| | | |
 Uploading ....WMI is a powerful way to get a lot of information about a system. It can also be used to change many system properties. The downside of WMI used to be that you could only access it via scripting or fullblown programming. However, all XP Pro and above systems have WMIC, and it is a very handy commandline tool for accessing most of the WMI space. This gives you a poor man's Powershell until the day when we start seeing Powershell installed by default on all systems. New in September 2009: I'm building a sister page, PowerShell WMI Snippets, which essentially translates everything on this page into its PowerShell equivalent. Since PowerShell is more capable than WMIC, the new page will show new capabilities not listed here. Note that all of the examples below are text you can cut/copy/paste; they are not screenshots. Much of the info below is columnar and will look a lot better if you stretch this window as wide as you can! | |
Some reference linksSystem, BIOS, MotherboardThis first example shows a few variations of the most common WMI query. We ask a WMI object (computersystem, or bios, or baseboard in the examples below) to return the values for a few of its properties. It returns the results in its default tabular format. C:\Tools>wmic computersystem get domain, EnableDaylightSavingsTime, Manufacturer, Model, PartOfDomain, TotalPhysicalMemory, username
Domain EnableDaylightSavingsTime Manufacturer Model PartOfDomain TotalPhysicalMemory UserName
cojones.org TRUE INTEL_ D865GLC_ TRUE 2146148352 PURGATORY\quux C:\Tools>wmic bios get Caption, Manufacturer, SMBIOSBIOSVersion, Version
Caption Manufacturer SMBIOSBIOSVersion Version
BIOS Date: 10/14/03 10:38:21 Ver: 08.00.09 Intel Corp. BF86510A.86A.0049.P11.0310141038 INTEL - 20031014 C:\Tools>wmic baseboard get Manufacturer, Model, Product, SerialNumber, Version
Manufacturer Model Product SerialNumber Version
Intel Corporation D865GLC ABLC32421808 AAC28909-404 |
Processor Info C:\Tools>wmic cpu get deviceID, Addresswidth, MaxClockSpeed, Name, Manufacturer, ProcessorID
AddressWidth DeviceID Manufacturer MaxClockSpeed Name ProcessorId
32 CPU0 GenuineIntel 2992 Intel(R) Pentium(R) 4 CPU 3.00GHz BFEBFBFF00000F29
32 CPU1 GenuineIntel 2992 Intel(R) Pentium(R) 4 CPU 3.00GHz BFEBFBFF00000F29 |
Hard Drives C:\Tools>wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, volumeserialnumber
FileSystem FreeSpace Name Size SystemName VolumeSerialNumber
NTFS 53473411072 C: 120023252992 GOOD B0400204
NTFS 114517245952 E: 500105216000 GOOD 94AE4BE9 |
The drivetypes are: | Member name | Description |
|---|
0 | Unknown | The type of drive is unknown. | 1 | NoRootDirectory | The drive does not have a root directory. | 2 | Removable | The drive is a removable storage device, such as a floppy disk drive or a USB flash drive. | 3 | Fixed | The drive is a fixed disk. | 4 | Network | The drive is a network drive. | 5 | CDRom | The drive is an optical disc device, such as a CD or DVD-ROM. | 6 | Ram | The drive is a RAM disk. |
Here is a bonus: S.M.A.R.T. information! C:\Tools>WMIC /NAMESPACE:\\root\wmi PATH MSStorageDriver_FailurePredictStatus get * /format:list
Active=TRUE
InstanceName=IDE\DiskG.SKILL_128GB_SSD_______________________02.10104\4&8188e1b&0&0.0.0_0
PredictFailure=FALSE
Reason=0
|
You can also experiment with - MSStorageDriver_FailurePredictData
- MSStorageDriver_FailurePredictEvent
- MSStorageDriver_FailurePredictFunction
The best docs I have found for these are here. They're sparse, and probably a bit out of date. MemoryI can't really explain why the output below gives me more available virtual memory than total virtual memory. C:\Tools>wmic memlogical get AvailableVirtualMemory, TotalPhysicalMemory, TotalVirtualMemory
AvailableVirtualMemory TotalPhysicalMemory TotalVirtualMemory
2049300 2095848 1939180 |
NIC propertiesIn the first example below, I query for all NICs. Yikes, too much info! In the second example I use a where IPEnabled='TRUE' clause to narrow things down, but it's still too much. Here we have several IPEnabled devices which we don't really care about; the system runs VMware, has a TV card, and had a disabled 100bT NIC. In the third example, I only care about the NIC that is enabled and connected! Could have used DHCPEnabled as the second test, but we might want to get this info from systems with static IPs. I would have compared the IPAddress value to good IPs (or eliminated 192.168 and 169.* addresses), but sadly I have not figured out a way to do WHERE queries on IPAddress; apparently the {} brackets indicate it is an array value, and I have found no way to do WQL queries that compare array values. Please use the comments link if you know how to do this! So, by adding the extra query condition (shown in red), I get only the currently 'live' connection. Although I can imagine cases where DNSDomain would be null and the NIC would still be the live connection. YMMV! The final query gets a fair amount of NIC information in list format. C:\Tools>wmic nicconfig get caption, macaddress, ipaddress, DefaultIPGateway
Caption DefaultIPGateway IPAddress MACAddress
[00000001] 1394 Net Adapter
[00000002] RAS Async Adapter
[00000003] WAN Miniport (L2TP)
[00000004] WAN Miniport (PPTP) 50:50:54:50:30:30
[00000005] WAN Miniport (PPPOE) 33:50:6F:45:30:30
[00000006] Direct Parallel
[00000007] WAN Miniport (IP)
[00000008] Packet Scheduler Miniport 38:C7:20:52:41:53
[00000009] Microsoft TV/Video Connection {"169.254.246.73"} 00:07:E9:5D:BC:F4
[00000010] Intel(R) PRO/1000 CT Network Connection {"169.254.246.73"} 00:07:E9:5D:BC:F4
[00000011] Packet Scheduler Miniport 00:07:E9:5D:BC:F4
[00000012] VMware Virtual Ethernet Adapter for VMnet1 {"192.168.199.1"} 00:50:56:C0:00:01
[00000013] VMware Virtual Ethernet Adapter for VMnet8 {"192.168.226.1"} 00:50:56:C0:00:08
[00000014] NETGEAR 108 Mbps Wireless PCI Adapter WG311T {"10.0.0.10"} {"10.0.0.55"} 00:0F:B5:4F:78:73
[00000015] Packet Scheduler Miniport 00:0F:B5:4F:78:73 C:\Tools>wmic nicconfig where "IPEnabled = 'TRUE'" get caption, macaddress, ipaddress, DefaultIPGateway
Caption DefaultIPGateway IPAddress MACAddress
[00000009] Microsoft TV/Video Connection {"169.254.246.73"} 00:07:E9:5D:BC:F4
[00000010] Intel(R) PRO/1000 CT Network Connection {"169.254.246.73"} 00:07:E9:5D:BC:F4
[00000012] VMware Virtual Ethernet Adapter for VMnet1 {"192.168.199.1"} 00:50:56:C0:00:01
[00000013] VMware Virtual Ethernet Adapter for VMnet8 {"192.168.226.1"} 00:50:56:C0:00:08
[00000014] NETGEAR 108 Mbps Wireless PCI Adapter WG311T {"10.0.0.10"} {"10.0.0.55"} 00:0F:B5:4F:78:73 C:\Tools>wmic nicconfig where "IPEnabled = 'TRUE' and DNSDomain IS NOT NULL" get caption, macaddress, ipaddress, DefaultIPGateway
Caption DefaultIPGateway IPAddress MACAddress
[00000014] NETGEAR 108 Mbps Wireless PCI Adapter WG311T {"10.0.0.10"} {"10.0.0.55"} 00:0F:B5:4F:78:73
C:\Tools>wmic nicconfig where "IPEnabled = 'TRUE' and DNSDomain IS NOT NULL" get DefaultIPGateway, DHCPServer, DNSDomain, DNSHostName, DNSServerSearchOrder, IPAddress, IPSubnet, MACAddress, WINSEnableLMHostsLookup, WINSPrimaryServer, WINSSecondaryServer /format:list DefaultIPGateway={"10.0.0.10"}
DHCPServer=10.0.0.3
DNSDomain=cojones.org
DNSHostName=good
DNSServerSearchOrder={"10.0.0.3","10.0.0.2"}
IPAddress={"10.0.0.55"}
IPSubnet={"255.255.255.0"}
