Gets instances of Windows Management Instrumentation (WMI) classes or information about the available classes. (Get-WmiObject)
NAMEGet-WmiObjectSYNOPSISGets instances of Windows Management Instrumentation (WMI) classes or information about the available classes.SYNTAXGet-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>] Get-WmiObject [[-Class] <string>] [-Authority <string>] [-List] [-Recurse] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>] Get-WmiObject [-Authority <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>] Get-WmiObject [-Class] <string> [[-Property] <string[]>] [-Authority <string>] [-DirectRead] [-Filter <string>] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>] Get-WmiObject -Query <string> [-Authority <string>] [-DirectRead] [-Amended] [-AsJob] [-Authentication {Default | None | Connect | Call | Packet | PacketIntegrity | PacketPrivacy | Unchanged}] [-ComputerName <string[]>] [-Credential <PSCredential>] [-EnableAllPrivileges] [-Impersonation {Default | Anonymous | Identify | Impersonate | Delegate}] [-Locale <string>] [-Namespace <string>] [-ThrottleLimit <int>] [<CommonParameters>]DESCRIPTIONThe Get-WmiObject cmdlet gets instances of WMI classes or information about the available WMI classes. The ComputerName parameter can always be used to specify a remote computer. If the List parameter is specified, the cmdlet gets information about the WMI classes that are available in a specified namespace. If the Query parameter is specified, the cmdlet runs a WMI query language (WQL) statement. The Get-WmiObject cmdlet does not use the Windows PowerShell remoting infrastructure to perform remote operations. You can use the ComputerName parameter of the Get-WmiObject cmdlet even if your computer does not meet the requirements for Windows PowerShell remoting and even if your computer is not configured for remoting in Windows PowerShell.PARAMETERS-Amended [<SwitchParameter>] Gets or sets a value that indicates whether the objects that are returned from WMI should contain amended information. Typically, amended information is localizable information, such as object and property descriptions, that is attached to the WMI object.. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -AsJob [<SwitchParameter>] Runs the command as a background job. Use this parameter to run commands that take a long time to finish. When you use the AsJob parameter, the command returns an object that represents the background job and then displays the command prompt. You can continue to work in the session while the job finishes. If Get-WmiObject is used against a remote computer, the job is created on the local computer, and the results from remote computers are automatically returned to the local computer. To manage the job, use the cmdlets that contain the Job noun (the Job cmdlets). To get the job results, use the Receive-Job cmdlet. Note: To use this parameter with remote computers, the local and remote computers must be configured for remoting. Additionally, you must start Windows PowerShell by using the "Run as administrator" option in Windows Vista and later versions of Windows,. For more information, see about_Remote_Requirements. For more information about Windows PowerShell background jobs, see about_Jobs and about_Remote_Jobs. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Authentication <AuthenticationLevel> Specifies the authentication level to be used with the WMI connection. Valid values are: -1: Unchanged 0: Default 1: None (No authentication in performed.) 2: Connect (Authentication is performed only when the client establishes a relationship with the application.) 3: Call (Authentication is performed only at the beginning of each call when the application receives the request.) 4: Packet (Authentication is performed on all the data that is received from the client.) 5: PacketIntegrity (All the data that is transferred between the client and the application is authenticated and verified.) 6: PacketPrivacy (The properties of the other authentication levels are used, and all the data is encrypted.) Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Authority <string> Specifies the authority to use to authenticate the WMI connection. You can specify standard NTLM or Kerberos authentication. To use NTLM, set the authority setting to ntlmdomain:<DomainName>, where <DomainName> identifies a valid NTLM domain name. To use Kerberos, specify kerberos:<DomainName>\<ServerName>". You cannot include the authority setting when you connect to the local computer. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Class <string> Specifies the name of a WMI class. When this parameter is used, the cmdlet retrieves instances of the WMI class. Required? false Position? 2 Default value Accept pipeline input? false Accept wildcard characters? false -ComputerName <string[]> Specifies the computer against which you want to run the management operation. The value can be a fully qualified domain name, a NetBIOS name, or an IP address. Use the local computer name, use localhost, or use a dot (.) to specify the local computer. The local computer is the default. When the remote computer is in a different domain from the user, you must use a fully qualified domain name. This parameter can also be piped to the cmdlet. This parameter does not rely on Windows PowerShell remoting, which uses WS-Management ). You can use the ComputerName parameter of Get-WmiObject even if your computer is not configured to run WS-Management remote commands. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Credential <PSCredential> Specifies a user account that has permission to perform this action. The default is the current user. Type a user name, such as "User01", "Domain01\User01", or User@Contoso.com. Or, enter a PSCredential object, such as an object that is returned by the Get-Credential cmdlet. When you type a user name, you will be prompted for a password. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -DirectRead [<SwitchParameter>] Specifies whether direct access to the WMI provider is requested for the specified class without any regard to its base class or to its derived classes. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -EnableAllPrivileges [<SwitchParameter>] Enables all the privileges of the current user before the command makes the WMI call. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Filter <string> Specifies a Where clause to use as a filter. Uses the syntax of the WMI Query Language (WQL). Important: Do not include the Where keyword in the value of the parameter. For example, the following commands return only the logical disks that where the DeviceID equals 'c:' and the services where the name equals 'WinRM', without using the Where keyword: get-WmiObject Win32_LogicalDisk -filter "DeviceID = 'c:' " get-wmiobject win32_service -filter "name='WinRM'" Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Impersonation <ImpersonationLevel> Specifies the impersonation level to use. Valid values are: 0: Default (reads the local registry for the default impersonation level , which is usually set to "3: Impersonate".) 1: Anonymous (Hides the credentials of the caller.) 2: Identify (Allows objects to query the credentials of the caller.) 3: Impersonate (Allows objects to use the credentials of the caller.) 4: Delegate (Allows objects to permit other objects to use the credentials of the caller.) Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -List [<SwitchParameter>] Specifies whether to retrieve and display the names of the WMI classes in the WMI repository namespace that is specified in the Namespace parameter. The Default Namespace registry entry in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Scripting registry key is not used by this cmdlet to determine the default namespace. If you specify the List parameter but not the Namespace parameter, the root\CIMV2 namespace is used by default. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Locale <string> Specifies the preferred locale for WMI objects. Specify the value of the Locale parameter as an array in the MS_<LCID> format in the preferred order . Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Namespace <string> When used with the Class parameter, this parameter specifies the WMI repository namespace where the referenced WMI class is located. When used with the List parameter, it specifies the namespace from which to gather WMI class information. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Property <string[]> Specifies the WMI class property or set of properties to retrieve. Required? false Position? 2 Default value Accept pipeline input? false Accept wildcard characters? false -Query <string> Specifies a WMI Query Language (WQL) statement to run. Event queries are not supported by this parameter. Required? true Position? named Default value Accept pipeline input? false Accept wildcard characters? false -Recurse [<SwitchParameter>] Makes the command search the current namespace and all other namespaces for the class name that is specified in the Class parameter. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false -ThrottleLimit <int> Allows the user to specify a throttling value for the number of WMI operations that can be executed simultaneously. This parameter is used together with the AsJob parameter. Required? false Position? named Default value Accept pipeline input? false Accept wildcard characters? false <CommonParameters> This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer and OutVariable. For more information, type, "get-help about_commonparameters".INPUTSNone You cannot pipe input to Get-WmiObject.OUTPUTSPSObject or System.Management.Automation.RemotingJob When you use the AsJob parameter, the cmdlet returns a job object. Otherwise, the object that Get-WmiObject returns depends on the value of the Class parameter.NOTESTo access WMI information on a remote computer, the cmdlet must run under an account that is a member of the local administrators group on the remote computer. Alternatively, the default access control on the WMI namespace of the remote repository can be changed to give other account access rights. By default, only some of the properties of a WMI class are displayed. The set of properties that will be displayed for each WMI class is specified in the Types.ps1xml configuration file. One of the examples included in this Help topic demonstrates how to override this behavior by using the Format-List cmdlet.Examples
EXAMPLE 1C:\PS>get-wmiobject win32_process __GENUS : 2 __CLASS : Win32_Process __SUPERCLASS : CIM_Process __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Process.Handle="0" __PROPERTY_COUNT : 45 __DERIVATION : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : SYSTEM01 __NAMESPACE : root\cimv2 __PATH : \\SYSTEM01\root\cimv2:Win32_Process.Handle="0" Caption : System Idle Process CommandLine : CreationClassName : Win32_Process CreationDate : CSCreationClassName : Win32_ComputerSystem CSName : SYSTEM01Description: System Idle Process ExecutablePath : ExecutionState : Handle : 0 HandleCount : 0 InstallDate : KernelModeTime : 6138394740432 MaximumWorkingSetSize : MinimumWorkingSetSize : Name : System Idle Process OSCreationClassName : Win32_OperatingSystem OSName : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3 OtherOperationCount : 0 OtherTransferCount : 0 PageFaults : 0 PageFileUsage : 0 ParentProcessId : 0 PeakPageFileUsage : 0 PeakVirtualSize : 0 PeakWorkingSetSize : 0 Priority : 0 PrivatePageCount : 0 ProcessId : 0 QuotaNonPagedPoolUsage : 0 QuotaPagedPoolUsage : 0 QuotaPeakNonPagedPoolUsage : 0 QuotaPeakPagedPoolUsage : 0 ReadOperationCount : 0 ReadTransferCount : 0 SessionId : 0 Status : TerminationDate : ThreadCount : 2 UserModeTime : 0 VirtualSize : 0 WindowsVersion : 6.0.6001 WorkingSetSize : 24576 WriteOperationCount : 0 WriteTransferCount : 0 ProcessName : System Idle Process Handles : 0 VM : 0 WS : 24576 Path : ...Description----------- This command displays information about all the processes that are running on a computer.EXAMPLE 2C:\PS>get-wmiobject win32_service -computername 127.0.0.1 __GENUS : 2 __CLASS : Win32_Process __SUPERCLASS : CIM_Process __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_Process.Handle="0" __PROPERTY_COUNT : 45 __DERIVATION : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : SYSTEM02 __NAMESPACE : root\cimv2 __PATH : \\SYSTEM02\root\cimv2:Win32_Process.Handle="0" Caption : System Idle Process CommandLine : CreationClassName : Win32_Process CreationDate : CSCreationClassName : Win32_ComputerSystem CSName : SYSTEM02Description: System Idle Process ExecutablePath : ExecutionState : Handle : 0 HandleCount : 0 InstallDate : KernelModeTime : 6138394740432 MaximumWorkingSetSize : MinimumWorkingSetSize : Name : System Idle Process OSCreationClassName : Win32_OperatingSystem OSName : Microsoftr Windows VistaT Ultimate |C:\Windows|\Device\Harddisk0\Partition3 OtherOperationCount : 0 OtherTransferCount : 0 PageFaults : 