반응형
개요
gwmi 는 Get-WmiObject 의 alias(별칭)이다.
1. List all Namespace
| PS C:\Users\administrator.HOYA> gwmi -namespace "root" -class "__Namespace" | Select Name Name ---- subscription DEFAULT CIMV2 msdtc Cli MicrosoftIISv2 SECURITY RSOP SDDC PEH WebAdministration StandardCimv2 WMI AccessLogging directory Policy InventoryLogging Interop Hardware ServiceModel ThinPrint Microsoft aspnet Appv PS C:\Users\administrator.HOYA> |
2. List all WMI classes : default namespace is "root/cimv2"
| PS C:\Users\Administrator> Get-WmiObject -Namespace "root/cimv2" -List NameSpace: ROOT\cimv2 Name Methods Properties ---- ------- ---------- CIM_Indication {} {CorrelatedIndications, IndicationFilterName, IndicationIde... CIM_ClassIndication {} {ClassDefinition, CorrelatedIndications, IndicationFilterNa... CIM_ClassDeletion {} {ClassDefinition, CorrelatedIndications, IndicationFilterNa... CIM_ClassCreation {} {ClassDefinition, CorrelatedIndications, IndicationFilterNa... CIM_ClassModification {} {ClassDefinition, CorrelatedIndications, IndicationFilterNa... CIM_InstIndication {} {CorrelatedIndications, IndicationFilterName, IndicationIde... CIM_InstCreation {} {CorrelatedIndications, IndicationFilterName, IndicationIde... CIM_InstModification {} {CorrelatedIndications, IndicationFilterName, IndicationIde... CIM_InstDeletion {} {CorrelatedIndications, IndicationFilterName, IndicationIde... CIM_OperatingSystem {Reboot, Shutdown} {Caption, CreationClassName, CSCreationClassName, CSName...} Win32_OperatingSystem {Reboot, Shutdown... {BootDevice, BuildNumber, BuildType, Caption...} |
3. list all class(win32_operation) properties in namespace root/cimv2
- 아래는 windows server 2016 Datacenter x64 에 대한 정보
- root/cimv2 네임스페이스는 디폴트 값으로 여기서는 생략 가능
| PS C:\Users\administrator.HOYA> gwmi win32_operatingsystem -namespace "root/cimv2" | select * PSComputerName : RDS Status : OK Name : Microsoft Windows Server 2016 Datacenter Evaluation|C:\Windows|\Device\Harddisk0\Partition2 FreePhysicalMemory : 2429512 FreeSpaceInPagingFiles : 720896 FreeVirtualMemory : 2824828 __GENUS : 2 __CLASS : Win32_OperatingSystem __SUPERCLASS : CIM_OperatingSystem __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_OperatingSystem=@ __PROPERTY_COUNT : 64 __DERIVATION : {CIM_OperatingSystem, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : RDS __NAMESPACE : root\cimv2 __PATH : \\RDS\root\cimv2:Win32_OperatingSystem=@ BootDevice : \Device\HarddiskVolume1 BuildNumber : 14393 BuildType : Multiprocessor Free Caption : Microsoft Windows Server 2016 Datacenter Evaluation CodeSet : 1252 CountryCode : 1 CreationClassName : Win32_OperatingSystem CSCreationClassName : Win32_ComputerSystem CSDVersion : CSName : RDS CurrentTimeZone : 540 DataExecutionPrevention_32BitApplications : True DataExecutionPrevention_Available : True DataExecutionPrevention_Drivers : True DataExecutionPrevention_SupportPolicy : 3 Debug : False Description : Distributed : False EncryptionLevel : 256 ForegroundApplicationBoost : 2 InstallDate : 20190531195229.000000+540 LargeSystemCache : LastBootUpTime : 20191202180851.498158+540 LocalDateTime : 20191203172253.182000+540 Locale : 0409 Manufacturer : Microsoft Corporation MaxNumberOfProcesses : 4294967295 MaxProcessMemorySize : 137438953344 MUILanguages : {en-US} NumberOfLicensedUsers : 0 NumberOfProcesses : 62 NumberOfUsers : 9 OperatingSystemSKU : 80 Organization : OSArchitecture : 64-bit OSLanguage : 1033 OSProductSuite : 400 OSType : 18 OtherTypeDescription : PAEEnabled : PlusProductID : PlusVersionNumber : PortableOperatingSystem : False Primary : True ProductType : 3 RegisteredUser : Windows User SerialNumber : 00377-10000-00000-AA360 ServicePackMajorVersion : 0 ServicePackMinorVersion : 0 SizeStoredInPagingFiles : 720896 SuiteMask : 400 SystemDevice : \Device\HarddiskVolume2 SystemDirectory : C:\Windows\system32 SystemDrive : C: TotalSwapSpaceSize : TotalVirtualMemorySize : 4914608 TotalVisibleMemorySize : 4193712 Version : 10.0.14393 WindowsDirectory : C:\Windows Scope : System.Management.ManagementScope Path : \\RDS\root\cimv2:Win32_OperatingSystem=@ Options : System.Management.ObjectGetOptions ClassPath : \\RDS\root\cimv2:Win32_OperatingSystem Properties : {BootDevice, BuildNumber, BuildType, Caption...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, Singleton...} Site : Container : PS C:\Users\administrator.HOYA> |
4. 도메인 컨트롤러에서 사용자 계정 정보 조회
| PS C:\Users\Administrator> Get-WmiObject win32_useraccount -Filter "name = 'cisco' AND domain = 'hoya'" AccountType : 512 Caption : HOYA\cisco Domain : HOYA SID : S-1-5-21-1670697778-826508320-767402803-2670 FullName : cisco Name : cisco PS C:\Users\Administrator> |
5. GPO에서 WMI 필터 활용
PowerShell 을 이용한 GPO 테스트
- gpo에서는 wmi 필터의 유효성을 검사할 수 없기에 적용전 PowerShell을 이용할 수 있다.
- 쿼리 결과가 없을 경우 Prompt 리턴
예) windows 10, Desktop Edition 운영체제 쿼리
| PS Z:\> gwmi -query 'select * from win32_operatingSystem where Version LIKE "10.%" AND (ProductType = "1" ) ' SystemDirectory : C:\Windows\system32 Organization : BuildNumber : 17134 RegisteredUser : user2 SerialNumber : 00330-80000-00000-AA517 Version : 10.0.17134 PS Z:\> |
- Product Type
| 1 | any desktop Windows edition |
| 2 | Active Directory domain controller |
| 3 | Windows Server. |
- Windows Version
| 10 | Windows Server 2016 and Windows 10 |
| 6.3 | Windows Server 2012 R2 and Windows 8.1 |
| 6.2 | Windows Server 2012 and Windows 8 |
| 6.1 | Windows Server 2008 R2 and Windows 7 |
| 6.0 | Windows Server 2008 and Windows Vista |
| 5.2 | Windows Server 2003 |
| 5.1 | Windows XP |
| 5.0 | Windows 2000 |
예) IE 11 버전 설치 유무 확인
| PS C:\Users\Administrator> get-wmiobject -query 'SELECT * FROM CIM_DataFile WHERE path="\\Program Files\\Internet Explor er\\" AND filename="iexplore" AND extension="exe" AND version LIKE "11.%"' Compressed : False Encrypted : False Size : Hidden : False Name : c:\program files\internet explorer\iexplore.exe Readable : True System : False Version : 11.0.14393.2007 Writeable : True PS C:\Users\Administrator> |
예) 전체 메모리가 1G 이상 확인
| PS Z:\> gwmi -query 'Select * from WIN32_ComputerSystem where TotalPhysicalMemory >= 1073741824 ' Domain : hoya.com Manufacturer : Microsoft Corporation Model : Virtual Machine Name : WIN10-0 PrimaryOwnerName : user2 TotalPhysicalMemory : 4294496256 PS Z:\> |
예) 컴퓨터 이름이 WIN10으로 시작하는 호스트 확인
| PS Z:\> gwmi -query 'SELECT Name FROM Win32_ComputerSystem WHERE Name LIKE "win10%" ' __GENUS : 2 __CLASS : Win32_ComputerSystem __SUPERCLASS : __DYNASTY : __RELPATH : Win32_ComputerSystem.Name="WIN10-0" __PROPERTY_COUNT : 1 __DERIVATION : {} __SERVER : __NAMESPACE : __PATH : Name : WIN10-0 PSComputerName : PS Z:\> |
반응형
'운영체제 > Windows' 카테고리의 다른 글
| [Active Directory] 그룹정책을 이용한 프린터 배포 (0) | 2019.12.04 |
|---|---|
| [Active Directory] 보호된 OU 삭제 및 이동 (0) | 2019.12.04 |
| [Active Directory] GPO 에서 WMI Filter 활용 (0) | 2019.12.03 |
| [Active Directory] 사용자 홈폴더 설정 (0) | 2019.12.03 |
| [Active Directory] 그룹정책을 사용하여 클라이언트 드라이브 리디렉션 사용 안 함 설정 (0) | 2019.12.02 |
