Get WMI class information, instances of classes or available classes. Alias: gwmi

      Get-WmiObject [-Authority string] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject [[-Class] string] [-Authority string] [-List] [-Recurse] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject [-Class] string [[-Property] string[]] [-Authority string] [-DirectRead]
        [-Filter string] [-Amended] [-AsJob]
           [-Authentication AuthenticationLevel] [-ComputerName string[]]
              [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
                 [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject -Query string [-Authority string] [-DirectRead] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

       Get or set a value that indicates whether the objects have been amended.
       Typically,  object and property descriptions (localizable info.)

       Run the command as a background job.
       Results from remote computers are automatically returned to the local computer.
       To get the job results, use -Receive-Job
       Note: To use this parameter with remote computers, the local and remote
       computers must be configured for remoting. Additionally, you must start
       PowerShell in Elevated mode/"Run as administrator"

   -Authentication AuthenticationLevel
       The authentication level to be used with the WMI connection.
       Valid values are listed below.

   -Authority string
       The authority to use to authenticate a remote WMI connection:
       NTLM     = ntlmdomain:DomainName
       Kerberos = kerberos:DomainName\ServerName

   -class string
       The name of a WMI class (see list below).

   -computerName string[]
       The computer(s) to run against.
       A NETBIOS name, an IP address, full domain name or local (.)
       WMI information is retrieved via the WMI Service (CIMOM)
       on the specified computers. This does not rely on PowerShell remoting.

   -credential PSCredential
       Use the specified credential to authenticate the user. Type a user name  
       or submit a credential object (created with Get-Credential)
       If you supply a user name, you will be prompted for a password.

       Whether direct access to the WMI provider is requested for the specified
       class without any regard to its base class or to its derived classes.

       Enable all the privileges of the current user before the command makes the WMI call.

   -filter string
       A where clause to use as a filter. Use the syntax of the WQL language.
       Do not include the WHERE keyword.

   -Impersonation ImpersonationLevel
       The impersonation level to use: Default | Anonymous | Identify | Impersonate | Delegate
       0: Default (read the registry for the default, which is usually set to "3".)
       1: Anonymous (Hide the credentials of the caller.)
       2: Identify (Allow objects to query the credentials of the caller.)
       3: Impersonate (Allow objects to use the credentials of the caller.)
       4: Delegate (Allow objects to permit other objects to use the credentials of the caller.)

       Retrieve and display the names of the WMI classes.

   -Locale string
       The preferred locale for WMI objects.
       Specify as an array in MS_LCID format in the preferred order.

   -property string
       A WMI class property (or set of properties) to retrieve.

   -namespace string
       The WMI repository namespace.
       If you don't specify the -Namespace parameter, then root\CIMV2 
       will be used by default.

   -query string
       A WMI Query Language (WQL) statement to run. 
       Event queries are not supported.

       Make the command search the current namespace and all other namespaces for
       the class name that is specified in the Class parameter.

   -ThrottleLimit int
       Allow the user to specify a throttling value for the number of WMI operations
       that can be executed simultaneously. (Used together with -AsJob.)

       -Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
       -OutBuffer -OutVariable.

Standard Aliases for Get-Module: gwmi

For WMI to work against a remote machine you may need to first configure it's local Windows firewall to allow the remote access.

When using -filter with a wildcard, use the WMI specific wildcards: % for zero or more characters, _ for a single character.

Authentication Levels:

Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged

0: Default
1: None (No authentication in performed.)
2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
4: Packet (Authentication is performed on all the data that is received from the client.)
5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)
-1: Unchanged

WMI Classes

The WMI classes available will vary according to your operating system.
List all WMI classes:
PS C:\> Get-WmiObject -List

Find a specific class:
PS C:\> Get-WmiObject -List | Where { $ -match 'User'}

Some common WMI classes:

 Win32_baseboard    (Motherboard)
 Win32_processor    (32+64 bit processor info)
 Win32_Share        (File shares)
 Win32_LogicalDisk  (hard disk)
 Win32_operatingSystem   (Virtual Memory)
 Win32_Product              (Installed programs will reconfigure see Q974524)
 Win32reg_AddRemovePrograms (Installed 32 bit programs with SCCM client)
 Win32Reg_AddRemovePrograms64 (Installed 64 bit programs with SCCM client)

List all properties of a class:
PS C:\> Get-WmiObject Win32_bios | Get-Member

Find a specific class property:

PS C:\> gwmi Win32_bios | Get-Member -MemberType property | Where { $ -match 'install'}

Firewall Issues

If WMI is blocked on the host firewall, then Get-WmiObject will fail with 'The RPC server is unavailable'.
An alternative is Get-CIMInstance -Classname ...
which will work for PowerShell 2.0 and greater


Display information about all processes:

PS C:\> gwmi win32_process

Display service names that starts with 'Oracle':

PS C:\> gwmi win32_service -filter "name like 'Oracle%'" | select name

Display services running on the machine 'Server64':

PS C:\> gwmi win32_service -computername Server64

passing username credentials:

PS C:\> gwmi win32_service -credential SS64\Simon -computer Server64

List services that are set to start automatically:

PS C:\> gwmi win32_service -filter "startmode='auto'" | select name,startmode

List services that are set to start automatically (same as above but written in WQL):

PS C:\> gwmi -query "select * from win32_service where startmode='auto'" | select name,startmode 

Display information about the Alerter service:

PS C:\> gwmi -query "select * from win32_service where name='alerter'"

Stop the Alerter service:

PS C:\> (gwmi win32_service -filter "name='alerter'").StopService()

List the 32 bit programs installed on workstation64:

PS C:\> gwmi -class "win32reg_addremoveprograms" -computername "workstation64" | select-object -property DisplayName

Display svchost processes:

PS C:\> gwmi win32_process -filter "name='svchost.exe'" | select commandline, name

Get the Dell serial number for a remote PC and convert it to a string:

PS C:\> (gwmi win32_systemenclosure -computername wkstn64).SerialNumber

Display BIOS and Memory information:

PS C:\> gwmi win32_bios | format-list *
PS C:\> gwmi Win32_ComputerSystem
PS C:\> gwmi Win32_PhysicalMemory

Display the per-computer printers installed on workstation64:

PS C:\> Get-WMIObject -Class Win32_Printer -ComputerName "workstation64"

List the file shares on the remote server: SERVER64 (PowerShell equivalent of the RMTShare utility).

$shares = Get-WmiObject -class Win32_Share -computername SERVER64 -filter "Type=0"
$shares | foreach {

    "Share Name   : $name
     Source Folder: $path 
     Description  : $Description
     Caption : $Caption"

Uninstall a program (Paint.NET) from an elevated prompt, note the wildcard (%) is used to match multiple versions 3.1, 3.2…

PS C:\> $appToRemove = gwmi Win32_Product -Filter "Name LIKE ' v3%'"
PS C:\> $appToRemove[1].Uninstall()

“A good question is like a miniskirt. Long enough to cover the essentials, but short enough to keep everyone interested” ~ Charles Halsey


Example - Remote inventory of OperatingSystem and Service Pack
Invoke-WmiMethod - Call WMI methods
Get-Credential - Get a security credential object based on a user name and password.
RUNDLL32 - Run a DLL command (add/remove print connections)
WQL (WMI Query Language) -

© Copyright 1999-2016
Some rights reserved