oct
27

WMIC – Windows Management Instrumentation « Command-Line »

z. Administration, System 2011-10-27

You should know about that but extracting windows configuration is something very boring. mspaint.exe, screenshot + crop. HORRIBLE.
A good way to extract some information is to use the WMIC utility.

The wmic is a core feature of all Windows since Windows 2000 and most of the commercial monitoring software are using it to extract, analyze and display system information :

Here is a little list of actions you can perform through WMIC utility :

  • launch process,
  • stop process,
  • reboot computer,
  • list of installed programs,
  • list of installed security patchs,
  • etc…

First of all you need to open a cmd prompt, standard command :

- Click the Start button and then type « CMD »
- Type wmic into the prompt and hit enter.

WMIC Examples

Launch a process

wmic PROCESS CALL CREATE calc.exe
wmic PROCESS CALL CREATE notepad.exe

stop process with wmic

wmic PROCESS where (Name= »notepad.exe ») DELETE
wmic PROCESS where Name= »calc.exe » CALL TERMINATE

reboot with wmic

wmic OS WHERE Primary=TRUE CALL Reboot

List of all shared drives and folders with wmic

wmic /output:d:\shared.txt share get caption,name,path

list of installed softwares with wmic

wmic /output:c:\program-list.txt product get name,version

List of installed security patchs with wmic

wmic /output:d:\hotfixes.txt qfe list

Setup a network card

wmic NICConfig where ipenabled=true CALL EnableStatic 192.168.1.61,255.255.255.0
wmic NICConfig where ipenabled=true CALL SetGateways 192.168.1.1
wmic NICConfig where ipenabled=true CALL SetDNSDomain contoso.com
wmic NICConfig where ipenabled=true CALL SetDNSServerSearchOrder 192.168.1.1

mac adresses from active network connexion :

wmic NICConfig where ipenabled=true get MACAddress

If you’re allowed to write on remote computer you can either use winaudit (but i totally don’t like the output) or use the software « WMI Explorer »

Available command and classes

Here is the list of all the classes available :

  • CIM_DataFile
  • Msft_CliAlias
  • Win32_BaseBoard
  • Win32_BIOS
  • Win32_BootConfiguration
  • WIN32_CACHEMEMORY
  • Win32_CDROMDrive
  • Win32_ComputerSystem
  • Win32_ComputerSystemProduct
  • WIN32_DCOMApplication
  • WIN32_DESKTOP
  • WIN32_DESKTOPMONITOR
  • Win32_DeviceMemoryAddress
  • Win32_Directory
  • Win32_DiskDrive
  • Win32_DiskPartition
  • Win32_DiskQuota
  • Win32_DMAChannel
  • Win32_Environment
  • Win32_Group
  • Win32_IDEController
  • Win32_IRQResource
  • Win32_LoadOrderGroup
  • Win32_LogicalDisk
  • Win32_LogonSession
  • Win32_NetworkAdapter
  • Win32_NetworkAdapterConfiguratio
  • WIN32_NetworkClient
  • Win32_NetworkConnection
  • Win32_NetworkLoginProfile
  • Win32_NetworkProtocol
  • Win32_NTDomain
  • Win32_NTEventlogFile
  • Win32_NTLogEvent
  • Win32_OnBoardDevice
  • Win32_OperatingSystem
  • Win32_OSRecoveryConfiguration
  • Win32_PageFileSetting
  • Win32_PageFileUsage
  • Win32_PerfRawData_PerfNet_Server
  • Win32_PhysicalMemory
  • Win32_PhysicalMemoryArray
  • Win32_PortConnector
  • Win32_PortResource
  • Win32_Printer
  • Win32_PrinterConfiguration
  • Win32_PrintJob
  • Win32_Process
  • WIN32_PROCESSOR
  • Win32_Product
  • Win32_QuickFixEngineering
  • Win32_QuotaSetting
  • Win32_Registry
  • Win32_ScheduledJob
  • Win32_SCSIController
  • Win32_Service
  • Win32_ShadowCopy
  • Win32_ShadowStorage
  • Win32_Share
  • Win32_SoftwareElement
  • Win32_SoftwareFeature
  • WIN32_SoundDevice
  • Win32_StartupCommand
  • Win32_SystemAccount
  • Win32_SystemDriver
  • Win32_SystemEnclosure
  • Win32_SystemSlot
  • Win32_TapeDrive
  • Win32_TemperatureProbe
  • Win32_TerminalServiceSetting
  • Win32_TimeZone
  • Win32_TSAccount
  • Win32_TSNetworkAdapterSetting
  • Win32_TSPermissionsSetting
  • Win32_UninterruptiblePowerSupply
  • Win32_UserAccount
  • Win32_VoltageProbe
  • Win32_Volume
  • Win32_VolumeQuotaSetting
  • Win32_VolumeUserQuota
  • Win32_WMISetting

see how powerfull could be the tools ?

Using this you can access any information you want from the system and perform a real true configuration extraction. Very usefull.
The SQL syntax is much more transparent for sysadmin than any binary launched on production system. Regarding this point, they allow you to deploy the script :

=> you save time
=> you save money
=> you save brain (because there’s nothin as boring as that)

This post purpose is only to show you the power of WMI and how you can use it for work. There is many more way to use it, for example, you can format output in html. This is an excellent way to make configuration audit ;)

 

All your contributions are welcome for a complete configuration audit script for windows in command line.

, , , , ,
Address: http://www.devquotes.com/2011/10/27/wmic-audit-configuration/
«
»
Trackback

no comment untill now

Add your comment now

CommentLuv badge