Command Line WMI: Basic Syntax and Querying

If you are an IT Pro responsible for managing desktops and/or servers in a Windows environment, then you have to know how to take advantage of Windows Management Instrumentation, or WMI — Microsoft’s implementation of an industry standard for providing management information to all of the software and hardware elements that make up a modern Windows-based computer.
This is a three-part series on Windows Management Instrumentation. Today we’ll look at basic syntax and querying for the local computer, discovering ways to gather WMI information using the command line tool WMIC. In part two, we’ll learn how to query remote machines and work with WMIC right from the command line. And finally, in part three we’ll take a closer look at some advanced ways of formatting data.

I’ll cover the nuts and bolts in a future article, but for now think of WMI as a database that you can query. The “tables” are WMI classes that describe things like the BIOS, operating system, logical disk, or product. Many management software packages query WMI for their information and you can do the same thing. I’m going to show you how and you don’t have to do a single bit of scripting or even use a single PowerShell command.
Windows XP shipped with a command line utility called WMIC. This tool offered command line access to WMI locally and remotely. Here’s a little tidbit: the man behind WMIC was Jeffrey Snover, who went on to bring us PowerShell. After using WMIC a bit you can see the beginnings of PowerShell. Even though I think using PowerShell is more efficient, I realize many people are still thinking about moving to it. WMIC is easy to use and should come already installed.

WMIC can be used interactively or with a command expression, much the same way you might use NETSH. I’ll start an interactive WMIC session on my Windows 7 desktop.


To discover how to use it, ask for help:


Or you can use this to get very detailed help.


Don’t panic with what you see. The basic syntax is pretty easy. What you really want to pay attention to are the aliases. These aliases are supposedly friendlier versions of the actual WMI classes. You don’t have to somehow learn or discover the Win32_OperatingSystem class. Instead, you can use the OS alias.


I’m not showing the result because frankly it doesn’t format very well and is hard to read. That’s ok. Again, let’s ask for help.

​wmic:root\cli>os /?
OS - Installed Operating System/s management.
HINT: BNF for Alias usage.
( [WMIObject] |  [] | [] ) [].
OS GET [] []
OS LIST [] []

I see something that looks more promising, but I’m not sure how to use it. Again, I’ll ask for help. Are you picking up on a theme?

​>wmic:root\cli>OS list /?

If you run this command, you’ll see there are a few property packages. Let’s look at one.

​wmic:root\cli>OS list Brief

Still not pretty. I’ll save you the time of having to go back through the help.

​wmic:root\cli>OS list Brief /format:list
Organization=JDH Information Technology Solutions
RegisteredUser=Jeffery Hicks

Once you discover the property names you can use the Get command.

​wmic:root\cli>os get ServicePackMajorVersion,Caption,OSArchitecture
Caption                       OSArchitecture  ServicePackMajorVersion
Microsoft Windows 7 Ultimate  64-bit          1

In fact, here’s a technique you should be able to use with any alias to list all of an alias’ properties.

​>wmic:root\cli>os get * /format:list

Some WMI classes will return multiple results for each instance of a matching object, such as logical disks.

​wmic:root\cli>logicaldisk list brief /format:list

Usually you want to limit your query. In this scenario, let’s only get fixed drives like C:\. In fact, I’ll combine a few commands into one, using a WHERE query to find all logical disks that have a drive type property of 3.

​wmic:root\cli>logicaldisk where drivetype=3 get Name,Size,Freespace
FreeSpace     Name  Size
65582063616   C:    487439986688
5952987136    E:    120031539200
276582162432  G:    1000202035200

The output is always sorted alphabetically by property name. One thing to be careful of is that when using a query with a string comparison, you need to put in quotes.

​wmic:root\cli>logicaldisk where name='G:' get size,freespace,volumename
FreeSpace     Size           VolumeName
276582162432  1000202035200  Big_T

You can use single or double quotes; it doesn’t matter. You can even construct complex queries.

​wmic:root\cli>service where 'startmode="Auto" AND state<>"Running"' get Name,Startmode,State
Name                            StartMode  State
clr_optimization_v4.0.30319_32  Auto       Stopped
clr_optimization_v4.0.30319_64  Auto       Stopped
sppsvc                          Auto       Stopped
W32Time                         Auto       Stopped

This is a list of all services that are configured to auto start but are not running. How useful would that be! When you are finished using WMIC, simply type Quit or Exit.



Next time I’ll show you how to query remote machines and work with WMIC right from the command line.