Get WMI class information, instances of classes or available classes. Deprecated cmdlet.
Syntax
Get-WmiObject [-Authority string] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Get-WmiObject [[-Class] string] [-Authority string] [-List] [-Recurse] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Get-WmiObject [-Class] string [[-Property] string[]] [-Authority string] [-DirectRead]
[-Filter string] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Get-WmiObject -Query string [-Authority string] [-DirectRead] [-Amended] [-AsJob]
[-Authentication AuthenticationLevel] [-ComputerName string[]]
[-Credential PSCredential] [-EnableAllPrivileges] [-Impersonation ImpersonationLevel]
[-Locale string] [-Namespace string] [-ThrottleLimit int] [CommonParameters]
Key
-Amended
Get or set a value that indicates whether the objects have been amended.
Typically, object and property descriptions (localizable info.)
-AsJob
Run the command as a background job.
Results from remote computers are automatically returned to the local computer.
To get the job results, use -Receive-Job
Note: To use this parameter with remote computers, the local and remote
computers must be configured for remoting. Additionally, you must start
PowerShell in Elevated mode/"Run as administrator"
-Authentication AuthenticationLevel
The authentication level to be used with the WMI connection.
Valid values are listed below.
-Authority string
The authority to use to authenticate a remote WMI connection:
NTLM = ntlmdomain:DomainName
Kerberos = kerberos:DomainName\ServerName
-class string
The name of a WMI class (see list below).
-computerName string[]
The computer(s) to run against.
A NETBIOS name, an IP address, full domain name or local (.)
WMI information is retrieved via the WMI Service (CIMOM)
on the specified computers. This does not rely on PowerShell remoting.
-credential PSCredential
Use the specified credential to authenticate the user. Type a user name
or submit a credential object (created with Get-Credential)
If you supply a user name, you will be prompted for a password.
-DirectRead
Whether direct access to the WMI provider is requested for the specified
class without any regard to its base class or to its derived classes.
-EnableAllPrivileges
Enable all the privileges of the current user before the command makes the WMI call.
-filter string
A where clause to use as a filter. Use the syntax of the WQL language.
Do not include the WHERE keyword.
-Impersonation ImpersonationLevel
The impersonation level to use: Default | Anonymous | Identify | Impersonate | Delegate
0: Default (read the registry for the default, which is usually set to "3".)
1: Anonymous (Hide the credentials of the caller.)
2: Identify (Allow objects to query the credentials of the caller.)
3: Impersonate (Allow objects to use the credentials of the caller.)
4: Delegate (Allow objects to permit other objects to use the credentials of the caller.)
-list
Retrieve and display the names of the WMI classes.
-Locale string
The preferred locale for WMI objects.
Specify as an array in MS_LCID format in the preferred order.
-property string
A WMI class property (or set of properties) to retrieve.
-namespace string
The WMI repository namespace.
If you don't specify the -Namespace parameter, then root\CIMV2
will be used by default.
-query string
A WMI Query Language (WQL) statement to run.
Event queries are not supported.
-Recurse
Make the command search the current namespace and all other namespaces for
the class name that is specified in the Class parameter.
-ThrottleLimit int
Allow the user to specify a throttling value for the number of WMI operations
that can be executed simultaneously. (Used together with -AsJob.)
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
Standard Aliases for Get-Module: gwmi
The preferred cmdlet is now Get-CIMInstance -Classname …
Run Get-cimclass to discover the new property names.
Basic speed comparison testing shows that CIM is significantly faster:
WMI: 35.4 seconds.
CIM: 2.5 seconds.
For WMI to work against a remote machine you may need to first configure it's local Windows firewall to allow the remote access.
When using -filter with a wildcard, use the WMI specific wildcards: % for zero or more characters, _ for a single character.
Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged
0: Default
1: None (No authentication in performed.)
2: Connect (Authentication is performed only when the client establishes a relationship with the application.)
3: Call (Authentication is performed only at the beginning of each call when the application receives the request.)
