WMIC Wildcard Search using like and %

This is a quick post to provide some detail on using the wildcard search for WMIC.  This feature of the command structure will allow you to use like conditions in a where clause to look for objects that match a specific pattern.  For those of you comfortable with the SQL syntax for the same task, this will be quite familiar.

Background – Regular WHERE clause

First, let’s look at using WMIC without wildcards for comparison.  All of the statements below are run while at the WMIC command prompt.  To get to the WMIC command prompt, simply go to a Windows command window and type WMIC.

Command to show you all of your services

  • service

Command to show you all of your services that are running

  • service where state=”Running”

Command to show you specific data about your services that are running

  • service where state=”Running” get Name, DisplayName, PathName, ProcessID

Filtering it Down – the LIKE Operator

So you’ll notice that the list of services you have running is a bit difficult to sift through as there are a lot of them.  You can always export this list to a text file by calling WMIC with that command line and piping to a text file, but when you are looking for a specific set of data, I like elaborating on the where clause.  The key thing to keep in mind here is that you need to enclose the full where clause in double quotes to keep it as a single string.  As you’ll notice above, it is possible to use state=”Running” by just not using any spaces in the clause, however that doesn’t work with like.

For example, this will not work

  • service where PathNamelike”%SQL%” get Name, DisplayName, PathName, ProcessID

But this will

  • service where “PathName like ‘%SQL%'” get Name, DisplayName, PathName, ProcessID

The body of the where clause needs to be wrapped in quotes to make it a contiguous statement that does not get confused as multiple arguments.  There are a couple of interesting conveniences that should be noted about WMIC in general

  1. Using single or double quotes seems to be largely interchangeable
  2. Keywords and commands are not case sensitive

So the trick is that you need to use a slightly different and more complex syntax in order to use the like and % functionality.  Taking this command syntax full circle, you can use the more complex syntax all of the time to avoid confusion

  • service where “state = ‘Running'”

Using this wildcard filtering functionality is one of the most powerful uses of WMIC that applies to your everyday tasks.  You can combine this with the other powerful WMI functionality such as killing processes, starting or stopping services, etc.  So if you wanted to stop all of the services on your server that are running a particular application (we’ll say Widget.exe), you could do something like this:

  • service where “PathName like ‘%Widget.exe%'” call StopService

WMIC continues to be very useful in my work, so I hope you find this post helpful in your activities!