1.2 Given a scenario, use the appropriate Microsoft command line tools.

  • Navigation
    • cd
    • dir
    • md
    • rmdir
    • Drive Navigation Inputs
      • C: or D: or X:
    • ..
  • Command-Line Tools
    • ipconfig
    • ping
    • hostname
    • netstat
    • nslookup
    • chkdsk
    • net user
    • net use
    • tracert
    • format
    • xcopy
    • copy
    • robocopy
    • gpupdate
    • gpresult
    • shutdown
    • sfc
    • [command name] /?
    • diskpart
    • pathping
    • winver

Command Line Tools

The command line allows us to type in commands and have Windows execute them.  We start by opening a command prompt

Go to the start menu and launch the command prompt (type cmd)

The command prompt will have a prompt, which will be the name of a folder.  The default location is the current user’s directory home directory.  When we execute a command related to files or folders, it will apply to the current directory.

You can type a command and press Enter to execute it.

Each available command may have one or more options that provide additional features.  Let’s look at some of the most common Windows commands.

dir

Lists the contents (files and folders) in the current directory.  This command tells us

  • Date modified

  • File size

  • File name

  • Whether the item is a file or a directory (indicated by <DIR>)

Type dir /A to list all files, including hidden files

Type dir /A [ ] to list specific types of files.  We can specify the types of files we want to see in the parentheses.

  • d for directories

  • h for hidden files

  • s for system files

  • r for read-only files

For example, if I want to see only hidden files and read-only files, I can type dir /A [hr]

We can sort the output by typing dir /o [] where we specify the sort order in the parentheses

  • n to sort by name

  • e to sort by extension

  • g to list directories first

  • s to sort by size, smallest first

  • d to sort by size, oldest first

  • – to reverse the sort order

For example, if I want to sort by extension and by name, I can type dir /o [en]

If I want to see the contents of a different directory from the one I’m in, I can type dir <directory name> where <directory name> is the directory whose contents I want to see.

cd

cd changes the directory. 

Type cd <directory name> where <directory name> is the directory you want to go to.  The directory you need to access must be inside the directory you’re already in.  If you want to go to a directory other than the one you are in, type cd <path name> where <path name> is the full pathway to the folder (including the drive letter).

..

To go “up one level” in the directory, type cd ..

For example, if you’re in C: \Main\Second, and you want to go to C: \Main, type cd ..

md

md makes a new directory inside the current directory.

Type md <directory name> where directory name is the name of the new directory.

rmdir

rmdir deletes an existing directory inside the current directory. 

Type rmdir <directory name> where directory name is the name of the new directory.

You can only delete an empty directory.  You can’t delete the current directory.

Drive Navigation

We can change the drive that we are using by typing the drive letter, followed by a colon.  For example, to switch to the “C” drive, type C:

The main Windows drive is usually the “C” drive, but an administrator can set it to any letter of the alphabet.  Back in the day, the “A” and “B” drives were for floppy disks, and the “D” drive was for an optical drive.

ipconfig

Displays the IP configuration of the computer. 

ipconfig /all lists all the network adapters on our computer, as well as the following information for each one

  • Network adapter name
  • MAC address (physical address)
  • IP address, gateway, subnet mask, DHCP server, and DNS servers (if available)

Some other commands

  • ipconfig /renew renews the IP address of our network interfaces (if an interface’s IP address was obtained via DHCP).  It attempts to obtain a new IP address from the DHCP server.  If we only want to renew the IP address of a single interface, we can type ipconfig /renew <interface name> where <interface name> is the name of the interface whose IP address we want to renew.

  • ipconfig /release releases the IP address of our network interfaces (if an interface’s IP address was obtained via DHCP).  If we only want to release the IP address of a single interface, we can type ipconfig /release <interface name> where <interface name> is the name of the interface whose IP address we want to release.

  • ipconfig /flushdns erases the DNS cache on our computer.  We might run this command if our DNS becomes corrupted or we find that some entries are not accurate.

  • ipconfig /displaydns lists the DNS entries that are currently logged by the computer

ping

Allows you to ping another computer (by hostname or IP address).  Ping allows us to see if we can reach another computer over the network.

  • The command is ping <hostname or IP address>

  • For example, ping 8.8.8.8 or ping google.com will attempt to ping 8.8.8.8 or ping google.com

  • The computer will try four pings

  • If you enter a hostname, the computer will try to translate it into an IP address via DNS first, and then ping it

Some options

  • Type ping <hostname or IP address> -n #### where #### is the number of pings that we want to send

  • Type ping <hostname or IP address> -t to send pings forever

tracert

Traces the route from your computer to another computer (by hostname or IP address).  Remember that the internet is a giant spiderweb, and your data will pass through multiple routers to get to its destination.  If we are having connectivity issues, we will want to map out this pathway, and see where it is failing apart.

