Perform the WMIC command to start the WMIC command line environment. This command can be performed in the standard command-line interpreter (Cmd.exe), Telnet session, or Run dialog box of XP or. NET server. These boot methods can be used locally or through a. NET server Terminal Services session.
 
 When the WMIC command is executed for the first time, Windows first installs WMIC and then displays the command line prompt for WMIC. On the WMIC command-line prompt, the command executes interactively. 
 
 
 
 
 
 
 
 Wimic can be operated in two ways:
 
 
 
 
 
 1, into the wimic enter the command run, type wimic after the wmic:root\cli> you can enter the command, such as the input process to show all the process. Do not know what commands can be entered with/? to display Help. Exit is out of interactive mode. Specific help usage is as follows: 
 
 
 
 
 
 
 
 Command line Help
 command Example Description
 /? Or-? Show syntax for all global switches and aliases
 / /? /USER/? Display information for the specified global switch
 /? Class/? Display information for a command
 /? Memcache/? Display information for an alias
 /? Temperature Get/? Displays information about aliases and verb combinations
 /?:full IRQ get/?:full show help for verbs
 For example: I want to see Help on the Process command, type: process/? The following is displayed:
 Wmic:root\cli>process/?
 Process-processes management. 
 
 
 
 
 
 
 
 Tip: BNF alias usage.
 (<alias> [WMIObject] | <alias> [<path where>] | [<alias>] <path where>) [<verb Clause>]. 
 
 
 
 
 
 
 
 Usage: 
 
 
 
 
 
 
 
 PROCESS ASSOC [<format Specifier>]
 PROCESS call <method name> [<actual param List>]
 PROCESS CREATE <assign list>
 PROCESS DELETE
 PROCESS get [<property list>] [<get Switches>]
 PROCESS LIST [<list format>] [<list Switches>] 
 
 
 
 
 
 
 
 2, with the wimic behind the direct operation with the command, such as WMIC process shows all the process. These two methods of operation are: Interactive mode (Interactive mode) and non-interactive modes (non-interactive mode) 
 
 
 
 
 Here are some examples to illustrate usage: 
 
 
 
 
 
 
 
 
 =====================================================================
 
 
 Show details of a process
 
 
 Enter the process where name= "Maxthon.exe" list full
 
 
 All information on the Mxathon.exe process will be displayed as follows:
 
 
 Commandline= "D:\mytools\Maxthon2\Maxthon.exe"
 
 
 csname=china-46b1e8590
 
 
 Description=maxthon.exe
 
 
 Executablepath=d:\mytools\maxthon2\maxthon.exe
 
 
 Executionstate=
 
 
 handle=684
 
 
 handlecount=2296
 
 
 Installdate=
 
 
 kernelmodetime=3495000000
 
 
 maximumworkingsetsize=1413120
 
 
 minimumworkingsetsize=204800
 
 
 Name=maxthon.exe
 
 
 Osname=microsoft Windows XP professional| c:\windows|
 
 
 otheroperationcount=307814
 
 
 othertransfercount=60877207
 
 
 pagefaults=1367971
 
 
 pagefileusage=89849856
 
 
 parentprocessid=1924
 
 
 peakpagefileusage=90091520
 
 
 peakvirtualsize=385802240
 
 
 peakworkingsetsize=94031872
 
 
 Priority=8
 
 
 privatepagecount=89849856
 
 
 processid=684
 
 
 quotanonpagedpoolusage=43496
 
 
 quotapagedpoolusage=257628
 
 
 quotapeaknonpagedpoolusage=72836
 
 
 quotapeakpagedpoolusage=271372
 
 
 readoperationcount=85656
 
 
 readtransfercount=121015982
 
 
 Sessionid=0
 
 
 status=
 
 
 Terminationdate=
 
 
 threadcount=57
 
 
 usermodetime=1778750000
 
 
 virtualsize=353206272
 
 
 windowsversion=5.1.2600
 
 
 workingsetsize=93716480
 
 
 writeoperationcount=30940
 
 
 writetransfercount=24169673
 
 
 ******************************************************************************
 
 
 Stop, pause, and run service features
 
 
 Start Service StartService,
 
 
 Stop service StopService,
 
 
 Pause Service Pauseservice
 
 
 Service where caption= ' Windows Time ' call stopservice------Stop Services
 
 
 Service where caption= ' Windows Time ' call startservice------Start Services
 
 
 Service where name= "W32Time" call stopservice------Stop Services, note the difference between name and caption.
 
 
 Caption Displays the name of the service name Name service, such as the Telnet service name is Tlntsvr, and the name of the Windows Time service is W32Time the display name is "Windows Time" to be enclosed in quotation marks. There is mainly a space.
 
 
 All right, look at this: Enter the service where caption= "Windows Time" called StartService after a confirmation input y is OK, return returnvalue = 0; indicate success
 
 
 Wmic:root\cli>service where caption= ' Windows Time ' call StartService
 
 
 Execution (\\china-46b1e8590\root\cimv2:win32_service.name= "W32Time")->startservice ()
 
 
 Method successfully executed.
 
 
 Output parameters:
 
 
 Instance of __parameters
 
 
 {
 
 
 returnvalue = 0;
 
 
 }; 
 
 
 
 
 Wmic:root\cli>
 ================================================================================================
 Display BIOS information WMIC BIOS list full
 You may notice that there are two parameters list and full in the command line above. The list determines the format and scope of the information displayed, with multiple parameters such as brief, full, Instance, Status, System, writeable, and all but one of its parameters and the default parameter of the list, which indicates that all information is displayed. Several other parameters, as the name suggests, such as brief display only summary information, instance represents only the object instance, status represents the Display object state, writeable represents only the object's writable property information, and so on. 
 
 
 
 
 
 
 
 ************************************************************************=====================
 Action to stop a process
 For example, executing the following command closes a running QQ.exe:
 Example 1, WMIC process where name= ' QQ.exe ' call terminate
 After the command runs, the WMIC command line prompts the following results:
 C:\>wmic process where name= ' QQ.exe ' call terminate
 Execution (\\china-46b1e8590\root\cimv2:win32_process.handle= "728")->terminate ()
 Method successfully executed.
 Output parameters:
 Instance of __parameters
 {
 returnvalue = 0;
 }; 
 
 
 
 
 
 
 
 Example 2, WMIC process where name= "Qq.exe" delete
 After the command runs, the WMIC command line prompts the following results: 
 
 
 
 
 
 
 
 C:\>wmic process where name= "Qq.exe" delete
 Delete Example \\china-46b1e8590\root\cimv2:win32_process.handle= "2820"
 Example deletion succeeded.
 ======================================================================
 List all processes WMIC process
 ================================================================== 
 
 
 
 
 
 
 
 Connecting to a remote computer 
 
 
 
 
 
 
 
 ★ To connect the remote computer, but it seems to be to open some of the corresponding services 
 
 
 
 
 
 
 
 Wmic/node: "192.168.203.131"/password: ""/user: "Administrator" 
 
 
 
 
 
 
 
 BIOS-Basic input/Output service (BIOS) management
 ★ See BIOS version Model
 WMIC BIOS Get Manufacturer,name 
 
 
 
 
 
 
 
 WMIC SET IP Address
 ★ To configure or update IP addresses:
 WMIC Nicconfig where index=0 call EnableStatic ("192.168.1.5"), ("255.255.255.0"), index=0 description is configured with network interface 1.
 To configure a gateway (default route):
 WMIC Nicconfig where index=0 call SetGateways ("192.168.1.1"), (1) 
 
 
 
 
 
 
 
 ComputerSystem-Computer System Management
 ★ Check the system startup options, boot content
 WMIC ComputerSystem Get SystemStartupOptions
 ★ See the Workgroup/domain
 WMIC ComputerSystem Get Domain
 ★ Change the computer name ABC to 123
 WMIC ComputerSystem where "name= ' abc '" Call Rename 123
 ★ Change Workgroup Google to MyGroup
 WMIC ComputerSystem where "Name= ' Google" "Call JoinDomainOrWorkgroup" "," "," MyGroup ", 1 
 
 
 
 
 
 
 
 CPU-CPU Management
 ★ Check the CPU model
 WMIC CPU Get Name 
 
 
 
 
 
 
 
 Datafile-datafile Management 
 ★ Find cc.cmd files under the test directory (excluding subdirectories) under E disk 
 wmic datafile where drive= ' e: ' and ' path= ' \\test\\ ' and Filename= ' cc ' and extension= ' cmd ' list 
 ★ Find cc.cmd files under all directories and subdirectories under E disk, and the file size is greater than 1 K 
 WMIC datafile where ' drive= ' e: ' and Filename= ' cc ' and extension= ' cmd ' and filesize> ' 1000 ' list 
 ★ Remove the. cmd file with a file size greater than 10M under E disk 
 wmic datafile where " Drive= ' e: ' and extension= ' cmd ' and filesize> ' 10000000 ' ' call Delete 
 ★ Remove the non. cmd file under the test directory (excluding subdirectories) under E disk 
 WMIC datafile where "drive= ' e: ' and extension<> ' cmd ' and path= ' test '" Call Delete 
 ★ Copy e-disk under test directory (excluding subdirectories) Under the Cc.cmd file to E:\, and renamed Aa.bat 
 WMIC datafile where "drive= ' e: ' and path= ' \\test\\ ' and filename= '-CC ' and extension= ' cmd '" Call copy "E:\aa.bat" 
 ★ c:\hello.txt renamed to C:\test.txt 
 WMIC datafile "c:\\hello.txt" Call rename C:\test.txt 
 ★ Find h disk Under the directory contains test, file name contains perl, suffix txt file 
 wmic datafile where "drive= ' H: ' and extension= ' txt ' and path like '%\\test\\% ' and filename like '%perl% ' ' Get name 
 
