Prerequisite:
. A start Windows Management Instrumentation services, open TCP135 port.
. b local security policy "Network access: Sharing and security model for local accounts" should be set to "Classic - local users to verify their identity."
1. wmic /node:"192.168.1.20 "/ user:" domain \ administrator "/ password:" 123456 "
2. Management [Hardware]:
The Disk Information:
WMIC diskdrive GET deviceid, Caption, size, InterfaceType
get zoning information:
WMIC LogicalDisk GET name, the Description, filesystem, size, FreeSpace
get CPU information:
WMIC the CPU GET name, addresswidth, processorid
get the motherboard information:
WMIC Baseboard GET Manufacturer , Product, Version, SerialNumber
get memory number:
WMIC memlogical gET TotalPhysicalMemory
get the serial number of the brand:
WMIC csproduct gET IdentifyingNumber
obtain sound information:
WMIC SOUNDDEV gET ProductName
get the screen resolution
wmic DESKTOPMONITOR where Status = 'ok' get screenHeight, ScreenWidth
3. PROCESS [Process Manager]:
List processes
WMIC Process List the Brief
(Full Show All, Brief summary display, Instance display example, Status display state)
wmic process of obtaining path:
wmic Process the WHERE name = "jqs.exe" GET ExecutablePath
wmic 创建新进程
wmic process call create notepad
wmic process call create "C:\Program Files\Tencent\QQ\QQ.exe"
wmic process call create "shutdown.exe -r -f -t 20"
wmic 删除指定进程:
wmic process where name="qq.exe" call terminate
wmic process where processid="2345" delete
wmic process 2345 call terminate
wmic 删除可疑进程
wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%\\windows\\explorer.exe'" delete
wmic process where "name='svchost.exe' and ExecutablePath<>'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate
3. USERACCOUNT [Account Management]:
Change the current user name
WMIC the UserAccount the WHERE "name = '% UserName%'" Call the rename newusername
WMIC the UserAccount the Create /?
4. SHARE shared management []:
Establish a shared
WMIC SHARE the CALL the Create "", "the Test", "3", "TestShareName", "", "c: \ the Test", 0
(using WMIC SHARE CALL Create / parameter type after viewing create?)
删除共享
WMIC SHARE where name="C$" call delete
WMIC SHARE where path='c:\\test' delete
5. SERVICE [service management]:
Change the telnet service startup type [Auto | Disabled | Manual]
WMIC the SERVICE the WHERE name = "tlntsvr" the SET StartMode = "Auto"
Run telnet service
wmic SERVICE where name = "tlntsvr" call startservice
Stop ICS service
wmic SERVICE where name = "ShardAccess" call stopservice
Delete test service
wmic SERVICE where name = "test" call delete
6. FSDIR [Catalog Manager]
Listed in a directory called test under the c drive
": and filename = 'test' drive = 'c'" list wmic FSDIR where
delete the c: \ good folder
wmic fsdir "c: \\ test" call delete
rename c: \ test folder abc
WMIC FSDIR "c: \\ the Test" the rename "c: \ abc"
WMIC FSDIR the WHERE (name = 'c: \\ the Test') the rename "c: \ abc"
copy folder
wmic fsdir where name = 'd: \\ test' call copy "c: \\ test"
7.datafile [file management]
重命名
wmic datafile "c:\\test.txt" call rename c:\abc.txt
8.【任务计划】:
wmic job call create "notepad.exe",0,0,true,false,********154800.000000+480
wmic job call create "explorer.exe",0,0,1,0,********154600.000000+480
9. [Environment Variables]
ENVIRONMENT - System environment settings management
1. Obtain temp environment variable
WMIC the WHERE ENVIRONMENT "name = 'Path'" GET UserName, VariableValue
2. Change the path environment variable values, add E: \ Tools
WMIC the WHERE ENVIRONMENT "name = 'path' and = username '<system>' "= the VariableValue SET"% path%; E: \ Tools "
3. Add system environment variables home, HOMEDRIVE %% HOMEPATH% value%
WMIC eNVIRONMENT Create name =" Home ", username =" <System> ", the VariableValue ="% HOMEDRIVE %% HOMEPATH% "
4. remove home environment variable
wmic eNVIRONMENT where" name = 'home ' "delete
5. modify environment variables
wmic ENVIRONMENT where "name='path' and username='<system>'" set VariableValue="e:\tools;%path%"