WMI 쿼리를 명령행에서 간단하게 수행하는 wmic.exe
그전에도 그냥 기계적으로 사용했다가 이번에 사용하면서 눈에 들어오더군요. ^^;
Useful WMI(C) commands
; http://virot.eu/useful-wmic-commands/
그러니까 말 그대로 WMI 쿼리를 명령행에서 쉽게 사용할 수 있도록 도와주는 프로그램입니다. 예를 들어, WMI Provider 중에 Win32_ComputerSystem 클래스의 경우,
Win32_ComputerSystem class
; https://learn.microsoft.com/en-us/windows/desktop/cimwin32prov/win32-computersystem
[Dynamic, Provider("CIMWin32"), SupportsUpdate, UUID("{8502C4B0-5FBB-11D2-AAC1-006008C78BC7}"), AMENDMENT]
class Win32_ComputerSystem : CIM_UnitaryComputerSystem
{
uint16 AdminPasswordStatus;
boolean AutomaticManagedPagefile;
boolean AutomaticResetBootOption;
boolean AutomaticResetCapability;
uint16 BootOptionOnLimit;
uint16 BootOptionOnWatchDog;
...[생략]...
boolean HypervisorPresent;
...[생략]...
string Status;
string SupportContactDescription[];
string SystemFamily;
string SystemSKUNumber;
uint16 SystemStartupDelay;
string SystemStartupOptions[];
uint8 SystemStartupSetting;
string SystemType;
uint16 ThermalState;
uint64 TotalPhysicalMemory;
string UserName;
uint16 WakeUpType;
string Workgroup;
};
제공하는 값들 중에 HypervisorPresent 속성을 구하려면 (C#에서) 다음과 같은 식의 WMI 쿼리를 작성해야 합니다.
// http://wutils.com/wmi/root/cimv2/win32_computersystem/cs-samples.html
ManagementScope scope = new ManagementScope("\\\\.\\ROOT\\cimv2");
ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_ComputerSystem Where Name=\"" + Environment.MachineName + "\"");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
Console.WriteLine("HypervisorPresent : {0}", m["HypervisorPresent"]);
}
저 값 하나 보자고 C# 코딩까지 하기에는 좀 그렇죠. ^^ 그래서 (운영체제에 기본 포함된) wmic.exe를 사용하면 "Win32_" 접미사를 떼고 다음과 같이 간단하게 호출할 수 있습니다.
C:\temp> wmic ComputerSystem get HypervisorPresent
HypervisorPresent
TRUE
C:\temp>
어떤 쿼리를 지원하는지에 대해서는 wmic 도움말(/?)에 보면 다음과 같이 목록을 확인할 수 있습니다.
ALIAS - Access to the aliases available on the local system
BASEBOARD - Base board (also known as a motherboard or system board) management.
BIOS - Basic input/output services (BIOS) management.
BOOTCONFIG - Boot configuration management.
CDROM - CD-ROM management.
COMPUTERSYSTEM - Computer system management.
CPU - CPU management.
CSPRODUCT - Computer system product information from SMBIOS.
DATAFILE - DataFile Management.
DCOMAPP - DCOM Application management.
DESKTOP - User's Desktop management.
DESKTOPMONITOR - Desktop Monitor management.
DEVICEMEMORYADDRESS - Device memory addresses management.
DISKDRIVE - Physical disk drive management.
DISKQUOTA - Disk space usage for NTFS volumes.
DMACHANNEL - Direct memory access (DMA) channel management.
ENVIRONMENT - System environment settings management.
FSDIR - Filesystem directory entry management.
GROUP - Group account management.
IDECONTROLLER - IDE Controller management.
IRQ - Interrupt request line (IRQ) management.
JOB - Provides access to the jobs scheduled using the schedule service.
LOADORDER - Management of system services that define execution dependencies.
LOGICALDISK - Local storage device management.
LOGON - LOGON Sessions.
MEMCACHE - Cache memory management.
MEMORYCHIP - Memory chip information.
MEMPHYSICAL - Computer system's physical memory management.
NETCLIENT - Network Client management.
NETLOGIN - Network login information (of a particular user) management.
NETPROTOCOL - Protocols (and their network characteristics) management.
NETUSE - Active network connection management.
NIC - Network Interface Controller (NIC) management.
NICCONFIG - Network adapter management.
NTDOMAIN - NT Domain management.
NTEVENT - Entries in the NT Event Log.
NTEVENTLOG - NT eventlog file management.
ONBOARDDEVICE - Management of common adapter devices built into the motherboard (system board).
OS - Installed Operating System/s management.
PAGEFILE - Virtual memory file swapping management.
PAGEFILESET - Page file settings management.
PARTITION - Management of partitioned areas of a physical disk.
PORT - I/O port management.
PORTCONNECTOR - Physical connection ports management.
PRINTER - Printer device management.
PRINTERCONFIG - Printer device configuration management.
PRINTJOB - Print job management.
PROCESS - Process management.
PRODUCT - Installation package task management.
QFE - Quick Fix Engineering.
QUOTASETTING - Setting information for disk quotas on a volume.
RDACCOUNT - Remote Desktop connection permission management.
RDNIC - Remote Desktop connection management on a specific network adapter.
RDPERMISSIONS - Permissions to a specific Remote Desktop connection.
RDTOGGLE - Turning Remote Desktop listener on or off remotely.
