Useful windows commands Part-1

ARP    :Address Resolution Protocol  shows the status of the table
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]

-a            Displays current ARP entries by interrogating the current
protocol data.  If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed.  If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g            Same as -a.
inet_addr     Specifies an internet address.
-N if_addr    Displays the ARP entries for the network interface specified
by if_addr.
-d            Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
-s            Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr.  The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr      Specifies a physical address.
if_addr       If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212   00-aa-00-62-c6-09  …. Adds a static entry.
> arp -a                                    …. Displays the arp table.
>Show an ip’s mac address is arp –a ip
Bootcfg     :edit windows boot.ini file

BOOTCFG /parameter [arguments]

Description:
This command line tool can be used to configure, query, change or
delete the boot entry settings in the BOOT.INI file.

Parameter List:
/Copy       Makes a copy of an existing boot entry [operating
systems] section for which you can add OS options to.

/Delete     Deletes an existing boot entry in the [operating
systems] section of the BOOT.INI file. You must specify
the entry# to delete.

/Query      Displays the current boot entries and their settings.

/Raw        Allows the user to specify any switch options to be
added for a specified boot entry.

/Timeout    Allows the user to change the Timeout value.

/Default    Allows the user to change the Default boot entry.

/EMS        Allows the user to configure the /redirect switch
for headless support for a boot entry.

/Debug      Allows the user to specify the port and baudrate for
remote debugging for a specified boot entry.

/Addsw      Allows the user to add predefined switches for
a specific boot entry.

/Rmsw       Allows the user to remove predefined switches for a
specific boot entry.

/Dbg1394    Allows the user to configure 1394 port debugging
for a specified boot entry.

/?          Displays this help/usage.

Examples:
BOOTCFG /Copy /?        BOOTCFG /Delete /?        BOOTCFG /Query /?        BOOTCFG /Raw /?
BOOTCFG /Timeout /?    BOOTCFG /EMS /?        BOOTCFG /Debug /?        BOOTCFG /Addsw /?
BOOTCFG /Rmsw /?        BOOTCFG /Dbg1394 /?       BOOTCFG /Default /?      BOOTCFG /?

eg:
C:\Documents and Settings\sajith.kumar>bootcfg /query

Boot Loader Settings
——————–
timeout: 30
default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

Boot Entries
————
Boot entry ID:   1
Friendly Name:   “Microsoft Windows XP Professional”
Path:            multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
OS Load Options: /noexecute=optin /fastdetect

Browstat    :
Usage: BROWSTAT Command [Options | /HELP]
Where <Command> is one of:

ELECT         ( EL) – Force election on remote domain
GETBLIST      ( GB) – Get backup list for domain
GETMASTER     ( GM) – Get remote Master Browser name (using NetBIOS)
GETPDC        ( GP) – Get PDC name (using NetBIOS)
LISTWFW       (WFW) – List WFW servers that are actually running browser
STATS         (STS) – Dump browser statistics
STATUS        (STA) – Display status about a domain
TICKLE        (TIC) – Force remote master to stop
VIEW          ( VW) – Remote NetServerEnum to a server or domain on transport
DUMPNET       ( DN) – Display the list of transports bound to browser

In server (or domain) list displays, the following flags are used:
W=Workstation, S=Server, SQL=SQLServer, PDC=PrimaryDomainController,
BDC=BackupDomainController, TS=TimeSource, AFP=AFPServer, NV=Novell,
MBC=MemberServer, PQ=PrintServer, DL=DialinServer, XN=Xenix,
NT=Windows NT, WFW=WindowsForWorkgroups, MFPN=MS Netware,
SS=StandardServer, PBR=PotentialBrowser, BBR=BackupBrowser,
MBR=MasterBrowser, OSF=OSFServer, VMS=VMSServer, W95=Windows95,
DFS=DistributedFileSystem, CLUS=NTCluster, DCE=IBM DSS

Clearmem     :clear memory leak

NT Win 32 Clear Memory.
Copyright 1990-1993, Microsoft Corporation.
Version 1.17x  (93.05.12)

/——————————-
| CLEARMEM.EXE:
|
|         o argv[0]=clearmem
|         o argv[1]=/?
\——————————-
| ==> Start Flushing:  Access Section of size: 2147483647
**************************
* FAILure –> Line=400 File=d:\nt\sdktools\clearmem\clearmem.c (pid=0xA84 tid=0x564)

