A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
---|
A | |
---|---|
APPEND | Allows programs to open data files in specified directories as if they were in the current directory. |
ARP | Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). |
ASSOC | Displays or modifies file extension associations. |
AT | The AT command has been deprecated. Please use schtasks.exe instead. |
ATTRIB | Displays or changes file attributes. |
AUDITPOL | Audit Policy Program |
B | |
BCDBOOT | Bcdboot - Bcd boot file creation and repair tool. The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store. |
BCDEDIT | Sets properties in boot database to control boot loading. |
BITSADMIN | BITS administration utility. |
BOOTCFG | This command line tool can be used to configure, query, change or delete the boot entry settings in the BOOT.INI file. |
BREAK | Sets or clears extended CTRL+C checking. |
C | |
CACLS | Displays or modifies access control lists (ACLs) of files. |
CALL | Calls one batch program from another. |
CD | Displays the name of or changes the current directory. |
CERTREQ | CertReq.exe |
CERTUTIL | CertUtil.exe |
CHANGE | Remote Desktop Services Change Utility |
CHCP | Displays or sets the active code page number. |
CHDIR | Displays the name of or changes the current directory. |
CHGLOGON | Enable, disable, or drain session logins. |
CHGPORT | List or change COM port mappings for DOS application compatibility. |
CHGUSR | Change Install Mode. |
CHKDSK | Checks a disk and displays a status report. |
CHKNTFS | Displays or modifies the checking of disk at boot time. |
CHOICE | This tool allows users to select one item from a list of choices and returns the index of the selected choice. |
CIPHER | Displays or alters the encryption of directories [files] on NTFS partitions. |
CLIP | Redirects output of command line tools to the Windows clipboard. This text output can then be pasted into other programs. |
CLS | Clears the screen. |
CMD | Starts a new instance of the Windows command interpreter. |
CMDKEY | Creates, displays, and deletes stored user names and passwords. |
COLOR | Sets the default console foreground and background colors. |
COMP | Compares the contents of two files or sets of files. |
COMPACT | Displays or alters the compression of files on NTFS partitions. |
CONVERT | Converts FAT volumes to NTFS. You cannot convert the current drive. |
COPY | Copies one or more files to another location. |
CSCRIPT | Microsoft ® Console Based Script Host |
D | |
DATE | Displays or sets the date. |
DEBUG | Runs Debug, a program testing and editing tool. |
DEFRAG | Optimizes and defragments files on local volumes to improve system performance. |
DEL | Deletes one or more files. |
DIR | Displays a list of files and subdirectories in a directory. |
DISKCOMP | Compares the contents of two floppy disks. |
DISKCOPY | Copies the contents of one floppy disk to another. |
DISKPART | Displays or configures Disk Partition properties. |
DISKPERF | Disk Performance Configuration Utility |
DISKRAID | Microsoft DiskRAID version 6.3.9600 |
DISM | DISM enumerates, installs, uninstalls, configures, and updates features and packages in Windows images. The commands that are available depend on the image being serviced and whether the image is offline or running. |
DISPDIAG | Logs display information to a file in the current directory. |
DOSKEY | Edits command lines, recalls Windows commands, and creates macros. |
DPATH | Allows programs to open data files in specified directories as if they were in the current directory. |
DRIVERQUERY | Displays current device driver status and properties. |
E | |
ECHO | Displays messages, or turns command echoing on or off. |
EDIT | MS-DOS Editor Version 2.0.026 Copyright (c) Microsoft Corp 1995. |
EDLIN | Starts Edlin, a line-oriented text editor. |
ENDLOCAL | Ends localization of environment changes in a batch file. |
ERASE | Deletes one or more files. |
EVENTCREATE | This command line tool enables an administrator to create a custom event ID and message in a specified event log. |
EXE2BIN | Converts .EXE (executable) files to binary format. |
EXIT | Quits the CMD.EXE program (command interpreter). |
EXPAND | Expands one or more compressed files. |
F | |
FC | Compares two files or sets of files, and displays the differences between them. |
FILEVER | Prints file version information. |
FIND | Searches for a text string in a file or files. |
FINDSTR | Searches for strings in files. |
FINGER | Displays information about a user on a specified system running the Finger service. Output varies based on the remote system. |
FLTMC | Filter Manager Control Program |
FOR | Runs a specified command for each file in a set of files. |
