WMIC command on Ubuntu 16.04 LTS

I have written several months ago a post on how to install the wmic command on a linux system. Some additional steps are required now to get the wmic command on an Ubuntu 16.04 LTS server.

Description

Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line.

Installation
Pre-requisites

Patch

The current sources are outdated and use some deprecated instructions. Before running the compilation, please follow these steps:

  • Edit the file GNUmakefile and add the following line at the top after the license info:
    ZENHOME=$(HOME)
  • Edit the file /data/tools/wmi-1.3.14/Samba/source/pidl/pidl : remove the line number 583
    defined @$pidl || die "Failed to parse $idl_file";
  • Edit the file /data/tools/wmi-1.3.14/Samba/source/lib/tls/tls.c
    • Line 508: replace gnutls_transport_set_lowat(tls->session, 0); by gnutls_record_check_pending(tls->session);
    • Line 579: remove the line gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
    • Line 587: replace gnutls_transport_set_lowat(tls->session, 0); by gnutls_record_check_pending(tls->session);
Compilation

Usage

Examples

Note: For a complete list of classes you can request, please refer to http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx

Get system information

Get list of running processes

<>

References

Source 1
Source 2
Source 3

12 thoughts on “WMIC command on Ubuntu 16.04 LTS

  • June 30, 2018 at 05:40
    Permalink

    hello,
    I installed wmic according to your descriptions. My problem is that when I run below command with quotation in RecordNumber it does not run correctly and generate error code ([wmi/wmic.c:212:main()] ERROR: Retrieve result data.NTSTATUS: NT code 0xc002001b – NT code 0xc002001b) but without quotation it run correctly.
    /usr/local/bin/wmic -U domain/user%password //host “select * from Win32_NTLogEvent where Logfile = ‘Security’ and RecordNumber > ‘216665699’”
    What is the reason?!
    Thanks

    Reply
    • July 3, 2018 at 08:22
      Permalink

      Hello,

      You can troubleshoot the issue by performing these three steps:
      – connect locally on the windows host and run the following command in a Powershell window (admin mode) : get-wmiobject -query “select * from Win32_NTLogEvent where Logfile = ‘Security’ and RecordNumber > ‘216665699’”
      – connect on another windows host and try the same with the command : get-wmiobject -query “select * from Win32_NTLogEvent where Logfile = ‘Security’ and RecordNumber > ‘216665699’” -computername host
      – on your linux box, try again with the command : /usr/local/bin/wmic -U domain/user%password //host “select * from Win32_NTLogEvent where Logfile = ‘Security’ and RecordNumber > ‘216665699’”

      On the linux box, try different commands : use ip address, change the username (admin, non admin, local, …)

      Waiting for your feedback

      Have a nice day

      Nico

      Reply
  • July 4, 2018 at 08:00
    Permalink

    For host machine how to use Wmic?
    Please give example

    Reply
  • September 26, 2018 at 20:11
    Permalink

    Hi Nicolas,
    Thanks so much for the steps, It works in my environment.
    But however I got error like this when I tried to quer ythe __systemclass in one of my namespace
    wmic -U XXXX –password=XXXX –namespace=ROOT\\Citrix //192.168.1.217 “select * from __systemclass”
    [wmi/wmic.c:212:main()] ERROR: Retrieve result data.
    NTSTATUS: NT_STATUS_BUFFER_TOO_SMALL – Buffer too small

    Is there a config parameter I can set tp max the buffer?

    Thanks,
    George

    Reply
  • October 2, 2018 at 19:56
    Permalink

    This is a great article, worked perfectly for me.

    You can edit the pidl and tls.c files with the following commands:

    sudo sed -i ’13i\ZENHOME=$(HOME)’ /data/tools/wmi-1.3.14/GNUmakefile
    sudo sed -i ‘583d’ /data/tools/wmi-1.3.14/Samba/source/pidl/pidl
    sudo sed -i ‘508s/gnutls_transport_set_lowat(tls->session, 0);/gnutls_record_check_pending(tls->session);/’ /data/tools/wmi-1.3.14/Samba/source/lib/tls/tls.c
    sudo sed -i ‘587s/gnutls_transport_set_lowat(tls->session, 0);/gnutls_record_check_pending(tls->session);/’ /data/tools/wmi-1.3.14/Samba/source/lib/tls/tls.c
    sudo sed -i ‘579d’ /data/tools/wmi-1.3.14/Samba/source/lib/tls/tls.c

    it will make easier the installation and even let you create a bash script to configure wmi : )

    regards,

    Julian Gomez
    Samana Group LLC

    Reply
  • November 24, 2018 at 20:12
    Permalink

    Hello,

    doesn’t work for me 🙁
    I have this error :
    heimdal/lib/roken/getprogname.c:36:7: error: expected declaration specifiers or ‘…’ before string constant
    RCSID(“$Id: getprogname.c,v 1.3 2005/04/12 11:28:48 lha Exp $”);

    Any idea ?

    Reply
  • September 20, 2019 at 01:30
    Permalink

    Help me please!!
    How to check active user on host?

    Reply
      • September 20, 2019 at 08:31
        Permalink

        I try get active user on windows computer via
        username=( $(wmic -U domain/login%password //$host « select LastUseTime, LocalPath from Win32_UserProfile where Loaded=true » | grep Users | sed ‘s/^\(.*\)\..*\\\(.*\)|.*$/\1 \2/’ | sort -r | head -n 1 | cut -f2 -d’ ‘ | sed ‘s/\.DOMAIN*//’ | tr « A-Z » « a-z »))

        I receive username – it Ok.
        But, user may be inactive state.

        Reply
        • September 20, 2019 at 10:29
          Permalink

          Hi, if you have access to the windows host can you execute this powershell line and give the result ? Get-wmiobject -query “select lastusetime,loaded,localpath from win32_userprofile”

          Reply
        • September 20, 2019 at 10:30
          Permalink

          It is also important to know that your query will return username of current “disconnected” user session

          Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: