本文主要是介绍Windows CMD中 WMIC命令整理,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
强大的命令行工具wmic
1.wmic=Microsoft Windows Management Instrumentation
2. C:\WINDOWS\system32\wbem 下的东西,特别是.xsl格式化文件,实现wmic的格式化输出
如wmic /output:c:\process.html process list /format:htable.xsl
/format:textvaluelist.xsl
/format:hform.xsl
/format:htable.xsl
/format:csv.xsl
/format:xml.xsl
3.wmic可以做什么?系统管理、远程主机信息获取。。。都可以
4.wmic /?
查看wmic对象有何可用属性: wmic 对象名称 get /? 例如
wmic process get /?
查看wmic对象某个属性的值: wmic 对象名称 get 对象某个属性 例如
wmic process get name
PROCESS - 进程管理
::列出进程的核心信息,类似任务管理器
wmic process list brief
::新建notepad进程
wmic process call create notepad
::列出进程的信息
wmic process get caption,handle,commandline,executablepath
::结束进程
wmic process [handle/PID] delete
wmic process [handle/PID] call terminate
::结束svchost.exe进程,路径为非C:\WINDOWS\system32\svchost.exe的
wmic process where "name='svchost.exe' and ExecutablePath<>'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate
::结束svchost.exe进程,路径为C:\WINDOWS\svchost.exe的(关键点:路径中的\一定要换成\\)
wmic process where "name='svchost.exe' and ExecutablePath='C:\\WINDOWS\\svchost.exe'" call Terminate
BIOS - 基本输入/输出服务 (BIOS) 管理
::查看bios版本型号
wmic bios get name,SMBIOSBIOSVersion,manufacturer
COMPUTERSYSTEM - 计算机系统管理
::查看硬件、操作系统基本信息
wmic computersystem get Name,workgroup,NumberOfProcessors,manufacturer,Model
::查看系统启动选项boot.ini的内容
wmic computersystem get SystemStartupOptions
::查看工作组/域
wmic computersystem get domain
::更改计算机名abc为123
wmic computersystem where "name='abc'" call rename 123
::更改工作组google为MyGroup
wmic computersystem where "name='google'" call joindomainorworkgroup "","","MyGroup",1
CPU - CPU 管理
::查看cpu型号
wmic cpu get name
DATAFILE - DataFile 管理
::查找e盘下test目录(不包括子目录)下的cc.cmd文件
wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" list
::查找e盘下所有目录和子目录下的cc.cmd文件,且文件大小大于1K
wmic datafile where "drive='e:' and FileName='cc' and Extension='cmd' and FileSize>'1000'" list
::删除e盘下文件大小大于10M的.cmd文件
wmic datafile where "drive='e:' and Extension='cmd' and FileSize>'10000000'" call delete
::删除e盘下test目录(不包括子目录)下的非.cmd文件
wmic datafile where "drive='e:' and Extension<>'cmd' and path='test'" call delete
::复制e盘下test目录(不包括子目录)下的cc.cmd文件到e:\,并改名为aa.bat
wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" call copy "e:\aa.bat"
::改名c:\hello.txt为c:\test.txt
wmic datafile "c:\\hello.txt" call rename c:\test.txt
::查找h盘下目录含有test,文件名含有perl,后缀为txt的文件
wmic datafile where "drive='h:' and extension='txt' and path like '%\\test\\%' and filename like '%perl%'" get name
DESKTOPMONITOR - 监视器管理
::获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
DISKDRIVE - 物理磁盘驱动器管理
::获取物理磁盘型号大小等
wmic DISKDRIVE get Caption,size,InterfaceType
ENVIRONMENT - 系统环境设置管理
::获取temp环境变量
wmic ENVIRONMENT where "name='temp'" get UserName,VariableValue
::更改path环境变量值,新增e:\tools
wmic ENVIRONMENT where "name='path' and username='<system>'" set VariableValue="%path%;e:\tools"
::新增系统环境变量home,值为%HOMEDRIVE%%HOMEPATH%
wmic ENVIRONMENT create name="home",username="<system>",VariableValue="%HOMEDRIVE%%HOMEPATH%"
::删除home环境变量
wmic ENVIRONMENT where "name='home'" delete
FSDIR - 文件目录系统项目管理
::查找e盘下名为test的目录
wmic FSDIR where "drive='e:' and filename='test'" list
::删除e:\test目录下除过目录abc的所有目录
wmic FSDIR where "drive='e:' and path='\\test\\' and filename<>'abc'" call delete
::删除c:\good文件夹
wmic fsdir "c:\\good" call delete
::重命名c:\good文件夹为abb
wmic fsdir "c:\\good" rename "c:\abb"
LOGICALDISK - 本地储存设备管理
::获取硬盘系统格式、总大小、可用空间等
wmic LOGICALDISK get name,Description,filesystem,size,freespace
NIC - 网络界面控制器 (NIC) 管理
OS - 已安装的操作系统管理
::设置系统时间
wmic os where(primary=1) call setdatetime 20070731144642.555555+480
PAGEFILESET - 页面文件设置管理
::更改当前页面文件初始大小和最大值
wmic PAGEFILESET set InitialSize="512",MaximumSize="512"
::页面文件设置到d:\下,执行下面两条命令
wmic pagefileset create name='d:\pagefile.sys',initialsize=512,maximumsize=1024
wmic pagefileset where"name='c:\\pagefile.sys'" delete
PRODUCT - 安装包任务管理
::安装包在C:\WINDOWS\Installer目录下
::卸载.msi安装包
wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Uninstall
::修复.msi安装包
wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Reinstall
SERVICE - 服务程序管理
::运行spooler服务
wmic SERVICE where name="Spooler" call startservice
