WMI stands for Windows Management Instrumentation. It is most frequently used for management and monitoring of Servers and Workstations through scripts. However, for you non scripter’s out there (you know you are) can still leverage the power of WMI. While not as powerful as a fully scripted WMI solution it still provides mountains of useful features that you can leverage right now. Better yet, I have found that it functions as a great gateway drug to help people realize the power of scripting. This overview barely scratches the surface as to what is available, but it provides the basic knowledge needed to start playing with the command line.
Right now you’re probably thinking. How do I get it? Well, the odds are you already have it and just need to use it. Microsoft included it with the following operating systems:
Windows XP
Windows Server 2003
Windows Vista
In order to access it you simply need to drop into a command prompt and type in “wmic”. It will most likely give you a message asking you to wait while the WMIC installed. Once this is complete you will be greeted with the following prompt:
wmic:rootcli>
So now what? In order to get started just type in /? to get a listing of the global switches and aliases. The global switches specify how and where a particular WMI query should be run and the aliases specify the actual information. For example, let’s say you want to find out information relating to the operating system. At the wmic prompt type in:
os
This outputs relevant data that is located in the os alias. There is a problem though. The data is output in a very unfriendly format that requires you to scroll instead of down. It’s actually quite a pain!
There are several solutions to this and they can all be found by using /?. Now, type in:
os /?
You will see a listing of the global verbs. Just as we learned in English class these are the action words. They help you to do something with the data. There is a “list” verb that will let you determine how you want the data listed. Within the list verb there are several options for how the output can be displayed. These can be accessed by typing in the following:
os list /?
My favorite is the full list, but try out a few and see what you get. Assuming that you want to use the full list you would now type:
os list full
The list will now be in descending order.
Now that you have pulled the data in a semi reasonable format it’s pretty obvious that there is a lot of it. So now you’re probably asking. How do I pare it down? It’s actually very easy. It’s all about those action words. There is a “get” verb available. In the command above replace “list” with “get” and “full” with the data you want as shown in the full list. For the purposes of demonstration we’ll say it’s the buildnumber. Now the command looks like this:
os get buildnumber
In this form, the command is only useful if you need to pull the data from the local machine. However, you can scale this to multiple machines. It’s as simple as inserting the /node global switch into the command. In order to use the switch you need to specify the location of a text file based list. Then voila! You are pulling data from multiple machines. The command would look as follows:
/node:c:list.txt os get buildnumber
This will read the list the process the command for each machine one at time and output the result to the screen. You can also output the information to text. There is another global switch that will output the information to the screen and write to a specified file. This utilizes the /record global switch. For this scenario the command would look as follows:
/record:c:output.txt /node:c:list.txt os get buildnumber
You can also sting the items you want together with a comma allowing you to pull multiple items at once. For example, lets say you want to get the buildnumber and the amount of free physical memory of a set of clients. The command would be
/record:c:output.txt /node:c:list.txt os get buildnumber, freephysicalmemory
Combine that with Microsoft Excel and this can get very useful, very quick.
One of the most popular commands run using WMI involves that activation of remote desktop functionality on machines. You would be surprised how many people encounter situations where they drop a machine from the domain remotely than realize that they can no longer RDP to it. This is easily solved. Just connect to a Windows Server 2003 machine and run the following WMI command:
wmic /node:”Computer Name” /USER:”username” RDTOGGLE WHERE ServerName=”Computer Name” CALL SetAllowTSConnections 1
This will re-enable remote desktop and the admin can then breathe a sigh of relief.
There are quite literally thousands of different ways to use the WMIC and this barely begins to discuss them. You will need to experiment to find out what works for you. It is also not as robust as using a scripted solution. However, if you are a new admin and still learning the ropes it can really help you out in a pinch.
