Obtener Informacion de un sistema remoto con WMIC
A pesar que existen muchas herramientas para realizar inventario de los ordenadores de nuestra red y obtener información de los mismos, aquí les dejo una alternativa para obtener información específica de un sistema remoto desde nuestra consola.
WMIC ?
Es una utilidad de línea de comandos que simplifica el uso de Windows Management Instrumentation (WMI ) y los sistemas gestionados a través de WMI.
Importante!
Requerimientos para ejecutar correctamente la utilidad
- El servicio WMI debe estar iniciado en el sistema remoto
- Se requiere un usuario con suficientes privilegios en el sistema remoto
Estos son solo un par de ejemplos, abajo dejare mas alias los cuales se pueden personalizar según la información que se requiera.
1.- Obtener información del sistema operativo.
wmic /node:(hostname_o_IP) /user:administrador /password:elpassword OS get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list
wmic /node:(hostname_o_IP) /user:administrador /password:elpassword OS get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list
El modificador "/format:list" al final permite que la información se visualice de una forma ordenada.
Ejemplo 1:
2.- Obtener información de los procesos
wmic /node:(hostname_o_IP) /user:administrador /password:elpassword PROCESS get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount /format:list | more
Si la información a desplegar es muy extensa siempre podemos hacer uso del "more"
Ejemplo 2:
3.- Obtener información de la tarjeta de Red
Con el wmic es posible establecer filtros medienate clausulas, como por ejemplo para este caso hacemos uso de WHERE con la misma muestrara solo las interfaces que tengan MACADDRESS asignadas. Por el contrario si se desea la informacion de todas las intefaces simplemente eliminamos -> where "MACAddress is not null"
wmic /node:(hostname_o_IP) /user:administrador /password:elpassword
NICCONFIG where "MACAddress is not null" get MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain /format:list
Ejemplo 3:
4.- Obtener información de las aplicaciones instalas en el sistema y volcar los datos en un fichero.
Cada consulta que se realizar es posible volcar estos datos en un fichero .txt o .csv, para ello se agregan las siguientes opciones:
Para formato TXT
wmic /node:(hostname_o_IP) /user:administrador /password:elpassword
PRODUCT get Name, Version /format:table >> c:\novolatil\lista_de_aplicaciones.txt
Para formato CSV
wmic /node:(hostname_o_IP) /user:administrador /password:elpassword /output:lista_de_aplicaciones.csv PRODUCT get Name, Version /format:csv
Para formato html
wmic /node:192.168.71.130 /user:administrador /password:elpassword PRODUCT get Name, Version /format:htable >> lista_de_aplicaciones.html
Ejemplos 4:
Ejemplos de vista de ficheros (html y txt)
Aqui mas alias con los que puedes comprobar diferentes parámetros del sistema:
| baseboard | get Manufacturer, Model, Name, PartNumber, slotlayout, serialnumber, poweredon |
| bios | get name, version, serialnumber |
| bootconfig | get BootDirectory, Caption, TempDirectory, Lastdrive |
| cdrom | get Name, Drive, Volumename |
| computersystem | get Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list |
| cpu | get Name, Caption, MaxClockSpeed, DeviceID, status |
| datafile | where name='c:\\boot.ini' get Archive, FileSize, FileType, InstallDate, Readable, Writeable, System, Version |
| dcomapp | get Name, AppID /format:list |
| desktop | get Name, ScreenSaverExecutable, ScreenSaverActive, Wallpaper /format:list |
| desktopmonitor | get screenheight, screenwidth |
| diskdrive | get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType |
| diskquota | get User, Warninglimit, DiskSpaceUsed, QuotaVolume |
| environment | get Description, VariableValue |
| fsdir | where name='c:\\windows' get Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden, Status |
| group | get Caption, InstallDate, LocalAccount, Domain, SID, Status |
| idecontroller | get Name, Manufacturer, DeviceID, Status |
| irq | get Name, Status |
| job | get Name, Owner, DaysOfMonth, DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status |
| loadorder | get Name, DriverEnabled, GroupOrder, Status |
| logicaldisk | get Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName |
| memcache | get Name, BlockSize, Purpose, MaxCacheSize, Status |
| memlogical | get AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory |
| memphysical | get Manufacturer, Model, SerialNumber, MaxCapacity, MemoryDevices |
| netclient | get Caption, Name, Manufacturer, Status |
| netlogin | get Name, Fullname, ScriptPath, Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory, PrimaryGroupID |
| netprotocol | get Caption, Description, GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status |
| netuse | get Caption, DisplayType, LocalName, Name, ProviderName, Status |
| nic | get AdapterType, AutoSense, Name, Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed, StatusInfo |
| nicconfig | get MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain |
| nicconfig | get MACAddress, IPAddress, DHCPEnabled, DHCPLeaseExpires, DHCPLeaseObtained, DHCPServer |
| nicconfig | get MACAddress, IPAddress, DNSHostName, DNSDomain, DNSDomainSuffixSearchOrder, DNSEnabledForWINSResolution, DNSServerSearchOrder |
| nicconfig | get MACAddress, IPAddress, WINSPrimaryServer, WINSSecondaryServer, WINSEnableLMHostsLookup, WINSHostLookupFile |
| ntdomain | get Caption, ClientSiteName, DomainControllerAddress, DomainControllerName, Roles, Status |
| ntevent | where (LogFile='system' and SourceName='W32Time') get Message, TimeGenerated |
| ntevent | where (LogFile='system' and SourceName='W32Time' and Message like '%timesource%') get Message, TimeGenerated |
| ntevent | where (LogFile='system' and SourceName='W32Time' and EventCode!='29') get TimeGenerated, EventCode, Message |
| onboarddevice | get Description, DeviceType, Enabled, Status |
| os | get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list |
| os | get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpTime, NumberofProcesses, NumberofUsers, Organization, RegisteredUser, Status |
| pagefile | get Caption, CurrentUsage, Status, TempPageFile |
| pagefileset | get Name, InitialSize, MaximumSize |
| partition | get Caption, Size, PrimaryPartition, Status, Type |
| printer | get DeviceID, DriverName, Hidden, Name, PortName, PowerManagementSupported, PrintJobDataType, VerticalResolution, Horizontalresolution |
| printjob | get Description, Document, ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner, TimeSubmitted, TotalPages |
| process | get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount |
| product | get Description, InstallDate, Name, Vendor, Version |
| qfe | get description, FixComments, HotFixID, InstalledBy, InstalledOn, ServicePackInEffect |
| quotasetting | get Caption, DefaultLimit, Description, DefaultWarningLimit, SettingID, State |
| recoveros | get AutoReboot, DebugFilePath, WriteDebugInfo, WriteToSystemLog |
| Registry | get CurrentSize, MaximumSize, ProposedSize, Status |
| scsicontroller | get Caption, DeviceID, Manufacturer, PNPDeviceID |
| server | get ErrorsAccessPermissions, ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen, FileDirectorySearches |
| service | get Name, Caption, State, ServiceType, StartMode, pathname |
| share | get name, path, status |
| sounddev | get Caption, DeviceID, PNPDeviceID, Manufacturer, status |
| startup | get Caption, Location, Command |
| sysaccount | get Caption, Domain, Name, SID, SIDType, Status |
| sysdriver | get Caption, Name, PathName, ServiceType, State, Status |
| systemenclosure | get Caption, Height, Depth, Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus, SecurityBreach, PoweredOn, NumberOfPowerCords |
| systemslot | get Number, SlotDesignation, Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout |
| tapedrive | get Name, Capabilities, Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo |
| timezone | get Caption, Bias, DaylightBias, DaylightName, StandardName |
| useraccount | get AccountType, Description, Domain, Disabled, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID |
--
MUY BIEN MAN...
ResponderEliminarLa mejor explicación del WMI
ResponderEliminarHola. He encontrado tu artículo navegando y está muy interesante. Me gustaría recabar informacion sobre los certificados instalados en el equipo remoto.
ResponderEliminarEstaba pensando en algo que me descargara la info que hay en certmgr, en la carpeta personal/certificados del gestor.
Se podría hacer?
Gracias