I hope the commands I'm using nearly everyday will help you too.
Basic System Info
Whoami – returns the user’s login name
Hostname – returns the computer name
Msconfig – GUI for configuring boot, services, startup…
Msinfo32 – GUI for info, including remote computers
Systeminfo – CLI tool for info
Net statistics server – last restart/power on date…
Net statistics server – last restart/power on date…
Net config workstation – host/user names info…
Sysdm.cpl – System properties (old way)
Win+Pause – System window (new way)
Echo %username% logged on %computername at % %date%
Remote commands
Remote commands
Mstsc /v:Server /admin (/console)
Psexec \\Server CMD - CLI remote connection
Change logon /Enable – execute after Psexec
Change logon /Query – execute after Psexec
Processes, Services, Sessions
=Processes=
Change logon /Enable – execute after Psexec
Change logon /Query – execute after Psexec
Processes, Services, Sessions
=Processes=
Tasklist /svc /fo list | more – shows all processes on a computer
Tasklist | findstr processname – finds PID of a started process
Taskkill /pid PID /F – kills a process by PID
Taskkill /t /im processname /F – kills a process with its children (/t)
Taskkill /FI "memusage gt 102400" /F – kills RAM processes which size is less than100Mb
=Services=
Taskkill /t /im processname /F – kills a process with its children (/t)
Taskkill /FI "memusage gt 102400" /F – kills RAM processes which size is less than100Mb
=Services=
Sc queryex servicename – finds PID of an installed service
Sc config servicename start= disabled - change service startup type
Sc config servicename start= auto - change service startup type
Sc config servicename start= disabled - change service startup type
Sc config servicename start= auto - change service startup type
=Sessions=
Query session /SERVER:server – queries sessions for PID
Quser /SERVER:server – queries sessions + info of a user’s logon time
Reset session PID /SERVER:server – kills session by PID
Rwinsta PID /SERVER:server – kills session by PID
Logoff PID /SERVER:server – kills session by PID
For /F "Tokens=*" %a in (Servers.txt) Do Logoff – kills sessions named in a text file
Quser /SERVER:server – queries sessions + info of a user’s logon time
Reset session PID /SERVER:server – kills session by PID
Rwinsta PID /SERVER:server – kills session by PID
Logoff PID /SERVER:server – kills session by PID
For /F "Tokens=*" %a in (Servers.txt) Do Logoff – kills sessions named in a text file
NTFS Permissions
takeown /f D:\test /A /R /D Y – forcibly (/f) grants ownership to the Admins group (/A) recursively (/R) with Yes answer (/D Y). Can use UNC path.
iCacls D:\test /setowner "Administrators" /T /C – also grants ownership
iCacls D:\test /grant Administrators:(OI)(CI)M /F /T /C – grants modify permissions
iCacls D:\test /remove "Administrators" /T /C – recursively removes user permissions from folder hierarchy
‘All Previous commands’ | find /I “denied” >> C:\err.log – makes log file
Windows Update troubleshooting
Wuauclt /resetauthorization /detectnow /updatenow
Net stop wuauserv => del C:\Windows\SoftwareDistribution => start
Netsh winhttp reset proxy
WSReset.exe – clears & resets Windows Store cache on Win8.1/10
Network
=Basic commands=
Ipconfig /renew– Renew the IP address for the specified adapter
Ipconfig /flushdns – Purges the DNS Resolver cache
Ping hostname – shows IP by given host name (ICMP echo request)
Ping –a 10.10.10.10 – shows host name by given IP
Tracert hostname – traces path by given IP
Pathping hostname – traces path by given IP + localhost + statistics
=Checking MAC address=
Getmac– shows MAC address of a local computer
Getmac /s server – MAC address of a remote computer
Ping Server (then) Arp -a – MAC address of a remote computer
=DNS commands=
Pathping hostname – traces path by given IP + localhost + statistics
=Checking MAC address=
Getmac– shows MAC address of a local computer
Getmac /s server – MAC address of a remote computer
Ping Server (then) Arp -a – MAC address of a remote computer
=DNS commands=