The command is tracert <hostname or IP address>

Tracert sends packets, which are designed to bounce back, three from each “hop” in the destination.  The exact way that this happens is beyond the scope of this book.  The time that it takes for each packet to bounce back is listed in the first three columns.

Some devices do not respond to tracert requests.  Those hops will appear as asterisks.

For each hop, we want to see consistency in all three columns.  If one of the times is much higher than the others, that hop may be congested (causing packet loss).  If one of the hops has much higher times than the others, that could be a source of latency.

pathping is a command that is built on tracert.  When you run pathping, it runs a tracert on the destination to generate a list of intermediate hops. Then it pings each hop 100 times.  Pathping is considered more accurate.

netstat

Lists all the active connections between your computer and other computers.  The command is netstat.  For each connection, the command tells us

  • Whether the connection is TCP or UDP

  • The IP address and port of the connection

  • The IP address or hostname of the remote device

  • The status of the connection.  Is this a connection that is currently in use (established), or is our computer waiting for a connection (listening)?

Some additional things we can type

  • netstat -a shows all the active connections and all the connections where our computer is just listening

  • netstat -b shows the name of the program that created the connection or that is listening for an incoming connection

  • netstat -e shows statistics including the number of bytes sent and received on each connection

nslookup

nslookup tells us the name server corresponding to a given domain name.  The command is nslookup <domain name>.

For example, if we want to look up where google.com is hosted, we type nslookup google.com

shutdown

Shuts down the computer.  The command is shutdown.

dism

DISM, or the Deployment Image Servicing and Management tool allows you to repair the Windows installation, if it is corrupted.

  • DISM will download the correct files from a good source

    • You must have a copy of the Windows ISO (Windows installation files) to give to the DISM. 

    • The DISM uses the Windows ISO to repair the existing Windows installation.

    • If you don’t have a Windows ISO, DISM can obtain one from an online source.

  • DISM requires administrator privileges

  • Type DISM /Online /Cleanup-Image /RestoreHealth

    • Checks for errors in the Windows installation via an online source and repairs them.

  • Type DISM /Online /Cleanup-Image /CheckHealth

    • Checks for errors in the Windows installation via an online source but does not repair them.

sfc

The System File Checker checks for corrupted system files.  SFC keeps a secret backup of Windows system files.  When a file that is in use gets corrupted, SFC deletes it and replaces it with one from the backup.

It is a good practice to run DISM first and then SFC.

  • SFC requires administrator privileges

  • Type sfc /scannow to check for corrupted system files, and automatically repair them

  • Type sfc /verifyonly to check for corrupted system files, without repairing them

  • If the corrupted files are in use, you may need to reboot your computer.  SFC will automatically repair them before Windows loads.

chkdsk

Check Disk checks the hard disk drive for errors.

  • Checkdisk requires administrator privileges

  • The chkdsk command will only check for errors
  • The chkdsk /f will check for errors and repair them

  • If the drive that contains the errors in use, then Check Disk won’t repair the errors.  It will prompt you to run the Check Disk the next time the computer boots up (and prior to Windows loading).

taskkill

Task Kill ends a task.

  • We can kill a task by typing taskkill /IM <task name> where task name is the name of the task we want to end

    • For example, if you want to end notepad.exe, type taskkill /IM notepad.exe

    • If there are multiple tasks with the same name, they will all be closed


  • We can end the task by it’s process ID, by typing taskkill /PID <process ID number> where process ID is the ID number

    • For example, if you want to end notepad.exe, and the process ID number is 43, type taskkill /PID 43

    • You can find the process ID number by looking in the task manager under Details

gpupdate

GP Update performs a Group Policy Update.  This command only applies to computers connected to a domain.  It downloads the group policy from the active directory server and applies it to the computer and active user.

The computer will automatically apply group policy updates regularly, even if you do not run this command.

  • Type gpupdate to update only the policy items that have changed

  • Type gpupdate /force to update all the policy items

gpresult

GP Result determines how a Group Policy will apply to a computer or a user

  • gpresult shows how the group policy applies to the computer and user

  • gpresult /scope:user shows how the group policy applies to the user who is logged in

  • If you want to see how the Group Policy applies to another user type gpresult /user:<username> where <username> is his username

  • gpresult /scope:computer shows us how the group policy applies to the computer

  • If you want to see how the Group Policy applies to another computer type gpresult /computer:<computer name> where <computer name> is the name of the computer we want to check

  • This command also shows us the last time that the group policy update was applied, and from which server

format

Format formats a drive.  We can type format <drive letter> /fs:<file-system>

  • <drive letter> is the drive letter of the drive you want to format

  • <file-system> is the type of file system you want to implement (NTFS, FAT32, etc.)

  • We can add /V: <label> at the end to tell Windows the label of the new drive volume

diskpart

Diskpart allows us to create and modify hard disk partitions.  You must have administrator rights to run the command.  Unlike other commands, you must first start the diskpart application by typing diskpart. 

Diskpart has many features and commands, probably enough to fill an entire book, so we will only cover the basics.

Once you are in diskpart, you can type

  • list disk to displays all the physical disks on the computer
  • list volume to display all the volumes on the computer

In order to run commands on a disk or volume, you must first select the disk or volume. 

Type

  • select disk=<n> where <n> is the disk number

  • select volume=<n> where <n> is the volume number

Now we can do any of the following

  • To assign a drive letter to a partition, type assign letter=<d>, where <d> is the letter that you want to assign

  • To create a partition, type create partition primary size=<n> where <n> is the size of the partition in MB

  • Type delete partition to delete the current partition

copy

Copy allows you to copy a file.  The command is copy <source file> <destination directory>

  • <Source file> is the name of the file we want to copy

  • <Destination directory> is the location we want to copy it to

  • It is assumed that the source file is in the current directory.  For example, if we want to copy C:\folder\file1.txt to C:\folder2\, and we are in the C:\folder\ directory, we type copy file1.txt C:\folder2

  • If we are in a different directory, then we could type copy C:\folder\file1.txt C:\folder2

  • Add /v at the end of the command to verify that the files were copied correctly

  • Add /d at the end of the command to copy an encrypted file and save it as a decrypted file in the destination

xcopy

X Copy allows you to copy a file or directory, including its contents.  The command is copy <source file or directory> <destination directory>

  • <Source file> is the path to the file or directory that we want to copy

  • <Destination directory> is the path to the location we want to copy it to

  • It is assumed that the source file is in the current directory.  For example, if we want to copy C:\folder1\folder2 to C:\folder3\, and we are in the C:\folder1\ directory, we type xcopy folder2 C:\folder3

  • If we are in a different directory, then we could type xcopy C:\folder1\folder2 C:\folder3

robocopy

Robocopy is the Robust File Copy application.  It allows faster copying of files because it reduces the overhead that is normally associated with the Windows file copy method.  The command is robocopy <Source> <Destination>

  • <Source> is the source directory

  • <Destination> is the destination directory

  • For example, if we want to copy files from C:\Directory_A to C:\Directory_B, we type robocopy C:\Directory_A C:\Directory_B

  • Robocopy can also mirror a directory (it will delete files in the destination directory that were not present in the source directory)

  • The following options are available.  We can add an option to the end of the command.

    • /s copies subdirectories except for empty directories.  Without this option, robopy copy will only copy the files in the root directory that we are in.

    • /e copies subdirectories including empty directories.

    • /copy:<letters> allows robocopy to copy file attributes where <letters> can be any of the following letters

      • D copies the data

      • A copies the attributes

      • T copies time stamps

      • S copies the NTFS permissions

      • O copies owner information

      • U copies auditing information

    • /purge will delete any files in the destination directory that were not in the source directory

    • /mov will move files and delete them from the source directory after they have been copied

    • /move will move files and directories and delete them from the source directory after they have been copied

net use

Net Use connects to shared resources (maps a shared resource as a drive).  The command is net use <drive letter> <resource name>.

  • <Drive letter> is the letter we want to map the resource to

  • <Resource> is the resource location

  • For example, if we wanted to map \\server\my media to the E drive, we would type net use e: “\\server\my media”

  • The connection is made under the username of the current user.  If we want to make the connection under a different username, we can type /user: <username> (substitute <username> for the username you want to use)

  • We can also delete a resource by typing net use <resource name> /delete

  • For example, if we want to delete the P drive, we type resource p: /delete.  We are not actually deleting the contents of the P drive from the network server; we are just deleting the map.

  • If we type net use, we can see all the network resources currently connected

net user

Net User can add, remove, or change users on the computer.  It requires administrator privileges.

  • We can type net user to see a list of all the user accounts

  • net user <username> <password>

    • Changes the password of an account, where <username> is the username, and password is the password

  • net user <username> <password> /add

    • Adds a new account, where <username> is the username, and password is the password

  • net user <username> /delete

    • Removes a user account, where <username> is the username

winver

winver tells us the version of Windows that we are running.

hostname

If we type hostname the computer will tell us the hostname (computer name).

[command name] /?

If we type <command name> /?, Windows will provide help regarding the command.  It will provide the syntax of the command. 

Some commands will also display the help when you type an option incorrectly.

There are over a hundred Windows commands (and many thousands of PowerShell commands).  It is into possible to cover all of them here.  For more details, check out the online reference below

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands