Server FaultUseful Command-line Commands on Windows
[+282] [160] Sung
[2009-05-04 02:33:04]
[ windows command-line management commands reference ]
[ ]

The aim for this Wiki is to promote using a command to open up commonly used applications without having to go through many mouse clicks - thus saving time on monitoring and troubleshooting Windows machines.

Answer entries need to specify

Shortcut to commands

(11) If you find this stuff interesting, take a look at commandlinefu: It's basically like digg for CLI - username
great list, very usefull - Adyt
(1) Try putting each command as a separate answer. Then we can vote and comment on each one. - lamcro
(1) This is a great question, super useful info, and the stackexchange engine made it trivial to find. I agree with @lamcro, however, that structuring each command as an individual answer would likely provide more value, however then the wouldn't be sorted alphabetically? hmmm... - David Alpert
@David Alpert: Yes, since answers cannot be sorted according to commands, that was why I was listing the command in alphabetical order in the question. I wonder if grouping those commands would be even more useful or not. - Sung
(1) This is a great example, across all SE, of a well-executed poll. I especially like combining separate answers (for voting) and alphabetical index to them! - Jonik
[+122] [2009-05-04 07:02:52] splattne

A little known one is


It shows the MAC address(es) [1] of your network adapter(s).

Screenshot of running getmac from a Windows commandline window.


(10) +1 Nice! Didn't know about that one. Very useful! - WaldenL
Very nice. When I run this on my laptop I get "ERROR: Not found.", however I can run getmac /? and it prints out the description / usage... ideas? - Zack Mulgrew
(5) ipconfig /all gives you this information in a less direct way too. - LeopardSkinPillBoxHat
Ha, now I've got your MAC address, prepare to be hackzored! - Peter Turner
+1 nice..!! makes things a lot easier - Adyt
+1. Nice one. :-) - DragonBorn
+1 Very nice! :-) - KPWINC
(14) Oh, MAC. It would be better if it ordered a Mac from the Apple store for you. ;-) - Kyle Cronin
(2) THANK YOU! No more ipconfig /all and scrolling around! "Happy dance!" - Gomibushi
[+65] [2009-05-04 12:50:24] Toro

In the command prompt type:

C:\> start .

It opens the current directory in the Windows Explorer.

(2) How neat. it works just like "ii ." in powershell. - Sung
start . & exit is also good - I've got those set as s.cmd and sx.cmd respectively. Also x.cmd for exit, because yes I'm that lazy. - Mark Allen
(5) You could also do "explorer ." - Manuel Ferreria
(2) start actually works for any file type you can double-click on (word documents, xls files, etc) as well as drive mappings (not just the current working directory). - Kyle Burton
or if you want an explorer pane on the left side: start explorer /e,. - Lara Dougan
(5) Note that start can be a bit funny if you have files with spaces in their names. If start's first argument is quoted, it interprets it as a request to change the window title. So instead of running: start "My File.txt" you have to enter: start "" "My File.txt" This drove me nuts until someone explained it to me! - Ken Keenan
Remarkably just start (without the .) opens another identical command window - bobobobo
[+51] [2009-05-04 02:36:28] Sung
Remote Desktop Connection


Some image demonstrationg the use of mstsc.exe.

(1) Love this one, and use it lots! Saves so much more time with WinKey+R, mstsc. - p.campbell
(16) Even better with the /v: switch. Just Win+R, then "mstsc /" - Portman
(4) Also the /console switch - luapyad
(9) renamed to /admin switch these days, and behaves quite differently in 2008+ - Oskar Duveborn
(17) don't forget the /span option for creating really big sessions across two monitors. - SqlACID
(6) Renamed back to /console in Vista SP1 and later, because they shouldn't have changed it in the first place. :) - Mark Allen
(7) While we're at it, I also often use /w: and /h: to manually set width and height. I'm particularly fond of running IIS Manager in 800x800 for some reason. - Portman
(1) /console (or /admin) switch is useful when you only have limited number of connections allowed in the network. - MarlonRibunal
(1) usually i just type remote at start button for this one - Adyt
/f for fullscreen - talonx
I use mstsc /w:2560 /h:1024 /v:"servername" if I want to match my desktop size. - Bratch
What does this stand for? I always thought "Microsoft Terminal Service Connection"? At least thats what I say in my head. - Godfather950
[+46] [2009-05-04 07:42:39] K. Brian Kelley

A list I use a lot:

  • nbtstat - List NetBIOS stats and information
  • netstat - List TCP/IP stats and information
  • ipconfig - List TCP/IP configuration for a system
  • netsh - Network configuration for a system
  • sc - manage services
  • net - whole slew of commands to manage users and groups, shares, connections, etc.
  • ping - makes sure a system is up on the network
  • tracert - trace the hops between two hosts. useful to see if there's a break in between and where it is.
  • nslookup - Query DNS for information
  • dcdiag - check health of the domain controller
  • setspn - check SPNs for Kerberos configuration

(4) +1 for an actual list of command line tools, and not just ways to start MMC. - WaldenL
sorry, what is the use of "sc"? - Alex. S.
(1) sc allows you to control services, and it allows you to do so remotely. This is different from net start/net stop, which run locally (albeit you can use psexec or something like that to get to a console on a remote system). sc will also query the service, etc. Basically everything you can do from services.msc you can now do from the command-line. - K. Brian Kelley
great list.. +1 - Adyt
+1. Nice one. :-) - DragonBorn
(1) netsh seems like a really powerful command, but I have not really been able to work with it. What do people really use it for? - railmeat
[+44] [2009-05-04 02:38:11] user640

Services control panel:


find myself using this alot - Adyt
+1. Nice one. :-) - DragonBorn
You can also type this (and the names of other MMC snap-ins) into the Run dialog. services.msc and compmgmt.msc are my most commonly used entries. - Coxy
You can use SC to manager services from the command prompt. Of course the venerable net command can start and stop services. - railmeat
[+41] [2009-05-05 20:30:50] Frode Lillerud

allow you to shutdown or reboot a machine. You can even reboot a remote machine with

shutdown -m \\server -t 0 -r

It even comes with a graphical user interface

shutdown -i

and you can abort a shutdown with

shutdown -a

Ouch, I don't think I will be trying this out often unless I do it on a VM ;) - Sung
I use this at the end of my end-of-week script. - mmyers
This one's essential for us. We're an app group and our IT's centrally located out-of-state. We have local admin access to all of our servers and can reboot at will. It's not unusual for TS to choke when trying to shutdown and this is the only thing that we can use to kick things back into shape without calling an operator. - squillman
give it a -f as well to force all open apps to close - beakersoft
[+37] [2009-05-05 07:48:25] thomasrutter

Robocopy [1] is really useful. It mirrors directories.

It is great for backups, restoring, and transferring large amounts of files. It only transfers files which have changed and can resume from where it left off.

It comes standard in Windows Vista and later, but Windows XP users can get it as part of the Windows Server 2003 Resource Kit (free) or later.


Robocopy does so much more than mirror directories. It's freeking amazing! Any command-line tool that requires a word document to explain it rocks in my book. - WaldenL
(1) hehe. Well I guess it's a swiss-army-knife of command line copying, but with no GUI nonsense. - thomasrutter
+1 Excellent tool - Andreas Grech
+1; Robocopy, tar, split and gzip form basically all of our backup strategy. - RainyRat
@RainyRat: What, no 'at' command? - Dan Esparza
Is this the rsync of Windows? - Joey Adams
Well I use it as an rsync equivalent. But it doesn't do everything rsync does, obviously, like transferring over SSH, the smart delta transferring ability, etc. What it does do is robustly copy files, and all their attributes and permissions, in a way that it doesn't matter if the operation is interrupted (it can be safely and robustly resumed). Useful for backups or when you move to a new drive/filesystem. - thomasrutter
[+34] [2009-05-06 01:29:58] Nick Devereaux

(Not really a command per-se, but a way to get there.)

For those of you that find yourself going to Start > Run > "cmd" a lot, you can cut down some steps.

Say you want to get your IP address. You would normally go Start > Run > "cmd" [enter] then...

ipconfig [enter]

Now instead, go...

Start > Run > "cmd /k ipconfig"

This will run cmd and the command 'ipconfig', and it will keep the window open. So if I want to quickly get my MAC address (physical address), I'd do:

 cmd /k ipconfig /all

...all from the run menu in one line.

All courtesy of BostonMark [1]


Very cool, I am constantly doing Start>Run>Cmd to run various common commands and didn't know this shortcut. - Element
(3) Yes, the /k flag is definitely one of the best tips here. - Abraham Vegh
(10) Here's a better way: Go to START > All Programs > Accessories > Command Prompt, and right-click. Select Properties. Click the 'Short-cut' tab. Put the cursor in the 'Shortcut Key' field. Press [ctrl]-[alt]-t, it should say "Ctrl+Alt+T". Click OK. Now you can launch cmd.exe from anywhere anytime by hitting ctrl-alt-t. - Ryan Fisher
(5) Also, using windowskey+r gets you directly to the "Run..." window. - Andor
(1) How is this quicker or fewer keystrokes than opening cmd and typing the command? Seems to me two more keystrokes than the way you're proposing to replace. - harpo
[+28] [2009-06-14 12:12:34] Joseph Kern

The forgotten art: DOS String Manipulation!

set mydate=%date:~10,4%_%date:~4,2%_%date:~7,2%
echo %mydate%

Output will be YYYY_MM_DD.

Copy and paste this into a .bat file and be amazed! This is especially useful for creating backups, or any time/date series of directories and files.

An example:

@echo off
:: Yes, this looks bad, but it works, it sets the file veriable mydate to YYYY_MM_DD.
set mydate=%date:~10,4%_%date:~4,2%_%date:~7,2%

echo Backing up DC1:
:: start a new backup session, the /M switch is for the type of bakcup being performed, type ntbackup /? for more info
start /wait ntbackup backup \\DC1\c$ /j "DC1 Backup" /f "C:\BAK\DC1\DC1_%mydate%.bkf" /M incremental
echo DC1 is Done

echo Backing up EXCH:
start /wait ntbackup backup \\EXCH\c$ /j "EXCH Backup" /f "C:\BAK\EXCH\EXCH_%mydate%.bkf" /M incremental
echo EXCH is Done

echo Backing up FS1:
start /wait ntbackup backup \\FS1\c$ /j "FS1 Backup" /f "C:\BAK\FS1\FS1_%mydate%.bkf" /M incremental
echo FS1 is Done

echo Backup was completed %date% %time%

(4) +2. wow. this is impressive. this is almost as mind blowing as the first time I saw someone use the for command at the command-line. - MikeJ
(1) +1 I wish I'd known about this 10 years ago. - Kelly S. French
(5) This is dangerous as hell as the system locale display format changes the string that date returns and hence will thrash any script based on character position into an unpredictable mess if it ever changes. Which at least in Europe can easily happen by mistake or on purpose - I've had scheduled batch scripts do horrible things (or nothing) because of exactly this ^^ - Oskar Duveborn
Well ... I would hope that people wouldn't copy/paste/pray on production systems ... :-) Good point though. - Joseph Kern
[+26] [2009-05-05 20:49:27] Frode Lillerud

will list processes on local or a remote machine.

tasklist.exe /S server

It can display which Services the scvhost.exe processes are hosting with

tasklist /SVC

You can also do some filtering. This will display the processes on a remote machine that have used more than 15 minutes of CPU time

tasklist /S server /FI "CPUTIME gt 00:15:00"

(1) +1 for the /svc flag, that's really useful! - Curtis
(1) Don't forget it's counterpart taskkill - Chris S
[+25] [2009-05-04 08:56:56] Igal Tabachnik

control userpasswords2

Opens the classic User Accounts dialog:

enter image description here

[+24] [2009-05-05 17:28:03] Andrew Cox

I find that I use findstr a lot to find stuff in logs, error files, etc.

A simple example: in the log file ex0905.log we find all lines that have 2009-05-05 in them:

findstr "2009-05-05" ex0905.log

(1) findstr /s find recursively - Alex. S.
Put @findstr %* into a file named fs.bat in the PATH. - Lumi
[+22] [2009-05-04 02:40:19] Sung
Programs and Features (Formerly known as "Add or Remove Programs")


alt text

Windows, then "fea" also isolates it well.. (But +1) - Ruben Bartelink
(1) +1 for 256-colour greatness! - Mark Henderson
@Farseeker: I ran out of my 80G space as I was taking screenshot. Coudln't even spare a couple of megs at the time ;) - Sung
You often need to do control appwiz.cpl - especially if you're doing it under runas (as you probably should be!) - Richard Gadsden
[+21] [2009-05-04 18:06:24] Ivo Looser

Sometimes I have to worry about too few free sessions for a Terminal Server connection to a server.

quser displays information about user sessions on a terminal server.

quser /SERVER:myserver


C:\Documents and Settings\sysmanager01>quser /SERVER:serverx
usr_hot1                                        1  Disc        none   30.04.2009 17:59
usr_hot                                         2  Disc        none   30.04.2009 18:01
appsuperuser                rdp-tcp#6           3  Conn            .  01.01.1601 02:00

Sometimes it's even possible to find pure workaholics like appsuperuser :-)

It's easier when pasting the quser executable from any 32-bit Server to my local System32 folder.

What version of Windows is "quser" available? - Sung
(6) Try using qwinsta instead, it's included by default in clients like XP as well... rwinsta can nuke the sessions - Oskar Duveborn
[+17] [2009-05-08 23:52:22] Jim Harte

I use


to see disconnected remote desktop sessions and


to end them.

It works on Windows 2000 [1], Windows XP [2], Windows Vista [3], Windows Server 2003 [4] and probably Windows Server 2008 [5] (never tried).


Wow. I'm speechless. - Andomar
you can use rwinsta to boot the remote session by id too! - Nick Kavadias
thats incredible. im impressed. - djangofan
[+16] [2009-05-04 02:44:03] Sung
Computer Management

enter image description here

[+16] [2009-05-08 23:00:25] phuzion

Displays a ton of information about the system at hand. The following are what it outputs on Vista:

  • Host Name
  • OS Name
  • OS Version
  • OS Manufacturer
  • OS Configuration
  • OS Build Type
  • Registered Owner
  • Registered Organization
  • Product ID
  • Original Install Date
  • System Boot Time
  • System Manufacturer
  • System Model
  • System Type
  • Processor(s)
  • BIOS Version
  • Windows Directory
  • System Directory
  • Boot Device
  • System Locale
  • Input Locale
  • Time Zone
  • Total Physical Memory
  • Available Physical Memory
  • Page File
  • Max Size
  • Page File
  • Available
  • Page File
  • In Use
  • Page File Location(s)
  • Domain
  • Logon Server
  • Hotfix(s)
  • Network Card(s)

this is really useful. did not know this one - MikeJ
[+15] [2009-05-05 17:02:52] 17 of 26

Very useful one I only found out about recently:


Gives you a dialog box with the version of Windows the machine is running, complete with Service Pack level and build number.

(9) Note that I use the hotkey Win+Pause to see most of this information quickly on a box. - Matthew
[+14] [2009-06-27 00:05:35] KAPes

There is still no mention of WMIC.exe :)

Find whatever you want from remote machine, local machine... multiple machines.

Nicely filled out HTML page with all data related to OS

WMIC OS get /all /format:htable

Look at all the options available

ALIAS                    - Access to the aliases available on the local system
BASEBOARD                - Base board (also known as a motherboard or system board) management.
BIOS                     - Basic input/output services (BIOS) management.
BOOTCONFIG               - Boot configuration management.
CDROM                    - CD-ROM management.
COMPUTERSYSTEM           - Computer system management.
CPU                      - CPU management.
CSPRODUCT                - Computer system product information from SMBIOS.
DATAFILE                 - DataFile Management.
DCOMAPP                  - DCOM Application management.
DESKTOP                  - User's Desktop management.
DESKTOPMONITOR           - Desktop Monitor management.
DEVICEMEMORYADDRESS      - Device memory addresses management.
DISKDRIVE                - Physical disk drive management.
DISKQUOTA                - Disk space usage for NTFS volumes.
DMACHANNEL               - Direct memory access (DMA) channel management.
ENVIRONMENT              - System environment settings management.
FSDIR                    - Filesystem directory entry management.
GROUP                    - Group account management.
IDECONTROLLER            - IDE Controller management.
IRQ                      - Interrupt request line (IRQ) management.
JOB                      - Provides  access to the jobs scheduled using the schedule service.
LOADORDER                - Management of system services that define execution dependencies.
LOGICALDISK              - Local storage device management.
LOGON                    - LOGON Sessions.
MEMCACHE                 - Cache memory management.
MEMLOGICAL               - System memory management (configuration layout and availability of memory).
MEMPHYSICAL              - Computer system's physical memory management.
NETCLIENT                - Network Client management.
NETLOGIN                 - Network login information (of a particular user) management.
NETPROTOCOL              - Protocols (and their network characteristics) management.
NETUSE                   - Active network connection management.
NIC                      - Network Interface Controller (NIC) management.
NICCONFIG                - Network adapter management.
NTDOMAIN                 - NT Domain management.
NTEVENT                  - Entries in the NT Event Log.
NTEVENTLOG               - NT eventlog file management.
ONBOARDDEVICE            - Management of common adapter devices built into the motherboard (system board).
OS                       - Installed Operating System/s management.
PAGEFILE                 - Virtual memory file swapping management.
PAGEFILESET              - Page file settings management.
PARTITION                - Management of partitioned areas of a physical disk.
PORT                     - I/O port management.
PORTCONNECTOR            - Physical connection ports management.
PRINTER                  - Printer device management.
PRINTERCONFIG            - Printer device configuration management.
PRINTJOB                 - Print job management.
PROCESS                  - Process management.
PRODUCT                  - Installation package task management.
QFE                      - Quick Fix Engineering.
QUOTASETTING             - Setting information for disk quotas on a volume.
RECOVEROS                - Information that will be gathered from memory when the operating system fails.
REGISTRY                 - Computer system registry management.
SCSICONTROLLER           - SCSI Controller management.
SERVER                   - Server information management.
SERVICE                  - Service application management.
SHARE                    - Shared resource management.
SOFTWAREELEMENT          - Management of the  elements of a software product installed on a system.
SOFTWAREFEATURE          - Management of software product subsets of SoftwareElement.
SOUNDDEV                 - Sound Device management.
STARTUP                  - Management of commands that run automatically when users log onto the computer system.
SYSACCOUNT               - System account management.
SYSDRIVER                - Management of the system driver for a base service.
SYSTEMENCLOSURE          - Physical system enclosure management.
SYSTEMSLOT               - Management of physical connection points including ports,  slots and peripherals, and
TAPEDRIVE                - Tape drive management.
TEMPERATURE              - Data management of a temperature sensor (electronic thermometer).
TIMEZONE                 - Time zone data management.
UPS                      - Uninterruptible power supply (UPS) management.
USERACCOUNT              - User account management.
VOLTAGE                  - Voltage sensor (electronic voltmeter) data management.
VOLUMEQUOTASETTING       - Associates the disk quota setting with a specific disk volume.
WMISET                   - WMI service operational parameters management.

