Stéphane-Gabriel Mérizzi

Member since Mar 11, 2012, follows 0 people, 1 public groups, 34 public bookmarks (35 total).

More »
Recent Bookmarks and Annotations

  • Hercules DVD Release Date November 4, 2014 on Oct 17, 14
  • zf-ts2 - ZEROFAIL on Oct 06, 14
    • Data Upload (GB)
  • Demande FCCR - OpenERP on Sep 10, 14
    • Projet
  • Yaya Han - Our Guests - Comiccon on Sep 05, 14
  • WebsitePanel - - Hosting Plan - Hosted Organizations on Jul 17, 14
  • Tickets > Manage on Jun 18, 14
  • Zerofail Gatekeeper: Message Log View on Jun 12, 14
    • mhealy@
  • Tickets > Manage on Jun 03, 14
  • Apple (Canada) - Mac Pro - Technical Specifications on Dec 10, 13
  • WMIC on Aug 20, 13


    get Manufacturer, Model, Name, PartNumber, slotlayout, serialnumber, poweredon


    get name, version, serialnumber


    get BootDirectory, Caption, TempDirectory, Lastdrive


    get Name, Drive, Volumename


    get Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list


    get Name, Caption, MaxClockSpeed, DeviceID, status


    where name='c:\\boot.ini' get Archive, FileSize, FileType, InstallDate, Readable, Writeable, System, Version


    get Name, AppID /format:list


    get Name, ScreenSaverExecutable, ScreenSaverActive, Wallpaper /format:list


    get screenheight, screenwidth


    get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType


    get User, Warninglimit, DiskSpaceUsed, QuotaVolume


    get Description, VariableValue


    where name='c:\\windows' get Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden, Status


    get Caption, InstallDate, LocalAccount, Domain, SID, Status


    get Name, Manufacturer, DeviceID, Status


    get Name, Status


    get Name, Owner, DaysOfMonth, DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status


    get Name, DriverEnabled, GroupOrder, Status


    get Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName


    get Name, BlockSize, Purpose, MaxCacheSize, Status


    get AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory


    get Manufacturer, Model, SerialNumber, MaxCapacity, MemoryDevices


    get Caption, Name, Manufacturer, Status


    get Name, Fullname, ScriptPath, Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory, PrimaryGroupID


    get Caption, Description, GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status


    get Caption, DisplayType, LocalName, Name, ProviderName, Status


    get AdapterType, AutoSense, Name, Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed, StatusInfo


    get MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain


    get MACAddress, IPAddress, DHCPEnabled, DHCPLeaseExpires, DHCPLeaseObtained, DHCPServer


    get MACAddress, IPAddress, DNSHostName, DNSDomain, DNSDomainSuffixSearchOrder, DNSEnabledForWINSResolution, DNSServerSearchOrder


    get MACAddress, IPAddress, WINSPrimaryServer, WINSSecondaryServer, WINSEnableLMHostsLookup, WINSHostLookupFile


    get Caption, ClientSiteName, DomainControllerAddress, DomainControllerName, Roles, Status


    where (LogFile='system' and SourceName='W32Time') get Message, TimeGenerated


    where (LogFile='system' and SourceName='W32Time' and Message like '%timesource%') get Message, TimeGenerated


    where (LogFile='system' and SourceName='W32Time' and EventCode!='29') get TimeGenerated, EventCode, Message


    get Description, DeviceType, Enabled, Status


    get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list


    get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpTime, NumberofProcesses, NumberofUsers, Organization, RegisteredUser, Status


    get Caption, CurrentUsage, Status, TempPageFile


    get Name, InitialSize, MaximumSize


    get Caption, Size, PrimaryPartition, Status, Type


    get DeviceID, DriverName, Hidden, Name, PortName, PowerManagementSupported, PrintJobDataType, VerticalResolution, Horizontalresolution


    get Description, Document, ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner, TimeSubmitted, TotalPages


    get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount


    get Description, InstallDate, Name, Vendor, Version


    get description, FixComments, HotFixID, InstalledBy, InstalledOn, ServicePackInEffect


    get Caption, DefaultLimit, Description, DefaultWarningLimit, SettingID, State


    get AutoReboot, DebugFilePath, WriteDebugInfo, WriteToSystemLog


    get CurrentSize, MaximumSize, ProposedSize, Status


    get Caption, DeviceID, Manufacturer, PNPDeviceID


    get ErrorsAccessPermissions, ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen, FileDirectorySearches


    get Name, Caption, State, ServiceType, StartMode, pathname


    get name, path, status


    get Caption, DeviceID, PNPDeviceID, Manufacturer, status


    get Caption, Location, Command


    get Caption, Domain, Name, SID, SIDType, Status


    get Caption, Name, PathName, ServiceType, State, Status


    get Caption, Height, Depth, Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus, SecurityBreach, PoweredOn, NumberOfPowerCords


    get Number, SlotDesignation, Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout


    get Name, Capabilities, Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo


    get Caption, Bias, DaylightBias, DaylightName, StandardName


    get AccountType, Description, Domain, Disabled, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID

    *UPDATE* 12/13/2012


    get BankLabel, Capacity, Caption, CreationClassName, DataWidth, Description, Devicelocator, FormFactor, HotSwappable, InstallDate, InterleaveDataDepth, InterleavePosition, Manufacturer, MemoryType, Model, Name, OtherIdentifyingInfo, PartNumber, PositionInRow, PoweredOn, Removable, Replaceable, SerialNumber, SKU, Speed, Status, Tag, TotalWidth, TypeDetail, Version




    The PROCESS alias can be used to start a new installation process, if doing this across the network, place the installer files on a share with permissions EVERYONE : Read Only. This is because network credentials will be dropped when jumping from one remote machine to another (unless you have kerberos configured).


    WMIC /locale:ms_409 OS 
    WMIC OS GET csname, locale, bootdevice
    WMIC OS GET osarchitecture /value
    WMIC OS GET localdatetime
    WMIC /locale:ms_409 NTEVENT where LogFile='system'
    WMIC NTEVENT where "LogFile='system' and Type>'0'" 
    WMIC SERVICE where (state=”running”) GET caption, name, state > services.tsv
    WMIC PRINTER where PortName="LPT1:" GET PortName, Name, ShareName
    WMIC PROCESS where name='evil.exe' delete
    WMIC /output:"%computername%.txt" MEMORYCHIP where "memorytype=17" get Capacity
    WMIC /node:@workstns.txt /failfast:on PROCESS call create "\\server\share\installer.cmd"
    Interactive mode:
    C:> START "Windows Management" WMIC
    wmic:root\cli> /locale:ms_409
    wmic:root\cli> OS get csname
    wmic:root\cli> quit


    WMIC is available on XP Professional and Windows 2003 or later versions of Windows.

    The availability of WMI information does vary across different versions of Windows
    e.g. ODBC, SNMP, Windows Installer.

    To run WMIC requires administrator rights.

    The last element returned by WMIC is a single  character (an empty line), when running WMIC in a FOR loop you may need toremove this, particularly if delayed expansion is involved.

    In Windows 2000, around 4,000 properties can be monitored, and around 40 can be configured.
    In Windows XP around 6,000 properties can be monitored, and around 140 can be configured.

    Windows 2003 offers a few improvements and bug fixes: the global option /locale:ms_409 is not required (it defaults to English US.)

    When you type WMIC for the first time in Windows 2003 all the aliases are compiled. The second, and subsequent times you run WMIC, it will start immediately. Under XP WMIC is slower to initialise, therefore to run several WMI queries it can be quicker to use interactive mode.

    Running WMIC within a batch file it may sometimes hang, possible workarounds for this:
    START "" /W CMD /C WMIC options...
    WMIC options... <NUL

    * WMI information for installed software packages (PACKAGE and SOFTWAREFEATURE) is often incomplete and inconsistent for a variety of historical reasons. A more reliable method is to retrieve a list of installed programs directly from the Add/Remove list in the registry, with a WSH script like this from Torgeir Bakken.

    wmic baseboard get product,manufacturer

    wmic bios get name

    wmic product list brief

    wmic service list brief

    wmic process list brief

    wmic startup list brief

    Obviously these details can be found elsewhere, but one advantage of WMIC is that it can save its output for reference later.   Use the command:

    wmic service get /format:hform > c:\folder\services.html

    -- and WMIC will create a formatted HTML page detailing your running services (replace "C:\folder" with an appropriate path for your system). If you have PC problems a few months later you can then look back at this record and see what's  changed.

    Uninstall Automatically

    WMIC isn't just about reporting on system information, though. Use the appropriate CALL command and it can also carry out a variety of useful maintenance tasks.

    Do you regularly have to uninstall and reinstall particular programs, for instance?  Doing this manually via Control Panel is tedious, but WMIC can automatically uninstall many applications with a single command. To see how, enter:

    wmic product get name

    -- and look for the name of the program you'd like to remove. Then enter the name as it appears in that list, in a second command, like this:

    wmic product where name="windows live writer" call uninstall

    -- and your specified program will be uninstalled automatically, without you even seeing the uninstall program.  (Which is convenient, but also risky as there probably will be no chance to cancel your action, so use this with extreme care.)

    Process Management

    WMIC can, say, also close all the instances of a particular program. So if you want to shut down all Internet Explorer windows, for instance, then the command:

    wmic process where name="iexplore.exe" call terminate

    -- would do the trick, closing every instance immediately. (Though again, beware, programs closed in this way probably won't prompt you to save files you're working on, so use the command carelessly and data may be lost.)

    Or maybe you'd prefer to optimise your system by setting your process CPU priorities? WMIC can handle that, too.  Entering:

    wmic process where name="notepad.exe" call setpriority 64

    -- will set every running Notepad process to the Idle priority, for instance (see MSDN for the numbers to use to set other priorities).

    This is barely scratches the surface. WMIC can also give you useful information about your PCs user accounts, change the Start mode of particular services, retrieve useful information from your event logs, change a static IP address, reboot or shut down a PC, and a whole lot more.

    And best of all, you can even apply the commands to a remote system by applying the NODE switch and a network name, like:

    wmic /node:steve-pc service list brief


    There's a huge amount of power on offer here, then.  See the Tech-Wreck InfoSec Blog for more great WMIC examples, then open a command window and try a few for yourself.


    wmic logicaldisk get name

    Display each of the logical disk drives on the computer, as shown below.

    wmic os list brief

    This command would give you brief information about the operating system, as shown in the below example.

    BuildNumber Organization RegisteredUser SerialNumber SystemDirectory Version
    7601 Computer Hope Mrhope 00123-045-6789012-34567 C:\Windows\system32 6.1.7601

    wmic printer list status

    List the printer status of each of the printers installed on the computer.

    WMIC /Output:bios.html BIOS Get Manufacturer,Name,Version /Format:htable

    The above command is a little may appear involved, but is still relatively simple. First the /Output: is outputting the commands output to the bios.html file, which will be saved into the directory you're currently in. Next, the wmic BIOS get command will get the Manufacturer, Name, Serial Number, and Version of the BIOS. Finally, the /format:htable will format the results into an HTML table. Below, is an example of how the output may appear in the bios.html file.

    1 Instances of Win32_BIOS

    Node Manufacturer Name SerialNumber Version
    HOPE-PC DELL INC.. Default System BIOS. 123AB12. DELL - 20081105.


    wmic product list brief

    List each of the programs that have been installed on the computer with brief details. Note: This command could take a minute or two to complete depending on on how many programs you have installed on the computer and may exceed the limit of what can be displayed in the window. This command can also be made into an HTML table as explained in the previous example.

    wmic diskdrive get model,name,size

    Display the model, name, and size of the hard drives installed on the computer, as shown in the below example.


    Model Name Size    
    WDC WD3000HLFS-75G6U1 ATA Device \\.\PHYSICALDRIVE0 300066439680    
    TRUSTED Mass Storage USB Device \\.\PHYSICALDRIVE1 2199020382720  


    • Do not use WMIC's CALL command unless you are absolutely sure about the consequences.

    Now let's try the following commands:

    WMIC BIOS Get Manufacturer
    WMIC BIOS Get Manufacturer,Name,Version /Format:csv
    WMIC BIOS Get Manufacturer,Name,Version /Format:list
    WMIC BIOS Get /Format:list
    WMIC BIOS Get Manufacturer,Name,Version /Format:htable

    You may want to save the latter to a HTML file to view it in a browser:

    WMIC /Output:bios.html BIOS Get Manufacturer,Name,Version /Format:htable
    START "" "%CD%.\bios.html"

    Need the result pasted in another window?

    Use /Output:CLIPBOARD


    One Step Further With HTML Output

    The following batch file will query the specified wmi class, output the results to the specified file, add an .html extension, start the default application, presumably a browser, and open the specified file. The result is the ability to view the output in a readable html form in a browser.

    This batch file is very simple (no error checking, help, etc.). It can be placed in any directory in listed in the path environment variable, etc. I suggest the name: wmic2browser.bat.

    rem Parameters:
    rem     %1 is the wmi class name
    rem     %2 is the file name for the output

    wmic /output:%2.html path %1 get * /format:hform
    START "" "%CD%.\%2.html"

    The result is similar to the following:

    System, BIOS, Motherboard

    This first example shows a few variations of the most common WMI query. We ask a WMI object (computersystem, or bios, or baseboard in the examples below) to return the values for a few of its properties. It returns the results in its default tabular format.

    C:\Tools>wmic computersystem get domain, EnableDaylightSavingsTime, Manufacturer, Model, PartOfDomain, TotalPhysicalMemory, username
    Domain       EnableDaylightSavingsTime  Manufacturer  Model     PartOfDomain  TotalPhysicalMemory  UserName  TRUE                       INTEL_        D865GLC_  TRUE          2146148352           PURGATORY\quux

    C:\Tools>wmic bios get Caption, Manufacturer, SMBIOSBIOSVersion, Version
    Caption                                     Manufacturer  SMBIOSBIOSVersion                 Version
    BIOS Date: 10/14/03 10:38:21 Ver: 08.00.09  Intel Corp.   BF86510A.86A.0049.P11.0310141038  INTEL  - 20031014

    C:\Tools>wmic baseboard get Manufacturer, Model, Product, SerialNumber, Version
    Manufacturer       Model  Product  SerialNumber  Version
    Intel Corporation         D865GLC  ABLC32421808  AAC28909-404

    Processor Info 

    C:\Tools>wmic cpu get deviceID, Addresswidth, MaxClockSpeed, Name, Manufacturer, ProcessorID
    AddressWidth  DeviceID  Manufacturer  MaxClockSpeed  Name                               ProcessorId
    32            CPU0      GenuineIntel  2992           Intel(R) Pentium(R) 4 CPU 3.00GHz  BFEBFBFF00000F29
    32            CPU1      GenuineIntel  2992           Intel(R) Pentium(R) 4 CPU 3.00GHz  BFEBFBFF00000F29

    Hard Drives 

    C:\Tools>wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, volumeserialnumber
    FileSystem  FreeSpace     Name  Size          SystemName  VolumeSerialNumber
    NTFS        53473411072   C:    120023252992  GOOD        B0400204
    NTFS        114517245952  E:    500105216000  GOOD        94AE4BE9

    The drivetypes are

     Member nameDescription


    Unknown The type of drive is unknown.


    NoRootDirectory The drive does not have a root directory.


    Removable The drive is a removable storage device, such as a floppy disk drive or a USB flash drive.


    Fixed The drive is a fixed disk.


    Network The drive is a network drive.


    CDRom The drive is an optical disc device, such as a CD or DVD-ROM.


    Ram The drive is a RAM disk.

    Here is a bonus: S.M.A.R.T. information!

    C:\Tools>WMIC /NAMESPACE:\\root\wmi PATH  MSStorageDriver_FailurePredictStatus get * /format:list

    You can also experiment with 


    • MSStorageDriver_FailurePredictData
    • MSStorageDriver_FailurePredictEvent
    • MSStorageDriver_FailurePredictFunction
    The best docs I have found for these are here. They're sparse, and probably a bit out of date.



    I can't really explain why the output below gives me more available virtual memory than total virtual memory. 

    C:\Tools>wmic memlogical get AvailableVirtualMemory, TotalPhysicalMemory, TotalVirtualMemory
    AvailableVirtualMemory  TotalPhysicalMemory  TotalVirtualMemory
    2049300                 2095848              1939180


    NIC properties

    In the first example below, I query for all NICs. Yikes, too much info!

    In the second example I use a where IPEnabled='TRUE' clause to narrow things down, but it's still too much. Here we have several IPEnabled devices which we don't really care about; the system runs VMware, has a TV card, and had a disabled 100bT NIC.

    In the third example, I only care about the NIC that is enabled and connected! Could have used DHCPEnabled as the second test, but we might want to get this info from systems with static IPs. I would have compared the IPAddress value to good IPs (or eliminated 192.168 and 169.* addresses), but sadly I have not figured out a way to do WHERE queries on IPAddress; apparently the {} brackets indicate it is an array value, and I have found no way to do WQL queries that compare array values. Please use the comments link if you know how to do this! So, by adding the extra query condition (shown in red), I get only the currently 'live' connection. Although I can imagine cases where DNSDomain would be null and the NIC would still be the live connection. YMMV!

    The final query gets a fair amount of NIC information in list format.

    C:\Tools>wmic nicconfig get caption, macaddress, ipaddress, DefaultIPGateway
    Caption                                                  DefaultIPGateway  IPAddress           MACAddress
    [00000001] 1394 Net Adapter
    [00000002] RAS Async Adapter
    [00000003] WAN Miniport (L2TP)
    [00000004] WAN Miniport (PPTP)                                                                 50:50:54:50:30:30
    [00000005] WAN Miniport (PPPOE)                                                                33:50:6F:45:30:30
    [00000006] Direct Parallel
    [00000007] WAN Miniport (IP)
    [00000008] Packet Scheduler Miniport                                                           38:C7:20:52:41:53
    [00000009] Microsoft TV/Video Connection                                   {""}  00:07:E9:5D:BC:F4
    [00000010] Intel(R) PRO/1000 CT Network Connection                         {""}  00:07:E9:5D:BC:F4
    [00000011] Packet Scheduler Miniport                                                           00:07:E9:5D:BC:F4
    [00000012] VMware Virtual Ethernet Adapter for VMnet1                      {""}   00:50:56:C0:00:01
    [00000013] VMware Virtual Ethernet Adapter for VMnet8                      {""}   00:50:56:C0:00:08
    [00000014] NETGEAR 108 Mbps Wireless PCI Adapter WG311T  {""}     {""}       00:0F:B5:4F:78:73
    [00000015] Packet Scheduler Miniport                                                           00:0F:B5:4F:78:73

    C:\Tools>wmic nicconfig where "IPEnabled = 'TRUE'" get caption, macaddress, ipaddress, DefaultIPGateway
    Caption                                                  DefaultIPGateway  IPAddress           MACAddress
    [00000009] Microsoft TV/Video Connection                                   {""}  00:07:E9:5D:BC:F4
    [00000010] Intel(R) PRO/1000 CT Network Connection                         {""}  00:07:E9:5D:BC:F4
    [00000012] VMware Virtual Ethernet Adapter for VMnet1                      {""}   00:50:56:C0:00:01
    [00000013] VMware Virtual Ethernet Adapter for VMnet8                      {""}   00:50:56:C0:00:08
    [00000014] NETGEAR 108 Mbps Wireless PCI Adapter WG311T  {""}     {""}       00:0F:B5:4F:78:73

    C:\Tools>wmic nicconfig where "IPEnabled = 'TRUE' and DNSDomain IS NOT NULL" get caption, macaddress, ipaddress, DefaultIPGateway
    Caption                                                  DefaultIPGateway  IPAddress      MACAddress
    [00000014] NETGEAR 108 Mbps Wireless PCI Adapter WG311T  {""}     {""}  00:0F:B5:4F:78:73

    C:\Tools>wmic nicconfig where "IPEnabled = 'TRUE' and DNSDomain IS NOT NULL" get DefaultIPGateway, DHCPServer, DNSDomain, DNSHostName, DNSServerSearchOrder, IPAddress, IPSubnet, MACAddress, WINSEnableLMHostsLookup, WINSPrimaryServer, WINSSecondaryServer /format:list



    C:\Tools>wmic path Win32_VideoController get  caption, CurrentHorizontalResolution, CurrentVerticalResolution, Description, DriverVersion, AdapterRAM /format:list

    Caption=MOBILITY RADEON 9600/9700 (Microsoft Corporation - WDDM)
    Description=MOBILITY RADEON 9600/9700 (Microsoft Corporation - WDDM)




More »

  • Diigo Community

    4818 members, 13827 items

    Share your review, tips, tricks, and ideas for using Diigo here, and discuss our features, ideas for new features, anything Diigo related. Note that bookmarks posted to this group have no relation to 'Hot Bookmarks from the Diigo Community'.

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo