WMIC Wildcard Search using like and %

This is a quick post to provide some detail on using the wildcard search for WMIC.  This feature of the command structure will allow you to use like conditions in a where clause to look for objects that match a specific pattern.  For those of you comfortable with the SQL syntax for the same task, this will be quite familiar.

Background – Regular WHERE clause

First, let’s look at using WMIC without wildcards for comparison.  All of the statements below are run while at the WMIC command prompt.  To get to the WMIC command prompt, simply go to a Windows command window and type WMIC.

Command to show you all of your services

  • service

Command to show you all of your services that are running

  • service where state=”Running”

Command to show you specific data about your services that are running

  • service where state=”Running” get Name, DisplayName, PathName, ProcessID

Filtering it Down – the LIKE Operator

So you’ll notice that the list of services you have running is a bit difficult to sift through as there are a lot of them.  You can always export this list to a text file by calling WMIC with that command line and piping to a text file, but when you are looking for a specific set of data, I like elaborating on the where clause.  The key thing to keep in mind here is that you need to enclose the full where clause in double quotes to keep it as a single string.  As you’ll notice above, it is possible to use state=”Running” by just not using any spaces in the clause, however that doesn’t work with like.

For example, this will not work

  • service where PathNamelike”%SQL%” get Name, DisplayName, PathName, ProcessID

But this will

  • service where “PathName like ‘%SQL%’” get Name, DisplayName, PathName, ProcessID

The body of the where clause needs to be wrapped in quotes to make it a contiguous statement that does not get confused as multiple arguments.  There are a couple of interesting conveniences that should be noted about WMIC in general

  1. Using single or double quotes seems to be largely interchangeable
  2. Keywords and commands are not case sensitive

So the trick is that you need to use a slightly different and more complex syntax in order to use the like and % functionality.  Taking this command syntax full circle, you can use the more complex syntax all of the time to avoid confusion

  • service where “state = ‘Running’”

Using this wildcard filtering functionality is one of the most powerful uses of WMIC that applies to your everyday tasks.  You can combine this with the other powerful WMI functionality such as killing processes, starting or stopping services, etc.  So if you wanted to stop all of the services on your server that are running a particular application (we’ll say Widget.exe), you could do something like this:

  • service where “PathName like ‘%Widget.exe%’” call StopService

WMIC continues to be very useful in my work, so I hope you find this post helpful in your activities!

About these ads

4 Responses

  1. Hi scott,
    thanx to this page concerning wildcards. I was playing quite a long time … little hint, i think, you know it: the where clause can be combined with AND.. e.g.:
    wmic process where “CommandLine like ‘%Untis.exe%gp001%’ AND Caption=’UNTIS.exe’” get ProcessID …
    i need this, cause im calling wmic from bash from cygwin. Problem: wmic will also ‘see’ the bash command with the pattern im looking for … so two hints … took me a long time …
    well, keep on, greetings from switzerland,
    rainer

  2. thanks alot for this I just started looking at wmic and needed to filter my vmware adapters this worked perfect.

    wmic path win32_networkadapter where “Manufacturer like ‘%VMware%’” call disable

  3. Scott thanks a bunch, I too had been aching a long time trying to sort this out with the Microsoft help pages
    Thierry

  4. Cheers for sharing this information :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: