WMI

NOTE: CIM is the open standard of WMI, is cross-platform, and more efficient.

Common Information Model (CIM) and Windows Management Instrumentation (WMI) are frameworks for managing Windows and other services
- WMI is Windows Specific, and CIM is the open standard
- As Windows moves towards a more open and Linux friendly, CIM has become the more preferred method of OS management
WMI
- Uses the older DCOM protocol for communication
  - Can be a little slower and less secure
- Specific to Windows
- Available on PowerShell 2.0 and later
CMI
- Uses WS-MAN (Web Services-Management) protocol
- More cross-platform friendly
  - Can be used on non-Windows systems that support CIM
- Generally faster
- Available on PowerShell 3.0 and later
For a current list of commands for WMI or CIM, use Get-Command -Noun <*CIM*/*WMI*>

wmic process list full
1. List all processes
wmic process get name,parentprocessid,processid
1. Shows the ID and process ID of each process running
wmic process where processid=[PID] get commandline
1. See what commands were used to launch the process
  1. Processes started through mouse/keyboard interaction list the full path of the executable
  2. Processes started through command line tend to only show the name of the executable and any switches used, but it's anything the person enters into the CLI
  3. Check the end of the BHIS-SOCC-lab-WindowsCLI for details

Metadata