Powerful Windows Command Line Tool -- WMIC

I copied this post from Xiaogui03.

1.wmic=Microsoft Windows Management Instrumentation

2. C:\WINDOWS\system32\wbem 下的东西，特别是.xsl格式化文件，实现wmic的格式化输出
如wmic /output:c:\process.html process list /format:htable.xsl

/format:textvaluelist.xsl

/format:hform.xsl

/format:htable.xsl

/format:csv.xsl

/format:xml.xsl

3.wmic可以做什么？系统管理、远程主机信息获取。。。都可以

4.wmic /?

查看wmic对象有何可用属性: wmic 对象名称 get /?   例如wmic process get /?

查看wmic对象某个属性的值: wmic 对象名称 get 对象某个属性   例如 
wmic process get name

PROCESS - 进程管理

::列出进程的核心信息,类似任务管理器
wmic process list brief

::新建notepad进程
wmic process call create notepad

::列出进程的信息
wmic process get caption,handle,commandline,executablepath

::结束进程
wmic process [handle/PID] delete
wmic process [handle/PID] call terminate

::结束svchost.exe进程,路径为非C:\WINDOWS\system32\svchost.exe的
wmic process where "name='svchost.exe' and ExecutablePath<>'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate

::结束svchost.exe进程,路径为C:\WINDOWS\svchost.exe的(关键点：路径中的\一定要换成\\)
wmic process where "name='svchost.exe' and ExecutablePath='C:\\WINDOWS\\svchost.exe'" call Terminate

BIOS - 基本输入/输出服务 (BIOS) 管理

::查看bios版本型号
wmic bios get name,SMBIOSBIOSVersion,manufacturer


COMPUTERSYSTEM - 计算机系统管理

::查看硬件、操作系统基本信息wmic computersystem get Name,workgroup,NumberOfProcessors,manufacturer,Model

::查看系统启动选项boot.ini的内容
wmic computersystem get SystemStartupOptions

::查看工作组/域
wmic computersystem get domain

::更改计算机名abc为123
wmic computersystem where "name='abc'" call rename 123

::更改工作组google为MyGroup
wmic computersystem where "name='google'" call joindomainorworkgroup "","","MyGroup",1

CPU - CPU 管理

::查看cpu型号
wmic cpu get name


DATAFILE - DataFile 管理

::查找e盘下test目录(不包括子目录)下的cc.cmd文件
wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" list

::查找e盘下所有目录和子目录下的cc.cmd文件,且文件大小大于1K
wmic datafile where "drive='e:' and FileName='cc' and Extension='cmd' and FileSize>'1000'" list

::删除e盘下文件大小大于10M的.cmd文件
wmic datafile where "drive='e:' and Extension='cmd' and FileSize>'10000000'" call delete

::删除e盘下test目录(不包括子目录)下的非.cmd文件
wmic datafile where "drive='e:' and Extension<>'cmd' and path='test'" call delete

::复制e盘下test目录(不包括子目录)下的cc.cmd文件到e:\,并改名为aa.bat
wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" call copy "e:\aa.bat"

::改名c:\hello.txt为c:\test.txt
wmic datafile "c:\\hello.txt" call rename c:\test.txt

::查找h盘下目录含有test,文件名含有perl,后缀为txt的文件
wmic datafile where "drive='h:' and extension='txt' and path like '%\\test\\%' and filename like '%perl%'" get name

DESKTOPMONITOR - 监视器管理

::获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth

DISKDRIVE - 物理磁盘驱动器管理

::获取物理磁盘型号大小等
wmic DISKDRIVE get Caption,size,InterfaceType


ENVIRONMENT - 系统环境设置管理

::获取temp环境变量
wmic ENVIRONMENT where "name='temp'" get UserName,VariableValue

::更改path环境变量值,新增e:\tools
wmic ENVIRONMENT where "name='path' and username='<system>'" set VariableValue="%path%;e:\tools"

::新增系统环境变量home,值为%HOMEDRIVE%%HOMEPATH%
wmic ENVIRONMENT create name="home",username="<system>",VariableValue="%HOMEDRIVE%%HOMEPATH%"

::删除home环境变量
wmic ENVIRONMENT where "name='home'" delete


FSDIR - 文件目录系统项目管理

::查找e盘下名为test的目录
wmic FSDIR where "drive='e:' and filename='test'" list

::删除e:\test目录下除过目录abc的所有目录
wmic FSDIR where "drive='e:' and path='\\test\\' and filename<>'abc'" call delete

::删除c:\good文件夹
wmic fsdir "c:\\good" call delete

::重命名c:\good文件夹为abb
wmic fsdir "c:\\good" rename "c:\abb"

LOGICALDISK - 本地储存设备管理

::获取硬盘系统格式、总大小、可用空间等
wmic LOGICALDISK get name,Description,filesystem,size,freespace

NIC - 网络界面控制器 (NIC) 管理


OS - 已安装的操作系统管理

::设置系统时间
wmic os where(primary=1) call setdatetime 20070731144642.555555+480

PAGEFILESET - 页面文件设置管理

::更改当前页面文件初始大小和最大值
wmic PAGEFILESET set InitialSize="512",MaximumSize="512"

::页面文件设置到d:\下,执行下面两条命令
wmic pagefileset create name='d:\pagefile.sys',initialsize=512,maximumsize=1024
wmic pagefileset where"name='c:\\pagefile.sys'" delete



PRODUCT - 安装包任务管理

::安装包在C:\WINDOWS\Installer目录下

::卸载.msi安装包
wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Uninstall

::修复.msi安装包
wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Reinstall


SERVICE - 服务程序管理

::运行spooler服务
wmic SERVICE where name="Spooler" call startservice

::停止spooler服务
wmic SERVICE where name="Spooler" call stopservice

::暂停spooler服务
wmic SERVICE where name="Spooler" call PauseService

::更改spooler服务启动类型[auto|Disabled|Manual] 释[自动|禁用|手动]
wmic SERVICE where name="Spooler" set StartMode="auto"

::删除服务
wmic SERVICE where name="test123" call delete


SHARE - 共享资源管理

::删除共享
wmic SHARE where name="e$" call delete

::添加共享
WMIC SHARE CALL Create "","test","3","TestShareName","","c:\test",0

SOUNDDEV - 声音设备管理
wmic SOUNDDEV list


STARTUP - 用户登录到计算机系统时自动运行命令的管理

::查看msconfig中的启动选项
wmic STARTUP list

SYSDRIVER - 基本服务的系统驱动程序管理
wmic SYSDRIVER list


USERACCOUNT - 用户帐户管理

::更改用户administrator全名为admin
wmic USERACCOUNT where name="Administrator" set FullName="admin"

::更改用户名admin为admin00
wmic useraccount where "name='admin" call Rename admin00

------------------------------------------------------------------------------------------------------------------------------------------------

http://jdhitsolutions.blogspot.com/2006/06/introduction-to-wmic.html

As you see, to get information, you just need to know an alias for the component you are interested in. Unlike scripting where you would need to know a specific class name, you can get by with a simple name. At the wmic prompt, type in 'cpu'. You will get a report of cpu properties that scrolls off the screen. Typing 'cpu list brief' will return a subset of information. But it is still hard to read. For a better report, type 'cpu list /format:textvaluelist'. Other formatting options include CSV (/format:csv),raw XML (/format:rawxml), an HTML table (/format:htable) or an HTML page (/format:hform). If you want to save the output to a file, you can use the /Output switch. You can send output to the Windows clipboard (/Output:clipboard) or a file (/Output:osreport.csv). Be aware that you must put the output switch first in the command. For example, at the prompt type '/output:osreport.htm os list full /format:hform'. You can then open the file osreport.htm in any browser. If you specify a file name with spaces, you must enclose the name in quotes " ".

WMIC is nice but it's real power comes in managing remote systems. At the beginning of your command, simply use /node:servername, like this:

/node:FileSrv01 /output:c:\reports\filesrv01-cpu.htm cpu list /format:hform.

If you want to query multiple remote systems, separate computer names with commas (/node:computer1,computer2,computer3). Depending on the query you might also need to pass alternate credentials. At the beginning of the command, use /User and /Password. You can't use different credentials for local systems. Here is a more complete interactive example (this is one single line command from a wmic prompt):

/user:mydomain\Admin09 /password:P@ssw0rd node:FileSrv01,FileSrv02
/output:c:\reports\filesrv01-cpu.htm cpu list /format:hform.

I mentioned that you can also run commands directly from the command line. All you need to do is type wmic and then the wmic command you tested interactively:

wmic /node:FileSrv01 /output:c:\reports\filesrv01-cpu.htm cpu list /format:hform.

That's all there is to it. As I mentioned, WMIC can be a very useful utility and there is much more to it than I can cover here. In the mean time, open up a command prompt and try these commands to see for yourself. Don't worry, no changes will be made to your system, just a report of some local resources and elements. Depending on your system, some commands will provide more values than others.

wmic cpu list /format:textvaluelist
wmic os list /format:textvaluelist
wmic /output:mypc.htm computersystem list /format:hform [open mypc.htm in browser after you exit wmic to see the results]
wmic logicaldisk list brief /format:textvaluelist
wmic csproduct list /format:textvaluelist