How can I programatically check that I am running Windows 8.1 using cmd.exe or PowerShell?
Powershell
get-wmiobject win32_operatingsystem will return several properties you can use to check the OS.
get-wmiobject win32_operatingsystem|select-object name,caption,buildnumber,version|format-list
name : Microsoft Windows 8.1 Enterprise|C:\WINDOWS|\Device\Harddisk0\Partition2
caption : Microsoft Windows 8.1 Enterprise
buildnumber : 9600
version : 6.3.9600
CMD
wmic os get caption /value|find "="
to put it into a variable:
for /f %%i in ('wmic os get caption /value^|find "="') do set version=%%i
Another method using PowerShell:
(Get-Command -Name $env:windir\system32\ntoskrnl.exe).FileVersionInfo.FileVersion -match '6.3.9600';
This command returns $true or $false. To be honest, alroc's is the ideal solution, in my opinion. This is just an alternative.
Related
Im trying to do a script for unistall and install a program as local admin from a domain user non-admin.
cmd /C runas /noprofile /user:LocalPC\localuser "wmic product where name="software" call uninstall /nointeractive
The command works well but when i try to do on a script doest work, either get a error, simply dont unistall the program
the code is
Set-Content "C:\script\unistall.bat -value 'wmic product where name="software" call uninstall /nointeractive'
cmd /C runas /noprofile /user:localpc\localuser "C:\script\unistall.bat"
any idea why the program dont unistall?
I want to make a batch file (for Windows OS) that when it runs, it first must check if the operating system is 32- or 64-bit, and if Microsoft Visual C++ 2010 (x84 or x64) 10.0.40219 is installed on the computer.
If it isn't installed then run the vcredist_x32 or vcredist_x64.
It also must check if the application LibraChildren exist and if so uninstall it.
i solve your problem with batch-file and powershell
first create start.bat
includ:
powershell -noexit "& ""s:\1.ps1"""
second save this script as 1.ps1
wmic os get osarchitecture#first for check os architecture
$a=( Get-WmiObject -Class win32_product | Select-Object -Property Name )
if ( $a | Select-String -SimpleMatch "Microsoft Visual C++ 2010" ) {echo "exist"} else { s:\1.bat }#this check programm microsoft visual installed or not
third
go create 1.bat
include:
msiexec vcredist_x32 or vcredist_x64
I create a solution with in batch file.
Here is the code:
if exist "%SYSTEMDRIVE%\Program Files (x86)\" (
if not exist C:\Windows\SysWOW64\msvcr100.dll ( vcredist_x64 )
)
else (
if not exist C:\WINDOWS\system32\msvcr100.dll ( vcredist_x86 )
)`
in win32 works well, but I don't know if it is works well in win64`
How to kill a process by name and orginiated from a particular path using taskkill?
taskkill /F /IM
certainly it cant differentiate 2 process started from two different locations C:\Dir1 and C:\Dir2
Does tasklist has any switch to get the path name
taskkill cannot do it. But you could use PowerShell if it's an option:
(Get-WmiObject Win32_Process | Where-Object { $_.Path.StartsWith('C:\Dir1') }).Terminate()
Use the following command (it works even without powershell):
wmic process where ExecutablePath='C:\\Dir1\\image.exe' delete
NOTE: ExecutablePath is accessable for all processes only if you run wmic as administrator on Windows 8
Based on Joey's answer:
wmic Path win32_process Where "CommandLine Like '%C:\\Dir1\\image.exe%'" Call Terminate
This way I avoid NullReferenceException when Path is null (don't know why) and does not need PowerShell.
