- Operating system
- History
- Майнер ctfhost (маскируется под microsoft©windows©operating system) (заявка № 192841)
- Майнер ctfhost (маскируется под microsoft©windows©operating system)
- Информация
- Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
- Антивирусная помощь
- Win32_OperatingSystem class
- Syntax
- Members
- Methods
- Properties
- Remarks
- Examples
Operating system
An Operating System (OS) is a set of computer programs that manage the hardware and software resources of a computer. Popular Operating Systems include Microsoft Windows, Mac OS X and Linux.
An operating system performs basic system tasks such as controlling input and output devices, facilitating networking, managing file systems, managing applications, allocating memory and prioritizing system requests.
Modern operating systems provide a graphical user interface (GUI) shell where the user can interact with the OS, launch applications and manage their computer system. Most OSs still have a command line interpreter, and some (notably Linux) are often operated without a GUI to conserve resources. Networked computers can often be managed remotely, although there are security implications to this.
User interactions with an OS include installing and managing devices, installing and managing applications, saving and managing files and configuring the OS itself. Application interactions include allocating memory, accessing processing time, accessing files and negotiating network access.
History
The first computers did not have operating systems — they were manually configured to perform a single series of tasks. By the early 1960s, vendors were supplying extensive tools for streamlining the development, scheduling, and execution of jobs on these batch processing systems.
Through the 1960s, several major concepts drove the development of operating systems. The development of the IBM System/360 produced a wide family of mainframe computers, for which a single operating system was planned. The OS/360 system was successful, and modern IBM systems are still descended from this early OS. The OS/360 also introduced the hard disk for permanent storage, and seamless time-sharing of system resources between multiple concurrent users.
The Multics timesharing system was the most famous of a number of new operating systems developed to take advantage of the time-sharing concept; and was an inspiration to a number of operating systems developed in the 1970s, notably Unix by Dennis Richie and Ken Thompson.
The first microcomputers did not have the capacity (or need) for the elaborate operating systems that had been developed for mainframes and minis. Minimal operating systems were developed to manage these systems, often loaded from ROM and known as Monitors. One notable early disk-based operating system was CP/M, which was supported on many early microcomputers. CP/M was the main inspiration for Microsoft’s MS-DOS, which became wildly popular as the operating system chosen for the IBM PC. The major alternative throughout the 1980s in the microcomputer market was Mac OS, still exclusive to the Apple Macintosh computer.
By the 1990s, the microcomputer had evolved to the point where robust and complex operating systems were increasingly desirable. Microsoft’s response to this change was the development of Windows NT, which served as the basis for Microsoft’s desktop operating system line starting in 2001. Apple rebuilt their operating system on top of a Unix core as Mac OS X, also released in 2001.
Public-developed reimplementations of Unix, assembled with the tools from the GNU Project, also became popular; versions based on the Linux kernel are by far the most popular, with the BSD-derived UNIXes holding a small portion of the server market.
The growing complexity of embedded devices has led to increasing use of embedded operating systems. In some cases, the «operating system» software is directly linked to the application to produce a monolithic special-purpose program. In the simplest embedded systems, there is no distinction between the OS and the application. Embedded systems that have certain time requirements are known as Real-time operating systems.
The choice of OS may be dependant on the hardware architecture, specifically the CPU, with only Linux and BSD running on almost any CPU. Windows NT 3.1, which is no longer supported, was ported to the DEC Alpha and MIPS Magnum. Mainframe computers and embedded systems use a variety of different operating systems, many with no direct connection to Windows or Unix. QNX and VxWorks are two common embedded operating systems, the latter being used in network infrastructure hardware equipment. A «Datacenter» variant of Windows Server 2003 is also available for some mainframe systems.
Майнер ctfhost (маскируется под microsoft©windows©operating system) (заявка № 192841)
Опции темы
Майнер ctfhost (маскируется под microsoft©windows©operating system)
Добрый вечер, эксперты!
Проблема аналогична этой http://virusinfo.info/showthread.php?t=192819
Инструкции, приведенные в той теме,не выполнял, т.к опасаюсь, что могут быть отличия в деталях.
Итак, появился процесс ctfhost, который маскируется в ДЗ как microsoft©windows©operating system.
Запускается минут через 10, после включения пк и начинает загружать по полной одну из моих вк.
Расположен в C:\Users\Георгий\AppData\Roaming\WinRAR\Ctfhost.
Выручайте
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
Уважаемый(ая) Yakov Dark, спасибо за обращение на наш форум!
Помощь при заражении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы, в самое ближайшее время, ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитами АВЗ и HiJackThis, подробнее можно прочитать в правилах оформления запроса о помощи.
Информация
Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.
Если наш сайт окажется полезен Вам и у Вас будет такая возможность — пожалуйста поддержите проект.
Будет выполнена перезагрузка компьютера.
Выполните скрипт в AVZ
c:\quarantine.zip пришлите по красной ссылке Прислать запрошенный карантин над первым сообщением в Вашей теме.
Выполните правила ЕЩЕ РАЗ и предоставьте НОВЫЕ логи
Антивирусная помощь
Выполнил.
Прикладываю новые логи.
quarantine.zip — не могу понять — загрузилось или нет. Пишет «Ошибка загрузки. Данный файл уже был загружен»
Скачайте Farbar Recovery Scan Tool
и сохраните на Рабочем столе.
- Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.
и сохраните на Рабочем столе. 1. Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
2. Убедитесь, что в окне Optional Scan отмечены List BCD, Driver MD5 и 90 Days Files. 
3. Нажмите кнопку Scan.
4. После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите этот отчет в следующем сообщении.
5. Если программа была запущена в первый раз, также будет создан отчет (Addition.txt). Пожалуйста, и его тоже прикрепите в следующем сообщении.
Win32_OperatingSystem class
The Win32_OperatingSystem WMI class represents a Windows-based operating system installed on a computer.
The following syntax is simplified from Managed Object Format (MOF) code and includes all of the inherited properties. Properties and methods are in alphabetic order, not MOF order.
Syntax
Members
The Win32_OperatingSystem class has these types of members:
Methods
The Win32_OperatingSystem class has these methods.
| Method | Description |
|---|---|
| Reboot | Shuts down and then restarts the computer system. |
| SetDateTime | Allows the computer date and time to be set. |
| Shutdown | Unloads programs and DLLs to the point where it is safe to turn off the computer. |
| Win32Shutdown | Provides the full set of shutdown options supported by Windows operating systems. |
| Win32ShutdownTracker | Provides the same set of shutdown options supported by the Win32Shutdown method in Win32_OperatingSystem, but also allows you to specify comments, a reason for shutdown, or a timeout. |
Properties
The Win32_OperatingSystem class has these properties.
BootDevice
Data type: string
Access type: Read-only
Name of the disk drive from which the Windows operating system starts.
BuildNumber
Data type: string
Access type: Read-only
Build number of an operating system. It can be used for more precise version information than product release version numbers.
BuildType
Data type: string
Access type: Read-only
Type of build used for an operating system.
Examples: «»retail build»», «»checked build»»
Caption
Data type: string
Access type: Read-only
Short description of the object—a one-line string. The string includes the operating system version. For example, «Microsoft Windows 7 Enterprise «. This property can be localized.
WindowsВ Vista and WindowsВ 7: This property may contain trailing characters. For example, the string «Microsoft Windows 7 Enterprise » (trailing space included) may be necessary to retrieve information using this property.
CodeSet
Data type: string
Access type: Read-only
Code page value an operating system uses. A code page contains a character table that an operating system uses to translate strings for different languages. The American National Standards Institute (ANSI) lists values that represent defined code pages. If an operating system does not use an ANSI code page, this member is set to 0 (zero). The CodeSet string can use a maximum of six characters to define the code page value.
CountryCode
Data type: string
Access type: Read-only
Code for the country/region that an operating system uses. Values are based on international phone dialing prefixes—also referred to as IBM country/region codes. This property can use a maximum of six characters to define the country/region code value.
Example: «1» (United States)
CreationClassName
Data type: string
Access type: Read-only
Name of the first concrete class that appears in the inheritance chain used in the creation of an instance. When used with other key properties of the class, this property allows all instances of this class and its subclasses to be identified uniquely.
CSCreationClassName
Data type: string
Access type: Read-only
Creation class name of the scoping computer system.
CSDVersion
Data type: string
Access type: Read-only
Qualifiers: MappingStrings («Win32API|System Information Structures|OSVERSIONINFOEX|szCSDVersion«)
NULL-terminated string that indicates the latest service pack installed on a computer. If no service pack is installed, the string is NULL.
Example: «Service Pack 3»
CSName
Data type: string
Access type: Read-only
Name of the scoping computer system.
CurrentTimeZone
Data type: sint16
Access type: Read-only
Number, in minutes, an operating system is offset from Greenwich mean time (GMT). The number is positive, negative, or zero.
DataExecutionPrevention_32BitApplications
Data type: boolean
Access type: Read-only
When the data execution prevention hardware feature is available, this property indicates that the feature is set to work for 32-bit applications if True. On 64-bit computers, the data execution prevention feature is configured in the Boot Configuration Data (BCD) store and the properties in Win32_OperatingSystem are set accordingly.
DataExecutionPrevention_Available
Data type: boolean
Access type: Read-only
Data execution prevention is a hardware feature to prevent buffer overrun attacks by stopping the execution of code on data-type memory pages. If True, then this feature is available. On 64-bit computers, the data execution prevention feature is configured in the BCD store and the properties in Win32_OperatingSystem are set accordingly.
DataExecutionPrevention_Drivers
Data type: boolean
Access type: Read-only
When the data execution prevention hardware feature is available, this property indicates that the feature is set to work for drivers if True. On 64-bit computers, the data execution prevention feature is configured in the BCD store and the properties in Win32_OperatingSystem are set accordingly.
DataExecutionPrevention_SupportPolicy
Data type: uint8
Access type: Read-only
Indicates which Data Execution Prevention (DEP) setting is applied. The DEP setting specifies the extent to which DEP applies to 32-bit applications on the system. DEP is always applied to the Windows kernel.
Always Off (0)
DEP is turned off for all 32-bit applications on the computer with no exceptions. This setting is not available for the user interface.
Always On (1)
DEP is enabled for all 32-bit applications on the computer. This setting is not available for the user interface.
Opt In (2)
DEP is enabled for a limited number of binaries, the kernel, and all Windows-based services. However, it is off by default for all 32-bit applications. A user or administrator must explicitly choose either the Always On or the Opt Out setting before DEP can be applied to 32-bit applications.
Opt Out (3)
DEP is enabled by default for all 32-bit applications. A user or administrator can explicitly remove support for a 32-bit application by adding the application to an exceptions list.
Debug
Data type: boolean
Access type: Read-only
Operating system is a checked (debug) build. If True, the debugging version is installed. Checked builds provide error checking, argument verification, and system debugging code. Additional code in a checked binary generates a kernel debugger error message and breaks into the debugger. This helps immediately determine the cause and location of the error. Performance may be affected in a checked build due to the additional code that is executed.
Description
Data type: string
Access type: Read/write
Description of the Windows operating system. Some user interfaces for example, those that allow editing of this description, limit its length to 48 characters.
Distributed
Data type: boolean
Access type: Read-only
If True, the operating system is distributed across several computer system nodes. If so, these nodes should be grouped as a cluster.
EncryptionLevel
Data type: uint32
Access type: Read-only
Encryption level for secure transactions: 40-bit, 128-bit, or n-bit.
40-bit (0)
128-bit (1)
n-bit (2)
ForegroundApplicationBoost
Data type: uint8
Access type: Read/write
Increase in priority is given to the foreground application. Application boost is implemented by giving an application more execution time slices (quantum lengths).
None (0)
The system boosts the quantum length by 6.
Minimum (1)
The system boosts the quantum length by 12.
Maximum (2)
The system boosts the quantum length by 18.
FreePhysicalMemory
Data type: uint64
Access type: Read-only
Number, in kilobytes, of physical memory currently unused and available.
For more information about using uint64 values in scripts, see Scripting in WMI.
FreeSpaceInPagingFiles
Data type: uint64
Access type: Read-only
Number, in kilobytes, that can be mapped into the operating system paging files without causing any other pages to be swapped out.
For more information about using uint64 values in scripts, see Scripting in WMI.
FreeVirtualMemory
Data type: uint64
Access type: Read-only
Number, in kilobytes, of virtual memory currently unused and available.
For more information about using uint64 values in scripts, see Scripting in WMI.
InstallDate
Data type: datetime
Access type: Read-only
Date object was installed. This property does not require a value to indicate that the object is installed.
LargeSystemCache
Data type: uint32
Access type: Read-only
This property is obsolete and not supported.
Optimize for Applications (0)
Optimize memory for applications.
Optimize for System Performance (1)
Optimize memory for system performance.
LastBootUpTime
Data type: datetime
Access type: Read-only
Date and time the operating system was last restarted.
LocalDateTime
Data type: datetime
Access type: Read-only
Qualifiers: MappingStrings («MIB.IETF|HOST-RESOURCES-MIB.hrSystemDate», «MIF.DMTF|General Information|001.6»)
Operating system version of the local date and time-of-day.
Locale
Data type: string
Access type: Read-only
Qualifiers: MappingStrings («Win32API|National Language Support Functions|GetLocaleInfo|LOCALE_ILANGUAGE»)
Language identifier used by the operating system. A language identifier is a standard international numeric abbreviation for a country/region. Each language has a unique language identifier (LANGID), a 16-bit value that consists of a primary language identifier and a secondary language identifier.
Manufacturer
Data type: string
Access type: Read-only
Name of the operating system manufacturer. For Windows-based systems, this value is «Microsoft Corporation».
MaxNumberOfProcesses
Data type: uint32
Access type: Read-only
Maximum number of process contexts the operating system can support. The default value set by the provider is 4294967295 (0xFFFFFFFF). If there is no fixed maximum, the value should be 0 (zero). On systems that have a fixed maximum, this object can help diagnose failures that occur when the maximum is reached—if unknown, enter 4294967295 (0xFFFFFFFF).
MaxProcessMemorySize
Data type: uint64
Access type: Read-only
Maximum number, in kilobytes, of memory that can be allocated to a process. For operating systems with no virtual memory, typically this value is equal to the total amount of physical memory minus the memory used by the BIOS and the operating system. For some operating systems, this value may be infinity, in which case 0 (zero) should be entered. In other cases, this value could be a constant, for example, 2G or 4G.
For more information about using uint64 values in scripts, see Scripting in WMI.
MUILanguages
Data type: string array
Access type: Read-only
Multilingual User Interface Pack (MUI Pack ) languages installed on the computer. For example, «en-us». MUI Pack languages are resource files that can be installed on the English version of the operating system. When an MUI Pack is installed, you can can change the user interface language to one of 33 supported languages.
Name
Data type: string
Access type: Read-only
Operating system instance within a computer system.
NumberOfLicensedUsers
Data type: uint32
Access type: Read-only
Number of user licenses for the operating system. If unlimited, enter 0 (zero). If unknown, enter -1.
NumberOfProcesses
Data type: uint32
Access type: Read-only
Number of process contexts currently loaded or running on the operating system.
NumberOfUsers
Data type: uint32
Access type: Read-only
Number of user sessions for which the operating system is storing state information currently.
OperatingSystemSKU
Data type: uint32
Access type: Read-only
Stock Keeping Unit (SKU) number for the operating system. These values are the same as the PRODUCT_* constants defined in WinNT.h that are used with the GetProductInfo function.
The following list lists possible SKU values.
PRODUCT_UNDEFINED (0)
PRODUCT_ULTIMATE (1)
Ultimate Edition, e.g. WindowsВ Vista Ultimate.
PRODUCT_HOME_BASIC (2)
Home Basic Edition
PRODUCT_HOME_PREMIUM (3)
Home Premium Edition
PRODUCT_ENTERPRISE (4)
PRODUCT_BUSINESS (6)
PRODUCT_STANDARD_SERVER (7)
Windows Server Standard Edition (Desktop Experience installation)
PRODUCT_DATACENTER_SERVER (8)
Windows Server Datacenter Edition (Desktop Experience installation)
PRODUCT_SMALLBUSINESS_SERVER (9)
Small Business Server Edition
PRODUCT_ENTERPRISE_SERVER (10)
Enterprise Server Edition
PRODUCT_STARTER (11)
PRODUCT_DATACENTER_SERVER_CORE (12)
Datacenter Server Core Edition
PRODUCT_STANDARD_SERVER_CORE (13)
Standard Server Core Edition
PRODUCT_ENTERPRISE_SERVER_CORE (14)
Enterprise Server Core Edition
PRODUCT_WEB_SERVER (17)
Web Server Edition
PRODUCT_HOME_SERVER (19)
Home Server Edition
PRODUCT_STORAGE_EXPRESS_SERVER (20)
Storage Express Server Edition
PRODUCT_STORAGE_STANDARD_SERVER (21)
Windows Storage Server Standard Edition (Desktop Experience installation)
PRODUCT_STORAGE_WORKGROUP_SERVER (22)
Windows Storage Server Workgroup Edition (Desktop Experience installation)
PRODUCT_STORAGE_ENTERPRISE_SERVER (23)
Storage Enterprise Server Edition
PRODUCT_SERVER_FOR_SMALLBUSINESS (24)
Server For Small Business Edition
PRODUCT_SMALLBUSINESS_SERVER_PREMIUM (25)
Small Business Server Premium Edition
PRODUCT_ENTERPRISE_N (27)
Windows Enterprise Edition
PRODUCT_ULTIMATE_N (28)
Windows Ultimate Edition
PRODUCT_WEB_SERVER_CORE (29)
Windows Server Web Server Edition (Server Core installation)
PRODUCT_STANDARD_SERVER_V (36)
Windows Server Standard Edition without Hyper-V
PRODUCT_DATACENTER_SERVER_V (37)
Windows Server Datacenter Edition without Hyper-V (full installation)
PRODUCT_ENTERPRISE_SERVER_V (38)
Windows Server Enterprise Edition without Hyper-V (full installation)
PRODUCT_DATACENTER_SERVER_CORE_V (39)
Windows Server Datacenter Edition without Hyper-V (Server Core installation)
PRODUCT_STANDARD_SERVER_CORE_V (40)
Windows Server Standard Edition without Hyper-V (Server Core installation)
PRODUCT_ENTERPRISE_SERVER_CORE_V (41)
Windows Server Enterprise Edition without Hyper-V (Server Core installation)
PRODUCT_HYPERV (42)
Microsoft Hyper-V Server
PRODUCT_STORAGE_EXPRESS_SERVER_CORE (43)
Storage Server Express Edition (Server Core installation)
PRODUCT_STORAGE_STANDARD_SERVER_CORE (44)
Storage Server Standard Edition (Server Core installation)
PRODUCT_STORAGE_WORKGROUP_SERVER_CORE (45)
Storage Server Workgroup Edition (Server Core installation)
PRODUCT_STORAGE_ENTERPRISE_SERVER_CORE (46)
Storage Server Workgroup Edition (Server Core installation)
PRODUCT_PROFESSIONAL (48)
PRODUCT_SB_SOLUTION_SERVER (50)
Windows Server Essentials (Desktop Experience installation)
PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE (63)
Small Business Server Premium (Server Core installation)
PRODUCT_CLUSTER_SERVER_V (64)
Windows Compute Cluster Server without Hyper-V
PRODUCT_CORE_ARM (97)
PRODUCT_CORE (101)
PRODUCT_PROFESSIONAL_WMC (103)
Windows Professional with Media Center
PRODUCT_MOBILE_CORE (104)
PRODUCT_IOTUAP (123)
Windows IoT (Internet of Things) Core
PRODUCT_DATACENTER_NANO_SERVER (143)
Windows Server Datacenter Edition (Nano Server installation)
PRODUCT_STANDARD_NANO_SERVER (144)
Windows Server Standard Edition (Nano Server installation)
PRODUCT_DATACENTER_WS_SERVER_CORE (147)
Windows Server Datacenter Edition (Server Core installation)
PRODUCT_STANDARD_WS_SERVER_CORE (148)
Windows Server Standard Edition (Server Core installation)
Organization
Data type: string
Access type: Read-only
Company name for the registered user of the operating system.
Example: «Microsoft Corporation»
OSArchitecture
Data type: string
Access type: Read-only
Architecture of the operating system, as opposed to the processor. This property can be localized.
OSLanguage
Data type: uint32
Access type: Read-only
Qualifiers: MappingStrings («Win32Registry|DEFAULT\\Control Panel\\International|Locale»)
Language version of the operating system installed. The following list lists the possible values. Example: 0x0807 (German, Switzerland).
Chinese (Simplified)– China
Arabic – Saudi Arabia
Chinese (Traditional) – Taiwan
German – Germany
English – United States
Spanish – Traditional Sort
French – France
Italian – Italy
Dutch – Netherlands
Norwegian – Bokmal
Portuguese – Brazil
Macedonian (North Macedonia)
Scottish Gaelic (United Kingdom)
Malay – Malaysia
Chinese (Simplified) – PRC
German – Switzerland
English – United Kingdom
Spanish – Mexico
French – Belgium
Italian – Switzerland
Dutch – Belgium
Norwegian – Nynorsk
Portuguese – Portugal
Romanian – Moldova
Russian – Moldova
Serbian – Latin
Swedish – Finland
Arabic – Egypt
Chinese (Traditional) – Hong Kong SAR
German – Austria
English – Australia
Spanish – International Sort
French – Canada
Serbian – Cyrillic
Arabic – Libya
Chinese (Simplified) – Singapore
German – Luxembourg
English – Canada
Spanish – Guatemala
French – Switzerland
Arabic – Algeria
German – Liechtenstein
English – New Zealand
Spanish – Costa Rica
French – Luxembourg
Arabic – Morocco
English – Ireland
Spanish – Panama
Arabic – Tunisia
English – South Africa
Spanish – Dominican Republic
English – Jamaica
Spanish – Venezuela
Arabic – Yemen
Spanish – Colombia
Arabic – Syria
English – Belize
Spanish – Peru
Arabic – Jordan
English – Trinidad
Spanish – Argentina
Arabic – Lebanon
Spanish – Ecuador
Arabic – Kuwait
Spanish – Chile
Spanish – Uruguay
Arabic – Bahrain
Spanish – Paraguay
Arabic – Qatar
Spanish – Bolivia
Spanish – El Salvador
Spanish – Honduras
Spanish – Nicaragua
Spanish – Puerto Rico
OSProductSuite
Data type: uint32
Access type: Read-only
Qualifiers: MappingStrings («Win32Registry|SYSTEM\\CurrentControlSet\\Control\\ProductOptions|ProductSuite»), BitValues («Small Business», «Enterprise», «BackOffice», «Communication Server», «Terminal Server», «Small Business(Restricted)», «Embedded NT», «Data Center»)
Installed and licensed system product additions to the operating system. For example, the value of 146 (0x92) for OSProductSuite indicates Enterprise, Terminal Services, and Data Center (bits one, four, and seven set). The following list lists possible values.
Microsoft Small Business Server was once installed, but may have been upgraded to another version of Windows.
Windows ServerВ 2008 Enterprise is installed.
Windows BackOffice components are installed.
Communication Server is installed.
Terminal Services is installed.
Microsoft Small Business Server is installed with the restrictive client license.
Windows Embedded is installed.
A Datacenter edition is installed.
Terminal Services is installed, but only one interactive session is supported.
Windows Home Edition is installed.
Web Server Edition is installed.
Storage Server Edition is installed.
Compute Cluster Edition is installed.
OSType
Data type: uint16
Access type: Read-only
Type of operating system. The following list identifies the possible values.
Unknown (0)
Other (1)
MACOS (2)
ATTUNIX (3)
DGUX (4)
DECNT (5)
Digital Unix (6)
OpenVMS (7)
HPUX (8)
AIX (9)
MVS (10)
OS400 (11)
OS/2 (12)
JavaVM (13)
MSDOS (14)
WIN3x (15)
WIN95 (16)
WIN98 (17)
WINNT (18)
WINCE (19)
NCR3000 (20)
NetWare (21)
OSF (22)
DC/OS (23)
Reliant UNIX (24)
SCO UnixWare (25)
SCO OpenServer (26)
Sequent (27)
IRIX (28)
Solaris (29)
SunOS (30)
U6000 (31)
ASERIES (32)
TandemNSK (33)
TandemNT (34)
BS2000 (35)
LINUX (36)
Lynx (37)
XENIX (38)
VM/ESA (39)
Interactive UNIX (40)
BSDUNIX (41)
FreeBSD (42)
NetBSD (43)
GNU Hurd (44)
OS9 (45)
MACH Kernel (46)
Inferno (47)
QNX (48)
EPOC (49)
IxWorks (50)
VxWorks (51)
MiNT (52)
BeOS (53)
HP MPE (54)
NextStep (55)
PalmPilot (56)
Rhapsody (57)
Windows 2000 (58)
Dedicated (59)
OS/390 (60)
VSE (61)
TPF (62)
OtherTypeDescription
Data type: string
Access type: Read-only
Additional description for the current operating system version.
