WMIC
系统帮助提示 <command> The following global switches are available:/NAMESPACE Path for the namespace the alias operate against./ROLE Path for the role containing the alias definitions./NODE Servers the alias will operate against./IMPLEVEL Client impersonation level./AUTHLEVEL Client authentication level./LOCALE Language id the client should use./PRIVILEGES Enable or disable all privileges./TRACE Outputs debugging information to stderr./RECORD Logs all input commands and output./INTERACTIVE Sets or resets the interactive mode./FAILFAST Sets or resets the FailFast mode./USER User to be used during the session./PASSWORD Password to be used for session login./OUTPUT Specifies the mode for output redirection./APPEND Specifies the mode for output redirection./AGGREGATE Sets or resets aggregate mode./AUTHORITY Specifies the <authority type> for the connection./?[:<BRIEF|FULL>] Usage information.For more information on a specific global switch, type: switch-name /?
The following alias/es are available in the current role:ALIAS - Access to the aliases available on the local systemBASEBOARD - Base board (also known as a motherboard or system board) management.BIOS - Basic input/output services (BIOS) management.BOOTCONFIG - Boot configuration management.CDROM - CD-ROM management.COMPUTERSYSTEM - Computer system management.CPU - CPU management.CSPRODUCT - Computer system product information from SMBIOS. DATAFILE - DataFile Management.DCOMAPP - DCOM Application management.DESKTOP - User's Desktop management.DESKTOPMONITOR - Desktop Monitor management.DEVICEMEMORYADDRESS - Device memory addresses management.DISKDRIVE - Physical disk drive management. DISKQUOTA - Disk space usage for NTFS volumes.DMACHANNEL - Direct memory access (DMA) channel management.ENVIRONMENT - System environment settings management.FSDIR - Filesystem directory entry management. GROUP - Group account management. IDECONTROLLER - IDE Controller management.IRQ - Interrupt request line (IRQ) management. JOB - Providesaccess to the jobs scheduled using the schedule service. LOADORDER - Management of system services that define execution dependencies. LOGICALDISK - Local storage device management.LOGON - LOGON Sessions.MEMCACHE - Cache memory management.MEMORYCHIP - Memory chip information.MEMPHYSICAL - Computer system's physical memory management. NETCLIENT - Network Client management.NETLOGIN - Network login information (of a particular user) management. NETPROTOCOL - Protocols (and their network characteristics) management.NETUSE - Active network connection management.NIC - Network Interface Controller (NIC) management.NICCONFIG - Network adapter management. NTDOMAIN - NT Domain management.NTEVENT - Entries in the NT Event Log.NTEVENTLOG - NT eventlog file management. ONBOARDDEVICE - Management of common adapter devices built into the motherboard (system board).OS - Installed Operating System/s management. PAGEFILE - Virtual memory file swapping management. PAGEFILESET - Page file settings management. PARTITION - Management of partitioned areas of a physical disk.PORT - I/O port management.PORTCONNECTOR - Physical connection ports management.PRINTER - Printer device management. PRINTERCONFIG - Printer device configuration management.PRINTJOB - Print job management. PROCESS - Process management. PRODUCT - Installation package task management. QFE - Quick Fix Engineering.QUOTASETTING - Setting information for disk quotas on a volume. RDACCOUNT - Remote Desktop connection permission management.RDNIC - Remote Desktop connection management on a specific network adapter.RDPERMISSIONS - Permissions to a specific Remote Desktop connection.RDTOGGLE - Turning Remote Desktop listener on or off remotely.RECOVEROS - Information that will be gathered from memory when the operating system fails. REGISTRY - Computer system registry management.SCSICONTROLLER - SCSI Controller management.SERVER - Server information management. SERVICE - Service application management. SHADOWCOPY - Shadow copy management.SHADOWSTORAGE - Shadow copy storage area management.SHARE - Shared resource management. SOFTWAREELEMENT - Management of theelements of a software product installed on a system.SOFTWAREFEATURE - Management of software product subsets of SoftwareElement. SOUNDDEV - Sound Device management.STARTUP - Management of commands that run automatically when users log onto the computer system.SYSACCOUNT - System account management.SYSDRIVER - Management of the system driver for a base service.SYSTEMENCLOSURE - Physical system enclosure management.SYSTEMSLOT - Management of physical connection points including ports,slots and peripherals, and proprietary connections points.TAPEDRIVE - Tape drive management.TEMPERATURE - Data management of a temperature sensor (electronic thermometer).TIMEZONE - Time zone data management. UPS - Uninterruptible power supply (UPS) management. USERACCOUNT - User account management.VOLTAGE - Voltage sensor (electronic voltmeter) data management.VOLUME - Local storage volume management.VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume. VOLUMEUSERQUOTA - Per user storage volume quota management.WMISET - WMI service operational parameters management.
For more information on a specific alias, type: alias /?
CLASS - Escapes to full WMI schema.PATH - Escapes to full WMI object pathsCONTEXT - Displays the state of all the global switches.QUIT/EXIT - Exits the program.
For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /?
以下内容来来自网络1、.wmic=Microsoft Windows Management Instrumentation
2. C:\WINDOWS\system32\wbem 下的东西,特别是.xsl格式化文件,实现wmic的格式化输出,如wmic /output:c:\process.html process list /format:htable.xsl/format:textvaluelist.xsl/format:hform.xsl/format:htable.xsl/format:csv.xsl/format:xml.xsl3.wmic可以做什么?系统管理、远程主机信息获取。。。都可以4.wmic /?查看wmic对象有何可用属性: wmic 对象名称 get /? 例如,wmic process get /?查看wmic对象某个属性的值: wmic 对象名称 get 对象某个属性 例如 wmic process get name
PROCESS - 进程管理::列出进程的核心信息,类似任务管理器 wmic process list brief::新建notepad进程 wmic process call create notepad::列出进程的信息 wmic process get caption,handle,commandline,executablepath::结束进程 wmic process delete或者 wmic process call terminate::结束svchost.exe进程,路径为非C:\WINDOWS\system32\svchost.exe的wmic process where "name='svchost.exe' and ExecutablePath<>'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate::结束svchost.exe进程,路径为C:\WINDOWS\svchost.exe的(关键点:路径中的\一定要换成\\)wmic process where "name='svchost.exe' and ExecutablePath='C:\\WINDOWS\\svchost.exe'" call Terminate
BIOS - 基本输入/输出服务 (BIOS) 管理::查看bios版本型号wmic bios get name,SMBIOSBIOSVersion,manufacturerCOMPUTERSYSTEM - 计算机系统管理::查看硬件、操作系统基本信息wmic computersystem get Name,workgroup,NumberOfProcessors,manufacturer,Model::查看系统启动选项boot.ini的内容wmic computersystem get SystemStartupOptions::查看工作组/域wmic computersystem get domain::更改计算机名abc为123wmic computersystem where "name='abc'" call rename 123::更改工作组google为MyGroupwmic computersystem where "name='google'" call joindomainorworkgroup "","","MyGroup",1
CPU - CPU 管理::查看cpu型号wmic cpu get name
DATAFILE - DataFile 管理::查找e盘下test目录(不包括子目录)下的cc.cmd文件wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" list::查找e盘下所有目录和子目录下的cc.cmd文件,且文件大小大于1Kwmic datafile where "drive='e:' and FileName='cc' and Extension='cmd' and FileSize>'1000'" list::删除e盘下文件大小大于10M的.cmd文件wmic datafile where "drive='e:' and Extension='cmd' and FileSize>'10000000'" call delete::删除e盘下test目录(不包括子目录)下的非.cmd文件wmic datafile where "drive='e:' and Extension<>'cmd' and path='test'" call delete::复制e盘下test目录(不包括子目录)下的cc.cmd文件到e:\,并改名为aa.batwmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" call copy "e:\aa.bat"::改名c:\hello.txt为c:\test.txtwmic datafile "c:\\hello.txt" call rename c:\test.txt::查找h盘下目录含有test,文件名含有perl,后缀为txt的文件wmic datafile where "drive='h:' and extension='txt' and path like '%\\test\\%' and filename like '%perl%'" get name
DESKTOPMONITOR - 监视器管理::获取屏幕分辨率wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
DISKDRIVE - 物理磁盘驱动器管理::获取物理磁盘型号大小等wmic DISKDRIVE get Caption,size,InterfaceType
ENVIRONMENT - 系统环境设置管理::获取temp环境变量wmic ENVIRONMENT where "name='temp'" get UserName,VariableValue::更改path环境变量值,新增e:\toolswmic ENVIRONMENT where "name='path' and username='<system>'" set VariableValue="%path%;e:\tools"::新增系统环境变量home,值为%HOMEDRIVE%%HOMEPATH%wmic ENVIRONMENT create name="home",username="<system>",VariableValue="%HOMEDRIVE%%HOMEPATH%"::删除home环境变量wmic ENVIRONMENT where "name='home'" delete
FSDIR - 文件目录系统项目管理::查找e盘下名为test的目录wmic FSDIR where "drive='e:' and filename='test'" list::删除e:\test目录下除过目录abc的所有目录wmic FSDIR where "drive='e:' and path='\\test\\' and filename<>'abc'" call delete::删除c:\good文件夹wmic fsdir "c:\\good" call delete::重命名c:\good文件夹为abbwmic fsdir "c:\\good" rename "c:\abb"
LOGICALDISK - 本地储存设备管理::获取硬盘系统格式、总大小、可用空间等wmic LOGICALDISK get name,Description,filesystem,size,freespace
NIC - 网络界面控制器 (NIC) 管理
OS - 已安装的操作系统管理::设置系统时间wmic os where(primary=1) call setdatetime 20070731144642.555555+480
PAGEFILESET - 页面文件设置管理::更改当前页面文件初始大小和最大值wmic PAGEFILESET set InitialSize="512",MaximumSize="512"::页面文件设置到d:\下,执行下面两条命令wmic pagefileset create name='d:\pagefile.sys',initialsize=512,maximumsize=1024wmic pagefileset where"name='c:\\pagefile.sys'" delete
PRODUCT - 安装包任务管理::安装包在C:\WINDOWS\Installer目录下::卸载.msi安装包wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Uninstall::修复.msi安装包wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Reinstall
SERVICE - 服务程序管理::运行spooler服务wmic SERVICE where name="Spooler" call startservice::停止spooler服务wmic SERVICE where name="Spooler" call stopservice::暂停spooler服务wmic SERVICE where name="Spooler" call PauseService::更改spooler服务启动类型 释[自动|禁用|手动]wmic SERVICE where name="Spooler" set StartMode="auto"::删除服务wmic SERVICE where name="test123" call delete
SHARE - 共享资源管理::删除共享wmic SHARE where name="e$" call delete::添加共享WMIC SHARE CALL Create "","test","3","TestShareName","","c:\test",0
SOUNDDEV - 声音设备管理wmic SOUNDDEV list
STARTUP - 用户登录到计算机系统时自动运行命令的管理::查看msconfig中的启动选项wmic STARTUP list
SYSDRIVER - 基本服务的系统驱动程序管理wmic SYSDRIVER list
USERACCOUNT - 用户帐户管理::更改用户administrator全名为adminwmic USERACCOUNT where name="Administrator" set FullName="admin"::更改用户名admin为admin00wmic useraccount where "name='admin" call Rename admin00
页:
[1]