and many, many more.

@KAPes: "/format:htable" is awesome... - Sung
[+13] [2009-05-09 14:05:59] Oskar Duveborn

Chaining commands, in particular net stop and start to restart any service:

net stop w3svc && net start w3svc

(It is a silly example as iisreset will do that, but anyway ;)

(5) Just pointing out this is actually conditional execution, unlike a single '&'. - Christopher Galpin
True, it will only start if it the stop succeeded... or I guess that's the spirit anyway - not sure the net stop would actually return a non-success if it timed out.. testing - Oskar Duveborn
Well as it does both even if one tries to stop a non-existing service, in this case it doesn't seem to matter - but the difference is of course great. They should add that "promote comment to answer" feature and I'd promote yours ^^ - Oskar Duveborn
(3) This will ensure a metabase configuration change is saved, however. IISRESET does not. - K. Brian Kelley
[+13] [2009-05-11 07:50:17] dss_so
color 02

This, my friends, is the only command you'll ever need. The rest is nonessential.

(2) Oops, I accidentally entered color 23... - Andomar
entering 'color' by itself takes you back to default - RobW
Too bad it doesn't stick across CMD sessions... - Nate
[+12] [2009-05-04 09:37:36] Richard
explorer .

Open explorer with the current folder selected.

explorer /e, .

Open explorer, with folder tree, with current folder selected.

This is also the way to make a shortcut that opens explorer for a specific directory, like "explorer /e,c:\myhomeisinrootthxu - Andomar
Already integrated higher up the vote count... - Ruben Bartelink
[+12] [2009-05-08 20:38:37] Steve Armstrong

To change the title of the CMD window you have open, simply use:

title [your new title]

I've got a lot of CMD windows and other programs open at work. This command, combined with Taskbar Shuffle (allows you to drag taskbar items into new orders) has saved me from insanity.

[+11] [2009-05-04 13:29:25] jake

Windows 7 Run Commands [1]

I find it better to know where to find them until I have used them often enough to actually remember them.


Thanks Jake. I was looking for a list like those. My initial goal was to be able to browse through answers and find whatever a user might think will need by skimming through screenshots. But I guess I could do that myself ;) - Sung
[+10] [2009-05-04 12:44:55] Andrew H

On Windows XP at least (I haven't tried on Windows Vista and Windows 7):

appwiz.cpl @,2

It takes you straight to the Add/Remove Windows Components pane.

Another way to add or remove components in an automated fashion is to use


in unattended mode with a .inf file that lists the components you'd like to install. For example,

SNMP = 1 

Contact_Name = IT Dept. 
Location = Office
Service = Physical, Applications, End-to-End 
Community_Name = Mormon 
Traps = server1, server2 
Send_Authentication = Yes 
Accept_CommunityName = Public:Read_Only 
Any_Host = No 
Limit_Host = server1, server2

(Credit due to for .inf file.)

It's a clunky tool (hey, it's MS), but it's invaluable for getting your components sorted out post-install.

(1) "appwiz.cpl @,2" works but renamed to "Turn Windows Features On and Off" - Sung
[+10] [2009-05-04 14:26:48] Gulzar

To restart IIS


(3) This can also be used to restart IIS on a remote server: iisreset remoteservername - Saul Dolgin
(3) I don't use iisreset any longer. It may not save metabase config issue. I use net stop iisadmin /y && net start w3svc instead. Here's why: - K. Brian Kelley
@K. Brian Kelley, pretty sure the /noforce command will prevent the forcing and therefore keep you safe. IIS 7 is probably immune to it anyway since it no longer 'technically' uses the metabase. - Ashley Steel
[+10] [2009-05-08 15:30:53] atom255

I didn't see taskkill on the list yet.

TASKKILL [/S system [/U username [/P [password]]]] { [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]

Parameter List: /S system Specifies the remote system to connect to.

/U    [domain\]user    Specifies the user context under which
                       the command should execute.

/P    [password]       Specifies the password for the given
                       user context. Prompts for input if omitted.

/F                     Specifies to forcefully terminate

/FI   filter           Displays a set of tasks that match a
                       given criteria specified by the filter.

/PID  process id       Specifies the PID of the process that
                       has to be terminated.

/IM   image name       Specifies the image name of the process
                       that has to be terminated. Wildcard '*'
                       can be used to specify all image names.

/T                     Tree kill: terminates the specified process
                       and any child processes which were started by


Works great in conjunction with tasklist

[+10] [2009-06-24 19:11:34] cop1152

You can hit F7 in The Windows Command Line for a history of commands that you can choose with your keyboard.

Also...I love this one - you can copy a file path by just dragging a file into the command line.

[+9] [2009-05-04 02:49:14] Sung
Device Manager


enter image description here

(7) If you set the environment variable devmgr_show_nonpresent_devices to 1 before launching device manager, then when you show hidden devices it will show all the completely inactive devices (e.g. have been removed) as well. - Richard
[+8] [2009-05-04 02:33:17] Sung

Opens enter image description here

(1) You can just use "eventvwr" and save a few characters. - boflynn
[+8] [2009-05-04 09:46:32] Palmin

Registry Editor


[+8] [2009-05-05 00:25:46] Sung

Network Connections (Windows Vista/Windows XP)

The command



alt text

... and so falls a great Vista frustration. Thanks. - Christopher Galpin
[+8] [2009-05-05 10:43:38] Richard Gadsden

dsquery * and dsmod

Pipe your dsquery results into dsmod and do mass changes to Active Directory [1].

Description:  Finds any objects in the directory according to criteria.

Syntax:     dsquery * [{<StartNode> | forestroot | domainroot}]
            [-scope {subtree | onelevel | base}] [-filter <LDAPFilter>]
            [-attr {<AttrList> | *}] [-attrsonly] [-l]
            [{-s <Server> | -d <Domain>}] [-u <UserName>]
            [-p {<Password> | *}] [-q] [-r] [-gc]
            [{-uc | -uco | -uci}]