* RC=0x57 ()
* AccessSection() – VirtualAlloc
**************************
**************************
* FAILure –> Line=332 File=d:\nt\sdktools\clearmem\clearmem.c (pid=0xA84 tid=0x564)

* RC=0x57 ()
* FlushCache() – AccessSection
**************************
**************************
* FAILure –> Line=168 File=d:\nt\sdktools\clearmem\clearmem.c (pid=0xA84 tid=0x564)

* RC=0x57 ()
* main() – FlushCache
**************************

Cluster        :Cluster management
The syntax of this command is:

CLUSTER /LIST[:domain-name]

CLUSTER /CHANGEPASS[WORD] /?
CLUSTER /CHANGEPASS[WORD] /HELP
CLUSTER /CLUSTER:clustername1[,clustername2[,…]]
/CHANGEPASS[WORD][:newpassword[,oldpassword]] <options>

<options> =
[/FORCE] [/QUIET] [/SKIPDC] [/TEST] [/VERB[OSE]] [/UNATTEND[ED]] [/?] [/HELP]

CLUSTER [/CLUSTER:]cluster-name <options>

<options> =
/CREATE [/NODE:node-name] [/VERB[OSE]] [/UNATTEND[ED]] [/MIN[IMUM]]
/USER:domain\username | username@domain [/PASS[WORD]:password]
/IPADDR[ESS]:xxx.xxx.xxx.xxx[,xxx.xxx.xxx.xxx,network-connection-name]
/ADD[NODES][:node-name[,node-name …]] [/VERB[OSE]] [/UNATTEND[ED]]
[/MIN[IMUM]] [/PASSWORD:service-account-password]

CLUSTER [[/CLUSTER:]cluster-name] <options>

<options> =
/CREATE [/NODE:node-name] /WIZ[ARD] [/MIN[IMUM]]
[/USER:domain\username | username@domain] [/PASS[WORD]:password]
[/IPADDR[ESS]:xxx.xxx.xxx.xxx]
/ADD[NODES][:node-name[,node-name …]] /WIZ[ARD] [/MIN[IMUM]]
[/PASSWORD:service-account-password]
/PROP[ERTIES] [<prop-list>]
/PRIV[PROPERTIES] [<prop-list>]
/PROP[ERTIES][:propname[,propname …] /USEDEFAULT]
/PRIV[PROPERTIES][:propname[,propname …] /USEDEFAULT]
/REN[AME]:cluster-name
/QUORUM[RESOURCE][:resource-name] [/PATH:path] [/MAXLOGSIZE:max-size-kbytes]
/SETFAIL[UREACTIONS][:node-name[,node-name …]]
/LISTNETPRI[ORITY]
/SETNETPRI[ORITY]:net[,net …]
/REG[ADMIN]EXT:admin-extension-dll[,admin-extension-dll …]
/UNREG[ADMIN]EXT:admin-extension-dll[,admin-extension-dll …]
/VER[SION]
NODE [node-name] node-command
GROUP [group-name] group-command
RES[OURCE] [resource-name] resource-command
{RESOURCETYPE|RESTYPE} [resourcetype-name] resourcetype-command
NET[WORK] [network-name] network-command
NETINT[ERFACE] [interface-name] interface-command

<prop-list> =
name=value[,value …][:<format>] [name=value[,value …][:<format>] …]

<format> =
BINARY|DWORD|STR[ING]|EXPANDSTR[ING]|MULTISTR[ING]|SECURITY|ULARGE

CLUSTER /?
CLUSTER /HELP

Note: With the /CREATE, /ADDNODES, and /CHANGEPASSWORD options, you
will be prompted for passwords not provided on the command line
unless you also specify the /UNATTENDED option.

Defrag         :Hd defragment
Usage:
defrag <volume> [-a] [-f] [-v] [-?]
volume  drive letter or mount point (d: or d:\vol\mountpoint)
-a      Analyze only
-f      Force defragmentation even if free space is low
-v      Verbose output
-?      Display this help text
D:\Documents and Settings\gautham>defrag -a c:\
Windows Disk Defragmenter
Copyright (c) 2001 Microsoft Corp. and Executive Software International, Inc.

Analysis Report
9.99 GB Total,  3.99 GB (39%) Free,  13% Fragmented (26% file fragmentation)
You should defragment this volume.