Ref: https://superuser.com/questions/52159/kill-a-process-with-a-specific-command-line-from-command-line
Warning
It is dangerous if there are other processes running with the commandline contains that image path. For example:
> start cmd /k "C:\windows\system32\notepad.exe"
> wmic Path win32_process where "CommandLine Like '%C:\\Windows\\system32\\notepad.exe%'" get caption,processid,executablePath,commandline
Caption CommandLine ExecutablePath ProcessId
cmd.exe cmd /k "C:\windows\system32\notepad.exe" C:\WINDOWS\system32\cmd.exe 11384
notepad.exe C:\windows\system32\notepad.exe C:\windows\system32\notepad.exe 9684
So... What if we use "C:\Dir1\image.exe%" instead of "%C:\Dir1\image.exe%"?
If we launched this program from Explorer, its commandline may be quoted. If we ignore it, there will be no matches:
> wmic Path win32_process where "CommandLine Like '%C:\\Windows\\system32\\notepad.exe%'" get caption,processid,executablePath,commandline
Caption CommandLine ExecutablePath ProcessId
notepad.exe "C:\WINDOWS\system32\notepad.exe" C:\WINDOWS\system32\notepad.exe 108
> wmic Path win32_process where "CommandLine Like 'C:\\Windows\\system32\\notepad.exe%'" get caption,processid,executablePath,commandline
No Instance(s) Available.
Therefore, it is recommended to use "ExecutablePath" like l0pan's answer.
Your case seems to be when you have custom services with same process name installed on the machine from different paths. If this is indeed the scenario, you probably have different Service Names which can be used as an additional filter.
See Syntax:
taskkill /S {REPLACE_WITH_SERVER_IP_OR_NAME} /F /FI "IMAGENAME eq {REPLACE_WITH_PROCESS_NAME}" /FI "SERVICES eq {REPLACE_WITH_SERVICENAME}"
See Example:
taskkill /S 10.10.1.1 /F /FI "IMAGENAME eq tomcat7.exe" /FI "SERVICES eq tomcatServiceEngine"
For list of all available filters, please visit taskkill command
You can only find your processes' path unless you are running powershell with administrator privilege.
32-bit PowerShell cannot find the path of 64-bit process via Get-Process, so I suggest you use WMI or CIM. Some references that may be useful:
Process Class (System.Diagnostics) | Microsoft Docs § Remarks
c# - How to get the full path of running process? - Stack Overflow
c - Get command line string of 64-bit process from 32-bit process - Stack Overflow
PowerShell way. Based on Joey's answer and user's comment.
Assuming that the path of the program is C:\Dir1\file.exe. If multiple instances of the program are running, you should use the following command:
Get-WmiObject Win32_Process |
Where-Object { $_.Path -eq "C:\Dir1\file.exe" } |
ForEach-Object { $_.Terminate() }
Otherwise, Powershell will report an error:
PS > (Get-WmiObject Win32_Process |
Where-Object { $_.Path -eq "C:\Dir1\file.exe" }).Terminate()
Method invocation failed because [System.Object[]] doesn't contain a method named 'Terminate'.
In addition, the above command also avoids the error when no matching process is found (e.g., the Path of no process is equal to C:\Dir1\file.exe):
PS > (Get-WmiObject Win32_Process |
Where-Object { $_.Path -eq "C:\Dir1\file.exe" }).Terminate()
You cannot call a method on a null-valued expression.
If you don't like WMI:
Get-Process |
Where-Object { $_.Path -eq "C:\Dir1\file.exe" } |
ForEach-Object { Stop-Process -Id $_.Id }
I noticed that both Win32_Process.Terminate() and Stop-Process are used to forcibly terminate the process, so the process may not be able to perform any cleanup work.
Tested in Powershell 2.0 on Windows 7 (6.1.7600.0).
If you do like WMI and you are on Windows 6.2 (Windows server 2012 and Windows 8) and later, you should use Get-CimInstance instead of Get-WmiObject in PowerShell 3 and later (Introduction to CIM Cmdlets | PowerShell Team):
Get-CimInstance Win32_Process |
Where-Object { $_.Path -eq "C:\Dir1\file.exe" } |
Invoke-CimMethod -MethodName "Terminate"
Or, more CIM'y:
Get-CimInstance CIM_Process |
Where-Object { $_.Path -eq "C:\Dir1\file.exe" } |
Invoke-CimMethod -MethodName "Terminate"
Here, you may want to know why Invoke-CimMethod:
WMI CIM-plified Part 5: WSMAN Protocol -- Microsoft Certified Professional Magazine Online
Hey, Dude! Where Are My Methods? | Scripting Blog
I’m afraid you can’t do that anymore | Richard Siddaway's Blog
And, why "CIM":
Should I use CIM or WMI with Windows PowerShell? | Scripting Blog
CIM vs. WMI CmdLets – The top reasons I changed over –
GivingSomethingBack
Get-CIMInstance Vs Get-WMIObject: What’s The Difference?
I didn't test it on Windows 6.2, but Windows 10 (10.0.19041.0).
Microsoft Windows XP comes with a VBS script to manage local and network printers from the command line:
To Get the default printer details from command line:
cscript C:\windows\system32\prnmngr.vbs -g
To Get the list of printers added to the system from Windows command line:
cscript C:\windows\system32\prnmngr.vbs -l
Is there any equivalent commands for Windows 7? I just need to get the default printer details and get the list of printers attached to the system.
In Windows 7 these same scripts are found in
C:\Windows\System32\Printing_Admin_Scripts\en-US
List of all printers names and shows default one (You can get more details read documentation)
wmic printer get name,default
If you want output to file use:
wmic printer get name,default > D:\catalog\file.txt
Availability
The wmic command is an external command that is available in the below Microsoft operating systems as wmic.exe.
Windows XP professional
Windows 2003
Windows Vista
Windows 7
Windows 8
Windows 10
On Windows 10, the scripts are found in the same place as Windows 7.
Execute the following command to display the default printer.
cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -g
Note if there is no default printer, the script will return nothing
i found mine in the sideXside folder...
C:\windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e83b619ada3e7ed\
i ran the following:
cscript C:\windows\winsxs\x86_microsoft-windows-p..inscripts.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0e83b619ada3e7ed\prnmngr.vbs -g
it worked.
To list active printer components on Windows 8.1:
c:>cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -l | findstr "Printer name"
To remove printer in Windows 8.1:
cscript C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs -d -p "Printer name"
I had trouble with a printer not showing in devices/printers so unable to remove it, although it was there when I pressed file > print in firefox. It was also stopping me from using the printer name for the actual installation (it bugged me having to append _1 at the end of the default printer!"
Using a batch file (no VBScript files):
#echo off
::Get printer CLSID
for /f %%a in ('reg query HKCU\Printers\Defaults') do (set regkey=%%a)
::Get printer name from the previous CLSID
for /f "tokens=3*" %%a in ('reg query %regkey%') do (set printername=%%a %%b)
echo Printer name is: %printername%
I wish that could help you
Problem
Given a process ID & command-line access on a remote Windows host, how can you find its parent's PID?
Solution
Given Marc B's answer, we can use WMIC (Command samples here) and do something like this:
wmic process where (processid=PROCID_HERE) get parentprocessid
C:\> wmic process get processid,parentprocessid,executablepath|find "process id goes here"
In powershell:
PS> wmic process where '(processid=4632)' get 'processid,parentprocessid,executablepath'
ExecutablePath ParentProcessId ProcessId
C:\Program Files\Docker\Docker\Resources\com.docker.db.exe 4488 4632
Based on joslinm's solution in the question, here's a snippet of how to use this in a batch script:
set PID=<this is the child process ID>
for /f "usebackq tokens=2 delims==" %%a in (`wmic process where ^(processid^=%PID%^) get parentprocessid /value`) do (
set PARENT_PID=%%a
)
Or you can do something like this in PowerShell:
Get-CimInstance -className win32_process | where-object {$_.ProcessId -eq processId_goes_here } | select ParentProcessId, Name
as well you can filter by name just substitute $_.ProcessId with $_.Name property