WMI – Windows Management Instrumentation

WMI stores information of the system in Win32 classes. Here is the list of some of the classes. Each of below classes has methods and properties defined by Microsoft.

  1. Win32_Desktop
  2. Win32_Environment
  3. Win32_TimeZone
  4. Win32_Directory
  5. Win32_LogicalDisk
  6. Win32_ComputerSystem
  7. Win32_OperatingSystem
  8. Win32_SystemProcesses
  9. Win32_SystemServices
  10. Win32_SystemUsers
  11. Win32_Process
  12. Win32_Service
  13. Win32_ProcessStartup
  14. Win32_Registry
  15. Win32_ScheduledJob
  16. Win32_Account
  17. Win32_Group
  18. Win32_LogonSession
  19. Win32_SystemAccount
  20. Win32_UserAccount

Here are some of the WMI methods you can execute  and get information from above classes.

Below command will display the list of all user accounts in the system.

> Get-WmiObject -Query “SELECT * FROM Win32_UserAccount”

Below command will display the list of all hard drives in the systems.

> Get-WmiObject -Query “SELECT * FROM Win32_LogicalDisk”

Below command will get all processes with name “chrome” and then invoke “Terminate” method on each process.

Get-WmiObject -Class Win32_Process -Filter  “name=’chrome.exe'”| Invoke-WmiMethod -Name Terminate

