The wmic command on Linux : the main tool I’m using to monitor my Active Directory forest. This tool and the right bash shell script will give you the key to live monitor your Active Directory environment with low costs.
In this article, you will find the procedure to build and install the wmic tool. You can find the source of this article here
Description
Windows Management Instrumentation Command-line (WMIC) uses Windows Management Instrumentation (WMI) to enable system management from the command line.
This post explains how to install a wmic client on a Linux machine. The above installation procedure has been tested on a Ubuntu 12.04 LTS 32 bits host.
The client for Linux is not as powerful as the one for Windows because it is limited to “select” requests (i.e. not possible to request something like “process list brief”) but will be helpful if you don’t want to start your Windows virtual machine.
Installation
Pre-requisites
$ sudo aptitude install autoconf
Compilation
$ cd /data/tools/ $ wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2 $ bzip2 -cd wmi-1.3.14.tar.bz2 | tar xf - $ cd wmi-1.3.14/ $ sudo make $ sudo cp Samba/source/bin/wmic /usr/local/bin/
Usage
Usage: wmic -U user%password //host "query" Options -?, --help Show this help message -A, --authentication-file=FILE Get the credentials from a file --delimiter=STRING delimiter to use when querying multiple values, default to '|' -d, --debuglevel=DEBUGLEVEL Set debug level --debug-stderr Send debug output to STDERR -i, --scope=SCOPE Use this Netbios scope -k, --kerberos=STRING Use Kerberos -l, --log-basename=LOGFILEBASE Basename for log/debug files --leak-report enable full talloc leak reporting on exit --leak-report-full enable talloc leak reporting on exit -m, --maxprotocol=MAXPROTOCOL Set max protocol level --namespace=STRING WMI namespace, default to root\cimv2 -N, --no-pass Don't ask for a password -n, --netbiosname=NETBIOSNAME Primary netbios name --option=name=value Set smb.conf option from command line -O, --socket-options=SOCKETOPTIONS socket options to use --password=STRING Password -P, --machine-pass Use stored machine account password (implies -k) --realm=REALM Set the realm name -R, --name-resolve=NAME-RESOLVE-ORDER Use these name resolution services only --simple-bind-dn=STRING DN to use for a simple bind -S, --signing=on|off|required Set the client signing state -s, --configfile=CONFIGFILE Use alternative configuration file --usage Display brief usage message --use-security-mechanisms=STRING Restricted list of authentication mechanisms available for use with this authentication -U, --user=[DOMAIN\]USERNAME[%PASSWORD] Set the network username -V, --version Print version -W, --workgroup=WORKGROUP Set the workgroup name
Examples
Note: For a complete list of classes you can request, please refer to http://msdn.microsoft.com/en-us/library/aa394554(v=vs.85).aspx
Get system information
$ wmic -U unknown //192.168.1.12 "select * from Win32_ComputerSystem" Password for [WORKGROUP\unknown]: CLASS: Win32_ComputerSystem AdminPasswordStatus|AutomaticResetBootOption|AutomaticResetCapability|BootOptionOnLimit|BootOptionOnWatchDog|BootROMSupported| BootupState|Caption|ChassisBootupState|CreationClassName|CurrentTimeZone|DaylightInEffect|Description|Domain|DomainRole| EnableDaylightSavingsTime|FrontPanelResetStatus|InfraredSupported|InitialLoadInfo|InstallDate|KeyboardPasswordStatus|LastLoadInfo| Manufacturer|Model|Name|NameFormat|NetworkServerModeEnabled|NumberOfLogicalProcessors|NumberOfProcessors|OEMLogoBitmap|OEMStringArray| PartOfDomain|PauseAfterReset|PowerManagementCapabilities|PowerManagementSupported|PowerOnPasswordStatus|PowerState|PowerSupplyState| PrimaryOwnerContact|PrimaryOwnerName|ResetCapability|ResetCount|ResetLimit|Roles|Status|SupportContactDescription|SystemStartupDelay| SystemStartupOptions|SystemStartupSetting|SystemType|ThermalState|TotalPhysicalMemory|UserName|WakeUpType|Workgroup 3|True|True|0|0|True|Normal boot|UNKNOWN-7C76953|3|Win32_ComputerSystem|120|True|AT/AT COMPATIBLE|WORKGROUP|0|True|3|False|NULL|(null)| 3|(null)|innotek GmbH|VirtualBox|UNKNOWN-7C76953|(null)|True|1|1|NULL|(vboxVer_4.2.12,vboxRev_84980)|False|-1|NULL|False|3|0|3|(null)| Unknown|1|-1|-1|(LM_Workstation,LM_Server,NT,Potential_Browser)|OK|NULL|30|("Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect)| 0|X86-based PC|3|1073201152|UNKNOWN-7C76953\unknown|6|(null)
Get list of running processes
$ wmic -U unknown%oopsoops //192.168.1.12 "select caption, name, parentprocessid, processid from win32_process" CLASS: Win32_Process Caption|Handle|Name|ParentProcessId|ProcessId System Idle Process|0|System Idle Process|0|0 System|4|System|0|4 smss.exe|460|smss.exe|4|460 csrss.exe|924|csrss.exe|460|924 winlogon.exe|948|winlogon.exe|460|948 services.exe|992|services.exe|948|992 lsass.exe|1004|lsass.exe|948|1004 VBoxService.exe|1168|VBoxService.exe|992|1168 svchost.exe|1220|svchost.exe|992|1220 svchost.exe|1332|svchost.exe|992|1332 MsMpEng.exe|1576|MsMpEng.exe|992|1576 svchost.exe|1616|svchost.exe|992|1616 svchost.exe|1712|svchost.exe|992|1712 svchost.exe|1940|svchost.exe|992|1940 spoolsv.exe|244|spoolsv.exe|992|244 explorer.exe|916|explorer.exe|788|916 VBoxTray.exe|1288|VBoxTray.exe|916|1288 concentr.exe|1388|concentr.exe|916|1388 msseces.exe|1400|msseces.exe|916|1400 ctfmon.exe|1424|ctfmon.exe|916|1424 wfcrun32.exe|1472|wfcrun32.exe|1220|1472 svchost.exe|1812|svchost.exe|992|1812 dsNcService.exe|1908|dsNcService.exe|992|1908 jqs.exe|280|jqs.exe|992|280 TeamViewer_Service.exe|780|TeamViewer_Service.exe|992|780 alg.exe|3556|alg.exe|992|3556 wmiapsrv.exe|532|wmiapsrv.exe|992|532 wscntfy.exe|1640|wscntfy.exe|1616|1640 wmiprvse.exe|4000|wmiprvse.exe|1220|4000
Pingback:Wmic tool to check Active Directory replications - shell {&} co