WMIC(Windows Management Instrumentation Command-line)微软Windows Server的图形界面接口在为网络管理提供便利的同时,因其消耗资源偏大、操作缓慢而颇受Windows管理员的微词,为提供一个图形管理界面之外的另一种选择,微软推出了集WMI的强大与命令行的简洁于一身的全新的命令行管理工具WMIC。加入了WMIC的Windows server 2003的命令行,据称可以完成几乎所有的管理任务。
以DOS起家的微软,最终靠图形界面一统了天下。传统的微软Windows Server的图形界面接口,在使系统管理简单易行的同时,其偏大的资源消耗与缓慢的操作速度,不但使众多IT Pro级系统管理员颇有微词,也使许多从Unix、NetWare转过来的系统管理员短时间内难以适从。虽然微软开发了WMI(Windows Management Instrumentation,Windows管理架构),并在Support Tools和Resource Kits提供了大量基于WMI的脚本让管理员使用,在命令行下管理服务器,但复杂的脚本编程同样令许多管理员却步,因为并非每个管理员都是脚本编程高手。从另一个角度讲,图形界面接口像一个黑盒子,使许多管理员丧失了量身定制管理任务的机会与乐趣,只能亦步亦趋地跟在越来越多的向导屁股后面,不停地点按着"下一步"。
背景:WMI、WBEM与CIM
关于WMI,我们在以前的文章中多次提及,并有过具体的应用,如《使用VS.NET实现WMI调用》(2003年1月刊),《限制域用户同时的多点登录》与《来一段脚本,Kill掉Mike的歌》(2003年2月刊)等。这里不准备再对其做详细的说明,只做一下简单的介绍。
WMI是微软基于Web的企业管理(WBEM)这一理念与标准的具体实现,并对CIM(Common Information Model,公用信息模型)提供完整的支持。WMI由符合CIM标准的对象储备库(Object Repository)和CIM对象管理器(WMI Object Manager)组成,其中对象储备库是对象定义的数据库,对象管理器负责处理储备库中对象的收集和操作,并从WMI提供程序(WMI Provider)收集信息。WMI提供程序在WMI与操作系统组件、应用程序和其他系统之间充当中间人角色,两者通过WMI提供程序交换信息。WMI提供程序的主要作用就是为WMI提供下层对象的相关信息,以及允许WMI通过它对下层对象进行管理。例如,注册表提供程序从注册表中提供信息,而SNMP提供程序则从SNMP设备中提供数据和事件等。
WMI被许多计算机管理工具所用,如Microsoft Systems Management Server、Microsoft Health Monitor和Microsoft Operations Manager等。
WMIC概述
WMIC,是一款新出现在Windows Server 2003中的命令行管理工具。使用WMIC,你不但可以管理本地计算机,而且可以管理同一Windows域内的所有远程计算机(需要必要的权限),而被管理的远程计算机不必事先安装WMIC,只需要支持WMI即可。
wmic可以做很多事情。
从功能来讲
1NICCONFIG (Win32_NetworkAdapterConfiguration)
WMIC NICCONFIG WHERE Index=1 CALL EnableStatic ("10.0.0.2"),("255.0.0.0")
WMIC NICCONFIG WHERE Index=1 CALL SetGateways ("10.0.0.8","10.0.0.9"),(1,2)
WMIC NICCONFIG WHERE Index=1 CALL EnableDHCP
2.Service (Win32_Service)
WMIC SERVICE WHERE Caption="SSDP Discovery Service" CALL ChangeStartMode "Disabled"
3.Datafile (CIM_DataFile)
WMIC DATAFILE WHERE "path='\\windows\\system32\\wbem\\' AND Extension='mof' or path='\\windows\\system32\\wbem\\' AND Extension='pdb'" CALL "Compress"
4. OS (Win32_OperatingSystem)
WMIC /NODE:@"c:\MyServerList.txt" OS WHERE (Primary="TRUE" AND Locale!="0411" AND Organization!="Organization1") CALL Win32ShutDown 6
WMIC OS WHERE Primary=1 CALL Shutdown
5. PROCESS (Win32_Process)
WMIC PROCESS CALL Create "calc.exe"
WMIC PROCESS WHERE Name="calc.exe" CALL Terminate
WMIC PROCESS WHERE Name="explorer.exe" call SetPriority 64
Identical to:
WMIC PATH Win32_Process WHERE Name="explorer.exe" call SetPriority 64
6. RDTOGGLE (Remote Desktop)
RDTOGGLE WHERE ServerName="computer1.microsoft.com" call SetAllowTSConnections 0
7.远程执行命令
wmic /node:"computername1" /user:"administrator" /password:"abc123" process call create "c:\chenl\aaxx.bat test"
从业务来讲:
1.0 Data collection:
WMIC logicaldisk WHERE drivetype=3 GET name,freespace,SystemName,FileSystem,Size,VolumeSerialNumber
WMIC PATH CIM_DataFile WHERE "Path='\\windows\\system32\\wbem\\' AND FileSize>1784088"
WMIC NTEVENT WHERE SourceName="winmgmt" GET Message,EvenTtype /FORMAT:HTABLE > c:\winmgmtevents.htm
WMIC NTEVENT WHERE "EventType<3 AND LogFile!='System' AND LogFile!='Security'" GET LogFile,SourceName,EventType,Message,TimeGenerated /FORMAT:"htable.xsl":"datatype=number":"sortby=EventType" > c:\appevent.htm
WMIC /NAMESPACE:\\root\directory\ldap PATH ds_user WHERE GET ds_displayName,DS_UserPrincipalName,ds_cn,ds_name,ds_whenCreated /VALUE
WMIC PATH CIM_Controller GET Name,Status,SystemName,ProtocolSupported
2.0 Data display:
WMIC PROCESS WHERE "name like '%HOST%'"
WMIC PATH Win32_Process WHERE "name like '%HOST%'"
WMIC PROCESS WHERE “Name=svchost.exe” LIST Statistics
WMIC PROCESS WHERE “Name=svchost.exe” LIST BREAF
WMIC PROCESS WHERE (Name='svchost.exe') GET name, processid
WMIC PROCESS WHERE “Name=svchost.exe” GET name,processid /VALUE
WMIC PROCESS GET /FORMAT:htable
WMIC PROCESS GET /FORMAT:”c:\windows\system32\wbem\htable.xsl”
WMIC PROCESS GET /FORMAT:hform
WMIC PROCESS GET /FORMAT:csv
4.0 Data output:
WMIC BIOS > mydata.txt
WMIC OS >> mydata.txt
WMIC /APPEND:mydata.txt PAGEFILE
WMIC /OUTPUT:output.txt OS
WMIC /OUTPUT:CLIPBOARD BIOS
3.0 Data creation:
WMIC /NAMESPACE:\\root\default PATH __Namespace CREATE Name=test
4.0 Data deletion:
WMIC /NAMESPACE:\\root\default PATH __Namespace WHERE Name="test" DELETE
WMIC /NAMESPACE:\\root\subscription PATH __EventFilter WHERE __CLASS="__EventFilter" DELETE
5.0 Security and connection:
Delegate authority
WMIC /node:"computer1" /IMPLEVEL:Delegate /AUTHORITY:"Kerberos:domain\computer1" OS
WMIC /NODE:"computer1.domainofcomputer1.org" /AUTHLEVEL:Pktprivacy BIOS
6.0 Batch scripting:
WMIC.EXE /OUTPUT:WMICLASSES.txt /NAMESPACE:\\root\wmi PATH WDMClassesOfDriver GET Classname
for /f "usebackq skip=1" %%I in (`type WMICLASSES.txt`) DO WMIC.exe /namespace:\\root\wmi PATH %%I
WMIC PROCESS GET /FORMAT:"%windir%\system32\wbem\csv.xsl" >> c:\1.csv
其他例子
wmic 获取硬盘固定分区盘符:
wmic logicaldisk where "drivetype=3" get name
wmic 获取硬盘各分区文件系统以及可用空间:
wmic logicaldisk where "drivetype=3" get name,filesystem,freespace
wmic 获取进程名称以及可执行路径:
wmic process get name,executablepath
wmic 删除指定进程(根据进程名称):
wmic process where name="qq.exe" call terminate
或者用
wmic process where name="qq.exe" delete
wmic 删除指定进程(根据进程PID):
wmic process where pid="123" delete
wmic 创建新进程
wmic process call create "C:\Program Files\Tencent\QQ\QQ.exe"
在远程机器上创建新进程:
wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe
关闭本地计算机
wmic process call create shutdown.exe
重启远程计算机
wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
更改计算机名称
wmic computersystem where "caption='%ComputerName%'" call rename newcomputername
更改帐户名
wmic USERACCOUNT where "name='%UserName%'" call rename newUserName
wmic 结束可疑进程(根据进程的启动路径)
wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%\\windows\\explorer.exe'" delete
wmic 获取物理内存
wmic memlogical get TotalPhysicalMemory|find /i /v "t"
wmic 获取文件的创建、访问、修改时间
@echo off
'wmic datafile where name^="c:\\windows\\system32\\notepad.exe" get CreationDate^,LastAccessed^,LastModified
wmic 全盘搜索某文件并获取该文件所在目录
wmic datafile where "FileName='qq' and extension='exe'" get drive,path
for /f "skip=1 tokens=1*" %i in ('wmic datafile where "FileName='qq' and extension='exe'" get drive^,path') do (set "qPath=%i%j"&@echo %qPath:~0,-3%)
获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
获取U盘盘符,并运行U盘上的QQ.exe
@for /f "skip=1 tokens=*" %i in ('wmic logicaldisk where "drivetype=2" get name') do (if not "%i"=="" start d:\qq.exe)
获得进程当前占用的内存和最大占用内存的大小:
wmic process where caption='filename.exe' get WorkingSetSize,PeakWorkingSetSize
下面是通过vbs获得普通pci网卡参数的例子,传统网卡 deviceid中含有pci字符串。
'cscript /nologo getnic.vbs 1 运行命令行。
Sub GetNic( argv )
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapter")
Dim minobj
minobj=Null
aa=0
ab=0
StrRes=" "
For Each objItem in colItems
if Len(objItem.NetConnectionID)>2 and objItem.AdapterType="Ethernet 802.3" and InStr(objItem.PNPDeviceID,"PCI")>0 then
StrRes= objItem.NetConnectionID & "," & objItem.MACAddress & "," & objItem.Description &","& objItem.PNPDeviceID
If 4=argv Then Wscript.Echo StrRes
if 0=ab Then
ab=1
Set minobj=objItem
ElseIf StrComp(objItem.NetConnectionID,minobj.NetConnectionID)<0 Then
minobj=objItem
end if
end if
Next
Set objItem =minobj
'Wscript.Echo "OK==="&aa
mymac=""
mymac=objItem.MACAddress
mymac=Replace( mymac,":","-")
If 1=argv Then
StrRes=mymac
ElseIf 2=argv Then
StrRes= """"& objItem.NetConnectionID & """"
ElseIf 3=argv Then
StrRes= """" &objItem.NetConnectionID & """," & mymac & "," & objItem.Description &","& objItem.PNPDeviceID
End If
If 4<>argv Then Wscript.Echo StrRes
End Sub
For Each Arg In WScript.Arguments
i = i + 1
' Wscript.Echo Arg
GetNic(Arg)
Next
或者直接运行 cscript /nologo getnic.vbs 1 2 3 4 大家可以看到效果。
一个C++的wmic例子:Using WMI to Extract Management Information
http://www.codeguru.com/Cpp/W-P/system/misc/article.php/c5675
时间仓促,组织不好,内容有点堆砌。希望能抛砖引玉,大家写出更多更强的利用wmic的例子。
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
