0

I am trying to run a WMIC command to query all installed software on a machine (NOT POWERSHELL) I'm currently getting a but stuck on the correct syntax though. This is what I have so far and it is returning an ERROR: Retrieve Result Data.

wmic -U username%password //192.168.xxx.xxx --namespace=root/default "select * from HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall"

Any ideas where i am going wrong?

Simon Dodd
  • 1
  • 1
  • 1
    Please reconsider your stance on "no powershell". It's way easier/cleaner with PS but if WMIC, you need to get familiar with the Methods in the StdRegProv class... you can't just query using "select *" you need to call methods to pull data. Your first step would be enumerating the subkey using... WMIC /NameSpace:\\root\default Class StdRegProv Call EnumKey sSubKeyName="SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"... then for every subkey you can use the enumvalues method to get data. Source https://learn.microsoft.com/en-us/previous-versions/windows/desktop/regprov/stdregprov – Paul G Nov 12 '20 at 00:42
  • Thanks for that, I have made some progress chaning it to wmic -U usernam%password //192.168.xx.xx --namespace=root/default "SELECT * FROM StdRegProv WHERE sSubKeyName=HK_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UninstallKey" but it's still not quite there. – Simon Dodd Nov 12 '20 at 09:12
  • Adding in class and enumvalue gives me a usage error unfortunately. There is a very good reason for not using powershell, we are using our own proprietry software that doesn't have powershell commands in it as it opens up the system to potential abuse (end users use our software so adding powershell is a security risk) – Simon Dodd Nov 12 '20 at 09:25
  • You can't use a query on this class because it has no instances, you have to use the methods. Look up how to use a "for" loop in the command line and gather subkeys using the wmic command I gave you then for each result, enumerate values. That's the only way to do that using StdRegProv. – Paul G Nov 12 '20 at 15:19
  • OK thanks for that one. I'll keep digging. :) – Simon Dodd Nov 12 '20 at 15:52
  • Also note that WMIC is deprecated: https://stackoverflow.com/questions/57121875/what-can-i-do-about-wmic-is-deprecated – Tim Nov 13 '20 at 21:06

0 Answers0