Wmic command line utilities

• Tuesday, May 06, 2008 8:13 AM

   

   
  

  0

   

  Windows Management Instrumentation Command.
  Read a huge range of information about local or remote computers. Also provides a way to make configuration changes to multiple remote machines.

  Syntax
     Retrieve information about <Alias>:
        WMIC [global_switches] [/locale:ms_409] <alias> [options] [format]
  
     Interactive mode:
        WMIC
  
  Aliases:
   ALIAS               - Access local system aliases [CALL]
  
   BASEBOARD           - Base board management (motherboard or system board) 
   BIOS                - BIOS management (Basic input/output services) 
   BOOTCONFIG          - Boot configuration
  
   CDROM               - CD-ROM
   COMPUTERSYSTEM      - Computer system [CALL/SET]
   CPU                 - CPU
   CSPRODUCT           - Computer system product information from SMBIOS. 
  
   DATAFILE            - DataFiles [CALL]
   DCOMAPP             - DCOM Applications.
   DESKTOP             - User's Desktop
   DESKTOPMONITOR      - Desktop Monitor
   DEVICEMEMORYADDRESS - Device memory addresses
   DISKDRIVE           - Physical disk drive
   DISKQUOTA           - Disk space usage for NTFS volumes.[SET]
   DMACHANNEL          - Direct memory access (DMA) channel
  
   ENVIRONMENT         - System environment settings [SET]
   FSDIR               - Filesystem directory entry [CALL]
  
   GROUP               - Group account [CALL]
  
   IDECONTROLLER       - IDE Controller
   IRQ                 - Interrupt request line
  
   JOB                 - Jobs scheduled using the schedule service.[CALL]
  
   LOADORDER           - System services that define execution dependencies. 
   LOGICALDISK         - Local storage devices [CALL/SET]
   LOGON               - LOGON Sessions.
  
   MEMCACHE            - Cache memory
   MEMLOGICAL          - System memory, layout and availability
   MEMPHYSICAL         - Physical memory management
  
   NETCLIENT           - Network Client management.
   NETLOGIN            - Network login information for a particular user. 
   NETPROTOCOL         - Protocols (and their network characteristics).
   NETUSE              - Active network connection.
   NIC                 - Network Interface Controller (NIC)
   NICCONFIG           - Network adapter. [CALL] 
   NTDOMAIN            - NT Domain. [SET]  
   NTEVENT             - NT Event Log.  
   NTEVENTLOG          - NT eventlog file [CALL/SET]
  
   ONBOARDDEVICE       - Common adapter devices built into the motherboard.
   OS                  - Operating System/s [CALL/SET]
  
   PAGEFILE            - Virtual memory file swapping
   PAGEFILESET         - Page file settings [SET]
   PARTITION           - Partitioned areas of a physical disk.
   PORT                - I/O ports
   PORTCONNECTOR       - Physical connection ports
   PRINTER             - Printer device [CALL/SET]
   PRINTERCONFIG       - Printer device configuration  
   PRINTJOB            - Print job [CALL]
   PROCESS             - Processes [CALL]*
   PRODUCT             - Windows Installer [CALL]
  
   QFE                 - Quick Fix Engineering (patches)
   QUOTASETTING        - Setting information for disk quotas on a volume. [SET]
  
   REGISTRY            - Computer system registry [SET]
  
   SCSICONTROLLER      - SCSI Controller [CALL]
   SERVER              - Server information 
   SERVICE             - Service application [CALL]
   SHARE               - Shared resourcees [CALL]
   SOFTWAREELEMENT     - Elements of a software product*
   SOFTWAREFEATURE     - Subsets of SoftwareElement. [CALL]*
   SOUNDDEV            - Sound Devices 
   STARTUP             - Commands that run automatically when users logon
   SYSACCOUNT          - System account  
   SYSDRIVER           - System driver for a base service. [CALL]
   SYSTEMENCLOSURE     - Physical system enclosure
   SYSTEMSLOT          - Physical connection points including ports,
                         slots and peripherals, and proprietary connections points.
  
