These Aren't Yo Momma's WMIC Commands
I outright stole most of this off of @nbaronian but I plan on updating this post with more as they come to me.
WMIC not working, rpc server unavailable, mof error corruption
psexec \\x.x.x.x cmd.exe
net stop winmgmt /Y
net stop winmgmt
reg add "hkcu\Environment" /v PROCESSOR_ARCHITECTURE /t REG_SZ /d x86
rename or delete c:\windows\system32\wbem\repository
net start winmgmt
WinMGMT STOP using SC
sc \\remotemachine stop winmgmt and it's needed deps
rename c:\windows\system32\wbem\repository
sc \\remotemachine start winmgmt
psexec \\remotemachine cmd.exe
reg add "hkcu\Environment" /v PROCESSOR_ARCHITECTURE /t REG_SZ /d x86
Test wmic
wmic process list brief
If SC fails use psexec like so to stop winmgmt
psexec \\remotebox -u rb\username cmd.exe
net stop winmgmt /Y
rename c:\windows\system32\wbem\repository
reg add "hkcu\Environment" /v PROCESSOR_ARCHITECTURE /t REG_SZ /d x86
net start winmgmt /Y
Determine user currently logged in remotely
wmic /node:remotecomputer computersystem get username
For a text file of the manual run
wmic /?:full > wmic_docs.txt
Remotely list startup apps
wmic /node:machinename startup list full
wmic STARTUP GET Caption, Command, User
Reboot or Shutdown a box
wmic os where buildnumber="7601" call reboot
Kill a process – use with care
wmic process where name="cmd.exe" delete
Get OS Information and export to CSV, html, xsl, mof
wmic /output:wmicbuild.csv os get /all /format:csv
wmic /output:wmicbuild.html os get /all /format:htable
List running processes and output to HTML/XSL form.
wmic /output:wmic.html process list full /format:hform
Query Device Driver Status
wmic /output:savrt.csv sysdriver where name="savrt" list status /format:csv
Query this status on all machines in the domain. You have all the machines in the domain in a text file
wmic /node:"@targets.txt" /output:savrt.csv sysdriver where name="savrt" list status /format:csv
Get a list of NICs and IP’s in use
netsh int ip show config
wmic nicconfig where IPEnabled='true'
Remotely change the IP to a static IP (Index is Interface#)
wmic /node:machinename nicconfig where Index=1 call EnableStatic ("172.16.10.10"), ("255.255.0.0")
Remotely change IP to use DHCP
wmic /node:machinename nicconfig where Index=1 call EnableDHCP
Remotely Display machine’s MAC Address
wmic /node:machinename nic get macaddress
Get Process Owner or OwnerSID
wmic process where name="cmd.exe" call getowner
wmic process where name="cmd.exe" call getownersid
Remotely list running processes every second
wmic /node:machinename process list brief /every:1
Delete ARPCache
netsh int ip delete arpcache
System Information - Remotely display System Info
wmic /node:machinename computersystem list full
Full Drive Info
wmic diskdrive list full
wmic partition list full
Bios Info
wmic bios list full
List all Hotfixes and Services Packs
wmic qfe
List HotfixID, description and Install date Remotely List Local Enabled Accounts Start a service Change startup mode for a service List Services with brief description List useraccounts Enable RDP List ShadowCopy Info List Event Logs Remotely output Logon Events to a html file List number of times a user logged on Display Shares
wmic qfe where "not description like " get description,hotfixid,installedon
example: wmic qfe where hotfixid="KB958644" list full
wmic /node:computername USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name
wmic /node:computername service lanmanserver CALL Startservice
wmic /node:machinename service where (name like "Fax" OR name like "Alerter") CALL ChangeStartMode Disabled
wmic service list brief
wmic useraccount
wmic useraccount list brief
wmic /node:"computername" path Win32_TerminalServiceSetting where AllowTSConnections=“0” call SetAllowTSConnections “1”
wmic shadowcopy list brief
wmic ntevent list brief --- Brief takes a while, full takes even longer
wmic nteventlog where (description like "%secevent%") call cleareventlog
wmic /node:machinename /output:wmicevents.html ntevent where (message like "%logon%") list brief /format:htform
wmic netlogin where (name like "%adm%") get numberoflogons
wmic share list brief