Table of Contents
The Power of WMI
Windows Management Instrumentation is a basic Windows technology. WMI (Windows Management Instruments) provides read and write access to almost all Windows settings. WMI is one of the most important interfaces for the administration and remote maintenance of workstations and servers.
WMI is a Windows service. Open Windows PowerShell. Run
wmimgmt.msc
To give you a little foretaste of what’s coming up the further parts of this post a quick and powerful example. Which software is installed on localhost?
PS C:\> Get-WmiObject win32_product -ComputerName LOCALHOST | Select-Object Name,InstallDate
Name InstallDate
---- -----------
HOTKEY 20230801
HOTKEY 20230801
PuTTY release 0.78 (64-bit) 20230407
HOTKEY 20230801
Remote Desktop 20230802
HOTKEY 20230801
HOTKEY 20230801
Office 16 Click-to-Run Extensibility Component 20230812
Office 16 Click-to-Run Licensing Component 20230812
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 20230406
Microsoft .NET Host - 7.0.5 (x64) 20230525
mRemoteNG 20230407
...Get-WmiObject has to be used to explore WMI Objects. But there’s also Get-CIMInstance. This could be a little confusing. Just remember WMI = CIM and CIM =WMI.
For the further part, I will use Get-CIMInstance, because it’s the newer and more flexbile command. More about this later.
PS C:\> Get-CimInstance win32_product -ComputerName localhost | Select-Object Name,InstallDate
Name InstallDate
---- -----------
Office 16 Click-to-Run Extensibility Component 20230819
Office 16 Click-to-Run Licensing Component 20230819
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 20230717
Microsoft Update Health Tools 20230819
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 20230717
VMware Tools 20230717
Teams Machine-Wide Installer 20230819
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 20230717
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 20230717Note
Note: WMI (Windows Management Instruments) provides read and write access to almost all Windows settings. WMI is one of the most important interfaces for the administration. There are two important cmdlets: Get-WmiObject and Get-CimInstance.
Exploring WMI Objects
Inquiry of all possibilities
PS C:\> Get-CimInstance win32_product | Get-Member -MemberType property
TypeName: Microsoft.Management.Infrastructure.CimInstance#root/cimv2/Win32_Product
Name MemberType Definition
---- ---------- ----------
AssignmentType Property uint16 AssignmentType {get;}
Caption Property string Caption {get;}
Description Property string Description {get;}
HelpLink Property string HelpLink {get;}
HelpTelephone Property string HelpTelephone {get;}
IdentifyingNumber Property string IdentifyingNumber {get;}
InstallDate Property string InstallDate {get;}
InstallDate2 Property CimInstance#DateTime InstallDate2 {get;}
InstallLocation Property string InstallLocation {get;}
InstallSource Property string InstallSource {get;}
InstallState Property int16 InstallState {get;}
Language Property string Language {get;}
LocalPackage Property string LocalPackage {get;}
Name Property string Name {get;}
PackageCache Property string PackageCache {get;}
PackageCode Property string PackageCode {get;}
PackageName Property string PackageName {get;}
ProductID Property string ProductID {get;}
PSComputerName Property string PSComputerName {get;}
RegCompany Property string RegCompany {get;}
RegOwner Property string RegOwner {get;}
SKUNumber Property string SKUNumber {get;}
Transforms Property string Transforms {get;}
URLInfoAbout Property string URLInfoAbout {get;}
URLUpdateInfo Property string URLUpdateInfo {get;}
Vendor Property string Vendor {get;}
Version Property string Version {get;}
WordCount Property uint32 WordCount {get;}Call the attribute or method with (). or select-object or select.
PS C:\> Get-CimInstance win32_product | Select-Object Name,InstallDate ,InstallSource,Vendor,Packagename
Name : HOTKEY
InstallDate : 20230801
InstallSource : C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_db2be81650f4bba9\apps\
Vendor : Lenovo
Packagename : {4F4F8AF1-F025-42E9-848A-537A5AD1BDC2}.msi
Name : HOTKEY
InstallDate : 20230801
InstallSource : C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_db2be81650f4bba9\apps\
Vendor : Lenovo
Packagename : {4A83E9B2-D3E6-426A-ABB5-E943830D9594}.msiThe question is now how to find all WMI Classes? So far, we’ve only looked at win32_product. To view all WMI Classes run Get-WmiObject with the list parameter.
PS C:\> Get-WmiObject -List
NameSpace: ROOT\CIMV2
Name Methods Properties
---- ------- ----------
__SystemClass {} {}
__thisNAMESPACE {} {SECURITY_DESCRIPTOR}
__Provider {} {Name}
__Win32Provider {} {ClientLoadableCLSID, CLSID, Concurrency, DefaultMachineNam...
__ProviderRegistration {} {provider}
__EventProviderRegistration {} {EventQueryList, provider}
...A huge number of objects fill the screen. Another option is – if you know about what you’re searching for – using Get-CimInstance and pressing TAB. For example, if you want to view something about your Battery then type.
PS C:\> Get-CimInstance Win32_Battery
Caption : Internal Battery
Description : Internal Battery
InstallDate :
Name : 5B11H56340
Status : OK
Availability : 2
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Battery
DeviceID : 855LGES5B11H56340
ErrorCleared :
ErrorDescription :
LastErrorCode :
PNPDeviceID :
PowerManagementCapabilities : {1}
PowerManagementSupported : False
StatusInfo :
SystemCreationClassName : Win32_ComputerSystem
SystemName : DESKTOP-B2TOHJT
BatteryStatus : 2
Chemistry : 2
DesignCapacity :
DesignVoltage : 12823
EstimatedChargeRemaining : 88
EstimatedRunTime : 71582788WMI Examples
win32_OperatingSystem
One of the most used wmi queries is related to win32_operatingsystem.
PS C:\> Get-CimInstance win32_operatingsystem | Format-List
SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 22621
RegisteredUser : admin
SerialNumber : 00331-10000-00001-AA343
Version : 10.0.22621Are you impressed? Not really. REMEMBER the 2 step method. There’s more. Find it out!
PS C:\> Get-CimInstance win32_operatingsystem | Get-Member -MemberType property
TypeName: Microsoft.Management.Infrastructure.CimInstance#root/cimv2/Win32_OperatingSystem
Name MemberType Definition
---- ---------- ----------
BootDevice Property string BootDevice {get;}
BuildNumber Property string BuildNumber {get;}
BuildType Property string BuildType {get;}
Caption Property string Caption {get;}
CodeSet Property string CodeSet {get;}
CountryCode Property string CountryCode {get;}
CreationClassName Property string CreationClassName {get;}
CSCreationClassName Property string CSCreationClassName {get;}
CSDVersion Property string CSDVersion {get;}
CSName Property string CSName {get;}
CurrentTimeZone Property int16 CurrentTimeZone {get;}
DataExecutionPrevention_32BitApplications Property bool DataExecutionPrevention_32BitApplications {get;}
DataExecutionPrevention_Available Property bool DataExecutionPrevention_Available {get;}
DataExecutionPrevention_Drivers Property bool DataExecutionPrevention_Drivers {get;}
DataExecutionPrevention_SupportPolicy Property byte DataExecutionPrevention_SupportPolicy {get;}
Debug Property bool Debug {get;}
Description Property string Description {get;set;}
Distributed Property bool Distributed {get;}
EncryptionLevel Property uint32 EncryptionLevel {get;}
ForegroundApplicationBoost Property byte ForegroundApplicationBoost {get;set;}
FreePhysicalMemory Property uint64 FreePhysicalMemory {get;}
FreeSpaceInPagingFiles Property uint64 FreeSpaceInPagingFiles {get;}
FreeVirtualMemory Property uint64 FreeVirtualMemory {get;}
InstallDate Property CimInstance#DateTime InstallDate {get;}
LargeSystemCache Property uint32 LargeSystemCache {get;}
LastBootUpTime Property CimInstance#DateTime LastBootUpTime {get;}
LocalDateTime Property CimInstance#DateTime LocalDateTime {get;}
Locale Property string Locale {get;}
Manufacturer Property string Manufacturer {get;}
MaxNumberOfProcesses Property uint32 MaxNumberOfProcesses {get;}
MaxProcessMemorySize Property uint64 MaxProcessMemorySize {get;}
MUILanguages Property string[] MUILanguages {get;}
Name Property string Name {get;}
NumberOfLicensedUsers Property uint32 NumberOfLicensedUsers {get;}
NumberOfProcesses Property uint32 NumberOfProcesses {get;}
NumberOfUsers Property uint32 NumberOfUsers {get;}
OperatingSystemSKU Property uint32 OperatingSystemSKU {get;}
Organization Property string Organization {get;}
OSArchitecture Property string OSArchitecture {get;}
OSLanguage Property uint32 OSLanguage {get;}
OSProductSuite Property uint32 OSProductSuite {get;}
OSType Property uint16 OSType {get;}
OtherTypeDescription Property string OtherTypeDescription {get;}
PAEEnabled Property bool PAEEnabled {get;}
PlusProductID Property string PlusProductID {get;}
PlusVersionNumber Property string PlusVersionNumber {get;}
PortableOperatingSystem Property bool PortableOperatingSystem {get;}
Primary Property bool Primary {get;}
ProductType Property uint32 ProductType {get;}
PSComputerName Property string PSComputerName {get;}
RegisteredUser Property string RegisteredUser {get;}
SerialNumber Property string SerialNumber {get;}
ServicePackMajorVersion Property uint16 ServicePackMajorVersion {get;}
ServicePackMinorVersion Property uint16 ServicePackMinorVersion {get;}
SizeStoredInPagingFiles Property uint64 SizeStoredInPagingFiles {get;}
Status Property string Status {get;}
SuiteMask Property uint32 SuiteMask {get;}
SystemDevice Property string SystemDevice {get;}
SystemDirectory Property string SystemDirectory {get;}
SystemDrive Property string SystemDrive {get;}
TotalSwapSpaceSize Property uint64 TotalSwapSpaceSize {get;}
TotalVirtualMemorySize Property uint64 TotalVirtualMemorySize {get;}
TotalVisibleMemorySize Property uint64 TotalVisibleMemorySize {get;}
Version Property string Version {get;}
WindowsDirectory Property string WindowsDirectory {get;}What do you think about this command:
PS C:\> Get-CimInstance win32_operatingsystem | Select-Object InstallDate,LastBootUpTime,SystemDrive,Version,Serialnumber,OSType,FreePhysicalMemory,Status,NumberOfUsers,WindowsDirectory
InstallDate : 4/7/2023 6:44:50 AM
LastBootUpTime : 8/8/2023 8:39:35 PM
SystemDrive : C:
Version : 10.0.22621
Serialnumber : 00331-10000-00001-AA343
OSType : 18
FreePhysicalMemory : 31183268
Status : OK
NumberOfUsers : 2
WindowsDirectory : C:\Windowswin32_UserAccount
Another useful WMI instance is win32_useraccount.
PS C:\> Get-CimInstance Win32_UserAccount
Name Caption AccountType SID Domain
---- ------- ----------- --- ------
admin DESKTOP-B2TOHJT\admin 512 S-1-5-21-1045005563-57... DESKTOP-B2TOHJT
Administrator DESKTOP-B2TOHJT\Admini... 512 S-1-5-21-1045005563-57... DESKTOP-B2TOHJT
DefaultAccount DESKTOP-B2TOHJT\Defaul... 512 S-1-5-21-1045005563-57... DESKTOP-B2TOHJT
Guest DESKTOP-B2TOHJT\Guest 512 S-1-5-21-1045005563-57... DESKTOP-B2TOHJT
WDAGUtilityAc... DESKTOP-B2TOHJT\WDAGUt... 512 S-1-5-21-1045005563-57... DESKTOP-B2TOHJTThere’s more. Again: Run Get-Member!
PS C:\> Get-CimInstance Win32_UserAccount | Get-Member
TypeName: Microsoft.Management.Infrastructure.CimInstance#root/cimv2/Win32_UserAccount
Name MemberType Definition
---- ---------- ----------
Clone Method System.Object ICloneable.Clone()
Dispose Method void Dispose(), void IDisposable.Dispose()
Equals Method bool Equals(System.Object obj)
GetCimSessionComputerName Method string GetCimSessionComputerName()
GetCimSessionInstanceId Method guid GetCimSessionInstanceId()
GetHashCode Method int GetHashCode()
GetObjectData Method void GetObjectData(System.Runtime.Serialization.SerializationInfo info, System...
GetType Method type GetType()
ToString Method string ToString()
AccountType Property uint32 AccountType {get;}
Caption Property string Caption {get;}
Description Property string Description {get;}
Disabled Property bool Disabled {get;set;}
Domain Property string Domain {get;}
FullName Property string FullName {get;set;}
InstallDate Property CimInstance#DateTime InstallDate {get;}
LocalAccount Property bool LocalAccount {get;set;}
Lockout Property bool Lockout {get;set;}
Name Property string Name {get;}
PasswordChangeable Property bool PasswordChangeable {get;set;}
PasswordExpires Property bool PasswordExpires {get;set;}
PasswordRequired Property bool PasswordRequired {get;set;}
PSComputerName Property string PSComputerName {get;}
SID Property string SID {get;}
SIDType Property byte SIDType {get;}
Status Property string Status {get;}
PSStatus PropertySet PSStatus {Status, Caption, PasswordExpires}There we find hidden attributes. Let’s display some of them!
PS C:\> Get-CimInstance Win32_UserAccount | Select-Object Name,SID,PasswordChangeable,PasswordExpires,PasswordRequired,Status
Name : admin
SID : S-1-5-21-1045005563-574443107-2161933172-1001
PasswordChangeable : True
PasswordExpires : False
PasswordRequired : False
Status : OK
Name : Administrator
SID : S-1-5-21-1045005563-574443107-2161933172-500
PasswordChangeable : True
PasswordExpires : False
PasswordRequired : True
Status : DegradedWin32_PhysicalMemory
From now on we don’t need this 3rd party tool anymore. If you want to find out your type of memory (for example if you have to replace your memory)
PS C:\> Get-WmiObject win32_physicalmemory | Format-Table Manufacturer,Banklabel,Configuredclockspeed,Devicelocator,Capacity,Serialnumber -autosize
Manufacturer Banklabel Configuredclockspeed Devicelocator Capacity Serialnumber
------------ --------- -------------------- ------------- -------- ------------
Lexar Co Limited BANK 0 3200 Controller0-ChannelA-DIMM0 34359738368 26390065
SK Hynix BANK 0 3200 Controller1-ChannelA-DIMM0 17179869184 553F4862Win32_ComputerSystem
Don’t forget to run Get-Member for discovering all the properties you see in the example below.
PS C:\> Get-CimInstance Win32_ComputerSystem | Select-Object Name,Manufacturer,ThermalState,KeyboardPasswordStatus,NumberOfProcessors
Name : DESKTOP-B2TOHJT
Manufacturer : LENOVO
ThermalState : 2
KeyboardPasswordStatus : 2
NumberOfProcessors : 1
