ÿþ<html> <body> <h1>A few examples of traditional and modern Windows commandline utilities.</h1> Version : 2.1<br> Date : 06/06/2011<br> By : Albert van der Sel<br> For who : For anyone who likes to work from the Windows commandline<br> <hr/> Actually this note is for people who are not <I>too</I> familiar with the (traditional) commandline.<br> If you are already quite skilled with the commandline, this note is probably too simplistic for you.<br> Ofcourse, <I>this is indeed</I> a very simple document.<br> <br> Here, I would like to show some basics of some usefull (standard) Windows commandline utilities,<br> like for example "netdom", "netsh", "sc", "wmic" and a few other commands.<br> Most of them are all standard commands (as of XP and Win2K3) so generally you do not need something like a Resource Kit,<br> but <I>some</I> commands <I>do</I> need some "add-on" (in that case, it will be noted).<br> Also, many commands are a good alternative for the GUI, and ofcourse, you can use them in scripts as well !<br> <br> Although newer scripting and commandline environments have become available (like Powershell),<br> the <B>traditional commandline (cmd) environment</B> can still be usefull. Hopefully, you agree with that.<br> <br> Note: for "newer" Windows releases (vista, win7, Win2K8), you might need to fire up a prompt window using<br> "run as Administrator", otherwise you might lack permissions for some functionality as is shown in this doc.<br> <br> <hr/> <font face="arial" size=2 color="blue"> <B>Main Contents:</B><br> <br> <B> <A href="#section1"> 1. The "sc" command</A><br> <A href="#section2"> 2. The "netsh" command</A><br> <A href="#section3"> 3. The "systeminfo", "msinfo", and "msinfo32" commands</A><br> <A href="#section4"> 4. The "runas" command</A><br> <A href="#section5"> 5. The "taskkill" or "tskill" command</A><br> <A href="#section6"> 6. The "driverquery" command</A><br> <A href="#section7"> 7. The "netstat" and "nbtstat" commands</A><br> <A href="#section8"> 8. Some examples of commands, to invoke a Graphical Utilty</A><br> <A href="#section9"> 9. Some examples of commands that enables you to implement scheduled tasks</A><br> <A href="#section10"> 10. Some examples of handling txt (or ascii) files</A><br> <A href="#section11"> 11. The "WMIC" command</A><br> <A href="#section12"> 12. The "typeperf" command</A><br> <A href="#section13"> 13. The "cacls" command, and similar commands</A><br> <A href="#section14"> 14. Free (gnu) shells or tools for Windows</A><br> <A href="#section15"> 15. How to determine your ".NET" (dot net) version, and your "Windows installer" version</A><br> <A href="#section16"> 16. How to start an application with other priority, from the prompt</A><br> <A href="#section17"> 17. A few usefull file manipulation commands</A><br> <A href="#section18"> 18. The "forfiles" command.</A><br> <A href="#section19"> 19. The "net" command.</A><br> <A href="#section20"> 20. Determining "svchost" processes.</A><br> <A href="#section21"> 21. The "rundll32" command.</A><br> <A href="#section22"> 22. How to determine you are running in a VM or physical machine.</A><br> <A href="#section23"> 23. Some "OLD" batch stuff</A><br> </B> <font face="arial" size=2 color="black"> <h3 id="section1">1. The "sc" command.</h3> SC is a command line program used for communicating with the<br> NT Service Controller and services.<br> <br> Syntax:<br> <B>sc server [command] [service name] option1 option2...</B><br> <br> The "server" parameter takes the form "\\ServerName". If not present, it is your local machine.<br> You can query on "services", add services, delete services and much more.<br> Here are a few examples:<br> <br> <B>1.1 List (a partial) listing of services:</B><br> <br> -- list all services: <br> <br> C:\> sc query <br> <br> -- put the list in the txt file "C :\temp\services.txt":<br> <br> C:\> sc query > C :\temp\services.txt <br> <br> -- Filter the list on (for example) the string "SQL":<br> <br> C:\> sc query | find "SQL"<br> <br> Note:<br> You can also use the "traditional" <B>net start</B> command, to obtain a list of <I>running</I> services.<br> Use that command like this:<br> <br> C:\> net start<br> <br> or pause the output to screen (pressing a key to continue), using "| more", like so:<br> <br> C:\> net start | more<br> <br> <B>1.2 Add a service:</B><br> SC can also be used to add, modify, or delete a service. This section <B>only</B> wants to make<br> you aware of this option. If you really want to use it, normally more options<br> should be provided on the commandline. Just compare it to what you normally might find<br> in the correseponding Registry Hive (like boottype of that service etc..).<br> <br> C:\>sc.exe create MyService binPath= "C:\local\myprg\bin\myserv.exe -k runservice" DisplayName= "My own Service"<br> <br> <B>1.3 Starting or stopping a service:</B><br> Suppose you want to start or stop the service "myservice"<br> <br> C:\>sc.exe start myservice<br> C:\>sc.exe stop myservice<br> <br> <I>Note 1: Other ways of stopping and starting services:</I><br> <br> You can ofcourse also use the traditional <B>"net [start|stop] service_name"</B> command.<br> Like for example:<br> C:\> net start MSSQLSERVER<br> <br> <I>Note 2: Other ways to retrieve a list of services:</I><br> <br> Again, you can use the "traditional" net command. Just use <B>"net start"</B>, or <B>"net start | more"</B> to pause the output.<br> But you can also use the (very versitile) "wmic" command, as for example:<br> <br> <B>C:\> "wmic service" or "wmic process"</B><br> <br> <I>Produces a list of services, or processes, with their properties.</I><br> For example:<br> <br> <B> C:\> WMIC /OUTPUT:C:\ProcessList.txt PROCESS get Caption,Commandline,Processid<br> </B> <br> This produces a file (C:\TEMP\Processlist.txt) with as content a process list, with names, commandline, and process-id's.<br> For more information on the "wmic" command, please see section 11. <br> <h3 id="section2">2. The "netsh" command.</h3> This is a very versatile command. As you might already have guessed from the name, the utility is network oriented.<br> Let's view a few simple examples:<br> There are two general ways to work with netsh:<br> <br> - You can use the command with all the options you want, "all in once", right from the commandline, like:<br> <br> C:\>netsh interface ip show config <I># This shows you all current IP parameters</I><br> <br> - You can enter the shell interactively, and subsequently enter all sorts of submenu's, like for example:<br> <br> C:\>netsh <br> netsh> interface <I># goto the interface submenu</I><br> netsh interface> ip <I># goto the ip submenu</I><br> netsh interface ip>show config <I># This shows you all current IP parameters, just like above</I><br> <br> As you can see above, once you are in the "ip" submenu, you can only use commands with parameters, like:<br> "show config" <I>This shows you all current IP parameters</I><br> <br> <B><U>A few examples setting IP parameters:</U></B><br> <br> To set the interface called "LAN", to use DHCP for its IP address configuration:<br> C:\> netsh interface ip set address name="LAN" source=dhcp<br> <br> To set static IP parameters on the interface called "LAN":<br> C:\> netsh interface ip set address name="LAN" static 10.10.10.25 255.255.255.0 10.10.10.1 <br> <br> To set a DNS Server entry on the interface called "LAN":<br> C:\> netsh interface ip set dnsserver "LAN" 10.0.0.100<br> <br> <B><U>A few examples showing IP parameters and diagnostics:</U></B><br> <br> Like already shown above, the following shows you all current IP parameters:<br> C:\>netsh interface ip show config <br> <br> As an other example of obtaining information, wouldn't you like a a command<br> that shows all your interfaces (just like you can easily do in Unix/Linux)?<br> For that, you can use the "diag" option (or submenu).<br> <br> C:\> netsh <br> netsh> diag<br> netsh diag>show adapter <br> <br> Network adapters<br> 1. [00000008] Realtek RTL8169/8110 Family Gigabit Ethernet NIC<br> 2. [00000011] Intel(R) PRO/Wireless 2200BG Network Connection<br> <br> netsh diag>show ip<br> <br> IP Address<br> 2. [00000011] Intel(R) PRO/Wireless 2200BG Network Connection<br> IPAddress = 192.168.1.113<br> <br> netsh diag>show modem<br> <br> Modems (ZTE Proprietary USB Modem)<br> <br> As the last example, here is how you can use netsh to configure your Windows firewall.<br> <B> C:\> netsh<br> netsh> firewall<br> netsh firewall> set portopening udp 3343 "cluster service" enable<br> </B> <br> <br> <font face="arial" size=2 color="blue"> <B>Resetting your network parameters:</B><br> <br> One usable command for resetting all of your networksettings, might be the command below.<br> Do not execute it just like that. As an exercise, try to figure out what this command will actually do<br> on your system:<br> <br> <B>C:\> netsh int ip reset resetlog.txt</B><br> <br> <font face="arial" size=2 color="black"> Notes:<br> By the way:<br> - the <B>"getmac"</B> command will show you the MAC address of all your adapters.<br> - the <B>"ipconfig"</B> or <B>"ipconfig /all"</B> shows you all IP params as well.<br> <br> <br> <h3 id="section3">3. The "systeminfo" and "msinfo32" commands.</h3> <B>-- The systeminfo command:</B><br> <br> If you want a concise report (from the command line) of many system features, and your OS,<br> you might like the <B>systeminfo</B> command. The report shows many details like the BIOS version,<br> OS version, cpu info, License key, Hotfixes installed etc...<br> Note: not all Windows versions have the "systeminfo" command on board.<br> <br> Just use it like so:<br> <br> <B>C:\>systeminfo</B><br> <br> <I>gives a bunch of system info...</I><br> <br> Also, try the "systeminfo /?" for what you can use for special options.<br> If you are only interrested in your Windows version, you might like the <B>"winver"</B> command,<br> which shows you a dialogbox with the Windows version, Servicepack level, and build.<br> <br> <B>-- The msinfo32 command:</B><br> <br> If the "msinfo32" command is available on system, you can retrieve much system information,<br> about nummerous items like hardware (irq's, dma, conflicts etc..) and all software modules like drivers etc..<br> It will be displayed in a graphical utility, that enables you to "zoom in" into a particular subject.<br> If you run XP (or newer), it should be on your system.<br> Just run it from your prompt, like this:<br> <br> <B>C:\> msinfo32</B><br> <br> <h3 id="section4">4. The "runas" command.</h3> The "runas" command, allows you to start a program, with other "credentials" than the credentials<br> with which you are currently logged on.<br> So, suppose you haved logged to a workstation as a Domainuser (say antapex\harry), and you want<br> to run a program as the local Administrator of that workstation, then you can use "runas" for that purpose.<br> But, "runas" will always prompt for the password of that other account.<br> <br> From the prompt, use runas:<br> <br> <B>C:\>runas [/profile] [/env] [/netonly] /user:user Program </B><br> <br> <B>/profile|noprofile:</B> Option to load the user's profile (if applicable for a program)<br> <B>/env:</B> Use current environment instead of user's.<br> <B>/netonly:</B> Use if the credentials specified are for RAS only.<br> <B>/user:</B> Username in form of user@DOMAIN or DOMAIN\user (or COMPUTERNAME\user, in case of a local account)<br> <B>Program:</B> The command to execute<br> <br> <B>Some examples:</B><br> <br> C:\> runas /user:Administrator@antapex.org "mycommand.exe"<br> <br> C:\> runas /user:WKST10\Administrator "mybatch.bat"<br> <br> In all cases, runas will prompt for the password.<br> As alternatives for the Microsoft "runas" utility, you can download other similar tools,<br> which can be used with a password passed along on the commandline, or stored in a batchfile.<br> There also exists "luxury" editions which allows you to use an "encrypted" password.<br> http://www.robotronic.de/runasspcEn.html<br> http://www.softtreetech.com/24x7/archive/53.htm<br> <br> <h3 id="section5">5. The "taskkill" or "tskill" command.</h3> In older versions of Windows, you needed the Resource Kit, in order to obtain the "kill" command.<br> Since XP (proffesional), the "taskkill" command is a standard feature in the OS.<br> <br> Taskkill can be of help, in terminating "a runaway" or inresponsive, process.<br> Ofcourse, you need to be a bit carefull and be reluctant in it's use, but sometimes you do not have<br> other options.<br> <br> It's primary use, will be in killing just one process, if you know it's "process id" (pid).<br> So, suppose the process with a pid equal to 1480, must be killed, then use the command:<br> <br> <B>C:\> taskkill /pid 1480</B><br> <br> And you can even terminate more processes at the same time, for example:<br> <br> <B>C:\> taskkill /pid 1530 /pid 1603 /pid 1153 </B><br> <br> You can find the pid, by using, for example, the "Task Manager".<br> If it's available on your OS, the command "tasklist" is even a much better command.<br> If still you do not know the pid, you can specify the "image" name. For example:<br> <br> <B>C:\> taskkill /f /im myprogram.exe</B><br> <br> So, if you know the pid, use the "/pid" option. If you want to use the image name, use the "/im" option.<br> By the way, the "/f" parameter uses a more powerfull signal (force).<br> <br> Note: If you already use <B>"PowerShell"</B>, kill is a predefined command alias for the Stop-Process cmdlet.<br> <br> But the taskkill command is much more powerfull (and potentially "dangerous"), than just terminating<br> a single pid (or more than one pid, listed on the commandline).<br> The command syntax provides even for wildcards and "operators" (filters) like "eq" (equal) or "ne" (not equal).<br> You can kill whole groups of processes, by filtering on cpu, memory usage, user etc...<br> But be carefull, if you work on a machine that's more important than just a test machine.<br> <br> As a few examples of the extended forms of the taskkill command, take a look at the following commands:<br> <br> <B>C:\> taskkill /f /fi "status eq not responding"</B><br> <B>C:\> taskkill /s starboss /u antapex\administrator /p p@ssword /fi "IMAGENAME eq note*" /im * </B><br> <br> For more info on taskkill, take a look at:<br> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/taskkill.mspx?mfr=true<br> <br> <B>tskill:</B><br> Maybe your OS does not have the "taskkill" command (like with the Home Editions).<br> Then you might use the "tskill" command, which however, has lesser options compared to "taskkill".<br> <br> The (full) syntax is:<br> tskill processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]<br> <br> So, here you can, for example, just use:<br> C:\> tskill 1544<br> C:\> tskill notepad<br> <br> <B>Note: the "tasklist" command to retrieve a list of running processes.</B><br> <br> In Unix, it's easy to get a list of all processes and their properties. For example, just use the "ps -ef" command.<br> But what can you use from the prompt on Windows?<br> In section 11, we will see the "wmic" command, which answers the question above.<br> But to retrieve a list of processes, you might also consider the <B>tasklist</B> command. Just like in the following example:<br> <br> <B>C:\> tasklist</B><br> <p> System Idle Process 0 Console 0 16 K<br> System 4 Console 0 96,396 K<br> smss.exe 764 Console 0 404 K<br> csrss.exe 836 Console 0 4,032 K<br> winlogon.exe 860 Console 0 820 K<br> services.exe 904 Console 0 3,440 K<br> lsass.exe 916 Console 0 1,504 K<br> svchost.exe 1092 Console 0 5,152 K<br> svchost.exe 1156 Console 0 4,312 K<br> svchost.exe 1300 Console 0 23,108 K<br> svchost.exe 1372 Console 0 3,476 K<br> svchost.exe 1572 Console 0 3,884 K<br> etc.. (in reality, the list is much longer)<br> </p> <br> <h3 id="section6" >6. The "driverquery" command.</h3> Here we can be short. This command will show all installed drivers (name and additional information)<br> which are on your system. It's available and standard as of XP (although Home editions may lack it).<br> (Note: "as of XP" ofcourse means that more recent versions like Vista, Windows 7, have it as well.) <br> Syntax:<br> driverquery [/s Computer] [/u Domain\User /p Password] [/fo {TABLE|LIST|CSV}] [/nh] [/v] [/si]<br> <br> So, there are quite some options you can use. In in most basic form, just enter the command driverquery from the commandline, like this:<br> <br> <B>C:\> driverquery</B><br> <I>The output is driver info from your local system...</I><br> <br> As you can see from the syntax, you can also query a remote machine, using "/s Computer /u Domain\User /p Password".<br> Also, the "/v" switch means "verbose", meaning that the list contains more detailed information.<br> <br> If you would like a graphical output (in a Windows dialog box), you might check out "DriverView",<br> which can be found at:<br> http://www.nirsoft.net/utils/driverview.html<br> <br> <h3 id="section7">7. The "netstat" and "nbtstat" commands.</h3> <B>netstat:</B><br> <br> Netstat is a usefull tool for viewing and checking network connections from the prompt.<br> Syntax:<br> netstat [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval] <I>[-b]</></I><br> <br> Depending on the switches that you use, netstat will show you the protocol used in the connections,<br> the local and remote addresses, the portnumbers, and on modern OS'ses, the "-b" switch will even show<br> which program on you machine is actually communicating.<br> <br> Some examples: <br> <B>C:\> netstat</B> <I># just shows the active connections</I><br> <B>C:\> netstat -a</B> <I>#shows all connections</I><br> <B>C:\> netstat -an</B> <I># shows all connections with addresses and ports in nummerical form (<U>good option!</U>)</I><br> <B>C:\> netstat -an | find "4500"</B> <I># as above, but filters the output on port 4500</I><br> <B>C:\> netstat -an 3</B> <I># as "netstat -an", but the command is repeated every 3 seconds</I><br> <B>C:\> netstat -anb</B> <I># shows all connections with addresses and ports in nummerical form, and which program is involved</I><br> <B>C:\> netstat -r</B> <I># shows the "routing table" that's in effect on your machine</I><br> <br> As a last nice example, try the -e and -s switches. It will you the network statistics of your network interface:<br> <br> <B>C:\> netstat -e -s</B><br> <br> <I>Shows network statistics of your netcard, like bytes send and received, segments send and received etc...</I><br> <br> <B>nbtstat:</B><br> <br> The "nbtstat" utility, is geared towards viewing Netbios "naming" and "registration" information.<br> Although once a fundamental protocol for IBM and Microsoft, it'still is far from obsolete. Almost all Windows machines still<br> have a "netbios name", as well as that many <B>services</B> registers, or broadcast, their netbios identifiers<br> on the network. Services, might register themselves (periodically) through a broadcast, or directed to a WINS Server.<br> Especially retrieving "naming" information from the local or remote caches, is an important function of the nbtstat utility.<br> So, for example, using "nbtstat", you can view the netbios naming registrations on your local- or remote machines.<br> Also, you can see how your machine have resolved "netbios" names into addresses (using -c switch).<br> So, please do distinguish that we have a "name table" that shows which services have registered, and we have a "naming cache"<br> which shows how names are resolved into network addresses.<br> <br> The syntax is the following:<br> nbtstat [ [-a RemoteName] [-A Remote IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ] <br> <br> Some examples: <br> <B>C:\> nbtstat -n</B> <I># Displays the NetBIOS name table of your local machine</I><br> <B>C:\> nbtstat -c</B> <I># Displays the NetBIOS name cache (what is resolved) on your local machine</I><br> <B>C:\> nbtstat -a RemoteMachineName</B> <I># Displays the NetBIOS name table of the RemoteMachineName</I><br> <B>C:\> nbtstat -A RemoteIPAdress</B> <I># Displays the NetBIOS name table of the machine with that Remote IP Adress </I><br> <br> So, both "netstat" and "nbtstat" are tools that might help in troubleshooting (or just viewing) network stuff.<br> <br> Note:<br> By the way, if you want to view the socalled "arp" cache, meaning which IP addresses have been resolved to MAC datalinklayer<br> addresses on your local machine, use the "arp -a" command, like so:<br> <br> <B>C:\> arp -a</B><br> <br> So you can use the "nbtstat" command to see which names have been resolved to IP Addresses,<br> and you can use the "arp" command to see which IP Addresses have been resolved to Datalink addresses (card or MAC addresses). <br> <h3 id="section8">8. Some examples of commands, to invoke a Graphical Utilty.</h3> <B>-- Graphical utilities or mmc snapins:</B><br> <br> Many graphical tools, like the 'eventviewer", or "control panel" etc.. means that you must find your<br> way in the GUI system of Windows. Nothing wrong with that, but sometimes I find it easier to just start a prompt,<br> and give the appropriate command to launch that GUI component.<br> Here is a short list of invoking some tools from the prompt. <B>Not all commands work exactly the same<br> (or are available) on all Windows versions.</B><br> But you can just try them out (be a bit carefull with the shutdown commands).<br> <br> <B>C:\> control</B> <I># Starts Control Panel</I><br> <B>C:\> eventvwr</B> <I># Starts the eventviewer</I><br> <B>C:\> msconfig</B> <I># Starts the System Configuration utility (startup menu etc..)</I><br> <B>C:\> shutdown /l</B> <I># logoff from Windows</I><br> <B>C:\> shutdown /s</B> <I># Shutdown the local machine</I><br> <B>C:\> shutdown /r</B> <I># Reboot the local machine</I><br> <B>C:\> regedit</B> <I># Starts the Registry Editor</I><br> <B>C:\> iexplore</B> <I># Starts Internet Explorer</I><br> <B>C:\> [dsa.msc | admgmt.msc]</B> <I># Starts Active Directory U+C mmc snapin (goes for other .msc snapins as well)</I><br> <B>C:\> sysedit </B> <I># uniform editor to view/configure wow/console win.ini/system.ini/config.sys</I><br> <B>C:\> perfmon</B> <I># Starts the Performance Monitor</I><br> <B>C:\> diskmgmt.msc </B> <I># Starts the Disk Manager </I><br> <br> These are just a few examples. You can easily expand the list yourself, if you would be interrested.<br> Ofcourse, some commands are (or may be) restricted to be used for Administrative accounts only,<br> or are disabled by some "policy".<br> Also, when working from the prompt, the "PATH" settings determine if some executable can be found by the system.<br> So, if you can start some utility from the GUI, it does not automatically means you can start it from the prompt.<br> <br> Many of the forementioned "utilities" are, in the more recent Operating Systems, <B>"snapins"</B>in the Microsoft Management Console.<br> That means that tools like the device manager, performance monitor, and many others,<br> can be started, like in the following examples:<br> <br> <B>C:\> %SYSTEMROOT%/system32/devmgmt.msc</B> <I># Starts the Device Manager tool</I><br> <B>C:\> %SYSTEMROOT%/system32/perfmon.msc</B> <I># Starts the Performance Monitor tool</I><br> etc.. <br> <br> The environment variable "%SYSTEMROOT%", is a variable that points to the Windows directory, which on most<br> systems will be "C:\WINDOWS". But if you just use the variable, it does not matter where exactly the Windows directory<br> is located. Using the variable, will ensure that you refer to the correct location.<br> <br> <B>-- Control Panel Applets</B>:<br> <br> Many of the items that you can see, in for example "Control Panel", like the "system applet", are associated<br> with ".cpl" files (<I>control panel files</I>). That means that you can start such an "applet" right from the prompt,<br> without going to Control Panel first. Now, it <I>might</I> be a bit different on your particular system, but if I enter<br> on my system the following commands, you can see what happens in the below examples:<br> <br> <B>C:\> appwiz.cpl</B> <I># Starts the "Add and Remove programs" applet</I><br> <B>C:\> powercfg.cpl</B> <I># Starts the "Power management" applet</I><br> etc..<br> <br> Note:<br> If the "direct call" to a .cpl file does not work, you might try using "control somecplfile.cpl", like in:<br> <B>C:\> control powercfg.cpl</B><br> <br> <h3 id="section9">9. Some examples of commands that enables you to implement scheduled tasks.</h3> In all Windows versions, it's possible to create a "scheduled task" that will run at dates and times<br> of your choice. So, for example, you could create a job that runs every Monday at 17:00h.<br> <br> The interfaces from which you create and maintain jobs, are:<br> <br> - the prompt, most notably the "at" and "schtasks" commands<br> - and the Graphical User Interface ofcourse.<br> <br> If we take a quick look at the GUI first, then there are a few <I>differences</I> in the approach to add a scheduled Task,<br> if you would compare XP and Win2K3 (Win version 5) <I>on the one side</I>, and Vista and Win2K8 (Win version 6) systems on <I>the other side</I>.<br> Besides the visual interface on how to "do things", the scheduling "framework" is a bit different as well.<br> <br> <B>1. Remarks on XP, Win2K3:</B><br> <br> In Win2K3, using the GUI, you can go to the Control Panel. There you can find an icon named "Scheduled Tasks".<br> If you open that, you will encounter several dialog windows which will help you to create the task.<br> <br> In XP and Win2K3, you can also view, create and modify tasks by using the "schtasks" command.<br> Let's take a quick look at that:<br> <br> <B>C:\> schtasks</B><br> <br> <I> Shows a listing of scheduled tasks with items like status, next run date etc..</I><br> <br> So, just by entering the schtasks command, it will show you all currently existing tasks.<br> <br> You can <B>add and modify</B> jobs as well. Let's see what the help function of the command will show us:<br> G:\>schtasks /?<br> <br> SCHTASKS /parameter [arguments]<br> <br> Description:<br> Enables an administrator to create, delete, query, change, run and<br> end scheduled tasks on a local or remote system. Replaces AT.exe.<br> <br> Parameter List:<br> /Create <I># Creates a new scheduled task.</I><br> /Delete <I># Deletes the scheduled task(s).</I><br> /Query <I># Displays all scheduled tasks.</I><br> /Change <I># Changes the properties of scheduled task.</I><br> /Run <I># Runs the scheduled task immediately.</I><br> /End <I># Stops the currently running scheduled task.</I><br> /? <I># Displays this help message.</I><br> <br> From each of these parameters, you can have very extended help, using "schtasks /parameter /?<br> The "schtasks" command, actually should be viewed as a replacement of the former "at" command.<br> However, the "at" command still works (up to Win2K8), but is not recommended anymore.<br> <br> The descriptions of the tasks that you created with the GUI or the schtasks command, can also be seen in the "%SYSTEMROOT%\Tasks" directory.<br> (Note: maybe you are not allowed to "cd" to that directory, but you probably can view the list with "dir c:\windows\tasks".)<br> <br> <B>2. Remarks on Vista, Win2K8:</B><br> <br> In Win2K8, you would go to the Control Panel, and from there choose the "Administrative Tools". There you can find the<br> option to Add a Scheduled Task. If you start that up, you will see that the GUI and framework indeed have changed somewhat compared<br> to the Win2K3 world. In fact, it's quite some more elaborate and complex.<br> <br> Here, also, the <B>"schtasks"</B> command (or the "at" command) works as well, just as in XP/Win2K3.<br> <br> <B>3. Example of adding a (local) task with the "schtasks" command:</B><br> <br> C:\> schtasks /Create /SC weekly /D MON,TUE,WED /TN DailyBackup /ST 22:00:00 /TR c:\scripts\dailybackup.cmd /RU Domain\account /RP password<br> <br> The following create_options might be used:<br> /RU username /RP password #run job under this account<br> /SC schedule [/MO modifier] #When to run, like "weekly"<br> /D day #day is like MON,TUE,WED,THU,FRI,SAT,SUN<br> /M months #month is like JAN,FEB,MAR,APR,MAY,JUN,JUL,AUG,SEP,OCT,NOV,DEC.<br> /TN taskname /TR taskrun #Name and pathname for task<br> ST starttime #HH:MM:SS (24 hour)<br> /SD startdate /ED enddate] #start and end date, in the form dd/mm/yyyy<br> <br> Don't forget that the credentials under which the "Schedule service" runs, determines if a job can access which resources on the local machine,<br> and/or can access network resources as well.<br> <br> <B>4. Example of adding a (local) task with the "at" command:</B><br> <br> Take a look at the following example of adding an "at" task:<br> <br> C:\> AT 23:30 pm /EVERY:m,t,w,th,f backup.cmd<br> Added new task with task-ID = 1<br> <br> A simplified syntax of the at command is:<br> <br> at [\\remote_machine] time [every:[m],[t],[w],[th],[f],[s],[su]] command_that_must_be_scheduled<br> <br> Notice that when you scheduke a command using "at", you will get the "task-id" returned in the response.<br> Note: in some locales, you should use "time" like for example "23:30 pm", and at others, you should not use am or pm at all.<br> <br> Using the "at" command without parameters, shows you all at scheduled jobs, along with their task-id's.<br> <br> C:\>at<br> Status ID Day Time Command<br> -------------------------------------------------------------------------------<br> 1 Today 23:30 pm /EVERY:m,t,w,th,f backup.cmd<br> <br> If you know the task-id, you can remove an "at" scheduled job as well. Just like so:<br> <br> C:\> at 1 /delete<br> <br> Again, the descriptions of the "at" jobs are localized in %SYSTEMROOT%\tasks. So here you may find files like "at1.job".<br> <br> <h3 id="section10">10. Some examples of handling txt (or ascii) files.</h3> Often, you need to create, or edit or otherwise manipulate, a simple flat txt file.<br> In any Windows version, the "notepad" utility is present ofcourse. Or you might have<br> downloaded a "pumped up" acsii editor, like "TextPad" or "notepad+" or any other similar utility.<br> <br> But sometimes, you want to save time by <B>not</B> starting such a tool, and you just want to do your work<br> right from the prompt.<br> <br> <B>10.1 "copy con" (copy from console) to create a txt file</B><br> <br> Suppose you are at the prompt, and you just want to create an ascii file with some text.<br> You can directly create a txt file, from the prompt, using the "copy con" command.<br> This command means something like "copy directly from the console (keyboard)".<br> <br> Suppose we are in the directory C:\TEST<br> <br> <B>C:\TEST> copy con test.txt</B> <I># type that command and then press Enter</I><br> <B>this is some test text</B> <I># type some text that you want the file to contain, and when ready, press Ctrl-Z</I><br> <br> So, for creating simple files (with little text, or no text at all), use "copy con" and use "Ctrl-Z" to end.<br> <br> If you really don't care what the file contains, you can use almost any ordinary command in combination with ">",<br> that is, the redirection symbol (operator).<br> The ">" means, that you can redirect the standard output (stdout) from a program, to "other output",<br> like for example a file.<br> <br> <B>C:\TEST> dir > test.txt</B> <I># the file will contain the directory listing</I><br> <B>C:\TEST> echo > test.txt</B> <I># the file will contain the line "echo is on or off"</I><br> <B>C:\TEST> date > test.txt</B> <I># the file will contain the current date</I><br> etc..<br> <br> <B>10.2 Create a filtered or sorted txt file, from a source txt file</B><br> <br> We already have seen the use of ">", which means that you change the standard output of some tool.<br> Another usefull symbol (operator) is the pipeline "|" symbol, which means that you can "link"<br> two programs or utilities, in such a way, that <I>the output</I> of the first program,<br> <I>becomes the input</I> for the second program.<br> <br> To illustrate such a "pipe" between 2 utilities, let's look at an example.<br> Suppose you have a large txt file, listing usernames and citynames.<br> Let's view the content of that file:<br> <br> <B>C:\TEMP>type tst.txt</B><br> Harry London<br> Albert Amsterdam<br> Nadia Paris<br> etc..<br> <br> Note: with the "type" command, you can "type" the contents of an ascii (flat) file to your screen,<br> so you do not need a program like notepad and the like.<br> <br> Now suppose, you are only interested in the users with the name "Albert".<br> Instead of browsing through the file, you can "type" the file, and "feed" that output to<br> the "find" command, which uses that content as it's input. The find command will then search for<br> the string that you have put as a parameter, which in this case is "Albert".<br> <br> <B>C:\TEMP>type tst.txt | find "Albert"</B><br> Albert Amsterdam<br> <br> Indeed, the output get's "filtered" by that particular username.<br> <br> Ofcourse, now you can even redirect, the output of the "find" command, <I>to a new file.</I><br> <br> <B>C:\TEMP>type tst.txt | find "Albert" > filtered.txt</B><br> <br> <B>C:\TEMP>type filtered.txt</B><br> Albert Amsterdam<br> <br> As another example, suppose that the tst.txt file needs to be sorted alphabetically.<br> For that, you can use the "sort" command, in a similar way as you used the "find" command.<br> Only this time, "sort" will not search for a string, but it will sort it's input:<br> <br> <B>C:\TEMP>type tst.txt</B><br> Harry London<br> Albert Amsterdam<br> Nadia Paris<br> <br> <B>C:\TEMP>type tst.txt | sort > sorted.txt</B><br> <br> <B>C:\TEMP>type sorted.txt</B><br> Albert Amsterdam<br> Harry London<br> Nadia Paris<br> <br> Note: for more of those "dos like" tips, you might view the file "cmdshell.txt", which is available<br> on this site as well.<br> <br> <h3 id="section11">11. The WMIC command.</h3> As of XP (Professional), you can use the "wmic" (Windows Management Instrumentation Command) tool.<br> This allows you to retrieve <B>a large amount</B> of low-level system information from the command line.<br> <br> For example, in unix/linux, it's very easy to get a list of the processes on your system. Multiple options exists,<br> but even a relatively simple command as <B>ps -ef</B>, will show you all processes and their attributes, on Unix.<br> <br> In Windows, you can ofcourse use the graphical "Task Manager" that will also show the processes, but how<br> to retrieve a list right from the prompt? This question has often puzzled many Windows users.<br> Ofcourse, in section 5 we have already seen the <B>"tasklist"</B> command which produces such a list.<br> But the "wmic" command can do similar, and even <I>much more!</I><br> That's why we will spend this section on "wmic".<br> <br> <br> <B>11.1 What is WMI?</B><br> <br> In short: WMI is the Microsoft implementation of WEBM and CIM, meaning that an API is deployed, using various<br> providers, which allows for viewing (and sometimes altering) properties of many low-level system services.<br> Most WMI enabled (graphical) utilities in Windows, shows you a hierarchical object model.<br> That's why, in the Windows OS, there are many tools that shows you objects (like devices) in a "tree-like" structure.<br> <br> WMIC, is the commandline interface on WMI.<br> <br> Let's take a look at a few commands, that will demonstrate the power of "wmic".<br> <br> <br> <B>11.2 Retrieving a list of processes and their properties.</B><br> <br> Using WMIC, it is possible to list out all the running processes and their parameters.<br> <br> <I>Get a list of processes on your local machine, with KernelModeTime and UserModeTime statistics:</I><br> <B>C:\> wmic PROCESS get Caption,Kernelmodetime,Usermodetime</B><br> <br> <I>Get a list of processes, on your local machine, with KernelModeTime,UserModeTime, VirtualMemory statistics:</I><br> <B>C:\> wmic PROCESS get Caption,Kernelmodetime,Usermodetime,WorkingSetSize</B><br> <br> <I>Or just get a list with all statistics:</I><br> <B>C:\> wmic PROCESS get</B><br> <br> <I>Get a list of processes on your local machine, in the file "c:\temp\processlist.txt" with some statistics:</I><br> <B>C:\> wmic /OUTPUT:C:\TEMP\ProcessList.txt PROCESS get Caption,Commandline,Processid</B><br> <br> Now, try the following commands to get various other listings on process statistics:<br> <br> <B>C:\> wmic process list Statistics</B><br> <B>C:\> wmic process list brief</B><br> <B>C:\> wmic process list full</B><br> <br> You can also "filter" on a particular process image, like:<br> <br> <B>C:\>wmic process where name= cmd.exe get processid, name, executablepath</B><br> <br> <B>C:\> wmic process where (name= cmd.exe or name= calc.exe ) list brief</B><br> <br> Note the usage of the <I>"where"</I> clause in the above two commands.<br> <br> You can let "wmic" operate on a remote machine, by using the parameters:<br> <B>/user:[admin_user] /password:[password] /node:[machine_name]</B><br> <br> <br> <B>11.3 Stopping, starting, and influencing a process.</B><br> <br> Instead of just retrieving lists, it's also possible to infuence a process.<br> Although I have seen some differences among the different Windows versions, you might try<br> the following examples on your Windows test machine.<br> <br> --> <I>terminating an application:</I><br> <br> <B>C:\> wmic PROCESS WHERE Name="calc.exe" CALL Terminate</B><br> <br> For example, all instances of notepad can be terminated by using:<br> <br> <B>C:\> wmic PROCESS where (caption= notepad.exe ) call terminate</B><br> <br> --> <I>starting an application (using the "create" method):</I><br> <br> <B>C:\> wmic PROCESS call create calc.exe</B><br> <br> --> <I>altering the priority of an application:</I><br> <br> <B>C:\> wmic PROCESS where name="myprg.exe" call setpriority 16384</B><br> <br> <br> In this section, ofcourse, I have only "scratched the surface" on this topic.<br> Indeed, the "wmic" command is very powerfull, and it surely takes some time to master it.<br> If this was your first encounter with wmic, I think you agree to invest some more time.<br> <br> <h3 id="section12">12. The "typeperf" command.</h3> In this section you will find (just) a few remarks on the "typeperf" command.<br> You can use the graphical utility "Performance Monitor" (perfmon.exe) to create performance charts<br> of, for example, cpu utilization, memory usage, disk usage, network statistics, and much more.<br> <br> Ofcourse, it's probably best to work with Performance Monitor (recently renamed to "System Monitor"), using<br> the graphical interface.<br> But who knows: maybe you like to create measurements right from the prompt. If that's so, you might like the "typeperf" command.<br> And, since typeperf is used from the prompt, you can use it in scripts as well.<br> <br> With NT system monitoring tools, you will encounter the following naming structure;<br> - "objects" are representations of (real) components like processor, physicalDisk etc..<br> - a "counter" (of an object) is a measurable metric that is exposed by that object. An object usually has many counters.<br> - "instance", for example, you might have an object like a "PhysicalDisk", but.. you might have multiple disks on your system!<br> So, in this example, you might pick a particular disk (like E:), or choose all of them (mostly designated by "_Total")<br> <br> So you might have as an object, a "processor", which exposes several counters like "%User Time", "%Priviledge Time", or<br> "%Processor Time" (which is User + Priviledge).<br> <br> Using the graphical tool (performance monitor/system monitor), it's quite easy to select multiple objects, and per object,<br> select the counters that you are interrested in.<br> Using the command prompt, you are a little bit limited in the amount of counters. This is because you might use<br> the typeperf command like:<br> <br> <B>typeperf "Object(Instance)\Counter"</B> ["Object(Instance)\Counter" etc..] [other options]<br> <br> Again, the full syntax is somewhat more elaborate than what's shown above. (yes, this is only a simple introduction)<br> <br> Here are a few examples:<br> <br> <B>C:\> typeperf "\Processor(_Total)\% Processor Time"</B> <br> <I> Shows a record per second (is default) of the %Processor Time spend, by all cpu instances.</I><br> <br> <B>C:\> typeperf "\PhysicalDisk(_Total)\Avg. Disk queue length" -o diskqueue.txt </B> <br> <I> Shows a record per second (is default) of the Average disk queue lengths, by all (disk) instances.</I><br> <br> So, with the -o option, you can specify a file where you can send the output to. You can ofcourse also use ">", to redirect<br> the output to a file.<br> <br> <h3 id="section13">13. The "cacls" command, and similar commands.</h3> <B><U>cacls:</U></B><br> <br> Sometimes you need to change the NTFS filesystem permissions, possibly for large number of directories, or for<br> a large number of users or groups.<br> Anyway, it can be usefull to know how to do that from the commandline.<br> <br> CACLS is a Windows command-line utility that is used to display or modify file or directory access control lists (ACLs).<br> NTFS objects, that is files and directories, "contain" an Access Control List", that specifies which users and groups<br> can access that object, and with what sort of permissions.<br> <br> Usually, a new object (file or directory) inherits the ACL's from the folder in which it was created.<br> <br> CACLS is not difficult to use. The syntax is:<br> <br> <B>cacls FileName [/t] [/e] [/g User:permission] [/r User [...]] [/p User:permission [...]] [/d User [...]]</B><br> <br> /t = Changes DACLs of specified files in the current directory and all subdirectories. <br> /e = Edits a DACL instead of replacing it. For example, add a permission. <br> /r User = Revokes permissions for the specified user or group (when spaces in the groupname, enclose the name with "")<br> /p User:permissionlist = Replaces (instead of edit) access rights for the specified user or group.<br> /d User = Denies access for the specified user.<br> /g User:permission = Grants access rights to the specified user or group.<br> <br> When you use cacls to just view, or edit the permissions, you will see some output that might strike you as strange,<br> like "OI", "CI" etc..<br> It's not so weird really. Here is what those terms means:<br> <br> OI - Object inherit <br> CI - Container inherit<br> IO - Inherit only<br> No such output: This folder only.<br> <br> In practice, you will see mostly "combinations", and they have meanings like:<br> <br> (OI)(CI) = This folder, subfolders, and files.<br> (OI)(CI)(IO) = Subfolders and files only.<br> (CI)(IO) = Subfolders only.<br> (OI)(IO) = Files only.<br> <br> So, when you view the acl's on some directory or file you see user and groupnames, along with the terms from above list,<br> and the permissions. So, you might see stuff like:<br> <br> C:\> cacls c:\temp<br> <br> Buildin\Users: (OI)(CI)R <I># Read for for this folder, subfolders and files for the group "Users"</I><br> Buildin\Administrators:(IO)(CI)F <I># Full Control for this folder, subfolders and files for the group "Administrators"</I><br> etc..<br> <br> The permissions you can edit or replace are:<br> <br> n: None<br> r: Read<br> w: Write<br> c: Change<br> f: Full Control<br> <br> Some examples of editing ACL's: <br> C:\> cacls c:\ /t /e /g Administrators:f <br> C:\> cacls c:\temp\*.* /e /g "Domain Users":r Users:r /r Everyone<br> C:\> cacls e:\data\finance /e /t /g "FinanceUsers":f<br> <br> The utility will ask you "ARE YOU SURE? Y/N" if you use it to edit or replace permissions. In batchfiles, that's not nice.<br> You can use the command "echo Y |" in front of the cacls the command, like in:<br> <br> C:\> <B>echo y|</B> cacls [rest of the command..]<br> <br> <B><U>Saving acl's into a file using icacls:</U></B><br> <br> Suppose you want to <B>store</B> all ACL's of files and subdirectories <B>into a file</B>, you might like<br> the "icacls" command. Although this command has many more options than what you will see here,<br> I just want to focus on saving <I>in</I>, and restoring ACL's <I>from</I>, a file.<br> Ofcourse you won't save the "datapart" of files. It's only the "acl" related metadata what get's stored in the file.<br> <br> Example:<br> <br> <B>C:\> icacls d:\data\finance\* /save finacl.txt /t</B> <I># "/t" means: subdirectories also</I><br> <br> As said before, "icacls" is much more powerfull than this example.<br> If you need to restore the ACL's:<br> <br> <B>C:\> icacls d:\data\finance\ /restore finacl.txt</B><br> <br> With a restore, you need to be a bit carefull. First exercise your commands on a test system, before you use it "for real".<br> <br> <B><U>SetACL:</U></B><br> <br> A very good utility is "SetACL".<br> <br> You can find all information <a href="http://setacl.sourceforge.net/">here.</a><br> <br> <h3 id="section14">14. Free (gnu) shells or tools for Windows.</h3> Do You like the unix shell utils like awk, sed, dd, od and all those other great tools?<br> There are some nice "shell environments" you can install in Windows, without that you <I>must</I> install a full Linux partition,<br> or a Linux Virtual Machine.<br> If you install such an environment, then next to your cmd, or Powershell (or other Windows tools), you can also run some<br> nice sh (or ksh etc..) tools as well.<br> Only a few dll's are installed, in order to create a Linux API emulation layer, providing an environment for the commands.<br> Ofcourse, it's only a limited commandset, but it's quite nice, and I can really recommend to install one of them.<br> For example:<br> <br> <a href="http://gnuwin32.sourceforge.net/packages/coreutils.htm">The GNU CoreUtils for Windows (small package; choose the "setup")</a><br> <a href="http://www.cygwin.com/">The Cygwin environment for Windows (larger package; many modules to choose from)</a><br> <br> If you are not so familiar with the tools, there are many easy to find docs on the net.<br> <br> For example, if you want to perform hex dumps of a file, you can use the "od" command. Here is an example:<br> You will certainly have some ascii file somewhere, and some binary file somewhere too.<br> <br> Now try this on those files:<br> <br> od -x -N 64 yourfile +0x1000<br> or<br> od -a -N 64 yourfile +0x1000<br> <br> Where the -x flag displays output in hexadecimal format (-a in ascii), and the -N flag instructs the system to format <br> no more than 64 input bytes from the offset parameter (+), which specifies the point in the file where<br> the file output begins.<br> <br> <h3 id="section15">15. How to determine your .NET (dot net) version, and your Windows Installer version.</h3> <B><U>15.1 Determining the .NET version:</U></B><br> <br> Most modern Windows versions will have the .NET (dot net) framework on board. Said very crudely:<br> It's a sort of runtime environment for .NET applications. <br> At the time of writing, dot net version 3.5 is quite current.<br> <br> Some applications require some version of .NET to be installed on your computer.<br> <br> But how do we determine the current version anyway?<br> <br> There are lots of ways to find out. You can start up control panel, go to software etc..<br> Or you can check the Registry.<br> Here are a few other ways using the prompt:<br> <br> <U>(1):</U><br> .NET is largely installed in your Windows directory.<br> If I start a prompt, and browse around for .NET "looking" directories, I might find a lot of<br> subdirs in "C:\Windows\Microsoft.NET\".<br> Next, I just try to find the highest version number under the "Framework" directory, like for example "v3.5".<br> Then we try to locate a C# compiler like "csc.exe", and let's run it.<br> <br> <font face="courier" size=2 color="blue"> C:\Windows\Microsoft.NET\Framework\v3.5><B> csc</B><br> <br> Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.4926<br> for Microsoft (R) <B>.NET Framework version 3.5</B><br> Copyright (C) Microsoft Corporation. All rights reserved.<br> <br> fatal error CS2008: No inputs specified<br> <br> <font face="arial" size=2 color="black"> Ofcourse, an error is returned because I did not specified any inputfile.<br> But, did you noticed that in the banner, the .NET framework version was shown?<br> <br> <U>(2):</U><br> In a former section, we already have seen the "WMIC" command.<br> This is such a versatile command, and by using it with specific parameters, you can find the .NET version too.<br> Try this:<br> <br> C:\> wmic /namespace:\\root\cimv2 path win32_product where "name like '%%.NET%%'" get version<br> <br> <B><U>15.2 Determining the Windows Installer version:</U></B><br> <br> This one is quite easy. Just run "msiexec" from the prompt. A help dialogbox will popup,<br> which also shows the installer version.<br> <br> C:\> msiexec<br> <br> <h3 id="section16">16. How to start an application with different priority, from the prompt.</h3> WARNING: it's not always advisable to change the way an application should start, like for example<br> changing it's "priority".<br> It could, in some cases, even affect the stability of your system.<br> <br> There are a limited number of methods to start an application (like an application, or command, or batch script) with<br> another priority than the "default", or with other properties (like the working directory e.g., for saving files).<br> <br> From the prompt, you can use the "start" or "wmic" command.<br> <br> <B><U>16.1 The "start" command:</U></B><br> <br> If you open a cmd window, and enter "start /?", you can see what your options are when using the start command.<br> A clipped (limited) output is shown below:<br> <br> <font face="courier" size=2 color="blue"> <B>C:\> start /?</B><br> <br> Starts a separate window to run a specified program or command.<br> <br> START ["title"] [/D path] [/I] [/MIN] [/MAX] [/SEPARATE | /SHARED]<br> [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL]<br> [/AFFINITY <hex affinity>] [/WAIT] [/B] [command/program]<br> [parameters]<br> <br> "title"&nbsp Title to display in window title bar.<br> path&nbsp Starting directory<br> B&nbsp Start application without creating a new window. The<br> &nbsp application has ^C handling ignored. Unless the application<br> &nbsp enables ^C processing, ^Break is the only way to interrupt<br> &nbsp the application<br> I&nbsp The new environment will be the original environment passed<br> &nbsp to the cmd.exe and not the current environment.<br> MIN&nbsp Start window minimized<br> MAX&nbsp Start window maximized<br> SEPARATE&nbsp Start 16-bit Windows program in separate memory space<br> SHARED&nbsp Start 16-bit Windows program in shared memory space<br> <B> LOW&nbsp Start application in the IDLE priority class<br> NORMAL&nbsp Start application in the NORMAL priority class<br> HIGH&nbsp Start application in the HIGH priority class<br> REALTIME&nbsp Start application in the REALTIME priority class<br> ABOVENORMAL&nbsp Start application in the ABOVENORMAL priority class<br> BELOWNORMAL&nbsp Start application in the BELOWNORMAL priority class<br> </B> AFFINITY&nbsp The new application will have the specified processor<br> &nbsp affinity mask, expressed as a hexadecimal number.<br> WAIT&nbsp Start application and wait for it to terminate<br> <br> <font face="arial" size=2 color="black"> As you can see, the priority "classes" are (in NT like systems like all modern Windows versions are):<br> LOW, BELOWNORMAL, NORMAL, ABOVENORMAL, HIGH, REALTIME<br> Per default, a process is scheduled in the "NORMAL_PRIORITY_CLASS".<br> Actually, the priority levels range from zero (lowest priority) to 31 (highest priority)<br> Within every priority class, there are sublevels defined, which then "explains" those 0 - 31 levels.<br> However, for regular applications, there is no good reason to use the REALTIME_PRIORITY_CLASS,<br> since this will compete with basic IO of your system (and disk syncs as well).<br> <br> Note: depending on the process and your administrative rights to your machine,<br> you may not be able to change a particular process's priority.<br> Also, it's not always a good idea to make a change in priority in the first place.<br> <br> - With the "start" command, you will just use the identifiers HIGH, LOW etc..<br> - With the "wmic" command, you should use the "ClassValue" numbers. Here, you can use this table:<br> <br> Priority ClassValue <br> Normal= 32<br> Low= 64<br> Real-time= 128<br> High= 256<br> Below Normal= 16384<br> Above Normal= 32768<br> <br> Some examples using the start command:<br> <br> <B> C:\> start /HIGH notepad.exe<br> <br> C:\> start /min notepad c:\data\mytext.txt<br> </B> <br> <B><U>16.2 The "wmic" command:</U></B><br> <br> In section 11, we touched on the "wmic" command.<br> You can also use that command to change the priority of a process.<br> <br> Example: put explorer.exe on "LOW"<br> <br> C:\> wmic process where name="explorer.exe" call setpriority 64 <br> <br> <B><U>16.3 Other utilities:</U></B><br> <br> - Using the "Task manager", and switching to the process tab, then if you rightclick a process in the list,<br> you are able to change the priority class of an application.<br> - For IRQ's, which relate to devices, in some cases, you could (in principle) also modify the registry,<br> but that's certainly not always recommended.<br> - For some "regular" applications, it's feasible to modify the Registry and edit the "ImagePath" registry key,<br> replacing it with the appropriate "start" record.<br> - No doubt that if you "google", you will find quite a few free utilities that enables you to change the priority.<br> Needless to say that you should test them first. Never to be used for production systems.<br> <br> <h3 id="section17">17. A few usefull file manipulation commands.</h3> <B>17.1 To delete all files (not directories) from a directory and all subdirectories:</B><br> <br> Delete of files, silently, in all subdirs, also readonly ones.<br> <br> Example:<br> <br> C:\> cd test<br> C:\TEST>del /F /Q /S *.* <br> <br> All files in all subfolders should be erased now, unless you do not have NTFS permissions.<br> Obviously, you better be very aware on your "location" in the filesystem.<br> <br> F: even readonly files should be deleted.<br> Q: Quiet, no confirmation asked.<br> S: Files in Subdirectories also.<br> <br> Ofcourse, you do not neccessarily need to use "*.*". If you like to clean out (for example) only all "*.bak" files, use this:<br> <br> C:\> cd test<br> C:\TEST>del /F /Q /S *.bak<br> <br> <B>17.2 To delete all files <U>and</U> all subdirectories from a directory:</B><br> <br> Most often, this is what you want instead of what was shown in 17.1.<br> Just use the "rd" command with the "/S" (and optionally "/Q" for quiet, or no confirmation).<br> Obviously, you better be very aware on your "location" in the filesystem.<br> <br> Example:<br> <br> C:\> cd test<br> C:\TEST>rd tst /S /Q<br> <br> This will delete all subdirectories and files in "C:\TEST\tst", including the "tst" directory.<br> So, for example, if you would have the directories "C:\TEST\tst\a" and "C:\TEST\tst\b", each with<br> a lot of subdirs and files, then it would all be gone.<br> <br> <B>17.3 The "attrib" command to see and change "attributes":</B><br> <br> You know that a file will have certain properties, like filesize, owner, NTFS permissions etc..<br> In addition (on all usual Windows filesystems, like FAT, NTFS), 4 specific "attributes" may be set.<br> these are: A (archive needed), H (file is hidden), S (file is a systemfile) and R (file is read-only).<br> You could have a cmd window open, and you are in some folder. If you then issue the usual "dir" command<br> to get a list of files and subdirs, you might not "see" everything.<br> As an example of this, open a cmd window, and go to the systemdisk (usually C:). Then goto to the root of C:,<br> using "cd \". After that, just enter the "attrib" command.<br> <br> C:\users\albert> cd \<br> <br> C:\> attrib<br> <br> A &nbsp C:\AUTOEXEC.BAT<br> H &nbsp C:\Boot.BAK<br> SHR &nbsp C:\boot.ini<br> ASHR &nbsp C:\bootmgr<br> AS R &nbsp C:\BOOTSECT.BAK<br> ASHR &nbsp C:\NTDETECT.COM<br> ASHR &nbsp C:\ntldr<br> ASH &nbsp C:\pagefile.sys<br> <br> So, in this example, the file "ntldr" has all 4 attributes ASHR "set", meaning that they are "+" (or "in place").<br> So, to mark or unmark a file as "read-only" or "system" or "hidden", use the attrib command like in the following examples:<br> <br> - To unset (or tear down) the +r, +s, +h attributes on "mytestfile", in order to make it "not a systemfile",<br> and "not read only" and "not hidden", use:<br> <br> C:\TEST> attrib -r -h -s mytestfile<br> <br> - To unset (or tear down) only the +r attribute on "mytestfile", in order to make it read/write, use:<br> <br> C:\TEST> attrib -r mytestfile<br> <br> - To make a file Hidden and read-only, use:<br> <br> C:\TEST> attrib +r +h mytestfile<br> <br> Sometimes, if you have copied a CD or DVD to your harddisk, those files might be marked as "read-only".<br> Fortunately, you can use wildcards (*, or *.*) with the attrib command, <br> and the switch "/s" makes sure that all subdirs are parsed as well. For example:<br> <br> C:\COPIED_FROM_CD> attrib -r *.* /s<br> <br> <B>17.4 The "xcopy" command to create backups (or copies of files and trees of directories):</B><br> <br> If you need to create a copy of files and subdirectories on the same disk, or to another disk, or to a share,<br> or to a mountpoint etc.., you can use the "xcopy" command.<br> <br> One advantage of the regular xcopy command is, thats its available on all Windows versions.<br> Actually, its a very powerful command, and you can use many switches in order to create good user data backups.<br> <br> <B>- How to copy a tree of all subdirectories and files:</B><br> <br> Example:<br> <br> Suppose on a Win2Kx Server, you have a directory "C:\data" which has under it a big tree of subdirectories<br> with other data directories (like c:\data\user1, c:\data\user2 etc..).<br> <br> Now you want to copy this complete tree to another drive, say drive M:, included with all subdirectories, all files, <br> and information of the Owner and ACL´s.<br> <br> The following example shows how you might do this:<br> <br> <B>C:\data> xcopy *.* m:\data /S /C /O /H /Y</B><br> <br> Where the switches mean:<br> <br> /S: copies subdirectories also<br> /C: copy the files even if an error shows up (like the file is in use)<br> /O: includes also ownership and Access Control Lists information.<br> /H: includes also all hidden and system files<br> /Y: suppresses the confirmation if you are about to overwrite files<br> <br> Ofcourse, the command xcopy /? will show you all switches.<br> <br> <B>- How to copy files created or modified after a certain date:</B><br> <br> In this case, use the "/D" switch.<br> <br> Example:<br> <br> <B>C:\data\excel> xcopy *.* /D:01-13-2009 f:\backup</B><br> <br> Ofcourse, here you can use the other switches too.<br> <br> <h3 id="section18">18. The "forfiles" command.</h3> Often, especially on Server systems, all kinds of log files are created.<br> Also, quite often, those files just piles up, and as a conseqence, your disk(s) might run out of space.<br> <br> Typically, you only want the last couple of days, or weeks, of those logs kept online on the disk.<br> The older files then, can be deleted.<br> <br> It's quite easy to create a scheduled batch script, that will do this, using traditional dos commands.<br> <br> However, the "forfiles" command is very suited to for this kind of actions.<br> It should be available (as a standard command) on the latest Windows versions like Vista, win7, Win2K3, Win2K8.<br> But it's around for quite some time, like for example as a Resource kit tool for Win2000.<br> <br> Syntax:<br> <br> forfiles [-p <Path>] [-m SearchMask] [-s] [-c "command"] [-d [{+|-}][{Date|Days}]]<br> <br> Where:<br> <br> Path: is just the directory where the forfiles command must perform it's work.<br> Searchmask: a "mask" that specifies the criteria to select files, like <B>*.log</B>, or <B>*.trc</B> etc..<br> /s: if this parameter is used, subdirectories (with respect to "path") will be processed also.<br> /d: use it like for example -5, meaning a criteria "older than 5 days".<br> <br> Note: if you have difficulties to let the command work, take a look at this:<br> - The older versions want you to use a syntax like "-pE:\logs", while newer versions like "-p E:\logs"<br> - Sometimes the "-" parameter mark does not seem to work, while the "/" does.<br> <br> So, it's likely that you need to do a few "experiments" with this command syntax.<br> <br> How it works:<br> The forfiles command searches the directory (optionally subdirs too) for files which conform to the<br> <B>"searchmask"</B> (like *.log), <B>and</B> which conform to the <B>date citeria</B> (like older than 7 days).<br> Then a list will be created. Then the "command" (like "del") will operate on the list. In such a case,<br> a variable will be used (per default it is @FILE) which takes on the values of the list, one after the other.<br> The result command is then "del @FILE", where @FILE will be the filenames from of the list, from start to finish.<br> Thats why we often will see a @FILE variable in the commandline.<br> <br> Here are a few examples:<br> <br> <B> C:\> forfiles -pc:\temp -m*.* -s -d-040211 -c"CMD /C Echo @FILE is quite old!"<br> </B> <br> <B> C:\> forfiles /P C:\webserver\logs /S /M *.log /D -30 /C "cmd /c del @FILE"<br> </B> <br> The first example will echo <I>"filename is quite old"</I> for all files in c:\temp, which are older than 04/02/11.<br> The second example will delete all *.log files in the c:\webserver\logs directory, which are older than 30 days.<br> <br> <h3 id="section19">19. The "net" command.</h3> In section 1, we talked about the "sc" command, which allows you to control services.<br> Also, you can also easily just view all services with "sc" command from the prompt.<br> <br> As an alternative, in the same section, we said that the "net" command could also be used to view running services,<br> and you have some degree of control as well, because the net command allows you to stop and start a service.<br> <br> Examples:<br> <br> <B>Viewing services:</B><br> <br> -- To obtain a list of <I>running</I> services on your screen:<br> <br> C:\> net start<br> <br> -- To obtain a list of <I>running</I> services and pausing the output to screen (pressing a key to continue):<br> <br> C:\> net start | more<br> <br> -- To put a list of <I>running</I> services into the textfile "c:\temp\services.txt":<br> <br> C:\> net start > c:\temp\services.txt<br> <br> -- To filter the list of services (to your screen) which have the string "SQL" in their service name:<br> <br> C:\> net start | find "SQL" <br> <br> <B>Starting and stopping services:</B><br> <br> -- To stop (for example) the "MSSQLSERVER" service:<br> <br> C:\> net stop "MSSQLSERVER" <br> <br> -- To start (for example) the "MSSQLSERVER" service:<br> <br> C:\> net start "MSSQLSERVER" <br> <br> But the "net" command has much more to offer! Actually, it (once) was <I>the</I> Windows command to control<br> network functionality, and even control user account information for the local machine's SAM database.<br> With regards to account information, on modern Domain Controllers, a number of other<br> user account and network services commands are availble.<br> <br> Task: If you like to know what you still can do with user accounts, using the net command,<br> google on "net accounts" and "net user"<br> <br> <B>Some Other great functionality of the "net" command:</B><br> <br> -- Obtaining some stats of your (SMB) "Server" and "Workstation" (redirector) services:<br> <br> C:\> net statistics server<br> <br> C:\> net statistics workstation<br> <br> -- Obtaining a listing of shares on your Server:<br> <br> C:\> net share<br> <br> -- Obtaining a list of open shared files on your Server:<br> <br> C:\> net file<br> <br> -- To close a certain open file (with an ID found with the above command):<br> <br> C:\> net file ID /close<br> <br> -- To view a list of Servers on your subnet (advertising SMB server service):<br> <br> C:\> net view<br> <br> -- To "mount" a (local) Driveletter (like F:) to some remote networkshare:<br> <br> C:\> net use F: \\servername\sharename<br> <br> -- To "mount" the next available (local) Driveletter to some remote networkshare:<br> <br> C:\> net use * \\servername\sharename<br> <br> -- To "mount" the a (local) Driveletter (like F:) to some remote networkshare, and passing credentials along:<br> <br> C:\> net use F: \\servername\sharename /user:Domain_name\user_name<br> <br> Although it seems great to map a driveletter this way, it's not always the best solution for scripts:<br> Maybe not on all machines, at all times, the same letter is available.<br> So, you might just use the "url" or "unc" directly in scripts, as in for example<br> "copy myfile.txt \\servername\sharename" (ofcourse you need permissions on that share)<br> <br> <h3 id="section20">20. Determining "svchost" sessions.</h3> In the Windows tasklist, you might see one or more "svchost" processes. Typically, you will see multiple processes.<br> Svchost is used to run <B>services</B> which are coded in (for example) .dll libraries.<br> <br> It's not very likely that you will run (or need to run) the command yourself, in some customized way.<br> <br> It's even possible, that a certain svchost process, supports (runs) more than one service.<br> <br> If you are interested, you might take a look at the Registry key<br> <br> HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost<br> <br> where each value represents a "svc group", containing one or more services.<br> <br> If you want a simple list of svchost processes, and what exactly they are running, then use the following command:<br> <br> <B>C:\> tasklist /svc | find "svchost"</B><br> <br> <h3 id="section21">21. The "rundll32" command.</h3> Many code is implemented in .dll files, and you cannot run that "directly" from the command prompt.<br> However, the "rundll32" commandline utility, allows you to access that code.<br> <br> The syntax is:<br> <br> <B>C:\> rundll32 dllname,entrypoint [optional arguments]</B><br> <br> Although rundll32 is actually not directly meant for common user access, it provides you<br> with endless possibilities with working on the commandline, or from scripts.<br> One famous example is the following command, which illustrates the power of rundll32:<br> <br> <B>C:\> rundll32 PRINTUI.DLL,PrintUIEntry /?</B><br> <br> This will only show you the options which are possible on printer management. So, you can imaging<br> that there is a lot more to this utility.<br> <br> <h3 id="section22">22. How to determine you are running in a VM or physical machine.</h3> Suppose you start a rdp session (mstsc, a Windows terminal) to some Windows machine (like a Win2K3 Server).<br> How would you know that this a machine is a bare metal machine (physical machine), or a Virtual Machine,<br> like a "VMWare" virtual machine, using only prompt commands?<br> It's true: it's almost indistinguishable. Both architecture are almost indentical, if you are working<br> from a Windows console.<br> <br> Still, there are a few simple tricks, only using prompt commands.<br> <br> <B>Method 1:</B><br> <br> Using the "systeminfo" command from the prompt, you will get a lot of information from your OS and machine.<br> I like it best to redirect the output to a textfile, so that I can study the information from notepad or so.<br> <br> C:\TEMP> systeminfo > info.txt<br> <br> Somewhere in the output, you will see the Manufacturer and model of the system.<br> IF you see, for example:<br> <br> System Manufacturer: FUJITSU SIEMENS<br> System Model: AMILO Pro V2060<br> <br> Then it's quite likely that you work from a physical machine.<br> <br> Contrary, if you would find for example:<br> <br> System Manufacturer: VMware, Inc.<br> System Model: VMware Virtual Platform<br> <br> Then you a working from a VMWare Virtual Machine.<br> <br> <B>Method 2:</B><br> <br> Many WMIC commands will reveal that you are actually working on a Windows Virtual Machine, or physical machine.<br> For example:<br> <br> C:\TEMP> wmic computersystem > info.txt<br> <br> In the resultfile, If you are working from a Virtual Machine, like VMWare, you would see that name<br> in quite a few places. If it's a physical machine, like a Dell or so, you would see <I>that</I> name instead.<br> <br> Note: you can use many other wmic parameters as well. Just try "wmic /?" and experiment a bit.<br> <br> <B>Method 3: some other clues</B><br> <br> -The following is not garanteed to work, but with some Virtualization manufacturers, you might<br> have a registry key, which reveals the physical host that supports the VM's.<br> You might try to take a look at:<br> <br> HKEY_LOCAL_MACHINE\Software\Microsoft\Virtual Machine (if present)<br> <br> By the way, if it is indeed a VM, like a VMWare VM, in the Registry, you would find that name all over the place.<br> <br> -The following is not garanteed to work, but with some Virtualization manufacturers, you might<br> find a directory, carrying the Manufacturer's name, in %SYSTEMROOT%, or %SYSTEMROOT%\system32.<br> <br> -The following is <B>certainly</B> not garanteed to work, but with some Virtualization manufacturers, the MAC address<br> of the virtual adapter starts with "00", like in for example "00:05:69:0e:51:95"<br> This could be so because they use an algolrithm using the IP address and some hashing, that often returns "00:etc.."<br> But keep in mind that this method is very weak because also true physical adapters could use a MAC starting with "00"<br> <br> <h3 id="section23">23. Some "traditional" batch stuff.</h3> If you like old dos style batch scripting, maybe you like the following .txt document(s):<br> <br> <a href="cmdshell.txt">Some "traditional" batch stuff (1) (cmdshell.txt)</a><br> <br> <br> </body> </html>