Wmic.exe

[Squashman]

What is everyone's plan for when Microsoft pulls the plug on wmic.exe? it has always been our stop gap for getting the date and time in a consistent format. I guess I dont mind calling out to Powershell. Penny for your thoughts.

[atfon]

What is everyone's plan for when Microsoft pulls the plug on wmic.exe? it has always been our stop gap for getting the date and time in a consistent format. I guess I dont mind calling out to Powershell. Penny for your thoughts.

As far as the Date/Time, I guess Robocopy is still an option in this limited use case, as outlined here. It is locale independent:

https://ss64.com/nt/syntax-stampme.html

However, you will be missing milliseconds, etc. Otherwise, I agree that PowerShell is likely the best choice.

[jfl]

If they really remove it, I'm afraid we won't have a choice.
Maybe we could write a wmic.bat front end to PowerShell, allowing to easily replace all wmic.exe commands by equivalent 'call wmic.bat' commands?

Also, the justification they gave for the removal sounds poor at best:
If they remove wmic.exe, but leave WMI and the PowerShell applets that invoke WMI, there is absolutely no improvement in the security of the system.

[ShadowThief]

Like Bitsadmin, wmic has been "deprecated" for years now. I highly doubt it's going anywhere; if nothing else, Microsoft prioritizes backwards compatibility. That's the reason Windows 11 still even has batch even though they've been trying to push PowerShell ever since it was created.

[atfon]

Like Bitsadmin, wmic has been "deprecated" for years now. I highly doubt it's going anywhere; if nothing else, Microsoft prioritizes backwards compatibility. That's the reason Windows 11 still even has batch even though they've been trying to push PowerShell ever since it was created.

That falls in line with the quote from Michael Niksa that Steffen (aGerman) posted here: viewtopic.php?f=3&t=10202&p=65078#p65062

Removing WMIC access completely would cripple a lot of scripts.

[aGerman]

I don't expect that MS is going to remove WMIC from the CLI tools in the near future. Did you find any information that makes you believe they are about to do so, Squashman?
However, PS is an alternative as well as JS. And if I have to calculate with datetime values, I already tend to use them rather than longwinded and inscrutable SET /A calculations.

Steffen

[Squashman]

I don't expect that MS is going to remove WMIC from the CLI tools in the near future. Did you find any information that makes you believe they are about to do so, Squashman?
However, PS is an alternative as well as JS. And if I have to calculate with datetime values, I already tend to use them rather than longwinded and inscrutable SET /A calculations.

Steffen

I had kept hearing rumors about and it was recently confirmed.
https://www.bleepingcomputer.com/news/m ... t-attacks/

[aGerman]

Whoa!
Lets see what happens with 22H1 then. Perhaps Dave is already prepared and pulls a JWMI.BAT out of his hat when the time comes

Steffen

[Compo]

I for one, should I ever decide to purchase a Windows 11 capable unit, will bite the bullet, and begin to phase out my over use of batch files, in favour of PowerShell scripts.

For batch files which used WMIC.exe, which was already one of the slowest things to invoke, (especially on its first run), using the almost as slow powershell.exe should not noticeably affect speed.

The most infuriating part would be that a robust batch script to be used on multiple/unknown units would really need to determine PowerShell version because changes from say v2.0, 3.0-5.1, and 6+ could affect commands used and/or improve performance further.

[Aacini]

My FindRepl.bat program have had support for WMI classes since the version 2 was released on 2014. In the description of FindRepl.bat version 2, under the point 3.4, I explained the way to use the Data generating predefined functions via the /S and /J switches. These functions create what in JScript are called Collections that are just several items contained in a group.

Code: Select all

DATA GENERATING FUNCTIONS (collections)

drivesCollection(prop1,prop2,...)       - Returns the specified list of properties for all drives in the system.
                                          If no parameters are given, returns the Path property of all drives.

filesCollection(folder,prop1,prop2...)  - Returns the specified list of properties for all Files in the given folder.
                                          If no parameters are given, returns the Name property of files in current folder.

foldersCollection(folder,prop1,prop2..) - Returns the specified list of properties for all SubFolders in the given folder,
                                          Files and SubFolders properties can not be directly given (see the description below).
                                          If no parameters are given, returns the Name property of subfolders in current folder.

specialFolders(special,prop1,prop2...)  - Returns the list of properties for all Files or SubFolders in the special folder;
                                          the desired collection is selected by: 'special.Files' or 'special.SubFolders'.
                                          If no parameters are given, returns the Path property of all special folders.

wmiCollection(class,prop1,prop2...)     - Returns the specified list of properties for all elements in the given WMI class.
                                          If just the class is given, returns the names of all properties in the class.
                                          If no parameters are given, returns the names of all classes (in default namespace).
                                          See: http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx

These are some examples of the use of such functions:

Code: Select all

C:\ FindRepl "/S:drivesCollection('Path','FreeSpace','TotalSize')" /J
"C:","423201288192","474821423104"
"D:","2942341120","24459079680"
"E:","Not ready","Not ready"

C:\ set "source=drivesCollection('Path','FreeSpace','TotalSize')"
C:\ FindRepl /S:=source /Q:# "#([^#]*)#,#([^#]*)#,#([^#]*)#\r\n" "$1+' = '+$2+' = '+$3+'\r\n'" /J
C: = 423201288192 = 474821423104
D: = 2942341120 = 24459079680
E: = Not ready = Not ready

C:\ set "search=#([^#]*)#,#([^#]*)#,#([^#]*)#\r\n"
C:\ FindRepl /S:=source /Q:# =search "$1+'\t'+(S=Math.floor(100-$2*100/$3))+'% Occupied'+(S>85?'\tRequires cleanup!':'')+'\r\n'" /J
C:      10% Occupied
D:      87% Occupied    Requires cleanup!
E:      NaN% Occupied

The wmiCollection predefined function is the key to have access to a huge amount of information related to the system. In order to not waste even more words in an over-described topic, you are encouraged to review the WMI documentation at the site linked in the FindRepl /help screen. Below there is a list of just a few useful classes and properties that appear in the first two divisions at Microsoft Win32 provider site. The elements in the list are written as parameters of wmiCollection function (the class first, followed by its properties) so you may easily copy and paste they in the command line in order to execute FindRepl.bat program and show the result.

Code: Select all

1- Computer System Hardware Classes

'Win32_Keyboard','Description','DeviceID','Layout'
'Win32_DiskDrive','Description','MediaLoaded','SerialNumber','Status'
'Win32_PhysicalMemory','Capacity','Name','Speed'
'Win32_Processor','CurrentClockSpeed','DataWidth','Description','Manufacturer','Name','NumberOfCores'
'Win32_Battery','BatteryStatus','Description','DeviceID','EstimatedChargeRemaining','EstimatedRunTime','Status'

2- Operating System Classes

'Win32_Environment','Name','SystemVariable','UserName','VariableValue'
'Win32_SystemDriver','Name','ServiceType','Started','State'
'Win32_Directory','CreationDate','Extension','FileName','FileSize','FileType','LastAccessed','LastModified','Name','Status'
'Win32_DiskPartition','BootPartition','Caption','Size','Type'
'Win32_LogicalDisk','DeviceID','DriveType','FileSystem','FreeSpace','MediaType','Size','VolumeName'
'Win32_ComputerSystem','Description','Manufacturer','Model','NumberOfProcessors','SystemType','TotalPhysicalMemory','UserName'
'Win32_OperatingSystem','CountryCode','LocalDateTime','Name','RegisteredUser','SerialNumber','Version','WindowsDirectory'
'Win32_Process','Handle','Name','ParentProcessId'
'Win32_Service','Name','ServiceType','Started','State'
'Win32_LocalTime','Day','DayOfWeek','Hour','Minute','Month','Quarter','Second','WeekInMonth','Year'
'Win32_Account','Caption','Name','SID','Status'
'Win32_UserAccount','Caption','FullName','Name','SID','Status'

For example:

Code: Select all

C:\ FindRepl "/S:wmiCollection('Win32_LocalTime','Year','Month','Day','DayOfWeek','Hour','Minute','Second')" /J
"2022","2","21","1","14","25","14"

You must be aware that certain WMI requests may take several seconds, like class 'Win32_Directory' that returns the data of all files and folders that exists in the disk, or executing wmiCollection() with no parameters in order to display the names of all existent classes in the default name space (root\cimv2).

Of course, you have not to use a program as large as FindRepl.bat in order to access the WMI collections via JScript. I will write a short version of Win32_LocalTime with the minimum code to show the date and time...

Antonio

[Aacini]

I taken out the wmiCollection() function from FindRepl.bat program and converted it to an independent Batch file called wmiClass.bat that is very easy to use:

Code: Select all

@if (@CodeSegment == @Batch) @then


@echo off

if "%~1" neq "/?" CScript //nologo //E:JScript "%~F0" %* & goto :EOF

echo Show properties of a WMI class (via a JScript collection)
rem  Antonio Perez Ayala - 2022/02/21
echo/
echo    wmiClass [class [prop1 prop2 ...]]
echo/
echo If no parameter is given, show the names of all WMI classes.
echo/
echo If just the class is given, show the names of all its properties.
echo/
echo If a list of properties is also given, show their values. For example:
echo    wmiClass Win32_LocalTime Year Month Day Hour Minute Second
goto :EOF


@end


// http://msdn.microsoft.com/en-us/library/aa393741(v=vs.85).aspx
var args = WScript.Arguments, colItems;
if ( args.length > 1 ) {
   // http://msdn.microsoft.com/en-us/library/windows/desktop/aa394606(v=vs.85).aspx
   colItems = GetObject("WinMgmts:").ExecQuery("Select * from " + args.Item(0));
   for ( var e = new Enumerator(colItems); ! e.atEnd(); e.moveNext() ) {
      for ( var i = 1; i < args.length; i++ ) {
         WScript.Stdout.WriteLine(args.Item(i)+"="+eval("e.item()."+args.Item(i)));
      }
   }
} else if ( args.length == 1 ) {
   // Method suggested by: http://msdn.microsoft.com/en-us/library/aa392315(v=vs.85).aspx
   //                      https://gallery.technet.microsoft.com/f0666124-3b67-4254-8ff1-3b75ae15776d
   colItems = GetObject("WinMgmts:").Get(args.Item(0)).Properties_;
   for ( var e = new Enumerator(colItems); ! e.atEnd(); e.moveNext() ) {
      WScript.Stdout.WriteLine(e.item().Name);
   }
} else {
   // https://gallery.technet.microsoft.com/scriptcenter/5649568b-074e-4f5d-be52-e8b7d8fe4517
   colItems = GetObject("WinMgmts:");  // imply ("WinMgmts:\root\cimv2")
   for ( var e = new Enumerator(colItems.SubclassesOf()); ! e.atEnd(); e.moveNext() ) {
      WScript.Stdout.WriteLine(e.item().Path_.Class);
   }
}

Some examples:

Code: Select all

C:\> rem Get all WMI classes that refers to "Bios"
C:\> wmiClass | findstr /I "Bios"
Win32_SMBIOSMemory
CIM_BIOSElement
Win32_BIOS
CIM_VideoBIOSElement
CIM_VideoBIOSFeature
CIM_BIOSFeature
CIM_BIOSLoadedInNV
Win32_SystemBIOS
CIM_VideoBIOSFeatureVideoBIOSElements
CIM_BIOSFeatureBIOSElements

C:\> wmiClass Win32_LocalTime
Day
DayOfWeek
Hour
Milliseconds
Minute
Month
Quarter
Second
WeekInMonth
Year

C:\> wmiClass Win32_LocalTime Year Month Day Hour Minute Second
Year=2022
Month=2
Day=21
Hour=20
Minute=48
Second=15

C:\> for /F %a in ('wmiClass Win32_LocalTime Year Month Day Hour Minute Second') do @set "%a"

C:\> echo %year%/%month%/%day% @ %hour%:%minute%:%second%
2022/2/21 @ 20:48:38

I am pretty sure that wmiClass.bat program run much faster than wmic.exe and than an equivalent PowerShell program. I am also sure that JScript-based wmiClass.bat is simpler than any PS equivalent...

Antonio

[Aacini]

After several tests I discovered that wmic OS Get LocalDateTime /Value command:

Code: Select all

C:\> wmic OS Get LocalDateTime /Value


LocalDateTime=20220221213756.040000-360

... really takes this value from Win32_OperatingSystem class:

Code: Select all

C:\> wmiClass Win32_OperatingSystem LocalDateTime
LocalDateTime=20220221213801.047000-360

This means that wmic.exe command created an "alias" for Win32_OperatingSystem class and named it "OS". The problem with this scheme is that if you want to replace wmic.exe by another utility that use the real names of WMI classes (like wmiClass.bat program), then you need to discover what is the original class name of the wmic's alias that you use...

Antonio

PS - I always have tought that wmic.exe is a program difficult to use: it has a confusing help screen with a lot of features that does not makes sense and that are hard to understand. Besides, its output include a variable number of "empty" lines and the lines ends in LF character (instead of the standard CR+LF). This point had caused problems to get the wmic.exe output lines in Batch files since many years ago...

[Squashman]

This is awesome! Thanks Antonio!

[atfon]

I doubt I have to tell most of you on this forurm, but for those who might not be aware, you can get a list of WMI aliases Friendly Name and Corresponding full name with this command:

Code: Select all

wmic alias list brief

[miskox]

Very intereseting. Everything. Maybe MS should leave WMIC.exe included but remove all *dangerous* components (maybe should leave read-only components or something). They should be removed completely from the .exe and not just 'disabled' via registry key.

Now wmiclass.bat should be updated with some 'shortcuts':

wmiclass.bat TIME

and wmiclass.bat would have a table with 'TIME'='Win32_OperatingSystem LocalDateTime'.

Thanks Antonio. Very useful.

Saso