Command Line WMI: Query Remote Machines
Welcome back to our look at Windows Management Instrumentation, or WMI. In part one we we looked at basic syntax and querying for the local computer, discovering ways to gather WMI information using the command line tool WMIC. But where WMI really is worth your time is the ability to gather information from remote computers. Generally, most WMI classes are the same across operating systems, so I try to test locally first and then run my command against remote computers.
Today in part two of this three-part series, we’ll learn how to query remote machines and work with WMIC right from the command line. Later, in part three, we’ll take a closer look at some advanced ways of formatting data.
However, let me take a moment to point out that WMI continues to change with each new operating system release. New classes are added and sometimes even new properties. Just because you can get information from a Windows 7 computer doesn’t necessarily mean Windows XP has the same information. If you are ever in doubt, check the documentation on MSDSN (Win32 Classes).
Querying Remote Computers
So, let me go back into an interactive WMIC session on my Windows 7 computer.
After a little trial and error to get the syntax right, I have a command that works.
wmic:root\cli>computersystem list brief /format:list Domain=JDHITSOLUTIONS Manufacturer=TOSHIBA Model=Qosmio X505 Name=SERENITY PrimaryOwnerName=Jeffery Hicks TotalPhysicalMemory=8577855488
To connect to a remote computer, all I have to do is insert the /Node parameter in front. When you look at help in WMIC, pay close attention to the order parameters and switches specified.
wmic:root\cli>/node:"jdhit-dc01" computersystem list brief /format:list Domain=jdhitsolutions.local Manufacturer=MICRO-STAR INTERNATIONAL CO., LTD Model=KM400-8235 Name=JDHIT-DC01 PrimaryOwnerName=Jeffery D. Hicks TotalPhysicalMemory=1073168384
Normally, you can simply specify the computername, but because the name has a dash, I had to enclose it in quotes. Hopefully this is more along the lines of what you will do:
wmic:root\cli>/node:quark computersystem list brief /format:list Domain=JDHITSolutions Manufacturer=LENOVO Model=S10-3 Name=QUARK PrimaryOwnerName=Jeff TotalPhysicalMemory=2136391680
But what if I wanted to query both of these machines?
wmic:root\cli>/node:quark,"jdhit-dc01" computersystem list brief /format:list …
Or you can put the names in a text file. With this option, I don’t have to enclose the name with a dash in quotes.
wmic:root\cli>/node:@c:\work\mycomputers.txt computersystem list brief /format:list …
WMI uses my current credentials. However, it is possible to specify alternate credentials when querying remote computers. You can’t specify a different user for the local computer. If you are specifying multiple remote computers, the same credential will be used for all of them. The credential must have local admin rights on the remote computer.
wmic:root\cli>/node:"jdhit-dc01" /user:jdhitsolutions\administrator computersystem list brief /format:list Enter the password :********* Domain=jdhitsolutions.local Manufacturer=MICRO-STAR INTERNATIONAL CO., LTD Model=KM400-8235 Name=JDHIT-DC01 PrimaryOwnerName=Jeffery D. Hicks TotalPhysicalMemory=1073168384
The username must be in the domain\username format. Because I didn’t specify a password parameter, I was prompted. But I could have done this:
wmic:root\cli>/node:"jdhit-dc01" /user:jdhitsolutions\administrator /password:"My$3cre+!" computersystem list brief /format:list …
If there’s any chance your password might contain special characters, enclose it in quotes, but be careful. When you specify an alternate credential, WMIC keeps it and uses it for future commands. This can result in problems like this:
wmic:root\cli>computersystem list full Node - SERENITY ERROR: Description = User credentials cannot be used for local connections
You can always check what context WMIC is running under.
wmic:root\cli>context NAMESPACE : root\cimv2 ROLE : root\cli NODE(S) : SERENITY IMPLEVEL : IMPERSONATE [AUTHORITY : N/A] AUTHLEVEL : PKTPRIVACY LOCALE : ms_409 PRIVILEGES : ENABLE TRACE : OFF RECORD : N/A INTERACTIVE : ON FAILFAST : OFF OUTPUT : STDOUT APPEND : STDOUT USER : jdhitsolutions\administrator AGGREGATE : ON
The fix is to define a null value for USER.
wmic:root\cli>/user:"" Password ignored for null user.
This also implies that you can set a USER and PASSWORD value ahead of time and it will always be used without having to explicitly specify the parameter.
Most likely you will want to save the output. WMIC offers several options. Again, we’ll ask for help.
wmic:root\cli>/output /? OUTPUT - Specifies the mode for output redirection. USAGE: /OUTPUT: NOTE: ::= (STDOUT | CLIPBOARD | ) STDOUT - Output will be redirected to the STDOUT. CLIPBOARD - Output will be copied on to CLIPBOARD. - Output will be written to the specified file. NOTE: Enclose the switch value in double quotes, if the value contains special characters like '-' or '/'.
The default is STDOUT or to the console which we’ve seen. I like the Clipboard option. Where this gets tricky is that you have to specify OUTPUT at the beginning of your expression.
wmic:root\cli>/node:Quark /output:clipboard computersystem list full
But now I have the results in the Clipboard, so I can paste them wherever I need. Of course, if you need a text file anyway, go ahead and create it.
wmic:root\cli>/node:Quark /output:"c:\work\quark-sys.txt" computersystem list full
Again, the – is a special character so I enclosed my file path in quotes. You can also append to any of these options, which is handy if you want to create a report from multiple commands.
wmic:root\cli>/append /? APPEND - Specifies the mode for output redirection. USAGE: /APPEND: NOTE: ::= (STDOUT | CLIPBOARD | ) STDOUT - Output will be redirected to the STDOUT. CLIPBOARD - Output will be copied on to CLIPBOARD. - Output will be appended to the specified file.
These are the basics. I’ll cover some advanced options in another article.
Command Line Options
Finally, although we’ve been doing all of this in an interactive mode, if you have a command that works, you can run it right from the command prompt. This is a one line command.
C:\>wmic /node:@c:\work\mycomputers.txt /Output:"C:\Work\ProcessorReport.txt" cpu get Systemname,Name,Description,Manufacturer,AddressWidth,DeviceID /format:list
Once you learn what aliases and properties you need, it is not difficult to capture an amazing amount of system management information. I’ll be back next time to look at some advanced ways of formatting data.
More in Windows Server
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft Confirms May 2022 Patch Tuesday Updates Cause AD Authentication Issues
May 12, 2022 | Rabia Noureen
Microsoft to Disable SMB1 File-Sharing Protocol By Default on Windows 11
Apr 20, 2022 | Rabia Noureen
Microsoft Defender for Endpoint Adds Support for Windows Server 2012 R2 and 2016
Apr 14, 2022 | Rabia Noureen
Microsoft Lets Windows Server Admins Opt-In for Automatic .NET Updates
Apr 13, 2022 | Rabia Noureen
How to Install Windows Server 2022 Step by Step
Mar 22, 2022 | Michael Reinders
Most popular on petri