WMI
WMI can be used to query just about every aspect about a computer the WMI queries that I have included just touch the surface.
Win32_Bios
Get-WmiObject -Class Win32_Bios
SMBIOSBIOSVersion : JYGLKCPX.86A.0049.2019.0401.1038
Manufacturer : Intel Corp.
Name : JYGLKCPX.86A.0049.2019.0401.1038
SerialNumber : G6JY810909AA5
Version : INTEL - 1072009
This can be used to find a computers serial number the Manufacturer and the current bios version.
It is also a good way of identifiying virtual machines and avoiding climbing under the desk to find the serial number.
Win32_NetworkAdapterConfiguration
Get-WmiObject -Class Win32_NetworkAdapterConfiguration
DHCPEnabled : True
IPAddress : {192.168.1.2, fe80::2dd9:6465:b801:bfd3, fdc8:94bb:2cfa:f300:f579:9caf:1bc3:db16,
fdc8:94bb:2cfa:f300:f48d:265f:5dbc:cb9a...}
DefaultIPGateway : {192.168.1.1}
DNSDomain : home
ServiceName : VMSNPXYMP
Description : Hyper-V Virtual Ethernet Adapter #2
Index : 17
Win32_ComputerSystem
Get-WmiObject -Class Win32_ComputerSystem
Domain : WORKGROUP
Manufacturer : Intel Corporation
Model : NUC7CJYH
Name : W10NUC
PrimaryOwnerName : jblow@hotmail.com
TotalPhysicalMemory : 16838123520
Also (Get-WmiObject -Class win32_computersystem).username can be used to find the currently logged on user
Win32_LogicalDisk
Get-WmiObject -Class Win32_LogicalDisk
DeviceID : C:
DriveType : 3
ProviderName :
FreeSpace : 283601723392
Size : 499461910528
VolumeName :
DeviceID : P:
DriveType : 4
ProviderName : \\192.168.1.9\c$\apache\htdocs
FreeSpace : 42169647104
Size : 63846739968
VolumeName :
Win32_OperatingSystem
Get-WmiObject -Class Win32_OperatingSystem
SystemDirectory : C:\WINDOWS\system32
Organization :
BuildNumber : 18363
RegisteredUser : jblow@hotmail.com
SerialNumber :
Version : 10.0.18363
There is more information here if you use |fl *
Win32_Printer
Get-WmiObject -Class Win32_Printer
Location : http://192.168.1.8:3911/
Name : NPI1B975A (HP LaserJet Pro M12w)
PrinterState : 128
PrinterStatus : 1
ShareName :
SystemName : W10NUC
Location :
Name : Microsoft XPS Document Writer
PrinterState : 0
PrinterStatus : 3
ShareName :
SystemName : W10NUC
Location :
Name : Microsoft Print to PDF
PrinterState : 0
PrinterStatus : 3
ShareName :
SystemName : W10NUC
Location :
Name : Fax
PrinterState : 0
PrinterStatus : 3
ShareName :
SystemName : W10NUC
Win32_Processor
Get-WmiObject -Class Win32_Processor
Caption : Intel64 Family 6 Model 60 Stepping 3
DeviceID : CPU0
Manufacturer : GenuineIntel
MaxClockSpeed : 3001
Name : Intel(R) Core(TM) i5-4430 CPU @ 3.00GHz
SocketDesignation : SOCKET 0
win32_Product
Get-WmiObject -Class win32_Product
IdentifyingNumber : {90160000-008C-0000-1000-0000000FF1CE}
Name : Office 16 Click-to-Run Extensibility Component
Vendor : Microsoft Corporation
Version : 16.0.12730.20250
Caption : Office 16 Click-to-Run Extensibility Component
IdentifyingNumber : {90160000-008C-0409-1000-0000000FF1CE}
Name : Office 16 Click-to-Run Localization Component
Vendor : Microsoft Corporation
Version : 16.0.12730.20250
Caption : Office 16 Click-to-Run Localization Component
This command finds most of the software installed on a machine. It does take a while to run.
Win32_TimeZone
Get-WmiObject -Class Win32_TimeZone
Bias SettingID Caption
---- --------- -------
600 (UTC+10:00) Brisbane
Win32_UTCTime
Get-WmiObject -Class Win32_UTCTime
__GENUS : 2
__CLASS : Win32_UTCTime
__SUPERCLASS : Win32_CurrentTime
__DYNASTY : Win32_CurrentTime
__RELPATH : Win32_UTCTime=@
__PROPERTY_COUNT : 10
__DERIVATION : {Win32_CurrentTime}
__SERVER : W10NUC
__NAMESPACE : root\cimv2
__PATH : \\W10NUC\root\cimv2:Win32_UTCTime=@
Day : 25
DayOfWeek : 1
Hour : 1
Milliseconds :
Minute : 33
Month : 5
Quarter : 2
Second : 37
WeekInMonth : 5
Year : 2020
PSComputerName : W10NUC
win32_OptionalFeature
This gives information on windows features useful when you have to query 2008 servers where Get-WindowsFeature will not work.
GET-WmiObject -Class win32_optionalfeature
__GENUS : 2
__CLASS : Win32_OptionalFeature
__SUPERCLASS : CIM_LogicalElement
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_OptionalFeature.Name="Microsoft-Hyper-V-Management-Clients"
__PROPERTY_COUNT : 6
__DERIVATION : {CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : W10NUC
__NAMESPACE : root\cimv2
__PATH : \\W10NUC\root\cimv2:Win32_OptionalFeature.Name="Microsoft-Hyper-V-Management-Clients"
Caption : Hyper-V GUI Management Tools
Description :
InstallDate :
InstallState : 1
Name : Microsoft-Hyper-V-Management-Clients
Status :
PSComputerName : W10NUC
__GENUS : 2
__CLASS : Win32_OptionalFeature
__SUPERCLASS : CIM_LogicalElement
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_OptionalFeature.Name="Windows-Defender-ApplicationGuard"
__PROPERTY_COUNT : 6
__DERIVATION : {CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : W10NUC
__NAMESPACE : root\cimv2
__PATH : \\W10NUC\root\cimv2:Win32_OptionalFeature.Name="Windows-Defender-ApplicationGuard"
Caption : Windows Defender Application Guard
Description :
InstallDate :
InstallState : 2
Name : Windows-Defender-ApplicationGuard
Status :
PSComputerName : W10NUC
Uninstalling an Application using PowerShell and WMI
$MyApp = Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -eq "Free Tools"}
$MyApp.Uninstall()
CIM
Cim is newer than wmi and has a slightly different syntax
To query BIOS as an example you would use:
Get-CimInstance -ClassName win32_bios
All of the commands for CIM are:
gcm -Noun cim*
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Get-CimAssociatedInstance 1.0.0.0 CimCmdlets
Cmdlet Get-CimClass 1.0.0.0 CimCmdlets
Cmdlet Get-CimInstance 1.0.0.0 CimCmdlets
Cmdlet Get-CimSession 1.0.0.0 CimCmdlets
Cmdlet Invoke-CimMethod 1.0.0.0 CimCmdlets
Cmdlet New-CimInstance 1.0.0.0 CimCmdlets
Cmdlet New-CimSession 1.0.0.0 CimCmdlets
Cmdlet New-CimSessionOption 1.0.0.0 CimCmdlets
Cmdlet Register-CimIndicationEvent 1.0.0.0 CimCmdlets
Cmdlet Remove-CimInstance 1.0.0.0 CimCmdlets
Cmdlet Remove-CimSession 1.0.0.0 CimCmdlets
Cmdlet Set-CimInstance 1.0.0.0 CimCmdlets
Filtering
filtering in wmi uses the WQL language
Here are the comparison operators for WQL = , > , < , <>, like ' '
Equals, greater than, less than, not equal to and like in single quotes
The % sign is the wild card not an * like powershell uses
An example looks like this:
gwmi win32_service -Filter "state <> 'running' and startmode = 'auto'"
You can also use SQL format with the -Query switch
Get-CimInstance -Query "SELECT * FROM Win32_service WHERE Startmode = 'auto' AND name LIKE '%update%' AND state <> 'Running'"