windowswideopen.com

The Windows Management Instrumentation Command-line (WMIC) tool (Wmic.exe)
can gather vast amounts of information about about a Windows Server 2003 as well as Windows XP or Vista. The tool accesses the underlying hardware by using Windows Management Instrumentation (WMI). Sorry no Windows 2000.

The main purpose of WMIC is to facilitate scripting and automating management tasks. The tool is also useful troubleshooting due to the fact that it reports system information
not available by using other common tools. Use WMIC when you need information about
Windows or the hardware platform. To run WMIC administrator rights are required.

To access the tool open a CMD prompt and type

c:> wmic /? (to display all the global switches as well as the aliases that can be used)

[global switches] <command>

The following global switches are available (from MSDN):
/NAMESPACE
Namespace the alias uses—commonly. The default is root\cimv2.
Example: /NAMESPACE:\\root

/ROLE
Namespace WMIC commonly looks in for aliases and other WMIC information.
Example: /ROLE:\\root

/NODE
Computer names, comma delimited. All commands are synchronously executed against all computers listed in this value. File names must be prefixed with &. Computer names within a file must be comma delimited or on separate lines.
/IMPLEVEL
Impersonation level.
Example: /IMPLEVEL:Anonymous

/AUTHLEVEL
Authentication level.
Example: /AUTHLEVEL:Pkt

/LOCALE
Locale.
Example: /LOCALE:MS_411

/PRIVILEGES
Enable or disable all privileges.
Example: /PRIVILEGES:ENABLE or /PRIVILEGES:DISABLE

/TRACE
Display the success or failure of all functions used to execute WMIC commands.
Example: /TRACE:ON or /TRACE:OFF

/RECORD
Records all output to an XML file. Output is also displayed at the command prompt.
Example: /RECORD:MyOutput.xml

/INTERACTIVE
Typically, delete commands are confirmed.
Example: /INTERACTIVE:ON or /INTERACTIVE:OFF

/FAILFAST on|off| timeout in milliseconds
If ON the /NODE computers are pinged before sending WMIC commands to them. If a computer does not respond the WMIC commands are not sent to it.
Windows 2000, Windows NT 4.0, and Windows Me/98/95: Timeout in milliseconds is not available.
Example: “/FAILFAST:ON” or “/FAILFAST:OFF”

WMIC /FAILFAST:1000

/USER
User name used by WMIC when accessing the /NODE computers or computers specified in the aliases. You are prompted for the password. A user name cannot be used with the local computer.
Example: /USER:JSMITH

/PASSWORD
Password used by WMIC when accessing the /NPDE computers. The password is visible at the command line.
Example: /PASSWORD:password

/OUTPUT
Specifies a mode for all output redirection. Output does not appear at the command line and the destination is cleared before output begins. Valid values are STDOUT, CLIPBOARD or a file name.
Example: /OUTPUT:CLIPBOARD

/APPEND
Specifies a mode for all output redirection. Output does not appear at the command line and the destination is not cleared before output begins and output is appended to the end of the current contents of the destination. Valid values are STDOUT, CLIPBOARD or a file name.
Example: /APPEND:CLIPBOARD

/AGGREGATE
Used with the LIST and GET /EVERY switch. If AGGREGATE is ON, LIST and GET display their results when all computers in the /NODE have either responded or timed out. If AGGREGATE is OFF, LIST and GET display their results as soon as they are received.
Example: /AGGREGATE:OFF or /AGGREGATE:ON

For more information on a specific global switch, type: switch-name /?

The following alias/es are available in the current role:
ALIAS - Access to the aliases available on the local system

BASEBOARD - Base board (also known as a motherboard or system board) management.

BIOS - Basic input/output services (BIOS) management.

BOOTCONFIG - Boot configuration management.

CDROM - CD-ROM management.

COMPUTERSYSTEM - Computer system management.

CPU - CPU management.

CSPRODUCT - Computer system product information from SMBIOS.

DATAFILE - DataFile Management.

DCOMAPP - DCOM Application management.

DESKTOP - User’s Desktop management.

DESKTOPMONITOR - Desktop Monitor management.

DEVICEMEMORYADDRESS - Device memory addresses management.

DISKDRIVE - Physical disk drive management.

DISKQUOTA - Disk space usage for NTFS volumes.

DMACHANNEL - Direct memory access (DMA) channel management.

ENVIRONMENT - System environment settings management.

FSDIR - Filesystem directory entry management.

GROUP - Group account management.

IDECONTROLLER - IDE Controller management.

IRQ - Interrupt request line (IRQ) management.

JOB - Provides access to the jobs scheduled using the schedule service.

LOADORDER - Management of system services that define execution dependencies.

LOGICALDISK - Local storage device management.

LOGON - LOGON Sessions.

MEMCACHE - Cache memory management.

MEMLOGICAL - System memory management (configuration layout and availability of memory).

MEMPHYSICAL - Computer system’s physical memory management.

NETCLIENT - Network Client management.

NETLOGIN - Network login information (of a particular user) management.

NETPROTOCOL - Protocols (and their network characteristics) management.

NETUSE - Active network connection management.

NIC - Network Interface Controller (NIC) management.

NICCONFIG - Network adapter management.

NTDOMAIN - NT Domain management.

NTEVENT - Entries in the NT Event Log.

NTEVENTLOG - NT eventlog file management.

ONBOARDDEVICE - Management of common adapter devices built into the motherboard (system board).

OS - Installed Operating System/s management.

PAGEFILE - Virtual memory file swapping management.

PAGEFILESET - Page file settings management.

PARTITION - Management of partitioned areas of a physical disk.

PORT - I/O port management.

PORTCONNECTOR - Physical connection ports management.

PRINTER - Printer device management.

PRINTERCONFIG - Printer device configuration management.

PRINTJOB - Print job management.

PROCESS - Process management.

PRODUCT - Installation package task management.

QFE - Quick Fix Engineering.

QUOTASETTING - Setting information for disk quotas on a volume.

RECOVEROS - Information that will be gathered from memory when the operating system fails.

REGISTRY - Computer system registry management.

SCSICONTROLLER - SCSI Controller management.

SERVER - Server information management.

SERVICE - Service application management.

SHARE - Shared resource management.

SOFTWAREELEMENT - Management of the elements of a software product installed on a system.

SOFTWAREFEATURE - Management of software product subsets of SoftwareElement.

SOUNDDEV - Sound Device management.

STARTUP - Management of commands that run automatically when users log onto the computer system.

SYSACCOUNT - System account management.

SYSDRIVER - Management of the system driver for a base service.

SYSTEMENCLOSURE - Physical system enclosure management.

SYSTEMSLOT - Management of physical connection points including ports, slots and peripherals, and proprietary connections points.

TAPEDRIVE - Tape drive management.

TEMPERATURE - Data management of a temperature sensor (electronic thermometer).

TIMEZONE - Time zone data management.

UPS - Uninterruptible power supply (UPS) management.

USERACCOUNT - User account management.

VOLTAGE - Voltage sensor (electronic voltmeter) data management.

VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume.

WMISET - WMI service operational parameters management.

For more information on a specific alias, type: alias /?

The following commands are available at all times (from MSDN)

CLASS
Escape from the default alias mode of WMIC to access classes in the WMI schema directly.
Example: WMIC /OUTPUT:c:\ClassOutput.htm CLASS Win32_SoundDevice

PATH
Escape from the default alias mode of WMIC to access instances in the WMI schema directly.
Example: WMIC /OUTPUT:c:\PathOutput.txt PATH Win32_SoundDevice GET /VALUE

CONTEXT
Display the current values of all global switches.
Example: WMIC CONTEXT

QUIT
Exit from WMIC.
Example: WMIC QUIT

EXIT
Exit from WMIC.
Example: WMIC EXIT

View http://tinyurl.com/53gf5 for more details.

For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /?

Useful WMIC Commands

WMIC BIOS LIST FULL - BIOS version and vendor information.

WMIC CPU LIST FULL - Processor information, including processor family and
quantity of L2 cache.

WMIC DISKDRIVE LIST FULL
Disk drive model, cylinders, heads, sectors, tracks, and tracks
per cylinder.

WMIC PROCESS - Detailed information about processes.Useful for distinguishing between multiple processes that have the same name, such as Svchost.exe.

WMIC STARTUP LIST FULL Commands that run automatically when the current user logs
on. Great for malware analysis!

WMIC PRINTER LIST STATUS - List the status of all local and networked printers.

WMIC PROCESS where name=’saveme.exe’ delete - Kills process named saveme.exe. This command is similar to kill -9 [pid] in UNIX - powerful!

WMIC PROCESS list brief /every:1 - Cycles through the list of running processes every one second.

WMIC USERACCOUNT - Provides very details information on network users including SIDs and security settings. This command may take a while in a large Active directory enviroment.

WMIC NICCONFIG where IPEnabled=’true’ - List all NICs on a system and configuration information

WMIC NICCONFIG where Index=2 call EnableDHCP - Enable DHCP on NIC iinterface 1.

WMIC NICCONFIG where Index=2 call EnableStatic (”x.x.x.x”), (”255.255.252.0″)- Configures IP address x.x.x.x on Interface 2

Check out http://support.microsoft.com/kb/290216 for more examples

Uncategorized WMICUncategorized WMIC