?查看计算机名
hostname
?查看系统信息
systeminfo
查看环境变量
set?
查看进城信息
tasklist
终止进程
taskkill ?
?
获取系统补丁情况
wmic qfe list
获取系统注册的服务信息
sc query state=all #cmd 命令?
查看当前电脑网卡的ip信息、DNS信息、DHCP服务器信息等
ipconfig /all
显示 DNS 解析程序缓存的内容
ipconfig /displaydns
查看网络连接情况
netstat /bnao?
?查看网络连接路由表
netstat -r
查看局网内计算机?
net view
net use #查看映射
net view /domain
net user /domain
net user %usename% /domain
?查看当前登录用户
whoami
net accounts
?查看共享
net share
?添加共享
net share name$=c:\ /unlimited 
?查看计算机全部用户
net user
?查看win10 用户
net user win10
?查看本地用户组信息
net localgroup ?
net user a a /add #添加帐户 a 密码 a
net user #查看帐户
net user a 查看帐户 a
#将帐户 a 添加到超级管理员组
net localgroup administrators a /add ?
?查看arp地址解析协议
arp -a
查看任务信息
schtasks?
?域操作
net group "domain controllers" /domain
net user usename /active:yes /domain
wmic 命令
查看IP和MAC地址
wmic nicconfig get ipaddress,macaddress
查看计算机名和登录用户
wmic computersystem get username?
查看最后登录情况
wmic netlogin get name,lastlogon
查看系统进程信息(包含启动命令,文件路径)
wmic process get caption,executablepath,commandline?
?结束一个进程(可根据进程对应的PID--未成功 55555)
wmic process where name="calc.exe" delete
wmic process where name="calc.exe" terminate
wmic process where pid="123" delete查看系统版本
wmic os get name,servicepackmajorversion
查看系统已安装软件信息
wmic product get name,version
卸载软件
wmic product where name="name" call uninstall /nointeractive
查询共享
wmic share get /all?
查看日志文件
wmic nteventlog get path,filename,writeable?
?打开远程连接--win10-我没成功
wmic /node:"machinename\user" path Win32_TerminalServiceSetting where AllowTSConnections="0" call SetAllowTSConnections "1"
?
?WMIC扩展WMI(Windows Management Instrumentation,Windows管理规范) ,提供了从命令行接口和批命令脚本执行系统管理的支持。为WMI名称空间提供了一个强大的、友好的命令行接口。
wmic process一种实际用法,用于判断查询是否已启动某个应用的java程序进程。可用于配合zabbix的自定义监控.
wmic process where name="java.exe" get commandline 2>nul | find "appKey" 1>nul 2>nul && echo 1 || echo 0
含义为:如果windows下启动了 "appKey" 为关键字名字的jar包主程序,命令返回1;若没有启动或者不存在则返回0
===============================
netstat -an -b -o ? //获取进程名称 端口 pid
wmic process list brief >> d:\process.txt ?//获取进程摘要信息写入文件
结束一个进程(可根据进程对应的PID)
wmic process where name="notepad.exe" delete
wmic process where name="notepad.exe" terminate
wmic process where pid="123" delete
wmic path win32_process where "name='notepad.exe'" delete
?创建一个进程
wmic process call create "c:\windows\system32\calc.exe"
查询进程的启动路径(将得到的信息输出)
wmic process get name,executablepath,processid
wmic /output:c:\process.html process get processid,name,executablepath /format:htable.xsl
查询指定进程的信息
wmic process where name="notepad.exe" get name,executablepath,processid
在远程计算上创建进程
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "c:\windows\notepad.exe"
查询远程计算机上的进程列表
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process get name,executablepath,processid
将获得到的远程计算机进程列表保存到本地
wmic/output:c:\process.html /node:192.168.8.10 /user:administrator/password:xiongyefeng process get processid,name,executablepath/format:htable.xsl
结束远程计算上的指定进程
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process where name="notepad.exe" delete
重启远程计算机
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -r -f"
关闭远程计算机
wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create "shutdown -s -f"
高级应用:
结束可疑的进程
wmic process where "name='explorer.exe' and executablepath <> '%systemdrive%\\windows\\explorer.exe'" delete
wmicprocess where "name='svchost.exe' and executablepath <>'%systemdrive%\\windows\\system32\\svchost.exe'" call terminate
查看磁盘的属性
wmic logicaldisk list brief
根据磁盘的类型查看相关属性
wmic logicaldisk where drivetype=3 list brief
使用get参数来获得自己想要参看的属性
wmic logicaldisk where drivetype=3 get deviceid,size,freespace,description,filesystem
只显示c盘的相关信息
wmic logicaldisk where name="c:" get deviceid,size,freespace,description,filesystem
更改卷标的名称
wmic logicaldisk where name="c:" set volumename=lsxq
获得U盘的盘符号
wmic logicaldisk where drivetype='2' get deviceid,description
::查看bios版本型号
wmic bios get Manufacturer,Name
COMPUTERSYSTEM - 计算机系统管理
::查看系统启动选项,boot的内容
wmic COMPUTERSYSTEM get SystemStartupOptions
::查看工作组/域
wmic computersystem get domain
::更改计算机名abc为123
wmic computersystem where "name='abc'" call rename 123
::更改工作组google为MyGroup
wmic computersystem where "name='google'" call joindomainorworkgroup "","","MyGroup",1
CPU - CPU 管理
::查看cpu型号
wmic cpu get name
DATAFILE - DataFile 管理
::查找e盘下test目录(不包括子目录)下的cc.cmd文件
wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" list
::查找e盘下所有目录和子目录下的cc.cmd文件,且文件大小大于1K
wmic datafile where "drive='e:' and FileName='cc' and Extension='cmd' and FileSize>'1000'" list
::删除e盘下文件大小大于10M的.cmd文件
wmic datafile where "drive='e:' and Extension='cmd' and FileSize>'10000000'" call delete
::删除e盘下test目录(不包括子目录)下的非.cmd文件
wmic datafile where "drive='e:' and Extension<>'cmd' and path='test'" call delete
::复制e盘下test目录(不包括子目录)下的cc.cmd文件到e:\,并改名为aa.bat
wmic datafile where "drive='e:' and path='\\test\\' and FileName='cc' and Extension='cmd'" call copy "e:\aa.bat"
::改名c:\hello.txt为c:\test.txt
wmic datafile "c:\\hello.txt" call rename c:\test.txt
::查找h盘下目录含有test,文件名含有perl,后缀为txt的文件
wmic datafile where "drive='h:' and extension='txt' and path like '%\\test\\%' and filename like '%perl%'" get name
DESKTOPMONITOR - 监视器管理
::获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
DISKDRIVE - 物理磁盘驱动器管理
::获取物理磁盘型号大小等
wmic DISKDRIVE get Caption,size,InterfaceType
ENVIRONMENT - 系统环境设置管理
::获取temp环境变量
wmic ENVIRONMENT where "name='temp'" get UserName,VariableValue
::更改path环境变量值,新增e:\tools
wmic ENVIRONMENT where "name='path' and username='<system>'" set VariableValue="%path%;e:\tools"
::新增系统环境变量home,值为%HOMEDRIVE%%HOMEPATH%
wmic ENVIRONMENT create name="home",username="<system>",VariableValue="%HOMEDRIVE%%HOMEPATH%"
::删除home环境变量
wmic ENVIRONMENT where "name='home'" delete
FSDIR - 文件目录系统项目管理
::查找e盘下名为test的目录
wmic FSDIR where "drive='e:' and filename='test'" list
::删除e:\test目录下除过目录abc的所有目录
wmic FSDIR where "drive='e:' and path='\\test\\' and filename<>'abc'" call delete
::删除c:\good文件夹
wmic fsdir "c:\\good" call delete
::重命名c:\good文件夹为abb
wmic fsdir "c:\\good" rename "c:\abb"
LOGICALDISK - 本地储存设备管理
::获取硬盘系统格式、总大小、可用空间等
wmic LOGICALDISK get name,Description,filesystem,size,freespace
NIC - 网络界面控制器 (NIC) 管理
OS - 已安装的操作系统管理
::设置系统时间
wmic os where(primary=1) call setdatetime 20070731144642.555555+480
PAGEFILESET - 页面文件设置管理
::更改当前页面文件初始大小和最大值
wmic PAGEFILESET set InitialSize="512",MaximumSize="512"
::页面文件设置到d:\下,执行下面两条命令
wmic pagefileset create name='d:\pagefile.sys',initialsize=512,maximumsize=1024
wmic pagefileset where"name='c:\\pagefile.sys'" delete
PROCESS - 进程管理
::列出进程的核心信息,类似任务管理器
wmic process list brief
::结束svchost.exe进程,路径为非C:\WINDOWS\system32\svchost.exe的
wmic process where "name='svchost.exe' and ExecutablePath<>'C:\\WINDOWS\\system32\\svchost.exe'" call Terminate
::新建notepad进程
wmic process call create notepad
PRODUCT - 安装包任务管理
::安装包在C:\WINDOWS\Installer目录下
::卸载.msi安装包
wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Uninstall
::修复.msi安装包
wmic PRODUCT where "name='Microsoft .NET Framework 1.1' and Version='1.1.4322'" call Reinstall
SERVICE - 服务程序管理
::运行spooler服务
wmic SERVICE where name="Spooler" call startservice
::停止spooler服务
wmic SERVICE where name="Spooler" call stopservice
::暂停spooler服务
wmic SERVICE where name="Spooler" call PauseService
::更改spooler服务启动类型[auto|Disabled|Manual] 释[自动|禁用|手动]
wmic SERVICE where name="Spooler" set StartMode="auto"
::删除服务
wmic SERVICE where name="test123" call delete
SHARE - 共享资源管理
::删除共享
wmic SHARE where name="e$" call delete
::添加共享
WMIC SHARE CALL Create "","test","3","TestShareName","","c:\test",0
SOUNDDEV - 声音设备管理
wmic SOUNDDEV list
STARTUP - 用户登录到计算机系统时自动运行命令的管理
::查看msconfig中的启动选项
wmic STARTUP list
SYSDRIVER - 基本服务的系统驱动程序管理
wmic SYSDRIVER list
USERACCOUNT - 用户帐户管理
::更改用户administrator全名为admin
wmic USERACCOUNT where name="Administrator" set FullName="admin"
::更改用户名admin为admin00
wmic useraccount where "name='admin" call Rename admin00?
