WMIC commands.
If you want to determine a file’s version, for instance to see if it was patched, you can use WMIC:
wmic datafile where name=”d:\\windows\\system32\\ntdll.dll” get version
If you want to see what patches have been installed, WMIC will also show you that information:
wmic qfe list
Update static IP address
wmic nicconfig where index=9 call enablestatic(“192.168.16.4″), (“255.255.255.0″)
Change network gateway
wmic nicconfig where index=9 call setgateways(“192.168.16.4″, “192.168.16.5″),(1,2)
Enable DHCP
wmic nicconfig where index=9 call enabledhcp
Service Management
wmic service where caption=”DHCP Client” call changestartmode “Disabled”
Start an application
wmic process call create “calc.exe”
Terminate an application
wmic process where name=”calc.exe” call terminate
Change process priority
wmic process where name=”explorer.exe” call setpriority 64
Get list of process identifiers
wmic process where (Name=’svchost.exe’) get name,processid
Information about harddrives
wmic logicaldisk where drivetype=3 get name, freespace, systemname, filesystem, size, volumeserialnumber
Information about os
wmic os get bootdevice, buildnumber, caption, freespaceinpagingfiles, installdate, name, systemdrive, windowsdirectory /format:htable > c:\osinfo.htm
Information about files
wmic path cim_datafile where “Path=’\\windows\\system32\\wbem\\’ and FileSize>1784088″ > c:\wbemfiles.txt
Process list
wmic process get /format:htable > c:\process.htm
Retrieve list of warning and error events not from system or security logs
WMIC NTEVENT WHERE “EventType<3 AND LogFile != ‘System’ AND LogFile != ‘Security’” GET LogFile, SourceName, EventType, Message, TimeGenerated /FORMAT:”htable.xsl”:” datatype = number”:” sortby = EventType” > c:\appevent.htm