PAEEnabled
Data type: Boolean
Access type: Read-only
If True, the physical address extensions (PAE) are enabled by the operating system running on Intel processors. PAE allows applications to address more than 4 GB of physical memory. When PAE is enabled, the operating system uses three-level linear address translation rather than two-level. Providing more physical memory to an application reduces the need to swap memory to the page file and increases performance. To enable, PAE, use the «/PAE» switch in the Boot.ini file. For more information about the Physical Address Extension feature, see https://Go.Microsoft.Com/FWLink/p/?LinkID=45912.
PlusProductID
Data type: string
Access type: Read-only
Qualifiers: MappingStrings («Win32Registry|Software\\Microsoft\\Windows NT\\CurrentVersion|Plus! ProductId»)
PlusVersionNumber
Data type: string
Access type: Read-only
Qualifiers: MappingStrings («Win32Registry|Software\\Microsoft\\Windows NT\\CurrentVersion|Plus! VersionNumber»)
PortableOperatingSystem
Data type: boolean
Access type: Read-only
Specifies whether the operating system booted from an external USB device. If true, the operating system has detected it is booting on a supported locally connected storage device.
Windows ServerВ 2008В R2, WindowsВ 7, Windows ServerВ 2008 and WindowsВ Vista: This property is not supported before WindowsВ 8 and Windows ServerВ 2012.
Primary
Data type: boolean
Access type: Read-only
Specifies whether this is the primary operating system.
ProductType
Data type: uint32
Access type: Read-only
Additional system information.
Work Station (1)
Domain Controller (2)
Server (3)
QuantumLength
Data type: uint8
Access type: Read/write
**Windows ServerВ 2008 and WindowsВ Vista:В В **
The QuantumLength property defines the number of clock ticks per quantum. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to other applications. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread’s quantum varies across different Windows platforms. For Windows NT/Windows 2000 only.
The possible values are.
Unknown (0)
One tick (1)
Two ticks (2)
QuantumType
Data type: uint8
Access type: Read/write
**Windows ServerВ 2008 and WindowsВ Vista:В В **
The QuantumType property specifies either fixed or variable length quantums. Windows defaults to variable length quantums where the foreground application has a longer quantum than the background applications. Windows Server defaults to fixed-length quantums. A quantum is a unit of execution time that the scheduler is allowed to give to an application before switching to another application. When a thread runs one quantum, the kernel preempts it and moves it to the end of a queue for applications with equal priorities. The actual length of a thread’s quantum varies across different Windows platforms.
The possible values are.
Unknown (0)
Fixed (1)
Variable (2)
RegisteredUser
Data type: string
Access type: Read-only
Qualifiers: MappingStrings («Win32Registry|Software\\Microsoft\\Windows NT\\CurrentVersion|RegisteredOwner»)
Name of the registered user of the operating system.
Example: «Ben Smith»
SerialNumber
Data type: string
Access type: Read-only
Qualifiers: MappingStrings («Win32Registry|Software\\Microsoft\\Windows NT\\CurrentVersion|ProductId»)
Operating system product serial identification number.
ServicePackMajorVersion
Data type: uint16
Access type: Read-only
Qualifiers: MappingStrings («Win32API|System Information Structures|OSVERSIONINFOEX|wServicePackMajor«)
Major version number of the service pack installed on the computer system. If no service pack has been installed, the value is 0 (zero).
ServicePackMinorVersion
Data type: uint16
Access type: Read-only
Qualifiers: MappingStrings («Win32API|System Information Structures|OSVERSIONINFOEX|wServicePackMinor«)
Minor version number of the service pack installed on the computer system. If no service pack has been installed, the value is 0 (zero).
SizeStoredInPagingFiles
Data type: uint64
Access type: Read-only
Total number of kilobytes that can be stored in the operating system paging files—0 (zero) indicates that there are no paging files. Be aware that this number does not represent the actual physical size of the paging file on disk.
For more information about using uint64 values in scripts, see Scripting in WMI.
Status
Data type: string
Access type: Read-only
Current status of the object. Various operational and nonoperational statuses can be defined. Operational statuses include: «OK», «Degraded», and «Pred Fail» (an element, such as a SMART-enabled hard disk drive may function properly, but predicts a failure in the near future). Nonoperational statuses include: «Error», «Starting», «Stopping», and «Service». The Service status applies to administrative work, such as mirror-resilvering of a disk, reload of a user permissions list, or other administrative work. Not all such work is online, but the managed element is neither «OK» nor in one of the other states.
OK («OK»)
Error («Error»)
Degraded («Degraded»)
Unknown («Unknown»)
Pred Fail («Pred Fail»)
Starting («Starting»)
Stopping («Stopping»)
Service («Service»)
Stressed («Stressed»)
NonRecover («NonRecover»)
No Contact («No Contact»)
Lost Comm («Lost Comm»)
SuiteMask
Data type: uint32
Access type: Read-only
Qualifiers: BitMap («0», «1», «2», «3», «4», «5», «6», «7», «8», «9», «10»), BitValues («Windows Server, Small Business Edition», «Windows Server, Enterprise Edition», «Windows Server, Backoffice Edition», «Windows Server, Communications Edition», «Microsoft Terminal Services», «Windows Server, Small Business Edition Restricted», «Windows Embedded», «Windows Server, Datacenter Edition», «Single User», «Windows Home Edition», «Windows Server, Web Edition»)
Bit flags that identify the product suites available on the system.
For example, to specify both Personal and BackOffice, set SuiteMask to 4 | 512 or 516 .
SmallВ BusinessВ Restricted
Web Server Edition
SystemDevice
Data type: string
Access type: Read-only
Physical disk partition on which the operating system is installed.
SystemDirectory
Data type: string
Access type: Read-only
System directory of the operating system.
SystemDrive
Data type: string
Access type: Read-only
Letter of the disk drive on which the operating system resides. Example: «C:»
TotalSwapSpaceSize
Data type: uint64
Access type: Read-only
Total swap space in kilobytes. This value may be NULL (unspecified) if the swap space is not distinguished from page files. However, some operating systems distinguish these concepts. For example, in UNIX, whole processes can be swapped out when the free page list falls and remains below a specified amount.
For more information about using uint64 values in scripts, see Scripting in WMI.
TotalVirtualMemorySize
Data type: uint64
Access type: Read-only
Number, in kilobytes, of virtual memory. For example, this may be calculated by adding the amount of total RAM to the amount of paging space, that is, adding the amount of memory in or aggregated by the computer system to the property, SizeStoredInPagingFiles.
For more information about using uint64 values in scripts, see Scripting in WMI.
TotalVisibleMemorySize
Data type: uint64
Access type: Read-only
Total amount, in kilobytes, of physical memory available to the operating system. This value does not necessarily indicate the true amount of physical memory, but what is reported to the operating system as available to it.
For more information about using uint64 values in scripts, see Scripting in WMI.
Version
Data type: string
Access type: Read-only
Version number of the operating system.
WindowsDirectory
Data type: string
Access type: Read-only
Windows directory of the operating system.
Remarks
The Win32_OperatingSystem class is derived from CIM_OperatingSystem.
Any operating system that can be installed on a computer that can run a Windows-based operating system is a descendant or member of this class. Win32_OperatingSystem is a singleton class. To get the single instance, use «@» for the key.
Unlike most of the other WMI classes generated by MgmtClassGen, the OperatingSystem.CreateInstance() method will return a blank OperatingSystem object. Therefore, if you are using C# with MgmtClassGen, you can use the following code:
Examples
You can find a VBScript example that obtains operating system and processor data from Win32_ComputerSystem, Win32_Processor, and Win32_OperatingSystem in the Win32_Processor topic examples.
The Generate Exchange Environment Reports using Powershell PowerShell sample on TechNet Gallery uses a Win32_OperatingSystem class as part of a larger application to generate exchange environment reports.
The Get Server Uptime Using WMI sample in the TechNet Gallery uses the LastBootupTime property to determine how long the server has been active. The sample also uses the timeout option to ensure that the WMI call does not hang.
The WMI Information Retriever VBScript code example on the TechNet Gallery uses the Win32_OperatingSystem class to retrieve OS information from a number of remote computers.
The following script obtains the instances of Win32_OperatingSystem in the default «Root\CIMv2» namespace, and then displays information about the operating system.
The following PowerShell code sample displays all the operating information about the current OS.
