实例应用

1、磁盘管理

查看磁盘的属性

wmic logicaldisk list brief

::caption=标题、driveID=驱动器ID号、model=产品型号、Partitions＝分区、size＝大小

根据磁盘的类型查看相关属性

wmic logicaldisk where drivetype=3 list brief

使用get参数来获得自己想要参看的属性

wmic logicaldisk where drivetype=3 get deviceid,size,freespace,description,filesystem

只显示c盘的相关信息

wmic logicaldisk where name="c:" get deviceid,size,freespace,description,filesystem

::description=描述、deviceid=驱动器ID号、size=大小、freespace＝剩余空间、filesystem=文件系统

更改卷标的名称

wmic logicaldisk where name="c:" set volumename=lsxq

获得U盘的盘符号

wmic logicaldisk where drivetype='2' get deviceid,description

wmic logicaldisk where "drivetype=2" get name

::2=移动磁盘、3＝本地磁盘、5＝光驱。

查看物理磁盘的真实情况

wmic diskdrive list brief

查看物理磁盘的真实情况

wmic diskdrive list

2、系统服务管理

获得指定服务进程的PID号

wmic service where name="TermService" get processid

显示正在运行的服务

wmic service where state='running' get name,displayname

显示已启动服务对应所在的可执行文件路径

wmic service where state='running' get name,pathname

启动一个服务

wmic service where name="sharedaccess" startservice

停止一个服务

wmic service where name="sharedaccess" stopservice

将某个服务设为自启动(手动、禁用)

wmic service where name='sharedaccess' changestartmode 'automatic'

显示开机自启动的服务

wmic service where startmode='auto' get name,displayname

显示开始自启动并且当前处于运行状态的服务

wmic service where "startmode='auto' and state='running'" get name,displayname

显示禁用或手动启动的服务

wmic service where 'startmode="disabled" or startmode="manual"' get name,displayname

3、进程管理

结束一个进程(可根据进程对应的PID)

wmic process where name="notepad.exe" delete

wmic process where name="notepad.exe" terminate

wmic process where pid="123" delete

wmic path win32_process where "name='notepad.exe'" delete

创建一个进程

wmic process call create "c:\windows\system32\calc.exe"

查询进程的启动路径(将得到的信息输出)

wmic process get name,executablepath,processid

wmic /output:c:\process.html process get processid,name,executablepath /format:htable.xsl

查询指定进程的信息

wmic process where name="notepad.exe" get name,executablepath,processid

在远程计算上创建进程

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "c:\windows\notepad.exe"

查询远程计算机上的进程列表

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process get name,executablepath,processid

将获得到的远程计算机进程列表保存到本地

wmic /output:c:\process.html /node:192.168.8.10 /user:administrator /password:xiongyefeng process get processid,name,executablepath /format:htable.xsl

结束远程计算上的指定进程

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process where name="notepad.exe" delete

重启远程计算机

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -r -f"

关闭远程计算机

wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -s -f"

高级应用：

结束可疑的进程

wmic process where "name='explorer.exe' and executablepath <> '%systemdrive%\\windows\\explorer.exe'" delete

wmic process where "name='svchost.exe' and executablepath <> '%systemdrive%\\windows\\system32\\svchost.exe'" call terminate

4、文件管理

更改文件名

wmic datafile "c:\\test.txt" rename "c:\lsxq.txt"

复制单个文件

wmic datafile "c:\\test.txt" copy "d:\lsxq.txt"

获得指定路径下特定扩展名的文件列表

wmic datafile where "drive='c:' and path='\\' and extension='txt'" get name,Path,"System File"

删除文件夹

wmic fsdir "c:\\test" delete

文件夹重命名

wmic fsdir "c:\\test" rename "c:\lsxq"

复制文件夹

wmic fsdir "c:\test" copy "d:\test"

全盘查找指定文件

wmic datafile where "filename='qq' and extension='exe'" get name

获得指定路径下特定扩展名并要求只显示满足题目条件的文件

wmic datafile where "drive='e:' and path='\\surecity\\' and extension='rar' and filesize>1000" get name

获取文件的创建、访问、修改时间

Wmic datafile where name="c:\\windows\\notepad.exe" get CreationDate,LastAccessed,LastModified

二、wmic技术代码：

查询远程计算机上的进程列表
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process get name,executablepath,processid

将获得到的远程计算机进程列表保存到本地

wmic /output:c:\process.html /node:192.168.8.10 /user:administrator /password:xiongyefeng process get processid,name,executablepath /format:htable.xsl

结束远程计算上的指定进程
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process where name="notepad.exe" delete

重启远程计算机
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -r -f"

关闭远程计算机
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -s -f"