ex: wmic computersystem list full
-----
where的用法
對為別名返回的特定實例使用 WHERE () 子句。
? WHERE() 子句必須包括 WHERE 子句以進行有效的 WQL 查詢。只有複雜的條件才需要括號。請查看 WQL 語法的 WMI SDK。WHERE() 子句必須緊隨在別名之後。例如: process where (processID>300) list brief
? 當 WHERE 子句是 WHERE NAME='
代替:
SERVICE WHERE NAME='CLIPSRV'
使用 /OUTPUT、/APPEND 和 /RECORD 命令重定向輸出。
? 以 HTML 格式輸出的命令(如 CLASS)通常將它們的輸出定向到一個文件。然後可以查看該文件,以瞭解命令的結果。可以使用 /OUTPUT、/APPEND 和 /RECORD 命令重定向輸出。
如果值包含特殊字符(短劃線、斜槓或空格),則請用引號將值括起來。
對於大的域或數據庫,請使用以下查詢的方法
? ALIAS
WMIC ALIAS PROCESS LIST BRIEF
? USERACCOUNT
WMIC USERACCOUNT WHERE "Name='PutUserNameHere' and Domain='PutDomainNameHere'"
? FSDIR
WMIC FSDIR WHERE Name='c:\\WINDOWS'
? DATAFILE
WMIC DATAFILE WHERE Name="c:\\boot.ini" WMIC DATAFILE WHERE "PATH='\\windows\\' and Extension='exe' and FileSize>'108032'" GET LastAccessed, LastModified, Name, FileSize
? NTEVENT
WMIC NTEVENT WHERE "LogFile='system' and Type>'0'" GET Message, TimeGenerated WMIC NTEVENT WHERE "LogFile='system' and Type>'0'" GET Message, TimeGenerated /FORMAT:htable >c:\MySystemEvents.htm
? 查詢:
使用引號 "" 將 WHERE 表達式分開,而不用括號 ():
WMIC NTEVENT WHERE "LogFile='system' and Type>'4'"
[ 比較:WMIC NTEVENT WHERE (LogFile='system' and TYPE>4)
在這種情況下,命令行解釋器將曲解 ">4)"
並試圖將輸出重定向到指定文件 "4)" ]
-----
實例:
DESKTOPMONITOR - 監視器管理
::獲取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
DISKDRIVE - 物理磁盤驅動器管理
::獲取物理磁盤型號大小等
wmic DISKDRIVE get Caption,size,InterfaceType
WMIC在批處理的應用實例(轉)
原文章來源地址 http://www.verybat.cn/bbs/bbs/viewthread.php?tid=8188&highlight=
第一次使用WMI會自動安裝,等待數秒即可正常使用。
wmic 獲取硬盤固定分區盤符:
for /f "skip=1" %%i in ('wmic logicaldisk where "drivetype=3" get name') do @echo %%i
簡要說明:
wmic + 欲操作的對象名+ where 從句(這是篩選條件)+ get + 對象的屬性
這樣的格式已經可以幫助我們獲取很多東西了,大家可以具體參考
查看wmic對象: wmic /?
查看wmic對象有何可用屬性: wmic 對象名稱 get /? 例如 wmic process get /?
查看wmic對象某個屬性的值: wmic 對象名稱 get 對象某個屬性 例如 wmic process get name
ps: 以上例子中的drivetype的值為2 表示可移動磁盤或軟盤,值為3表示固定磁盤,值為5表示光驅。
wmic 獲取進程名稱、可執行路徑、刪除、創建指定進程
:
wmic 獲取進程名稱以及可執行路徑:
wmic process get name,executablepath
wmic 刪除指定進程(根據進程名稱):
wmic process where name="qq.exe" call terminate
或者用
wmic process where name="qq.exe" delete
wmic 刪除指定進程(根據進程PID):
wmic process where pid="123" delete
wmic 創建新進程
wmic process call create "C:\Program Files\Tencent\QQ\QQ.exe"
其實都很容易上手的,大家多用用就會熟悉這種模式了
詳細信息用 wmic process get /? 查看所有可用的屬性
wmic 操作遠程計算機上的程序
在遠程機器上創建新進程:(2003系統)
wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe
關閉本地計算機
wmic process call create shutdown.exe
重啟遠程計算機 (2003系統)
wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
wmic 操作計算機名稱和用戶帳戶
更改計算機名稱
wmic computersystem where "caption='%ComputerName%'" call rename newcomputername
更改帳戶名
wmic USERACCOUNT where "name='%UserName%'" call rename newUserName
wmic 結束可疑進程(根據進程的啟動路徑)
wmic process where "name='explorer.exe' and executablepath<>C:\\WINDOWS\\windows\\explorer.exe'" delete
wmic 獲取物理內存
wmic memlogical get TotalPhysicalMemory|find /i /v "t"
wmic 獲取文件的創建、訪問、修改時間 (tvzml糾正)
@echo off
for /f "skip=1 tokens=1,3,5 delims=. " %%a in ('wmic datafile where name^="C:\\WINDOWS\\NOTEPAD.EXE" get CreationDate^,LastAccessed^,LastModified') do set a=%%a & set b=%%b & set c=%%c
echo 文件名稱: %WINDIR%\NOTEPAD.EXE
echo 創建時間: %a:~0,4%年%a:~4,2%月%a:~6,2%日, %a:~8,2%:%a:~10,2%:%a:~12,2%
echo 修改時間: %c:~0,4%年%c:~4,2%月%c:~6,2%日, %c:~8,2%:%c:~10,2%:%c:~12,2%
echo 訪問時間: %b:~0,4%年%b:~4,2%月%b:~6,2%日, %b:~8,2%:%b:~10,2%:%b:~12,2%
pause
wmic 全盤搜索某文件並獲取該文件所在目錄
for /f "skip=1 tokens=1*" %i in ('wmic datafile where "FileName='qq' and extension='exe'" get drive^,path') do (set "qPath=%i%j"&@echo %qPath:~0,-3%)
wmic 獲取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
更改當前頁面文件初始大小和最大值,重啟計算機後生效
wmic PageFileSet set InitialSize="512",MaximumSize="512"
設置虛擬內存到E盤,並刪除C盤下的頁面文件,重啟計算機後生效
wmic PageFileSet create name="E:\\pagefile.sys",InitialSize="1024",MaximumSize="1024"
wmic PageFileSet where "name='C:\\pagefile.sys'" delete
獲得進程當前佔用的內存和最大佔用內存的大小:
wmic process where caption='filename.exe' get WorkingSetSize,PeakWorkingSetSize
I constantly spent my half an hour to read this weblog's articles every day along with a cup of coffee.
回覆刪除My blog airbnb coupon code
magnificent issues altogether, you simply gained
回覆刪除a new reader. What may you recommend in regards to your
submit that you simply made a few days in the past? Any sure?
http://www.studi-internazionali.it/node/12074
http://minbitbu.com/?q=node/13346
http://mccowenmills.com/content/easy-how-to-buy-cheap-twitter-followers-products-exactly-what-is-called-for.htm
https://outsideinteractive.mydigitalfiles.com/node/273701
http://webdoanhnhan.com/raovat/marissalavoienjieex/instant-technology-relating-to-how-to-buy-cheap-twitter-followers
https://eccyc.org.s56179.gridserver.com/node/52938
http://www.thelearning.org/lowdown-how-buy-cheap-twitter-followers-operating-systems
http://www.world-gifted.org/node/23628
http://whereisomar.com/photos/2013/75490
http://takeshapekids.com/reasonable-techniques-intended-how-buy-cheap-twitter-followers-what-really-required
Also visit my web site :: redshift
My brother recommended I might like this website.
回覆刪除He was totally right. This post actually made
my day. You cann't imagine just how much time
I had spent for this information! Thanks!
Also visit my page; home interest