WMIC命令整理

获得系统版本信息
wmic datafile where Name&＃61;&＃39;c://windows//explorer.exe&＃39; get Manufacturer,Version,Filename
 
获得系统进程
wmic process list full        注意&＃xff1a;
这里的full也可以换成brief&＃xff08;简洁&＃xff09;
 
获得硬件信息&＃xff08;这里以cpu为例&＃xff09;
wmic cpu get name,caption,maxclockspeed,description
 
将结果输出到d盘的1.txt里面
wmic /output:D:/1.txt cpu get name
 
wmic 获取硬盘固定分区盘符:
wmic logicaldisk where "drivetype&＃61;3" get name
 
wmic 获取硬盘各分区文件系统以及可用空间&＃xff1a;
wmic logicaldisk where "drivetype&＃61;3" get name,filesystem,freespace
 
wmic 获取进程名称以及可执行路径:
wmic process get name,executablepath
 
wmic 删除指定进程(根据进程名称):
wmic process where name&＃61;"qq.exe" call terminate
或者用
wmic process where name&＃61;"qq.exe" delete
 
wmic 删除指定进程(根据进程PID):
wmic process where pid&＃61;"123" delete
 
wmic 创建新进程
wmic process call create "C:/Program Files/Tencent/QQ/QQ.exe"
 
在远程机器上创建新进程&＃xff1a;
wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe
 
关闭本地计算机
wmic process call create shutdown.exe
 
重启远程计算机
wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
 
更改计算机名称
wmic computersystem where "caption&＃61;&＃39;%ComputerName%&＃39;" call rename newcomputername
 
更改帐户名
wmic USERACCOUNT where "name&＃61;&＃39;%UserName%&＃39;" call rename newUserName
 
wmic 结束可疑进程&＃xff08;根据进程的启动路径&＃xff09;
wmic process where "name&＃61;&＃39;explorer.exe&＃39; and executablepath<>&＃39;%SystemDrive%//windows//explorer.exe&＃39;" delete
 
wmic 获取物理内存
wmic memlogical get TotalPhysicalMemory|find /i /v "t"
 
wmic 获取文件的创建、访问、修改时间
&＃64;echo off
&＃39;wmic datafile where name^&＃61;"c://windows//system32//notepad.exe" get CreationDate^,LastAccessed^,LastModified
 
wmic 全盘搜索某文件并获取该文件所在目录
wmic datafile where "FileName&＃61;&＃39;qq&＃39; and extension&＃61;&＃39;exe&＃39;" get drive,path
for /f "skip&＃61;1 tokens&＃61;1*" %i in (&＃39;wmic datafile where "FileName&＃61;&＃39;qq&＃39; and extension&＃61;&＃39;exe&＃39;" get drive^,path&＃39;) do (set "qPath&＃61;%i%j" & &＃64;echo %qPath:~0,-3%)
 
获取屏幕分辨率
wmic DESKTOPMONITOR where Status&＃61;&＃39;ok&＃39; get ScreenHeight,ScreenWidth
 
获取共享资源(包括隐藏共享)
WMIC share list brief
 
获取U盘盘符&＃xff0c;并运行U盘上的QQ.exe
&＃64;for /f "skip&＃61;1 tokens&＃61;*" %i in (&＃39;wmic logicaldisk where "drivetype&＃61;2" get name&＃39;) do (if not "%i"&＃61;&＃61;"" start d:/qq.exe)
 
获得进程当前占用的内存和最大占用内存的大小&＃xff1a;
wmic process where caption&＃61;&＃39;filename.exe&＃39; get WorkingSetSize,PeakWorkingSetSize
 
更改现有工作组为指定的工作组
wmic computersystem Where "name&＃61;&＃39;计算机名称&＃39; call UnjoinDomainOrWorkgroup
 
退出所在域
wmic computersystem Where "name&＃61;&＃39;计算机名称&＃39;" call joindomainorworkgroup "",1,"域名称","域管理员密码","域管理员用户名"
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
开2003的3389
wmic RDTOGGLE WHERE ServerName&＃61;&＃39;%COMPUTERNAME%&＃39; call
SetAllowTSConnections 1
 
远程打开计算机远程桌面
wmic /node:%pcname% /USER:%pcaccount% PATH win32_terminalservicesetting WHERE (__Class!&＃61;"") CALL SetAllowTSConnections 1
 
添加的计划任务&＃xff0c;wmic添加的同样AT命令也是可以看到
wmic job call create "sol.exe",0,0,true,false,********154800.000000&＃43;480
wmic job call create "sol.exe",0,0,1,0,********154600.000000&＃43;480
这两句是相同的&＃xff0c;TRUE可以用1表示&＃xff0c;同样的FALSE可以用0值表示&＃xff0c;时间前为何用八个星号&＃xff0c;这是WMIC的特性&＃xff0c;他显示时间的方式是YYYYMMDDHHMMSS.MMMMMM&＃43;时区 ,可是&＃xff0c;我们并不需要指定年份和月份还有天&＃xff0c;所以用*星号来替代
 
在wmic下查看BIOS信息
wmic bios list full
 
wmic还有停止、暂停和运行服务的功能&＃xff1a;
启动服务startservice&＃xff0c;停止服务stopservice&＃xff0c;暂停服务pauseservice。
具体的命令使用格式就是&＃xff1a;
wmic Service where caption&＃61;”windows time” call stopservice
●&＃xff0d;&＃xff0d;停止服务
wmic Service where caption&＃61;”windows time” call startservice
●&＃xff0d;&＃xff0d;启动服务
wmic Service where name&＃61;”w32time” call stopservice
●&＃xff0d;&＃xff0d;停止服务&＃xff0c;注意name和caption的区别。
 
 
远程创建进程

wmic /node:109.254.2.102 /user:"rdgad/administrator" /password:"1234" process call create commandline&＃61;"cmd.exe /k echo xxxxx|clip.exe"

获取硬盘序列号&＃xff1a;

wmic diskdrive get model