a very neat utility for windows xp and 2003 is wmic (pronounced wee-mek).

wmic gives you complete access to the WMI repository via the command line. similar to the design of netsh, wmic has two modes of operation : interactive and command line.

the interactive mode is a great way to explore the features of wmic. some examples.

you can access every WMI class by just typing its name – this will get all services on the current machine
path win32_service

you can alway get help in wmic with /?
path win32_service /?

as you can see that there are several commands available : GET, CALL, WHERE

to get all started services
path win32_service where started=’true’

to drill down further
path win32_service where started=’true’ get /?

ok. so we only want the service names (think ‘net start’)
path win32_service where started=’true’ get Caption

to start a service we have to call a method on the service class, to get all available method type
path win32_service call /?

e.g.
path win32_service where Caption=’Alerter’ call StartService

WMIC has aliases for the most common WMI class names, so e.g
service maps to win32_Service
nic maps to win32_NetworkAdapter and
nicconfig maps to win32_NetworkAdapterConfiguration

you can get a list of all aliases if you type /?.

…and finally – another way to configure your tcp/ip stack from the command line :)

to get all network cards where tcp/ip is enabled
nicconfig where IPEnabled=’true’

to get a shorter summary
nicconfig where IPEnabled=’true’ get Index, Caption

to change the IP adress
nicconfig where Index=1 call EnableStatic (“1.2.3.4”), (“255.255.255.0”)

to change to DHCP
nicconfig where Index=1 call EnableDHCP

there are a whole bunch of other methods to call, just trype
nicconfig call /?

I wrote a little script i use for auditing systems – this basically gets some configuration values, acls, accounts a.s.o. a large part of the script could simply be exchanged by some wmic calls, e.g.

wmic bootconfig
wmic computersystem
wmic qfe
wmic startup
wmic logon
wmic process

a.s.o….handy!

Another cool feature of wmic is location transparency, this means that you once set the target machine (local is default) and credentials and you get a “remote wmic”, some examples.

/node sets the target machine, or even cooler, the target machines. just provide a comma separated list of machine names or ip addresses and every wmic command will execute on all remote machines. /node:@list.txt reads the machine names from a file.

/user sets the remote credentials (if you don’t want to use integrated auth)

/AuthLevel and /ImpLevel – see my previous post on Authentication and Impersonation Levels.

You can alway see the current settings by call the context command in wmic.

If you would have a text file with all machine names in your domain you could obtain all os version with the following command

wmic /node:@machines.txt os

You can even poll for WMI data, e.g.

wmic /node:server1 process get name, processid, threadcount /every:5

wmic also supports various output formats – the internal wmic processing is all xml – so you can transform that with xsl stylesheets. some are included but you can provide your own, e.g.

wmic service list full /format:hform.xsl > out.html

gives you a html file with all services and their properties.

cool.