RECOVEROS - Information that will be gathered from memory when the operating system fails.
REGISTRY - Computer system registry management.
SCSICONTROLLER - SCSI Controller management.
SERVER - Server information management.
SERVICE - Service application management.
SHADOWCOPY - Shadow copy management.
SHADOWSTORAGE - Shadow copy storage area management.
SHARE - Shared resource management.
SOFTWAREELEMENT - Management of the elements of a software product installed on a system.
SOFTWAREFEATURE - Management of software product subsets of SoftwareElement.
SOUNDDEV - Sound Device management.
STARTUP - Management of commands that run automatically when users log onto the computer system.
SYSACCOUNT - System account management.
SYSDRIVER - Management of the system driver for a base service.
SYSTEMENCLOSURE - Physical system enclosure management.
SYSTEMSLOT - Management of physical connection points including ports, slots and peripherals, and proprietary connections points.
TAPEDRIVE - Tape drive management.
TEMPERATURE - Data management of a temperature sensor (electronic thermometer).
TIMEZONE - Time zone data management.
UPS - Uninterruptible power supply (UPS) management.
USERACCOUNT - User account management.
VOLTAGE - Voltage sensor (electronic voltmeter) data management.
VOLUME - Local storage volume management.
VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume.
VOLUMEUSERQUOTA - Per user storage volume quota management.
WMISET - WMI service operational parameters management.
위의 내용을 보면, "wmic ComputerSystem ..."에서의 "ComputerSystem"은 "Win32_ComputerSystem"에서 "Win32_"를 떼어냈다기보다는 그냥 별칭으로 정의된 것에 불과한 것임을 알 수 있습니다.
그런데, 저 목록에 없는 경우는 퀴리를 못하는 걸까요? 예를 들어, 지난 글에 다룬,
C# - Open Hardware Monitor를 이용한 CPU 온도 정보
; https://www.sysnet.pe.kr/2/0/11904
"root\WMI" 네임스페이스에 속한 "MSAcpi_ThermalZoneTemperature" 클래스의 경우 저 목록에 없습니다. 괜찮습니다. ^^ 다음과 같이 직접 네임스페이스와 "path" 인자의 도움으로 간단하게 해결이 됩니다.
C:\Windows\System32>wmic /NAMESPACE:\\root\WMI path MSAcpi_ThermalZoneTemperature get CurrentTemperature
CurrentTemperature
3010
3030
윈도우 10부터 "WMIC is deprecated"라는 문구가 뜨는 걸로 봐서 더 이상 지원이 안 될 듯싶은데 어쨌든 현재 상황에서 유용하게 시스템 조회를 할 수 있는 하나의 도구임에는 분명합니다.
참고로, 아래의 쿼리들도 한번 봐 두면 좋겠죠! ^^
A Brief Usage Guide for Wmic
; https://www.xorrior.com/wmic-the-enterprise/
Host Enumeration:
--- OS Specifics ---
wmic os LIST Full (* To obtain the OS Name, use the "caption" property)
wmic computersystem LIST full
--- Anti-Virus ---
wmic /namespace:\\root\securitycenter2 path antivirusproduct
--- Peripherals ---
wmic path Win32_PnPdevice
--- Installed Updates ---
wmic gfe list brief
--- Directory Listing and File Search ---
wmic DATAFILE where "path='\\Users\\test\\Documents\\'" GET Name,readable,size
wmic DATAFILE where "drive='C:' AND Name like '%password%'" GET Name,readable,size /VALUE
--- Local User Accounts ---
wmic USERACCOUNT Get Domain,Name,Sid
Domain Enumeration:
--- Domain and DC Info ---
wmic NTDOMAIN GET DomainControllerAddress,DomainName,Roles /VALUE
--- Domain User Info ---
wmic /NAMESPACE:\\root\directory\ldap PATH ds_user where "ds_samaccountname='testAccount'" GET
--- List All Users ---
wmic /NAMESPACE:\\root\directory\ldap PATH ds_user GET ds_samaccountname
--- List All Groups ---
wmic /NAMESPACE:\\root\directory\ldap PATH ds_group GET ds_samaccountname
--- Members of A Group ---
wmic /NAMESPACE:\\root\directory\ldap PATH ds_group where "ds_samaccountname='Domain Admins'" Get ds_member /Value
--- List All Computers ---
wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer GET ds_samaccountname
OR
wmic /NAMESPACE:\\root\directory\ldap PATH ds_computer GET ds_dnshostname
Misc:
--- Execute Remote Command ---
wmic process call create "cmd.exe /c calc.exe"
OR
wmic /node:server1 process call create "win32calc.exe"
--- Enable Remote Desktop ---
wmic rdtoggle where AllowTSConnections="0" call SetAllowTSConnections "1"
OR
wmic /node:remotehost path Win32_TerminalServiceSetting where AllowTSConnections="0" call SetAllowTSConnections "1"
Find partition letters on physical drives using wmic
; https://superuser.com/questions/634842/find-partition-letters-on-physical-drives-using-wmic
--- how to get primary harddisk serial number only ---
wmic logicaldisk where (DeviceID="C:") assoc /assocclass:Win32_LogicalDiskToPartition
wmic partition where (DeviceID="Disk #0, Partition #0") assoc /assocclass:Win32_DiskDriveToDiskPartition
wmic path win32_diskdrive where deviceid='\\\\.\\PHYSICALDRIVE0' get serialnumber
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]