Are you familiar with Windows Management Instrumentation (WMI)?
It’s a core component of the Windows operating system and a technology that enables you to manage your systems more effectively.
One way you can tap into its power is by using Windows Management Instrumentation Command-line (WMIC).
Honestly, I ignored this tool for many years. But now I consider it one of the most powerful utilities that come pre-installed with Windows because you can run commands like this…
wmic /NODE:{COMPUTER} /FAILFAST:1000 PATH Win32_Process CALL Create ‘{PROGRAM} {ARGS}’
With this simple one liner you can run any program on a remote system with ease.
You only need to replace 3 variables, hit enter, and you’re done.
{COMPUTER} – replace with the hostname of a computer.
{PROGRAM} – replace with the full path to the application you want to run.
{ARGS} – replacewith any application parameters.
So, if I had …
{COMPUTER} – MyProblemPC
{PROGRAM} – “c:tempgpevtdmp.exe”
{ARGS} – “c:logs”
My command line would be…
wmic /NODE:MyProblemPC /FAILFAST:1000 PATH Win32_Process CALL Create ‘“c:tempgpevtdmp.exe” “c:logs”‘
And that’s really about it! No PsExec, scripting, or fancy stuff.
I need to point out 2 gotchas:
- The binaries for the app must already exist, locally, on the remote workstation
- The program must not require user intervention because it will run hidden in the background.
Click the link below to watch my video where I show this in action.
-Kareem
