WindowsXP Command Line - Teguh W

An A-Z Index of the Windows XP command line
By : Ir. Teguh W.
a
ADDUSERS Add or list users to/from a CSV file
ARP Address Resolution Protocol
ASSOC Change file extension associations
ASSOCIAT One step file association
ATTRIB Change file attributes
b
BOOTCFG Edit Windows boot settings
BROWSTAT Get domain, browser and PDC info
c
CACLS Change file permissions
CALL Call one batch program from another
CD Change Directory - move to a specific Folder
CHANGE Change Terminal Server Session properties
CHKDSK Check Disk - check and repair disk problems
CHKNTFS Check the NTFS file system
CHOICE Accept keyboard input to a batch file
CIPHER Encrypt or Decrypt files/folders
CleanMgr Automated cleanup of Temp files, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN to the Windows clipboard.
CLS Clear the screen
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Change colors of the CMD window
COMP Compare the contents of two files or sets of files
COMPACT Compress files or folders on an NTFS partition
COMPRESS Compress individual files on an NTFS partition
CON2PRT Connect or disconnect a Printer
CONVERT Convert a FAT drive to NTFS.
COPY Copy one or more files to another location
CSCcmd Client-side caching (Offline Files)
CSVDE Import or Export Active Directory data
d
DATE Display or set the date
DEFRAG Defragment hard drive
DEL Delete one or more files
DELPROF Delete NT user profiles
DELTREE Delete a folder and all subfolders
DevCon Device Manager Command Line Utility
DIR Display a list of files and folders
DIRUSE Display disk usage
DISKCOMP Compare the contents of two floppy disks
DISKCOPY Copy the contents of one floppy disk to another
DISKPART Disk Administration
DNSSTAT DNS Statistics
DOSKEY Edit command line, recall commands, and create macros
DSADD Add user (computer, group..) to active directory
DSQUERY List items in active directory
DSMOD Modify user (computer, group..) in active directory
DSRM Remove items from Active Directory
e
ECHO Display message on screen
ENDLOCAL End localisation of environment changes in a batch file
ERASE Delete one or more files
EVENTCREATE Add a message to the Windows event log
EXIT Quit the current script/routine and set an errorlevel
EXPAND Uncompress files
EXTRACT Uncompress CAB files
f
FC Compare two files
FIND Search for a text string in a file
FINDSTR Search for strings in files
FOR /F Loop command: against a set of files
FOR /F Loop command: against the results of another command
FOR Loop command: all options Files, Directory, List
FORFILES Batch process multiple files
FORMAT Format a disk
FREEDISK Check free disk space (in bytes)
FSUTIL File and Volume utilities
FTP File Transfer Protocol
FTYPE Display or modify file types used in file extension
associations
g
GLOBAL Display membership of global groups
GOTO Direct a batch program to jump to a labelled line
GPUPDATE Update Group Policy settings
h
HELP Online Help
i
iCACLS Change file and folder permissions
IF Conditionally perform a command
IFMEMBER Is the current user in an NT Workgroup
IPCONFIG Configure IP
k
KILL Remove a program from memory
l
LABEL Edit a disk label
LOCAL Display membership of local groups
LOGEVENT Write text to the NT event viewer
LOGOFF Log a user off
LOGTIME Log the date and time in a file
m
MAPISEND Send email from the command line
MBSAcli Baseline Security Analyzer.
MEM Display memory usage
MD Create new folders
MKLINK Create a symbolic link (linkd)
MODE Configure a system device
MORE Display output, one screen at a time
MOUNTVOL Manage a volume mount point
MOVE Move files from one folder to another
MOVEUSER Move a user from one domain to another
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Find and Replace text within file(s)
MV Copy in-use files
n
NET Manage network resources
NETDOM Domain Manager
NETSH Configure Network Interfaces, Windows Firewall & Remote access
NETSVC Command-line Service Controller
NBTSTAT Display networking statistics (NetBIOS over TCP/IP)
NETSTAT Display networking statistics (TCP/IP)
NOW Display the current Date and Time
NSLOOKUP Name server lookup
NTBACKUP Backup folders to tape
NTRIGHTS Edit user account rights
p
PATH Display or set a search path for executable files
PATHPING Trace route plus network latency and packet loss
PAUSE Suspend processing of a batch file and display a message
PERMS Show permissions for a user
PERFMON Performance Monitor
PING Test a network connection
POPD Restore the previous value of the current directory saved by
PUSHD
PORTQRY Display the status of ports and services
POWERCFG Configure power settings
PRINT Print a text file
PRNCNFG Display, configure or rename a printer
PRNMNGR Add, delete, list printers set the default printer
PROMPT Change the command prompt
PsExec Execute process remotely
PsFile Show files opened remotely
PsGetSid Display the SID of a computer or a user
PsInfo List information about a system
PsKill Kill processes by name or process ID
PsList List detailed information about processes
PsLoggedOn Who's logged on (locally or via resource sharing)
PsLogList Event log records
PsPasswd Change account password
PsService View and control services
PsShutdown Shutdown or reboot a computer
PsSuspend Suspend processes
PUSHD Save and then change the current directory
q
QGREP Search file(s) for lines that match a given pattern.
r
RASDIAL Manage RAS connections
RASPHONE Manage RAS connections
RECOVER Recover a damaged file from a defective disk.
REG Registry: Read, Set, Export, Delete keys and values
REGEDIT Import or export registry settings
REGSVR32 Register or unregister a DLL
REGINI Change Registry Permissions
REM Record comments (remarks) in a batch file
REN Rename a file or files
REPLACE Replace or update one file with another
RD Delete folder(s)
RMTSHARE Share a folder or a printer
ROBOCOPY Robust File and Folder Copy
ROUTE Manipulate network routing tables
RUNAS Execute a program under a different user account
RUNDLL32 Run a DLL command (add/remove print connections)
s
SC Service Control
SCHTASKS Schedule a command to run at a specific time
SCLIST Display NT Services
SET Display, set, or remove environment variables
SETLOCAL Control the visibility of environment variables
SETX Set environment variables permanently
SFC System File Checker
SHARE List or edit a file share or print share
SHIFT Shift the position of replaceable parameters in a batch file
SHORTCUT Create a windows shortcut (.LNK file)
SHOWGRPS List the NT Workgroups a user has joined
SHOWMBRS List the Users who are members of a Workgroup
SHUTDOWN Shutdown the computer
SLEEP Wait for x seconds
SLMGR Software Licensing Management (Vista/2008)
SOON Schedule a command to run in the near future
SORT Sort input
START Start a program or command in a separate window
SU Switch User
SUBINACL Edit file and folder Permissions, Ownership and Domain
SUBST Associate a path with a drive letter
SYSTEMINFO List system configuration
t
TASKLIST List running applications and services
TASKKILL Remove a running process from memory
TIME Display or set the system time
TIMEOUT Delay processing of a batch file
TITLE Set the window title for a CMD.EXE session
TLIST Task list with full path
TOUCH Change file timestamps
TRACERT Trace route to a remote host
TREE Graphical display of folder structure
TYPE Display the contents of a text file
u
USRSTAT List domain usernames and last login
v
VER Display version information
VERIFY Verify that files have been saved
VOL Display a disk label
w
WHERE Locate and display files in a directory tree
WHOAMI Output the current UserName and domain
WINDIFF Compare the contents of two files or sets of files
WINMSD Windows system diagnostics
WINMSDP Windows system diagnostics II
WMIC WMI Commands
x
XCACLS Change file and folder permissions
XCOPY Copy files and folders
:: Comment / Remark
Commands marked • are Internal commands only available within the CMD shell.
All other commands (not marked with •) are external commands which may be used under the CMD shell,
PowerShell, or directly from START-RUN.
================================ 0***0 ==================================
ADDUSERS Tambah atau daftar pengguna untuk / dari file CSV

ARP Address Resolution Protocol
Assoc Ubah ekstensi file asosiasi
ASSOCIAT Salah satu langkah asosiasi file
attrib Ubah atribut berkas
bootcfg Edit pengaturan boot Windows

BROWSTAT Dapatkan domain, browser dan PDC info
CACLS Ubah file permissions

CALL panggilan satu program batch yang lain •
CD Change Directory - pindah ke folder tertentu •
Change Change Terminal Server Session properties
CHKDSK Check Disk - memeriksa dan memperbaiki masalah disk
CHKNTFS Periksa sistem file NTFS
CHOICE Accept keyboard input ke sebuah file batch
cipher Encrypt atau Decrypt file / folder
CleanMgr Automated cleanup of Temp file, recycle bin
CLEARMEM Clear memory leaks
CLIP Copy STDIN ke Windows clipboard.
CLS Menghapus layar •
CLUSTER Windows Clustering
CMD Start a new CMD shell
COLOR Mengubah warna dari jendela CMD •
COMP Membandingkan isi dari dua file atau set file
COMPACT Compress file atau folder pada partisi NTFS individu
Compress Compress file pada partisi NTFS
CON2PRT Menghubungkan atau memutuskan sambungan Printer
CONVERT Convert FAT drive NTFS.
COPY Menyalin satu atau lebih file ke lokasi lain •
CSCcmd Klien -side caching (Offline Files)
CSVDE Impor atau Ekspor Active Directory data
DATE Tampilan atau mengatur tanggal •

Defrag Defragment hard drive
DEL Menghapus satu atau lebih file •
DELPROF Hapus profil pengguna NT
DELTREE Menghapus folder dan semua subfolder
DevCon Device Manager Command Line Utility
DIR Menampilkan daftar file dan folder •
DIRUSE Tampilkan penggunaan disk
DISKCOMP Bandingkan isi dua disket
diskcopy Menyalin isi dari satu floppy disk untuk lain
DISKPART Administrasi
DNSSTAT DNS Disk Statistik
DOSKEY Edit baris perintah, ingat perintah, dan membuat macro
DSADD menambah pengguna (komputer, group ..) ke direktori aktif
DSQUERY item dalam direktori aktif
DSMOD Ubah user (computer, group ..) di direktori aktif
DSRM Hapus item dari Active Directory
ECHO Menampilkan pesan di layar •

ENDLOCAL Akhir lokalisasi dari perubahan lingkungan dalam sebuah file
batch
ERASE Menghapus satu atau lebih file •
EVENTCREATE Tambahkan pesan ke Windows event log
EXIT Keluar dari skrip arus / rutin dan menetapkan errorlevel •
EXPAND uncompress file “BUKA”
ekstrak file CAB uncompress
FC Bandingkan dua file

FIND Mencari string teks dalam sebuah file
FINDSTR Mencari string dalam file
FOR / F Loop command: terhadap satu set file •
FOR / F Loop command: terhadap hasil perintah lain •
FOR Loop command: all options Files, Directory, List •
FORFILES proses Batch beberapa file
FORMAT Format disk Periksa
FREEDISK free disk space ( dalam bytes)
FSUTIL File dan Volume utilities
FTP File Transfer Protocol
FTYPE Tampilkan atau mengubah tipe file yang digunakan dalam
Asosiasi ekstensi file
GLOBAL Display keanggotaan kelompok global

GOTO langsung sebuah program batch untuk melompat ke baris
berlabel
GPUPDATE pengaturan Kebijakan Grup Update
HELP Bantuan Online
iCACLS Ubah hak akses file dan folder

IF kondisional melakukan perintah
IFMEMBER Apakah pengguna saat ini dalam sebuah NT Workgroup
IPCONFIG Configure IP
KILL Remove program dari memori l

LABEL Edit a disk label
LOCAL Display keanggotaan kelompok-kelompok lokal
LOGEVENT Menulis teks untuk penampil acara PB
logoff user log off
LOGTIME log tanggal dan waktu pada file
MAPISEND Kirim email dari baris perintah

MBSAcli Baseline Security Analyzer.
MEM Display penggunaan memori
MD Buat folder baru
MKLINK Buat link simbolik (linkd)
MODE Configure perangkat sistem
MORE Display output, satu layar pada satu waktu
MOUNTVOL Mengatur volume mount point
MOVE Move file dari satu folder ke yang lain
MOVEUSER Pindah pengguna dari satu domain ke domain lain
MSG Send a message
MSIEXEC Microsoft Windows Installer
MSINFO Windows NT diagnostics
MSTSC Terminal Server Connection (Remote Desktop Protocol)
MUNGE Cari dan Ganti teks dalam file (s)
MV Copy in-menggunakan file
NET Mengelola sumber daya jaringan

NETDOM Domain Manager
netsh Configure Network Interfaces, Windows Firewall & Remote
akses
NETSVC Command-line Service Controller
NBTSTAT jaringan Tampilan statistics (NetBIOS over TCP / IP)
NETSTAT Display networking statistics (TCP / IP)
NOW Display the current Tanggal dan Waktu
nslookup Name server lookup
NTBACKUP Backup folder ke tape
NTRIGHTS hak akun Edit
PATH Menampilkan atau mengatur search path untuk executable files
PATHPING Trace route plus latensi jaringan dan packet loss
PAUSE Suspend pemrosesan dari sebuah batch file dan menampilkan
pesan
perms Show izin untuk pengguna
PERFMON Monitor Kinerja
PING Menguji koneksi jaringan
POPD Mengembalikan nilai sebelumnya dari direktori sekarang yang
disimpan oleh PUSHD•
PORTQRY Tampilan status pelabuhan dan jasa
powercfg Mengkonfigurasi pengaturan daya
PRINT Mencetak file teks
PRNCNFG Display, mengkonfigurasi atau mengubah nama printer
PRNMNGR Tambah, menghapus, daftar printer menetapkan printer
standar
PROMPT Mengubah command prompt •
PsExec proses Execute remote
PsFile Tampilkan file yang dibuka dari jarak jauh
PsGetSid Menampilkan SID sebuah komputer atau pengguna
PsInfo List informasi tentang sebuah sistem
PsKill proses Membunuh proses berdasarkan nama atau ID
PsList Daftar informasi rinci tentang proses-proses
PsLoggedOn Who's logged on (lokal atau melalui resource sharing)
PsLogList Event catatan log
PsPasswd Ubah sandi account
PsService View dan mengatur layanan
PsShutdown Shutdown atau reboot komputer
PsSuspend proses Suspend
PUSHD Simpan dan kemudian mengubah direktori sekarang •
QGREP Cari file (s) untuk baris yang cocok dengan pola tertentu.
RASDIAL Mengelola koneksi RAS

RASPHONE Mengelola koneksi RAS
Recover Recover file yang rusak dari disk yang rusak.
REG Registry: Read, Set, Export, dan nilai-nilai kunci Hapus
REGEDIT Impor atau ekspor pengaturan registri
regsvr32 Register or unregister DLL
REGINI Change Registry Permissions
REM Record komentar (komentar) dalam sebuah file batch •
REN Mengganti nama file atau file •
REPLACE Ganti atau memperbarui satu file dengan yang lain
RD Hapus folder (s) •
RMTSHARE Share folder atau printer yang
Robocopy Robust File dan Folder Copy
ROUTE Memanipulasi tabel routing jaringan
RUNAS Jalankan program di bawah account pengguna yang berbeda
RUNDLL32 Jalankan perintah DLL ( add / remove print connections)
SC Control Layanan
SCHTASKS Jadwal untuk menjalankan perintah pada waktu tertentu
SCLIST Tampilan NT Layanan
SET Display, set, atau menghapus variabel lingkungan •
SETLOCAL Pengendalian lingkungan visibilitas variabel •
SETX Set variabel lingkungan secara permanen
SFC Sistem File checker
SAHAM Daftar atau mengedit file atau mencetak berbagi berbagi
SHIFT Shift posisi digantikan parameter dalam sebuah file batch
SHORTCUT jendela Buat shortcut (. LNK file) “Pintas”
SHOWGRPS Daftar NT Workgroups seorang pengguna telah bergabung
SHOWMBRS Daftar Pengguna yang menjadi anggota sebuah Workgroup
SHUTDOWN Shutdown komputer
Sleep Tunggu untuk x detik
SLMGR Software Licensing Management (Vista/2008)
SOON Jadwal perintah untuk menjalankan dalam waktu dekat
SORT Sort input
START Start a program atau perintah dalam jendela terpisah •
SU Switch User
SUBINACL Edit file dan folder Permissions, Kepemilikan dan Domain
SUBST Associate path dengan huruf drive
systeminfo konfigurasi sistem Daftar
TASKLIST Daftar menjalankan aplikasi dan layanan yang berjalan

TASKKILL Hapus proses dari memori
TIME Tampilan atau mengatur waktu sistem •
TIMEOUT Delay pemrosesan dari sebuah batch file
TITLE Set judul jendela untuk sesi cmd.exe •
TLIST daftar Tugas dengan path lengkap
TOUCH Change file timestamps
tracert Trace route to a remote host
TREE Graphical tampilan struktur folder
TYPE Menampilkan isi dari sebuah file teks •
USRSTAT Daftar domain nama pengguna dan login terakhir
VER informasi versi Tampilan •

VERIFY verifikasi bahwa berkas telah disimpan •
VOL Display a disk label •
WHERE Cari dan menampilkan file dalam pohon direktori

whoami Keluaran UserName saat ini dan manajemen domain
WINDIFF Membandingkan isi dua file atau set file
WINMSD Windows diagnostik sistem
WINMSDP sistem Windows diagnostik II
WMIC WMI Commands x
XCACLS Ubah hak akses file dan folder
XCOPY Menyalin file dan folder
:: Komentar / Catatan
Disadur dari : http://ss64.com/nt/
ADDUSERS.exe (Resource Kit)

Automate the creation of a large number of users
Syntax
Create Users:
AddUsers /c filename [/s:x] [/?] Domain Password_options
Dump to file:
AddUsers /d{:u} filename [/s:x] [/?] Domain Password_options
Erase Users:
AddUsers /e filename [/s:x] [/?] Domain Password_options
key
 Filename - The comma-delimited file that AddUsers uses for data.
/s:x - Change the delimiter character used in filename to x.

e.g. /s:~ would make the delimiter "~"
 Domain - Query the Primary Domain Controller (PDC) of domain.

You can also use \\Servername to specify the machine where user accounts are created or
read. AddUsers will use the local computer by default (if you do not specify Domain)
/c - Create user accounts, local groups, and global groups as specified by filename.
/d{:u}
- Dump user accounts, local groups, and global groups to filename.
The (:u) is an optional switch that causes current accounts to be written to the specified file in
Unicode text format. Choosing to dump current user accounts does not save the account's
passwords or any security information for the accounts.
Note: Password information is not saved in a user account dump and if you use the same file to
create accounts, all passwords of newly created accounts will be empty. To back up security
information for accounts, use a Tape Backup.
/e - Erase the user accounts specified in the file name.
CAUTION: Be careful when erasing user accounts, as it is not possible to recreate an account
with the same SID. This option will not erase built-in accounts.
 Password_options
/p: - Set account creation options, used along with any combination of the following:
* l - Users do not have to change passwords at next logon.
* c - Users cannot change passwords.
* e - Passwords never expire. (implies l option)
* d - Accounts disabled.
By default, all created users are required to change their password at logon.
Create a comma-delimited text file, which contains the new users to be created. Following the Syntax as
follows: [Users]
User Name,Full name, Password, Description, HomeDrive, Homepath, Profile, Script
Save the file as C:\Users.txt and execute the command
AddUsers MyDomain /c c:\Users.txt /p:e
ATTRIB.exe
Display or change file attributes. Find Filenames.
Syntax
ATTRIB [ + attribute | - attribute ] [pathname] [/S [/D]]
Key
+ : Turn an attribute ON
- : Clear an attribute OFF
pathname : Drive and/or filename e.g. C:\*.txt

/S : Search the pathname including all subfolders.
/D : Process folders as well
attributes:
R Read-only (1)
H Hidden (2)
A Archive (32)
S System (4)
extended attributes:
E Encrypted
C Compressed (128:read-only)
I Not content-indexed
L Symbolic link/Junction (64:read-only)
N Normal (0: cannot be used for file selection)
O Offline
P Sparse file
T Temporary
The numeric values may be used when changing attributes with VBS/WSH If no attribute is specified attrib
will return the current attribute settings. Used with just the /S option ATTRIB will quickly search for a
particular filename.
Hidden and System attributes take priority.
If a file has both the Hidden and System attributes set, you can clear both attributes only with a single
ATTRIB command.
For example, to clear the Hidden and System attributes for the RECORD.TXT file, you would type:
ATTRIB -S -H RECORD.TXT
File Attributes
You can use wildcards (? and *) with the filename parameter to display or change the attributes for a group
of files.
Remember that, if a file has the System or Hidden attribute set, you must clear that attribute before you can
change any other attributes.
Directory Attributes
You can display or change the attributes for a directory/folder. To use ATTRIB with a directory, you must
explicitly specify the directory name; you cannot use wildcards to work with directories.
For example, to hide the directory C:\SECRET, you would type the following:
ATTRIB +H C:\SECRET
The following command would affect only files, not directories: ATTRIB +H C:*.*
The Read-only attribute for a folder is generally ignored by applications, however the Read-only and System
attributes are used by Windows Explorer to determine whether the folder is a special folder, such as My
Documents, Favorites, Fonts, etc.
Setting the Read-Only attribute on a folder can affect performance, particularly on shared drives because
Windows Explorer will be forced to request the Desktop.ini of every sub-folder to see if any special folder
settings need to be set.
Viewing archive attributes
The Archive attribute (A) is used to mark files that have changed since they were previously backed up. The
(A) flag is automatically updated by Windows as the file is saved.
If the (A) flag is present - the file is new or has been changed since the last backup.
The MSBACKUP, RESTORE, and XCOPY commands use these Archive attributes, as do many (but not all) 3rd
party backup solutions.
Constants - the following attribute values are returned by the GetFileAttributes function:
FILE_ATTRIBUTE_READONLY = 1
FILE_ATTRIBUTE_HIDDEN = 2
FILE_ATTRIBUTE_SYSTEM = 4
FILE_ATTRIBUTE_DIRECTORY = 16
FILE_ATTRIBUTE_ARCHIVE = 32
FILE_ATTRIBUTE_ENCRYPTED = 64
FILE_ATTRIBUTE_NORMAL = 128
FILE_ATTRIBUTE_TEMPORARY = 256
FILE_ATTRIBUTE_SPARSE_FILE = 512
FILE_ATTRIBUTE_REPARSE_POINT = 1024
FILE_ATTRIBUTE_COMPRESSED = 2048
FILE_ATTRIBUTE_OFFLINE = 4096
FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = 8192
"The moral sense of conscience is by far the most important.. it is the most noble of all the attributes of man"
- Charles Darwin
BOOTCFG.exe
Edit the Windows boot settings stored in Boot.ini
Syntax
BOOTCFG /addsw Add OS load options for an OS entry in boot.ini
BOOTCFG /copy Duplicate the entries for an OS instance.
BOOTCFG /dbg1394 Configure 1394 port debugging
BOOTCFG /debug Edit the debug settings for an OS.
BOOTCFG /default Specify the default OS
BOOTCFG /delete Delete an OS entry [operating systems] section of Boot.ini
BOOTCFG /ems Redirect the EMS console to a remote computer (server only).
(Emergency Management Services)
BOOTCFG /list List entries in boot.ini
BOOTCFG /query Display section entries from Boot.ini
BOOTCFG /raw Add OS load options, specified as a string
BOOTCFG /rebuild Totally rebuild boot.ini (use when Windows won't start)
BOOTCFG /rmsw Remove OS load options for an OS
BOOTCFG /timeout Change the OS time-out value.
Detailed options for all the above are available from BOOTCFG /? Items in bold are only available from the
recovery console
Default identification strings:

OS Load Options = /Fastdetect
Load Identifier = Microsoft Windows XP Professional
If you intend to rebuild the boot.ini file, delete it first - boot into the recovery console then:
ATTRIB -H -R -S C:\Boot.ini
DEL C:\Boot.ini
Bootcfg /Rebuild
Fixboot
CHKDSK.EXE
Check Disk - check and repair disk problems
Syntax
CHKDSK [drive:][[path]filename] [/F] [/V] [/R] [/L[:size]]
Key
[drive:] The drive to check.
filename File(s) to check for fragmentation (FAT only).
/F Automatically Fix file system errors on the disk.

/X Fix file system errors on the disk, (Win2003 and above) dismounts the volume first, closing all
open file handles.
/R Scan for and attempt Recovery of bad sectors.
/V Display the full path and name of every file on the disk.
/L:size NTFS only: change the log file size to the specified number of kilobytes. If size is not specified,
displays the current log size and the drive type (FAT or NTFS).
/C Skip directory corruption checks.
/I Skip corruption checks that compare directory entries to the file record segment (FRS) in the
volume's master file table (MFT)
Example:
CHKDSK C: /F
Fixing Errors /F
If the drive is the boot partition, you will be prompted to run the check during the next boot If you specify
the /f switch, chkdsk will show an error if open files are found on the disk.
Chkdsk /f will lock the volume, making data unavailable until chkdsk is finished. If you use chkdsk /f on a
disk with a very large number of files (millions), chkdsk may take a long time to complete.
When you delete a file or folder that has 'custom' permissions, the ACL is not deleted, it is cached. Chkdsk /f
will remove ACLs that are no longer used. This is often the cause of the rather worrying message: "Windows
found problems with the file system. Run chkdsk with the /F (fix) option to correct these."
It is normal for chkdsk /F to remove unused index entries and unused security descriptors every time you
run it, these do not indicate a problem with the file system.
Scan only (without /f switch)
If a file needs to be fixed chkdsk will alert you with a message but will not fix the error(s).
chkdsk may report lost allocation units on the disk - it will produce this report even if the files are in-use
(open). If corruption is found, consider closing all files and repairing the disk with /F.
Running chkdsk on a data volume that is in use by another program or process may incorrectly report errors
when none are present. To avoid this, close all programs or processes that have open handles to the volume.
On computers running Windows 2003 SP1, chkdsk automatically creates a shadow copy, so you can check
volumes that are 'in use' by another program or process. This enables an accurate report against a live file
server. On earlier versions of Windows, chkdsk would always lock the volume, making data unavailable.
Run at Bootup
Running at bootup is often the easiest way to close all open file handles.
Use the GUI, chkntfs or the FSUTIL dirty commands to set or query the volumes 'dirty' bit so that Windows
will run chkdsk when the computer is restarted.
Event Logs
Chkdsk will log error messages in the Event Viewer - System Log.
Chkdsk /f removes ACLs that are no longer used and reports this in the Event Viewer - Application Log.
Cluster (or block) Size
CHKDSK produces a report that shows the the block /cluster size
typically: "4096 bytes in each allocation unit."
When the cluster size is greater than 4 KB on an NTFS volume, none of the NTFS compression functions are
available.
Exit codes
0 No errors were found

1 Errors were found and fixed.
2 Could not check the disk, did not or could not fix errors.
Notes:
Consider the time required to run Chkdsk to repair any errors that occur. Chkdsk times are determined by
the number of files on the volume and by the number of files in the largest folder. Chkdsk performance
under Windows 2003 is around 30% faster than previous versions.
To issue chkdsk on a hard drive you must be a member of the Administrators group.
When CHKDSK is set to run at boot-up there is a delay to allow the check to be cancelled - this can be
configured in the registry:
HKLM\System\CurrentControlSet\Control\Session Manager
REG_DWORD:AutoChkTimeOutData
The value is the time in seconds that you want CHKDSK to wait (0 = no delay) default is 10 seconds.
"The file system structure on the disk is corrupt and unusable"
"I either want less corruption, or more chance to participate in it" - Ashleigh Brilliant
CHKNTFS.exe
Check the NTFS file system with CHKDSK
Syntax
CHKNTFS drive: [...]
CHKNTFS /C drive: [...]
CHKNTFS /X drive: [...]
CHKNTFS /t[:Time]
CHKNTFS /D
Key
drive : Specifies a drive letter.
/C : Check - schedules chkdsk to be run at the next reboot

/X : Exclude a drive from the default boot-time check. Excluded drives are not accumulated between
command invocations.
/T : Change the Autochk.exe initiation countdown time (time in seconds) If you don't specify Time:
displays the current countdown time.
/D : Restore the machine to the default behavior; all drives are checked at boot time and chkdsk is run
on those that are dirty. This undoes the effect of the /X option.
If no switches are specified, CHKNTFS will display the status of the dirty bit for each drive. /T option is new
in Win XP
"I don't make no dirty movements" - Elvis
CMD.exe
Start a new CMD shell
Syntax
CMD [charset] [options] [My_Command]
Options
/C Carries out My_Command and then terminates
/K Carries out My_Command but remains
My_Command : The NT command, program or batch script to be run. This can even be several commands
separated with '&&' (the whole should also be surrounded by "quotes")
/T:fg Sets the foreground/background colours

/X Enable extensions to CMD.EXE under Windows 2000 you can also use /E:ON
/Y Disable extensions to CMD.EXE under Windows 2000 you can also use /E:OFF
/A Output ANSI Characters
/U Output UNICODE Characters
These 2 swiches are useful when piping or redirecting to a file Most common text files under
WinNT are ANSI, use these switches when you need to convert the character set.
more below
Win2K / XP switches
The CMD switches below were first introduced with Windows 2000
/D Ignore registry AutoRun commands

HKLM | HKCU \Software\Microsoft\Command Processor\AutoRun
/F:ON Enable auto-completion of pathnames entered at the CMD prompt
/F:OFF Disable auto-completion of pathnames entered at the CMD prompt (default)
At the command prompt Ctrl-D gives folder name completion and Ctrl-F gives file and folder name
completion.
These ctrl keys build up a list of paths that match and display the first matching path. Thereafter, repeated
pressing of the same control key will cycle through the list of matching paths. Pressing SHIFT with the
control key will move through the list backwards.
/Q Turn echo off
/S Strip quote characters from the command_line
/V:ON Enable delayed environment variable expansion this allows a FOR loop to specify !variable! instead
of %variable% expanding the variable at execution time instead of at input time.
/V:OFF Disable delayed environment expansion.
Environment expansion preference can be set permanently in the registry

HKLM | HKCU \Software\Microsoft\Command Processor\DelayedExpansion
Set to either 0x1 or 0x0
/knetdiag /debug
/knetdiag /fix
The knetdiag switches are undocumented and work in XP only they list and (may) fix these networking
issues. If /C or /K is specified, then the remainder of the command line is processed as an immediate
command in the new shell. Multiple commands separated by the command separator '&&' are accepted if
surrounded by quotes.
The following logic is used to process quote (") characters:
1. If all of the following conditions are met, then quote characters

on the command line are preserved:
- no /S switch
- exactly two quote characters
- no special characters between the two quote characters,
where special is one of: &<>()@^|
- there are one or more whitespace characters between the
the two quote characters
- the string between the two quote characters is the name
of an executable file.
2. Otherwise, old behavior is to see if the first character is

a quote character and if so, strip the leading character and
remove the last quote character on the command line, preserving
any text after the last quote character.
Command.com vs cmd.exe
All the commands on these pages assume you are running the 32 bit command line (cmd.exe)
CMD.exe is the NT/XP equivalent of Command.com in previous operating systems. The older 16 bit
command processor command.com is supplied to provide backward compatibility for 16 bit DOS
applications. e.g. command.com will fail to set %errorlevel% after certain commands.
To ensure that a batch file will not run if accidentally copied to a Windows 95/98 machine you should use
the extension .CMD rather than .BAT
The COMSPEC environment variable will show if you are running CMD.EXE or command.com
Subject to licensing issues, it is possible to run the Windows 2000 or Win XP version of CMD.EXE under NT.
This is not true of all commands, e.g. any command that involves NTFS disk access (such as cacls) should not
be moved between OS versions.
Opening CMD from Windows Explorer
You can open a new CMD prompt by choosing START, RUN, cmd, OK
Registry Keys:
;Allow UNC paths at command prompt

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor]
"DisableUNCCheck"=dword:00000001
; Run a command when CMD.exe starts

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"AutoRun"=-
; Activate Automatic Completion

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
"CompletionChar"=0x9
Previous Commands
Pressing the UP arrow will list previous commands entered at the command prompt. Other DOSKEY function
keys are loaded by default (F7, F8, F9)
Copy and Paste
To simplify the use of cut and paste at the Command Prompt, enable QuickEdit mode as follows:
Activate the control menu at the top left of the current cmd window, go to Properties, Options tab and then
tick against QuickEdit Mode.
Now you can select text with the mouse and hit Enter (or right click) to copy it to the clipboard. Paste
anywhere using Control+V (or Right Click) or via the menu.
ESC will cancel any selection and return to editing mode. When copying between windows, you may need
one click to select the window and a second click to paste.
Using CMD in a batch script
In a batch script CMD will start a new instance of CMD.exe which will appear in the same window. The EXIT
command will close the second CMD instance and return to the previous shell.
A method of calling one Batch script from another is to run a command like
CMD /c C:\docs\myscript.cmd
The output of CMD can be redirected into a text file. Notice that where CMD /c is used, the EXIT command is
not required.
The environment Variable %CMDCMDLINE% will expand into the original command line passed to CMD.EXE
Pausing a batch script

Execution of any batch script can be paused by pressing CTRL-S
This also works for pausing a single command such as a DIR listing
Pressing any key will resume the operation.
Stopping a batch script from running

Execution of any batch script can be stopped by pressing CTRL-C
If one batch file CALLs another batch file CTRL-C will exit both batch scripts.
If CMD /c is used to call one batch file from another then CTRL-C will cause only one of the batch scripts to
terminate. (see also EXIT)
Long Commands
Under Windows NT, the command line is limited to 256 characters.
Under Windows 2000, the command line is limited to 2046 characters.
Under Windows XP, the command line is limited to 8190 characters.
For all OS's NTFS and FAT allows pathnames of up to 260 characters.
A workaround for the limited pathname length is to prefix \\?\

for example:
\\?\C:\TEMP\Long_Directory\Long_Filename.txt
The above limits are often encountered when using long share names or drag and dropping files onto a batch
script.
Full Screen
The key combination ALT and ENTER will switch a CMD window to full screen mode. press ALT and ENTER
again to return to a normal Window.
Command Extensions
Much of the functionality of CMD.exe can be disabled - this will affect all the internal commands, Command
Extensions are enabled by default. This is controlled by setting a value in the registry:
HKCU\Software\Microsoft\Command Processor\EnableExtensions Alternatively under Win XP you can run
CMD /e:on or CMD /e:off
"Those who can command themselves, command others" - Hazlitt
COPY
Copy one or more files to another location
Syntax
COPY source destination [options]
COPY source1 + source2.. destination [options]
Key
source : Pathname for the file or files to be copied.
/A : ASCII text file (default)
/B : Binary file copy - will copy extended characters.
destination : Pathname for the new file(s).
V : Verify that the new files were written correctly

/N : If at all possible, use only a short filename (8.3) when creating a destination file. This may be
necessary when copying between disks that are formatted differently e.g NTFS and VFAT, or when
archiving data to an ISO9660 CDROM
/Z : Copy files in restartable mode. If the copy is interrupted part way through, it will restart if
possible. (use on slow networks)
/Y : Suppress confirmation prompt (Windows 2000 only)
/-Y : Enable confirmation prompt (Windows 2000 only)
Prompt to overwrite destination file
NT 4 will overwrite destination files without any prompt, Windows 2000 and above will prompt unless the
COPY command is being executed from within a batch script.
To force the overwriting of destination files under both NT4 and Windows2000 use the COPYCMD
environment variable:
SET COPYCMD=/Y
This will turn off the prompt in Win2000 and will be ignored by NT4 (which overwrites by default)
Binary copies
"COPY /B ... " will copy all the files in binary mode , you can also put /B after any one file to copy just that file
in binary.
Combine files
To combine files, specify a single file for the destination, but multiple files as the source. To specify more
than one file use wildcards or list the files with a + in between each (file1+file2+file3)
When copying multiple files in this way the first file must exist or else the copy will fail, a workaround for
this is COPY null + file1 + file2 dest1
COPY will accept UNC pathnames
Copy from the console (accept user input)
COPY CON filename.txt

Then type the input text followed by ^Z (Control key & Z)
To do this in Powershell use the following function:
function copycon {
[system.console]::in.readtoend()
}
Examples:
In the current folder

COPY oldfile.doc newfile.doc
Copy from a different folder/directory:

COPY "C:\my work\some file.doc" "D:\New docs\newfile.doc"
Specify the source only, with a wildcard will copy all the files into the current directory:
COPY "C:\my work\*.doc"
Specify the source with a wildcard and the destination as a single file, this is generally only useful with plain
text files.
COPY "C:\my work\*.txt" "D:\New docs\combined.txt"
Quiet copy (no feedback on screen)

COPY oldfile.doc newfile.doc >nul
"Success seems to be connected with action. Successful men keep moving. They make mistakes, but they don't
quit" - Conrad Hilton
DEFRAG (Windows XP)
Defragment hard drive.
Syntax
DEFRAG <volume> [-a] [-f] [-v] [-?]
Options
volume drive letter or mount point (d: or d:\vol\mountpoint)
-a Analyze only
-f Force defragmentation even if free space is low
-v Verbose output
Example:
DEFRAG c: -f
DEL
Delete one or more files.
Syntax
DEL [options] [/A:file_attributes] files_to_delete
Key
files_to_delete : This may be a filename, a list of files or a Wildcard
options
/P Give a Yes/No Prompt before deleting.
/F Ignore read-only setting and delete anyway (FORCE)
/S Delete from all Subfolders (DELTREE)
/Q Quiet mode, do not give a Yes/No Prompt before deleting.
/A Select files to delete based on file_attributes
file_attributes:
R Read-only -R NOT Read-only
S System -S NOT System
H Hidden -H NOT Hidden
A Archive -A NOT Archive
Wildcards: These can be combined with part of a filename
* Match any characters

? Match any ONE character
Examples:
To delete HelloWorld.TXT
DEL HelloWorld.TXT
To delete "Hello Big World.TXT"

DEL "Hello Big World.TXT"
To delete all files that start with the letter A

DEL A*
To delete all files that end with the letter A

DEL *A.*
To delete all files with a .DOC extension

DEL *.DOC
To delete all read only files

DEL /a:R *
To delete all files including any that are read only
DEL /F *
Folders
If a folder name is given instead of a file, all files in the folder will be deleted, but the folder itself will not be
removed.
Temporary Files
You should clear out TEMP files on a regular basis - this is best done at startup when no applications are
running. To delete all files in all subfolders of C:\temp\ but leave the folder structure intact:
DEL /F /S /Q %TEMP%
When clearing out the TEMP directory it is not generally worthwhile removing the subfolders too - they
don't use much space and constantly deleting and recreating them can potentially increase fragmentation
within the Master File Table.
Deleting a file will not prevent third party utilities from un-deleting it again, however you can turn any file
into a zero-byte file to destroy the file allocation chain like this:
TYPE nul > C:\examples\MyFile.txt

DEL C:\examples\MyFile.txt
Undeletable Files
Files are sometimes created with the very long filenames or reserved names: CON, AUX, COM1, COM2, COM3,
COM4, LPT1, LPT2, LPT3, PRN, NUL
To delete these use the syntax: DEL \\.\C:\somedir\LPT1
Alternatively SUBST a drive letter to the folder containing the file.
If a file (or folder) still appears to be 'undeletable' this is often caused by the indexing service.
Right click the file you need to delete, choose properties, advanced and untick "allow indexing" you will then
be able to delete the file. To cure the problem permanently - Control Panel, Add/Remove programs, Win
Accessories, indexing service.
DIR
Display a list of files and subfolders
Syntax
DIR [pathname(s)] [display_format] [file_attributes] [sorted] [time] [options]
Key
[pathname] The drive, folder, and/or files to display, this can include wildcards:
* Match any characters

? Match any ONE character
[display_format]
/P Pause after each screen of data.
/W Wide List format, sorted horizontally.
/D Wide List format, sorted by vertical column.
[file_attributes] /A:
/A:D Folder /A:-D NOT Folder

/A:R Read-only /A:-R NOT Read-only
/A:H Hidden /A:-H NOT Hidden
/A:A Archive /A:-A NOT Archive
/A Show all files
several attributes may be combined e.g. /A:HD-R
[sorted] Sorted by /O:
/O:N Name /O:-N Name

/O:S file Size /O:-S file Size
/O:E file Extension /O:-E file Extension
/O:D Date & time /O:-D Date & time
/O:G Group folders first /O:-G Group folders last
several attributes may be combined e.g. /O:GEN
[time] /T: the time field to display & use for sorting
/T:C Creation
/T:A Last Access
/T:W Last Written (default)
[options]
/S include all subfolders.
/R Display alternate data streams. (Vista only)
/B Bare format (no heading, file sizes or summary).
/L use Lowercase.
/Q Display the owner of the file.
/N long list format where filenames are on the far right.
/X As for /N but with the short filenames included.
/C Include thousand separator in file sizes.
/-C don't include thousand separator in file sizes.
/4 Display four-digit years
The switches above may be preset by adding them to an environment variable called DIRCMD.
For example: SET DIRCMD=/O:N /S
Override any preset DIRCMD switches by prefixing the switch with -

For example: DIR *.* /-S
Upper and Lower Case filenames:

Filenames longer than 8 characters - will always display the filename with mixed case as entered.
Filenames shorter than 8 characters - may display the filename in upper or lower case - this may vary from
one client to another (registry setting)
To obtain a bare DIR format (no heading or footer info) but retain all the details, pipe the output of DIR into
FIND, this assumes that your date separator is /
DIR c:\temp\*.* | FIND "/"
FOR /f "tokens=*" %%G IN ('dir c:\temp\*.* ^| find "/"') DO echo %%G
Normally DIR /b will return just the filename, however when displaying subfolders with DIR /b /s the
command will return a full pathname. Checking filesize during a download (to monitor progress of a large
download)
TYPE file_being_downloaded >NUL

DIR file_being_downloaded
Since TYPE won't lock the file_being_downloaded in any way, this doesn't pose a threat to the download
itself.
"There it was, hidden in alphabetical order" - Rita Holt
DISKCOPY.com
Copy the content of one floppy disk to another.
Syntax
DISKCOPY flopppy_drive1: floppy_drive2: [/V]
Key
/V Verify that the information was copied correctly.
The two disks must be the same type,

e.g. both 1.44 Mb or both 720 K
If you specify the same drive letter for floppy_drive1 and floppy_drive2 - you will be prompted to enter each
disk.
DISKCOMP A: A:
"The great secret that all old people share is that you really haven't changed in seventy or eighty years. Your
body changes, but you don't change at all. And that, of course, causes great confusion." - Doris Lessing
EXIT
Quit the current batch script, quit the current subroutine or quit the command processor (CMD.EXE)
optionally setting an errorlevel code.
Syntax
EXIT [/B] [exitCode]
Key
/B When used in a batch script, this option will exit only the script (or subroutine) but not
CMD.EXE
exitCode Sets the %ERRORLEVEL% to a numeric number. If quitting CMD.EXE, set the process exit code no.
You should never attempt to directly write to the %errorlevel% variable, (i.e. don't try anything like SET
errorlevel...) using the EXIT command provides a safe way to alter the value of the built-in errorlevel
variable.
EXPAND
Uncompress one or more compressed files.
Syntax
EXTRACT [options] CAB_file [filenames]
Key
CAB_file : Cabinet file
filenames : Name of the file to extract from the cabinet Wild cards (*.*) (.) and multiple files are valid
options
/A Process ALL cabinets. (where CABs are linked)

/C If the CAB contains one file then /C will copy from DMF disks
/D Display CAB directory
/E Extract all (use instead of *.* to extract all files)
/L dir Location to place extracted files (default is current folder)
/Y Overwrite files without any prompt
FC.exe
Compare the contents of two files or sets of files. Display any lines which do NOT match.
Syntax
FC /B pathname1 pathname2
FC [options] pathname1 pathname2
Key
/B : Perform a binary comparison.
options
/C : Do a case insensitive string comparison
/A : Displays only first and last lines for each set of differences.
/U : Compare files as UNICODE text files.
/L : Compares files as ASCII text. (default)
/N : Display line numbers (ASCII only)
/LBn : Limit the number of lines that will be read, "n" sets a maximum number of mismatches
after which the File Comparison will abort (resync failed)
When FC aborts (resync failed) then "n" number of mismatches will be shown.
/nnnn : Specify a number of consecutive lines that must match after a mismatch.
This can be used to prevent the display of the two files from getting too out of sync
/T : Do not expand tabs to spaces.
/W : Compress white space (tabs and spaces) for comparison.
To compare sets of files, use wildcards in pathname1 and pathname2 parameters.
Powershell also has an Alias FC for the Format-Custom command, therefore to run the 'old' FC under
powershell you need to explicitly run C:\windows\system32\fc.exe
To identify 2 identical files use this syntax:
FC file1.txt file2.txt | FIND "FC: no dif" > nul

IF ERRORLEVEL 1 goto :s_files_are_different
FORMAT.com
Format a disk for use with Windows.
Syntax
FORMAT drive: [/FS:file-system] [/V:label] [/Q] [size] [/C]
Key
/FS:file-system The file system (FAT or NTFS). The NTFS file system does not function on
floppy disks.
/V:label The volume label.
/Q Quick format.
/C Compression - files added to the new disk will be compressed.
[size] may be defined either with /F:size or /A:size
/F:size size is the size of the floppy disk (720, 1.2, 1.44, 2.88, or 20.8).
/A:size Allocation unit size.

Default settings (via /F) are strongly recommended for general use.
NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
FAT supports 8192, 16K, 32K, 64K, 128K, 256K.
NTFS compression is not supported for allocation units above 4096.
Example
@echo off
Echo Warning this will reformat the entire D: disk!
PAUSE
format D: /FS:NTFS /x
"The disks had a recording density of 1,100 bits per inch, and could move data out of the drive at 77 kilobytes
per second" - Early hard drive specs.
FTP
File Transfer Protocol
Syntax
FTP [-options] [-s:filename] [-w:buffer] [host]
key
-s:filename Run a text file containing FTP commands.
host Host name or IP address of the remote host.
-g Disable filename wildcards.
-n No auto-login.
-i No interactive prompts during ftp.
-v Hide remote server responses.
-w:buffer Set buffer size to buffer (default=4096)
-d Debug
-a Use any local interface when binding data connection.
Commands to run at the FTP: prompt
append local-file [remote-file] Append a local file to a file on the remote computer.
ascii Set the file transfer type to ASCII, the default. In ASCII text mode, character-set and end-of-line
characters are converted as necessary.
bell Toggle a bell to ring after each command. By default, the bell is off.
binary Set the file transfer type to binary. Use `Binary' for transferring executable program files or binary
data files e.g. Oracle
bye End the FTP session and exit ftp
cd Change the working directory on the remote host.
close End the FTP session and return to the cmd prompt.
debug Toggle debugging. When debug is on, FTP will display every command.
delete remote-file Delete file on remote host.
dir [remote-directory] [local-file] List a remote directory's files and subdirectories. (or save the listing
to local-file)
disconnect Disconnect from the remote host, retaining the ftp prompt.
get remote-file [local-file] Copy a remote file to the local PC.
glob Toggle the use of wildcard characters in local pathnames. By default, globbing is on.
hash Toggle printing a hash (#) for each 2K data block transferred. By default, hash mark printing is off.
help [command] Display help for ftp command.
lcd [directory] Change the working directory on the local PC. By default, the working directory is the
directory in which ftp was started.
literal argument [ ...] Send arguments, as-is, to the remote FTP host.
ls [remote-directory] [local-file] List a remote directory's files and folders. (short format)
mdelete remote-files [ ...] Delete files on remote host.
mdir remote-files [ ...] local-file Display a list of a remote directory's files and subdirectories. (or save
the listing to local-file) Mdir allows you to specify multiple files.
mget remote-files [ ...] Copy multiple remote files to the local PC.
mkdir directory Create a directory on the remote host.
mls remote-files [ ...] local-file List a remote directory's files and folders. (short format)
mput local-files [ ...] Copy multiple local files to the remote host.
open computer [port] Connects to the specified FTP server.
prompt Toggle prompting. Ftp prompts during multiple file transfers to allow you to selectively
retrieve or store files; mget and mput transfer all files if prompting is turned off. By
default, prompting is on.
put local-file [remote-file] Copy a local file to the remote host.
Pwd Print Working Directory (current directory on the remote host)
quit End the FTP session with the remote host and exit ftp.
quote argument [ ...] Send arguments, as-is, to the remote FTP host.
recv remote-file [local-file] Copy a remote file to the local PC.
remotehelp [command] Display help for remote commands.
rename filename newfilename Rename remote files.
rmdir directory Delete a remote directory.
send local-file [remote-file] Copy a local file to the remote host.
status Display the current status of FTP connections and toggles.
trace Toggles packet tracing; trace displays the route of each packet
type [type-name] Set or display the file transfer type: `binary' or `ASCII' (the default)
If type-name is not specified, the current type is displayed. ASCII should be used when
transferring text files. In ASCII text mode, character-set and end-of-line characters are
converted as necessary. Use `Binary' for transferring executable files.
user user-name [password] [account] Specifes a user to the remote host.
verbose Toggle verbose mode. By default, verbose is on.
! command Run command on the local PC.
? [command] Display help for ftp command.
Examples
an example FTP Script to retrieve files in binary and then ascii mode:
::GetFiles.ftp
[User_id]
[ftp_password]
binary
get /usr/file1.exe
get file2.html
mget *.jpeg
ascii
mget *.txt
quit
To run the above script:

FTP -s:GetFiles.ftp [hostname]
This will connect as the user:User_id with password:ftp_password
An FTP Script to publish files in binary mode:
::PutFiles.ftp
[User_id]
[ftp_password]
binary
mput *.html
cd images
mput *.gif
quit
To run the above script:

FTP -s:PutFiles.ftp [hostname]
This will connect as the user:User_id with password:ftp_password
Using the Windows GUI for FTP
Windows Explorer (not Internet Explorer) also has a built in FTP client. Type in the address bar:
ftp://username@ftpserver.address.com
you will be prompted for the password.
You can also do
ftp://username:password@ftpserver.address.com
This is not recommended as anyone can read the password.
Secure FTP
Standard FTP does not encrypt passwords - they are sent across the network in plain text. A more secure
method is to use SecureFTP (SFTP) or SecureCopy (SCP) Freeware clients are available e.g. WinSCP
"Only wimps use tape backup: _real_ men just upload their important stuff on ftp, and let the rest of the world
mirror it" - Linus Torvalds
GOTO
Direct a batch program to jump to a labelled line.
Syntax
GOTO label
Key
label : a predefined label in the batch program. Each label must be on a line by itself, beginning
with a colon.
To exit a batch script file or exit a subroutine specify GOTO:eof this will transfer control to the end of the
current batch file, or the end of the current subroutine.
Examples:
IF %1==12 GOTO MySubroutine

Echo the input was NOT 12
goto:eof
:MySubroutine
Echo the input was 12
goto:eof
Use a variable as a label
CHOICE /C:01 /m choose [Y]yes or [N]No

goto s_routine_%ERRORLEVEL%
:s_routine_0
Echo You typed Y for yes
goto:eof
:s_routine_1
Echo You typed N for no
goto:eof
IF
Conditionally perform a command.
File syntax
IF [NOT] EXIST filename command
IF [NOT] EXIST filename (command) ELSE (command)
String syntax
IF [/I] [NOT] item1==item2 command
IF [/I] item1 compare-op item2 command
IF [/I] item1 compare-op item2 (command) ELSE (command)
Error Check Syntax
IF [NOT] DEFINED variable command
IF [NOT] ERRORLEVEL number command
IF CMDEXTVERSION number command
key
item : May be a text string or an environment variable a variable may be modified using either
Substring syntax or Search syntax
command : The command to perform
NOT : perform the command if the condition is false.
== : perform the command if the two strings are equal.
/I : Do a case Insensitive string comparison.
compare-op : may be one of

EQU : equal
NEQ : not equal
LSS : less than <

LEQ : less than or equal <=
GTR : greater than >

GEQ : greater than or equal >=
This 3 digit syntax is necessary because the > and <

are recognised as redirection symbols
IF EXIST filename will return true if the file exists (this is not case sensitive).
IF ERRORLEVEL statements should be read as IF Errorlevel >= number i.e.
IF ERRORLEVEL 0 will return TRUE when the errorlevel is 64
IF ERRORLEVEL 1 will return TRUE when the errorlevel is 2
IF ERRORLEVEL 1 will return FALSE when the errorlevel is 0
Examples:
IF EXIST C:\install.log (echo complete) ELSE (echo failed)

IF DEFINED _department ECHO Got the department variable
IF DEFINED _commission SET /A _salary=%_salary% + %_commission%
IF CMDEXTVERSION 1 GOTO start_process
IF ERRORLEVEL EQU 2 goto sub_problem2
Does %1 exist?
To test for the existence of a command line parameter - use empty brackets like this
IF [%1]==[] ECHO Value Missing

or
IF [%1] EQU [] ECHO Value Missing
In the case of a variable that may be NULL - a null variable will remove the variable definition altogether, so
testing for NULLs becomes easy:
IF NOT DEFINED _example ECHO Value Missing

IF DEFINED will return true if the variable contains any value (even if the value is just a space)
Test the existence of files and folders
IF EXIST name - will detect the existence of a file or a folder - the script empty.cmd will show if the folder is
empty or not.
Brackets
You can improve the readability of a batch script by writing a complex IF...ELSE command over several lines
using brackets e.g. :
IF EXIST filename (
del filename
) ELSE (
echo The file was not found.
)
The IF statement does not use any great intelligence when evaluating Brackets, so for example the command
below will fail:
IF EXIST MyFile.txt (ECHO Some(more)Potatoes)
This version will work:
IF EXIST MyFile.txt (ECHO Some[more]Potatoes)
Testing Numeric values
Do not use brackets or quotes when comparing numeric values

e.g.
IF (2) GEQ (15) echo "bigger"
or
IF "2" GEQ "15" echo "bigger"
These will perform a character comparison and will always echo "bigger"
however the command
IF 2 GEQ 15 echo "bigger"
Will perform a numeric comparison and works as expected - notice that this behaviour is exactly opposite to
the SET /a command where quotes are required.
Any test made using the compare-op syntax will always be a "string" comparison,
so when comparing numbers note that "026" > "26"
Wildcards
Simple wildcards are not supported by IF, so ==SS6* will not match SS64
The workaround is to spoof a wildcard using SET to retrieve the substring

SET _part_name=%COMPUTERNAME:~0,3%
IF NOT %_part_name%==SS6 GOTO they_matched
Pipes
When piping commands, the expression is evaluated from left to right, so
IF... | ... is equivalent to (IF ... ) | ...
you can also use the explicit syntax IF (... | ...)
ERRORLEVEL
To deliberately raise an ERRORLEVEL in a batch script use the EXIT /B command.
It is possible (though not a good idea) to create a string variable called %ERRORLEVEL% (user variable)
if present such a variable will prevent the real ERRORLEVEL (a system variable) from being used by
commands such as ECHO and IF.
To test for the existence of a user variable use SET errorlevel, or IF DEFINED ERRORLEVEL
If Command Extensions are disabled IF will only support direct comparisons: IF ==, IF EXIST, IF
ERRORLEVEL also the system variable CMDEXTVERSION will be disabled.
You see things; and you say 'Why?' But I dream things that never were; and I say 'why not?' - George Bernard
Shaw
IPCONFIG
Configure IP (internet protocol configuration)
Syntax
IPCONFIG /all Display full configuration information.
IPCONFIG /release [adapter] Release the IP address for the specified adapter.
IPCONFIG /renew [adapter] Renew the IP address for the specified adapter.
IPCONFIG /flushdns Purge the DNS Resolver cache.
IPCONFIG /registerdns Refresh all DHCP leases and re-register DNS names.
IPCONFIG /displaydns Display the contents of the DNS Resolver Cache.
IPCONFIG /showclassid adapter Display all the DHCP class IDs allowed for adapter.
IPCONFIG /setclassid adapter [classid] Modify the dhcp class id.
If the Adapter name contains spaces, use quotes: "Adapter Name" wildcard characters * and ? allowed, see
the examples below
The default is to display only the IP address, subnet mask and default gateway for each adapter bound to
TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to
TCP/IP will be released or renewed.
For Setclassid, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information.
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Local Area Connection 1" or
"Local Area Connection 2"
> ipconfig /setclassid "Local Area Connection" TEST
... set the DHCP class ID for the named adapter to = TEST
"Life is a grand adventure - or it is nothing." - Helen Keller
KILL (Resource kit)
Remove a running process from memory.
Syntax
KILL [option] process_id
KILL [option] task_name
KILL [option] window_title
Option
-f Force process kill
Note:
Kill -f basically just nukes the process from existence, potentially leaking a lot of memory and losing any data
that the process hadn't committed to disk yet. It is there for worst case scenarios - when you absolutely must
end the process now, and don't care whether proper cleanup gets done or not.
In WindowsXP, KILL is replaced with the superior TASKKILL - Allowing you to specify a remote computer,
different user account etc - for more details run TASKKILL /?
If you're going to tell people the truth, you'd better make them laugh. Otherwise they'll kill you. - George
Bernard Shaw
LABEL
Edit a disk label.
Syntax
LABEL [drive:][label]
The disk label is never referred to by other batch commands, it's just for human recognition.
LOGOFF.exe (Resource Kit)
Log a user off.
Syntax
LOGOFF [/f] [/n]
Key
/f Force running processes to close, but will ask for user confirmation. The user will not be
asked to save unsaved data.
/n Force running processes to close without confirmation. The user will be prompted to
save unsaved data.
By default LOGOFF will ask for user confirmation and prompt to save unsaved data.
Windows security log events
Logon Event IDs 528 and 540 = successful logon
Logoff Event ID 538 = logoff
Logon and logoff events also specify a Logon Type code:
Logon Type 2 – Interactive - Log on at the local keyboard / screen (see the event description for a computer
name).
Logon Type 3 – Network - connections to shared folders or printers, over-the-network logons, IIS
logons( but not basic authentication)
Logon Type 4 – Batch - The Scheduled Task service creates a new logon session for each
task.
Logon Type 5 – Service - Each service is configured to run as a specified user account.
Logon Type 7 – Unlock- a password protected screen saver.
Logon Type 8 – NetworkCleartext - a network logon like logon type 3 but where the password was sent over
the network in clear text.
Logon Type 9 – NewCredentials - If you use RunAs /netonly and records the logon event with logon type 2.
Logon Type 10 – RemoteInteractive - Terminal Services, Remote Desktop or Remote Assistance.
Logon Type 11 – CachedInteractive - mobile users not connected to the network connecting with cached
credentials.
"The man who is tired of London is tired of looking for a parking space" - Paul Theroux
MEM
Display memory usage.
Syntax
MEM
MEM /C
MEM /D
MEM /P
Key
/P List programs in memory with the memory address and size of each
/D List Programs(as /P) and also Devices
/C List programs in conventional memory and list programs in upper memory
MEM will only display details about the current CMD shell environment, programs running in a separate
shell (or WIN32 programs) will not be listed - so it won't tell you anything about total memory usage.
MD
Make Directory - Creates a new folder.
Syntax
MD [drive:]path
Key
The path can consist of any valid characters up to the maximum path length available, You should
avoid using the following characters in folder names - they are known to cause problems
© ® " - & ' ^ ( ) and @
also many extended characters may not be recognised by older 16 bit windows applications.
The maximum length of a full pathname (folders and filename) under NTFS or FAT is 260 characters.
Folder names are not case sensitive, but only folder names longer than 8 characters will always retain their
case, as typed.
For Example
C:\temp> MD MyFolder
Make several folders with one command
C:\temp> MD Alpha Beta Gamma
will create
C:\temp\Alpha\
C:\temp\Beta\
C:\temp\Gamma\
Make an entire path

MD creates any intermediate directories in the path, if needed.
For example, assuming \utils does not exist then:
MD \utils\downloads\Editor
is the same as:
md \utils
cd \utils
md downloads
cd downloads
md Editor
for long filenames include quotes
MD "\utils\downloads\Super New Editor"
You cannot create a folder with the same name as any of the following devices: CON, PRN, LPT1, LPT2 ..LPT9,
COM1, COM2 ..COM9 This limitation ensures that redirection to these devices will always work.
If you plan to copy data onto CDROM avoid folder trees more than 8 folders deep
MKDIR is a synonym for MD
"We are American at puberty. We die French" - Evelyn Waugh
MORE
Display output one screen at a time. MORE can be used to run any executable command (or batch file) and
pause the screen output one screen at a time. MORE can also be used to TYPE the contents of any file to the
screen.
Syntax
command | MORE [/E [/C] [/P] [/S] [/Tn] [+n]]
MORE [/E [/C] [/P] [/S] [/Tn] [+n]] < Pathname
MORE /E [/C] [/P] [/S] [/Tn] [+n] [Pathname(s)]
Key
command : Any executable command or batch file
Pathname : The file to be displayed. (if more than one separate with spaces)
/E : Enable extended features
/E /C : Clear screen before displaying page
/E /P : Expand FormFeed characters
/E /S : Squeeze multiple blank lines into a single line
/E /Tn : Expand tabs to n spaces (default 8)
/E +n : Start displaying the first file at line n
You can create an environment variable called %MORE% and use this to supply any of the above switches.
When MORE is used without any redirection symbols it will display the % complete e.g.:
MORE /E myfile.txt
--More (17%) --
If extended features are enabled, (/E) the following keystrokes can be used at the -- More -- prompt:
<space> Display next page

<return> Display next line
Q Quit
Pn Display next n lines
Sn Skip next n lines
F Display next file
= Show line number
? Show help line
"less is more" - Ludwig Mies van der Rohe
MOVE
Move a file from one folder to another
Syntax
MOVE [options] [Source] [Target]
Key
source : The path and filename of the file(s) to move.
target : The path and filename to move file(s) to.
options: (Windows 2000 only)
/Y Suppress confirmation prompt.
/-Y Enable confirmation prompt.
Both Source and Target may be either a folder or a single file.
The source may include wildcards (but not the destination).
Under Windows 2000 the default action is to prompt on overwrites unless the command is being executed
from within a batch script. To force the overwriting of destination files under both NT4 and Windows2000
use the COPYCMD environment variable:
SET COPYCMD=/Y
This will turn off the prompt in Win2000 and will be ignored by NT4 (which overwrites by default).
MOVEUSER.exe (Resource Kit)
Move a local user account into a domain or move a user account between machines.
Syntax
MOVEUSER [DOMAIN/]user1 [DOMAIN/]user2 [/c:computer] [/k] [/y]
Key:
user1 The existing user (who has a local profile)

Specify domain users in 'DOMAIN/user' format or just 'user' for a local account.
user2 The user acount that will inherit the user1 profile.
This account must already exist. Specify domain users in DOMAIN/user format specify only user for
local accounts.
/c:computer The computer on which to make the changes.

/k Keep user account user1 (only applies to local users)
/y Overwrite an existing profile for user2.
To use MOVEUSER, you must be logged in with admin rights to create and modify user accounts on both the
source and target machine.
Examples
MOVEUSER fred MyDomain\newfred
Or if the account 'fred' is on the remote PC called 'wks0123'
MOVEUSER fred MyDomain\newfred /c:\\wks0123
MSG.exe
Send a pop-up message to a user. The 'Home' editions of Windows don’t include MSG.
Syntax
MSG username [options] [message]
MSG sessionname [options] [message]
MSG sessionid [options] [message]
MSG @filename [options] [message]
MSG * [options] [message]
Options
/SERVER:servername The server to contact (default is current).

/TIME:seconds Time delay to wait for receiver to acknowledge msg.
/V Verbose, display extra information.
/W Wait for response from user, useful with /V.
If no message text to send is specified, MSG will prompt for it (also reads from stdin)
@filename identifies a file containing a list of usernames, sessionnames or sessionids to send the message
to.
* will send the message to all sessions on the server.
e.g. use this for Terminal Server/Citrix shutdown messages.
MSTSC
Terminal Server Connection, RDP (Remote Desktop Protocol)
Syntax
MSTSC option
MSTSC /Edit"ConnectionFile"
MSTSC /migrate
Options
ConnectionFile The name of an RDP file for connection
/v:<server[:port]> The remote computer to connect to
/console Connect to the console of a server (NT/XP)
/Admin Connect to a session for administering the server(Vista/2008)
/f Start in Full Screen mode
/w:width Width of the RDP screen
/h:height Height of the RDP screen
/span Match the Remote Desktop width and height with the local virtual desktop,
spanning across multiple monitors if necessary.(Vista/2008)
/public Run Remote Desktop in public mode. (Vista/2008) In public mode, passwords
and bitmaps are not cached.
/edit Open the RDP file for editing.
/migrate Convert a legacy Client connection file into an .RDP file
The /console option only works when connecting to an Windows XP Professional or Windows Server 2003
computer.
When connected to a remote desktop, the key combination Ctrl-Alt-END will send Ctrl-Alt-Del to the remote
client.
Examples:
MSTSC /v:MyServer /f /console

MSTSC /v:127.0.0.1 /w:1024 /h:768
MSTSC /v:MyServer /w:800 /h:600
MSTSC /edit filename.rdp
On the Windows XP CD, under \SUPPORT\TOOLS you'll find MSRDPCLI.exe. This is the setup for use with
9.x/2000 machines.
"Ignorance is preferable to error; and he is less remote from the truth who believes nothing, than he who
believes what is wrong" - Thomas Jefferson
MSIEXEC
Microsoft Windows Installer.
Syntax
Install
MSIEXEC /i package options
Uninstall
MSIEXEC /x package options
Advertise to current user
MSIEXEC /ju package options [/t Transform_List | /g LanguageID]
Advertise to all users
MSIEXEC /jm package options [/t Transform_List | /g LanguageID]
Administrative install - install on the network.
MSIEXEC /a package
Apply a patch to an installed Admin image
MSIEXEC /p patchPKG /a package
Options:
/fp fix - replace missing files
/fo fix - replace Older files
/fe fix - replace older or Equal date files
/fd fix - replace Different version files
/fc fix - replace files based on Checksum differences
/fa fix - replace All files
/fu fix - rewrite HKCU registry
/fm fix - rewrite HKLM registry
/fs fix - recreate shortcuts
/fv fix - rewrite local cache from source
/l* Logfile Log Everything (not Verbose)
/l*v Logfile Log Everything Verbose
/lv Logfile Log Verbose
/le Logfile Log All error messages
/lw Logfile Log Non-fatal warnings
/li Logfile Log Status messages
/la Logfile Log Startup actions
/lr Logfile Log Actions
/lu Logfile Log User requests
/lc Logfile Log User Interface (UI) parameters
/lm Logfile Log memory use
/lp Logfile Log Terminal properties
/l+ Logfile Append to an existing log file.
/l! Logfile Clear an existing log file.
/q , /qn No UI.
/qb Basic UI.
/qb! Basic UI with no cancel button.
/qr Reduced UI. A modal dialog box is displayed at the end of the install.
/qf Full UI. A modal dialog box is displayed at the end of the install.
/qn+ No UI. However, a modal dialog box is displayed at the end of the installation.
/qb+ Basic UI. A modal dialog box is displayed at the end of the installation. If you cancel the
installation, a modal dialog box is not displayed.
/qb- Basic UI with no modal dialog boxes.
/y module Register a DLL - only use for registry information that cannot be added using the
registry tables of the .msi file.
/z module UnRegister a DLL - only use for registry information that cannot be removed using the
registry tables of the .msi file.
Windows installer versions
Windows NT can support version 1.1 or version 1.2

Windows 2K includes version 1.1
Windows XP Sp1 /Server 2003 include version 2.0
Windows XP SP2 includes version 3.0
"People don't resist change. They resist being changed!" - Peter Senge.
NETSTAT.exe
Display current TCP/IP network connections and protocol statistics.
Syntax
NETSTAT [options] [-p protocol] [interval]
Key
-a Display All connections and listening ports.
-e Display Ethernet statistics. (may be combined with -s)
-n Display addresses and port numbers in Numerical form.
-r Display the Routing table.
-o Display the Owning process ID associated with each connection.
-b Display the exe involved in creating each connection or listening port.*
-v Verbose - use in conjunction with -b, to display the sequence of
components involved for all executables.
-p protocol
Show only connections for the protocol specified; maybe any of: TCP, UDP, TCPv6 or
UDPv6.
If used with the -s option then the following protocols may also be specified: IP, IPv6,
ICMP,or ICMPv6.
-s Display per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP,
TCPv6, UDP, and UDPv6; (The v6 protocols are not available
under 2k and NT4) The -p option may be used to display just a
subset of these.
interval Redisplay statistics, pausing interval seconds between

each display. (default=once only) Press CTRL+C to stop.
PATH
Display or set a search path for executable files
Syntax
PATH pathname [;pathname] [;pathname] [;pathname]...
PATH
PATH ;
Key
pathname : drive letter and/or folder; : the command 'PATH ;' will clear the path
PATH without parameters will display the current path.
The %PATH% environment variable contains a list of folders. When a command is issued at the CMD
prompt, the operating system will first look for an executable file in the current folder, if not found it will
scan %PATH% to find it.
Use the PATH command to display or change the list of folders stored in the %PATH% environment variable.
To view each item on a single line use this:
for %G in ("%path:;=" "%") do @echo %G
Or in a batch file:
for %%G in ("%path:;=" "%") do @echo %%G

To add items to the current path, include %PATH% in your new setting. For Example:
PATH=%PATH%;C:\Program Files\My Application
Note you do not need to surround each part of the path with double quotes, PATH will always treat spaces as
part of the filename.
Permanent Changes
Changes made using the PATH command are NOT permanent, they apply to the current CMD prompt only
and remain only until the CMD window is closed.
T o permanently change the PATH use
Control Panel, System, Environment, System Variables

Control Panel, System, Environment, User Variables
The %PATH% variable is set as both a system and user variable, the 2 values are combined to give the PATH
for the currently logged in user. This is explained in full by MS Product Support Article Q100843
Be wary of using commands like SETX to modify the PATH - the User path can be edited, but the System path
remains read-only for most users. If you try to delete an old value and add a new one it is very common for
the 'delete' to fail and the 'add' to succeed, resulting in duplicate values being added to the path.
If you are trying to modify the path to add settings for a single application, a reasonably safe method is to use
a second variable: e.g.
SetX MYAPP "C:\Program Files\My App" -m
Now include your new variable in the path like so ...C:\Windows\system32;%MYAPP%
You can now easily change that one variable %MYAPP% at any time in the future and the PATH will reflect
the new value.
 Changing a variable in the Control Panel will not affect any CMD prompt that is already open, only
new CMD prompts will get the new setting.
 To change a system variable you must have administrator rights
 If your system has an AUTOEXEC.BAT file then any PATH setting in AUTOEXEC.BAT will also be
appended to the %PATH% environment variable. This is to provide compatibility with old
installation routines which need to set the PATH. All other commands in AUTOEXEC.BAT are
ignored.
Terminology
For a file stored as:

C:\Program Files\Adobe\Acrobat.exe
The Drive is:
C:
The Filename is:
Acrobat.exe
The Path is:
Program Files\Adobe\
The Pathname is:

\Program Files\Adobe\Acrobat.exe
The Full Pathname is
C:\Program Files\Adobe\Acrobat.exe
"If you do not love your job, change it. Instead of pushing paper, push ideas. Instead of sitting down, stand up
and be heard. Instead of complaining, contribute. Don't get stuck in a job description" - Microsoft job advert
PING
Test a network connection - if successful, ping returns the ip address.
Syntax
PING [options] destination_host
Options
-w timeout Timeout in milliseconds to wait for each reply.
-i TTL Time To Live.
-v TOS Type Of Service.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-t Ping the destination host until interrupted.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host_list Loose source route along host_list.
-k host_list Strict source route along host_list.
destination_host The name of the remote host
A response of "Request timed out" means there was no response to the ping attempt in the default time
period of one second. If the latency of the response is more than one second. Use the -w option on the ping
command to increase the time-out. For example, to allow responses within five seconds, use ping -w 5000.
A successful PING does NOT always return an %errorlevel% == 0

Therefore to reliably detect a successful ping - pipe the output into FIND and look for the text "TTL"
Note that "Reply" in the output of PING does not always indicate a positive response. You may receive a
message from a router such as: Reply from 192.168.1.254: Destination Net Unreachable.
Four steps to test an IP connection with ping:
1) Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local
computer.
PING 127.0.0.1
2) Ping the IP address of the local computer to verify that it was added to the network correctly.
PING IP_address_of_local_host
3) Ping the IP address of the default gateway to verify that the default gateway is functioning and that you
can communicate with a local host on the local network.
PING IP_address_of_default_gateway
4) Ping the IP address of a remote host to verify that you can communicate through a router.
PING IP_address_of_remote_host
Examples
PING -n 1 -w 7500 Server_06

PING -w 7500 MyHost |find "TTL=" && ECHO MyHost found
PING -w 7500 MyHost |find "TTL=" || ECHO MyHost not found
PING -n 5 -w 7500 www.microsoft.com
PING -n 5 -w 7500 microsoft.com
PING is named after the sound that a sonar makes.
Ping times below 10 milliseconds often have low accuracy.
A time of 10 milliseconds is roughly equal to a distance of 930 Miles, travelling a straight line route at the
speed of light.
"And now I see with eye serene The very pulse of the machine." - William Wordsworth, (She Was a Phantom of
Delight)
PROMPT
Change the cmd.exe command prompt.
Syntax
PROMPT [text]
Key
text : a text string.
The prompt text can be made up of normal characters and the following special codes:
$A & (Ampersand)
$B | (pipe)
$C ( (Left parenthesis)
$D Current date
$E Escape code (ASCII code 27)
$F ) (Right parenthesis)
$G > (greater-than sign)
$H Backspace (erases previous character)
$L < (less-than sign)
$M Display the remote name for Network drives
$N Current drive
$P Current drive and path
$Q = (equal sign)
$S (space)
$T Current time
$V Windows NT version number
$_ Carriage return and linefeed
$$ $ (dollar sign)
$+ Will display plus signs (+) one for each level of the PUSHD directory stack
Examples
Display the UNC path whenever you are using a network drive (mapped with NET USE)
PROMPT $M$_$P$G
Simulate an HP-UX style prompt with the computername and the current folder on separate lines:
PROMPT=$p$_%username%@%computername%:.
Restore the default prompt:

PROMPT $P$G
PROMPT is implemented as a hidden environment variable called PROMPT: ECHO %prompt%

Knowing this you can force a permanent change in the CMD prompt for all sessions by setting a permanent
environment variable with the appropriate prompt text. e.g.
SETX PROMPT $M$_$P$G
You can also create a shortcut to the command prompt like this:
CMD /K PROMPT $M$_$P$G
If Command Extensions are disabled the commands $M and $+ are not supported.
PsKill (part of PsTools - download PsKill)
Kill processes by name or process ID
Syntax
pskill [- ] [-t] [\\computer [-u user] [-p passwd]] <process name | process id>
Options:
computer The computer on which the process is running. Default=local system

-p passwd Specify a password for user (optional). Passed as clear text. If omitted, you will
be prompted to enter a hidden password.
-u user Specify a user name for login to remote computer(optional).
-t Kill the process and its descendants.
process id/name
The process or processes to be killed.
- Help, display the supported options.
To kill a process on a remote system requires administrative privileges on the remote system.
Examples:
Kill all instances of notepad.exe running on \\workstation64:
pskill \\workstation64 notepad
PsExec (part of PsTools - download PsExec)
Execute a command-line process on a remote machine.
Syntax
psexec \\computer[,computer[,..] [options] command [arguments]
psexec @run_file [options] command [arguments]
Options:
computer The computer on which psexec will run command. Default = local system
To run against all computers in the current domain enter "\\*"
@run_file Run command on every computer listed in the text file specified.
command Name of the program to execute
arguments Arguments to pass (file paths must be absolute paths on the target system)
-a n,n,... Set processor affinity to n. Processors are numbered as 1,2,3,4 etc so to run the
application on CPU 2 and CPU 4, enter: "-a 2,4"
-c Copy the program (command)to the remote system for execution.
-c -f Copy even if the file already exists on the remote system.
-c -v Copy only if the file is a higher version or is newer than the remote copy.
If you omit the -c option then the application must be in the system path on the remote system.
-d Don't wait for the application to terminate. Only use for non-interactive applications.
-e Load the user account's profile, don't use with the system account (-s)
-i Interactive - Run the program so that it interacts with the desktop on the remote system.
-l Limited - Run process as limited user. Only allow privs assigned to the Users group.
-n s Specify a timeout s seconds for connecting to the remote computer.
-p psswd Specify a password for user (optional). Passed as clear text. If omitted, you will be
prompted to enter a hidden password.
-s Run remote process in the System account.
-w directory Set the working directory of the process (relative to the remote computer).
-x Display the UI on the Winlogon desktop (local system only).
-low, -belownormal, -abovenormal, -high or -realtime These options will run the process at a
different priority.
Psexec can also be used to start GUI applications, but in that case the GUI will appear on the remote machine.
Input is passed to the remote system when you press the enter key - typing Ctrl-C will terminate the remote
process.
When you specify a username the remote process will execute in that account, and will have access to that
account's network resources.
If you omit username the remote process will run in the same account from which you execute PsExec, but
because the remote process is impersonating it will not have access to network resources on the remote
system.
PsExec does not require you to be an administrator of the local filesystem this can allow UserA to run
commands as UserB - a Runas replacement.
Surround any long filenames "with quotation marks"
Examples:
Launch an interactive command prompt on \\workstation64:

psexec \\workstation64 cmd
Execute IpConfig on the remote system, and display the output locally:
psexec \\workstation64 ipconfig /all
Copy the program test.exe to the remote system and execute it interactively:
psexec \\workstation64 -c test.exe
Execute a program that is already installed on the remote system:
psexec \\workstation64 "c:\Program Files\test.exe"
Run Internet Explorer on the local machine but with limited-user privileges:
psexec -l -d "c:\program files\internet explorer\iexplore.exe"
PsShutdown (part of PsTools - download)
Initiate a shutdown/reboot of a local or remote computer, logoff a user, lock a system.
Syntax
psshutdown [[\\computer[,computer[,..] | @file [-u user [-p passwd]]]
-s|-r|-h|-d|-k|-a|-l|-o
[-f] [-c] [-t nn|h:m] [-n s] [-v nn]
[-e [u|p]:xx:yy] [-m "message"]
Options:
computer The computer on which the user account resides. Default=local system
a wildcard (\\*), will affect all computers in the current domain.
-p passwd Specify a password for user (optional). Passed as clear text. If omitted, you will be
prompted to enter a hidden password.
@file Execute the command on each of the computers listed in the file.
-a Abort a shutdown (only possible while a countdown is in progress)
-c Allow the shutdown to be aborted by the interactive user
-d Suspend the computer
-e [u|p]:xx:yy
Shutdown reason code, 'u' = user, 'p'= planned shutdown.
xx is the major reason code (must be less than 256)
yy is the minor reason code (must be less than 65536)
-f Force all running applications to exit during the shutdown
instead of giving them a chance to gracefully save their data.
-h Hibernate the computer
-k Poweroff the computer (reboot if poweroff is not supported)
-l Lock the computer
-m "message" Specify a message to logged-on users when a shutdown countdown commences
-n Timeout in seconds connecting to remote computers
-o Logoff the console user
-r Reboot after shutdown
-s Shutdown without poweroff
-t Countdown in seconds until the shutdown (default: 20 seconds) or the time of shutdown (in 24
hour notation)
-v Display message for the specified number of seconds before the shutdown.
default= display a shutdown notification dialog, specifying a value of 0 results in no dialog.
- Help, display the supported options.
This tool allows administrators to create a batch file that will run against multiple computers to perform a
mass change of the administrator password.
Examples:
Reboot \\workstation64 as part of an OS upgrade
psshutdown \\workstation64 -r -e p:2:3
PUSHD
Change the current directory/folder and store the previous folder/path for use by the POPD command.
Syntax
PUSHD pathname
Key
pathname - the folder to make 'current' (UNC names accepted)
Example
@Echo Off
Setlocal
Set _folder=%1
Pushd %_folder%
:: Now verify we really moved to the new folder
If /i not "%cd%"=="%_folder% (Echo folder not found &goto :eof)
Echo We are at %cd%
Popd
Echo We are back at %cd%
Networks
When a UNC path is specified, PUSHD will create a temporary drive map and will then use that new drive.
Temporary drive letters are allocated in reverse alphabetical order
so if Z: is free it will be used.
If Command Extensions are disabled the PUSHD command will not accept a network (UNC) path.
#Ah, push it - push it good

Ah, push it - p-push it real good# - Salt 'N' Pepa
REG.exe
Read, Set or Delete registry keys and values, save and restore from a .REG file.
Syntax:
REG QUERY [ROOT\]RegKey /v ValueName [/s]
REG QUERY [ROOT\]RegKey /ve - -This returns the (default) value
REG ADD [ROOT\]RegKey /v ValueName [/t DataType] [/S Separator] [/d Data] [/f]
REG ADD [ROOT\]RegKey /ve [/d Data] [/f] -- Set the (default) value
REG DELETE [ROOT\]RegKey /v ValueName [/f]

REG DELETE [ROOT\]RegKey /ve [/f] -- Remove the (default) value
REG DELETE [ROOT\]RegKey /va [/f] -- Delete all values under this key
REG COPY [\\SourceMachine\][ROOT\]RegKey [\\DestMachine\][ROOT\]RegKey
REG EXPORT [ROOT\]RegKey FileName.reg

REG IMPORT FileName.reg
REG SAVE [ROOT\]RegKey FileName.hiv
REG RESTORE \\MachineName\[ROOT]\KeyName FileName.hiv
REG LOAD FileName KeyName

REG UNLOAD KeyName
REG COMPARE [ROOT\]RegKey [ROOT\]RegKey [/v ValueName] [Output] [/s]

REG COMPARE [ROOT\]RegKey [ROOT\]RegKey [/ve] [Output] [/s]
Key:
ROOT :
HKLM = HKey_Local_machine (default)
HKCU = HKey_current_user
HKU = HKey_users
HKCR = HKey_classes_root
ValueName : The value, under the selected RegKey, to edit. (default is all keys and values)
/d Data : The actual data to store as a "String", integer etc
/f : Force an update without prompting "Value exists, overwrite Y/N"
\\Machine : Name of remote machine - omitting defaults to current machine. Only HKLM
and HKU are available on remote machines.
FileName : The filename to save or restore a registry hive.
KeyName : A key name to load a hive file into. (Creating a new key)
/S : Query all subkeys and values.
/S Separator : Character to use as the separator in REG_MULTI_SZ values the default is "\0"
/t DataType : REG_SZ (default) | REG_DWORD | REG_EXPAND_SZ | REG_MULTI_SZ
Output : /od (only differences) /os (only matches) /oa (all) /on (no output)
Notes:
Any of the above commands can be run against a remote machine by adding \\MachineName to the
command line, assuming the Remote Registry Service is running.
Registry data stored under HKCU will be visible and writable by the currently logged in user.
Registry data stored under HKLM will be visible to all users and writable by administrators.
To include a quote mark (") in the data, prefix it with the escape character (\) e.g. "Here is \" a quote"
Enclose ValueNames that contain the \ character in single quotes.
REG RESTORE has a tendency not to work, possibly due to firewall issues, Export and Import are much more
reliable.
Examples
REG QUERY HKCU\Console\

REG QUERY HKCU\Console /v ScreenBufferSize
REG ADD HKCU\Software\SS64 /v Sample /d "some test data"
REG QUERY HKCU\Software\SS64 /v Sample
REG ADD HKLM\Software\DiLithium /v WarpSpeed /t REG_BINARY /d ffffffff

REG QUERY HKLM\Software\DiLithium /v WarpSpeed
REG COPY \\Wks580\HKCU\Software\SS64 HKCU\Software\SS64

REG COPY HKCU\Software\SS64 HKCU\Software\SS64Copy
REG EXPORT HKCU\Software\SS64 C:\MyReg.REG

REG IMPORT C:\MyReg.REG
REG SAVE HKCU\Software\SS64 C:\MyRegHive.hiv
REG RESTORE \\Wks580\HKCU\Software\SS64 C:\MyRegHive.hiv
Change the default user profile: (temporarily load it as ZZZ)
REG LOAD HKU\ZZZ "C:\Documents and Settings\Default User\NTUSER.DAT"

REG ADD HKU\ZZZ\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v newUserProfile /t
REG_EXPAND_SZ /d "D:\setup.cmd" /f
REG UNLOAD HKU\ZZZ
More examples are available via: REG QUERY /? REG ADD /? etc
"The way to a mans heart is through his stomach" - Fanny Fern (writer)
REGEDIT
Import, export or delete registry settings from a text (.REG) file
Syntax
Export the Registry (all HKLM plus current user)
REGEDIT /E pathname
Export part of the Registry
REGEDIT /E pathname "RegPath"
Import a reg script
REGEDIT pathname
Silent import
REGEDIT /S pathname
Start the regedit GUI
REGEDIT
Open multiple copies of GUI (XP and 2003 only)
REGEDIT -m
Key
/E : Export
/S : Silent Import
How to add keys and values from the registry:
Create a text file like this:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SomeKey]
"SomeStringValue"="Hello"
When double clicking this .reg file the key and value will be added. Alternatively run REGEDIT MYKEY.REG
from the command line.
How to delete keys and values from the registry:
Create a reg file like this, notice the hyphen inside the first bracket

[-HKEY_CURRENT_USER\SomeKey]
When double clicking this .reg file the key "SomeKey" will be deleted along with all string, binary or Dword
values in that key.
If you want to just delete values, leaving the key in place, set the value you want to delete = to a hyphen e.g.

[HKEY_CURRENT_USER\SomeKey]
"SomeStringValue"=-
Again double clicking this .reg file will delete the values specified, or you can use REGEDIT /s
MyDeleteScript.REG
Compare the Registry of two machines
Windiff is your friend, this simple GUI utility from the resource kit will list all the differences.
Comments
Within a registry file, comments can be preceded by "; "

e.g.
;
; Turn the NUMLOCK on at login
;
[HKEY_CURRENT_USER\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"
Under Windows NT 4 all registry scripts start with: REGEDIT4 (This version string will also work in XP and
later versions of Windows.)
"I never make stupid mistakes. Only very, very clever ones" - John Peel
RunDLL32.exe
Run a DLL program. This command is available on all version of Windows from Win95 onwards, but the
DLL's and options available do vary considerably. Many options are case sensitive.
Syntax
RUNDLL32.EXE dll_name,EntryPoint [options]
Examples
Un-install MS Java Virtual Machine (JVM):

RUNDLL32 advpack.dll,LaunchINFSection java.inf,UnInstall
Copy a floppy disk

RUNDLL32 diskcopy,DiskCopyRunDll
Lock workstation
RUNDLL32.exe user32.dll, LockWorkStation
Add a Network Printer
RUNDLL32 printui.dll,PrintUIEntry /ia /c\\server /m "AGFA-AccuSet v52.3"/h "Intel" /v
"Windows 2000" /f %windir%\inf\ntprint.inf
Add a Local Printer
RUNDLL32 printui.dll,PrintUIEntry /if /b "Test Printer" /c\\SERVER/f "%windir
%\inf\ntprint.inf" /r "lpt1:" /m "AGFA-AccuSet v52.3"
Add a printer connection that's available to anyone who logs on:
Rundll32 printui.dll,PrintUIEntry /ga /n\\Server\PrintShare
Display all the available commands for PRINTUI.DLL
RUNDLL32 printui.dll,PrintUIEntry /?
(add/remove print drivers, print queues, preferences, properties etc)
"If you're rich you can buy books. If you're poor, you need a library" - John Kenneth Galbraith
REN
Rename a file or files.
REN [drive:][path]old_filename new_filename
RENAME is a synonym for REN
You cannot specify a different drive or path for `new_filename` - use the MOVE command instead. Both the
source and/or destination may include wildcards.
e.g.
REN *.txt *.xyz
REN c:\MyFile.txt *.xyz
REN c:\MyFile.txt ????.xyz
RD
Delete folder(s)
Syntax
RD pathname
RD /S pathname
RD /S /Q pathname
Key
/S : Delete all files and subfolders in addition to the folder itself. Use this to remove an
entire folder tree.
/Q : Quiet - do not display YN confirmation
Place any long pathnames in double quotes.
RD does not support wildcards but you can remove several folders in one command by listing the pathname
to each. e.g.
RD c:\docs\Jan c:\docs\Feb "c:\My Documents\Mar"

RMDIR is a synonym for RD
"Dying is the most embarrassing thing that can happen to you, because someones got to take care of all your
details". - Andy Warhol
ROUTE.exe
Manipulate network routing tables. Route packets of network traffic from one subnet to another by
modifying the route table.
Syntax
Display route details:

ROUTE [-f] PRINT [destination_host] [MASK subnet_mask_value] [gateway]
[METRIC metric] [IF interface_no.]
Add a route:
ROUTE [-f] [-p] ADD [destination_host] [MASK subnet_mask_value] [gateway]
Change a route:
ROUTE [-f] CHANGE [destination_host] [MASK subnet_mask_value] [gateway]
Delete a route:
ROUTE [-f] DELETE [destination_host] [MASK subnet_mask_value] [gateway]
Key
-f Clear (flush) the routing tables of all gateway entries. If this is used in conjunction with one of the
commands, the tables are cleared prior to running the command.
destination_host
The address (or set of addresses) that you want to reach.
-p Create a persistent route - survives system reboots. (not supported in Windows 95)
subnet_mask_value
The subnet mask value for this route entry.
This defines how many addresses are there.
If not specified, it defaults to 255.255.255.255.
gateway The gateway.
interface The interface number (1,2,...) for the specified route. the best interface available.
metric The metric, ie. cost for the destination.
Note that routes added to the table are not made persistent unless the -p switch is specified. Non-persistent
routes only last until the computer is rebooted.
Symbolic names used for Destination_Host are looked up in the network database file NETWORKS.
The symbolic names for gateway are looked up in the host name database file HOSTS.
If the command is PRINT or DELETE. Destination or gateway can be a wildcard ('*'), or the gateway
argument may be omitted.
An IP address mask of 0.0.0.0 means everything. (rather like the *.* wildcard). In other words it says: When
matching this pattern, don't worry about matching any of the bits - everything matches.
If Destination_Host contains a * or ?, it is treated as a shell pattern, and only matching destination routes are
printed. The '*' matches any string, and '?' matches any one char.
Examples:
157.*.1
157.*
127.*
*224*
RMTSHARE.exe (Resource kit)
Manage File and Printer shares, local or on a remote server.

Although missing from the Windows 2000 Resource kit, the NT version works fine under Windows
2000/2003.
Syntax
Display all shares
RMTSHARE \\server
Display details of a specific share
RMTSHARE \\server\sharename
Share a Folder
RMTSHARE \\server\sharename=drive:path [options]
Share a Printer
RMTSHARE \\server\sharename=printername /PRINTER [options]
Edit an existing SHARE
RMTSHARE \\server\sharename [options]
Delete a SHARE
RMTSHARE \\server\sharename /DELETE
Options
/USERS:number
/UNLIMITED
/REMARK:"text"
/GRANT user:perm
/REMOVE user
Notes: Either specify /Users to restrict the number of connections that can be made OR specify /UNLIMITED
You can include several /GRANTs in a single command line. Enclose paths that include spaces like
this
\\server\"long share name"="c:\long file name"
"How to be green? consume less, share more, enjoy life" - Penny Kemp
SET
Display, set, or remove CMD environment variables. Changes made with SET will remain only for the
duration of the current CMD session.
Syntax
SET variable
SET variable=string
SET /A variable=expression
SET "variable="
SET /P variable=[promptString]
SET "
Key
variable : A new or existing environment variable name
string : A text string to assign to the variable.
expression: : Arithmetic Sum
Also see SetX, VarSearch and VarSubstring for more advanced variable manipulation. Variable names are not
case sensitive but the contents can be. Variables can contain spaces. The number one problem people run
into with SET is having extra spaces around either the variable name or the string, SET is not forgiving of
extra spaces like many other scripting languages.
To display current variables:
Type SET without parameters to display all the current environment variables. Type SET with a variable
name to display that variable SET _department or use ECHO: ECHO [%_department%]
The SET command invoked with a string (and no equal sign) will display a wildcard list of all matching
variables
Display variables that begin with 'P': SET p
Display variables that begin with an underscore SET _
Examples
Storing a text string:
C:\>SET _dept=Sales and Marketing

C:\>set _
_dept=Sales and Marketing
One variable can be based on another, but this is not dynamic E.g.
C:\>set xx=fish
C:\>set msg=%xx% chips
C:\>set msg
msg=fish chips
C:\>set xx=sausage
C:\>set msg
msg=fish chips
C:\>set msg=%xx% chips

C:\>set msg
msg=sausage chips
Avoid starting variable names with a number, this will avoid the variable being mis-interpreted as a
parameter
%123_myvar% < > %1 23_myvar
To display undocumented system variables: SET "
Prompt for user input
@echo off
Set /P _dept=Please enter Department:
If "%_dept%"=="" goto :sub_error
If /i "%_dept%"=="finance" goto sub_finance
If /i "%_dept%"=="hr" goto sub_hr
goto:eof
:sub_finance
echo You chose the finance dept
goto:eof
:sub_hr
echo You chose the hr dept
The /P switch allows you to set a variable equal to a line of input entered by the user.
The PromptString is displayed before the user input is read. The PromptString can be empty.
The CHOICE command is an alternative to SET /P
To place the first line of a file into a variable:
Set /P _MyVar=<MyFilename.txt
CALL SET
SET can be CALLed allowing a variable substring to be evaluated:
SET start=10
SET length=9
SET string=The quick brown fox jumps over the lazy dog
CALL SET substring=%%string:~%start%,%length%%%
ECHO (%substring%)
Deleting an environment variable
Type SET with just the variable name and an equals sign:
SET _department=
Better still, to be sure there is no trailing space after the = use:

(SET _department=)
or
SET "_department="
Variable names can include Spaces
A variable can contain spaces and also the variable name itself may contain spaces, therefore the following
assignment:
SET my var=MyText
will create a variable called "my var"
Similarly
SET _var =MyText
will create a variable called "_var " - note trailing space
To avoid problems with extra spaces appearing in your output, issue SET statements in parentheses, like this
(SET _department=Some Text)

Alternatively you can do
SET "_department=Some Text"
Note: if you wanted to actually include a bracket in the variable you need to use an escape character.
The SET command will set ERRORLEVEL to 1 if the variable name is not found in the current environment.
This can be detected using the IF ERRORLEVEL command
Arithmetic expressions (SET /a)
The expression to be evaluated can include the following operators:
Multiply *
Divide /
Add +
Subtract -
Modulus %
AND &
OR |
XOR ^
LSH <<
RSH >>
Multiply Variable *=
Divide Variable /=
Add Variable +=
Subtract Variable -=
AND Variable &=
OR Variable |=
XOR Variable ^=
LSH Variable <<=
RSH Variable <<=
SET /a calculations
Enclose any logical expressions in "quotes"

Several calculations can be put on one line if separated with commas.
Warning: any SET /A calculation that returns a fractional result will be rounded down to the nearest whole
integer.
Examples:
SET /A _result=2+4
(=6)
SET /A _result=5
(=5)
SET /A _result+=5
(=10)
SET /A _result="2<<3"
(=16) { 2 Lsh 3 = binary 10 Lsh 3 = binary 10000 = decimal 16 }
SET /A _result="5%%2"
(=1) { 5/2 = 2 + 2 remainder 1 = 1 }
Modulus operator - note that in a batch script, (as opposed to on the command-line), you need to double up
the % to %%
SET /A will treat any character string in the expression as an environment variable name. This allows you to
do arithmetic with environment variable values without having to type any % signs to get the values. SET /A
_result=5 + _MyVar
Leading Zero will specify Octal
Numeric values are decimal numbers, unless prefixed by

0x for hexadecimal numbers,
0 for octal numbers.
So 0x12 = 022 = 18 decimal

The octal notation can be confusing - all numeric values that start with zeros are treated as octal but 08 and
09 are not valid numbers because 8 and 9 are not valid octal digits.
This is often a cause of error when performing date arithmetic. For example SET /a _day=07 will return the
value=7, but SET /a _day=09 will return an error.
Permanent Changes
Changes made using the SET command are NOT permanent, they apply to the current CMD prompt only and
remain only until the CMD window is closed.
To permanently change a variable at the command line use SetX
or in the GUI - Control Panel, System, Environment, System/User Variables
Changing a variable permanently with SetX will not affect any CMD prompt that is already open.
Only new CMD prompts will get the new setting.
You can of course use SetX in conjunction with SET to change both at the same time, but neither SET or SetX
will affect other CMD sessions that are already running. When you think about it - this is a good thing.
It is also possible (although undocumented) to add permanent env variables to the registry
[HKEY_CURRENT_USER\Environment]
(using REGEDIT)
System Environment variables can also be found in [HKLM\SYSTEM\CurrentControlSet\Control\Session

Manager\Environment]
Autoexec.bat
Any SET statement in c:\autoexec.bat may be parsed at boot time

Variables set in this way are not available to 32 bit gui programs - they won't appear in the control panel.
They will appear at the CMD prompt.
If autoexec.bat CALLS any secondary batch files, the additional batch files will NOT be parsed at boot.
This behaviour can be useful on a dual boot PC.
If Command Extensions are disabled all SET commands are disabled other than simple assignments like:
_variable=MyText
# I got my mind set on you

# I got my mind set on you... - George Harrison
SETX.exe (Resource Kit)
Set environment variables permanently

SETX can be used to set Environment Variables for the machine or currently logged on user:
SETX Variable Value

SETX Variable Value -m
Key:
-m Set the value in the Machine environment (HKLM) Default is User (HKCU)
SetX can also be used in modes to edit the Registry or edit CR-LF text files, (like win.ini) for most purposes
these tasks are better done with other tools in the resource kit, e.g. the REG command.
Because SetX writes variables to the master environment in the registry. Edits will only take effect when a
new command window is opened - they do not affect the current command session.
Deleting variables
A value of "" (empty quotes) will appear to delete the variable - it's not shown by SET but the variable name
will remain in the registry. Either use the GUI (recommended) or delete the value from the registry with REG
REG delete HKCU\Environment /V _myvar
Deleting a variable in this way does not take effect until next logon due to caching of registry data. The type
is REG_EXPAND_SZ.
Examples:
Set the variable "_mypc" to be COMPAQ in the users permanent environment:
SetX _mypc COMPAQ
Delete the variable "_myvar" in the users permanent environment:
REG delete HKCU\Environment /V _mypc
Set the variable "_myTimeZone" in both the immediate user session and the permanent environment:
SET _myTimeZone=GMT
SetX _myTimeZone GMT
Store the value of %my_important_var% in a second environment variable.

SetX _mybackupvar %my_important_var%
Sets the value of _mypath to ALWAYS be equal to the value of the %PATH% environment variable even in
the event that the PATH variable changes:
SetX _mypath ~PATH~
Machine variables
These are stored on the machine and won't follow a users roaming profile.
To set a machine variable (-m) requires Administrator rights.
Create a machine variable:
SetX _myvar COMPAQ -m
Delete a machine variable:
REG delete HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment /V _myvar
Share.vbs (Resource Kit)
List or edit a file share or print share (on any computer)
Although missing from recent Resource Kits, this VBS script does still work under 2K/XP. The preferred
method for creating shares is the RMTShare command, which can also grant permissions.
Syntax:
List Shares
Share.vbs /L [/S <server>] [/U <username>] [/W <password>] [/O <outputfile>]
Create a Share
Share.vbs /C /N <name> /P <path> [/T <type>] [/V <description>][/S <server>] [/U
<username>] [/W <password>] [/O <outputfile>]
Delete a Share
Share.vbs /D /N <name>[/S <server>] [/U <username>] [/W <password>] [/O
<outputfile>]
Options:
/L List
/C Create
/D Delete
/N name Name of the share to be created or deleted.
/P path Path of the share to be created.
/v description A description for the share.
/T type Type of the share to be created. (Disk, Printer, IPC or Special)
/S server A machine name.
/U username The current user's name.
/W password Password of the current user.
/O outputfile Output file name.
Examples:
List the shares on the machine \\Frodo

cscript Share.vbs /L /s Frodo
Create a file share called "scratch" on the local machine:
cscript Share.vbs /c /n scratch /p "c:\my shared files" /t Disk /v "project files"
Delete the share named "scratch" on the machine \\Frodo

cscript Share.vbs /d /n scratch /s Frodo
"The inherent vice of capitalism is the unequal sharing of blessings,

the inherent vice of Socialism is the equal sharing of miseries." - Winston Churchill
SHUTDOWN.exe (for Terminal Services use: TsShutDn)
Shutdown the computer
Syntax
SHUTDOWN [logoff_option] [/m \\Computer] [options]
logoff_option:
/i Display the GUI (must be the first option)
/l Log off. This cannot be used with /m or /d option
/s Shutdown
/r Shutdown and Restart
/a Abort a system shutdown. ( only during the time-out period)
/p Turn off the local computer with no time-out or warning (only with /d)
/h Hibernate the local computer (only with /f )
/e Document the reason for an unexpected shutdown of a computer
Options:
/m \\Computer : A remote computer to shutdown.
/t:xxx : Time until system shutdown in seconds.

The valid range is xxx=0-600 seconds. [default=30]
/c "Msg" : An optional shutdown message [Max 127 chars]
/f : Force running applications to close.
This will not prompt for File-Save in any open applications. so will result in a loss of all unsaved data!!!
/d u:xx:yy : List a USER reason code for the shutdown.
/d P:xx:yy : List a PLANNED reason code for the shutdown.
xx Specifies the major reason code (0-255)
yy Specifies the minor reason code (0-65536)
Options in bold are for Windows 2003 only
Example:
To create a desktop shortcut that will immediately shutdown your system, set the shortcut Target Properties
to:
C:\Windows\System32\shutdown.exe -s
When using this command to reboot a server, the shutdown process will normally allow about 30 seconds to
ensure each running service has time to stop. The shutdown can be made faster if all the services are first
halted using NET STOP
e.g.
net stop "Microsoft Exchange Internet Mail Service"
net stop "Microsoft FTP Service"
net stop "Some other Service"
SHUTDOWN /t:25 /r
Typical Reason codes:

E = Expected
U = Unexpected
P = planned (C = customer defined)
Type Major Minor Title

U 0 0 Other (Unplanned)
E 0 0 Other (Unplanned)
E P 0 0 Other (Planned)
U 0 5 Other Failure: System Unresponsive
E 1 1 Hardware: Maintenance (Unplanned)
E P 1 1 Hardware: Maintenance (Planned)
E 1 2 Hardware: Installation (Unplanned)
E P 1 2 Hardware: Installation (Planned)
P 2 3 Operating System: Upgrade (Planned)
E 2 4 Operating System: Reconfiguration (Unplanned)
E P 2 4 Operating System: Reconfiguration (Planned)
P 2 16 Operating System: Service pack (Planned)
2 17 Operating System: Hot fix (Unplanned)
P 2 17 Operating System: Hot fix (Planned)
2 18 Operating System: Security fix (Unplanned)
P 2 18 Operating System: Security fix (Planned)
E 4 1 Application: Maintenance (Unplanned)
E P 4 1 Application: Maintenance (Planned)
E P 4 2 Application: Installation (Planned)
E 4 5 Application: Unresponsive
E 4 6 Application: Unstable
U 5 15 System Failure: Stop error
E 5 19 Security issue
U 5 19 Security issue
E P 5 19 Security issue
E 5 20 Loss of network connectivity (Unplanned)
U 6 11 Power Failure: Cord Unplugged
U 6 12 Power Failure: Environment
P 7 0 Legacy API shutdown
e.g. SHUTDOWN /r /d P:2:17
SLEEP.exe (Resource Kit)
Add a fixed delay to a batch file
Syntax
SLEEP time
Key
time : the number of seconds to pause
For example:
To pause for an hour before running the next command in a batch file:
SLEEP 3600
Alternative
A fixed delay can also be produced by the PING command with a loopback address:
e.g. for a delay of 60 seconds:

PING -n 61 127.0.0.1>nul
See Clay Calvert's newsgroup posting for a full explanation of this technique.
slmgr.vbs (Vista and Server 2008)
Software Licensing Management Tool (C:\windows\system32\slmgr.vbs)
Syntax
slmgr [MachineName [Username Password]] [Option]
Key
-dli Display the current license information with activation status and partial product key.
-dlv Verbose, similar to -dli but with more information.
-dti Display Installation ID for offline activation
-ipk Key Enter a new product key supplied as xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
-xpr Show the expiry date of current license (if not permanently activated)
-upk Uninstall current installed product key and return license status back to trial state.
-ato Activate Windows license and product key against Microsoft's server.
-atp Confirmation_ID Activate Windows with user-provided Confirmation ID
-skms activationservername
or
-skms port
or
-skms activationservername:port Set the KMS server and the port used for KMS activation
(where supported by your Windows edition)
-rearm Reset the evaluation period/licensing status and activation state of the machine
-ckms Clear the name of KMS server used to default and port to default.
-cpky Clear product key from the registry (prevents disclosure attacks)
-ilc License_file Install license
-rilc Re-install system license files
machinename The machine to administer, by default the current local machine.
username An administrator equivalent user account for the computer.
password The password for the user account.
Running slmgr.vbs requires elevated administrator privileges.
SUBST
Substitute a drive letter for a network or local path.
Syntax
SUBST drive_letter: path
SUBST
SUBST drive_letter: /D
Key
SUBST with no parameters will display current SUBST drives
/D : Delete the drive_letter substitution.
Compared to mapping a drive with NET USE the SUBST command allows mapping to a subfolder of a drive
share - for the storage of user profiles this reduces the number of shares you need to create on the server.
Notes
- Under NT 4 SUBST'ed drives could be disconnected using the Explorer GUI - this was fixed in Windows
2000.
- In Windows 2000 (and above) you may have problems creating, accessing and deleting drive mappings
with SUBST.
- However under Win 2K/XP the functionality of the NET USE command is improved so you can now do
NET USE g: \\server\share\folder1\folder2
- If the network resource is unavailable (ie the server is down) SUBST will continually retry - unlike NET USE
which will try to connect once and fail - depending on your application this may be a good or a bad thing - a
subst drive that is not available will badly impact performance of most applications.
- Notice that when SUBST is used against a local shared folder, it will create a RECYCLER for that drive. The
RECYCLER is not removed when the drive substitution is removed, but can be deleted manually.
"A man should never be ashamed to own he has been in the wrong, which is saying in other words, that he is
wiser today than he was yesterday" - Alexander Pope (thoughts on various subjects)
TASKLIST
TaskList displays all running applications and services with their Process ID (PID) This can be run on either
a local or a remote computer.
Syntax
tasklist options
Options:
/s computer Name or IP address of a remote computer

don't use backslashes. Default = local computer.
/u domain\user [/p password]] Run under a different account
/svc List information for each process without truncation.
Valid when /fo=TABLE. Cannot be used with /m or /v
/m [ModuleName] Show the processes that include the given module.
/v Verbose task information
/fo {TABLE|LIST|CSV}] Output format, the default is TABLE.
/nh No Headers in the output (does not apply to LIST output)
/fi FilterName [/fi FilterName2 [ ... ]]
Apply one of the Filters below:

Imagename eq, ne String
PID eq, ne, gt, lt, ge, le Positive integer.
Session eq, ne, gt, lt, ge, le Any valid session number.
SessionName eq, ne String
Status eq, ne RUNNING | NOT RESPONDING
CPUTime eq, ne, gt, lt, ge, le Time hh:mm:ss
MemUsage eq, ne, gt, lt, ge, le Any valid integer.
Username eq, ne User name ([Domain\]User).
Services eq, ne String
Windowtitle eq, ne String
Modules eq, ne String
Examples:
tasklist /svc
tasklist /v /fi "STATUS eq running"
tasklist /v /fi "username eq ORACLE_SERVICE_ACCOUNT"
WMIC can also list running processes and parameters:
WMIC /OUTPUT:C:\ProcList.txt PROCESS get Caption,Commandline,Processid
TIME
Display or set the system time.
Syntax
TIME [new_time]
TIME
TIME /T
key
new_time : The time as HH:MM
TIME with no parameters will display the current time and prompt for a new value. Pressing ENTER will
keep the same time.
/T : Just display the time, formatted according to the current Regional settings.
Time Formatting
In Control Panel, Regional settings a Time Appearance can be set. This can be used to change the separator,
and the number of characters used to display hours and minutes.
To display the time including Seconds:
ECHO.| TIME will display the time, including seconds and hundredths of a second
The time separator and the Country Code are user settings in the registry:
The time separator can be read using REG as follows
@echo off
FOR /F "TOKENS=3" %%D IN ('REG QUERY ^"HKEY_CURRENT_USER\Control Panel\International^" /v
sTime ^| find ^"REG_SZ^"') DO (
SET _time_sep=%%D)
echo %_time_sep%
To read the Country Code replace sTime in the above with iCountry.
The time formats for different country codes are as follows:
Country or language CountryCode Date format Time format
United States 001 01/03/1994 5:35:00.00p

Czechoslovakia 042 03.01.1994 17:35:00
France 033 03.01.1994 17:35:00
Germany 049 03.01.1994 17:35:00
Latin America 003 03/01/1994 5:35:00.00p
International English 061 03/01/1994 17:35:00.00
Portugal 351 03-01-1994 17:35:00
Finland 358 3.1.1994 17.35.00
Switzerland 041 03.01.94 17 35.00
Norway 047 03.01.94 17:35:00
Belgium 032 03/01/94 17:35:00
Brazil 055 03/01/94 17:35:00
Italy 039 03/01/94 17.35.00
United Kingdom 044 03/01/94 17:35:00.00
Denmark 045 03-01-94 17.35.00
Netherlands 031 03-01-94 17:35:00
Spain 034 3/01/94 17:35:00
Hungary 036 1994.01.03 17:35:00
Canadian-French 002 1994-01-03 17:35:00
Poland 048 1994-01-03 17:35:00
Sweden 046 1994-01-03 17.35.00
If Command Extensions are disabled TIME will not support the /T switch
“Time is like money, the less we have of it to spare, the further we make it go” - Josh Billings
TIMEOUT.exe (Resource Kit)
Delay execution of a batch file.
Syntax
TIMEOUT delay
Key
delay :Delay in seconds (between -1 and 100000) to wait before continuing.
The value -1 causes the computer to wait indefinitely for a keystroke (like the PAUSE
command)
Timeout will pause command execution for a number of seconds, after which it continues without requiring
a user keystroke. If the user does press a key at any point, execution will resume immediately.
Timeout.exe seems to consume less processor time time than Sleep.exe
"It is awful work this love and prevents all a mans projects of good or glory" - Lord Byron
TRACERT
Trace Route - Find the IP address of any remote host. TRACERT is useful for troubleshooting large networks
where several paths can be taken to arrive at the same point, or where many intermediate systems (routers
or bridges) are involved.
Syntax
TRACERT [options] target_name
Key
target_name The HTTP or UNC name of the host
Options:
-d Do not resolve addresses to hostnames.
(avoids performing a DNS lookup)
-h max_hops Maximum number of hops to search for target.(default=30)

-j host-list Trace route along given host-list. up to 9 hosts in dotted decimal notation, separated by
spaces.
-w timeout Wait timeout milliseconds for each reply.
The functionality of TRACERT is the same under all versions of windows but the output is cosmetically
improved under XP.
Tracert uses the IP TTL field and ICMP error messages to determine the route from one host to another
through a network.
Care must be taken with tracert as it shows the optimal route, not necessarily the actual route. To be
accurate, it is possible to ping from a UNIX machine back to the PC using the -R option to record the route
taken - but only if the particular network devices support it.
This diagnostic tool determines the path taken to a destination by sending ICMP Echo Request messages
with varying Time to Live (TTL) values to the destination.
TTL (Time to Live) calculation
TTL is effectively a count of the (maximum) number of links to the destination host. Each router along the
path decrements the TTL in an IP packet by at least 1 before forwarding it.
When the TTL on a packet reaches 0, the router is expected to return an ICMP Time Exceeded message to the
source computer.
Tracert determines the path by sending the first Echo Request message with a TTL of 1 and incrementing the
TTL by 1 on each subsequent transmission until either the target host responds or the maximum number of
hops is reached.
This process relys on intermediate routers to return ICMP Time Exceeded messages. However, some routers
do not return Time Exceeded messages for packets with expired TTL values and are invisible to the tracert
command. In this case, a row of asterisks (*) is displayed for that hop.
Firewalls
Many firewalls will block ICMP traffic by default. If an attacker is able to forge ICMP redirect packets, he or
she can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to
flow via a path you didn't intend.
Examples
TRACERT www.doubleclick.net
TRACERT 123.45.67.89
TRACERT local_server
TYPE
Display the contents of one or more text files, convert Unicode to ANSI.
Syntax
TYPE [drive:]pathname(s)
If more than one file is specified the filenames are included in the output.
If a wildcard is used the filenames are not displayed.
Output can be redirected into a new file: TYPE file.txt > Newfile.txt
Output can be appended to an existing file: TYPE file.txt >> ExistingFile.txt
To do the same with user console input : TYPE CON > Newfile.txt
This will require a CTRL - Z to indicate end of file.
When using redirection to SORT a file the TYPE command is used implicitly
For example:
SORT < MyFile.txt
Create an empty (zero byte) file: TYPE nul >filename.log
If you TYPE a Unicode text file, the output will be ANSI (note any extended characters will be lost)
eg:
TYPE UnicodeFile.txt > ANSIFile.txt
To convert multiple Unicode files to ASCII try this script
@echo off
ren *.txt *.txx
for %%G in (*.txx) do (TYPE %%G >%%~nG.txt)
echo del *.txx
VOL
Display the volume label of a disk.
Syntax
VOL [drive:]
If the drive exists, VOL will display it's disk label and serial number and will return an %ERRORLEVEL% of 0.
If the drive does not exist VOL will return an %ERRORLEVEL% of 1.
If the drive is a CD/DVD drive with no disk loaded then VOL will return "The device is not ready" and will
return an %ERRORLEVEL% of 1.
VER
Display the current operating system version.
Syntax
VER
Use ver to find specific operating systems like this:
@Echo off
Setlocal
:: Get windows Version numbers
For /f "tokens=2 delims=[]" %%G in ('ver') Do (set _version=%%G)
For /f "tokens=2,3,4 delims=. " %%G in ('echo %_version%') Do (set _major=%%G& set _minor=%%H& set
_build=%%I)
Echo Major version: %_major% Minor Version: %_minor%.%_build%
if "%_major%"=="5" goto sub5

if "%_major%"=="6" goto sub6
Echo unsupported version

goto:eof
:sub5
::Winxp or 2003
if "%_minor%"=="2" goto sub_2003
Echo Windows XP [%PROCESSOR_ARCHITECTURE%]
goto:eof
:sub_2003
Echo Windows 2003 or XP 64 bit [%PROCESSOR_ARCHITECTURE%]
goto:eof
:sub6
if "%_minor%"=="1" goto sub7
Echo Windows Vista or Windows 2008 [%PROCESSOR_ARCHITECTURE%]
goto:eof
:sub7
Echo Windows 7 or Windows 2008 R2 [%PROCESSOR_ARCHITECTURE%]
goto:eof
Service Pack Version
This Batch script will give the Service Pack level. Works for NT, Win2K or WinXP
WHERE (2K Resource Kit / Windows 2003)

Locate and display files in a directory tree.
The WHERE command is roughly equivalent to the UNIX 'which' command. By default, the search is done in
the current directory and in the PATH.
Syntax
WHERE [/r Dir] [/q] [/f] [/t] Pattern ...
key
/r A recursive search, starting with the specified Dir directory.
/q Don't display the files but return either an exit code of 0 for success or 1 for failure.
/f Display the output file name in quotation marks.
/t Display the size, time stamp, and date stamp of the file.
/e Report the executable type.
pattern The name of a folder, file, or set of files to be found. you can use wildcard characters ( ? * ) and UNC
paths.
As an alternative to this command you can use this 90-character batch file:
@for %%e in (%PATHEXT%) do @for %%i in (%1%%e) do @if NOT "%%~$PATH:i"=="" echo %
%~$PATH:i
(from the OldNewthing blog)
Examples
Find all files named 'Zappa' in drive C: (including subdirectories)

WHERE /r c:\ Zappa
Find all files named 'Zappa' on the remote computer 'Server1' searching its subdirectories, and reporting the
executable type for executable files
WHERE /r \\Server1\Share1 /e Zappa.*
"Who never walks, save where he sees men's tracks, makes no discoveries" - Josiah Gilbert Holland
WHOAMI.exe (Resource kit)
Displays the username and domain for the currently logged in user.
The whoami output is the same as the 2 environment variables %USERDOMAIN% and %USERNAME%.
So the same output can usually be achieved with
ECHO %USERDOMAIN%\%USERNAME%
One exception to this is when using RUNAS /env , e.g. if my username is Simon:
c:>RunAs /env /user:JDoe cmd.exe

c:>ECHO %USERDOMAIN%\%USERNAME%
ss64\Simon
c:>whoami
ss64\JDoe
WHOAMI /all - shows all permissions and group memberships.
"We can now manipulate images to such an extrodinary extent that there's no lie you cannot tell" - Sir David
Attenborough
WinDiff (Windows SDK)
Compare the contents of two files or sets of files with a graphical interface.
Syntax
windiff [path1] [path2]
Key
path Individual files to compare or a directory of files to compare
If either path is not specified it will default to the current directory (or a matching file in the current
directory)
If nothing is specified, the GUI will appear - select files to compare with the menus.
White background = parts common to both files.

Red background = parts that belong to the file listed on the left .
Yellow background = parts that belong to the file listed on the right .
Registry files (exported with regedit) can also be compared. Also see the help file Windiff.hlp.
Downloads
Microsoft Windows 2003 SDK (large download)

Microsoft Windows 2008 SDK (large download)
WinDiff - Grigsoft (3rd party) download 75 Kb
"Shall I compare thee to a summer's day? Thou art more lovely and more temperate.
Rough winds do shake the darling buds of May, And summer's lease hath all too short a date" - Shakespeare
WINMSD.exe
Microsoft Windows diagnostics

Reports: Memory use, Services, Devices, IRQ's Ports, Environment variables,
Network (rights, transport, stats), Hardware including Display adapter.
Syntax
WINMSD [\\computername] options
Options:
/a All details
/s Summary details only
/f Send output to a file <computername.txt> in the current directory
/p Send output to a printer
WINMSD with no switches will open the GUI with details of the computer you are logged into.
When a remote computername is specified then less info will be reported

e.g. Diskspace and Memory won't be listed
Hot keys within the GUI:
SHIFT - F2 copies the current tab to the clipboard,

F2 copies a summary of the current tab to the clipboard
Winmsd in Windows 2000 will actually run Msinfo32 -

mmc.exe /s "C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo32.msc"
It is advisable to have the SERVER service running, if not - winmsd will show a warning dialogue.
Spooling output to file - if you have the resource kit WINMSDP allows more control over this.
WINMSDP.exe (Resource Kit)
Windows NT diagnostics II
Reports: Memory use, Services, Devices, IRQ's Ports, Environment variables,
Network (rights, transport, stats), Hardware including Display adapter.
Syntax
WINMSDP option
Key (only one option can be used)

/a : ALL prints everything
/e : environment
/d : drives
/i : interrupt resources
/m : memory
/n : network
/o : OS version
/p : port resources
/r : drivers
/s : services
/u : DMA resources
/w : hardware
/y : memory resources
The output is very similar to WINMSD if a little more detailed.

The output will appear in a text file called msdrpt.TXT
"The best is the enemy of the good" - Voltaire
WMIC.exe
Windows Management Instrumentation Command.

Read a huge range of information about local or remote computers. Also provides a way to make
configuration changes to multiple remote machines.
Syntax
Retrieve information about <Alias>:
WMIC [global_switches] [/locale:ms_409] <alias> [options] [format]
Interactive mode:
WMIC
Aliases:
ALIAS - Access local system aliases [CALL]
BASEBOARD - Base board management (motherboard or system board)

BIOS - BIOS management (Basic input/output services)
BOOTCONFIG - Boot configuration
CDROM - CD-ROM
COMPUTERSYSTEM - Computer system [CALL/SET]
CPU - CPU
CSPRODUCT - Computer system product information from SMBIOS.
DATAFILE - DataFiles [CALL]
DCOMAPP - DCOM Applications.
DESKTOP - User's Desktop
DESKTOPMONITOR - Desktop Monitor
DEVICEMEMORYADDRESS - Device memory addresses
DISKDRIVE - Physical disk drive
DISKQUOTA - Disk space usage for NTFS volumes.[SET]
DMACHANNEL - Direct memory access (DMA) channel
ENVIRONMENT - System environment settings [SET]
FSDIR - Filesystem directory entry [CALL]
GROUP - Group account [CALL]
IDECONTROLLER - IDE Controller
IRQ - Interrupt request line
JOB - Jobs scheduled using the schedule service.[CALL]
LOADORDER - System services that define execution dependencies.
LOGICALDISK - Local storage devices [CALL/SET]
LOGON - LOGON Sessions.
MEMCACHE - Cache memory
MEMLOGICAL - System memory, layout and availability
MEMPHYSICAL - Physical memory management
NETCLIENT - Network Client management.
NETLOGIN - Network login information for a particular user.
NETPROTOCOL - Protocols (and their network characteristics).
NETUSE - Active network connection.
NIC - Network Interface Controller (NIC)
NICCONFIG - Network adapter. [CALL]
NTDOMAIN - NT Domain. [SET]
NTEVENT - NT Event Log.
NTEVENTLOG - NT eventlog file [CALL/SET]
ONBOARDDEVICE - Common adapter devices built into the motherboard.
OS - Operating System/s [CALL/SET]
PAGEFILE - Virtual memory file swapping
PAGEFILESET - Page file settings [SET]
PARTITION - Partitioned areas of a physical disk.
PORT - I/O ports
PORTCONNECTOR - Physical connection ports
PRINTER - Printer device [CALL/SET]
PRINTERCONFIG - Printer device configuration
PRINTJOB - Print job [CALL]
PROCESS - Processes [CALL]*
PRODUCT - Windows Installer [CALL]
QFE - Quick Fix Engineering (patches)
QUOTASETTING - Setting information for disk quotas on a volume. [SET]
REGISTRY - Computer system registry [SET]
SCSICONTROLLER - SCSI Controller [CALL]
SERVER - Server information
SERVICE - Service application [CALL]
SHARE - Shared resourcees [CALL]
SOFTWAREELEMENT - Elements of a software product*
SOFTWAREFEATURE - Subsets of SoftwareElement. [CALL]*
SOUNDDEV - Sound Devices
STARTUP - Commands that run automatically when users logon
SYSACCOUNT - System account
SYSDRIVER - System driver for a base service. [CALL]
SYSTEMENCLOSURE - Physical system enclosure
SYSTEMSLOT - Physical connection points including ports, slots and peripherals, and
proprietary connections points.
TAPEDRIVE - Tape drives
TEMPERATURE - Temperature sensor (electronic thermometer).
TIMEZONE - Time zone data
UPS - Uninterruptible power supply (UPS)
USERACCOUNT - User accounts [CALL/SET]
VOLTAGE - Voltage sensor (electronic voltmeter) data
VOLUME - Local storage volume [CALL/SET]
VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume. [SET]
WMISET - WMI service operational parameters [SET]
New aliases in Windows 2003:

MEMORYCHIP - Memory chip information.
RDACCOUNT - Remote Desktop connection permission [CALL]
RDNIC - Remote Desktop connection on a specific network adapter [CALL/SET]
RDPERMISSIONS - Permissions to a specific Remote Desktop connection [CALL]
RDTOGGLE - Turn Remote Desktop listener on or off remotely[CALL]
RECOVEROS - Blue Screen Information [SET]
SHADOWCOPY - Shadow copy management [CALL]
SHADOWSTORAGE - Shadow copy storage areas [CALL/SET]
VOLUMEUSERQUOTA - Per user storage volume quotas [SET]
Options
By default an alias will return a standard LIST of information, you can also choose to GET one or more
specific properties.
Configuration changes can be made, where indicated above with: [CALL or SET ]
The CREATE and DELETE options allow you to change the WMI schema itself.
alias
alias LIST [BRIEF | FULL | INSTANCE | STATUS |SYSTEM | WRITEABLE]
[/TRANSLATE:BasicXml|NoComma ]
[/EVERY:no_secs] [/FORMAT:format]
alias GET [property list]
[/VALUE ] [/ALL ] [/TRANSLATE:BasicXml|NoComma ]
[/EVERY:no_secs] [/FORMAT:format]
alias CALL method_name [parameters]
alias SET [assignments]
alias CREATE
alias DELETE
alias ASSOC [/RESULTCLASS:classname] [/RESULTROLE:rolename][/ASSOCCLASS:assocclass]
For more help

WMIC /locale:ms_409 /alias /?
WMIC /locale:ms_409 /alias option /?
e.g.
WMIC /locale:ms_409 /BIOS /CALL /?
WMIC /locale:ms_409 /MEMLOGICAL /SET /?
The order of the /FORMAT and /TRANSLATE switches is significant: if /TRANSLATE follows /FORMAT, the
output is formatted first and then translated.
All the options above can be extended with a WHERE clause, best shown by the examples below:
Format:
Format defines the layout of the information: csv.xsl, hform.xsl, htable-sortby.xsl, htable.xsl
texttable.xsl, textvaluelist.xsl, xml.xsl
All output files are unicode text (convert to ASCII with TYPE) Tab Separated Values (.tsv) can be opened in
excel
The PROCESS alias can be used to start a new installation process, if doing this across the network, place the
installer files on a share with permissions EVERYONE : Read Only. This is because network credentials will
be dropped when jumping from one remote machine to another (unless you have kerberos configured).
Examples
WMIC /locale:ms_409 OS
WMIC OS LIST BRIEF
WMIC OS GET csname, locale, bootdevice
WMIC /locale:ms_409 NTEVENT where LogFile='system'
WMIC NTEVENT where "LogFile='system' and Type>'0'"
WMIC SERVICE where (state=”running”) GET caption, name, state > services.tsv
WMIC SERVICE where caption='TELNET' CALL STARTSERVICE
WMIC PRINTER LIST STATUS
WMIC PRINTER where PortName="LPT1:" GET PortName, Name, ShareName
WMIC /INTERACTIVE:ON PRINTER where PortName="LPT1:" DELETE
WMIC PROCESS where name='evil.exe' delete
WMIC /output:"%computername%.txt" MEMORYCHIP where "memorytype=17" get Capacity
WMIC /node:@workstns.txt /failfast:on PROCESS call create "\\server\share\installer.cmd"
Interactive mode:
C:>START "Windows Management" WMIC
wmic:root\cli>/locale:ms_409
wmic:root\cli>OS get csname
wmic:root\cli>quit
Notes
WMIC is available on XP Professional and Windows 2003, for older machines download & install: WMI core
for Win 9x / NT 4
The availability of WMI information does vary across different versions of Windows
e.g. ODBC, SNMP, Windows Installer.
To run WMIC requires administrator rights.
In Windows 2000, around 4,000 properties can be monitored, and around 40 can be configured.
In Windows XP around 6,000 properties can be monitored, and around 140 can be configured.
Windows 2003 offers a few improvements and bug fixes: the global option /locale:ms_409 is not required
(it defaults to English US.)
When you type WMIC for the first time in Windows 2003 all the aliases are compiled. The second, and
subsequent times you run WMIC, it will start immediately. Under XP WMIC is slower to initialise, therefore
to run several WMI queries it can be quicker to use interactive mode.
* WMI information for installed software packages (PACKAGE and SOFTWAREFEATURE) is often incomplete
and inconsistent for a variety of historical reasons. A more reliable method is to retrieve a list of installed
programs directly from the Add/Remove list in the registry, with a WSH script like this from Torgeir Bakken.
"Life is like a game of cards. The hand you are dealt is determinism; the way you play it is free will" - Jawaharial
Nehru
XCACLS.exe (Resource Kit)
Display or modify Access Control Lists (ACLs) for files and folders.
Syntax
XCACLS filename [options]
XCACLS filename
Key
If no options are specified XCACLS will display the ACLs for the file(s)
options can be any combination of:
/T Traverse all subfolders and change all matching files found.

/E Edit ACL instead of replacing it.
/x Edit ACL instead of replacing it; affect only ACEs that this user already owns*
/R user Revoke all access rights from the given user.
/D user Deny specified user access, this will over-ride all other permissions the user has.
/C Continue on access denied errors.
/Y Replace user's rights without verify
/P user:permision[;FolderSpec] Replace user's rights. see /G option below
/G user:permision[;FolderSpec] Grant specified user access rights, permision can be:
r Read
c Change (write)
f Full control
p Change Permissions (Special access)
o Take Ownership (Special access)
x EXecute (Special access)
e REad (Special access)
w Write (Special access)
d Delete (Special access)
t Used only by FolderSpec. see below
* Option only valid in Windows 2003
FolderSpec is a permission applied to a folder. If FolderSpec is not specified then permission will apply to
both files and folders.
This allows you to set different permissions that will apply (through inheritance) when new files are added
to the folder.
FolderSpec = ;T@ where @ is one of the rights above, when this is specified new files will inherit FolderSpec
instead of permission. At least one folder access right must follow the T For example ;TF will apply full
control (but ;FT is not valid)
Wildcards can be used to specify more that one file in a command. You can specify more than one user in a
command. You can combine access rights.
Although taking ownership is listed as an option it does not work, use SUBINACL for this.
Inheritance Errors
"Permissions incorrectly ordered" - the quickest way to resolve or avoid these errors is to use the newer
iCACLS command instead of XCACLS.
Inherited folder permissions are displayed as:
OI - Object inherit - This folder and files. (no inheritance to subfolders)

CI - Container inherit - This folder and subfolders.
IO - Inherit only - The ACE does not apply to the current file/directory
These can be combined as folllows:

(OI)(CI) This folder, subfolders, and files.
(OI)(CI)(IO) Subfolders and files only.
(CI)(IO) Subfolders only.
(OI) (IO) Files only.
So BUILTIN\Administrators:(OI)(CI)F means that both files and Subdirectories will inherit 'F' (Fullcontrol)
similarly (CI)R means Directories will inherit 'R' (Read folders only = List permission)
When xcacls is applied to the current folder only there is no inheritance and so no output.
Versions:
NTFS standards have changed with different versions of Windows and XCACLS has been updated to suit,
early versions of Xcacls may give unpredictable results against an NTFS v5 partition.
xcacls.vbs is described in Q825751 and can be downloaded here - xcacls.vbs is an unsupported utility that
addresses a limitation with the original xcacls.exe, specifically the inability to append permissions to a folder
whose child objects have the inheritance flag set. The .vbs version does not suppport unc paths and is very
slow to update multiple ACLs.
Examples:
:: Allow guests the right to read and execute in MyFolder

XCACLS MyFolder /E /G guests:rx
:: Allow guests the Full Control permission in MyFolder and all subfolders
XCACLS MyFolder /T /E /G guests:f
:: Grant guests only read access to all files in and below MyFolder,
:: new folders created will be Read Access only, new files will not inherit any rights.
XCACLS MyFolder /T /P guests:R;Tr
:: Grant guests only execute access to all files in and below MyFolder
XCACLS MyFolder /T /P guests:x
XCOPY
Copy files and/or directory trees to another folder. XCOPY is similar to the COPY command except that it has
additional switches to specify both the source and destination in detail.
XCOPY is particularly useful when copying files from CDROM to a hard drive, as it will automatically remove
the read-only attribute.
Syntax
XCOPY source [destination] [options]
Key
source : Pathname for the file(s) to be copied.
destination : Pathname for the new file(s).
[options] can be any combination of the following:

Source Options
/A Copy files with the archive attribute set (default=Y)

/M Copy files with the archive attribute set and turn off the archive attribute, use this option when
making regular Backups (default=Y)
/H Copy hidden and system files and folders (default=N)
/D:mm-dd-yyyy Copy files that have changed since mm-dd-yyyy.
If no date is given, the default is to copy files with a modification date before today.(at least 1 day
before)
/U Copy only files that already exist in destination.
/S Copy folders and subfolders
/E Copy folders and subfolders, including Empty folders.
May be used to modify /T.
/EXCLUDE:file1[+file2][+file3]...
(Windows 2000 only) The files can each contain one or more full or partial pathnames to be
excluded. When any of these match any part of the absolute path of a SOURCE file, then that file will be
excluded. For example, specifying a string like \obj\ or .obj will exclude all files underneath the directory
obj or all files with the .obj extension respectively.
Copy Options
/W Prompt you to press a key before starting to copy.

/P Prompt before creating each file.
/Y (Windows 2000 only) Suppress prompt to confirm overwriting a file.
may be preset in the COPYCMD env variable.
/-Y (Windows 2000 only) Prompt to confirm overwriting a file.
/V Verify that the new files were written correctly.
/C Continue copying even if an error occurs.
/I If in doubt always assume the destination is a folder
e.g. when the destination does not exist.
/Z Copy files in restartable mode. If the copy is interrupted part
way through, it will restart if possible. (use on slow networks)
/Q Do not display file names while copying.
/F Display full source and destination file names while copying.
/L List only - Display files that would be copied.
Destination Options
/R Overwrite read-only files.

/T Create folder structure, but do not copy files. Do not include empty folders or subfolders.
/T /E will include empty folders and subfolders
/K Copy attributes. XCOPY will otherwise reset read-only attributes.
/N If at all possible, use only a short filename (8.3) when creating a destination file. This may be
nececcary when copying between disks that are formatted differently e.g NTFS and VFAT, or when
archiving data to an ISO9660 CDROM.
/O (Windows 2000 only) copy file Ownership and ACL information.
/X Copy file audit settings (implies /O).
XCOPY will accept UNC pathnames

Examples:
To copy a file:
XCOPY C:\utils\MyFile D:\Backup\CopyFile
To copy a folder:
XCOPY C:\utils D:\Backup\utils /i
To copy a folder including all subfolders.
XCOPY C:\utils\* D:\Backup\utils /s /i
The /i defines the destination as a folder.
Notes
In many cases the functionality of XCOPY is superseded by ROBOCOPY.
To force the overwriting of destination files under both NT4 and Windows2000 use the COPYCMD
environment variable:
SET COPYCMD=/Y
This will turn off the prompt in Win2000 and will be ignored by NT4 (which overwrites by default).
When comparing Dates/Times the granularity (the finest increment of the timestamp) is 2 seconds
for a FAT volume and 0.1 microsecond for an NTFS volume.
The WinXP version of XCOPY will accept wildcards for the source e.g. *.txt It is also more forgiving with
trailing backslashes
"It is easier to copy than to think, hence fashion" - Wallace Stevens
REM
In a batch file REM at the start of a line signifies a comment or REMARK

alternatively adding :: at the start of a line has a similar effect
For example:
@ECHO OFF
::
:: First comment
::
REM Second comment
REM
::
Although you can use rem without a comment to add vertical spacing to a batch file, you can also use
completely blank lines. The blank lines are ignored when processing the batch program.
The double-colon is not documented as a comment command, it is a special case of a CALL label that acts like
a comment. The pro's and cons of each method are listed below.
Bugs
There are problems using a :: comment within an IF or FOR code bracket
e.g.
@echo off
FOR /L %%i IN (1,1,10) Do (
Echo before comment
:: Some comment
Echo after comment
)
The above will return the error :: was unexpected at this time.
In Windows 2000 and XP a comment like

::%~
or
REM %~ will be interpreted giving the error:
The following usage of the path operator in batch-parameter substitution is invalid: %~
In Windows NT 4 the REM command would incorrectly reset the %errorlevel% to 0
The bottom line on this is that you must test your comments to be sure they will be ignored as you expect.
Registry Comments
Within a registry file comments can be preceded by "; "

e.g.
;
; Turn the NUMLOCK on at login
;
[HKEY_CURRENT_USER\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"
FTP Comments
There is no valid comment character for FTP but you can cheat by escaping to the shell and running REM
e.g.
C:\WORK>type ftpscript
!REM This is a remark
bye
C:\WORK>ftp -s:ftpscript
ftp> !REM This is a remark
ftp> bye
C:\WORK>
The603h – 17/01/2010

WindowsXP Command Line - Teguh W

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

WindowsXP Command Line - Teguh W

Diunggah oleh

Hak Cipta:

Format Tersedia

An A-Z Index of the Windows XP command line

ADDUSERS Tambah atau daftar pengguna untuk / dari file CSV

bootcfg Edit pengaturan boot Windows

CACLS Ubah file permissions

DATE Tampilan atau mengatur tanggal •

ECHO Menampilkan pesan di layar •

FC Bandingkan dua file

GLOBAL Display keanggotaan kelompok global

HELP Bantuan Online

iCACLS Ubah hak akses file dan folder

KILL Remove program dari memori l

MAPISEND Kirim email dari baris perintah

NET Mengelola sumber daya jaringan

RASDIAL Mengelola koneksi RAS

TASKLIST Daftar menjalankan aplikasi dan layanan yang berjalan

USRSTAT Daftar domain nama pengguna dan login terakhir

VER informasi versi Tampilan •

WHERE Cari dan menampilkan file dalam pohon direktori

ADDUSERS.exe (Resource Kit)

/s:x - Change the delimiter character used in filename to x.

 Domain - Query the Primary Domain Controller (PDC) of domain.

Display or change file attributes. Find Filenames.

pathname : Drive and/or filename e.g. C:\*.txt

Hidden and System attributes take priority.

Viewing archive attributes

Edit the Windows boot settings stored in Boot.ini

Default identification strings:

Check Disk - check and repair disk problems

filename File(s) to check for fragmentation (FAT only).

/F Automatically Fix file system errors on the disk.

Scan only (without /f switch)

Cluster (or block) Size

0 No errors were found

"The file system structure on the disk is corrupt and unusable"

Check the NTFS file system with CHKDSK

/C : Check - schedules chkdsk to be run at the next reboot

"I don't make no dirty movements" - Elvis

Start a new CMD shell

/T:fg Sets the foreground/background colours

/D Ignore registry AutoRun commands

/F:ON Enable auto-completion of pathnames entered at the CMD prompt

/F:OFF Disable auto-completion of pathnames entered at the CMD prompt (default)

/Q Turn echo off

/S Strip quote characters from the command_line

/V:OFF Disable delayed environment expansion.

Environment expansion preference can be set permanently in the registry

1. If all of the following conditions are met, then quote characters

2. Otherwise, old behavior is to see if the first character is

Opening CMD from Windows Explorer

;Allow UNC paths at command prompt

; Run a command when CMD.exe starts

; Activate Automatic Completion

Copy and Paste

Using CMD in a batch script

Pausing a batch script

Stopping a batch script from running

A workaround for the limited pathname length is to prefix \\?\

"Those who can command themselves, command others" - Hazlitt

Copy one or more files to another location

COPY source1 + source2.. destination [options]

destination : Pathname for the new file(s).

V : Verify that the new files were written correctly

Prompt to overwrite destination file

COPY will accept UNC pathnames

DIR c:\temp\. | FIND "/"

FOR /f "tokens=" %%G IN ('dir c:\temp\.* ^| find "/"') DO echo %%G