Value                       Description
{<StartNode> | forestroot | domainroot}
                            The node where the search will start:
                            forest root, domain root, or a node
                            whose DN is <StartNode>.
                            Can be "forestroot", "domainroot" or an object
                            If "forestroot" is specified, the search is done
                            via the global catalog. Default: domainroot.
-scope {subtree | onelevel | base}
                            Specifies the scope of the search:
                            subtree rooted at start node (subtree);
                            immediate children of start node only (onelevel);
                            the base object represented by start node (base).
                            Note that subtree and domain scope
                            are essentially the same for any start node
                            unless the start node represents a domain root.
                            If forestroot is specified as <StartNode>,
                            subtree is the only valid scope.
                            Default: subtree.
-filter <LDAPFilter>        Specifies that the search use the explicit
                            LDAP search filter <LDAPFilter> specified in the
                            LDAP search filter format for searching.
                            Default:(objectCategory=*).The search filter
                            string must be enclosed in double quotes.
-attr {<AttrList> | *}      If <AttrList>, specifies a space-separated list
                            of LDAP display names to be returned for
                            each entry in the result set.
                            If *, specifies all attributes present on
                            the objects in the result set.
                            Default: distinguishedName.
-attrsonly                  Shows only the attribute types present on
                            the entries in the result set but not
                            their values.
                            Default: shows both attribute type and value.
-l                          Shows the entries in the search result set
                            in a list format. Default: table format.
{-s <Server> | -d <Domain>}
                            -s <Server> connects to the domain controller
                            (DC) with name <Server>.
                            -d <Domain> connects to a DC in domain <Domain>.
                            Default: a DC in the logon domain.
-u <UserName>               Connect as <UserName>. Default: the logged in
                            user. User name can be: user name,
                            domain\user name, or user principal name (UPN).
-p <Password>               Password for the user <UserName>. If * then you
                            are prompted for a password.
-q                          Quiet mode: suppress all output to standard
-r                          Recurse or follow referrals during search.
                            Default: do not chase referrals during search.
-gc                         Search in the Active Directory global catalog.
-limit <NumObjects>         Specifies the number of objects matching the
                            given criteria to be returned, where <NumObjects>
                            is the number of objects to be returned.
                            If the value of <NumObjects> is 0, all matching
                            objects are returned. If this parameter is not
                            specified, by default the first 100 results are
{-uc | -uco | -uci}         -uc Specifies that input from or output to pipe
                            is formatted in Unicode.
                            -uco Specifies that output to pipe or file is
                            formatted in Unicode.
                            -uci Specifies that input from pipe or file is
                            formatted in Unicode.

The dsquery commands help you find objects in the directory that match
a specified search criterion: the input to dsquery is a search criteria
and the output is a list of objects matching the search. To get the
properties of a specific object, use the dsget commands (dsget /?).

A user-entered value containing spaces or semicolons must be enclosed in
quotes (""). Multiple user-entered values must be separated using commas
(for example, a list of attribute types).

To find all users in the current domain only whose SAM account name begins
with the string "jon" and display their SAM account name,
User Principal Name (UPN) and department in table format:

dsquery * domainroot
-filter "(&(objectCategory=Person)(objectClass=User)(sAMAccountName=jon*))"
-attr sAMAccountName userPrincipalName department

To read the sAMAccountName, userPrincipalName and department attributes of
the object whose DN is ou=Test,dc=microsoft,dc=com:

Dsquery * ou=Test,dc=microsoft,dc=com -scope base
-attr sAMAccountName userPrincipalName department

To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:

Dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

See also:
dsquery computer /? - help for finding computers in the directory.
dsquery contact /? - help for finding contacts in the directory.
dsquery subnet /? - help for finding subnets in the directory.
dsquery group /? - help for finding groups in the directory.
dsquery ou /? - help for finding organizational units in the directory.
dsquery site /? - help for finding sites in the directory.
dsquery server /? - help for finding servers in the directory.
dsquery user /? - help for finding users in the directory.
dsquery quota /? - help for finding quotas in the directory.
dsquery partition /? - help for finding partitions in the directory.
dsquery * /? - help for finding any object in the directory by using
a generic LDAP query.

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
dsquery failed:The parameter is incorrect.
type dsquery /? for help.

[+8] [2009-05-05 20:44:01] Elias


From Microsoft Technet "Performs tasks that are related to file allocation table (FAT) and NTFS file systems, such as managing reparse points, managing sparse files, or dismounting a volume."

One of its most helpful options is to disable the creation of legacy 8.3 filenames. This is particularly helpful on servers that have very large numbers of files in a directory with long filenames.

To disable legacy 8.3 filenames on XP or Server 2003:

fsutil behavior set disable8dot3 1

On Windows 7 (and possibly Vista and Server 2008) you'd use:

fsutil 8dot3name set 1

For more information see:

I can confirm "fsutil behavior set disable8dot3 1" is the correct command on Server 2008 - prestomation
fsutil can also be used to create hardlinks (and other useful but relatively hidden FS features/capabilities) - Goyuix
[+8] [2009-05-11 06:17:09] Jonathan Parker

ipconfig [1]


ipconfig [/? | /all | /renew [adapter] | /release [adapter] |

          /flushdns | /displaydns | /registerdns |

          /showclassid adapter |

          /setclassid adapter [classid] ]


adapter         Connection name 

               (wildcard characters * and ? allowed, see



   /?           Display this help message

   /all         Display full configuration information.

   /release     Release the IP address for the specified adapter.

   /renew       Renew the IP address for the specified adapter.

   /flushdns    Purges the DNS Resolver cache.

   /registerdns Refreshes all DHCP leases and re-registers DNS names

   /displaydns  Display the contents of the DNS Resolver Cache.

   /showclassid Displays all the dhcp class IDs allowed for adapter.

   /setclassid  Modifies the dhcp class id.  

The default is to display only the IP address, subnet mask and

default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address

leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.


> ipconfig                   ... Show information.

> ipconfig /all              ... Show detailed information

> ipconfig /renew            ... renew all adapters

> ipconfig /renew EL*        ... renew any connection that has its 

                                 name starting with EL

> ipconfig /release *Con*    ... release all matching connections,

                                 eg. "Local Area Connection 1" or

                                     "Local Area Connection 2"

[+8] [2009-06-04 16:44:46] Neil

Run something as a different user (good for troubleshooting w/o having people to log off)

runas /U:*domainname*\*username* "*someapplication*"

for example, if you want to open an explorer window with your credentials

runas /\mylogin "explorer /separate"

for management console snapins (services in this example) you need to use mmc followed by the normal command to open that snap-in

runas /\mylogin "mmc services.msc"

For situations where you need to run an application as a domain user from a non-domain-joined PC (eg SQL Server Management Studio)

runas /netonly /U:domain\username application.exe

[+8] [2009-06-08 14:11:54] Maxwell
netsh firewall set opmode disable 

turns off the Windows firewall.

taskkill.exe /f /fi "status eq Not Responding"

kills all not responding programs.

[+8] [2010-07-29 20:44:29] Hondalex

I just recently found out about forfiles

FORFILES [/P pathname] [/M searchmask] [/S] [/C command] [/D [+ | -] {MM/dd/yyyy | dd}]

Description: Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs.

I use this to delete old backups with this line, this basically deletes files that are older than 6 days:

Forfiles /p " C:\Backups\SQL " /d -6 /c "CMD /C del @FILE"

What Windows version do you have? It doesn't work on my Windows XP Pro SP3. Maybe I need to modify some Environment variable? - THEn
[+6] [2009-06-13 20:52:29] Joseph Kern

Windows Update Service


/a /ResetAuthorization
/r /ReportNow

This single command has a lot of mythology surrounding it. It reports no errors, has no help dialog, and the only real output is run for /demoui. But it does work, I think.

Reference [1]


[+6] [2009-06-28 20:45:41] Ken Keenan

The clip command on Windows Vista and Windows Server 2008 is very useful: it puts anything passed in on standard input on the clipboard.


Copy current directory to clipboard:

dir | clip

List C files containing a particular string:

findstr /i /s /m /c:"someFunction" *.c | clip

[+6] [2009-06-29 15:20:10] breadly

I find that often I need to create large files for testing.

fsutil file createnew C:\1_gb-ish_file.txt 1000000000

(1) I cant believe I didnt know this. Thanks for the tip! - cop1152
you're welcome :-) - breadly
[+6] [2010-06-13 11:08:50] mB.
mstsc  # starts the Remote Desktop window.
mstsc -v  # to remotely connect to a given IP.

Learned about this one about a year ago. Use it all the time now and can't live without it! - Matt Hanson
[+6] [2010-07-08 03:16:27] jftuga

To get the current date / time for use in a batch file:

for /f "usebackq tokens=1,2,3,4 delims=/ " %%w in (`echo %DATE%`) do set YMD=%%z%%x%%y
for /f "usebackq tokens=1,2,3,4 delims=:." %%x in (`echo %TIME%`) do set HMS=%%x%%y%%z
set NOW=%YMD%_%HMS%
echo %NOW%

[+5] [2009-05-05 03:30:54] Eugenio MirĂ³


    rasdial entryname [username [password|*]] [/DOMAIN:domain]
            [/PHONE:phonenumber] [/CALLBACK:callbacknumber]

    rasdial [entryname] /DISCONNECT


    For Online Privacy Information please refer to

connects to a VPN or a dialup network from the command line.

[+5] [2009-05-05 05:10:05] Chad Pavliska

Quite possibly the most powerful command yet:


Favorite option:

/K Carries out the command specified by string but remains

[+5] [2009-05-11 08:36:58] Alistair Knock

subst.exe - associates a path with a drive letter, including local drives. Usage example (add then remove):

subst M: C:\Documents and Settings\user\My Music\
subst M: /D

(note: is not persistent and needs to be run on every logon)

Be aware that this can overlap with mapped network drives or removable drives - sometimes the contents of the network/removable drive appears in Explorer under the SUBST drive letter or vice versa! - Daniel Schneller
[+5] [2009-06-03 19:51:01] cop1152

Lately I have had to use: net use \\servername /d

It kills permissions to specified resources.

Another use for net use is to re-mount a local drive as administrator, so that you don't need to log out (on WinXP, switch user was disabled on domains).

net use \\localShare /user:admin

[+5] [2009-06-08 14:38:33] fretje

Disk management from the command line:


See A Description of the Diskpart Command-Line Utility [1] for more information.


[+5] [2010-07-28 20:48:46] mpbloch

I know this is a bit of an old question here, but I looked through the five pages of answers, and I did not see the following:

pushd, popd


C:\Users\MyUser\src> pushd C:\Users\MyUser\Documents
C:\Users\MyUser\Documents> cd Backup
C:\Users\MyUser\Documents\Backup> copy ..\*.* .
C:\Users\MyUser\Documents\Backup> popd
C:\Users\MyUser\src> rem Continue working in src directory.

Useful when working in long directories. I want to get back where i was.

[+4] [2009-05-11 13:17:37] Simon Johnson



This is great for running a given command on any file that matches a list of criteria.

For example, the following will delete all files with a last modified date earlier than seven days ago:

forfiles -p . /D -7 /M *.* /S -c "cmd /C del @File /Q"

[+4] [2009-07-20 07:45:33] Traveling Tech Guy

What about rundll32.exe?
It allows running functions from within any 32 bit DLL.
You can do almost everything with this command - and script your OS to your heart's content.
The syntax is:

RUNDLL32.EXE <dllname>,<entrypoint> <optional arguments>


RUNDLL32.EXE SHELL32.DLL,Control_RunDLL HotPlug.dll

Will bring up the "USB Disconnect" dialog (equivalent to right-clicking the "Safely Remove Hardware option in the system tray).


Will give you dozens of options to control your printer from the command line.
And there are millions more...

[+4] [2010-05-13 20:08:05] Casual Coder


netsh can do many useful things, i.e: (no pun intended ;-)
Import proxy settings from Internet Options to command line tools:

netsh winhttp>import proxy source=ie

Display current proxy settings:

netsh winhttp>show proxy  

net config server

Hide computer from Browser list:

net config server /hidden:yes

[+3] [2009-05-04 03:07:08] Sung

enter image description here#####Mouse Properties control mouse

-- or --



[+3] [2009-05-04 03:13:58] Sung
Network and Sharing Center
control.exe /name Microsoft.NetworkAndSharingCenter


enter image description here

[+3] [2009-05-04 06:14:12] Wedge

Local Security Settings


hhmmm............. - Adyt
[+3] [2009-05-04 10:48:38] Lucas Jones

To free up some disk space:

format c:

No, really, here's Disk Cleanup:


enter image description here

[+3] [2009-05-04 13:15:05] Kara Marfia

The ever-so-appropriately named lusrmgr.msc - Local Users and Groups Administrator

I've typed it hundreds of times but never got the pun until just now. Hilarious. - Portman
[+3] [2009-05-04 15:25:48] C. Ross

To open the Windows Event Log (Event Viewer).


enter image description here

And I always thought I had to do eventvwr.msc...thanks :) - Andrew H
[+3] [2009-05-06 06:57:25] macbirdie

If you suspect something's wrong with protected system files, you can use this tool.

sfc /scannow

[+3] [2009-05-08 14:15:39] Sam Meldrum

Microsoft Windows Malicious Software Removal Tool


[+3] [2009-05-08 15:32:47] atom255

SC - Manage anything you want to do with services.

        SC is a command line program used for communicating with the
        NT Service Controller and services. USAGE:
        sc <server> [command] [service name] <option1> <option2>...

[+3] [2009-05-10 03:47:24] community_owned

The set command with filtering to display contents of environment variables. Instead of typing

C:\Users\Erlend>echo %computername%
you can type
C:\Users\Erlend>set comp
to get the same effect. Using set alone shows you all environment variables.

Just learned the SET alone command to list environment variables thats a great one. - bendewey
[+3] [2009-05-13 00:44:20] CapBBeard

One of my favourites is rsop.msc, 'Resultant Set of Policy'.

RSoP shows the combined effect of all group policies active on the current system/login. So on a client machine if you're unsure about which particular policy settings are/aren't applied, simply check it out in RSoP!

[+3] [2009-05-14 14:37:36] JFV

The two I use the most are:

PathPing - Traces the route and pings the site at the same time (ie: pathping

and an easy way to lock your workstation/server:

%windir%\System32\rundll32.exe user32.dll,LockWorkStation

Any easy way to lock a workstation is windows+L. No need for the command. - railmeat
@railmeat: Yes, I use that too. But if you are remotely on the box, it's a little difficult to hit it sometimes... - JFV
[+3] [2009-05-27 16:43:10] Kyle Burton


start .                (opens explorer to the pwd)

start c:\              (opens explorer to the root of C:)

start document.doc     (open the document - just like double-clicking on it)

start wordpad file.txt (open wordpad for the file, creating if necessary)

start calc             (launch the calculator app)

[+3] [2009-05-27 18:10:32] Per Noalt
cipher /w:C:\

/W Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed.

[+3] [2009-06-03 19:16:16] Greg Meehan

Monitor network connections in the background, command-line while you work. (AKA - The `revolving netstat'):

> netstat -a 1

Stop services via command-line:

> net stop [servicename]

Fire up a Terminal Services session to a remote computer, via command-line:

> mstsc /v:[servername]

They kept around the "more" command, which was nice. Check out what's going on with the latest updates that have been installed, via WSUS:

> more /c c:\windows\windowsupdate.log

Problems with resolving via netBIOS? (Remember that buggy-ole-protocol?) Or issues with domain trusts? This set of commands has always served well on old domain controllers. (Also demonstrates how to link commands, (the double-ampersand means, `only continue if the last command completed successfully')

> nbtstat -R && nbtstat -r & nbtstat -c

[+3] [2009-06-05 12:58:22] Berzemus

cacls [1] (or the more up-to-date icalcs [2]):

cacls (Change Access Control Lists) is a command line utility for Microsoft Windows to change Access Control List (ACL) permissions on a directory, its subcontents, or files. An access control list is a list of permissions for a securable object, such as a file or directory, that controls who can access it.

alt text

It is a real life-saver on a file-server when specific file(s) and/or directory(s) permissions have to be modified.


[+3] [2009-06-08 14:30:46] GHad

Useful for batch/cmd processing:

cd %0\..

changes the path including the drive to the directory where the batch/cmd files is located.

For example, when you have your bat/cmd in z:\test, and you open up a shortcut to the bat/cmd from your desktop, with the command inside your bat/cmd you can change the path to z:\test and go on from there.

Edit: the command above only changes the path, not the drive! My fault... I tested it only on the same drive. The correct command for also changing the drive would be

cd /d %0\..

[+3] [2009-06-10 15:52:05] warrenkopp

Windows key + r cmd

This opens the command-line window without the mouse. It is the quickest way I've found to get it up. Combine with the cmd \k *command* mentioned above.

[+3] [2009-06-11 11:31:01] adopilot

chkdsk [1] (or checkdisk) is a command that checks the disk surface for physical errors or bad sectors. It can also fix logical file system errors.



[+3] [2009-06-13 22:00:54] Lazlow

Hopefully this fits in here - exporting the results of a command to file. For example, running a ping:

ping localhost

Can be exported to a log file:

ping localhost > C:\ping.log

Anything that would otherwise appear within the console screen, will be written to the file. Very useful for creating logs of running scheduled tasks.

[+3] [2009-06-17 13:20:46] Marcus

I saw FINDSTR listed above but nobody mentioned FIND. This command is incredibly useful to search the list returned from another command. Example: netstat -an | find ":6667"

This command will find any IRC traffic on your computer. Substitute another port or an IP address to narrow down the returned results accordingly.

[+3] [2009-06-21 13:59:32] davenpcj

I seem to regularly use "sc stop wuauserv", which turns off the Windows Update [1] service. Primarly to make it stop nagging me to restart every few minutes.


[+3] [2009-06-22 11:17:01] wazoox

The arp command gives you the IP address and Ethernet address for hosts your machine knows of on the network. Very useful to debug hairy network troubles... I usually use

arp -a

[+3] [2009-07-01 01:04:25] travis

I find that MS's SysInternals [1] are really useful. So I often keep the folder updated by running this robocopy command [2]:

robocopy "\\\Tools" "C:\utils\sysinternals" /LEV:0 /Z /XO /IT /R:10 /W:10

The three I use the most are:

  • autoruns.exe manage processes that start automatically
  • procexp.exe a heavy duty process explorer, great for finding file locks
  • contig.exe defragment a single file (useful for virtual machines)

[+3] [2009-07-02 18:25:16] Frode Lillerud

It allows you to resize your cmd.exe window.

The cmd.exe window normally has 300 lines and 80 columns, which can be quite small sometimes.

You can double the height and width of the command window with

mode con cols=160 lines=600

To see your current settings use

mode con /status

[+3] [2009-08-28 09:53:44] Flip

When I was testing my WSUS server I found these useful:

gpresult > gp.txt (gives the policies aplied)

gpupdate /force (will force an group policy update on the machine)

wuauclt /detectnow (to force the Windows update agent to search for updates)

[+3] [2010-11-30 17:41:40] Somantra

Problem Steps Recorder - A beautiful new feature in Windows 7 and Server 2008 R2.


[+2] [2009-05-04 02:58:07] Sung
Internet Information Services (IIS) Manager
InetMgr.exe - IIS 7
InetMgr6.exe - IIS 6
  • IIS 7
    enter image description here

  • IIS 6
    enter image description here

God´s home is on Vista? - Decio Lira
@Decio: Beh, it's all capitalized ;) - Sung
[+2] [2009-05-04 03:05:01] Sung
ODBC Data Source Administrator

enter image description here

Is it wrong to be happy not to have seen this screen in years? - p.campbell
@Philoushka I had to see that screen everyday while setting up some 3rd party Mail application that interacts with Accounting system... - Sung
[+2] [2009-05-04 10:06:19] Oskar Duveborn

To manage the entire IIS7 from the standard command-line (no PowerShell needed ;)


For some reason, I am not able to run that command. What version of Windows does that command work under? - Sung
It might not be in the path, which would be %windir%\system32\inetsrv\appcmd.exe I think. Version of Windows is anything with IIS7 installed. - Oskar Duveborn
[+2] [2009-05-04 14:34:02] SqlACID

fsmgmt.msc to access File Shares.

+1 I have always went through Computer Management screen for this. - Sung
[+2] [2009-05-05 00:30:11] Sung

System Properties

The command



alt text

also available through [windowsbutton]+[break]. - Yuval
[+2] [2009-05-06 01:12:07] Ash

Remote Assistance

%SYSTEMROOT%\System32\rcimlby.exe -LaunchRA

This is very handy to create as a shortcut on a users desktop. It goes straight to the "Invite someone to help you" page in the help centre. (Tested on XP/Pro Home).

[+2] [2009-05-06 01:22:19] Ash

The Advanced Tab of the System Properties dialog.

control sysdm.cpl,@0,3

I use this regularly to get to Page file settings, Performance, Environment Variables and User Profiles.


@0 = the function within sysdm.cpl to display (In this case System Properties)

3 = the tab number to activate (in this case Advanced)

For anyone interested, Victor Laurie provides more info on this syntax [1].


[+2] [2009-05-06 12:27:06] ecleel

calc to open Calculator.

??????.......... - Adyt
set path=c:\sierra\ll4 ll4 to open up Leisure Suit Larry - Peter Turner
[+2] [2009-05-08 16:01:39] Tom Dunham
net statistics workstation


net statistics server

One way of finding out how long the box has been up for.

Note: The times that these commands report are how long the Workstation and Server services have been running for. These are normally started with the rest of the OS, but I've seen secure builds that disable Workstation.

[+2] [2009-05-09 13:55:17] Techboy

cls clears the command line screen.

It is very useful when you want to run a new command and clear the current screen.

[+2] [2009-05-22 13:24:00] splattne

manipulates the Windows Registry [1].


[+2] [2009-05-23 07:25:46] Andy

Depending on the version of Windows, Scheduled Tasks [1], and for command-line goodness, the schtasks or at commands.

schtasks [2]

Parameter List:
    /Create  : Creates a new scheduled task.
    /Delete  : Deletes the scheduled task(s).
    /Query  : Displays all scheduled tasks. 
    /Change  : Changes the properties of scheduled task. 
    /Run  : Runs the scheduled task immediately. 
    /End  : Stops the currently running scheduled task. 
    /?              Displays this help/usage.

at [3]

\\computername: Specify a remote computer (default local machine.
time: Specify the time when the task is to run.
/interactive: Allow the task to interact with the desktop of the user who is logged on at the time the task runs.
/every:date,...: Schedule the task to run on the specified day or days of the week or month.
/next:date,...: Schedule the task to run on the next occurrence of the day (for example, next Monday).
command: Specify the command, the program (.exe or .com file), or the batch program (.bat or .cmd file) that you want to run.
id: Specify the identification number that is assigned to a scheduled task.
/delete: Cancel a scheduled task. If you omit the id parameter, all scheduled tasks on the computer are canceled.
/yes: Force a yes answer to all queries from the system when you cancel scheduled tasks.

[+2] [2009-05-25 11:21:57] Aistina

If you're on one of the more professional Windows distributions (XP Professional, Vista Business, Vista Ultimate), use


to do Group Policy editing.

[+2] [2009-05-27 10:36:18] Jim Harte

The command


launches the power management control panel applet.

This looks awefully useful on my laptpo! - Sung
[+2] [2009-05-31 03:34:04] Gordon Bell

DIRCMD is an environmental variable that the DIR command reads its switches from.

Order directory listing by sub-directories, file extension, and name, including hidden and system files:

set DIRCMD=/ogen/a


[+2] [2009-05-31 18:55:23] cop1152

If you have pstools installed in the root of drive C;

c:\pstools\psexec \\\\computername -u username -p password cmd

opens the command prompt on a remote machine. From there you can do whatever you want.

to get to backslashes you need to escape each of the backslashes, thus you'll need to enter 4 :) - Server Horror
thanks for the advice - cop1152
I have a /bin folder in my home dir, and I configure my profile to include h:/bin in my path. I drop pstools, gnu32utils, wrktools, etc. into here. If you have roaming profiles, you have all your utils available in the path across the entire network. - Bryan
[+2] [2009-06-05 11:20:17] Nicolas Marengo

Run dxdiag, a DirectX diagnostic tool. Apart from giving DirectX components installed on your system it also gives a system information summary. All information can be exported as a text file.

CIPHER: this is a good one to permanently delete files off the computer. Once a file is deleted, it is only marked as deleted and it won't truly be delted off the hard drive until it's overwritten with the information or you can run cipher and the location of where the file used to be to truly delete it from the hard drive.


cipher /w:"drive letter":"folder name"  


 cipher /w:C: (to do all the C: drive.) 

[+2] [2009-07-14 05:02:31] marty

I find the FOR command to be essential, usually parsing a text file of server names or user accounts. Sure, powershell or vbscript is more versatile, but sometimes the command prompt is what you have.

FOR /f %i in (servername.txt) do psexec \\%i netsh int ip show dns

(with pstools) runs netsh on multiple servers and outputs their dns settings.

FOR /F "tokens=1,2,3* skip=8 usebackq" %i in (`net group /domain "Domain Admins"`) do net user /domain %i && net user /domain %j && net user /domain %k

Dumps out each Domain Admin in WinNT "net user" style -- doing a dsquery command would be better. Add ">>filename.txt" to each part to save in a file. The >>file format appends. You get an error on the last line from the "net group".

Full command details are in "FOR /?" including string substitution, doing sequences (FOR /L %i IN (start,step,end) gives a loop where %i can be a number) and compound results.

[+2] [2009-09-13 04:25:02] Dan Esparza

Restart an IIS app pool from the command line:

cscript c:\WINDOWS\system32\iisapp.vbs /a SuperDuperAppPool /r

Where 'SuperDuperAppPool' is your app pool name

[+2] [2010-07-28 20:20:32] Matador1006

There have been a couple of mentions of WMIC, but there's a lot of power there that isn't being highlighted. Granted, much of this can be done easier now with PowerShell, but if you don't know PowerShell or aren't able to use it for whatever reason, then it's WMIC to the rescue!

You are able to use many of the WQL keywords. For some reason a nice well-documented syntax on how to use these on the command line in conjunction with WMIC is not found anywhere.

Some examples:

List the QFE (Quick Fix Engineering) hotfixes installed on a system

// See them all
wmic qfe | more

// List the HotFixID, InstalledBy and InstalledOn properties of the ones that begin with "KB9"
wmic qfe where "HotfixID like '%KB9%'" get HotFixID,InstalledBy,InstalledOn

// Useful if you're just trying to find out if a particular KB is installed, and you don't care about the properties
wmic qfe | find "981793"

// Or, if you need the properties just for the one
wmic qfe where "HotFixID = 'KB981793'"

Display, start and stop services! Very useful when you have a group of related services that you need to stop/start.

// Display McAfee services
wmic service where "DisplayName like '%McAfee%'"

// Stop all McAfee services
wmic service where "DisplayName like '%McAfee%'" call StopService

Context-sensitive Help

See what properties are available with a particular alias:

wmic service get /?

See what methods are available with a particular alias:

wmic service call /?

See which classes the aliases map to:

wmic alias list brief

Run a query or command against multiple computers:

// Get a list of all the patches on hostname1 and hostname2 and save it as a .csv file for easy import into Excel
wmic /node:hostname1,hostname2 get /format:csv > Patches.csv

// You can also list all your systems (one per line) in a text file and run it against all of them:
wmic /node:@MyServers.txt get /format:csv > Patches.csv

[+2] [2010-07-28 20:40:56] Scott Forsyth - MVP

"| more" is an essential sub-command. It pauses at each screen, making large amounts of text easier to read.


dir | more
help | more
type filename.txt | more

It saves from scrolling back up to find what you want, and losing your place.

more is already listed in the "question", but it's useful to have it described. However, it's unnecessary for dir because it has /p. Also, it's unnecessary to pipe type into more, just do more filename.txt (congratulations, you receive the Windows/DOS equivalent of the Useless Use of cat Award). - Dennis Williamson
Yes, I checked before posting and noticed that more was mentioned, but it didn't summarize how. While there are alternative ways to pause the screen, 'more' is consistent across all outputs ... and works with other OSes too (including non-Windows). To me, it's an essential subtool to add to any arsenal of command line syntax lists. - Scott Forsyth - MVP
[+2] [2010-10-08 17:19:51] Lady Runa

sqlwb Starts Microsof SQL Server Management Studio. Handy when you can't find it listed in the start menu, but you know it's installed on that server. :)

[+2] [2010-11-30 18:28:47] John Riselvato

Amazing Shutdown timer:

shutdown -s -t 7200 -c "shutting down in 120 mins, please type 'shutdown -a' in a command prompt to cancel" -f

[+1] [2009-05-04 02:54:32] Sung
Disk Management

enter image description here

[+1] [2009-05-04 03:09:05] Sung
Keyboard Properties
control keyboard

enter image description here

[+1] [2009-05-04 03:36:37] Sung
Regional and Language Options

enter image description here

[+1] [2009-05-04 03:41:40] Sung
Internet Properties

enter image description here

[+1] [2009-05-04 03:53:11] James Moore

Task Manager | taskmgr.exe

(8) Ctrl-Shift-Esc uses fewer keys to open Task Manager. - Ryan Bolger
[+1] [2009-05-04 07:45:52] Yuval

opens the display properties. (Sorry, no image)

@Yuval: Don't worry. When I get enough rep to be able to edit wiki, I will add a screenshot - Sung
[+1] [2009-05-04 14:25:41] Gulzar

Notepad or something similar


[+1] [2009-05-05 00:27:37] Sung


The command



alt text

[+1] [2009-05-05 00:36:17] Sung

Date and Time

The command



alt text

[+1] [2009-05-05 00:38:28] Sung

Windows Security Center



alt text

[+1] [2009-05-05 19:27:11] WaldenL

Best way to avoid clicks is to stay on the command line. A directory in your path with the GNU tools and the sysinternals tools will go a long way to making your life simpler. Nothing that a good grep can't fix. :-)

mmm............ - Adyt
[+1] [2009-05-05 20:14:27] OscarRyz

My favorites:


[+1] [2009-05-06 08:50:21] user2059

is a nice quick way to open up Active Directory Users and Computers.

[+1] [2009-05-08 15:20:06] scottm

Opens the Windows Firewall settings.

[+1] [2009-05-10 18:48:42] Charles Faiga

System Configuration


It is very useful to see what runs at startup

[+1] [2009-05-11 06:13:10] Jonathan Parker

tracert [1]

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] target_name


-d                 Do not resolve addresses to hostnames.

-h maximum_hops    Maximum number of hops to search for target.

-j host-list       Loose source route along host-list.

-w timeout         Wait timeout milliseconds for each reply.

[+1] [2009-05-12 14:52:39] Guamaniac

To quickly open the Exchange 2007 Management Shell:


Active Directory Sites and Services:


Basically, anything in the start menu I try to grab the properties of the shortcuts and find out what they actually call.

Oh, and the "elevated" command-prompt in Vista:

Start -> from the Search box "cmd" + Ctrl+Shift+Enter


[+1] [2009-05-12 23:14:09] MarlonRibunal

The items in the following list might be duplicates, but I just want to add it just in case (this is from a buddy's list). This might be more useful to an office worker than to a system administrator though:

  1. devmgmt.msc = Device Manager
  2. msinfo32 = System Information
  3. cleanmgr = Disk Cleanup
  4. ntbackup = Backup or Restore Wizard (Windows Backup Utility)
  5. mmc = Microsoft Management Console
  6. excel = Microsoft Excel (If Installed)
  7. msaccess = Microsoft Access (If Installed)
  8. powerpnt = Microsoft PowerPoint (If Installed)
  9. winword = Microsoft Word (If Installed)
  10. frontpg = Microsoft FrontPage (If Installed)
  11. notepad = Notepad
  12. wordpad = WordPad
  13. calc = Calculator
  14. msmsgs = Windows Messenger
  15. mspaint = Microsoft Paint
  16. wmplayer = Windows Media Player
  17. rstrui = System Restore
  18. netscp6 = Netscape 6.x
  19. netscp = Netscape 7.x
  20. netscape = Netscape 4.x
  21. waol = America Online
  22. control = Opens the Control Panel
  23. control printers = Opens the Printers Dialog

[+1] [2009-05-15 19:11:25] Alexander Taran

pathping - a traceroute [1] that collects detailed packet loss statistics.


[+1] [2009-05-16 19:22:41] Andomar

To allow user to log on without pressing ctrl-alt-delete, or log on without entering a password:

control userpasswords2

@Andomar: Sorry it has already been posted on… - Sung
[+1] [2009-05-27 10:44:56] shylent


Very often would I see the system being plagued by trojans/worms that attempt to lock down every way of getting through to system internals like regedit, mmc, cmd.exe, etc. Then you have no choice, but to boot from a live CD. But, obviously, with at your disposal you can do anything you want, and I've yet to see THAT made unavailable.

[+1] [2009-05-27 17:30:28] Adam D'Amico

Years ago I started using sync.exe (for file cache flushing) from the NTinternals guys. I've been migrating that binary around for maybe a decade, and it still works. Their company got assimilated by Microsoft, but the binaries are still hanging around on the net if you search.

[+1] [2009-05-28 17:01:06] stangm

Get the current day, month and year into environment variables (adjust for locale).

Command line:

for /f "tokens=2,3,4 delims=/ " %a in ('echo %date%') do set mon=%a && set day=%b && set year=%c

Or in a batch file:

for /f "tokens=2,3,4 delims=/ " %%a in ('echo %date%') do set mon=%%a && set day=%%b && set year=%%c

Other stuff

ipconfig /displaydns

WMIC - command line access to WMI

dsqery, dsget, dsmod, dsadd - command line access to AD

net localgroup

for /f %%a (' some command ') do call :sub %%a

Use :: instead of REM in batch files.


NTRIGHTS.EXE grant sePriveleges

Set /P for prompting.

IF ELSE in batch:

IF EXIST filename. (
    del filename.
) ELSE (
    echo filename. missing.

Thanks for ipocnfig /displaydns, I did not know about that one. It seems like it could be useful. - railmeat
[+1] [2009-05-30 07:32:45] Gero


httpcfg [query | set | delete] iplisten [ip address]

to find out or change the IP addresses IIS [1] is listening on

(If you want to run IIS and some other HTTP server on the same box and port with different IP addresses.)


[+1] [2009-05-31 05:35:15] community_owned

I've found Launchy to be a very useful tool for Windows. It lets you launch many programs that would normally be launched by clicking icons by typing a few keystrokes. There's also a version for Linux. It can be found at, and is free and open-source.

For example, to open an Explorer window from anywhere, type Alt-space (the default Launchy hot-key) followed by "c:\" followed by Enter. You can run any program for which you have a Windows shortcut by typing a few characters from the name of the shortcut. For example: Alt-space "co" Enter brings up Control Panel. You can also do Google searches, open URLs in the browser, and many other things without taking your fingers from the keyboard.

[+1] [2009-05-31 19:01:55] Precipitous

psexec [1]

While it's from Sysinternals [2], the sysinternals tools are so essential and commonly installed on servers they might as well be part of the OS.

psexec \\targetserver -w "d:\bin" "cmd" 

You now have an interactive shell on a remote computer. Enter "exit" to come back home. I will often use it to apply something to a group of servers as follows.

set srvs=server1 server2 server3 
set execthis=[something useful]
for %s IN (%srvs%) DO (
start psexec \%s -u domain\someUser -p superSecretOfCourse "cmd" "/C %execthis%" 

Here I show several handy tricks:

  1. Use for loops to execute a command multiple times (from batch use %%s instead of %s)
  2. Start to open a window in a new process - handy if each operations takes a few minutes.
  3. Psexec can use windows auth or a login. Noting that integrated auth usually won't hop from local to server to a third location (e.g. SAN) - provide user and password if you need to access a network resource

[+1] [2009-06-08 14:49:48] fretje
bootsect.exe {/help | /nt52 | /nt60} {SYS | ALL | <DriveLetter:>} [/force]

From Bootsect Command-Line Options [1]:

Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer.

Mind you that this tool is only available on the Windows installation DVD under the BOOT folder. (I think only Windows Vista or higher.)


[+1] [2009-06-08 15:19:39] adopilot

FTP [1]

alt text


[+1] [2009-06-10 12:05:37] bugs

dsa.msc - opens active directory users and computers.

[+1] [2009-06-22 12:13:06] James Risto

Here is a VBScript that will do elevation when you RUNAS in Vista:

Set objShell = CreateObject("Shell.Application")
app = wscript.arguments(0)
args = ""
for i = 1 to (WScript.Arguments.length - 1)
   args = args + wscript.arguments(i)
objShell.ShellExecute app, args, "", "runas"

Use like so: runas.exe /user:domain\user "wscript.exe runas_script.vbs mmc.exe"

[+1] [2009-06-29 14:41:59] Nathan Hartley

The following web site shows how to create command line shortcuts to anything using the Windows registry key, "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths".

Customizing Windows Run Command

[+1] [2009-06-29 16:01:43] pjp

Gives you a way to schedule tasks either locally or remotely without using Scheduled Tasks.

Running a command every Friday

AT 23:30 /EVERY:f c:\backups\weekly.cmd

[+1] [2009-08-06 17:25:47] DeckerDK

When starting the services control panel for the first time, on a fresh install;

services.msc /a

then choose the "standard"-tab, move the description column all the way to the right, and then File -> Save the new layout.

[+1] [2009-08-10 19:29:21] Nick O'Neil

Query Domain Controllers @ netdom /query /domain:MyDomainName fsmo

[+1] [2009-08-10 20:30:19] Nasko
  • pushd/popd to move around directories in a stack style
  • ldp.exe - all the LDAP/AD power at your fingertips
  • nltest.exe - the swiss army knife of domains and trusts

pushd/popd proved to be quite useful... - Sung
[+1] [2009-08-11 01:42:28] justingrif

shows the MAC address [1] of any network adapters installed.


Thanks, justingrif but this has already been posted -… - Sung
[+1] [2009-09-13 04:32:53] Dan Esparza

Opens up Windows Performance Monitor.

[+1] [2010-01-12 13:52:00] TheEruditeTroglodyte

The key combination . . . notepad will show all files in the directory, use the up and down key to select, then enter to execute the command. Very useful for lazy typers like myself.

[+1] [2010-03-16 18:26:47] WooYek
whoami /all

Used to be reskit.

[+1] [2010-03-24 19:13:54] user38467

for Server 2003,2000 & XP - Does not apply to Server 2008, Vista or Win7(as far as I know)

Shows installed Hotfixes applied to the server/workstation.

More detail at ->

[+1] [2010-04-26 23:36:05] Holocryptic



vssadmin list shadows [/set={shadow copy set guid}]
        Lists all shadow copies in the system, grouped by shadow copy set Id.

vssadmin list writers
        Lists all writers in the system

vssadmin list providers
        Lists all currently installed shadow copy providers

vssadmin is essential to troubleshooting backup products that use vss. With vssadmin you can check writer status, and list all outstanding shadow copies on a volume. Very handy.

[+1] [2010-05-06 13:30:28] afrazier

I particularly like pushd and popd for directory navigation via stack. Not only can they change the current folder, they can also change the current drive. (cd /d can do this too.) What's more, if you try to pushd to a UNC path, the shell will automatically map the share to a drive letter starting from Z and working backwards. When the matching popd is called, the drive is unmapped automatically.

[+1] [2010-05-13 20:40:10] DHayes

A particularly useful aspect of netsh that I think is worth a mention: netsh winsock reset This was added in XP service pack 2 to reset the tcpip implementation back to its defaults. In versions prior to XP, this was accomplished by uninstalling and reinstalling TCP/IP. Prior to SP2 you either needed the winsockxpfix.exe application or an ugly method of ripping out tcp/ip and reinstalling it. This command can correct issues where tcp/ip becomes corrupted for whatever reason.

Also, the HELP command lists a whole slew of other commands that can be of use.

[+1] [2010-12-14 21:11:23] Ehsan

Change {username}'s password:

net user {username} {newpass}

map a network drive

net use z: \\servername\sharename /user:username

[+1] [2010-12-17 13:47:38] Jayakrishnan T
  1. mspaint

alt text

  1. msconfig :-System Configuration Utility alt text

3. ping ip address alt text


alt text

5.sshclient alt text

6.%temp% alt text

[+1] [2011-08-06 01:02:24] Ziyad Ahmad

Command to abort the shutdown process.

c:\shutdown -a

[+1] [2011-12-11 15:18:02] Paul Ackerman

print %logonserver%

A very quick and easy way to view the DC that your workstation has authenticated against. Useful when working with GPO's and scripts.

PRINT? Not ECHO? - jscott
[0] [2009-05-05 00:34:18] Sung

Telephone and Modem Properties

The command



alt text

Side Note: I wish I never get to see this screen ever again...

great +1... very very usefull - Adyt
It made me shiver... - splattne
[0] [2009-05-05 19:15:11] notandy

It is always fun to create a macro that performs a quick and unconditional format of a disk:

doskey cd=format $1 /q /u

Then to format a disk in drive A type:

cd A:

(1) Shame they dropped the format's /autotest parameter. ;) - macbirdie
[0] [2010-04-14 23:34:41] Xiuhtecuhtli

I am a big fan of


If you're still using newsid, you're doing it wrong. - Ashley Steel
[0] [2010-04-26 22:31:37] ggonsalv

powercfg.exe /QUERY

Description: This command line tool enables an administrator to control the power settings on a system.

powercfg.exe /? for full command list

[0] [2010-06-13 11:50:27] mB.
devenv   # to start visual studio IDE.

[0] [2010-11-30 17:49:35] Somantra



Msinfo32 [/?] [/pch] [/nfo Path] [/report Path] [/computer ComputerName] [/showcategories] [/category categoryID] [/categories categoryID]

Between this, the event log and the Problem Steps Recorder, you can usually get the critical support data in just a few keystrokes.

When I am skeptical of user-reported information, I often have them run the following and e-mail me the output:

msinfo32 /report %userprofile%\Desktop\sysinfo.txt

Or just:



File > Export

[0] [2011-04-20 23:51:57] simon

A little known one is eventtriggers.

The windows task scheduler has a hidden way to schedule programs to run when particular events occur in one of the windows event logs. These kinds of tasks can only be configured from the eventtriggers command. It works in a very similar way to schtasks.


[0] [2011-08-03 19:52:49] Alan

Someone posted somthing simular - I have a modified version.

I create a desktop shortcut to logoff.exe and place in allusers/desktop on all servers. This way when you are done with your RDP sesssion, you just double click the logoff icon!

Love it!

[0] [2011-08-03 23:05:40] Ashley Steel

Except for BGInfo [1] with my custom configuration file, this is the best thing I've deployed to the domain via group policy:


It does exactly that; it elevates whatever command you run at the command prompt so that you don't need to have explicitly started an elevated command prompt, nor have to run everything in elevated mode. It still brings up the UAC prompt, but I find it useful when I've had a command prompt running most of the day that has the commands I've used in it, but then need to quickly add a route, or do something that requires elevation without losing my history and starting a new cmd.

As I said, I deployed it via group policy (into %windir%\system32) and got it from John Robbin at Wintellect [2].


[0] [2011-08-06 00:39:41] kce

shadow will allow you to shadow someone's RDP or Terminal Server session. Very useful for troubleshooting a box remotely with another party:

query user

A Control + * will stop the shadowing the session.

[0] [2011-11-03 09:42:30] Moif Murphy

I use 'set' from a command line quite a lot when wanting to find the system environment variables. Such as whether or not an end users machine is 64bit.


Type SET without parameters to display the current environment variables.