Get-WmiObject

Get WMI class information, instances of classes or available classes. Alias: gwmi

Syntax
      Get-WmiObject [-Authority string] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject [[-Class] string] [-Authority string] [-List] [-Recurse] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject [-Class] string [[-Property] string[]] [-Authority string] [-DirectRead]
        [-Filter string] [-Amended] [-AsJob]
           [-Authentication AuthenticationLevel] [-ComputerName string[]]
              [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
                 [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject -Query string [-Authority string] [-DirectRead] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

Key
   -Amended
       Get or set a value that indicates whether the objects have been amended.
       Typically,  object and property descriptions (localizable info.)

   -AsJob
       Run the command as a background job.
       Results from remote computers are automatically returned to the local computer.
       To get the job results, use -Receive-Job
        
       Note: To use this parameter with remote computers, the local and remote
       computers must be configured for remoting. Additionally, you must start
       PowerShell in Elevated mode/"Run as administrator"

   -Authentication AuthenticationLevel
       The authentication level to be used with the WMI connection.
       Valid values are listed below.

   -Authority string
       The authority to use to authenticate a remote WMI connection:
       NTLM     = ntlmdomain:DomainName
       Kerberos = kerberos:DomainName\ServerName

   -class string
       The name of a WMI class (see list below).

   -computerName string[]
       The computer(s) to run against.
       A NETBIOS name, an IP address, full domain name or local (.)
       WMI information is retrieved via the WMI Service (CIMOM)
       on the specified computers. This does not rely on PowerShell remoting.

   -credential PSCredential
       Use the specified credential to authenticate the user. Type a user name  
       or submit a credential object (created with Get-Credential)
       If you supply a user name, you will be prompted for a password.

   -DirectRead
       Whether direct access to the WMI provider is requested for the specified
       class without any regard to its base class or to its derived classes.

   -EnableAllPrivileges
       Enable all the privileges of the current user before the command makes the WMI call.

   -filter string
       A where clause to use as a filter. Use the syntax of the WQL language.
       Do not include the WHERE keyword.

   -Impersonation ImpersonationLevel
       The impersonation level to use: Default | Anonymous | Identify | Impersonate | Delegate
        
       0: Default (read the registry for the default, which is usually set to "3".)
       1: Anonymous (Hide the credentials of the caller.)
       2: Identify (Allow objects to query the credentials of the caller.)
       3: Impersonate (Allow objects to use the credentials of the caller.)
       4: Delegate (Allow objects to permit other objects to use the credentials of the caller.)

   -list 
       Retrieve and display the names of the WMI classes.

   -Locale string
       The preferred locale for WMI objects.
       Specify as an array in MS_LCID format in the preferred order.

   -property string
       A WMI class property (or set of properties) to retrieve.

   -namespace string
       The WMI repository namespace.
       If you don't specify the -Namespace parameter, then root\CIMV2 
       will be used by default.
	   
   -query string
       A WMI Query Language (WQL) statement to run. 
       Event queries are not supported.

   -Recurse
       Make the command search the current namespace and all other namespaces for
       the class name that is specified in the Class parameter.

   -ThrottleLimit int
       Allow the user to specify a throttling value for the number of WMI operations
       that can be executed simultaneously. (Used together with -AsJob.)

   CommonParameters:
       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

Standard Aliases for Get-Module: gwmi

For WMI to work against a remote machine you may need to first configure it's local Windows firewall to allow the remote access.

When using -filter with a wildcard, use the WMI specific wildcards: % for zero or more characters, _ for a single character.

Authentication Levels:

Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged

0: Default
1: None (No authentication in performed.)
2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
4: Packet (Authentication is performed on all the data that is received from the client.)
5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)
-1: Unchanged

WMI Classes

The WMI classes available will vary according to your operating system.
List all WMI classes:
PS C:\> Get-WmiObject -List

Find a specific class:
PS C:\> Get-WmiObject -List | Where { $_.name -match 'User'}

Some common WMI classes:

Win32_computerSystem
Win32_bios
Win32_baseboard   (Motherboard)
Win32_processor   (32+64 bit processor info)
Win32_LogicalDisk  (hard disk)
Win32_PhysicalMemory
Win32_operatingSystem  (Virtual Memory)

List all properties of a class:
PS C:\> Get-WmiObject Win32_bios | Get-Member

Find a specific class property:

PS C:\> gwmi Win32_bios | Get-Member -MemberType property | Where { $_.name -match 'install'}

Examples

Display information about all processes:

PS C:\> gwmi win32_process

Display service names that starts with 'Oracle':

PS C:\> gwmi win32_service -filter "name like 'Oracle%'" | select name

Display services running on the machine 'Server64':

PS C:\> gwmi win32_service -computername Server64

passing username credentials:

PS C:\> gwmi win32_service -credential SS64\Simon -computer Server64

List services that are set to start automatically:

PS C:\> gwmi win32_service -filter "startmode='auto'" | select name,startmode

List services that are set to start automatically (same as above but written in WQL):

PS C:\> gwmi -query "select * from win32_service where startmode='auto'" | select name,startmode 

Display information about the Alerter service:

PS C:\> gwmi -query "select * from win32_service where name='alerter'"

Stop the Alerter service:

PS C:\> (gwmi win32_service -filter "name='alerter'").StopService()

Display svchost processes:

PS C:\> gwmi win32_process -filter "name='svchost.exe'" | select commandline, name

Get the Dell serial number for a remote PC and convert it to a string:

PS C:\> (gwmi win32_systemenclosure -computername wkstn64).SerialNumber

Display BIOS and Memory information:

PS C:\> gwmi win32_bios | format-list *
PS C:\> gwmi Win32_ComputerSystem
PS C:\> gwmi Win32_PhysicalMemory

Uninstall a program (Paint.NET) from an elevated prompt, note the wildcard (%) is used to match multiple versions 3.1, 3.2…

PS C:\> $appToRemove = gwmi Win32_Product -Filter "Name LIKE 'Paint.net v3%'"
PS C:\> $appToRemove[1].Uninstall()

“A good question is like a miniskirt. Long enough to cover the essentials, but short enough to keep everyone interested” ~ Charles Halsey

Related:

Get-WmiObject Win32_OperatingSystem - Get the OS and service pack
Invoke-WmiMethod - Call WMI methods
Get-Credential - Get a security credential object based on a user name and password.
WQL (WMI Query Language) - msdn.microsoft.com


© Copyright SS64.com 1999-2013
Some rights reserved