0 PageFileUsage : 0 ParentProcessId : 0 PeakPageFileUsage : 0 PeakVirtualSize : 0 PeakWorkingSetSize : 0 Priority : 0 PrivatePageCount : 0 ProcessId : 0 QuotaNonPagedPoolUsage : 0 QuotaPagedPoolUsage : 0 QuotaPeakNonPagedPoolUsage : 0 QuotaPeakPagedPoolUsage : 0 ReadOperationCount : 0 ReadTransferCount : 0 SessionId : 0 Status : TerminationDate : ThreadCount : 2 UserModeTime : 0 VirtualSize : 0 WindowsVersion : 6.0.6001 WorkingSetSize : 24576 WriteOperationCount : 0 WriteTransferCount : 0 ProcessName : System Idle Process Handles : 0 VM : 0 WS : 24576 Path : ...Description----------- This command displays information about the services on the remote computer. It displays the information by specifying the Internet Protocol (IP) address 127.0.0.1. You can change this IP address to any other valid IP address on your network so that you can display information about the services on that remote computer. By default, the account you are running under must be a member of the local administrators group on the remote computer that you specify .EXAMPLE 3C:\PS>get-wmiobject -namespace "root/default" -list NameSpace: ROOT\default Name Methods Properties ---- ------- ---------- __NotifyStatus {} {StatusCode} __ExtendedStatus {} {Description, Operation, ParameterInfo, ProviderName...} __SecurityRelatedClass {} {} __Trustee {} {Domain, Name, SID, SidLength...} __NTLMUser9X {} {Authority, Flags, Mask, Name...} __ACE {} {AccessMask, AceFlags, AceType, GuidInheritedObjectType...} __SecurityDescriptor {} {ControlFlags, DACL, Group, Owner...} __PARAMETERS {} {} __SystemClass {} {} __ProviderRegistration {} {provider} __EventProviderRegistration {} {EventQueryList, provider} __ObjectProviderRegistration {} {InteractionType, provider, QuerySupportLevels, SupportsBat... __ClassProviderRegistration {} {CacheRefreshInterval, InteractionType, PerUserSchema, prov... __InstanceProviderRegistration {} {InteractionType, provider, QuerySupportLevels, SupportsBat... __MethodProviderRegistration {} {provider} __PropertyProviderRegistration {} {provider, SupportsGet, SupportsPut} __EventConsumerProviderRegistration {} {ConsumerClassNames, provider} __thisNAMESPACE {} {SECURITY_DESCRIPTOR} __NAMESPACE {} {Name} __IndicationRelated {} {} __FilterToConsumerBinding {} {Consumer, CreatorSID, DeliverSynchronously, DeliveryQoS...} __EventConsumer {} {CreatorSID, MachineName, MaximumQueueSize} LogFileEventConsumer {} {CreatorSID, Filename, IsUnicode, MachineName...} ActiveScriptEventConsumer {} {CreatorSID, KillTimeout, MachineName, MaximumQueueSize...} NTEventLogEventConsumer {} {Category, CreatorSID, EventID, EventType...} SMTPEventConsumer {} {BccLine, CcLine, CreatorSID, FromLine...} CommandLineEventConsumer {} {CommandLineTemplate, CreateNewConsole, CreateNewProcessGro... __AggregateEvent {} {NumberOfEvents, Representative} __TimerNextFiring {} {NextEvent64BitTime, TimerId} __EventFilter {} {CreatorSID, EventAccess, EventNamespace, Name...} __Event {} {SECURITY_DESCRIPTOR, TIME_CREATED} __NamespaceOperationEvent {} {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED} __NamespaceModificationEvent {} {PreviousNamespace, SECURITY_DESCRIPTOR, TargetNamespace, T... __NamespaceDeletionEvent {} {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED} __NamespaceCreationEvent {} {SECURITY_DESCRIPTOR, TargetNamespace, TIME_CREATED} __ClassOperationEvent {} {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED} __ClassDeletionEvent {} {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED} __ClassModificationEvent {} {PreviousClass, SECURITY_DESCRIPTOR, TargetClass, TIME_CREA... __ClassCreationEvent {} {SECURITY_DESCRIPTOR, TargetClass, TIME_CREATED} __InstanceOperationEvent {} {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED} __InstanceCreationEvent {} {SECURITY_DESCRIPTOR, TargetInstance, TIME_CREATED} ...Description----------- This command displays the WMI classes in the root or default namespace of the local computer.EXAMPLE 4C:\PS>get-wmiobject -query "select * from win32_service where name='WinRM'" -computername server01, server02 ExitCode : 0 Name : WinRM ProcessId : 1708 StartMode : Auto State : Running Status : OK ExitCode : 0 Name : WinRM ProcessId : 948 StartMode : Auto State : Running Status : OKDescription----------- This command displays information about the WinRM service on the computers that are specified in the ComputerName parameter.EXAMPLE 5C:\PS>(get-wmiobject win32_service -filter "name='WinRM'" -computername server01).StopService() __GENUS : 2 __CLASS : __PARAMETERS __SUPERCLASS : __DYNASTY : __PARAMETERS __RELPATH : __PROPERTY_COUNT : 1 __DERIVATION : {} __SERVER : __NAMESPACE : __PATH : ReturnValue : 0 Another query using get-wmiobject -query "select * from win32_service where name='WinRM'" -computername server01, shows the service as stopped. ExitCode : 0 Name : WinRM ProcessId : 0 StartMode : Auto State : Stopped Status : OKDescription----------- This command stops the WinRM service on the Server01 remote computer. The command uses the standard Get-WmiObject command and adds a call to the StopService method of the Win32_Service WMI class.EXAMPLE 6C:\PS>get-wmiobject win32_bios | format-list * Status : OK Name : Phoenix ROM BIOS PLUS Version 1.10 2.3.1 Caption : Phoenix ROM BIOS PLUS Version 1.10 2.3.1 SMBIOSPresent : True __GENUS : 2 __CLASS : Win32_BIOS __SUPERCLASS : CIM_BIOSElement __DYNASTY : CIM_ManagedSystemElement __RELPATH : Win32_BIOS.Name="Phoenix ROM BIOS PLUS Version 1.10 2.3.1 ",SoftwareElementID="Phoenix ROM BIOS PLUS Version 1.10 2.3.1 ",SoftwareElementState=3,TargetOperatingSystem=0,Version="DELL - 14" __PROPERTY_COUNT : 27 __DERIVATION : {CIM_BIOSElement, CIM_SoftwareElement, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER : SERVER01 __NAMESPACE : root\cimv2 __PATH : \\SERVER01\root\cimv2:Win32_BIOS.Name="Phoenix ROM BIOS PLUS Version 1.10 2.3.1 ",Software ElementID="Phoenix ROM BIOS PLUS Version 1.10 2.3.1 ",SoftwareElementState=3,TargetOperatingSys tem=0,Version="DELL - 14" BiosCharacteristics : {7, 9, 10, 11...} BIOSVersion : {DELL - 14, Phoenix ROM BIOS PLUS Version 1.10 2.3.1 , Phoenix ROM BIOS PLUS Version 1.10 2.3 .1 , Phoenix ROM BIOS PLUS Version 1.10 2.3.1 } BuildNumber : CodeSet : CurrentLanguage : en|US|iso8859-1Description: Phoenix ROM BIOS PLUS Version 1.10 2.3.1 IdentificationCode : InstallableLanguages : 1 InstallDate : LanguageEdition : ListOfLanguages : {en|US|iso8859-1} Manufacturer : Dell Inc. OtherTargetOS : PrimaryBIOS : True ReleaseDate : 20070521000000.000000+000 SerialNumber : 8PWRVD1 SMBIOSBIOSVersion : 2.3.1 SMBIOSMajorVersion : 2 SMBIOSMinorVersion : 3 SoftwareElementID : Phoenix ROM BIOS PLUS Version 1.10 2.3.1 SoftwareElementState : 3 TargetOperatingSystem : 0 Version : DELL - 14 Scope : System.Management.ManagementScope Path : \\SERVER01\root\cimv2:Win32_BIOS.Name="Phoenix ROM BIOS PLUS Version 1.10 2.3.1 ",Software ElementID="Phoenix ROM BIOS PLUS Version 1.10 2.3.1 ",SoftwareElementState=3,TargetOperatingSys tem=0,Version="DELL - 14" Options : System.Management.ObjectGetOptions ClassPath : \\SERVER01\root\cimv2:Win32_BIOS Properties : {BiosCharacteristics, BIOSVersion, BuildNumber, Caption...} SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...} Qualifiers : {dynamic, Locale, provider, UUID} Site : Container :Description----------- This command displays BIOS information. It displays all the properties of the WMI class, not just the properties that are specified in the Types.ps1xml configuration file.EXAMPLE 7C:\PS>get-wmiobject win32_service -credential FABRIKAM\administrator -computer fabrikam ExitCode : 0 Name : AeLookupSvc ProcessId : 0 StartMode : Manual State : Stopped Status : OK ExitCode : 1077 Name : ALG ProcessId : 0 StartMode : Manual State : Stopped Status : OK ExitCode : 1077 Name : AppIDSvc ProcessId : 0 StartMode : Manual State : Stopped Status : OK ExitCode : 0 Name : Appinfo ProcessId : 888 StartMode : Manual State : Running Status : OK ExitCode : 1077 Name : AppMgmt ProcessId : 0 StartMode : Manual State : Stopped Status : OK ...Description----------- This command displays service information on a computer named Fabrikam. It specifies a user account name by using the Credential parameter, which causes a dialog box to be displayed in which you enter the corresponding password. RELATED LINKS Online version: http://go.microsoft.com/fwlink/?LinkID=113337 Invoke-WmiMethod Remove-WmiObject Set-WmiInstance Get-WSManInstance Invoke-WSManAction New-WSManInstance Remove-WSManInstance C:\Windows>powershell get-help Invoke-WmiMethod -full
Microsoft Windows [Version 10.0.19045.3693]
Copyright (c) 2023 Microsoft Corporation.
ColorConsole [Version 3.7.1000] PowerShell 2.0-Export