Diskpart     :Disk administration

Microsoft DiskPart syntax:
diskpart [/s <script>] [/?]

/s <script> – Use a DiskPart script.
/?          – Show this help screen.

Diruse        :displays a list of disk usage for a directory tree(s). Version 1.20

DIRUSE [/S | /V] [/M | /K | /B] [/C] [/,] [/Q:# [/L] [/A] [/D] [/O]] [/*] DIRS

/S      Specifies whether subdirectories are included in the output.
/V      Output progress reports while scanning subdirectories.  Ignored if /S is
specified.
/M      Displays disk usage in megabytes.
/K      Displays disk usage in kilobytes.
/B      Displays disk usage in bytes (default).
/C      Use Compressed size instead of apparent size.
/,      Use thousand separator when displaying sizes.
/L      Output overflows to logfile .\DIRUSE.LOG.
/*      Uses the top-level directories residing in the specified DIRS
/Q:#    Mark directories that exceed the specified size (#) with a “!”.
(If /M or /K is not specified, then bytes is assumed.)
/A      Specifies that an alert is generated if specified sizes are exceeded.
(The Alerter service must be running.)
/D      Displays only directories that exceed specified sizes.
/O      Specifies that subdirectories are not checked for specified size
overflow.
DIRS    Specifies a list of the paths to check.
Eg: C:\Support Tools>diruse.exe /s /m “c:\Support Tools”

Size (mb)  Files  Directory
11.27    105  C:\SUPPORT TOOLS
11.27    105  SUB-TOTAL: C:\SUPPORT TOOLS

11.27    105  TOTAL: C:\SUPPORT TOOLS

Getmac     :shows MAC address

GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V]

Description:
This command line tool enables an administrator to display the MAC
address for one or more network adapters on a system.

Parameter List:
/S     system            Specifies the remote system to connect to.

/U     [domain\]user     Specifies the user context under
which the command should execute.

/P     [password]        Specifies the password for the given
user context. Prompts for input if omitted.

/FO    format            Specifies the format in which the output
is to be displayed.
Valid values: “TABLE”, “LIST”, “CSV”.

/V                       Specifies that the detailed information
should be displayed in the output.

/NH                      Specifies that the “Column Header” should
not be displayed in the output.
Valid only for TABLE and CSV formats.

/?                       Displays this help/usage.

Examples:
GETMAC /FO csv
GETMAC /S system /NH /V
GETMAC /S system /U user
GETMAC /S system /U domain\user /P password /FO list /V
GETMAC /S system /U domain\user /P password /FO table /NH
Gpresult     :shows policy setting

GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope]
[/USER targetusername] [/V | /Z]

Description:
This command line tool displays the Resultant Set of Policy (RSoP)
for a target user and computer.

Parameter List:
/S        system           Specifies the remote system to connect
to.

/U        [domain\]user    Specifies the user context under which
the command should execute.

/P        [password]       Specifies the password for the given
user context. Prompts for input if omitted.

/USER     [domain\]user    Specifies the user name for which the
RSOP data is to be displayed.

/SCOPE    scope            Specifies whether the user or the
computer settings needs to be
displayed.
Valid values: “USER”, “COMPUTER”.

/V                         Specifies that the verbose information
is to be displayed. Verbose information
details specific settings that have
been applied with a precedence of 1.

/Z                         Specifies that the super-verbose
information is to be displayed. Super-
verbose information details specific
settings that have been applied with a
precedence of 1 and higher. This allows
you to see if a setting was set in
multiple places. See the Group Policy
online help for more information.

/?                         Displays this help/usage.

NOTE: If you run GPRESULT without parameters, it returns the RSoP data
for the current logged-on user on the computer it was run on.

Examples:
GPRESULT
GPRESULT /USER targetusername /V
GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z
GPRESULT /S system /U username /P password /SCOPE USER /V

Gpupdate     :update policy setting
Microsoftr Windowsr Operating System Group Policy Refresh Utility v5.1
c Microsoft Corporation. All rights reserved.

Description:  Refreshes Group Policies settings.

Syntax:  GPUpdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]
[/Logoff] [/Boot] [/Sync]

Parameters:

Value                      Description
/Target:{Computer | User}  Specifies that only User or only Computer
policy settings are refreshed. By default,
both User and Computer policy settings are
refreshed.

/Force                     Reapplies all policy settings. By default,
only policy settings that have changed are
applied.

/Wait:{value}              Sets the number of seconds to wait for policy
processing to finish. The default is 600
seconds. The value ‘0’ means not to wait.
The value ‘-1’ means to wait indefinitely.
When the time limit is exceeded, the command
prompt returns, but policy processing
continues.

/Logoff                    Causes a logoff after the Group Policy settings
have been refreshed. This is required for
those Group Policy client-side extensions
that do not process policy on a background
refresh cycle but do process policy when a
user logs on. Examples include user-targeted
Software Installation and Folder Redirection.
This option has no effect if there are no
extensions called that require a logoff.

/Boot                      Causes a reboot after the Group Policy settings
are refreshed. This is required for those
Group Policy client-side extensions that do
not process policy on a background refresh cycle
but do process policy at computer startup.
Examples include computer-targeted Software
Installation. This option has no effect if
there are no extensions called that require
a reboot.

/Sync                      Causes the next foreground policy application to
be done synchronously. Foreground policy
applications occur at computer boot and user
logon. You can specify this for the user,
computer or both using the /Target parameter.
The /Force and /Wait parameters will be ignored
if specified.

Ipconfig     :Shows IP configuration

USAGE:
ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] ]

where
adapter         Connection name
(wildcard characters * and ? allowed, see examples)

Options:
/?           Display this help message
/all         Display full configuration information.
/release     Release the IP address for the specified adapter.
/renew       Renew the IP address for the specified adapter.
/flushdns    Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns  Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid  Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

Examples:
> ipconfig                   … Show information.
> ipconfig /all              … Show detailed information
> ipconfig /renew            … renew all adapters
> ipconfig /renew EL*        … renew any connection that has its
name starting with EL
> ipconfig /release *Con*    … release all matching connections,
eg. “Local Area Connection 1” or
“Local Area Connection 2”

Logoff    :Terminates a session.

LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V]

sessionname         The name of the session.
sessionid           The ID of the session.
/SERVER:servername  Specifies the Terminal server containing the user
session to log off (default is current).
/V                  Displays information about the actions performed.

Logtime      :
Syntax:  LOGTIME “text string”

Writes log file LOGTIME.LOG with date and time stamp next to
the specified command line parameter. This is useful when called
from within a batch file to record the start and stop time
of a command line program. For example:

GO.BAT

logtime “begin import program”

import.exe

logtime “end import program”

Mem     :Displays the amount of used and free memory in your system.

MEM [/PROGRAM | /DEBUG | /CLASSIFY]

/PROGRAM or /P   Displays status of programs currently loaded in memory.
/DEBUG or /D     Displays status of programs, internal drivers, and other
information.
/CLASSIFY or /C  Classifies programs by memory usage. Lists the size of
programs, provides a summary of memory in use, and lists
largest memory block available.
Mountvol     :Creates, deletes, or lists a volume mount point.

MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L

path        Specifies the existing NTFS directory where the mount
point will reside.
VolumeName  Specifies the volume name that is the target of the mount
point.
/D          Removes the volume mount point from the specified directory.
/L          Lists the mounted volume name for the specified directory.

Possible values for VolumeName along with current mount points are:

\\?\Volume{a7d61998-cc21-11db-8a87-806d6172696f}\
C:\

\\?\Volume{a7d61999-cc21-11db-8a87-806d6172696f}\
D:\

\\?\Volume{a7d6199a-cc21-11db-8a87-806d6172696f}\
A:\

Msg     :Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
[/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

username            Identifies the specified username.
sessionname         The name of the session.
sessionid           The ID of the session.
@filename           Identifies a file containing a list of usernames,
sessionnames, and sessionids to send the message to.
*                   Send message to all sessions on specified server.
/SERVER:servername  server to contact (default is current).
/TIME:seconds       Time delay to wait for receiver to acknowledge msg.
/V                  Display information about actions being performed.
/W                  Wait for response from user, useful with /V.
message             Message to send.  If none specified, prompts for it
or reads from stdin.

