Get-WmiObject

Get WMI class information, instances of classes or available classes. Deprecated cmdlet.

Syntax
      Get-WmiObject [-Authority string] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject [[-Class] string] [-Authority string] [-List] [-Recurse] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject [-Class] string [[-Property] string[]] [-Authority string] [-DirectRead]
        [-Filter string] [-Amended] [-AsJob]
           [-Authentication AuthenticationLevel] [-ComputerName string[]]
              [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
                 [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

      Get-WmiObject -Query string [-Authority string] [-DirectRead] [-Amended] [-AsJob]
        [-Authentication AuthenticationLevel] [-ComputerName string[]]
           [-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
              [-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]

Key
   -Amended
       Get or set a value that indicates whether the objects have been amended.
       Typically,  object and property descriptions (localizable info.)

   -AsJob
       Run the command as a background job.
       Results from remote computers are automatically returned to the local computer.
       To get the job results, use -Receive-Job
        
       Note: To use this parameter with remote computers, the local and remote
       computers must be configured for remoting. Additionally, you must start
       PowerShell in Elevated mode/"Run as administrator"

   -Authentication AuthenticationLevel
       The authentication level to be used with the WMI connection.
       Valid values are listed below.

   -Authority string
       The authority to use to authenticate a remote WMI connection:
       NTLM     = ntlmdomain:DomainName
       Kerberos = kerberos:DomainName\ServerName

   -class string
       The name of a WMI class (see list below).

   -computerName string[]
       The computer(s) to run against.
       A NETBIOS name, an IP address, full domain name or local (.)
       WMI information is retrieved via the WMI Service (CIMOM)
       on the specified computers. This does not rely on PowerShell remoting.

   -credential PSCredential
       Use the specified credential to authenticate the user. Type a user name  
       or submit a credential object (created with Get-Credential)
       If you supply a user name, you will be prompted for a password.

   -DirectRead
       Whether direct access to the WMI provider is requested for the specified
       class without any regard to its base class or to its derived classes.

   -EnableAllPrivileges
       Enable all the privileges of the current user before the command makes the WMI call.

   -filter string
       A where clause to use as a filter. Use the syntax of the WQL language.
       Do not include the WHERE keyword.

   -Impersonation ImpersonationLevel
       The impersonation level to use: Default | Anonymous | Identify | Impersonate | Delegate
        
       0: Default (read the registry for the default, which is usually set to "3".)
       1: Anonymous (Hide the credentials of the caller.)
       2: Identify (Allow objects to query the credentials of the caller.)
       3: Impersonate (Allow objects to use the credentials of the caller.)
       4: Delegate (Allow objects to permit other objects to use the credentials of the caller.)

   -list 
       Retrieve and display the names of the WMI classes.

   -Locale string
       The preferred locale for WMI objects.
       Specify as an array in MS_LCID format in the preferred order.

   -property string
       A WMI class property (or set of properties) to retrieve.

   -namespace string
       The WMI repository namespace.
       If you don’t specify the -Namespace parameter, then root\CIMV2 
       will be used by default.

   -query string
       A WMI Query Language (WQL) statement to run. 
       Event queries are not supported.

   -Recurse
       Make the command search the current namespace and all other namespaces for
       the class name that is specified in the Class parameter.

   -ThrottleLimit int
       Allow the user to specify a throttling value for the number of WMI operations
       that can be executed simultaneously. (Used together with -AsJob.)

Standard Aliases for Get-Module: gwmi

 

Get-WmiObject is deprecated in PowerShell 3.0 and above.

The preferred cmdlet is now Get-CIMInstance -Classname

Run Get-cimclass to discover the new property names.

Basic speed comparison testing shows that CIM is significantly faster:

WMI: 35.4 seconds.
CIM:    2.5 seconds.

 

 

 

For WMI to work against a remote machine you may need to first configure it's local Windows firewall to allow the remote access.

When using -filter with a wildcard, use the WMI specific wildcards: % for zero or more characters, _ for a single character.

Authentication Levels:

Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged

0: Default
1: None (No authentication in performed.)
2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
4: Packet (Authentication is performed on all the data that is received from the client.)
5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)
-1: Unchanged

WMI Classes

The WMI classes available will vary according to your operating system.
List all WMI classes:
PS C:\> Get-WmiObject -List

Find a specific class:
PS C:\> Get-WmiObject -List | Where { $_.name -match 'User'}

Some common WMI classes:

 Win32_computerSystem
 Win32_bios
 Win32_baseboard    (Motherboard)
 Win32_processor    (32+64 bit processor info)
 Win32_Share        (File shares)
 Win32_LogicalDisk  (hard disk)
 Win32_PhysicalMemory
 Win32_Printer
 Win32_operatingSystem  (Virtual Memory)
 Win32_Product          (Warning avoid this: Installed programs will reconfigure see Q974524)
 Win32reg_AddRemovePrograms (Installed 32 bit programs with SCCM client)
 Win32Reg_AddRemovePrograms64 (Installed 64 bit programs with SCCM client)

List all properties of a class:
PS C:\> Get-WmiObject Win32_bios | Get-Member

Find a specific class property:

PS C:\> gwmi Win32_bios | Get-Member -MemberType property | Where { $_.name -match 'install'}

Firewall Issues

If WMI is blocked on the host firewall, then Get-WmiObject will fail with 'The RPC server is unavailable'.

Examples

passing username credentials:

PS C:\> gwmi win32_service -credential SS64\Simon -computer Server64

List the 32 bit programs installed on workstation64:

PS C:\> gwmi -class "win32reg_addremoveprograms" -computername "workstation64" | select-object -property DisplayName

“plus ça change, plus c'est la même chose (The more things change, the more they are the same.)” ~ Jean-Baptiste Alphonse Karr 1849.

Related PowerShell Cmdlets

Get-CIMInstance - Get a managed resource (storage, network, software etc)
Invoke-WmiMethod - Call WMI methods
Get-Credential - Get a security credential object based on a user name and password.
RUNDLL32 - Run a DLL command (add/remove print connections)
WQL (WMI Query Language) - docs.microsoft.com


 
Copyright © 1999-2024 SS64.com
Some rights reserved