1、实例应用1、磁盘管理查看磁盘的属性wmic logicaldisk list brief:caption=标题、driveID=驱动器 ID 号、model= 产品型号、Partitions分区、size大小根据磁盘的类型查看相关属性wmic logicaldisk where drivetype=3 list brief使用 get 参数来获得自己想要参看的属性wmic logicaldisk where drivetype=3 get deviceid,size,freespace,description,filesystem只显示 c 盘的相关信息wmic logicaldisk whe
2、re name=“c:“ get deviceid,size,freespace,description,filesystem:description=描述、 deviceid=驱动器 ID 号、size=大小、freespace剩余空间、filesystem=文件系统更改卷标的名称wmic logicaldisk where name=“c:“ set volumename=lsxq获得 U 盘的盘符号wmic logicaldisk where drivetype=2 get deviceid,descriptionwmic logicaldisk where “drivetype=2“
3、get name:2=移动磁盘、3本地磁盘、5 光驱。查看物理磁盘的真实情况wmic diskdrive list brief查看物理磁盘的真实情况wmic diskdrive list2、系统服务管理获得指定服务进程的 PID 号wmic service where name=“TermService“ get processid显示正在运行的服务wmic service where state=running get name,displayname显示已启动服务对应所在的可执行文件路径wmic service where state=running get name,pathname启动
4、一个服务wmic service where name=“sharedaccess“ startservice停止一个服务wmic service where name=“sharedaccess“ stopservice将某个服务设为自启动(手动、禁用 )wmic service where name=sharedaccess changestartmode automatic显示开机自启动的服务wmic service where startmode=auto get name,displayname显示开始自启动并且当前处于运行状态的服务wmic service where “start
5、mode=auto and state=running“ get name,displayname显示禁用或手动启动的服务wmic service where startmode=“disabled“ or startmode=“manual“ get name,displayname3、进程管理结束一个进程(可根据进程对应的 PID)wmic process where name=“notepad.exe“ deletewmic process where name=“notepad.exe“ terminatewmic process where pid=“123“ deletewmic
6、path win32_process where “name=notepad.exe“ delete创建一个进程wmic process call create “c:windowssystem32calc.exe“查询进程的启动路径(将得到的信息输出 )wmic process get name,executablepath,processidwmic /output:c:process.html process get processid,name,executablepath /format:htable.xsl查询指定进程的信息wmic process where name=“note
7、pad.exe“ get name,executablepath,processid在远程计算上创建进程wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create “c:windowsnotepad.exe“查询远程计算机上的进程列表wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process get name,executablepath,processid将获得到的远程计算机进程列表保存到本地w
8、mic /output:c:process.html /node:192.168.8.10 /user:administrator /password:xiongyefeng process get processid,name,executablepath /format:htable.xsl结束远程计算上的指定进程wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process where name=“notepad.exe“ delete重启远程计算机wmic /node:192.168.8.10 /use
9、r:administrator /password:xiongyefeng process call create “shutdown -r -f“关闭远程计算机wmic /node:192.168.8.10 /user:administrator /password:xiongyefeng process call create “shutdown -s -f“高级应用:结束可疑的进程wmic process where “name=explorer.exe and executablepath %systemdrive%windowssystem32svchost.exe“ call te
10、rminate4、文件管理更改文件名wmic datafile “c:test.txt“ rename “c:lsxq.txt“复制单个文件wmic datafile “c:test.txt“ copy “d:lsxq.txt“获得指定路径下特定扩展名的文件列表wmic datafile where “drive=c: and path= and extension=txt“ get name,Path,“System File“删除文件夹wmic fsdir “c:test“ delete文件夹重命名wmic fsdir “c:test“ rename “c:lsxq“复制文件夹wmic f
11、sdir “c:test“ copy “d:test“全盘查找指定文件wmic datafile where “filename=qq and extension=exe“ get name获得指定路径下特定扩展名并要求只显示满足题目条件的文件wmic datafile where “drive=e: and path=surecity and extension=rar and filesize1000“ get name获取文件的创建、访问、修改时间Wmic datafile where name=“c:windowsnotepad.exe“ get CreationDate,LastAccessed,LastModified
