PS C:\Windows\system32> $query = "associators of {win32_service.name='netlogon'}"
PS C:\Windows\system32> gwmi -query $query
Domain : compnay.domain.com
Manufacturer : Hewlett-Packard
Model : HP Compaq Elite 8300 USDT
Name : hostname
PrimaryOwnerName : Authorised User
TotalPhysicalMemory : 3644895232
ExitCode : 0
Name : LanmanWorkstation
ProcessId : 1328
StartMode : Auto
State : Running
Status : OK
GroupOrder : 64
Name : MS_WindowsRemoteValidation
PS C:\Windows\system32> gwmi -query $query | fl *
AdminPasswordStatus : 0
BootupState : Normal boot
ChassisBootupState : 3
KeyboardPasswordStatus : 0
PowerOnPasswordStatus : 0
PowerSupplyState : 3
PowerState : 0
FrontPanelResetStatus : 0
ThermalState : 3
Status : OK
Name : Hostname
PowerManagementCapabilities :
PowerManagementSupported :
__GENUS : 2
__CLASS : Win32_ComputerSystem
__SUPERCLASS : CIM_UnitaryComputerSystem
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_ComputerSystem.Name="Hostname"
__PROPERTY_COUNT : 58
__DERIVATION : {CIM_UnitaryComputerSystem, CIM_ComputerSystem, CIM_System, CIM_LogicalElement...}
__SERVER : Hostname
__NAMESPACE : root\cimv2
__PATH : \\Hostname\root\cimv2:Win32_ComputerSystem.Name="Hostname"
AutomaticManagedPagefile : True
AutomaticResetBootOption : True
AutomaticResetCapability : True
BootOptionOnLimit :
BootOptionOnWatchDog :
BootROMSupported : True
Caption : Hostname
CreationClassName : Win32_ComputerSystem
CurrentTimeZone : 60
DaylightInEffect : True
Description : AT/AT COMPATIBLE
DNSHostName : Hostname
Domain : Company.Domain.com
DomainRole : 1
EnableDaylightSavingsTime : True
InfraredSupported : False
InitialLoadInfo :
InstallDate :
LastLoadInfo :
Manufacturer : Hewlett-Packard
Model : HP Compaq Elite 8300 USDT
NameFormat :
NetworkServerModeEnabled : True
NumberOfLogicalProcessors : 4
NumberOfProcessors : 1
OEMLogoBitmap :
OEMStringArray : {ABS 70/71 60 61 62 63;, FBYTE#2U2V3E3P3V3X47676J6S6a7H7M7Q7T7W7a7m8D9zag.qg;, BUILDID#12WWIDIW303#SABU#DABU;}
PartOfDomain : True
PauseAfterReset : -1
PCSystemType : 1
PrimaryOwnerContact :
PrimaryOwnerName : Authorised User
ResetCapability : 1
ResetCount : -1
ResetLimit : -1
Roles : {LM_Workstation, LM_Server, NT, Potential_Browser}
SupportContactDescription :
SystemStartupDelay :
SystemStartupOptions :
SystemStartupSetting :
SystemType : X86-based PC
TotalPhysicalMemory : 3644895232
UserName : domain\user
WakeUpType : 6
Workgroup :
Scope : System.Management.ManagementScope
Path : \\Hostname\root\cimv2:Win32_ComputerSystem.Name="Hostname"
Options : System.Management.ObjectGetOptions
ClassPath : \\Hostname\root\cimv2:Win32_ComputerSystem
Properties : {AdminPasswordStatus, AutomaticManagedPagefile, AutomaticResetBootOption, AutomaticResetCapability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
Name : LanmanWorkstation
Status : OK
ExitCode : 0
DesktopInteract : False
ErrorControl : Normal
PathName : C:\Windows\System32\svchost.exe -k NetworkService
ServiceType : Share Process
StartMode : Auto
__GENUS : 2
__CLASS : Win32_Service
__SUPERCLASS : Win32_BaseService
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Service.Name="LanmanWorkstation"
__PROPERTY_COUNT : 25
__DERIVATION : {Win32_BaseService, CIM_Service, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : Hostname
__NAMESPACE : root\cimv2
__PATH : \\Hostname\root\cimv2:Win32_Service.Name="LanmanWorkstation"
AcceptPause : True
AcceptStop : True
Caption : Workstation
CheckPoint : 0
CreationClassName : Win32_Service
Description : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName : Workstation
InstallDate :
ProcessId : 1328
ServiceSpecificExitCode : 0
Started : True
StartName : NT AUTHORITY\NetworkService
State : Running
SystemCreationClassName : Win32_ComputerSystem
SystemName : Hostname
TagId : 0
WaitHint : 0
Scope : System.Management.ManagementScope
Path : \\Hostname\root\cimv2:Win32_Service.Name="LanmanWorkstation"
Options : System.Management.ObjectGetOptions
ClassPath : \\Hostname\root\cimv2:Win32_Service
Properties : {AcceptPause, AcceptStop, Caption, CheckPoint...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
Status : OK
Name : MS_WindowsRemoteValidation
__GENUS : 2
__CLASS : Win32_LoadOrderGroup
__SUPERCLASS : CIM_LogicalElement
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
__PROPERTY_COUNT : 7
__DERIVATION : {CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : Hostname
__NAMESPACE : root\cimv2
__PATH : \\Hostname\root\cimv2:Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
Caption : MS_WindowsRemoteValidation
Description : MS_WindowsRemoteValidation
DriverEnabled : True
GroupOrder : 64
InstallDate :
Scope : System.Management.ManagementScope
Path : \\Hostname\root\cimv2:Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
Options : System.Management.ObjectGetOptions
ClassPath : \\Hostname\root\cimv2:Win32_LoadOrderGroup
Properties : {Caption, Description, DriverEnabled, GroupOrder...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
PS C:\Windows\system32> gwmi -query $query | fl __class,path
__CLASS : Win32_ComputerSystem
Path : \\Hostname\root\cimv2:Win32_ComputerSystem.Name="Hostname"
__CLASS : Win32_Service
Path : \\Hostname\root\cimv2:Win32_Service.Name="LanmanWorkstation"
__CLASS : Win32_LoadOrderGroup
Path : \\Hostname\root\cimv2:Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
PS C:\Windows\system32> gwmi -query $query
Domain : compnay.domain.com
Manufacturer : Hewlett-Packard
Model : HP Compaq Elite 8300 USDT
Name : hostname
PrimaryOwnerName : Authorised User
TotalPhysicalMemory : 3644895232
ExitCode : 0
Name : LanmanWorkstation
ProcessId : 1328
StartMode : Auto
State : Running
Status : OK
GroupOrder : 64
Name : MS_WindowsRemoteValidation
PS C:\Windows\system32> gwmi -query $query | fl *
AdminPasswordStatus : 0
BootupState : Normal boot
ChassisBootupState : 3
KeyboardPasswordStatus : 0
PowerOnPasswordStatus : 0
PowerSupplyState : 3
PowerState : 0
FrontPanelResetStatus : 0
ThermalState : 3
Status : OK
Name : Hostname
PowerManagementCapabilities :
PowerManagementSupported :
__GENUS : 2
__CLASS : Win32_ComputerSystem
__SUPERCLASS : CIM_UnitaryComputerSystem
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_ComputerSystem.Name="Hostname"
__PROPERTY_COUNT : 58
__DERIVATION : {CIM_UnitaryComputerSystem, CIM_ComputerSystem, CIM_System, CIM_LogicalElement...}
__SERVER : Hostname
__NAMESPACE : root\cimv2
__PATH : \\Hostname\root\cimv2:Win32_ComputerSystem.Name="Hostname"
AutomaticManagedPagefile : True
AutomaticResetBootOption : True
AutomaticResetCapability : True
BootOptionOnLimit :
BootOptionOnWatchDog :
BootROMSupported : True
Caption : Hostname
CreationClassName : Win32_ComputerSystem
CurrentTimeZone : 60
DaylightInEffect : True
Description : AT/AT COMPATIBLE
DNSHostName : Hostname
Domain : Company.Domain.com
DomainRole : 1
EnableDaylightSavingsTime : True
InfraredSupported : False
InitialLoadInfo :
InstallDate :
LastLoadInfo :
Manufacturer : Hewlett-Packard
Model : HP Compaq Elite 8300 USDT
NameFormat :
NetworkServerModeEnabled : True
NumberOfLogicalProcessors : 4
NumberOfProcessors : 1
OEMLogoBitmap :
OEMStringArray : {ABS 70/71 60 61 62 63;, FBYTE#2U2V3E3P3V3X47676J6S6a7H7M7Q7T7W7a7m8D9zag.qg;, BUILDID#12WWIDIW303#SABU#DABU;}
PartOfDomain : True
PauseAfterReset : -1
PCSystemType : 1
PrimaryOwnerContact :
PrimaryOwnerName : Authorised User
ResetCapability : 1
ResetCount : -1
ResetLimit : -1
Roles : {LM_Workstation, LM_Server, NT, Potential_Browser}
SupportContactDescription :
SystemStartupDelay :
SystemStartupOptions :
SystemStartupSetting :
SystemType : X86-based PC
TotalPhysicalMemory : 3644895232
UserName : domain\user
WakeUpType : 6
Workgroup :
Scope : System.Management.ManagementScope
Path : \\Hostname\root\cimv2:Win32_ComputerSystem.Name="Hostname"
Options : System.Management.ObjectGetOptions
ClassPath : \\Hostname\root\cimv2:Win32_ComputerSystem
Properties : {AdminPasswordStatus, AutomaticManagedPagefile, AutomaticResetBootOption, AutomaticResetCapability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
Name : LanmanWorkstation
Status : OK
ExitCode : 0
DesktopInteract : False
ErrorControl : Normal
PathName : C:\Windows\System32\svchost.exe -k NetworkService
ServiceType : Share Process
StartMode : Auto
__GENUS : 2
__CLASS : Win32_Service
__SUPERCLASS : Win32_BaseService
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Service.Name="LanmanWorkstation"
__PROPERTY_COUNT : 25
__DERIVATION : {Win32_BaseService, CIM_Service, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : Hostname
__NAMESPACE : root\cimv2
__PATH : \\Hostname\root\cimv2:Win32_Service.Name="LanmanWorkstation"
AcceptPause : True
AcceptStop : True
Caption : Workstation
CheckPoint : 0
CreationClassName : Win32_Service
Description : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName : Workstation
InstallDate :
ProcessId : 1328
ServiceSpecificExitCode : 0
Started : True
StartName : NT AUTHORITY\NetworkService
State : Running
SystemCreationClassName : Win32_ComputerSystem
SystemName : Hostname
TagId : 0
WaitHint : 0
Scope : System.Management.ManagementScope
Path : \\Hostname\root\cimv2:Win32_Service.Name="LanmanWorkstation"
Options : System.Management.ObjectGetOptions
ClassPath : \\Hostname\root\cimv2:Win32_Service
Properties : {AcceptPause, AcceptStop, Caption, CheckPoint...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
Status : OK
Name : MS_WindowsRemoteValidation
__GENUS : 2
__CLASS : Win32_LoadOrderGroup
__SUPERCLASS : CIM_LogicalElement
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
__PROPERTY_COUNT : 7
__DERIVATION : {CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : Hostname
__NAMESPACE : root\cimv2
__PATH : \\Hostname\root\cimv2:Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
Caption : MS_WindowsRemoteValidation
Description : MS_WindowsRemoteValidation
DriverEnabled : True
GroupOrder : 64
InstallDate :
Scope : System.Management.ManagementScope
Path : \\Hostname\root\cimv2:Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
Options : System.Management.ObjectGetOptions
ClassPath : \\Hostname\root\cimv2:Win32_LoadOrderGroup
Properties : {Caption, Description, DriverEnabled, GroupOrder...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :
PS C:\Windows\system32> gwmi -query $query | fl __class,path
__CLASS : Win32_ComputerSystem
Path : \\Hostname\root\cimv2:Win32_ComputerSystem.Name="Hostname"
__CLASS : Win32_Service
Path : \\Hostname\root\cimv2:Win32_Service.Name="LanmanWorkstation"
__CLASS : Win32_LoadOrderGroup
Path : \\Hostname\root\cimv2:Win32_LoadOrderGroup.Name="MS_WindowsRemoteValidation"
No comments:
Post a Comment