Nbtstat         :Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a   (adapter status) Lists the remote machine’s name table given its name
-A   (Adapter status) Lists the remote machine’s name table given its
IP address.
-c   (cache)          Lists NBT’s cache of remote [machine] names and their IP addr
esses
-n   (names)          Lists local NetBIOS names.
-r   (resolved)       Lists names resolved by broadcast and via WINS
-R   (Reload)         Purges and reloads the remote cache name table
-S   (Sessions)       Lists sessions table with the destination IP addresses
-s   (sessions)       Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR  (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

RemoteName   Remote host machine name.
IP address   Dotted decimal representation of the IP address.
interval     Redisplays selected statistics, pausing interval seconds
between each display. Press Ctrl+C to stop redisplaying
statistics.

Local Area Connection:
Node IpAddress: [10.0.0.41] Scope Id: []

NetBIOS Local Name Table

Name               Type         Status
———————————————
Hostname     <00>  UNIQUE      Registered
Domainname   <00>  GROUP       Registered
Hostname     <20>  UNIQUE      Registered
Domainname   <1E>  GROUP       Registered

Netcap         : Microsoft Network Monitor capture utility

Usage: NetCap.exe [/B:#] [/T <Type> <Buffer> <HexOffset> <HexPattern>]
[/F:<filterfile.cf>] [/C:<capture file>] [/N:#]
[/L:HH:MM:SS] [/TCF:<Folder Name>]

Example: NetCap /B:20 /N:2 /T BP 100 0a ff1f /F:d:\IPFilter.CF

/B:# – Buffer, capture size to take, from 1MB to 1000MB default is 1Mb

/T   – Trigger, stop capturing when the given buffer and/or pattern is reached
If no trigger is given, the capture will stop when the buffer is full
Use “/T N” to continue capturing even if the buffer fills
Oldest frames in capture will be over written once the buffer is full
Note: With “/T N” you will have to hit space bar to stop capturing

<Type>      – ‘B’ = buffer, ‘P’ = Pattern, ‘BP’ = Buffer then Pattern,
‘PB’ = Pattern then Buffer ‘N’ = No Trigger

<Buffer>    – % Buffer Size ’25’, ’50’, ’75’, ‘100’ used with
B, BP, PB (NOT P)

<HexOffset> – Hex Offset from start of frame used with P, BP, PB (NOT B)

<HexPattern>- Hex Pattern to match used with P, BP, PB (NOT B)
The Pattern must be an even number of hex digits

/C:<Capture File> – Move temporary capture to full path and/or file name
This can be any valid local or remote path
If “/C” is not specified the capture file will remain
in the default temporary capture folder

/F:<filterfile.cf>- A Network Monitor 2.x generated capture filter (*.cf)

/L:<HH:MM:SS>     – Capture for given amount of time (max 99:99:99)
Note: This option overrides the default 100% trigger
unless “/T <trigger type>” is also specified

/TCF:<Folder Name>- Permanently changes the temporary capture folder
Warning the path must be on a fixed local hard drive
Once set you only need to use the switch again
to change the directory

/Remove           – Removes the NetCap instance of the Network Monitor driver

/N:<#>            – NIC Index number, for this computer

Use the following index numbers for these adapters:
(default) 0 = ETHERNET (005056C00002) VMware Network Adapter VMnet2
1 = ETHERNET (005056C00008) VMware Network Adapter VMnet8
2 = ETHERNET (005056C00001) VMware Network Adapter VMnet1
3 = ETHERNET (0016E6993370) Local Area Connection
4 = ETHERNET (400220524153) WAN (PPP/SLIP) Interface
Netstat         :Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a            Displays all connections and listening ports.
-b            Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e            Displays Ethernet statistics. This may be combined with the -s
option.
-n            Displays addresses and port numbers in numerical form.
-o            Displays the owning process ID associated with each connection.
-p proto      Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r            Displays the routing table.
-s            Displays per-protocol statistics.  By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v            When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval      Redisplays selected statistics, pausing interval seconds
between each display.  Press CTRL+C to stop redisplaying
statistics.  If omitted, netstat will print the current
configuration information once.
Netsh         :setting  interface configuration

Usage: netsh [-a AliasFile] [-c Context] [-r RemoteMachine]
[Command | -f ScriptFile]

The following commands are available:

Commands in this context:
?              – Displays a list of commands.
add            – Adds a configuration entry to a list of entries.
bridge         – Changes to the `netsh bridge’ context.
delete         – Deletes a configuration entry from a list of entries.
diag           – Changes to the `netsh diag’ context.
dump           – Displays a configuration script.
exec           – Runs a script file.
firewall       – Changes to the `netsh firewall’ context.
help           – Displays a list of commands.
interface      – Changes to the `netsh interface’ context.
lan            – Changes to the `netsh lan’ context.
ras            – Changes to the `netsh ras’ context.
routing        – Changes to the `netsh routing’ context.
set            – Updates configuration settings.
show           – Displays information.
wins           – Changes to the `netsh wins’ context.
winsock        – Changes to the `netsh winsock’ context.

The following sub-contexts are available:
bridge diag firewall interface lan ras routing wins winsock

>netsh interface ip show config

Configuration for interface “VMware Network Adapter VMnet2”
DHCP enabled:                         No
IP Address:                           192.168.192.1
SubnetMask:                           255.255.255.0
InterfaceMetric:                      0
Statically Configured DNS Servers:    None
Statically Configured WINS Servers:   None
Register with which suffix:           Primary only

Configuration for interface “VMware Network Adapter VMnet8”
DHCP enabled:                         No
IP Address:                           192.168.136.1
SubnetMask:                           255.255.255.0
InterfaceMetric:                      0
Statically Configured DNS Servers:    None
Statically Configured WINS Servers:   None
Register with which suffix:           Primary only

Nslookup     :DNS  configuration  testing

Eg:nslookup
Server:  server.domainname .com
Address:  10.0.0.10

Openfiles     : Enables an administrator to list or disconnect files and folders
that have been opened on a system.

OPENFILES /parameter [arguments]
Parameter List:
/Disconnect      Disconnects one or more open files.

/Query           Displays files opened locally or from shared folders.

/Local           Enables / Disables the display of local open files.
Note: Enabling this flag adds performance overhead.

Examples:
OPENFILES /Disconnect /?
OPENFILES /Query /?
OPENFILES /Local /?
>openfiles /query

Files Opened Remotely via local share points:
———————————————
INFO: No shared open files found.

Runas        :run a  program remotely
RUNAS USAGE:
RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/user:<UserName> program

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/smartcard [/user:<UserName>] program

/noprofile        specifies that the user’s profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile          specifies that the user’s profile should be loaded.
This is the default.
/env              to use current environment instead of user’s.
/netonly          use if the credentials specified are for remote
access only.
/savecred         to use credentials previously saved by the user.
This option is not available on Windows XP Home Edition
and will be ignored.
/smartcard        use if the credentials are to be supplied from a
smartcard.
/user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
program         command line for EXE.  See below for examples

Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin “mmc %windir%\system32\dsa.msc”
> runas /env /user:user@domain.microsoft.com “notepad \”my file.txt\””

NOTE:  Enter user’s password only when prompted.
NOTE:  USER@DOMAIN is not compatible with /netonly.
NOTE:  /profile is not compatible with /netonly.

Eg:    runas /profile /env /user:domainname\administrator “mmc %windir%\system32\dsa.msc”

Sc   : shows services
DESCRIPTION:
SC is a command line program used for communicating with the
NT Service Controller and services.
USAGE:
sc <server> [command] [service name] <option1> <option2>…

The option <server> has the form “\\ServerName”
Further help on commands can be obtained by typing: “sc [command]”
Commands:
query———–Queries the status for a service, or
enumerates the status for types of services.
queryex———Queries the extended status for a service, or
enumerates the status for types of services.
start———–Starts a service.
pause———–Sends a PAUSE control request to a service.
interrogate—–Sends an INTERROGATE control request to a service.
continue——–Sends a CONTINUE control request to a service.
stop————Sends a STOP request to a service.
config———-Changes the configuration of a service (persistant).
description—–Changes the description of a service.
failure———Changes the actions taken by a service upon failure.
qc————–Queries the configuration information for a service.
qdescription—-Queries the description for a service.
qfailure——–Queries the actions taken by a service upon failure.
delete———-Deletes a service (from the registry).
create———-Creates a service. (adds it to the registry).
control———Sends a control to a service.
sdshow———-Displays a service’s security descriptor.
sdset———–Sets a service’s security descriptor.
GetDisplayName–Gets the DisplayName for a service.
GetKeyName——Gets the ServiceKeyName for a service.
EnumDepend——Enumerates Service Dependencies.

The following commands don’t require a service name:
sc <server> <command> <option>
boot————(ok | bad) Indicates whether the last boot should
be saved as the last-known-good boot configuration
Lock————Locks the Service Database
QueryLock——-Queries the LockStatus for the SCManager Database
EXAMPLE:
sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:
Secedit         : Configures and analyzes system security

This has been updated with gpupdate

>shutdown /?
Usage: shutdown [-i | -l | -s | -r | -a] [-f] [-m \\computername] [-t xx] [-c “commen
t”] [-d up:xx:yy]

No args                 Display this message (same as -?)
-i                      Display GUI interface, must be the first option
-l                      Log off (cannot be used with -m option)
-s                      Shutdown the computer
-r                      Shutdown and restart the computer
-a                      Abort a system shutdown
-m \\computername       Remote computer to shutdown/restart/abort
-t xx                   Set timeout for shutdown to xx seconds
-c “comment”            Shutdown comment (maximum of 127 characters)
-f                      Forces running applications to close without warning
-d [u][p]:xx:yy         The reason code for the shutdown
u is the user code
p is a planned shutdown code
xx is the major reason code (positive integer less th
an 256)
yy is the minor reason code (positive integer less th
an 65536)

Sidwalk     :Security ID administration

Usage: Sidwalk <profile file> [<profile file> ..] [/t /f [<path>] /r /s /p /g /l <file>]

<profile file>  path of the .csv file(s)
/t              test/dry run
/f  [<path>]    for all NTFS files
/r              for Registry
/s              for File Shares
/p              for Printer Shares
/g              for local groups
/l              generate a Converter log file
<file>          log file path for /l option

Sleep         :wait for  specified sec
Usage:  sleep      time-to-sleep-in-seconds
sleep [-m] time-to-sleep-in-milliseconds
sleep [-c] commited-memory ratio (1%-100%)

Systeminfo     : This command line tool enables an administrator to query for basic
system configuration information.

SYSTEMINFO [/S system [/U username [/P [password]]]] [/FO format] [/NH]

Parameter List:
/S      system           Specifies the remote system to connect to.

/U      [domain\]user    Specifies the user context under which
the command should execute.

/P      [password]       Specifies the password for the given
user context. Prompts for input if omitted.

/FO     format           Specifies the format in which the output
is to be displayed.
Valid values: “TABLE”, “LIST”, “CSV”.

/NH                      Specifies that the “Column Header” should
not be displayed in the output.
Valid only for “TABLE” and “CSV” formats.

/?                       Displays this help/usage.

Examples:
SYSTEMINFO
SYSTEMINFO /?
SYSTEMINFO /S system
SYSTEMINFO /S system /U user
SYSTEMINFO /S system /U domain\user /P password /FO TABLE
SYSTEMINFO /S system /FO LIST
SYSTEMINFO /S system /FO CSV /NH

Tasklist         : This command line tool displays a list of application(s) and
associated task(s)/process(es) currently running on either a local or
remote system.

TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]
Parameter List:
/S     system           Specifies the remote system to connect to.

/U     [domain\]user    Specifies the user context under which
the command should execute.

/P     [password]       Specifies the password for the given
user context. Prompts for input if omitted.

/M     [module]         Lists all tasks that have DLL modules loaded
in them that match the given pattern name.
If the module name is not specified,
displays all modules loaded by each task.

/SVC                    Displays services in each process.

/V                      Specifies that the verbose information
is to be displayed.

/FI    filter           Displays a set of tasks that match a
given criteria specified by the filter.

/FO    format           Specifies the output format.
Valid values: “TABLE”, “LIST”, “CSV”.

/NH                     Specifies that the “Column Header” should
not be displayed in the output.
Valid only for “TABLE” and “CSV” formats.

/?                      Displays this help/usage.

Filters:
Filter Name     Valid Operators           Valid Value(s)
———–     —————           ————–
STATUS          eq, ne                    RUNNING | NOT RESPONDING
IMAGENAME       eq, ne                    Image name
PID             eq, ne, gt, lt, ge, le    PID value
SESSION         eq, ne, gt, lt, ge, le    Session number
SESSIONNAME     eq, ne                    Session name
CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format
of hh:mm:ss.
hh – hours,
mm – minutes, ss – seconds
MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB
USERNAME        eq, ne                    User name in [domain\]user
format
SERVICES        eq, ne                    Service name
WINDOWTITLE     eq, ne                    Window title
MODULES         eq, ne                    DLL name

Examples:
TASKLIST
TASKLIST /M
TASKLIST /V
TASKLIST /SVC
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”
Taskkill         : This command line tool can be used to end one or more processes.
Processes can be killed by the process id or image name.
TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]
Parameter List:
/S    system           Specifies the remote system to connect to.

/U    [domain\]user    Specifies the user context under which
the command should execute.

/P    [password]       Specifies the password for the given
user context. Prompts for input if omitted.

/F                     Specifies to forcefully terminate
process(es).

/FI   filter           Displays a set of tasks that match a
given criteria specified by the filter.

/PID  process id       Specifies the PID of the process that
has to be terminated.

/IM   image name       Specifies the image name of the process
that has to be terminated. Wildcard ‘*’
can be used to specify all image names.

/T                     Tree kill: terminates the specified process
and any child processes which were started by it.

/?                     Displays this help/usage.

Filters:
Filter Name   Valid Operators           Valid Value(s)
———–   —————           ————–
STATUS        eq, ne                    RUNNING | NOT RESPONDING
IMAGENAME     eq, ne                    Image name
PID           eq, ne, gt, lt, ge, le    PID value
SESSION       eq, ne, gt, lt, ge, le    Session number.
CPUTIME       eq, ne, gt, lt, ge, le    CPU time in the format
of hh:mm:ss.
hh – hours,
mm – minutes, ss – seconds
MEMUSAGE      eq, ne, gt, lt, ge, le    Memory usage in KB
USERNAME      eq, ne                    User name in [domain\]user
format
MODULES       eq, ne                    DLL name
SERVICES      eq, ne                    Service name
WINDOWTITLE   eq, ne                    Window title

NOTE: Wildcard ‘*’ for the /IM switch is accepted only with filters.

NOTE: Termination of remote processes will always be done forcefully
irrespective of whether /F option is specified or not.

Examples:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI “PID ge 1000” /FI “WINDOWTITLE ne untitle*”
TASKKILL /F /FI “USERNAME eq NT AUTHORITY\SYSTEM” /IM notepad.exe
TASKKILL /S system /U domain\username /FI “USERNAME ne NT*” /IM *
TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”

Wmic     :windows management  instrumentation command

[global switches] <command>

The following global switches are available:
/NAMESPACE           Path for the namespace the alias operate against.
/ROLE                Path for the role containing the alias definitions.
/NODE                Servers the alias will operate against.
/IMPLEVEL            Client impersonation level.
/AUTHLEVEL           Client authentication level.
/LOCALE              Language id the client should use.
/PRIVILEGES          Enable or disable all privileges.
/TRACE               Outputs debugging information to stderr.
/RECORD              Logs all input commands and output.
/INTERACTIVE         Sets or resets the interactive mode.
/FAILFAST            Sets or resets the FailFast mode.
/USER                User to be used during the session.
/PASSWORD            Password to be used for session login.
/OUTPUT              Specifies the mode for output redirection.
/APPEND              Specifies the mode for output redirection.
/AGGREGATE           Sets or resets aggregate mode.
/AUTHORITY           Specifies the <authority type> for the connection.
/?[:<BRIEF|FULL>]    Usage information.

For more information on a specific global switch, type: switch-name /?

The following alias/es are available in the current role:
ALIAS                    – Access to the aliases available on the local system
BASEBOARD                – Base board (also known as a motherboard or system board) m
anagement.

Whoami      :who logged information

WHOAMI [/option] [/option] …

Where /option is one of the following:

/ALL       = Display all information in the current access token.
/NOVERBOSE = Display minimal information. *
/USER      = Display user.
/GROUPS    = Display groups.
/PRIV      = Display privileges.
/LOGONID   = Display Logon ID.
/SID       = Display SIDs. *
/HELP      = Display help.

* Must be used with option /USER, /GROUPS, /PRIV or/LOGONID

Samples are as follows:

WHOAMI
WHOAMI /ALL
WHOAMI /USER /SID
WHOAMI /GROUPS
WHOAMI /GROUPS /NOVERBOSE
WHOAMI /USER /GROUPS /SID
WHOAMI /PRIV /NOVERBOSE
WHOAMI /USER /GROUPS /PRIV
WHOAMI /HELP

Advertisements

Posted on February 10, 2014, in Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: