allow you to change the WMI schema itself.

alias
alias LIST [BRIEF | FULL | INSTANCE | STATUS |SYSTEM | WRITEABLE]
[/TRANSLATE:BasicXml|NoComma ]
[/EVERY:no_secs] [/FORMAT:format]
alias GET [property list]
[/VALUE ] [/ALL ] [/TRANSLATE:BasicXml|NoComma ]
[/EVERY:no_secs] [/FORMAT:format]
alias CALL method_name [parameters]
alias SET [assignments]
alias CREATE
alias DELETE
alias ASSOC [/RESULTCLASS:classname] [/RESULTROLE:rolename][/ASSOCCLASS:assocclass]

For more help
WMIC /locale:ms_409 /alias /?
WMIC /locale:ms_409 /alias option /?
e.g.
WMIC /locale:ms_409 /BIOS /CALL /?
WMIC /locale:ms_409 /MEMLOGICAL /SET /?The order of the /FORMAT and /TRANSLATE switches is significant: if /TRANSLATE follows /FORMAT, the output is formatted first and then translated.

All the options above can be extended with a WHERE clause, best shown by the examples below:

Format:
Format defines the layout of the information:
csv.xsl, hform.xsl, htable-sortby.xsl, htable.xsl texttable.xsl, textvaluelist.xsl, xml.xsl

All output files are unicode text (convert to ASCII with TYPE)
Tab Separated Values (.tsv) can be opened in excel Examples

WMIC /locale:ms_409 OS

WMIC OS LIST BRIEF

WMIC OS GET csname, locale, bootdevice

WMIC /locale:ms_409 NTEVENT where LogFile=''system''

WMIC NTEVENT where "LogFile=''system'' and Type>''0''"

WMIC SERVICE where (state=”running”) GET caption, name, state > services.tsv

WMIC SERVICE where caption=''TELNET'' CALL STARTSERVICE

WMIC PRINTER LIST STATUS

WMIC PRINTER where PortName="LPT1:" GET PortName, Name, ShareName

WMIC /INTERACTIVE:ON PRINTER where PortName="LPT1:" DELETE

WMIC PROCESS where name=''evil.exe'' delete

WMIC /output:"%computername%.txt" MEMORYCHIP where "memorytype=17" get Capacity

Interactive mode:
C:>START "Windows Management" WMIC
wmic:root\cli>/locale:ms_409
wmic:root\cli>OS get csname
wmic:root\cli>quit
Notes

WMIC is available on Windows XP Professional and Windows 2003. To retrieve WMI information from older remote machines download & install: WMI core for Win 9x / WMI core for Win NT 4

The availability of WMI information does vary across different versions of Windows
e.g. ODBC, SNMP, Windows Installer.

To run WMIC requires administrator rights.

In Windows 2000, around 4,000 properties can be monitored, and around 40 can be configured.
In Windows XP around 6,000 properties can be monitored, and around 140 can be configured.

Windows 2003 offers a few improvements and bug fixes: the global option /locale:ms_409 is not required (it defaults to English US.)

When you type WMIC for the first time in Windows 2003 all the aliases are compiled. The second, and subsequent times you run WMIC, it will start immediately. Under XP WMIC is slower to initialise, therefore to run several WMI queries it can be quicker to use interactive mode.

* WMI information for installed software packages (PACKAGE and SOFTWAREFEATURE) is often incomplete and inconsistent for a variety of historical reasons. A more reliable method is to retrieve a list of installed programs directly from the Add/Remove list in the registry, with a WSH script like this from Torgeir Bakken.


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.80.169.119

Before you can post, you need to prove you are human. If you log in, this test goes away.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers