WMIC - The Windows secret weapon

Updated: January 28, 2012

Windows Management Instrumentation Command-Line (WMIC) is the Windows most zealously kept secret. Why? Because Windows has had a proper command line since 2000, that is eleven years now, and yet, few people knew about WMIC, let alone used it. Belatedly, it is time to end the era of secrecy and unveil WMIC, Dedoimedo style.

In this short tutorial, I would like to show you a sample of what WMIC can do. It's a most powerful tool and it complements the existing management and administration utilities and tools, like the regular command line and PowerShell. We'll do it on Windows 8 developer preview edition, but in practice, any version of Windows will do. At work or home, you can fully locally and remotely manage your Microsoft systems from the command line. Bloody awesome.


Using WMIC

You can issue WMIC instructions directly, using a somewhat SQL-like syntax or you drop into the WMIC shell and then run commands there. The second mode of work is most useful when you want to test and tweak your work before creating automated scripts for unattended systems management. Let me remind you again, works equally well for local and remote tasks.

To start the shell, type wmic in the command line:

Start wmic

Now, you can start using the shell. Type /? to get help, or rather a full listing of global switches and commands available. Then, you can further expand by typing one of the available switches or commands with the help flag to get its options.



The usage is simple, although you can make it as complicated as you want. Basically, you call the WMIObject followed by a list of properties and switches and verbs. This is similar to what you may know from SQL or similar. For example:

wmic /node:SERVER1 printer list status

This is the full command, and what it does is checks the status of printers connected to a host called SERVER1. The /node switch is used to establish connection to the host and then query it with the relevant command. Note: In general, uppercase is ignored, so you can use only lowercase if you need. Inside the shell, you need not use wmic, so the command becomes:

/node:SERVER1 printer list status

Sample commands

To get running, here are some commands, taken directly from the Microsoft guide. For example, to see information about the operating system and the installed hotfixes and patches, type os assoc:

Sample command

Or perhaps information on your desktop or the CD-ROM:

Desktop example

CDROM example

Or you might want to control your network interfaces:

NIC example

Controlling processes

One of the most powerful features of WMIC is the ability to control process: get a complete list with names and process IDs, send instructions and calls. Really dandy.

Let's say you want to terminate a process. But first we need to get a list of all processes. Simple, process list will do that. But then, we might not be interested in all of the fields, so we might want to polish our output:

process get name,processid

And this is the list:

Get process list

Now, let's terminate Notepad. Please note the PID is different now. What we do is the following command, a simple sort of sentence-like statement, where we determine the condition and the action, plus the return value so you can check the sanity and success of your administration work.

process where processid="1000" call terminate

Terminate process

You can make this more complex, for example:

/node:localhost /user:rambo /password:123456 process where name="paint.exe" call terminate

In this example, we try something different. We specify the node we want to connect to, and it's localhost this time. Then, we also write the username and password, which lets you run commands as specific users. This could be of cardinal importance, if you must log the execution of commands or require certain privileges. Finally, we name the process rather that go by the process ID, and we have it terminated.

And more. Truly, you are only limited by your imagination and skill.

Non-interactive use

Outside the interactive shell, you can call WMIC in a non-interactive mode. The functionality is virtually identical to what we've seen before except that you need to make complete logic based on the output and cannot have any interaction. For example, inside the shell, you will be asked to confirm termination a process; not so when calling WMIC from a batch file, a scheduled job or similar. Going back to the printer example:

wmic /node:SERVER1 printer list status

Other cool stuff

Another similar tool is PsExec, a part of the famous and highly useful Sysinternals suite, which can be used to execute commands on remote computers, simplifying administration. Now, this is not specifically related to WMIC, but while we're at being super cool from the command line in Windows, why not have it all?


More WMIC examples

Here's a handful of articles that should help you get started:

Examples of WMIC commands

WMIC quick start


WMIC is such a powerful, so little known tool. And it's been around for eleven years! Eleven. Think of all the flexibility and control you have, all so well obscured by the GUI use of the Windows operating system. Well, no more. Just a decade late, this article teaches you all you need to know to become super cool.

In all sincerity, mastering WMIC is a great way of pimping up your Windows skills and making the administration that much easier. It should also help you get rid of all kinds of third-party tools that pretend to do the hard work for you, where they only act as fancy frontends for the technology that's already there. As a Linux guy, this opens a whole new world of possibilities before me, making Windows so much appealing for serious work. Well, I hope you learned some new and valuable today.

We shall have a sequel soon, too. See you around.

Many thanks to Frankie Four Fingers for this tip!