MACAddress=00:0F:B5:4F:78:73
WINSEnableLMHostsLookup=TRUE
WINSPrimaryServer=
WINSSecondaryServer= |
Video C:\Tools>wmic path Win32_VideoController get caption, CurrentHorizontalResolution, CurrentVerticalResolution, Description, DriverVersion, AdapterRAM /format:list AdapterRAM=67108864
Caption=MOBILITY RADEON 9600/9700 (Microsoft Corporation - WDDM)
CurrentHorizontalResolution=1400
CurrentVerticalResolution=1050
Description=MOBILITY RADEON 9600/9700 (Microsoft Corporation - WDDM)
DriverVersion=7.01.01.569 C:\Tools> |
Printers C:\Tools>wmic printer get Caption, Default, Direct, Description, Local, Shared, Sharename, Status
Caption Default Description Direct Local Shared ShareName Status
TPC PostScript HQ2K FALSE FALSE TRUE FALSE Unknown
Microsoft XPS Document Writer FALSE FALSE TRUE FALSE Unknown
Lexmark i3 TRUE FALSE TRUE TRUE Lexmark I3 Office Unknown
hp photosmart 240 series FALSE FALSE TRUE TRUE PHOTO-printer Unknown
hp officejet g series fax FALSE FALSE TRUE FALSE Unknown
hp officejet g series FALSE FALSE TRUE TRUE hpoffice Unknown
Adobe PDF FALSE FALSE TRUE FALSE Unknown
Acrobat PDFWriter FALSE FALSE TRUE FALSE Unknown
Acrobat Distiller FALSE FALSE TRUE FALSE Unknown |
Other HardwareHere's a query that makes an output somewhat like Linux's lspci: C:\>wmic path Win32_PnPEntity where "PNPDeviceID like '%VEN%'" get PNPDeviceID, Status, Manufacturer, Service
Manufacturer PNPDeviceID Service Status
Intel PCI\VEN_8086&DEV_2570&SUBSYS_00000000&REV_02\3&267A616A&0&00 OK
Intel PCI\VEN_8086&DEV_2571&SUBSYS_00000000&REV_02\3&267A616A&0&08 pci OK
ATI Technologies Inc. PCI\VEN_1002&DEV_4150&SUBSYS_47221002&REV_00\4&38B71F77&0&0008 ati2mtag OK
ATI Technologies Inc. PCI\VEN_1002&DEV_4170&SUBSYS_47231002&REV_00\4&38B71F77&0&0108 ati2mtag OK
Intel PCI\VEN_8086&DEV_2573&SUBSYS_00000000&REV_02\3&267A616A&0&18 pci OK
Intel PCI\VEN_8086&DEV_1019&SUBSYS_303B8086&REV_00\4&26062112&0&0818 E1000 OK
Intel PCI\VEN_8086&DEV_24D2&SUBSYS_4C438086&REV_02\3&267A616A&0&E8 usbuhci OK
(Standard disk drives) USBSTOR\DISK&VEN_HP&PROD_PHOTOSMART_240_S&REV_1.00\7&7541E0F&1&CN3CH341FTM9&0 disk OK
Intel PCI\VEN_8086&DEV_24D4&SUBSYS_4C438086&REV_02\3&267A616A&0&E9 usbuhci OK
Intel PCI\VEN_8086&DEV_24D7&SUBSYS_4C438086&REV_02\3&267A616A&0&EA usbuhci OK
Intel PCI\VEN_8086&DEV_24DE&SUBSYS_4C438086&REV_02\3&267A616A&0&EB usbuhci OK
(Standard disk drives) USBSTOR\DISK&VEN_OEI-USB&PROD_COMPACTFLASH&REV_1.01\C67CEDBA1F&0 disk OK
(Standard disk drives) USBSTOR\DISK&VEN_OEI-USB&PROD_SM/MS/SD&REV_1.01\C67CEDBA1F&1 disk OK
Intel PCI\VEN_8086&DEV_24DD&SUBSYS_4C438086&REV_02\3&267A616A&0&EF usbehci OK
Intel PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_C2\3&267A616A&0&F0 pci OK
NEC PCI\VEN_1033&DEV_00F2&SUBSYS_00F21033&REV_01\4&2E98101C&0&00F0 ohci1394 OK
NETGEAR, Inc. PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&2E98101C&0&08F0 AR5211 OK
Intel PCI\VEN_8086&DEV_24D0&SUBSYS_00000000&REV_02\3&267A616A&0&F8 isapnp OK
Intel PCI\VEN_8086&DEV_24DB&SUBSYS_4C438086&REV_02\3&267A616A&0&F9 pciide OK
Intel PCI\VEN_8086&DEV_24D1&SUBSYS_4C438086&REV_02\3&267A616A&0&FA pciide OK
Intel PCI\VEN_8086&DEV_24D3&SUBSYS_4C438086&REV_02\3&267A616A&0&FB smbusp OK
Analog Devices, Inc. PCI\VEN_8086&DEV_24D5&SUBSYS_E0028086&REV_02\3&267A616A&0&FD smwdm OK It's best to get Caption and PNPDeviceID in your query, but that makes the output too wide for this web page. So below I show getting the Caption rather than PNPDeviceID C:\>wmic path Win32_PnPEntity where "PNPDeviceID like '%VEN%'" get Caption, Status, Manufacturer, Service
Caption Manufacturer Service Status
Intel(R) 82865G/PE/P/GV/82848P Processor to I/O Controller - 2570 Intel OK
Intel(R) 82865G/PE/P/GV/82848P Processor to AGP Controller - 2571 Intel pci OK
ALL-IN-WONDER 9600 SERIES ATI Technologies Inc. ati2mtag OK
ALL-IN-WONDER 9600 SERIES - Secondary ATI Technologies Inc. ati2mtag OK
Intel(R) 82865G/PE/P/GV/82848P Processor to PCI to CSA bridge - 2573 Intel pci OK
Intel(R) PRO/1000 CT Network Connection Intel E1000 OK
Intel(R) 82801EB USB Universal Host Controller - 24D2 Intel usbuhci OK
HP photosmart 240 s USB Device (Standard disk drives) disk OK
Intel(R) 82801EB USB Universal Host Controller - 24D4 Intel usbuhci OK
Intel(R) 82801EB USB Universal Host Controller - 24D7 Intel usbuhci OK
Intel(R) 82801EB USB Universal Host Controller - 24DE Intel usbuhci OK
OEI-USB CompactFlash USB Device (Standard disk drives) disk OK
OEI-USB SM/MS/SD USB Device (Standard disk drives) disk OK
Intel(R) 82801EB USB2 Enhanced Host Controller - 24DD Intel usbehci OK
Intel(R) 82801 PCI Bridge - 244E Intel pci OK
NEC OHCI Compliant IEEE 1394 Host Controller NEC ohci1394 OK
NETGEAR 108 Mbps Wireless PCI Adapter WG311T NETGEAR, Inc. AR5211 OK
Intel(R) 82801EB LPC Interface Controller - 24D0 Intel isapnp OK
Intel(R) 82801EB Ultra ATA Storage Controllers Intel pciide OK
Intel(R) 82801EB Ultra ATA Storage Controllers Intel pciide OK
Intel(R) ICH5/ICH5-M SMBus Controller - 24D3 (Intel(R) SMBus 2.0 Driver) Intel smbusp OK
SoundMAX Integrated Digital Audio Analog Devices, Inc. smwdm OK Here's a fun one. List the name and PCI ID of everything in Device manager that is in an error state. You know, those little yellow exclamation points! C:\Tools>wmic path win32_pnpentity where "ConfigManagerErrorCode <> 0" get Name, PNPDeviceID
Name PNPDeviceID
ATI T200 Unified AVStream Driver DISPLAY\NTATIVRV01\5&883B044&1&80000008&01&00
USB Mass Storage Device USB\VID_55AA&PID_B012\C67CEDBA1F
1394 Net Adapter V1394\NIC1394\18F74C01
NETGEAR 108 Mbps Wireless PCI Adapter WG311T PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\4&2E98101C&0&08F0
Bluetooth PAN Network Adapter ROOT\NET\0000
SCSI/RAID Host Controller ROOT\SCSIADAPTER\0000 |
Operating System, Service Pack, Hotfixes, DomainNotice how I used the /format:list directive to return a list rather than a superwide table. A QFE is a hotfix. In the first QFE query below, rather than a get verb, I used list brief. In the second QFE query, note the use of the percent sign (%) as wildcard in a WHERE clause, highlighted in red. This is important to remember; WQL queries do not use the asterisk as a wildcard! C:\Tools>wmic os get bootdevice, caption, csname, currenttimezone, installdate, servicepackmajorversion, servicepackminorversion, systemdrive, version, windowsdirectory /format:list
BootDevice=\Device\HarddiskVolume1
Caption=Microsoft Windows XP Professional
CSName=GOOD
CurrentTimeZone=-480
InstallDate=20030829205313.000000-420
ServicePackMajorVersion=2
ServicePackMinorVersion=0
SystemDrive=C:
Version=5.1.2600
WindowsDirectory=C:\WINDOWS C:\Tools>wmic qfe list brief
Description
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
Microsoft Data Access Components KB870669
Microsoft SQL Server 2000 Service Pack 3 Updates to MDAC 2.7 SP1
Security update for Microsoft Data Access Components
[...listing truncated, you get the point...] C:\Tools>wmic qfe where "HotFixID like '%928366%'" get Description, FixComments, InstalledOn, ServicePackInEffect
Description FixComments InstalledOn ServicePackInEffect
Microsoft .NET Framework 1.1 Hotfix (KB928366) Update 7/11/2007 1.1 C:\Tools>wmic ntdomain get Caption, DnsForestName, DomainControllerAddress, Status
Caption DnsForestName DomainControllerAddress Status
GOOD Unknown [...note this is the localcomputer...]
PURGATORY cojones.org \10.0.0.3 OK |
Services C:\Tools>wmic service get caption, name, state
Caption Name State
Atheros Configuration Service ACS Running
AdRem NetCrunch Task Scheduler AdRemTaskScheduler Stopped
Alerter Alerter Stopped
Application Layer Gateway Service ALG Running
Apple Mobile Device Apple Mobile Device Running
Application Management AppMgmt Stopped
[...listing truncated, you get the point...] C:\Tools>wmic service where "name='Alerter'" get caption, startmode, startname, state, status
Caption StartMode StartName State Status
Alerter Disabled NT AUTHORITY\LocalService Stopped OK |
Installed SoftwareThis not the same as the 'currently installed programs' list you would get by opening Control Panel --> Add/Remove Software. I am not sure how or why the two lists are different, but on my test machine they are definitely not the same. NOTE: the 'wmic product' query doesn't work on Windows 2003 until you add the Windows Installer Provider, as illustrated here.
You can uninstall sofware, too. C:\Tools>wmic product get Caption, InstallDate, Vendor
Caption InstallDate Vendor
ABBYY FineReader for ScanSnap (TM) 2.0 20070127 ABBYY Software
VMware Server Console 20061106 VMware, Inc.
MSXML 4.0 SP2 (KB925672) 20061012 Microsoft Corporation
Intel(R) PROSafe for Wired Connections 20041226 Intel
NETGEAR Wireless Adapter WG311T 20050415 NETGEAR
Windows Server 2003 Administration Tools Pack 20031007 Microsoft Corporation
VMware Workstation 20061228 VMware, Inc.
Intel(R) PROSafe for Wired Connections 20041226 Intel
HP Software Update 20050331 HEWLET~1|Hewlett-Packard
Windows Resource Kit Tools 20030917 Microsoft Corporation
[...listing truncated, you get the point...]
H:\>wmic path win32_product where "name = 'HP Software Update'" call Uninstall <--- UNINSTALLING software.
Executing (\\COMPUTER\root\cimv2:Win32_Product.IdentifyingNumber="{DEC61338-62B5-454A-AAB2-
71D612277798}",Name="HP Software Update",Version="1.5.0")->Uninstall()
Method execution successful.
Out Parameters:
{
ReturnValue = 0; <--- zero means success. The package was uninstalled.
};
|
ProcessesHere we use several call methods to actually do stuff (rather than just listing stuff). And we get a lot of fairly ugly and needless output. But the commands are useful just the same.
C:\Tools>wmic process call create 'notepad.exe'
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 14524;
ReturnValue = 0;
}; [...notepad starts in the GUI...]
C:\Tools>wmic process where "name='notepad.exe'" call setpriority 64
Executing (\GOOD\ROOT\CIMV2:Win32_Process.Handle="7356")->setpriority()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ReturnValue = 0;
};
C:\Tools>wmic process where "name='notepad.exe'" get Caption, ExecutablePath, Priority, ProcessID, WorkingSetSize
Caption ExecutablePath Priority ProcessId WorkingSetSize
notepad.exe C:\WINDOWS\system32\notepad.exe 4 7356 3825664
C:\Tools>wmic process where "name='notepad.exe'" call terminate
Executing (\GOOD\ROOT\CIMV2:Win32_Process.Handle="7356")->terminate()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ReturnValue = 0;
};
C:\Tools>wmic process where "name='notepad.exe'" get Caption, ExecutablePath, Priority, ProcessID, WorkingSetSize
No Instance(s) Available. [...notepad is terminated in the GUI...] |
Event LogsNote that these take a long time to complete - so long that the command is nearly useless. I could have included the eventlog message below (it's 'Message'), but that would have made the output way too wide for this web page. The query shown below gets all warning and error log entries from System which occurred after December 4, 2007. H:\>WMIC NTEVENT WHERE "EventType<3 AND LogFile = 'System' AND TimeGenerated>'20071204'" GET EventCode, EventIdentifier, RecordNumber, SourceName, TimeGenerated, Type
EventCode EventIdentifier RecordNumber SourceName TimeGenerated Type
50 -2108030926 171408 Microsoft-Windows-Time-Service 20071204002221.000000-000 Warning
131 -2108030845 171768 Microsoft-Windows-Time-Service 20071204172639.000000-000 Warning
5719 5719 171770 NETLOGON 20071204172741.000000-000 Error
243 -2147483405 171984 Win32k 20071205160544.401179-000 Warning
10009 -1073731815 172190 Microsoft-Windows-DistributedCOM 20071207101245.000000-000 Error
1003 1003 172251 Microsoft-Windows-Dhcp-Client 20071208055130.000000-000 Warning
50 -2108030926 172264 Microsoft-Windows-Time-Service 20071208133340.000000-000 Warning |
Users and Groups C:\Tools>wmic useraccount where "LocalAccount='TRUE'" get Caption, Disabled, Domain, Lockout, PasswordExpires, SID, Status
Caption Disabled Domain Lockout PasswordExpires SID Status
GOOD\ACTUser FALSE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-1015 OK
GOOD\Administrator FALSE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-500 OK
GOOD\quux FALSE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-1001 OK
GOOD\ASPNET FALSE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-1003 OK
GOOD\Guest TRUE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-501 Degraded
GOOD\HelpAssistant TRUE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-1000 Degraded
GOOD\SUPPORT_388945a0 TRUE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-1002 Degraded
GOOD\VUSR_GOOD FALSE GOOD FALSE FALSE S-1-5-21-1214440339-861567501-682003330-1014 OK
GOOD\__vmware_user__ FALSE GOOD FALSE TRUE S-1-5-21-1214440339-861567501-682003330-1025 OK C:\Tools>wmic group where "LocalAccount='TRUE'" get Caption, SID, Status
Caption SID Status
GOOD\Administrators S-1-5-32-544 OK
GOOD\Backup Operators S-1-5-32-551 OK
GOOD\Guests S-1-5-32-546 OK
GOOD\Network Configuration Operators S-1-5-32-556 OK
GOOD\Power Users S-1-5-32-547 OK
GOOD\Remote Desktop Users S-1-5-32-555 OK
GOOD\Replicator S-1-5-32-552 OK
GOOD\Users S-1-5-32-545 OK
GOOD\Debugger Users S-1-5-21-1214440339-861567501-682003330-1004 OK
GOOD\HelpServicesGroup S-1-5-21-1214440339-861567501-682003330-1001 OK
GOOD\VS Developers S-1-5-21-1214440339-861567501-682003330-1010 OK
GOOD\__vmware__ S-1-5-21-1214440339-861567501-682003330-1024 OK |
You could use WMIC to get members of a group, like so: wmic group where "Name='Administrators'" assoc /resultclass:Win32_useraccount ...but the result is so ugly, it's not worth the bother. There are better ways to do that sort of query. Hint: NET LOCALGROUP Administrators Query remote hosts/node specifies the remote host name. The rest seems self-explanatory. C:\Tools>wmic /node:fs1 /user:mydomain\quuxadmin /password:mypass logicaldisk where drivetype=3 get name, freespace, filesystem, size
FileSystem FreeSpace Name Size
NTFS 1750355968 C: 8578932736
NTFS 321957826560 D: 536863567872
NTFS 106292609024 E: 107372081152 |
Windows Installer ProviderOn Windows 2003, the wmic product query will not work until you install the WMI Windows Installer Provider via Control Panel, Add/Remove Programs. You will not need to reboot the server; you can do wmic product queries as soon as the installation is complete. A picture is worth a thousand words of installation instructions, so: 
|
|
|
| | | |
|
quux's mexican jumping wiki 
