• • • • • • • • • • • • • • • • •

1 WMIC not working, rpc server unavailable, Cli.mof(Phase Error - 3) , mof error corruption 2 Determine user currently logged in remotely 3 For a text file of the manual run 4 Remotely list startup apps 5 Reboot or Shutdown a box 6 Kill a process – use with care 7 Get OS Information and export to CSV, html, xsl, mof 8 List running processes and output to HTML/XSL form. 9 Query Device Driver Status 10 Get a list of NICs and IP’s in use 11 Remotely change the IP to a static IP (Index is Interface#) 12 Remotely change IP to use DHCP 13 Remotely Display machine’s MAC Address 14 Get Process Owner or OwnerSID 15 Remotely list running processes every second 16 Delete ARPCache 17 System Information o 17.1 Remotely display System Info o 17.2 Full Drive Info o 17.3 Bios Info o 17.4 List all Hotfixes and Services Packs o 17.5 List HotfixID, description and Install date o 17.6 Remotely List Local Enabled Accounts o 17.7 Start a service o 17.8 Change startup mode for a service o 17.9 List Services with brief description o 17.10 List useraccounts o 17.11 Enable RDP o 17.12 List ShadowCopy Info o 17.13 List Event Logs o 17.14 Remotely output Logon Events to a html file o 17.15 List number of times a user logged on
o

17.16 Display Shares

WMIC not working, rpc server unavailable, Cli.mof(Phase Error - 3) , mof error corruption
sc \\remotemachine stop winmgmt and it's needed deps rename remotemachine's c:\windows\system32\wbem\repository sc \\remotemachine start winmgmt psexec \\remotemachine cmd.exe reg add "hkcu\Environment" /v PROCESSOR_ARCHITECTURE /t REG_SZ /d x86

Test wmic
wmic process list brief

csv os get /all /format:csv wmic /output:wmicbuild. You have all the machines in the domain in a text file wmic /node:"@targets.Get build# from OS Info (see below) Kill a process – use with care wmic process where name="cmd.csv sysdriver where name="savrt" list status /format:csv Query this status on all machines in the domain.txt Remotely list startup apps wmic /node:machinename startup list full wmic STARTUP GET Caption.10.0") .0.16. Command. xsl.10").txt" /output:savrt.html os get /all /format:htable List running processes and output to HTML/XSL form. mof wmic /output:wmicbuild.csv sysdriver where name="savrt" list status /format:csv Get a list of NICs and IP’s in use netsh int ip show config wmic nicconfig where IPEnabled='true' Remotely change the IP to a static IP (Index is Interface#) wmic /node:machinename nicconfig where Index=1 call EnableStatic ("172.html process list full /format:hform Query Device Driver Status wmic /output:savrt. ("255. html.255.Determine user currently logged in remotely wmic /node:remotecomputer computersystem get username For a text file of the manual run wmic /?:full > wmic_docs.exe" delete Get OS Information and export to CSV. User Reboot or Shutdown a box wmic os where buildnumber="2600" call reboot -. wmic /output:wmic.

description and Install date wmic qfe where "not description like " get description.hotfixid.installedon example: wmic qfe where hotfixid="KB958644" list full <lists patch info for MS08067> Remotely List Local Enabled Accounts wmic /node:machinename USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name .exe" call getownersid Remotely list running processes every second wmic /node:machinename process list brief /every:1 Delete ARPCache netsh int ip delete arpcache System Information Remotely display System Info wmic /node:machinename computersystem list full Full Drive Info wmic diskdrive list full wmic partition list full Bios Info wmic bios list full List all Hotfixes and Services Packs wmic qfe List HotfixID.exe" call getowner wmic process where name="cmd.Remotely change IP to use DHCP wmic /node:machinename nicconfig where Index=1 call EnableDHCP Remotely Display machine’s MAC Address wmic /node:machinename nic get macaddress Get Process Owner or OwnerSID wmic process where name="cmd.

html ntevent where (message like "%logon %") list brief /format:htform List number of times a user logged on wmic netlogin where (name like "%adm%") get numberoflogons Display Shares wmic share list brief .Brief takes a while.Start a service wmic /node:machinename 4 service lanmanserver CALL Startservice Change startup mode for a service wmic /node:machinename service where (name like "Fax" OR name like "Alerter") CALL ChangeStartMode Disabled List Services with brief description wmic service list brief List useraccounts wmic useraccount wmic useraccount list brief Enable RDP wmic /node:"machinename 4" path Win32_TerminalServiceSetting where AllowTSConnections=“0” call SetAllowTSConnections “1” List ShadowCopy Info wmic shadowcopy list brief List Event Logs wmic ntevent list brief --. full takes even longer wmic nteventlog where (description like "%secevent%") call cleareventlog Remotely output Logon Events to a html file wmic /node:machinename /output:wmicevents.