Tuesday, January 17, 2006
Windows XP CLI Commands
- bootcfg (XP only)
This utility allows you to set up your boot options, such as your default OS and other loading options. - cacls (XP, 2000, & NT4.0)
Changes the ACLs (security Settings) of files and folders. Very similar to chmod in Linux. - comp (XP & 2000)
This utility is very similar to diff in Linux. Use the /? switch to get examples of command usage. - contig (NT4.0 and newer)
A great defrag utility for NTFS partitions. - defrag (XP only - NT4.0 and Win2k use contig)
Yes, XP comes with a command line disk defrag utility. If you are running Win2k or NT4.0 there is still hope. Contig is a free defrag program that I describe on the defrag page. - diskpart (XP only)
Use this command to manage your disk partitions. This is the text version for the GUI Disk Manager. - driverquery (XP only)
Produces a list of drivers, their properties, and their versions. Great for computer documentation. - fsutil (XP only)
This is a utility with a lot of capability. Come back soon for great examples. - getmac (XP & 2000)
This command gets the Media Access Control (MAC) address of your network cards. - gpresult (XP & 2000)
This generates a summary of the user settings and computer group policy settings. - ipconfig (XP, 2000 & NT4.0)
This handy tool displays IP settings of the current computer and much more. - MMC (XP, 2000 & NT4.0) - Microsoft Management Console
Console
This is the master tool for Windows, it is the main interface in which all other tools use starting primarily in Windows 2000 and newer systems. - msconfig (XP only)
The ultimate tool to change the services and utilities that start when your Windows machine boots up. You can also copy the executable from XP and use it in Win2k. - netsh (XP & 2000)
A network configuration tool console. At the 'netsh>' prompt, use the '?' to list the available commands and type "exit" to get back to a command prompt. - openfiles (XP Only)
Allows an administrator to display or disconnect open files in XP professional. Type "openfiles /?" for a list of possible parameters. - Pathping (XP & 2000)
A cross between the ping and traceroute utilities. Who needs Neotrace when you can use this? Type "pathping" and watch it go. - recover (XP & 2000)
This command can recover readable information from a damaged disk and is very easy to use. - reg (XP & 2000)
A console registry tool, great for scripting Registry edits. - schtasks (XP only)
A newer version of the AT command. This allows an administrator to schedule and manage scheduled tasks on a local and remote machines. - secedit (XP & 2000)
Use this utility to manually apply computer and user policy from your windows 2000 (or newer) domain. Example to update the machine policy: secedit /refreshpolicy machine_policy /enforce
To view help on this, just type secedit. - sfc (XP & 2000)
The system file checker scans important system files and replaces the ones you (or your applications) hacked beyond repair with the real, official Microsoft versions. - shutdown (XP & 2000)
With this tool, You can shut down or restart your own computer, or an administrator can shut down or restart a remote computer. - sigverif (XP only)
Microsoft has created a driver signatures. A signed driver is Microsot tested and approved. With the sigverif tool you can have all driver files analysed to verify that they are digitally signed. Just type 'sigverif' at the command prompt. - systeminfo (XP only) <----- very nice one!!!!!!!!!!!
Basic system configuration information, such as the system type, the processor type, time zone, virtual memory settings, system uptime, and much more. This program is great for creating an inventory of computers on your network. - tasklist (XP only)
Tasklist is the command console equivalent to the task manager in windows. - taskkill (XP only)
Taskkill contains the rest of the task manager functionality. It allows you to kill those unneeded or locked up applications.
AuditPol [\\computer] [/enable | /disable] [/help | /?] [/Category:Opti
/Enable = Enable audit (default).
/Disable = Disable audit.
Category = System : System events
Logon : Logon/Logoff events
Object : Object access
Privilege : Use of privileges
Process : Process tracking
Policy : Security policy changes
Sam : SAM changes
Directory : Directory access
Account : Account logon events
Option = Success : Audit success events
Failure : Audit failure events
All : Audit success and failure events
None : Do not audit these events
Samples are as follows:
AUDITPOL \\MyComputer
AUDITPOL \\MyComputer /enable /system:all /object:failure
AUDITPOL \\MyComputer /disable
AUDITPOL /logon:failure /system:all /sam:success /privilege:none
AUDITPOL /HELP | MORE displays Help one screen at a time.
clearlogs.exe :del aplicatios/security/system logs (net fuctions)
ClearLogs 1.0 - © 2002, Arne Vidstrom (arne.vidstrom@ntsecurity.nu)
- http://ntsecurity.nu/toolbox/clearlogs/
Usage: clearlogs [\\computername] <-app / -sec / -sys>
-app = application log
-sec = security log
-sys = system log
fport.exe like netstat but show the aplication who open the ports
ClearLogs 1.0 - © 2002, Arne Vidstrom (arne.vidstrom@ntsecurity.nu)
- http://ntsecurity.nu/toolbox/clearlogs/
Usage: clearlogs [\\computername] <-app / -sec / -sys>
-app = application log
-sec = security log
-sys = system log
mnger.exe
Usage: mnger.exe -s[lvdsSp]p[kwl[v]]ri [arguments]
-sl * List all services.
-sv
-sd
-ss
-sS
-sp
-si
-sm
-pl [PID|process] * List [All] Running proccesses.
-plv [PID|process] * List verbose information about [All] Running processes.
-pk
-pw * Shows Process owner (whoami).
-r
other side)
-i * System Information
tlist.exe
Microsoft ® Windows NT ™ Version 5.1 TLIST
Copyright © Microsoft Corporation. All rights reserved.
usage: TLIST <<-m
| <-k> | <-s>
[options]:
-t
Print Task Tree
List module information for this task.
The pattern can be a complete task
name or a regular expression pattern
to use as a match. Tlist matches the
supplied pattern against the task names
and the window titles.
-c
Show command lines for each process
-e
Show session IDs for each process
-k
Show MTS packages active in each process.
-m
Lists all tasks that have DLL modules loaded
in them that match the given pattern name
-s
Show services active in each process.
-p
Returns the PID of the process specified or -1
if the specified process doesn't exist. If there
are multiple instances of the process running only
the instance with the first PID value is returned.
-v
Show all process information