Windows Management Instrumentation Command.
Read a huge range of information about local or remote computers. Also provides a way to make configuration changes to multiple remote machines.
Syntax
Retrieve information about <Alias>:
WMIC [global_switches] [/locale:ms_409] <alias> [options] [format]
Interactive mode:
WMIC
Aliases:
ALIAS - Access local system aliases [CALL]
BASEBOARD - Base board management (motherboard or system board)
BIOS - BIOS management (Basic input/output services)
BOOTCONFIG - Boot configuration
CDROM - CD-ROM
COMPUTERSYSTEM - Computer system [CALL/SET]
CPU - CPU
CSPRODUCT - Computer system product information from SMBIOS.
DATAFILE - DataFiles [CALL]
DCOMAPP - DCOM Applications.
DESKTOP - User's Desktop
DESKTOPMONITOR - Desktop Monitor
DEVICEMEMORYADDRESS - Device memory addresses
DISKDRIVE - Physical disk drive
DISKQUOTA - Disk space usage for NTFS volumes.[SET]
DMACHANNEL - Direct memory access (DMA) channel
ENVIRONMENT - System environment settings [SET]
FSDIR - Filesystem directory entry [CALL]
GROUP - Group account [CALL]
IDECONTROLLER - IDE Controller
IRQ - Interrupt request line
JOB - Jobs scheduled using the schedule service.[CALL]
LOADORDER - System services that define execution dependencies.
LOGICALDISK - Local storage devices [CALL/SET]
LOGON - LOGON Sessions.
MEMCACHE - Cache memory
MEMLOGICAL - System memory, layout and availability
MEMPHYSICAL - Physical memory management
NETCLIENT - Network Client management.
NETLOGIN - Network login information for a particular user.
NETPROTOCOL - Protocols (and their network characteristics).
NETUSE - Active network connection.
NIC - Network Interface Controller (NIC)
NICCONFIG - Network adapter. [CALL]
NTDOMAIN - NT Domain. [SET]
NTEVENT - NT Event Log.
NTEVENTLOG - NT eventlog file [CALL/SET]
ONBOARDDEVICE - Common adapter devices built into the motherboard.
OS - Operating System/s [CALL/SET]
PAGEFILE - Virtual memory file swapping
PAGEFILESET - Page file settings [SET]
PARTITION - Partitioned areas of a physical disk.
PORT - I/O ports
PORTCONNECTOR - Physical connection ports
PRINTER - Printer device [CALL/SET]
PRINTERCONFIG - Printer device configuration
PRINTJOB - Print job [CALL]
PROCESS - Processes [CALL]*
PRODUCT - Windows Installer [CALL]
QFE - Quick Fix Engineering (patches)
QUOTASETTING - Setting information for disk quotas on a volume. [SET]
REGISTRY - Computer system registry [SET]
SCSICONTROLLER - SCSI Controller [CALL]
SERVER - Server information
SERVICE - Service application [CALL]
SHARE - Shared resourcees [CALL]
SOFTWAREELEMENT - Elements of a software product*
SOFTWAREFEATURE - Subsets of SoftwareElement. [CALL]*
SOUNDDEV - Sound Devices
STARTUP - Commands that run automatically when users logon
SYSACCOUNT - System account
SYSDRIVER - System driver for a base service. [CALL]
SYSTEMENCLOSURE - Physical system enclosure
SYSTEMSLOT - Physical connection points including ports,
slots and peripherals, and proprietary connections points.
TAPEDRIVE - Tape drives
TEMPERATURE - Temperature sensor (electronic thermometer).
TIMEZONE - Time zone data
UPS - Uninterruptible power supply (UPS)
USERACCOUNT - User accounts [CALL/SET]
VOLTAGE - Voltage sensor (electronic voltmeter) data
VOLUME - Local storage volume [CALL/SET]
VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume. [SET]
WMISET - WMI service operational parameters [SET]
New aliases in Windows 2003:
MEMORYCHIP - Memory chip information.
RDACCOUNT - Remote Desktop connection permission [CALL]
RDNIC - Remote Desktop connection on a specific network adapter [CALL/SET]
RDPERMISSIONS - Permissions to a specific Remote Desktop connection [CALL]
RDTOGGLE - Turn Remote Desktop listener on or off remotely[CALL]
RECOVEROS - Blue Screen Information [SET]
SHADOWCOPY - Shadow copy management [CALL]
SHADOWSTORAGE - Shadow copy storage areas [CALL/SET]
VOLUMEUSERQUOTA - Per user storage volume quotas [SET]
Options
By default an alias will return a standard LIST of information, you can also choose to GET one or more specific properties.
Configuration changes can be made, where indicated above with: [CALL or SET ]
The CREATE and DELETE options allow you to change the WMI schema itself.
alias
alias LIST [BRIEF | FULL | INSTANCE | STATUS |SYSTEM | WRITEABLE]
[/TRANSLATE:BasicXml|NoComma ]
[/EVERY:no_secs] [/FORMAT:format]
alias GET [property list]
[/VALUE ] [/ALL ] [/TRANSLATE:BasicXml|NoComma ]
[/EVERY:no_secs] [/FORMAT:format]
alias CALL method_name [parameters]
alias SET [assignments]
alias CREATE
alias DELETE
alias ASSOC [/RESULTCLASS:classname] [/RESULTROLE:rolename][/ASSOCCLASS:assocclass]
For more help
WMIC /locale:ms_409 /alias /?
WMIC /locale:ms_409 /alias option /?
e.g.
WMIC /locale:ms_409 /BIOS /CALL /?
WMIC /locale:ms_409 /MEMLOGICAL /SET /?
The order of the /FORMAT and /TRANSLATE switches is significant: if /TRANSLATE follows /FORMAT, the output is formatted first and then translated.
All the options above can be extended with a WHERE clause, best shown by the examples below:
Format:
Format defines the layout of the information, XML output is automatically formatted using a default style sheet, while other formats (HTML, Table, MOF, Raw XML etc) can be specified using/FORMAT:
stylesheet_name
Stylesheets supplied with WMIC:
csv.xsl, hform.xsl, htable-sortby.xsl, htable.xsl
texttable.xsl, textvaluelist.xsl, xml.xsl
All output files are unicode text (convert to ASCII with
TYPE) Tab Separated Values (.tsv) can be opened in excel
The PROCESS alias can be used to start a new installation process, if doing this across the network, place the installer files on a share with permissions EVERYONE : Read Only. This is because network credentials will be dropped when jumping from one remote
machine to another (unless you have kerberos configured).
Examples
WMIC /locale:ms_409 OS
WMIC OS LIST BRIEF
WMIC OS GET csname, locale, bootdevice
WMIC OS GET osarchitecture /value
WMIC /locale:ms_409 NTEVENT where LogFile='system'
WMIC NTEVENT where "LogFile='system' and Type>'0'"
WMIC SERVICE where (state=”running”) GET caption, name, state > services.tsv
WMIC SERVICE where caption='TELNET' CALL STARTSERVICE
WMIC PRINTER LIST STATUS
WMIC PRINTER where PortName="LPT1:" GET PortName, Name, ShareName
WMIC /INTERACTIVE:ON PRINTER where PortName="LPT1:" DELETE
WMIC PROCESS where name='evil.exe' delete
WMIC /output:"%computername%.txt" MEMORYCHIP where "memorytype=17" get Capacity
WMIC /node:@workstns.txt /failfast:on PROCESS call create "\\server\share\installer.cmd"
Interactive mode:
C:>START "Windows Management" WMIC
wmic:root\cli>/locale:ms_409
wmic:root\cli>OS get csname
wmic:root\cli>quit
Notes
WMIC is available on XP Professional and Windows 2003 or later versions of Windows.
The availability of WMI information does vary across different versions of Windows
e.g. ODBC, SNMP, Windows Installer.
To run WMIC requires administrator rights.
In Windows 2000, around 4,000 properties can be monitored, and around 40 can be configured.
In Windows XP around 6,000 properties can be monitored, and around 140 can be configured.
Windows 2003 offers a few improvements and bug fixes: the global option
/locale:ms_409 is not required (it defaults to English US.)
When you type WMIC for the first time in Windows 2003 all the aliases are compiled. The second, and subsequent times you run WMIC, it will start immediately. Under XP WMIC is slower to initialise, therefore to run several WMI queries it can be quicker to
use interactive mode.
* WMI information for installed software packages (PACKAGE and SOFTWAREFEATURE) is often incomplete and inconsistent for a variety of historical reasons. A more reliable method is to retrieve a list of installed programs directly from the Add/Remove list
in the registry, with a WSH script like
this from Torgeir Bakken.
“Life is like a game of cards. The hand you are dealt is determinism; the way you play it is free will” - Jawaharial Nehru
Related:
SYSTEMINFO List system configuration
The Grammar of WMIC - ISC
Get-WMIobject - Get WMI class information (Powershell)
MOF (Managed Object Format) - A language that describes management information.
Q824223 - WMIC command runs slowly with /FAILFAST switch.
Q875605 - Troubleshoot WMI-related issues
Sample commands - Windows 2003
MSDN full WMI reference - Classes, providers etc
分享到:
相关推荐
Windows命令 wmic windows
WMIC扩展WMI(Windows Management Instrumentation,Windows管理工具) ,提供了从命令行接口和批命令脚本执行系统管理的支持。非常好用命令,这个脚本用于修复wmic不能使用的问题
WMIC扩展WMI(Windows Management Instrumentation,Windows管理工具) ,提供了从命令行接口和批命令脚本执行系统管理的支持。非常好用命令,这个脚本用于修复wmic不能使用的问题
对WMIC进行了详细的介绍,还有用法也很全
WMIC——从命令行对Windows的全面管理。WMIC几乎可以查看及修改Windows的任意设置。
wmic.c C语言实现WMI
wmic 常用命令 案例, 以案例来学习wmi WMIC扩展WMI(Windows Management Instrumentation,Windows管理工具) ,提供了从命令行接口和批命令脚本执行系统管理的支持
该文档详细记录了Windows Management InstrumentationCommand Line(Windows管理工具命令行)的基本使用,这对渗透测试进内网进行横向移动有很大帮助。
wmic教程命令收集.pdf
WMIC从命令行对Windows的全面管理
Wmic 用于Node.js的Windows WMIC界面周围的包装器。例子var wmic = require('wmic');// equivalent of 'wmic nic get list'wmic.get_list('nic', function(err, nics) { // console.log(err || nics);})用法wmic.get...
由一个主方法和来自 3 个不同接口的覆盖方法组成,一个用于 WMIC 命令,一个用于常规 cmd 命令,另一个用于需要管理员权限的 cmd 命令。 GUI 根本没有准备好,但其想法是能够轻松执行 WMIC 命令和管理命令。 可以...
wmic实例:磁盘管理,系统服务管理,进程管理,文件管理.
wmic帮助方档wmic帮助方档wmic帮助方档wmic帮助方档wmic帮助方档wmic帮助方档wmic帮助方档
wmicGet 是调用 Windows 管理规范命令行 (WMIC) 的包装函数。 wmicGet 还可以使用 WQL 语法的“where”子句来执行更高级的查询。 例子: infos = wmicGet('cpu'); infos = wmicGet('win32_logicaldisk', {'...
命令查看主板显卡
将每个WMIC命令输出转换为JavaScript数组。 注意,这是支持所有WMIC命令的v2版本,与v1版本不兼容。 对于1.0.0+版本,请签出分支。 var wmic = require ( 'node-wmic' ) ; 安装 npm install node-wmic --save ...
易语言wmic取硬件信息模块源码,wmic取硬件信息模块,子_运行WMIC命令,模块_获取CPU型号,模块_获取显卡型号,模块_获取显卡驱动版本,模块_获取声卡型号,模块_获取内存大小,模块_获取主板型号,模块_获取主板品牌,模块_...
wmic部分实用代码例句解析,可以直接在DOS下使用的语句及实例说明。