 
 
 
 
 
 
 Desktopmonitor-Monitor Management
 ★ Get Screen resolution
 WMIC desktopmonitor where status= ' OK ' get screenheight,screenwidth 
 
 
 
 
 
 
 
 DiskDrive-Physical Disk drive management
 ★ Get Physical Disk model size, etc.
 WMIC diskdrive Get Caption,size,interfacetype 
 
 
 
 
 
 
 
 Environment-System Environment settings management
 ★ Get TEMP environment variable
 WMIC environment where "name= ' temp '" Get username,variablevalue
 ★ Change the PATH environment variable value, add E:\tools
 WMIC environment where "name= ' path ' and username= ' <system> '" Set variablevalue= "%path%;e:\tools"
 ★ New System environment variable home, value%homedrive%%homepath%
 WMIC environment Create Name= "Home", Username= "<system>", variablevalue= "%homedrive%%homepath%"
 ★ Remove Home Environment variables
 WMIC environment where "name= '" "Delete 
 
 
 
 
 
 
 
 Fsdir-File Directory System project management
 ★ Find a directory named Test under E disk
 WMIC fsdir where "drive= ' e: ' and filename= ' test '" list
 ★ Remove all directories in the E:\test directory that have been removed from the catalog ABC
 WMIC fsdir where "drive= ' e: ' and path= ' \\test\\ ' and filename<> ' abc '" Call Delete
 ★ Remove C:\good Folder
 WMIC Fsdir "C:\\good" Call Delete
 ★ ★ Rename C:\good folder for ABB
 WMIC Fsdir "C:\\good" rename "C:\abb" 
 
 
 
 
 
 
 
 LogicalDisk-Local Storage equipment management
 ★ Get the hard drive system format, total size, free space, etc.
 WMIC LogicalDisk Get Name,description,filesystem,size,freespace 
 
 
 
 
 
 
 
 Nic-Network Interface Controller (NIC) management 
 
 
 
 
 
 
 
 OS-Installed operating system management
 ★ Set System Time
 WMIC OS WHERE (primary=1) call SetDateTime 20070731144642.555555+480 
 
 
 
 
 
 
 
 Pagefileset-Paging File Settings management
 ★ Change the initial size and maximum value of the current paging file
 WMIC Pagefileset set initialsize= "maximumsize=", "512"
 ★ Page File set to D:\, execute the following two commands
 WMIC pagefileset Create name= ' D:\pagefile.sys ', initialsize=512,maximumsize=1024
 WMIC pagefileset where "name= ' C:\\pagefile.sys '" delete 
 
 
 
 
 
 
 
 Process-Processes Management
 ★ To list the core information of the process, similar to Task Manager
 WMIC Process List Brief
 ★ To end the Svchost.exe process, the path is not C:\WINDOWS\system32\svchost.exe
 WMIC process where "name= ' Svchost.exe ' and executablepath<> ' C:\\windows\\system32\\svchost.exe '" Call Terminate
 ★ New Notepad process
 WMIC process Call Create Notepad 
 
 
 
 
 
 
 
 PRODUCT-Installation Package task management
 ★ The installation package in the C:\WINDOWS\Installer directory
 ★ To uninstall the. msi installation package
 WMIC PRODUCT where "Name= ' Microsoft. NET Framework 1.1 ' and version= ' 1.1.4322 '" Call Uninstall
 ★ To repair. MSI installation package
 WMIC PRODUCT where "Name= ' Microsoft. NET Framework 1.1 ' and version= ' 1.1.4322 '" Call Reinstall 
 
 
 
 
 
 
 
 Service-Services Program management
 ★ To run Spooler service
 WMIC SERVICE where name= "Spooler" Call StartService
 ★ Stop Spooler Service
 WMIC SERVICE where name= "Spooler" Call StopService
 ★ Stop Spooler Service
 WMIC SERVICE where name= "Spooler" Call Pauseservice
 ★. Change the Spooler service startup Type [auto| disabled| Manual] release [Auto | disable | manual]
 WMIC SERVICE where name= "Spooler" set startmode= "Auto"
 ★ Remove Service
 WMIC SERVICE where name= "test123" Call Delete 
 
 
 
 
 
 
 
 SHARE-Shared resource management
 ★ Remove Share
 WMIC SHARE where name= "e$" Call Delete
 ★ Add Share
 WMIC SHARE Call Create "", "Test", "3", "Testsharename", "" "," C:\Test ", 0 
 
 
 
 
 
 
 
 Sounddev-Sound equipment management
 WMIC Sounddev List 
 
 
 
 
 
 
 
 STARTUP-Automatically run command management when a user logs on to the computer system
 ★ See the Startup options in Msconfig
 WMIC STARTUP List 
 
 
 
 
 
 
 
 Sysdriver-System driver management for basic services
 WMIC Sysdriver List 
 
 
 
 
 
 
 
 UserAccount-User account Management
 ★ Change the user administrator's full name to admin
 WMIC UserAccount where name= "Administrator" set fullname= "admin"
 ★ Change user name admin to admin00
 WMIC useraccount where "name= ' admin" call Rename admin00 
 
 
 
 
 
 
 
 
 ================================================ Get Patch Information
 ★ See what patches the current system is playing
 /node:legacyhost QFE Get Hotfixid 
 
 
 
 
 
 
 
 To view the current speed of the CPU
 ★★CPU the current speed
 WMIC CPU Get CurrentClockSpeed 
 
 
 
 
 
 
 
 Remote Desktop Connection for remote computers
 ★★wmic command to open Remote Desktop Connection on a remote computer
 Execute Wmic/node:192.168.1.2/user:administrator
 PATH win32_terminalservicesetting WHERE (__class!= "") Call SetAllowTSConnections 1
 Specific format:
 Wmic/node: "[Full machine name]"/user: "[Domain]\[username]"
 PATH win32_terminalservicesetting WHERE (__class!= "") Call SetAllowTSConnections 1
 WMIC gets the process name and executable path:
 WMIC process Get Name,executablepath 
 
 
 
 
 
 
 
 WMIC deletes the specified process (according to the process name):
 WMIC process where name= "Qq.exe" call terminate
 or use
 WMIC process where name= "Qq.exe" delete 
 
 
 
 
 
 
 
 WMIC deletes the specified process (according to process PID):
 WMIC process where pid= "123" Delete 
 
 
 
 
 
 
 
 WMIC creates a new process
 WMIC process Call create "C:\Program Files\tencent\qq\qq.exe" 
 
 
 
 
 
 
 
 To create a new process on a remote machine:
 wmic/node:192.168.201.131/user:administrator/password:123456 Process Call Create Cmd.exe 
 
 
 
 
 
 
 
 Shutting down the local computer
 WMIC process Call Create Shutdown.exe 
 
 
 
 
 
 
 
 Restart the remote computer
 wmic/node:192.168.1.10/user:administrator/password:123456 process Call create "Shutdown.exe-r-f-m" 
 
 
 
 
 
 
 
 Change computer name
 WMIC ComputerSystem where "caption= '%computername% '" Call rename NewComputerName 
 
 
 
 
 
 
 
 Change account name
 WMIC useraccount where "name= '%UserName% '" Call rename Newusername 
 
 
 
 
 
 
 
 WMIC ends a suspicious process (depending on the process's startup path) 
 
 
 
 
 
 
 
 WMIC process where "name= ' explorer.exe ' and executablepath<> '%systemdrive%\\windows\\explorer.exe '" delete 
 
 
 
 
 
 
 
 WMIC acquires physical memory
 WMIC memlogical get totalphysicalmemory|find/i/V "T" 
 
 
 
 
 
 
 
 WMIC gets the creation, access, and modification time of a file 
 
 
 
 
 
 
 
 @echo off
 for/f "Skip=1 tokens=1,3,5 delims=."%%a in (' WMIC datafile where name^= ' C:\\windows\\system32\\notepad.exe "Get Creatio Ndate^,lastaccessed^,lastmodified ') Do (
 Set A=%%a
 Set B=%%b
 Set c=%%c
 echo File: C:\windows\system32\notepad.exe
 Echo.
 echo creation time:%a:~0,4% year%a:~4,2% month%a:~6,2% day%a:~8,2%%a:~10,2% minutes%a:~12,2% seconds
 Echo Last visit:%b:~0,4% year%b:~4,2% month%b:~6,2% day%b:~8,2%%b:~10,2% minutes%b:~12,2% seconds
 Echo Last modified:%c:~0,4% year%c:~4,2% month%c:~6,2% day%c:~8,2%%c:~10,2% minutes%c:~12,2% seconds
 )
 Echo.
 Pause 
 
 
 
 
 
 
 
 WMIC searches for a file and gets the directory of the file
 for/f "Skip=1 tokens=1*"%i in (' WMIC datafile where "filename= ' QQ ' and extension= ' exe '" get Drive^,path ') do (set "Qpath =%i%j "& @echo%qpath:~0,-3%) 
 
 
 
 
 
 
 
 Gets the screen resolution WMIC desktopmonitor where status= ' OK ' get screenheight,screenwidth 
 
 
 
 
 
 
 
 WMIC Pagefileset set initialsize= "maximumsize=", "512" 
 
 
 
 
 
 
 
 Set the virtual memory to e disk and delete the paging file under C disk, and restart the computer after it takes effect 
 
 
 
 
 
 
 
 WMIC Pagefileset Create Name= "E:\\pagefile.sys", initialsize= "1024", maximumsize= "1024"
 WMIC pagefileset where "name= ' C:\\pagefile.sys '" delete 
 
 
 
 
 
 
 
 Gets the current memory and maximum memory footprint of the process: 
 
 
 
 
 
 
 
 WMIC process where caption= ' filename.exe ' Get workingsetsize,peakworkingsetsize 
 
 
 
 
 
 
 
 Display in kilobytes 
 
 
 
 
 
 
 
 @echo off
 for/f "Skip=1 tokens=1-2 delims="%%a in (' WMIC process where caption^= ' conime.exe ' Get Workingsetsize^,peakworkingsetsi Ze ') Do (
 set/a m=%%a/1024
 set/a mm=%%b/1024
 The echo process Conime.exe now consumes memory:%m%k; maximum memory consumption:%mm%k
 )
 Pause 
 
 
 
 
 
 
 
 Remote Open Computer Remote Desktop 
 
 
 
 
 
 
 
 Wmic/node:%pcname%/user:%pcaccount% PATH win32_terminalservicesetting WHERE (__class!= "") Call SetAllowTSConnections 1 
 
 
 
 
 
 
 
 =========================================================================== 
 
 
 
 
 Experience of api--wmic learning in batch processing
 
 
 In this article you may not see a lot of strange and useful practical routines, but, to teach people to fish than to teach people to fishing, I hope my article can let you understand some of the basic knowledge of WMIC, can have a learning interest, let oneself continue to study WMIC.
 
 
 In Windows\Help, the Wmic.chm document explains WMI in this way: Windows Management Instrumentation (WMI) is the Web-based Enterprise Management Initiative (WBEM) (This is a Microsoft implementation that aims to establish a standard industrial initiative for accessing and sharing management information on the corporate network.) For more information about WBEM, please visit WBEM. XOXWMI provides complete support for the Common Information Model (CIM), which describes the objects that exist in the administrative environment. WMI includes the object repository and the CIM object manager, where the object repository is a database that contains object definitions, and the object manager handles the collection and operation of objects in the repository and collects information from the WMI provider (WMI provider). The WMI provider (WMI provider) acts as an intermediary between WMI and the components of the operating system, applications, and other systems. For example, the registry provider provides information from the registry, while the SNMP provider provides data and events from the SNMP device. The provider provides information about its components, or it may provide methods that manipulate the components, properties that can be set, or an event that may alert you to changes in the component. Windows Management Instrumentation command Line (WMIC) provides you with a simple Windows Management Instrumentation (WMI) command-line interface that allows you to use WMI to manage running Win Dows's computer. WMIC operates with existing command-line programs and utility commands, and it is easy to extend WMIC through scripting or other management-oriented applications.
 
 
 These statements are too professional, popular point is that Wmic.exe is a command-line program, you can use it to implement the interface directly under the command line to manage computer hardware and software and other aspects of operations, the equivalent of batch processing API.
 
 
 A brief analysis of the basic command format of WMIC
 
 
 Often read the relevant information on the Internet, the reader may have a basic understanding of WMIC, but the more you look at the more likely to be confused, at least I think so. In fact, a simple summary, the command format is "wmic+ global switch + alias +WQL sentence + verb + adverb (or the parameters of the verb) + verb switch" just. This command format can be written or written in a partial format as needed, and I'll explain each of the names of the format in turn, but I'm sure it's completely out of line with the definition of Microsoft experts and just let everyone understand them.
 
 
 WMIC is Wmic.exe, located under the Windows directory, and is a command-line program. WMIC can be performed in two modes: interactive mode (Interactive mode) and non-interactive mode (non-interactive modes), and readers who frequently use the Netsh command line should be familiar with both modes.
 
 
 Interactive mode. If you enter WMIC at a command prompt or through the Run menu, you will enter WMIC's interactive mode, which will be returned to the WMIC prompt whenever a command completes, such as "root\cli", which is typically used when multiple WMIC directives need to be executed. Interaction patterns sometimes identify sensitive operational requirements, such as delete operations, to minimize user action errors.
 
 
 Non-interactive mode. Non-interactive mode is to place WMIC instructions directly as WMIC parameters behind WMIC, and then return to the normal command prompt when the instruction is finished, instead of entering into the WMIC context environment. WMIC's non-interactive mode is mainly used in batch processing or some other script files, and I use the Non-interactive mode example in this article.
 
 
 Switch has the following global switch, into Wmic.exe/? can be seen (here we do not discuss the specific meaning of each switch, the specific use of the example):
 
 
 ★
 
 
 The namespace path used by the/namespace alias.
 
 
 /role contains the role path defined by this alias.
 
 
 The server used by the/node alias.
 
 
 /implevel Customer Impersonation level.
 
 
 /authlevel the customer authentication level.
 
 
 /locale the language identifier applied by the customer.
 
 
 /privileges Enable or disable all privileges.
 
 
 /trace output debug information to stderr.
 
 
 /record writes all input commands and outputs to the log.
 
 
 /interactive Sets or resets the interaction mode.
 
 
 /failfast Sets or resets failfast mode.
 
 
 The user used during the/user session.
 
 
 /password the password used for session logons.
 
 
 /OUTPUT Specifies the mode for the output redirection.
 
 
 /APPEND Specifies the mode for the output redirection.
 
 
 /aggregate set or Reset collection mode.
 
 
 /authority Specifies the <authority type> for the connection.
 
 
 /? [: <brief| FULL>] Usage information.
 
 
 ★ 
 
 
 
 
 As for the alias, it is to the motherboard, service, system, process, these and computer-related dongdong up an English name, in the Wmic.exe/? command line can also be seen.
 
 
 The syntax of the WQL statement is almost exactly the same as that of the SQL statements we normally use when injected, or even simpler. Generally is where name= "xxx" and the like, but sometimes to name= "xxx" Such a format to replace "name= ' xxx '" or WHERE (name= ' xxx ') so that, anyway, the normal situation is not possible to change the wording.
 
 
 Verbs, so simple a few assoc, call, CREATE, DELETE, GET, LIST, SET, from the English name should be able to see what they are for. But to tell you the truth, Assoc I really didn't use it.
 
 
 As to the adverb (the verb's parameter), we get the attribute of the object with the verb + its parameter. An adverb, like a list verb, shows what it is, such as a detailed state or a brief state.
 
 
 A verb switch is like displaying a horizontal table or displaying a vertical tabular form or outputting a file in what format, or a few seconds to repeat the message, and so on, some verbs do not have a switch.
 
 
 
 
 
 two or one steps to complete our WMIC command line
 
 WMIC has an individual name of LogicalDisk, or disk Management. We first write in the simplest format, enter the WMIC logicaldisk list (wmic.exe+ alias +list verb) under the cmd command line, and wait a moment for the various data on the local hard drive to appear disorganized. This looks too inconvenient to see, we have to rewrite, changed to WMIC logicaldisk list brief, after the list verb add a brief parameter, that is, brief adverb, the display will be very neat, the effect is as follows:
 
 
 ★
 
 
 DeviceID brief FreeSpace providername Size volumename
 
 
 A:2
 
 
 C:3 2925694976 6805409792 WINXP
 
 
 D:3 1117487104 1759936512 WORK
 
 
 E:5
 
 
 ★
 
 
 You may notice that there are verb list and adverb brief in the command line above. The list verb determines the format and scope of the displayed information, which has brief, full, Instance, Status, System, writeable, and many other parameters (adverbs), which is only one of its parameters, and also the default parameter of list, indicating that all information is displayed. Several other parameters, as the name suggests, such as brief display only summary information, instance represents only the object instance, status represents the Display object state, writeable represents only the object's writable property information, and so on.
 
 
 Let's add some more words to the top of the disk return information in the DeviceID value of 3 indicates the partition of the local hard disk, if 5 is the optical region, 2 is the mobile disk. Let's change the statement, add the WQL statement, and display only the local disk. The statement is changed to WMIC LogicalDisk where "drivetype=3" list brief or WMIC LogicalDisk where (drivetype=3) list brief, showing the following:
 
 
 ★
 
 
 DeviceID drivetype FreeSpace providername Size volumename
 
 
 C:3 2925686784 6805409792 WINXP
 
 
 D:3 1117487104 1759936512 WORK
 
 
 ★
 
 
 But the top of the format shows that we are still not very satisfied, providername do not know is a what dongdong also show out, we just want what we want, like the volume label volumename and so we do not have it, and then change the statement, change a GET verb, the command to WMIC LogicalDisk where "drivetype=3" Get Deviceid,size,freespace,description,filesystem, the returned information is as follows:
 
 
 ★
 
 
 Deviceid,size,freespace,description,filesystem
 
 
 Description DeviceID filesystem FreeSpace Size
 
 
 Local fixed disk c:fat32 2925686784 6805409792
 
 
 Local fixed disk D:fat 1117487104 1759936512
 
 
 ★
 
 
 As for the parameters behind the get verb you can use list to check it out. Well, this time we can get the results we want. But we didn't use the switch in the command, and we had to add a few global switches. Let's add a/output first, so that it outputs the display information to a file, which commands the following: wmic/output:a.html LogicalDisk where "drivetype=3" Get Deviceid,size,freespace, Description,filesystem, so the information just returned on the screen is in the a.htm of the current directory. But A.htm opened it, just like a notepad, there is no style, looks not beautiful, we give it a style, we need to use the verb switch format, the command changed to wmic/output:a.html LogicalDisk where " Drivetype=3 "Get deviceid,size,freespace,description,filesystem/format:htable, so a.htm in the colorful table to display our local disk information." Maybe you want to ask, htable is what, in fact, this is a file, you want the top a.html what format, you can find a C:\WINDOWS\system32\wbem here in the format you want the file name, specifically have the following files:
 
 
 ★
 
 
 Csv
 
 
 Hform
 
 
 Hmof
 
 
 Htable
 
 
 Hxml
 
 
 LIST
 
 
 TABLE
 
 
 VALUE
 
 
 Htable-sortby
 
 
 Htable-sortby.xsl
 
 
 Texttablewsys
 
 
 Texttablewsys.xsl
 
 
 Wmiclimofformat
 
 
 Wmiclimofformat.xsl
 
 
 Wmiclitableformat
 
 
 Wmiclitableformat.xsl
 
 
 Wmiclitableformatnosys
 
 
 Wmiclitableformatnosys.xsl
 
 
 Wmiclivalueformat
 
 
 Wmiclivalueformat.xsl
 
 
 ★
 
 
 Some people may have to ask, I just want to show the C: plate, do not other dishes can do it? Of course, this will use the WQL statement's name variable. You can first see the name by using WMIC LogicalDisk list Instance, and then change the WQL statement above. OK, let's change it to wmic/output:a.html LogicalDisk where "Name= ' C: '" Get Deviceid,size,freespace,description,filesystem/ Format:htable or wmic/output:a.html LogicalDisk where (name= ' C: ') get Deviceid,size,freespace,description,filesystem/ Format:htable is OK. It is worth noting that we did not use single quotes in drivetype=3 because 3 is numeric, and C: is a character, so use single or double quotes. Note, however, that if you use and in the WQL statement, you can draw the statement with () or "".
 
 
 As a result, our final statement basically conforms to the WMIC command format I said at the beginning of my article, "wmic+ switch + alias +WQL + verb + adverb (or verb) + verb switch". However, WMIC can not only operate on the local machine, but also on the remote machine operation, we add three global switch, let our command for the remote format operation, the command is:
 
 
 Wmic/node: "192.168.8.100"/user: "Administrator"/password: "LCX"/output:a.html LogicalDisk where "Name= ' C: '" get Deviceid,size,freespace,description,filesystem/format:htable
 
 
 Where node switch indicates to which machine to access, user and password of course is the remote machine username and password, this command has the above explanation, we should be at a glance. So far, our verbs use only get and list, we add a set to change the volume label of c: Disk. The commands are as follows: WMIC LogicalDisk where "Name= ' C:" "Set volumename =" LCX ", so that everyone can further understand the use of this format. Written so many words, perhaps you want to ask me wmic the most useful switch is what, of course, "? "Well, if that command doesn't work, you can use WMIC/?, WMIC LogicalDisk/?, WMIC LogicalDisk list/?, WMIC LogicalDisk set/? To query usage. 
 
 
 
 
 Third, summary 
 
 
 
 
 
 
 
 WMIC is very powerful, like opening 2003 of 33,891 words can be done: WMIC rdtoggle WHERE servername= '%computername% ' call SetAllowTSConnections 1. But then,
 This article is expected to make the audience deceived feeling, a WMIC disk command to write for such a long length, but I want to have the basis of this article, you study WMIC other alias like process, service, BIOS, motherboard, there will be a point of entry, Specific good skills such as open 3389, we will rely on everyone to study the discovery.
 
 Add: 
 
 
 
 
 
 
 
 Windows WMIC Commands detailed 
 
 
 
 
 
 
 
 REM View CPU
 WMIC CPU List Brief
 REM View physical memory
 WMIC memphysical list Brief
 REM View logical memory
 WMIC memlogical list Brief
 REM View Cache memory
 WMIC memcache list Brief
 REM View virtual memory
 WMIC PAGEFILE list Brief
 REM View network card
 WMIC NIC List Brief
 REM View network protocol
 WMIC netprotocal list Brief 
 
 
 
 
 
 
 
 "Example" outputs the current system BIOS,CPU, motherboard, and other information to an HTML Web page file, which commands the following: 
 
 
 
 
 :: Get system Information. BAT, run BAT file
 
 
 :: System Information output to HTML file, view Help: WMIC/?
 
 
 :: WMIC [System parameter name] list [brief|full]/format:hform >|>> [filename]
 
 
 WMIC BIOS list Brief/format:hform > pcinfo.html
 
 
 WMIC baseboard list Brief/format:hform >>pcinfo.html
 
 
 WMIC CPU List Full/format:hform >>pcinfo.html
 
 
 WMIC OS list Full/format:hform >>pcinfo.html
 
 
 WMIC ComputerSystem List Brief/format:hform >>pcinfo.html
 
 
 WMIC diskdrive list Full/format:hform >>pcinfo.html
 
 
 WMIC memlogical list Full/format:hform >>pcinfo.html
 
 
 Pcinfo.html
 
 
 --------------------------------------------------------------------------------
 
 
 WMIC command parameter Help reference:
 
 
 --------------------------------------------------------------------------------
 
 
 Alias-access alias on Local machine
 
 
 Baseboard-the base board (also called the motherboard or system board) is managed.
 
 
 BIOS-Basic input/Output service (BIOS) management.
 
 
 Bootconfig-Start configuration management.
 
 
 Cdrom-cd-rom Management.
 
 
 ComputerSystem-Computer system management.
 
 
 CPU-CPU Management.
 
 
 Csproduct-smbios's computer system product information.
 
 
 Datafile-datafile Management.
 
 
 Dcomapp-dcom Program Management.
 
 
 DESKTOP-User Desktop management.
 
 
 Desktopmonitor-Monitor Management.
 
 
 Devicememoryaddress-Device memory address management.
 
 
 DiskDrive-Physical disk drive management.
 
 
 Diskquota-ntfs volume disk space usage.
 
 
 DmaChannel-Direct Memory Access (DMA) channel management.
 
 
 Environment-System environment settings management.
 
 
 Fsdir-File Directory System project management.
 
 
 Group-Groups account management.
 
 
 Idecontroller-ide Controller Management.
 
 
 IRQ-Interval request line (IRQ) management.
 
 
 Job-provides access to work scheduled for using the scheduling service.
 
 
 Loadorder-defines system service management that performs dependencies.
 
 
 LogicalDisk-local storage equipment management.
 
 
 Logon-logon session.
 
 
 MEMCACHE-cache memory management.
 
 
 Memlogical-System memory management (configuration layout and memory availability).
 
 
 Memphysical-Computer system physical memory management.
 
 
 Netclient-Network client management.
 
 
 Netlogin-(a user's) network login information management.
 
 
 Netprotocol-Protocol (and its network characteristics) management.
 
 
 Netuse-Active network connection management.
 
 
 Nic-Network Interface Controller (NIC) management.
 
 
 Nicconfig-Network adapter management.
 
 
 NTDOMAIN-NT domain management.
 
 
 Items for Ntevent-nt Event log
 
 
 Nteventlog-nt time log file management.
 
 
 Onboarddevice-Master Board (System board) built-in general adapter device management.
 
 
 OS-installed operating system management.
 
 
 PAGEFILE-Virtual memory file swap management.
 
 
 Pagefileset-Paging File Settings management.
 
 
 PARTITION-Management of the physical disk partition area.
 
 
 PORT-I/O Port management.
 
 
 Portconnector-Physical connection port management.
 
 
 PRINTER-Printer Device management.
 
 
 Printerconfig-Printer device configuration management.
 
 
 PRINTJOB-Print job management.
 
 
 Process-processes management.
 
 
 PRODUCT-Installation Package task management.
 
 
 QFE-Fast Troubleshooting.
 
 
 Quotasetting-Sets disk quota information for the volume.
 
 
 Recoveros-information that will be collected from memory when the operating system fails.
 
 
 REGISTRY-Computer system registry management.
 
 
 SCSICONTROLLER-SCSI Controller Management.
 
 
 Server-Information management for servers.
 
 
 Service-Services Program management.
 
 
 SHARE-shared resource management.
 
 
 Softwareelement-management of software PRODUCT elements that are installed on the system.
 
 
 Softwarefeature-softwareelement the management of software product components.
 
 
 Sounddev-sound device management.
 
 
 STARTUP-Automatically runs command management when a user logs on to the computer system.
 
 
 Sysaccount-System account management.
 
 
 Sysdriver-System driver management for basic services.
 
 
 Systemenclosure-Physical system closure management.
 
 
 Systemslot-Includes the physical connection point management of ports, sockets, attachments, and primary connection points.
 
 
 TapeDrive-Tape drive management.
 
 
 Temperature-temperature sensor data management (electronic temperature meter).
 
 
 TIMEZONE-time Area data management.
 
 
 UPS-Non-disruptive power supply (UPS) management.
 
 
 UserAccount-User account management.
 
 
 Voltage-voltage sensor (electronic meter) data management.
 
 
 Volumequotasetting-Associates a disk volume with disk quota settings.
 
 
 WMISET-WMI Service operation parameter management.