|
|
|
|
WMIC.exe
Windows Management Instrumentation Command.
Read a huge range
of information about local or remote computers.
Also provides a way to make configuration changes
to multiple remote machines.
Syntax
Retrieve information about <Alias>:
WMIC [global_switches] /locale:ms_409 <alias> [options] [format]
Interactive mode:
WMIC
Aliases:
ALIAS - Access local system aliases [CALL]
BASEBOARD - Base board management (motherboard or system board)
BIOS - BIOS management (Basic input/output services)
BOOTCONFIG - Boot configuration
CDROM - CD-ROM
COMPUTERSYSTEM - Computer system [CALL/SET]
CPU - CPU
CSPRODUCT - Computer system product information from SMBIOS.
DATAFILE - DataFiles [CALL]
DCOMAPP - DCOM Applications.
DESKTOP - User's Desktop
DESKTOPMONITOR - Desktop Monitor
DEVICEMEMORYADDRESS - Device memory addresses
DISKDRIVE - Physical disk drive
DISKQUOTA - Disk space usage for NTFS volumes.[SET]
DMACHANNEL - Direct memory access (DMA) channel
ENVIRONMENT - System environment settings [SET]
FSDIR - Filesystem directory entry [CALL]
GROUP - Group account [CALL]
IDECONTROLLER - IDE Controller
IRQ - Interrupt request line
JOB - Jobs scheduled using the schedule service.[CALL]
LOADORDER - System services that define execution dependencies.
LOGICALDISK - Local storage devices [CALL/SET]
LOGON - LOGON Sessions.
MEMCACHE - Cache memory
MEMLOGICAL - System memory, layout and availability
MEMPHYSICAL - Physical memory management
NETCLIENT - Network Client management.
NETLOGIN - Network login information for a particular user.
NETPROTOCOL - Protocols (and their network characteristics).
NETUSE - Active network connection.
NIC - Network Interface Controller (NIC)
NICCONFIG - Network adapter. [CALL]
NTDOMAIN - NT Domain. [SET]
NTEVENT - NT Event Log.
NTEVENTLOG - NT eventlog file [CALL/SET]
ONBOARDDEVICE - Common adapter devices built into the motherboard.
OS - Operating System/s [CALL/SET]
PAGEFILE - Virtual memory file swapping
PAGEFILESET - Page file settings [SET]
PARTITION - Partitioned areas of a physical disk.
PORT - I/O ports
PORTCONNECTOR - Physical connection ports
PRINTER - Printer device [CALL/SET]
PRINTERCONFIG - Printer device configuration
PRINTJOB - Print job [CALL]
PROCESS - Processes [CALL]*
PRODUCT - Windows Installer [CALL]
QFE - Quick Fix Engineering (patches)
QUOTASETTING - Setting information for disk quotas on a volume. [SET]
REGISTRY - Computer system registry [SET]
SCSICONTROLLER - SCSI Controller [CALL]
SERVER - Server information
SERVICE - Service application [CALL]
SHARE - Shared resourcees [CALL]
SOFTWAREELEMENT - Elements of a software product*
SOFTWAREFEATURE - Subsets of SoftwareElement. [CALL]*
SOUNDDEV - Sound Devices
STARTUP - Commands that run automatically when users logon
SYSACCOUNT - System account
SYSDRIVER - System driver for a base service. [CALL]
SYSTEMENCLOSURE - Physical system enclosure
SYSTEMSLOT - Physical connection points including ports,
slots and peripherals, and proprietary connections points.
TAPEDRIVE - Tape drives
TEMPERATURE - Temperature sensor (electronic thermometer).
TIMEZONE - Time zone data
UPS - Uninterruptible power supply (UPS)
USERACCOUNT - User accounts [CALL/SET]
VOLTAGE - Voltage sensor (electronic voltmeter) data
VOLUME - Local storage volume [CALL/SET]
VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume. [SET]
WMISET - WMI service operational parameters [SET]
New aliases in Windows 2003:
MEMORYCHIP - Memory chip information.
RDACCOUNT - Remote Desktop connection permission [CALL]
RDNIC - Remote Desktop connection on a specific network adapter [CALL/SET]
RDPERMISSIONS - Permissions to a specific Remote Desktop connection [CALL]
RDTOGGLE - Turn Remote Desktop listener on or off remotely[CALL]
RECOVEROS - Blue Screen Information [SET]
SHADOWCOPY - Shadow copy management [CALL]
SHADOWSTORAGE - Shadow copy storage areas [CALL/SET]
VOLUMEUSERQUOTA - Per user storage volume quotas [SET]
By default an alias will return a standard LIST of information, you can also choose to GET one or more specific properties.
Configuration changes can be made, where indicated above with: [CALL or SET ]
The CREATE and DELETE options allow you to change the WMI schema itself.
alias
alias LIST [BRIEF | FULL] [<switches>]
alias GET [<property list>] [<switches>]
alias CALL <method_name> [<parameters>]
alias SET [<assignments>]
alias CREATE
alias DELETE
All the above can also be extended with a WHERE clause
(best shown by the examples below)
For more help
WMIC /locale:ms_409 /alias /?
WMIC /locale:ms_409 /alias option /?
e.g.
WMIC /locale:ms_409 /BIOS /CALL /?
WMIC /locale:ms_409 /MEMLOGICAL /SET /?
Format:
Format defines the layout of the information:
csv.xsl, hform.xsl, htable-sortby.xsl, htable.xsl
texttable.xsl, textvaluelist.xsl, xml.xsl
All output files are unicode text (convert to ASCII with TYPE)
Tab Separated Values (.tsv) can be opened in excel
Examples
WMIC /locale:ms_409 OS WMIC /locale:ms_409 OS LIST BRIEF WMIC /locale:ms_409 OS GET csname, locale, bootdevice WMIC /locale:ms_409 NTEVENT where LogFile='system' WMIC /locale:ms_409 NTEVENT where "LogFile='system' and Type>'0'" WMIC /locale:ms_409 SERVICE where (state=”running”) GET caption, name, state > services.tsv WMIC /locale:ms_409 SERVICE where caption='TELNET' CALL STARTSERVICE WMIC /locale:ms_409 /output:"%computername%.txt" MEMORYCHIP where "memorytype=17" get Capacity Interactive mode: C:>START "Windows Management" WMIC wmic:root\cli>/locale:ms_409 wmic:root\cli>OS get csname wmic:root\cli>quit
Notes
WMIC is available on Windows XP Professional and Windows
2003. WMIC can retrieve WMI information from remote machines running Win95,
NT 4 and Win 2000 assuming they have the WMI core installed - download: Win
9x / Win
NT 4
The
availability of WMI information does vary across different versions of
Windows
e.g.
ODBC, SNMP, Windows Installer.
To run WMIC requires administrator rights.
In Windows 2000, around
4,000 properties
can be monitored, and around 40 can be configured.
In Windows XP around 6,000 properties can be monitored, and around 140
can be configured.
Bugs
Windows 2003 offers a few improvements and bug fixes: the
global option /locale:ms_409 is not required (it defaults
to English US.)
When you type WMIC for the first time in Windows 2003 all the aliases are compiled so the next time you use WMIC, it starts immediately. Conversely, under Windows XP WMIC is quite slow to initialise (5-10 seconds) therefore to run several WMI queries it can be quicker to use interactive mode.
* WMI information for installed software packages (PACKAGE
and SOFTWAREFEATURE) is often incomplete and inconsistent for reasons too
dull to go into.
A more reliable method is to retrieve a list of installed programs directly
from the Add/Remove list in the registry, with a WSH script like this from
Torgeir Bakken.
"Life is like a game of cards. The hand you are dealt is determinism;
the way you play it is free will" - Jawaharial
Nehru
Related Commands:
MOF (Managed Object Format) - A language that describes management information.
The MOF syntax is a way to
describe object definitions in textual form.
Q824223 - WMIC command
runs slowly with /FAILFAST switch.
Q875605 - Troubleshoot
WMI-related issues
