Get WMI class information, instances of classes or available classes. Alias: gwmi
Syntax
Get-WmiObject [-Authority string] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Get-WmiObject [[-Class] string] [-Authority string] [-List] [-Recurse] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Get-WmiObject [-Class] string [[-Property] string[]] [-Authority string] [-DirectRead]
[-Filter string] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Get-WmiObject -Query string [-Authority string] [-DirectRead] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Key
-Amended
Get or set a value that indicates whether the objects have been amended.
Typically, object and property descriptions (localizable info.)
-AsJob
Run the command as a background job.
Results from remote computers are automatically returned to the local computer.
To get the job results, use -Receive-Job
Note: To use this parameter with remote computers, the local and remote
computers must be configured for remoting. Additionally, you must start
PowerShell in Elevated mode/"Run as administrator"
-Authentication AuthenticationLevel
The authentication level to be used with the WMI connection.
Valid values are listed below.
-Authority string
The authority to use to authenticate a remote WMI connection:
NTLM = ntlmdomain:DomainName
Kerberos = kerberos:DomainName\ServerName
-class string
The name of a WMI class (see list below).
-computerName string[]
The computer(s) to run against.
A NETBIOS name, an IP address, full domain name or local (.)
WMI information is retrieved via the WMI Service (CIMOM)
on the specified computers. This does not rely on PowerShell remoting.
-credential PSCredential
Use the specified credential to authenticate the user. Type a user name
or submit a credential object (created with Get-Credential)
If you supply a user name, you will be prompted for a password.
-DirectRead
Whether direct access to the WMI provider is requested for the specified
class without any regard to its base class or to its derived classes.
-EnableAllPrivileges
Enable all the privileges of the current user before the command makes the WMI call.
-filter string
A where clause to use as a filter. Use the syntax of the WQL language.
Do not include the WHERE keyword.
-Impersonation ImpersonationLevel
The impersonation level to use: Default | Anonymous | Identify | Impersonate | Delegate
0: Default (read the registry for the default, which is usually set to "3".)
1: Anonymous (Hide the credentials of the caller.)
2: Identify (Allow objects to query the credentials of the caller.)
3: Impersonate (Allow objects to use the credentials of the caller.)
4: Delegate (Allow objects to permit other objects to use the credentials of the caller.)
-list
Retrieve and display the names of the WMI classes.
-Locale string
The preferred locale for WMI objects.
Specify as an array in MS_LCID format in the preferred order.
-property string
A WMI class property (or set of properties) to retrieve.
-namespace string
The WMI repository namespace.
If you don't specify the -Namespace parameter, then root\CIMV2
will be used by default.
-query string
A WMI Query Language (WQL) statement to run.
Event queries are not supported.
-Recurse
Make the command search the current namespace and all other namespaces for
the class name that is specified in the Class parameter.
-ThrottleLimit int
Allow the user to specify a throttling value for the number of WMI operations
that can be executed simultaneously. (Used together with -AsJob.)
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
gwmi is an alias for Get-WmiObject
For WMI to work against a remote machine you may need to first configure it's local Windows firewall to allow the remote access.
When using -filter with a wildcard, use the WMI specific wildcards: % for zero or more characters, _ for a single character.
Authentication Levels:
Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged
0: Default
1: None (No authentication in performed.)
2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
4: Packet (Authentication is performed on all the data that is received from the client.)
5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)
-1: Unchanged
WMI Classes
The WMI classes available will vary according to your operating system.
List all WMI classes:
PS C:\> Get-WmiObject -List
Find a specific class:
PS C:\> Get-WmiObject -List | Where { $_.name -match 'User'}
Some common WMI classes:
Win32_computerSystem
Win32_bios
Win32_baseboard (Motherboard)
Win32_processor (32+64 bit processor info)
Win32_LogicalDisk (hard disk)
Win32_PhysicalMemory
Win32_operatingSystem (Virtual Memory)
List all properties of a class:
PS C:\> Get-WmiObject Win32_bios | Get-Member
Find a specific class property:
PS C:\> gwmi Win32_bios | Get-Member -MemberType property | Where { $_.name -match 'install'}
Examples
Display information about all processes:
PS C:\> gwmi win32_process
Display service names that starts with 'Oracle':
PS C:\> gwmi win32_service -filter "name like 'Oracle%'" | select name
Display services running on the machine 'Server64':
PS C:\> gwmi win32_service -computername Server64
passing username credentials:
PS C:\> gwmi win32_service -credential SS64\Simon -computer Server64
List services that are set to start automatically:
PS C:\> gwmi win32_service -filter "startmode='auto'" | select name,startmode
List services that are set to start automatically (same as above but written in WQL):
PS C:\> gwmi -query "select * from win32_service where startmode='auto'" | select name,startmode
Display information about the Alerter service:
PS C:\> gwmi -query "select * from win32_service where name='alerter'"
Stop the Alerter service:
PS C:\> (gwmi win32_service -filter "name='alerter'").StopService()
Display svchost processes:
PS C:\> gwmi win32_process -filter "name='svchost.exe'" | select commandline, name
Get the Dell serial number for a remote PC and convert it to a string:
PS C:\> (gwmi win32_systemenclosure –computername wkstn64).SerialNumber
Display BIOS and Memory information:
PS C:\> gwmi win32_bios | format-list *
PS C:\> gwmi Win32_ComputerSystem
PS C:\> gwmi Win32_PhysicalMemory
"A good question is like a miniskirt. Long enough to cover the essentials, but short enough to keep everyone interested" - Charles Halsey
Related:
Get-WmiObject Win32_OperatingSystem - Get the OS and service pack
Invoke-WmiMethod - Call WMI methods
Get-Credential - Get a security credential object based on a user name and password.
WQL (WMI Query Language) - msdn.microsoft.com