::停止spooler服务
wmic SERVICE where name="Spooler" call stopservice
::暂停spooler服务
wmic SERVICE where name="Spooler" call PauseService
::更改spooler服务启动类型[auto|Disabled|Manual] 释[自动|禁用|手动]
wmic SERVICE where name="Spooler" set StartMode="auto"
::删除服务
wmic SERVICE where name="test123" call delete
SHARE - 共享资源管理
::删除共享
wmic SHARE where name="e$" call delete
::添加共享
WMIC SHARE CALL Create "","test","3","TestShareName","","c:\test",0
SOUNDDEV - 声音设备管理
wmic SOUNDDEV list
STARTUP - 用户登录到计算机系统时自动运行命令的管理
::查看msconfig中的启动选项
wmic STARTUP list
SYSDRIVER - 基本服务的系统驱动程序管理
wmic SYSDRIVER list
USERACCOUNT - 用户帐户管理
::更改用户administrator全名为admin
wmic USERACCOUNT where name="Administrator" set FullName="admin"
::更改用户名admin为admin00
wmic useraccount where "name='admin" call Rename admin00
--------------------------------------WMIC命令整理-----------------------------------------------------------
获得系统版本信息
wmic datafile where Name='c://windows//explorer.exe' get Manufacturer,Version,Filename
获得系统进程
wmic process list full 注意:
这里的full也可以换成brief(简洁)
获得硬件信息(这里以cpu为例)
wmic cpu get name,caption,maxclockspeed,description
将结果输出到d盘的1.txt里面
wmic /output:D:/1.txt cpu get name
wmic 获取硬盘固定分区盘符:
wmic logicaldisk where "drivetype=3" get name
wmic 获取硬盘各分区文件系统以及可用空间:
wmic logicaldisk where "drivetype=3" get name,filesystem,freespace
wmic 获取进程名称以及可执行路径:
wmic process get name,executablepath
wmic 删除指定进程(根据进程名称):
wmic process where name="qq.exe" call terminate
或者用
wmic process where name="qq.exe" delete
wmic 删除指定进程(根据进程PID):
wmic process where pid="123" delete
wmic 创建新进程
wmic process call create "C:/Program Files/Tencent/QQ/QQ.exe"
在远程机器上创建新进程:
wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe
关闭本地计算机
wmic process call create shutdown.exe
重启远程计算机
wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
更改计算机名称
wmic computersystem where "caption='%ComputerName%'" call rename newcomputername
更改帐户名
wmic USERACCOUNT where "name='%UserName%'" call rename newUserName
wmic 结束可疑进程(根据进程的启动路径)
wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%//windows//explorer.exe'" delete
wmic 获取物理内存
wmic memlogical get TotalPhysicalMemory|find /i /v "t"
wmic 获取文件的创建、访问、修改时间
@echo off
'wmic datafile where name^="c://windows//system32//notepad.exe" get CreationDate^,LastAccessed^,LastModified
wmic 全盘搜索某文件并获取该文件所在目录
wmic datafile where "FileName='qq' and extension='exe'" get drive,path
for /f "skip=1 tokens=1*" %i in ('wmic datafile where "FileName='qq' and extension='exe'" get drive^,path') do (set "qPath=%i%j"&@echo%qPath:~0,-3%)
获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
获取共享资源(包括隐藏共享)
WMIC share list brief
获取U盘盘符,并运行U盘上的QQ.exe
@for /f "skip=1 tokens=*" %i in ('wmic logicaldisk where "drivetype=2" get name') do (if not "%i"=="" start d:/qq.exe)
获得进程当前占用的内存和最大占用内存的大小:
wmic process where caption='filename.exe' get WorkingSetSize,PeakWorkingSetSize
更改现有工作组为指定的工作组
wmic computersystem Where "name='计算机名称' call UnjoinDomainOrWorkgroup
退出所在域
wmic computersystem Where "name='计算机名称'" call joindomainorworkgroup "",1,"域名称","域管理员密码","域管理员用户名"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
开2003的3389
wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call
SetAllowTSConnections 1
远程打开计算机远程桌面
wmic /node:%pcname% /USER:%pcaccount% PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1
添加的计划任务,wmic添加的同样AT命令也是可以看到
wmic job call create "sol.exe",0,0,true,false,********154800.000000+480
wmic job call create "sol.exe",0,0,1,0,********154600.000000+480
这两句是相同的,TRUE可以用1表示,同样的FALSE可以用0值表示,时间前为何用八个星号,这是WMIC的特性,他显示时间的方式是YYYYMMDDHHMMSS.MMMMMM+时区 ,可是,我们并不需要指定年份和月份还有天,所以用*星号来替代
在wmic下查看BIOS信息
wmic bios list full
wmic还有停止、暂停和运行服务的功能:
启动服务startservice,停止服务stopservice,暂停服务pauseservice。
具体的命令使用格式就是:
wmic Service where caption=”windows time” call stopservice
●--停止服务
wmic Service where caption=”windows time” call startservice
●--启动服务
wmic Service where name=”w32time” call stopservice
●--停止服务,注意name和caption的区别。
远程创建进程
wmic /node:109.254.2.102 /user:"rdgad/administrator" /password:"1234" process call create commandline="cmd.exe /k echo xxxxx|clip.exe"
这篇关于Windows CMD中 WMIC命令整理的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
