Condividi tramite


WMIC Best practices

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Best practices

Use the WHERE () clause for specific instances to be returned for an alias.

  • The WHERE() clause must include the WHERE clause for a valid WQL query. The parentheses are only required for complex criteria. See the WMI SDK for WQL syntax. The WHERE() clause must immediately follows the alias name. For example: process where (processID>300) list brief

  • When the WHERE clause is WHERE NAME='<value>', it is sufficient to give only the value. For example: SERVICE CLIPSRV

    Instead of:

    SERVICE WHERE NAME='CLIPSRV'

Use /OUTPUT, /APPEND, and /RECORD commands to redirect output.

  • Commands that output in HTML format (such as CLASS) typically have their output directed to a file. You can then view that file for results of the command. You can redirect the output can by using the /OUTPUT, /APPEND, and /RECORD commands.

Enclose values in quotation marks if the values contain special characters such as dashes, slashes, or spaces.

Use these methods of query for large domains or databases

  • ALIAS

    WMIC ALIAS PROCESS LIST BRIEF
    
  • USERACCOUNT

    WMIC USERACCOUNT WHERE "Name='PutUserNameHere' and Domain='PutDomainNameHere'"
    
  • FSDIR

    WMIC FSDIR WHERE Name='c:\\WINDOWS'
    
  • DATAFILE

    WMIC DATAFILE WHERE Name="c:\\boot.ini"
    WMIC DATAFILE WHERE "PATH='\\windows\\' and Extension='exe' and FileSize>'108032'" GET LastAccessed, LastModified, Name, FileSize
    
  • NTEVENT

    WMIC NTEVENT WHERE "LogFile='system' and Type>'0'" GET Message, TimeGenerated
    WMIC NTEVENT WHERE "LogFile='system' and Type>'0'" GET Message, TimeGenerated /FORMAT:htable >c:\MySystemEvents.htm
    
  • Querying:

    Use quotes "" to separate WHERE expressions instead of parentheses () :

    WMIC NTEVENT WHERE "LogFile='system' and Type>'4'"
    

    [  Compare to:

    WMIC NTEVENT WHERE (LogFile='system' and TYPE>4)
    

    In this case, Command Shell will misinterpret

    ">4)"
    

    and will try to redirect output to file named

    "4)"
    

     ]

For information about validation of users in WMI, see Managing WMI Security.

For information about WMIC security, authentication, and authorization, see Security with WMIC.

For more information, see Windows Management Instrumentation Command-line.