Nslookup computer – DNS info about some host (external command)
> server 4.4.8.8 – changes DNS server to be used (internal command)
> server 4.4.8.8 – changes DNS server to be used (internal command)
Nslookup –q=MX <host> <DNS server> – changes default record type
Dnscmd server /statistics > D:\filename – DNS info
Netstat commands
Netstat
Netstat -a– adds UDP ports
Netstat -o– shows PID (not in Win2000)
Netstat
Netstat -a– adds UDP ports
Netstat -o– shows PID (not in Win2000)
|
Netstat -ao – shows TCP/UDP ports and PIDs
Netstat –n 5– shows output every 5 seconds
Netstat –a | find "135" – shows process that listens on port 135
Netstat –a | find "established" – shows established process
(possible parameters: listening/established/time_wait/close_wait)
Netstat –ao | find “192.168”– shows processes with PID
Netstat –a | find "established" – shows established process
(possible parameters: listening/established/time_wait/close_wait)
Netstat –ao | find “192.168”– shows processes with PID
Netsh commands
Netsh winsock reset– resets IP stack
Netsh int ip reset anyfile.txt – resets IP stack
Netsh advf set allp state off – disable FW with CMD
Netsh advf set allp state off – disable FW with CMD
Netsh interface tcp show global – general TCP info
Netsh –r interface ip show interfaces – local info about net interfaces
Netsh –r server interface ip show interfaces – remote interfaces info
=Solving network speed problems=
Netsh interface tcp set global autotuning=disabled
Netsh interface tcp set global autotuning=normal
Netsh interface tcp set global rss=disabled
Netsh interface tcp set global rss=enabled
Additional commands
=Change startup type of any service from CMD=
sc config servicename start= disabled
sc config servicename start= auto
=Syncing computer time with DC=
w32tm /config /syncfromflags:domhier /update
Then run:
net stop w32time
net start w32time
forfiles –p C:\Share\ -s –m *.* -d -1 –c “CMD /C del /Q /F /s @path” – delete files by date
Active Directory
Gpupdate /force – update of domain GP on a local computer
Gpedit.msc – Group Policy editor on a local GP
Secpol.msc – security hive of local GP
Repadmin /showrepl– shows AD replication
Repadmin /syncall Server.dom.com – activates AD replication
Ldp.exe– GUI view on Active Directory
Nltest /query /SERVER:server – queries netlogon service status
Nltest /SERVER:server /finduser:username – user Domain & DC Nltest /DCLIST:Domain – list of DCs in Domain
Nltest /SERVER:server /finduser:username – user Domain & DC Nltest /DCLIST:Domain – list of DCs in Domain
Nltest /DSGETDC:Domain – DC authenticated the *Computer*
Set logonserver – DC authenticated the *User*
Echo %logonserver% – DC authenticated the *User*
Echo %logonserver% – DC authenticated the *User*
Exchange commands (needs Exchange Powershell)
=Show all organizational databases=
=Show all organizational databases=
Get-MailboxDatabase –STATUS
Get-MailboxDatabase –STATUS | format-table name,mounted,backupinprogress,onlinemaintenanceprogress
Get-MailboxDatabase – STATUS | select servername,name,databasesize
Get-MailboxDatabase – STATUS | select servername,name,databasesize | Sort-Object Name -Descending
Get-MailboxDatabase – STATUS | select servername,name,databasesize | Sort-Object DatabaseSize –Descending
Get-MailboxDatabase – STATUS | select servername,name,databasesize | Sort-Object Name -Descending
Get-MailboxDatabase – STATUS | select servername,name,databasesize | Sort-Object DatabaseSize –Descending
=Show databases on the particular Exchange Server=
Get-MailboxDatabase –SERVER servername
Get-MailboxDatabase –SERVER servername –Status | format-table name,mounted,backupinprogress
Get-MailboxDatabaseCopyStatus –SERVER servername
=Check status of the particular database=
Get-MailboxDatabase dbname
=Check status of the particular database=
Get-MailboxDatabase dbname
=Check the date of Exchange Last Full Backup=
Get-MailboxServer | Get-MailboxDatabaseCopyStatus | ft name,latestfull*
Get-MailboxDatabase –SERVER server -status | fl name, *fullbackup
Import-Module ServerManager
Add-WindowsFeature Backup