Windows Management Instrumentation (WMI) is a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components can provide information and notification. WMI is Microsoft's implementation of the Web-Based Enterprise Management (WBEM) Standard from the Distributed Management Task Force (DMTF).
WMI allows scripting languages like VBScript to manage Microsoft Windows personal computers and servers, both locally and remotely. WMI is preinstalled in Windows Server 2003, Windows XP, Windows Me, and Windows 2000.
Microsoft also provides a command line interface to WMI called Windows Management Instrumentation Command-line (WMIC).
Some usefull commands when using WMIC:
wmic process [pid] delete
The rough equivalent (for you UNIX/Linux minded folks) of "kill -9 [pid]"
wmic process where name='cmd.exe' delete
It functions something like "killall -9 cmd.exe" would on a Linux box, where killall lets you kill processes by name.
wmic process list brief /every:1
Sort of like (but not exactly) the Linux/UNIX top command.
This one gives a lot more detail than the old "net user" command. With "wmic useraccount" you get user
names, SIDs, and various security settings.
This one shows all hotfixes and service packs. QFE stands for Quick Fix Engineering.
wmic startup list full
This shows a whole bunch of stuff useful in malware analysis, including all files loaded at Startup and the
reg keys associated with autostart.
wmic process list brief | find "cmd.exe"
That works a little like a Linux "ps -aux | grep cmd.exe".
wmic /record:test.xml process list brief
You can use the /record option in WMIC to record the WMIC commands you typed, their output, and a timestamp.
After the command runs, your results are stored in xml format. That's the only format supported, but this
is a handy record of what you typed, when you typed it, and the results you got. The only down side, though,
is that it will overwrite a previous test.xml, rather than append to it. Still, not bad, as long as you make
sure to use different names for your record files.
Network interface configuration options offered by WMIC:
wmic nicconfig where IPEnabled='true'
That'll give you a list of IP interfaces.
wmic nicconfig where Index=1 call EnableStatic ("10.10.10.10"), ("255.255.255.0")
To change the IP address at the command line
wmic nicconfig where Index=1 call EnableDHCP
Do this for DHCP, where the index is the number of the interface you get from that first nicconfig
command I put in this update.
Some links with parameter information about WMIC: