@bobmccoy<\/a> . Thanks!<\/p>","upvoteCount":1,"datePublished":"2016-01-05T17:37:59.000Z","url":"https://community.spiceworks.com/t/help-with-a-wmi-query/462291/7","author":{"@type":"Person","name":"thomas-blake","url":"https://community.spiceworks.com/u/thomas-blake"}},{"@type":"Answer","text":"@cduff<\/span> - thankyou, I really appreciate you taking the time to explain this thoroughly. I often find it hard to explain to Google what you are trying to achieve with regex.<\/p>","upvoteCount":0,"datePublished":"2016-01-05T19:41:36.000Z","url":"https://community.spiceworks.com/t/help-with-a-wmi-query/462291/8","author":{"@type":"Person","name":"mikejwhat","url":"https://community.spiceworks.com/u/mikejwhat"}},{"@type":"Answer","text":"and thanks to Thomas0311!<\/p>","upvoteCount":0,"datePublished":"2016-01-06T13:56:15.000Z","url":"https://community.spiceworks.com/t/help-with-a-wmi-query/462291/9","author":{"@type":"Person","name":"mikejwhat","url":"https://community.spiceworks.com/u/mikejwhat"}},{"@type":"Answer","text":"
Great explanations guys, I owe you one.<\/p>","upvoteCount":0,"datePublished":"2016-01-06T14:10:01.000Z","url":"https://community.spiceworks.com/t/help-with-a-wmi-query/462291/10","author":{"@type":"Person","name":"mikejwhat","url":"https://community.spiceworks.com/u/mikejwhat"}}]}}
I need some help modifying a WMI query that we have to get the members of the local administrators group. I know that there are lots of powershell commands etc out there, but the program that we are using needs WMI queries (1 liners are best)
I just need it to spit out the members of the local administrators group, not all the extra stuff (if possible)
gwmi win32_groupuser -credential snmid -computer FQDN.My.Company.COM| Where-Object { $_.GroupComponent -match 'administrators' }
Any assistance is appreciated
6 Spice ups
Add this and see if that is what you need:
| ForEach-Object { $_.PartComponent -Replace '^.*?,Name="(.*?)"$','$1'}
5 Spice ups
mikejwhat
(mikejwhat)
January 5, 2016, 3:42pm
3
If you are only able to use WMI and can’t use string methods / regex to pull out the username I think you are out of luck. I notice this script here also has to resort to string manipulation:
https://gallery.technet.microsoft.com/scriptcenter/List-local-group-members-c25dbcc4
You could use WMI explorer to check if any other classes are available.
@cduff - I would be very grateful it if you could explain the regex in your post?
Thank you,
Mike
mikejwhat:
If you are only able to use WMI and can’t use string methods / regex to pull out the username I think you are out of luck. I notice this script here also has to resort to string manipulation:
https://gallery.technet.microsoft.com/scriptcenter/List-local-group-members-c25dbcc4
You could use WMI explorer to check if any other classes are available.
@cduff - I would be very grateful it if you could explain the regex in your post?
Thank you,
Mike
The caret (^) signifies the beginning of the group of characters that you want to match. While the dollar ($) signifies the end of the group of characters you want to match.
Example: '^g.d$’ would match any string that begins with g and ends with d. (E.G good, god, gtfrjfklholhgd, etc.)
As in my example above, the asterisk ( ) is a quantifier that matches zero or more of the immediately preceding character, while the dot (.) matches any single character that is not a new-line character, and finally the question-mark (?) is a quantifier that matches zero to one times.
The parentheses () are used in regex to group characters together.
So let’s break it down.
'^.*?,Name="(.*?)"$'
This is the first parameter in the -Replace statement. It is telling Powershell to match any object from the $_.PartComponent property that contains any string once (due to the ?) followed by ,Name=" followed by any string group once (again the ?) followed by ".
'$1'
This is the second parameter of the -Replace statement and it is using a special regex command. $1 when used in match statements, especially -replace, take on the value of the first string group matched in a statement. So in this instance, instead of get-wmiobject returning a huge user account object or a long obscure PartComponent property that looks similar to this
PartComponent : \\COMPUTERNAME\root\cimv2:Win32_UserAccount.Domain="COMPUTERNAME or DOMAINNAME",Name="Administrator"
it replaces everything matched with the first matched string group which is
Administrator
EDIT: Clarification of terms.
4 Spice ups
bobmccoy
(bobmccoy)
January 5, 2016, 5:17pm
5
Thomas0311:
Example: ‘^g*d$’ would match any string that begins with g and ends with d. (E.G good, god, gtfrjfklholhgd, etc.)
Actually you’re missing the wildcard (period) in the above. It should be …
"good" -match "^g.*d$"
2 Spice ups
'^.*?,Name="(.*?)"$'
A ^ matches the beginning of a string and $ matches the end. So, the pattern I wrote matches the whole string. I have to do this since I chose to use -Replace. If I used -Match and $Matches I could have done something like ‘Name=“(.*?)”’, but in this case, I like -Replace. Preference really, so I have to write something to match the whole string, so that I can replace the whole string with a sub-string.
. matches any character, * means it matches 0 or more of the preceding. ? when following , means that the * is non-greedy. In this case . would work just as well as .?, but I’ve just gotten into the habit of making my repetition non-greedy. So . ? matches any string of characters up until it reaches ,Name="
The parens are a grouping thing, so (.*?) matches any number of characters and calls them group 1, since there is only 1 group defined in the regex. It matches any number of characters up until the " at the end of the string. In my testing Name always came at the end, if that isn’t always the case then the regex would need adjusted.
The second part of the replace is the ‘$1’, means that you want to replace the previous regex (which is the whole string) with the just contents of group 1. Notice that I used single quotes here. $1 may look like a powershell variable, but it isn’t. It is an instruction to the regex engine . If you used double quotes like “$1”, it wouldn’t work. Powershell would try to expand $1, which isn’t defined, and you would pass the regex engine a blank replacement string.
3 Spice ups
Oops. Good catch, @bobmccoy . Thanks!
1 Spice up
mikejwhat
(mikejwhat)
January 5, 2016, 7:41pm
8
@cduff - thankyou, I really appreciate you taking the time to explain this thoroughly. I often find it hard to explain to Google what you are trying to achieve with regex.
mikejwhat
(mikejwhat)
January 6, 2016, 1:56pm
9
and thanks to Thomas0311!
mikejwhat
(mikejwhat)
January 6, 2016, 2:10pm
10
Great explanations guys, I owe you one.