wmic应用实例

实例应用

1、磁盘管理

 

查看磁盘的属性

wmic logicaldisk list brief

::caption=标题、driveID=驱动器ID号、model=产品型号、Partitions=分区、size=大小

 

根据磁盘的类型查看相关属性

wmic logicaldisk where drivetype=3 list brief

 

使用get参数来获得自己想要参看的属性

wmic logicaldisk where drivetype=3 get deviceid,size,freespace,description,filesystem

 

只显示c盘的相关信息

wmic logicaldisk where name="c:" get deviceid,size,freespace,description,filesystem

::description=描述、deviceid=驱动器ID号、size=大小、freespace=剩余空间、filesystem=文件系统

 

 

更改卷标的名称

wmic logicaldisk where name="c:" set volumename=lsxq

 

获得U盘的盘符号

wmic logicaldisk where drivetype='2' get deviceid,description

wmic logicaldisk where "drivetype=2" get name

::2=移动磁盘、3=本地磁盘、5=光驱。

 

查看物理磁盘的真实情况

wmic diskdrive list brief

 

查看物理磁盘的真实情况

wmic diskdrive list

 

2、系统服务管理

 

获得指定服务进程的PID号

wmic service where name="TermService" get processid

 

显示正在运行的服务

wmic service where state='running' get name,displayname

 

显示已启动服务对应所在的可执行文件路径

wmic service where state='running' get name,pathname

 

启动一个服务

wmic service where name="sharedaccess" startservice

 

停止一个服务

wmic service where name="sharedaccess" stopservice

 

将某个服务设为自启动(手动、禁用)

wmic service where name='sharedaccess' changestartmode 'automatic'

 

显示开机自启动的服务

wmic service where startmode='auto' get name,displayname

 

显示开始自启动并且当前处于运行状态的服务

wmic service where "startmode='auto' and state='running'" get name,displayname

 

显示禁用或手动启动的服务

wmic service where 'startmode="disabled" or startmode="manual"' get name,displayname

 

3、进程管理

 

结束一个进程(可根据进程对应的PID)

wmic process where name="notepad.exe" delete

wmic process where name="notepad.exe" terminate

wmic process where pid="123" delete

wmic path win32_process where "name='notepad.exe'" delete

 

创建一个进程

wmic process call create "c:\windows\system32\calc.exe"

 

查询进程的启动路径(将得到的信息输出)

wmic process get name,executablepath,processid

wmic /output:c:\process.html process get processid,name,executablepath /format:htable.xsl

 

查询指定进程的信息

wmic process where name="notepad.exe" get name,executablepath,processid

 

在远程计算上创建进程

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "c:\windows\notepad.exe"

 

查询远程计算机上的进程列表

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process get name,executablepath,processid

 

将获得到的远程计算机进程列表保存到本地

 

wmic /output:c:\process.html /node:192.168.8.10 /user:administrator /password:xiongyefeng process get processid,name,executablepath /format:htable.xsl

 

结束远程计算上的指定进程

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process where name="notepad.exe" delete

 

重启远程计算机

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -r -f"

 

关闭远程计算机

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -s -f"

 

高级应用:

 

结束可疑的进程

wmic process where "name='explorer.exe' and executablepath <> '%systemdrive%\\windows\\explorer.exe'" delete

wmic process where "name='svchost.exe' and executablepath <> '%systemdrive%\\windows\\system32\\svchost.exe'" call terminate

 

4、文件管理

 

更改文件名

wmic datafile "c:\\test.txt" rename "c:\lsxq.txt"

 

复制单个文件

wmic datafile "c:\\test.txt" copy "d:\lsxq.txt"

 

获得指定路径下特定扩展名的文件列表

wmic datafile where "drive='c:' and path='\\' and extension='txt'" get name,Path,"System File"

 

删除文件夹

wmic fsdir "c:\\test" delete

 

文件夹重命名

wmic fsdir "c:\\test" rename "c:\lsxq"

 

复制文件夹

wmic fsdir "c:\test" copy "d:\test"

 

全盘查找指定文件

wmic datafile where "filename='qq' and extension='exe'" get name

 

获得指定路径下特定扩展名并要求只显示满足题目条件的文件

wmic datafile where "drive='e:' and path='\\surecity\\' and extension='rar' and filesize>1000" get name

 

获取文件的创建、访问、修改时间

Wmic datafile where name="c:\\windows\\notepad.exe" get CreationDate,LastAccessed,LastModified

 

 

 

二、wmic技术代码:

 

查询远程计算机上的进程列表
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process get name,executablepath,processid

将获得到的远程计算机进程列表保存到本地

wmic /output:c:\process.html /node:192.168.8.10 /user:administrator /password:xiongyefeng process get processid,name,executablepath /format:htable.xsl

结束远程计算上的指定进程
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process where name="notepad.exe" delete

重启远程计算机
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -r -f"

关闭远程计算机
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -s -f"

 

posted @ 2013-10-23 11:30  狂师  阅读(1281)  评论(0编辑  收藏  举报