– wmic process where (Name=’svchost.exe’) get name,processid Information About Harddrives – wmic process where name=”explorer.exe” call setpriority 64 – wmic process where name=”calc.exe” call terminate – wmic service where caption=”DHCP Client” call changestartmode “Disabled” – wmic nicconfig where index=9 call enabledhcp – wmic os where buildnumber=”2600″ call reboot – wmic nteventlog where (description like “%secevent%”) call cleareventlog – wmic ntevent where (message like “%logon%”) list brief Obtain a Certain Kind of Event from Eventlog – wmic netlogin where (name like “%skodo”) get numberoflogons – wmic service where (name like “Fax” OR name like “Alerter”) CALL ChangeStartMode Disabled – wmic USERACCOUNT WHERE “Disabled=0 AND LocalAccount=1″ GET Name” Identify any local system accounts that are enabled (guest, etc.) – wmic STARTUP GET Caption, Command, User – wmic SHARE WHERE “NOT Name LIKE ‘%$'” GET Name, Path – wmic SERVICE WHERE StartMode=”Auto” GET Name, Stateįind user-created shares (usually not hidden) Look at services that are set to start automatically – wmic PROCESS WHERE “NOT ExecutablePath LIKE ‘%Windows%'” GET ExecutablePath This site has produced many interesting articles and is well worth a visit. WMIC can also be used to gather other Windows related information and this is a list with many wmic commands I have copied from Tech-Wreck InfoSec Blog: WMIC Command Line Kung-Fu in case the site becomes unavailable. PC-NAME Security Update KB2393802 NT AUTHORITY\SYSTEM PC-NAME Security Update KB2305420 NT AUTHORITY\SYSTEM PC-NAME Update KB971033 NT AUTHORITY\SYSTEM Open a Windows Command Prompt (cmd.exe) and type the following commandĬaption CSName Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Microsoft has created a tool called Microsoft Baseline Security Analyzer that helps you determine the security state in accordance with Microsoft security recommendations and offers specific remediation guidance, but I have not tried it to see if all patches and updates are exported. WMIC is a Windows command that has been available in Windows for a long time and has become a tool that can perform many kinds of actions and queries. I have recently been trying to find a way to export a list of some, but not all installed Windows Updates and patches on a Windows 2008 server.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |