Command Line WMI: Basic Syntax and Querying
If you are an IT Pro responsible for managing desktops and/or servers in a Windows environment, then you have to know how to take advantage of Windows Management Instrumentation, or WMI — Microsoft’s implementation of an industry standard for providing management information to all of the software and hardware elements that make up a modern Windows-based computer.
This is a three-part series on Windows Management Instrumentation. Today we’ll look at basic syntax and querying for the local computer, discovering ways to gather WMI information using the command line tool WMIC. In part two, we’ll learn how to query remote machines and work with WMIC right from the command line. And finally, in part three we’ll take a closer look at some advanced ways of formatting data.
I’ll cover the nuts and bolts in a future article, but for now think of WMI as a database that you can query. The “tables” are WMI classes that describe things like the BIOS, operating system, logical disk, or product. Many management software packages query WMI for their information and you can do the same thing. I’m going to show you how and you don’t have to do a single bit of scripting or even use a single PowerShell command.
Windows XP shipped with a command line utility called WMIC. This tool offered command line access to WMI locally and remotely. Here’s a little tidbit: the man behind WMIC was Jeffrey Snover, who went on to bring us PowerShell. After using WMIC a bit you can see the beginnings of PowerShell. Even though I think using PowerShell is more efficient, I realize many people are still thinking about moving to it. WMIC is easy to use and should come already installed.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
WMIC can be used interactively or with a command expression, much the same way you might use NETSH. I’ll start an interactive WMIC session on my Windows 7 desktop.
To discover how to use it, ask for help:
Or you can use this to get very detailed help.
Don’t panic with what you see. The basic syntax is pretty easy. What you really want to pay attention to are the aliases. These aliases are supposedly friendlier versions of the actual WMI classes. You don’t have to somehow learn or discover the Win32_OperatingSystem class. Instead, you can use the OS alias.
I’m not showing the result because frankly it doesn’t format very well and is hard to read. That’s ok. Again, let’s ask for help.
wmic:root\cli>os /? OS - Installed Operating System/s management. HINT: BNF for Alias usage. ( [WMIObject] |  |  ) . USAGE: OS ASSOC  OS CALL  OS CREATE OS DELETE OS GET   OS LIST   OS SET 
I see something that looks more promising, but I’m not sure how to use it. Again, I’ll ask for help. Are you picking up on a theme?
>wmic:root\cli>OS list /?
If you run this command, you’ll see there are a few property packages. Let’s look at one.
wmic:root\cli>OS list Brief
Still not pretty. I’ll save you the time of having to go back through the help.
wmic:root\cli>OS list Brief /format:list BuildNumber=7601 Organization=JDH Information Technology Solutions RegisteredUser=Jeffery Hicks SerialNumber=00426-292-0111684-85035 SystemDirectory=C:\Windows\system32 Version=6.1.7601
Once you discover the property names you can use the Get command.
wmic:root\cli>os get ServicePackMajorVersion,Caption,OSArchitecture Caption OSArchitecture ServicePackMajorVersion Microsoft Windows 7 Ultimate 64-bit 1
In fact, here’s a technique you should be able to use with any alias to list all of an alias’ properties.
>wmic:root\cli>os get * /format:list
Some WMI classes will return multiple results for each instance of a matching object, such as logical disks.
wmic:root\cli>logicaldisk list brief /format:list DeviceID=C: DriveType=3 FreeSpace=65581613056 ProviderName= Size=487439986688 VolumeName= DeviceID=D: DriveType=5 FreeSpace= ProviderName= Size= VolumeName= …
Usually you want to limit your query. In this scenario, let’s only get fixed drives like C:\. In fact, I’ll combine a few commands into one, using a WHERE query to find all logical disks that have a drive type property of 3.
wmic:root\cli>logicaldisk where drivetype=3 get Name,Size,Freespace FreeSpace Name Size 65582063616 C: 487439986688 5952987136 E: 120031539200 276582162432 G: 1000202035200
The output is always sorted alphabetically by property name. One thing to be careful of is that when using a query with a string comparison, you need to put in quotes.
wmic:root\cli>logicaldisk where name='G:' get size,freespace,volumename FreeSpace Size VolumeName 276582162432 1000202035200 Big_T
You can use single or double quotes; it doesn’t matter. You can even construct complex queries.
wmic:root\cli>service where 'startmode="Auto" AND state<>"Running"' get Name,Startmode,State Name StartMode State clr_optimization_v4.0.30319_32 Auto Stopped clr_optimization_v4.0.30319_64 Auto Stopped sppsvc Auto Stopped W32Time Auto Stopped
This is a list of all services that are configured to auto start but are not running. How useful would that be! When you are finished using WMIC, simply type Quit or Exit.
Next time I’ll show you how to query remote machines and work with WMIC right from the command line.