Remote WMI

Print the names and versions of installed software

wmic product get Name, Version

List all installed Microsoft products

wmic product where "Vendor like '%Microsoft%'" get Name, Version

List installed products that have Office in their names:

wmic product where "Name like '%Office 16%'" get Name, Version

To save the wmic output to a file, you can use the /output and (optionally) /format parameters

wmic /output:software.htm product get Name, Version /format:htable

 

For more information about the wmic syntax

https://stackoverflow.com/questions/1482739/batch-file-to-get-specific-installed-software-along-with-version

baseboard get Manufacturer, Model, Name, PartNumber, slotlayout, serialnumber, poweredon
bios get name, version, serialnumber
bootconfig get BootDirectory, Caption, TempDirectory, Lastdrive
cdrom get Name, Drive, Volumename
computersystem get Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list
cpu get Name, Caption, MaxClockSpeed, DeviceID, status
datafile where name=’c:\boot.ini’ get Archive, FileSize, FileType, InstallDate, Readable, Writeable, System, Version
dcomapp get Name, AppID /format:list
desktop get Name, ScreenSaverExecutable, ScreenSaverActive, Wallpaper /format:list
desktopmonitor get screenheight, screenwidth
diskdrive get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType
diskquota get User, Warninglimit, DiskSpaceUsed, QuotaVolume
environment get Description, VariableValue
fsdir where name=’c:\windows’ get Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden, Status
group get Caption, InstallDate, LocalAccount, Domain, SID, Status
idecontroller get Name, Manufacturer, DeviceID, Status
irq get Name, Status
job get Name, Owner, DaysOfMonth, DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status
loadorder get Name, DriverEnabled, GroupOrder, Status
logicaldisk get Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName
memcache get Name, BlockSize, Purpose, MaxCacheSize, Status
memlogical get AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory
memphysical get Manufacturer, Model, SerialNumber, MaxCapacity, MemoryDevices
netclient get Caption, Name, Manufacturer, Status
netlogin get Name, Fullname, ScriptPath, Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory, PrimaryGroupID
netprotocol get Caption, Description, GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status
netuse get Caption, DisplayType, LocalName, Name, ProviderName, Status
nic get AdapterType, AutoSense, Name, Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed, StatusInfo
nicconfig get MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain
nicconfig get MACAddress, IPAddress, DHCPEnabled, DHCPLeaseExpires, DHCPLeaseObtained, DHCPServer
nicconfig get MACAddress, IPAddress, DNSHostName, DNSDomain, DNSDomainSuffixSearchOrder, DNSEnabledForWINSResolution, DNSServerSearchOrder
nicconfig get MACAddress, IPAddress, WINSPrimaryServer, WINSSecondaryServer, WINSEnableLMHostsLookup, WINSHostLookupFile
ntdomain get Caption, ClientSiteName, DomainControllerAddress, DomainControllerName, Roles, Status
ntevent where (LogFile=’system’ and SourceName=’W32Time’) get Message, TimeGenerated
ntevent where (LogFile=’system’ and SourceName=’W32Time’ and Message like ‘%timesource%’) get Message, TimeGenerated
ntevent where (LogFile=’system’ and SourceName=’W32Time’ and EventCode!=’29’) get TimeGenerated, EventCode, Message
onboarddevice get Description, DeviceType, Enabled, Status
os get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list
os get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpTime, NumberofProcesses, NumberofUsers, Organization, RegisteredUser, Status
pagefile get Caption, CurrentUsage, Status, TempPageFile
pagefileset get Name, InitialSize, MaximumSize
partition get Caption, Size, PrimaryPartition, Status, Type
printer get DeviceID, DriverName, Hidden, Name, PortName, PowerManagementSupported, PrintJobDataType, VerticalResolution, Horizontalresolution
printjob get Description, Document, ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner, TimeSubmitted, TotalPages
process get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount
product get Description, InstallDate, Name, Vendor, Version
qfe get description, FixComments, HotFixID, InstalledBy, InstalledOn, ServicePackInEffect
quotasetting get Caption, DefaultLimit, Description, DefaultWarningLimit, SettingID, State
recoveros get AutoReboot, DebugFilePath, WriteDebugInfo, WriteToSystemLog
Registry get CurrentSize, MaximumSize, ProposedSize, Status
scsicontroller get Caption, DeviceID, Manufacturer, PNPDeviceID
server get ErrorsAccessPermissions, ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen, FileDirectorySearches
service get Name, Caption, State, ServiceType, StartMode, pathname
share get name, path, status
sounddev get Caption, DeviceID, PNPDeviceID, Manufacturer, status
startup get Caption, Location, Command
sysaccount get Caption, Domain, Name, SID, SIDType, Status
sysdriver get Caption, Name, PathName, ServiceType, State, Status
systemenclosure get Caption, Height, Depth, Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus, SecurityBreach, PoweredOn, NumberOfPowerCords
systemslot get Number, SlotDesignation, Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout
tapedrive get Name, Capabilities, Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo
timezone get Caption, Bias, DaylightBias, DaylightName, StandardName
useraccount get AccountType, Description, Domain, Disabled, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID

 

region List WMI Classes

help get-wmiobject -ShowWindow

list all classes that start with win32*

Get-WmiObject -List -class win32* | Out-GridView

list all namespaces

gwmi -list -class "__namespace" -Namespace root -recurse |

Select @{Name="Namespace";Expression={$_.path.namespacepath}}

region Getting WMI information

Class parameter is positional but I’ll use it once

gwmi -class win32_operatingsystem

this is just the default display. There are more properties

gwmi -class win32_operatingsystem | gm

gwmi -class win32_operatingsystem | select *

you’ll get an object for each class instance

gwmi win32_logicaldisk

using query to limit results

gwmi -query "Select * from win32_logicaldisk where drivetype=3"
gwmi -query "Select * from win32_logicaldisk where deviceid='c:'"

using filter

gwmi win32_logicaldisk -filter "drivetype=3"
gwmi win32_service -filter "startmode='auto' AND state<>'running'" |
Out-GridView

 

select properties you want

gwmi win32_service -filter "startmode='auto' AND state<>'running'" |

Select Name,Displayname,Startmode,State,Startname,Description

 

region Query remote computers

$Computers = "chi-dc01","chi-dc02","chi-dc04","chi-fp02"
gwmi win32_operatingsystem -comp $computers
gwmi win32_operatingsystem -comp $computers |
Select PSComputername,Caption,Version,
@{Name="ServicePack";Expression={$_.CSDVersion}},
InstallDate | Out-GridView

 

for filter

gwmi win32_service -filter "startmode='auto' AND state<>'running'" -ComputerName $computers |
Select PSComputername,Name,Displayname,Startmode,State,Startname,Description

gwmi win32_networkadapterconfiguration -filter "IPEnabled='True'" `
-computer CHI-FP02 -credential globomantics\administrator |
Select PSComputername,IPAddress,IPSubnet,DefaultIpGateway

 

or use a saved credential

$admin = get-credential globomantics\administrator
$admin
gwmi win32_networkadapterconfiguration -filter "IPEnabled='True'" `
-computer $computers -credential $admin |
Select PSComputername,IPAddress,IPSubnet,DefaultIpGateway

 

this will fail with IIS in WMI

gwmi -namespace root\webadministration -comp chi-web01 -class Site -Credential $admin
gwmi -namespace root\webadministration -comp chi-web01 -class site -Authentication PacketPrivacy

 

demo Invoke-WMIMethod

 

you can use methods directly

$notepad = Get-WmiObject win32_process -filter "name='notepad.exe'"
$notepad | gm -MemberType method
#need () even if no methods

#no -Whatif

$notepad.Terminate()
#return value of 0 means success
help Invoke-WmiMethod -ShowWindow

notepad

Get-WmiObject win32_process -filter "name='notepad.exe'" |
Invoke-WmiMethod -Name Terminate -WhatIf

 

invoke methods with an argument

 

check current startmode

gwmi win32_service -filter "name='wuauserv'" -comp chi-dc01,chi-dc02,chi-dc04 |
Select PSComputername,name,startmode
gwmi win32_service -filter "name='wuauserv'" -comp chi-dc01,chi-dc02,chi-dc04 |
Invoke-WmiMethod -name ChangeStartMode -ArgumentList "auto" -whatif
gwmi win32_service -filter "name='wuauserv'" -comp chi-dc01,chi-dc02,chi-dc04 |
Invoke-WmiMethod -name ChangeStartMode -ArgumentList "automatic"

 

verify

gwmi win32_service -filter "name='wuauserv'" -comp chi-dc01,chi-dc02 |
Select PSComputername,name,startmode
<#
method parameters are entered alphabetically not in
the order seen in documentation
#>

 

start « http://msdn.microsoft.com/en-us/library/windows/desktop/aa393598(v=vs.85).aspx »

gwmi win32_share -filter "name='labs'" |
Invoke-WmiMethod -Name SetShareInfo -ArgumentList @(5,"Labs")
#parameters as PowerShell sees them
([wmiclass]"win32_share").GetMethodParameters("setShareInfo")
gwmi win32_share -filter "name='labs'" |
Invoke-WmiMethod -Name SetShareInfo -ArgumentList @($null,"Labs",25)
gwmi win32_share -filter "name='labs'" | select Name,Description,Max*
<#
Look for cmdlets that implement WMI methods or use the newer CIM cmdlets
#>
#wmiclass
$cs = [wmiclass]"win32_computersystem"
$cs
$cs.Properties | Select Name,Type
$cs.Methods | Select Name
#wmi
#you need to know the path and key property
$svc = [wmi]"root\cimv2:win32_service.name='bits'"
$svc
#connect to a remote computer
$c = [wmi]"\chi-dc01\root\cimv2:win32_logicaldisk.DeviceID='C:'"
$c
$c | select *
#wmisearcher
$search = [wmisearcher]"Select * from win32_process where name='svchost.exe'"
$search
#run locally
$search.Get() |
Select PSComputername,VM,WS,*ModeTime,ProcessID |
ogv
#change the search scope
$search.scope.path="\chi-dc04\root\cimv2"
$search.Get() |
Select PSComputername,VM,WS,*ModeTime,ProcessID |
ogv

$Computers = « chi-dc01″, »chi-dc02″, »chi-dc04″, »chi-fp02 »

gwmi win32_operatingsystem -ComputerName $computers |

Select PSComputername,InstallDate

 

convert date time

 

gwmi win32_operatingsystem -comp $computers |
Select PSComputername,@{Name="OS";Expression={$_.Caption}},
@{Name="ServicePack";Expression={$_.CSDVersion}},
Version,
@{Name="Installed";Expression={$.ConvertToDateTime($.InstallDate)}}


format numbers

gwmi win32_physicalmemory |
Select PSComputername,Capacity
gwmi win32_physicalmemory -computer $computers |
Select PSComputername,@{Name="SizeMB";Expression={$_.Capacity/1Mb}} |
Sort SizeMB

 

memory sizes are in KB

gwmi win32_operatingsystem -comp $computers |
select PSComputername,
@{Name="TotalMemoryMB";Expression={int}},
@{Name="FreeMemoryMB";
Expression={[math]::Round($_.FreePhysicalmemory/1KB,2)}},
@{Name="PercentMemoryFree";
Expression={[math]::Round(($.freephysicalmemory/$.totalvisibleMemorySize)*100,2)}}

 

running as job

$computers+=$env:computername
gwmi win32_product -ComputerName $computers -AsJob

 

we can nest WMI queries

gwmi win32_operatingsystem -comp $computers |
Select PSComputername,
@{Name="OS";Expression={$_.Caption}},
@{Name="ServicePack";Expression={$_.CSDVersion}},
Version,
@{Name="Installed";Expression={$.ConvertToDateTime($.InstallDate)}},
@{Name="MemoryMB";Expression={
$memory = Get-Wmiobject win32_Physicalmemory -comp $_.pscomputername
$memory.Capacity/1Mb
}}

 

set authentication to packetprivacy by default

$PSDefaultParameterValues.Add("get-wmiobject:authentication","PacketPrivacy")
get-wmiobject -Namespace root\webadministration -class site -ComputerName chi-web01
# check job
Get-Job
$data = get-job | Receive-Job -Keep

 

sometimes dates are in a different format

$data | Select PSComputername,Name,Version,Vendor,InstallDate
$data | Select PSComputername,Name,Version,Vendor,
@{Name="Installed";Expression={
$yr = $_.InstallDate.substring(0,4)
$mo = $_.InstallDate.substring(4,2)
$dy = $_.InstallDate.substring(6)
"$mo/$dy/$yr" -as [datetime]
}} | out-gridview -title "Installed Apps"

One thought on “Remote WMI”

  1. I just want to tell you that I am all new to blogging and site-building and definitely liked you’re website. Very likely I’m planning to bookmark your site . You surely come with exceptional articles and reviews. Regards for sharing with us your blog site.

Laisser un commentaire