   TAPEDRIVE           - Tape drives  
   TEMPERATURE         - Temperature sensor (electronic thermometer).
   TIMEZONE            - Time zone data 
  
   UPS                 - Uninterruptible power supply (UPS) 
   USERACCOUNT         - User accounts [CALL/SET]
  
   VOLTAGE             - Voltage sensor (electronic voltmeter) data
   VOLUME              - Local storage volume [CALL/SET]
   VOLUMEQUOTASETTING  - Associates the disk quota setting with a specific disk volume. [SET]
  
   WMISET              - WMI service operational parameters [SET]
  
  New aliases in Windows 2003: 
   MEMORYCHIP          - Memory chip information.
   RDACCOUNT           - Remote Desktop connection permission [CALL]
   RDNIC               - Remote Desktop connection on a specific network adapter [CALL/SET]
   RDPERMISSIONS       - Permissions to a specific Remote Desktop connection [CALL]
   RDTOGGLE            - Turn Remote Desktop listener on or off remotely[CALL]
   RECOVEROS           - Blue Screen Information [SET]
   SHADOWCOPY          - Shadow copy management [CALL]
   SHADOWSTORAGE       - Shadow copy storage areas [CALL/SET]
   VOLUMEUSERQUOTA     - Per user storage volume quotas  [SET]
  

  Options

  By default an alias will return a standard LIST of information, you can also choose to GET one or more specific properties.

  Configuration changes can be made, where indicated above with: [CALL or SET ]

  The CREATE and DELETE options allow you to change the WMI schema itself.

     alias 
     alias LIST [BRIEF | FULL | INSTANCE | STATUS |SYSTEM | WRITEABLE]
                  [/TRANSLATE:BasicXml|NoComma ]
                     [/EVERY:no_secs] [/FORMAT:format]
     alias GET [property list]
                  [/VALUE ] [/ALL ] [/TRANSLATE:BasicXml|NoComma ]
                     [/EVERY:no_secs] [/FORMAT:format]
     alias CALL method_name [parameters]
     alias SET [assignments]
     alias CREATE 
     alias DELETE
     alias ASSOC [/RESULTCLASS:classname] [/RESULTROLE:rolename][/ASSOCCLASS:assocclass]
  
  For more help
     WMIC /locale:ms_409 /alias /?
     WMIC /locale:ms_409 /alias option /?
     e.g.
     WMIC /locale:ms_409 /BIOS /CALL /?
     WMIC /locale:ms_409 /MEMLOGICAL /SET /?

  The order of the /FORMAT and /TRANSLATE switches is significant: if /TRANSLATE follows /FORMAT, the output is formatted first and then translated.

  All the options above can be extended with a WHERE clause, best shown by the examples below:

  Format:
    Format defines the layout of the information:
      csv.xsl, hform.xsl, htable-sortby.xsl, htable.xsl
      texttable.xsl, textvaluelist.xsl, xml.xsl
  
    All output files are unicode text (convert to ASCII with TYPE)
    Tab Separated Values (.tsv) can be opened in excel 

  Examples

  WMIC /locale:ms_409 OS 
  
  WMIC OS LIST BRIEF
  
  WMIC OS GET csname, locale, bootdevice
  
  WMIC /locale:ms_409 NTEVENT where LogFile='system'
  
  WMIC NTEVENT where "LogFile='system' and Type>'0'" 
  
  WMIC SERVICE where (state=”running”) GET caption, name, state > services.tsv
  
  WMIC SERVICE where caption='TELNET' CALL STARTSERVICE
  
  WMIC PRINTER LIST STATUS
  
  WMIC PRINTER where PortName="LPT1:" GET PortName, Name, ShareName
   
  WMIC /INTERACTIVEN PRINTER where PortName="LPT1:" DELETE
  
  WMIC PROCESS where name='evil.exe' delete
  
  WMIC /output:"%computername%.txt" MEMORYCHIP where "memorytype=17" get Capacity
  
  Interactive mode:
   C:>START "Windows Management" WMIC
   wmic:root\cli>/locale:ms_409
   wmic:root\cli>OS get csname
   wmic:root\cli>quit
  

  Regards,

  K.Ganesan

  +919941606691.

  Chennai , India

  • Reply
  • Quote