4: Packet (Authentication is performed on all the data that is received from the client.)
5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.)
6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.)
-1: Unchanged
The WMI classes available will vary according to your operating system.
List all WMI classes:
PS C:\> Get-WmiObject -ListFind a specific class:
PS C:\> Get-WmiObject -List | Where { $_.name -match 'User'}Some common WMI classes:
Win32_computerSystem Win32_bios Win32_baseboard (Motherboard) Win32_processor (32+64 bit processor info) Win32_Share (File shares) Win32_LogicalDisk (hard disk) Win32_PhysicalMemory Win32_Printer Win32_operatingSystem (Virtual Memory) Win32_Product (Warning avoid this: Installed programs will reconfigure see Q974524) Win32reg_AddRemovePrograms (Installed 32 bit programs with SCCM client) Win32Reg_AddRemovePrograms64 (Installed 64 bit programs with SCCM client)List all properties of a class:
PS C:\> Get-WmiObject Win32_bios | Get-MemberFind a specific class property:
PS C:\> gwmi Win32_bios | Get-Member -MemberType property | Where { $_.name -match 'install'}
If WMI is blocked on the host firewall, then Get-WmiObject will fail with 'The RPC server is unavailable'.
Examples
Display information about all processes:
PS C:\> gwmi win32_process
Display service names that starts with 'Oracle':
PS C:\> gwmi win32_service -filter "name like 'Oracle%'" | select name
Display services running on the machine 'Server64':
PS C:\> gwmi win32_service -computername Server64
passing username credentials:
PS C:\> gwmi win32_service -credential SS64\Simon -computer Server64
List services that are set to start automatically:
PS C:\> gwmi win32_service -filter "startmode='auto'" | select name,startmode
List services that are set to start automatically (same as above but written in WQL):
PS C:\> gwmi -query "select * from win32_service where startmode='auto'" | select name,startmode
Display information about the Alerter service:
PS C:\> gwmi -query "select * from win32_service where name='alerter'"
Stop the Alerter service:
PS C:\> (gwmi win32_service -filter "name='alerter'").StopService()
List the 32 bit programs installed on workstation64:
PS C:\> gwmi -class "win32reg_addremoveprograms" -computername "workstation64" | select-object -property DisplayName
Display svchost processes:
PS C:\> gwmi win32_process -filter "name='svchost.exe'" | select commandline, name
Get the computer serial number (or Dell service tag) for a remote PC and convert it to a string:
PS C:\> (gwmi win32_systemenclosure -computername wkstn64).SerialNumber
or
PS C:\> gwmi win32_bios -computername wkstn64 | fl SerialNumber
Display BIOS and Memory information:
PS C:\> gwmi win32_bios | format-list *
PS C:\> gwmi Win32_ComputerSystem
PS C:\> gwmi Win32_PhysicalMemory
Display the per-computer printers installed on workstation64:
PS C:\> Get-WMIObject -Class Win32_Printer -ComputerName "workstation64"
List the file shares on the remote server: SERVER64 (PowerShell equivalent of the RMTShare utility).
$shares = Get-WmiObject -class Win32_Share -computername SERVER64 -filter "Type=0"
$shares | foreach {
$path=($_.path)
$Description=($_.Description)
$name=($_.name)
$Caption=($_.Caption)
"Share Name : $name
Source Folder: $path
Description : $Description
Caption : $Caption"
}
Uninstall a program (Paint.NET) from an elevated prompt, (deprecated see Q974524) a better alternative (directly reading the registry.)
PS C:\> $appToRemove = gwmi Win32_Product -Filter "Name LIKE 'Paint.net v3%'"
PS C:\> $appToRemove[1].Uninstall()
Related PowerShell Cmdlets:
Get-CIMInstance - Get a managed resource (storage, network, software etc)
Invoke-WmiMethod - Call WMI methods
Get-Credential - Get a security credential object based on a user name and password.
RUNDLL32 - Run a DLL command (add/remove print connections)
WQL (WMI Query Language) - docs.microsoft.com