Output Formats

Article

Some usefull commands when using WMIC:

  • wmic process [pid] delete
    The rough equivalent (for you UNIX/Linux minded folks) of "kill -9 [pid]"
  • wmic process where name='cmd.exe' delete
    It functions something like "killall -9 cmd.exe" would on a Linux box, where killall lets you kill processes by name.
  • wmic process list brief /every:1
    Sort of like (but not exactly) the Linux/UNIX top command.
  • wmic useraccount
    This one gives a lot more detail than the old "net user" command. With "wmic useraccount" you get user
    names, SIDs, and various security settings.
  • wmic qfe
    This one shows all hotfixes and service packs. QFE stands for Quick Fix Engineering.
  • wmic startup list full
    This shows a whole bunch of stuff useful in malware analysis, including all files loaded at Startup and the
    reg keys associated with autostart.
  • wmic process list brief | find "cmd.exe"
    That works a little like a Linux "ps -aux | grep cmd.exe".
  • wmic /record:test.xml process list brief
    You can use the /record option in WMIC to record the WMIC commands you typed, their output, and a timestamp.
    After the command runs, your results are stored in xml format. That's the only format supported, but this
    is a handy record of what you typed, when you typed it, and the results you got. The only down side, though,
    is that it will overwrite a previous test.xml, rather than append to it. Still, not bad, as long as you make
    sure to use different names for your record files.

Network interface configuration options offered by WMIC:

  • wmic nicconfig where IPEnabled='true'
    That'll give you a list of IP interfaces.
  • wmic nicconfig where Index=1 call EnableStatic ("10.10.10.10"), ("255.255.255.0")
    To change the IP address at the command line
  • wmic nicconfig where Index=1 call EnableDHCP
    Do this for DHCP, where the index is the number of the interface you get from that first nicconfig
    command I put in this update.

 

Having Problems using wmic with /format:csv with "invalid xsl"?

You are using a not en-EN regional setting on WIN2Kxx-Server? -> workaround copy "c:\system32\wbem\en-EN" to "\de-DE" for example.

Or specify xsl: wmic /output: test.csv process /format: %WINDIR%\System32\wbem\en-EN\csv 

XCACLS

Example usage for xcacls.vbs

Links

Other examples and help information can be found on the Microsoft support site on: here

Xcacls.vbs can be downloaded from: here