1 WMIC not working, rpc server unavailable, Cli.

mof(Phase Error - 3) , mof error corruption 2 Determine user currently logged in remotely 3 For a text file of the manual run 4 Remotely list startup apps 5 Reboot or Shutdown a box 6 Kill a process use with care 7 Get OS Information and export to CSV, html, xsl, mof 8 List running processes and output to HTML/XSL form. 9 Query Device Driver Status 10 Get a list of NICs and IPs in use 11 Remotely change the IP to a static IP (Index is Interface#) 12 Remotely change IP to use DHCP 13 Remotely Display machines MAC Address 14 Get Process Owner or OwnerSID 15 Remotely list running processes every second 16 Delete ARPCache 17 System Information o 17.1 Remotely display System Info o 17.2 Full Drive Info o 17.3 Bios Info o 17.4 List all Hotfixes and Services Packs o 17.5 List HotfixID, description and Install date o 17.6 Remotely List Local Enabled Accounts o 17.7 Start a service o 17.8 Change startup mode for a service o 17.9 List Services with brief description o 17.10 List useraccounts o 17.11 Enable RDP o 17.12 List ShadowCopy Info o 17.13 List Event Logs o 17.14 Remotely output Logon Events to a html file o 17.15 List number of times a user logged on
o

17.16 Display Shares

WMIC not working, rpc server unavailable, Cli.mof(Phase Error - 3) , mof error corruption
sc \\remotemachine stop winmgmt and it's needed deps rename remotemachine's c:\windows\system32\wbem\repository sc \\remotemachine start winmgmt psexec \\remotemachine cmd.exe reg add "hkcu\Environment" /v PROCESSOR_ARCHITECTURE /t REG_SZ /d x86

Test wmic
wmic process list brief

Determine user currently logged in remotely

wmic /node:remotecomputer computersystem get username

For a text file of the manual run

wmic /?:full > wmic_docs.txt

Remotely list startup apps

wmic /node:machinename startup list full wmic STARTUP GET Caption, Command, User

Reboot or Shutdown a box

wmic os where buildnumber="2600" call reboot -- Get build# from OS Info (see below)

Kill a process use with care

wmic process where name="cmd.exe" delete

Get OS Information and export to CSV, html, xsl, mof

wmic /output:wmicbuild.csv os get /all /format:csv wmic /output:wmicbuild.html os get /all /format:htable

List running processes and output to HTML/XSL form.

wmic /output:wmic.html process list full /format:hform

Query Device Driver Status

wmic /output:savrt.csv sysdriver where name="savrt" list status /format:csv

Query this status on all machines in the domain. You have all the machines in the domain in a text file
wmic /node:"@targets.txt" /output:savrt.csv sysdriver where name="savrt" list status /format:csv

Get a list of NICs and IPs in use

netsh int ip show config wmic nicconfig where IPEnabled='true'

Remotely change the IP to a static IP (Index is Interface#)

wmic /node:machinename nicconfig where Index=1 call EnableStatic ("172.16.10.10"), ("255.255.0.0")

Remotely change IP to use DHCP

wmic /node:machinename nicconfig where Index=1 call EnableDHCP

Remotely Display machines MAC Address

wmic /node:machinename nic get macaddress

Get Process Owner or OwnerSID

wmic process where name="cmd.exe" call getowner wmic process where name="cmd.exe" call getownersid

Remotely list running processes every second

wmic /node:machinename process list brief /every:1

Delete ARPCache
netsh int ip delete arpcache

System Information
Remotely display System Info
wmic /node:machinename computersystem list full

Full Drive Info

wmic diskdrive list full wmic partition list full

Bios Info
wmic bios list full

List all Hotfixes and Services Packs

wmic qfe

List HotfixID, description and Install date

wmic qfe where "not description like " get description,hotfixid,installedon example: wmic qfe where hotfixid="KB958644" list full <lists patch info for MS08067>

Remotely List Local Enabled Accounts

wmic /node:machinename USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name

Start a service
wmic /node:machinename 4 service lanmanserver CALL Startservice

Change startup mode for a service

wmic /node:machinename service where (name like "Fax" OR name like "Alerter") CALL ChangeStartMode Disabled

List Services with brief description

wmic service list brief

List useraccounts
wmic useraccount wmic useraccount list brief

Enable RDP
wmic /node:"machinename 4" path Win32_TerminalServiceSetting where AllowTSConnections=0 call SetAllowTSConnections 1

List ShadowCopy Info

wmic shadowcopy list brief

List Event Logs

wmic ntevent list brief --- Brief takes a while, full takes even longer wmic nteventlog where (description like "%secevent%") call cleareventlog

Remotely output Logon Events to a html file

wmic /node:machinename /output:wmicevents.html ntevent where (message like "%logon %") list brief /format:htform

List number of times a user logged on

wmic netlogin where (name like "%adm%") get numberoflogons

Display Shares
wmic share list brief