獲得系統版本信息 wmic datafile where Name='c://windows//explorer.exe' get Manufacturer,

1. 獲得系統版本信息
2. wmic datafile where Name='c://windows//explorer.exe' get Manufacturer,Version,Filename
3.  
4. 獲得系統進程
5. wmic process list full 注意：
6. 這裏的full也可以換成brief（簡潔）
7.  
8. 獲得硬件信息（這裏以cpu为例）
9. wmic cpu get name,caption,maxclockspeed,description
10.  
11. 將結果輸出到d盤的1.txt裏面
12. wmic /output:D:/1.txt cpu get name
13.  
14. wmic 獲取硬盤固定分區盤符:
15. wmic logicaldisk where "drivetype=3" get name
16.  
17. wmic 獲取硬盤各分區文件系統以及可用空間：
18. wmic logicaldisk where "drivetype=3" get name,filesystem,freespace
19.  
20. wmic 獲取進程名稱以及可執行路徑:
21. wmic process get name,executablepath
22.  
23. wmic 刪除指定進程(根據進程名稱):
24. wmic process where name="qq.exe" call terminate
25. 或者用
26. wmic process where name="qq.exe" delete
27.  
28. wmic 刪除指定進程(根據進程PID):
29. wmic process where pid="123" delete
30.  
31. wmic 創建新進程
32. wmic process call create "C:/Program Files/Tencent/QQ/QQ.exe"
33.  
34. 在遠程機器上創建新進程：
35. wmic /node:192.168.1.10 /user:administrator /password:123456 process call create cmd.exe
36.  
37. 關閉本地計算機
38. wmic process call create shutdown.exe
39.  
40. 重启遠程計算機
41. wmic /node:192.168.1.10/user:administrator /password:123456 process call create "shutdown.exe -r -f -m"
42.  
43. 更改計算機名稱
44. wmic computersystem where "caption='%ComputerName%'" call rename newcomputername
45.  
46. 更改帳戶名
47. wmic USERACCOUNT where "name='%UserName%'" call rename newUserName
48.  
49. wmic 結束可疑進程（根據進程的启動路徑）
50. wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%//windows//explorer.exe'" delete
51.  
52. wmic 獲取物理內存
53. wmic memlogical get TotalPhysicalMemory|find /i /v "t"
54.  
55. wmic 獲取文件的創建、訪問、修改時間
56. @echo off
57. 'wmic datafile where name^="c://windows//system32//notepad.exe" get CreationDate^,LastAccessed^,LastModified
58.  
59. wmic 全盤搜索某文件並獲取該文件所在目錄
60. wmic datafile where "FileName='qq' and extension='exe'" get drive,path
61. for /f "skip=1 tokens=1*" %i in ('wmic datafile where "FileName='qq' and extension='exe'" get drive^,path') do (set "qPath=%i%j" & @echo %qPath:~0,-3%)
62.  
63. 獲取屏幕分辨率
64. wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
65.  
66. 獲取共享資源(包括隱藏共享)
67. WMIC share list brief
68.  
69. 獲取U盤盤符，並運行U盤上的QQ.exe
70. @for /f "skip=1 tokens=*" %i in ('wmic logicaldisk where "drivetype=2" get name') do (if not "%i"=="" start d:/qq.exe)
71.  
72. 獲得進程當前占用的內存和最大占用內存的大小：
73. wmic process where caption='filename.exe' get WorkingSetSize,PeakWorkingSetSize
74.  
75. 更改現有工作組为指定的工作組
76. wmic computersystem Where "name='計算機名稱' call UnjoinDomainOrWorkgroup
77.  
78. 退出所在域
79. wmic computersystem Where "name='計算機名稱'" call joindomainorworkgroup "",1,"域名稱","域管理員密碼","域管理員用戶名"
80.  
81. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
82. 開2003的3389
83. wmic RDTOGGLE WHERE ServerName='%COMPUTERNAME%' call
84. SetAllowTSConnections 1
85.  
86. 遠程打開計算機遠程桌面
87. wmic /node:%pcname% /USER:%pcaccount% PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1
88.  
89. 添加的計劃任務，wmic添加的同样AT命令也是可以看到
90. wmic job call create "sol.exe",0,0,true,false,********154800.000000+480
91. wmic job call create "sol.exe",0,0,1,0,********154600.000000+480
92. 這兩句是相同的，TRUE可以用1表示，同样的FALSE可以用0值表示，時間前为何用八個星號，這是WMIC的特性，他顯示時間的方式是YYYYMMDDHHMMSS.MMMMMM+時區 ,可是，我們並不需要指定年份和月份還有天，所以用*星號來替代
93.  
94. 在wmic下查看BIOS信息
95. wmic bios list full
96.  
97. wmic還有停止、暫停和運行服務的功能：
98. 启動服務startservice，停止服務stopservice，暫停服務pauseservice。
99. 具體的命令使用格式就是：
100. wmic Service where caption=”windows time” call stopservice
101. ●－－停止服務
102. wmic Service where caption=”windows time” call startservice
103. ●－－启動服務
104. wmic Service where name=”w32time” call stopservice
105. ●－－停止服務，注意name和caption的區別。
106.  
107.  
108. 遠程創建進程
109. wmic /node:109.254.2.102 /user:"rdgad/administrator" /password:"1234" process call create commandline="cmd.exe /k echo xxxxx|clip.exe"
110. 獲取硬盤序列號：
111. wmic diskdrive get model
112.  
113. Update static IP address
114. wmic nicconfig where index=9 call enablestatic("192.168.16.4"), ("255.255.255.0")
115. Change network gateway
116. wmic nicconfig where index=9 call setgateways("192.168.16.4", "192.168.16.5"),(1,2)
117. Enable DHCP
118. wmic nicconfig where index=9 call enabledhcp
119. Service Management
120. wmic service where caption="DHCP Client" call changestartmode "Disabled"
121. Start an application
122. wmic process call create "calc.exe"
123. Terminate an application
124. wmic process where name="calc.exe" call terminate
125. Change process priority
126. wmic process where name="explorer.exe" call setpriority 64
127. Get list of process identifiers
128. wmic process where (Name='svchost.exe') get name,processid
129. Information about harddrives
130. wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, volumeserialnumber
131. Information about os
132. wmic os get bootdevice, buildnumber, caption, freespaceinpagingfiles, installdate, name, systemdrive, windowsdirectory /format:htable > c:osinfo.htm
133. Information about files
134. wmic path cim_datafile where "Path='\windows\system32\wbem\' and FileSize>1784088" > c:wbemfiles.txt
135. Process list
136. wmic process get /format:htable > c:process.htm
137.  
138. ---
139. wmic process where name="javaw.exe" list