wmic command help

Oct 24, 2018
15
0
I'm trying to grab the output of a WMIC command to get the members of the local Administrators group on a remote system so I can check if a user's ID is present and also know if the command ran successfully at all as I get a lot of RPC errors on our network. The though is capture the output to a variable, then use FINDSTR to check for the user ID and also for "The RPC server is unavailable".

This is the command that I can run from the command prompt successfully.

Code:
wmic /Node:"ComputerName" path win32_groupuser where (groupcomponent="win32_group.name=\"administrators\",domain=\"Computername\"")
When I wrap this in a FOR command, I get "No closing quote".

Code:
FOR /F "tokens=* delims= usebackq" %%F IN (
    `wmic /Node:"ComputerName" path win32_groupuser where (groupcomponent="win32_group.name=\"administrators\",domain=\"Computername\"")`
) DO set output=%%F
I'm sure it's something I'm doing wrong with the quotes\backticks but I just can't find a solution so I figured I would ask for help.

Thank you in advance.
 
May 20, 2008
10,634
81
Syracuse, NY, USA
1. The single quote (instead of the back-quote) works here.

Code:
v:\> for /f "tokens=* delims= " %%f in ( 'wmic /Node:"zz" path win32_groupuser where (groupcomponent="win32_grou
p.name=\"administrators\",domain=\"zz\"")' )  do echo %%f
GroupComponent                                 PartComponent
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_UserAccount.Domain="zz",Name="Administrator"
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_UserAccount.Domain="zz",Name="vefatica"
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_SystemAccount.Domain="ZZ",Name="NETWORK SERVICE"
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_SystemAccount.Domain="ZZ",Name="LOCAL SERVICE"
2. You might find DO easier to work with.

Code:
v:\> do line in /p `wmic /Node:"zz" path win32_groupuser where (groupcomponent="win32_group.name=\"administrator
s\",domain=\"zz\"")` ( echo %line )
GroupComponent                                 PartComponent
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_UserAccount.Domain="zz",Name="Administrator"
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_UserAccount.Domain="zz",Name="vefatica"
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_SystemAccount.Domain="ZZ",Name="NETWORK SERVICE"
win32_group.domain="zz",name="administrators"  \\ZZ\root\cimv2:Win32_SystemAccount.Domain="ZZ",Name="LOCAL SERVICE"
 
Oct 24, 2018
15
0
Thank you Vince, that was helpful.

My next challenge is being able to parse each line of the output. Here is an example where I am checking if a service is running, stopped or not installed on the system in further code. The thought is if WMIC is not able to connect due to "The RPC server is unavailable." I would check for that. The blow FOR loop works for other WMIC commands, just not checking the local Administrators group.

Code:
FOR /F "tokens=* USEBACKQ" %%F IN (`SC.EXE \\PCNameOrIP QUERY "SomeServiceNameHere"`) DO (
    SET OUTPUT!LINE!=%%F
    SET /A LINE=!LINE!+1
)
 
May 26, 2008
526
4
PowerShell would be soooo much easier here than parsing raw wmic output. If you're open to using PowerShell, let me know and I'd be happy to provide code samples.
 
May 20, 2008
10,634
81
Syracuse, NY, USA
PowerShell would be soooo much easier here than parsing raw wmic output. If you're open to using PowerShell, let me know and I'd be happy to provide code samples.
IMHO, Powershell is only easier if you are experienced at Powershell (which I'm not).

I'd like to see an example of using Powershell to list the names of the members of the "Administrators" group on a remote computer.
 
May 26, 2008
526
4
IMHO, Powershell is only easier if you are experienced at Powershell (which I'm not).
Agreed - there is a learning curve. Once you wrap your head around it you realize how well it was designed. One of the nicest things about it is that - as long as you are using native powershell commands - there is never a need to jump through hoops to parse output like with traditional shells. Everything in powershell are objects, so it's just a matter of reading properties, calling methods, etc.

I'd like to see an example of using Powershell to list the names of the members of the "Administrators" group on a remote computer.
Get-LocalGroupMember is the relevant command. Many commands include a -ComputerName switch that lets you run against a remote machine. But this command lacks that option. So one way to work around this is to combine it with Invoke-Command, which lets you run code remotely:

Untitled.png


As mentioned this output can easily be parsed without treating it like raw text.
 
May 26, 2008
526
4
Invoke-Command utilizes WinRM so that must be set up in your environment. Are you on a domain or is this a workgroup environment?

wmic uses RPC to talk to remote machines.

Edit to add: Invoke-Command is really for running ANY powershell code remotely. If you want to only do WMI, you can probably utilize PowerShell still without WinRM. Look at: Get-WmiObject -ComputerName xxx
 
Oct 24, 2018
15
0
PowerShell would be soooo much easier here than parsing raw wmic output. If you're open to using PowerShell, let me know and I'd be happy to provide code samples.
I agree completely, but sadly, the ports are blocked. Really annoying. So, I'm stuck in CMDland until they get this particular network inline with the other network where it's not blocked.
 
May 26, 2008
526
4
I agree completely, but sadly, the ports are blocked.
Bummer - WinRM is amazing!

You can still use PowerShell to do WMI if you want (Get-WmiObject -ComputerName ...), it will still make it easier to parse output since you'll only need to reference properties of the returned objects. It should work as it doesn't use Powershell Remoting (WinRM).