Useful WMIC commands
Some WMIC (and Get-WMIObject) commands that I use all the time…
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
wmic group get name,SID /format:CSV gwmi win32_group | Select Name, SID wmic useraccount list brief gwmi win32_useraccount | select name wmic csproduct get version wmic /namespace:\\root\CIMV2\ path Win32_ComputerSystemProduct get version gwmi win32_computersystemproduct | select version wmic csproduct get name wmic /namespace:\\root\CIMV2\ path Win32_ComputerSystemProduct GET name gwmi win32_computersystemproduct | select name wmic computersystem get model wmic /namespace:\\root\CIMV2\ path Win32_ComputerSystem get model gwmi win32_computersystem | select model wmic bios get smbiosbiosversion wmic /namespace:\\root\CIMV2\ path Win32_BIOS get SMBIOSBIOSVersion gwmi win32_bios | select smbiosbiosversion wmic bios list brief gwmi win32_bios wmic /namespace:\\root\CIMV2\Security\MicrosoftVolumeEncryption path Win32_EncryptableVolume gwmi -Namespace root\CIMV2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume wmic /namespace:\\root\CIMV2\Security\MicrosoftVolumeEncryption\ path Win32_EncryptableVolume get protectionstatus,driveletter,volumetype gwmi -Namespace root\CIMV2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume | select volumetype, driveletter, protectionstatus wmic /namespace:\\root\CIMV2\Security\MicrosoftTPM\ path Win32_TPM gwmi -Namespace root\CIMV2\Security\MicrosoftTPM -Class Win32_TPM wmic /namespace:\\root\CIMV2\Security\MicrosoftTPM\ path Win32_TPM get isactivated_initialvalue wmic /namespace:\\root\CIMV2\Security\MicrosoftTPM\ path Win32_TPM get isenabled_initialvalue wmic /namespace:\\root\CIMV2\Security\MicrosoftTPM\ path Win32_TPM get isowned_initialvalue Calling a WMI method: wmic /Namespace:\\root\CIMV2\Security\MicrosoftTpm PATH Win32_Tpm WHERE (__CLASS !="") CALL IsReadyInformation (only CMD, not PS) (gwmi -Namespace root\CIMV2\Security\MicrosoftTpm -Class Win32_Tpm).isreadyinformation() gwmi -Namespace root\CIMV2\Security\MicrosoftTpm -Class Win32_Tpm | Invoke-WmiMethod -Name isreadyinformation wmic /node:PCNAME /namespace:\\root\CIMV2\ path Win32_QuickFixEngineering where HotFixID='KB4022405' get HotFixID (CMD only, not in PS) gwmi Win32_QuickFixEngineering gwmi Win32_QuickFixEngineering | select hotfixid gwmi Win32_QuickFixEngineering | Where-Object hotfixid -like KB405* gwmi Win32_QuickFixEngineering | Where-Object {$_.HotFixID -like "KB405*"} wmic /namespace:\\root\CIMV2\ path Win32_Product where "name like 'Java%'" get name gwmi win32_product | Where-Object name -like "FileZilla Client" wmic /node:PCNAME /namespace:\\root\CIMV2\ path Win32_Product where "name like 'Java%'" call uninstall gwmi win32_product | Where-Object name -like "FileZilla Client" | Invoke-WmiMethod -Name uninstall Get-WmiObject -Class "Lenovo_BiosSetting" -ComputerName $env:COMPUTERNAME -Namespace "ROOT\WMI" | Where-Object {($_.CurrentSetting -like "Networkboot*") -or ($_.CurrentSetting -like "Bootorder,*")} | Select-Object CurrentSetting #This can be used for listing WMIC classes and aliases Get-WMIObject -List| Where{$_.name -match "something"} | Sort Name | Format-Table Name wmic ALIAS LIST BRIEF #Get recovery password protectors $RecoveryPasswordProtectorID = $volume.getkeyprotectors().VolumeKeyProtectorID | where {$volume.getkeyprotectortype($_).keyprotectortype -eq 3} #backup recovery password protector manage-bde.exe -protectors -adbackup c: -id $RecoveryPasswordProtectorID |
If you get some error about “verb”, type the ‘ and ” manually instead of copy pasting.