FORFILES | Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs. |
FORMAT | Formats a disk for use with Windows. |
FSUTIL | Displays or configures the file system properties. |
FTP | Transfers files to and from a computer running an FTP server service (sometimes called a daemon). Ftp can be used interactively. |
FTYPE | Displays or modifies file types used in file extension associations. |
G | |
GETMAC | This tool enables an administrator to display the MAC address for network adapters on a system. |
GOTO | Directs the Windows command interpreter to a labeled line in a batch program. |
GPRESULT | Displays Group Policy information for machine or user. |
GPUPDATE | Updates multiple Group Policy settings. |
GRAFTABL | Enables Windows to display an extended character set in graphics mode. |
H | |
HELP | Provides Help information for Windows commands. |
HOSTNAME | Prints the name of the current host. |
I | |
ICACLS | Display, modify, backup, or restore ACLs for files and directories. |
IF | Performs conditional processing in batch programs. |
IPCONFIG | The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. |
ISCSICLI | Microsoft iSCSI Initiator Version 6.3 Build 9600 |
L | |
LABEL | Creates, changes, or deletes the volume label of a disk. |
LODCTR | Updates registry values related to performance counters. |
LOGMAN | Microsoft r Logman.exe (6.3.9600.16384) |
LOGOFF | Terminates a session. |
M | |
MAKECAB | Cabinet Maker - Lossless Data Compression Tool |
MANAGE-BDE | Configures BitLocker Drive Encryption on disk volumes. |
MD | Creates a directory. |
MEM | Displays the amount of used and free memory in your system. |
MKDIR | Creates a directory. |
MKLINK | Creates Symbolic Links and Hard Links |
MODE | Configures a system device. |
MORE | Displays output one screen at a time. |
MOUNTVOL | Creates, deletes, or lists a volume mount point. |
MOVE | Moves one or more files from one directory to another directory. |
MRINFO | Multicast Information |
MSG | Send a message to a user. |
N | |
NBTSTAT | Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). |
NET | Net Command |
NETCFG | WinPE network installer |
NETSH | Network Command Shell |
NETSTAT | Displays protocol statistics and current TCP/IP network connections. |
NLSFUNC | Loads country-specific information. |
NLTEST | Microsoft® Logon Server Test Utility |
NSLOOKUP | nslookup |
O | |
OPENFILES | Displays files opened by remote users for a file share. |
P | |
PATH | Displays or sets a search path for executable files. |
PATHPING | TCP/IP PathPing Command |
PAUSE | Suspends processing of a batch file and displays a message. |
PING | TCP/IP Ping Command |
PNPUNATTEND | AuditSystem, Unattend online driver install |
PNPUTIL | Microsoft PnP Utility |
POPD | Restores the previous value of the current directory saved by PUSHD. |
POWERCFG | Enables users to control power settings on a local system. |
Prints a text file. | |
PRINTBRM | Access the Backup Recovery Migration tool through a command line interface. |
PROMPT | Changes the Windows command prompt. |
PSEXEC | Execute processes remotely |
PSFILE | PsFile lists or closes files opened remotely. |
PSGETSID | Translates SIDs to names and vice versa |
PSINFO | Local and remote system information viewer |
PSKILL | Terminates processes on local or remote systems |
PSLIST | Sysinternals PsList |
PSLOGGEDON | See who's logged on |
PSLOGLIST | local and remote event log viewer |
PSPASSWD | Local and remote password changer |
PSSERVICE | Service information and configuration utility |
PSSHUTDOWN | Shutdown, logoff and power manage local and remote systems |
PSSUSPEND | Process Suspender |
PUSHD | Saves the current directory then changes it. |
Q | |
QAPPSRV | Displays the available Remote Desktop Session Host servers on the network. |
QPROCESS | Displays information about processes. |
QUERY | MultiUser Query Utility |
QUSER | Display information about users logged on to the system. |
QWINSTA | Display information about Remote Desktop Services sessions. |
R | |
RASDIAL | Remote Access Command Line Dial UI |
RD | Removes a directory. |
REAGENTC | Configures the Windows Recovery Environment (Windows RE) and system reset. |
RECIMG | Recovery Image Management Utility |
RECOVER | Recovers readable information from a bad or defective disk. |
REG | Registry Console Tool |
REGINI | Registry Initializer |
REGISTER-CIMPROVIDER | Registers CIM Provider into system |
RELOG | Relog creates new performance logs from data in existing performance logs by changing the sampling rate and/or converting the file format. Supports all performance log formats, including Windows NT 4.0 compressed logs. |
REM | Records comments (remarks) in batch files or CONFIG.SYS. |
REN | Renames a file or files. |
RENAME | Renames a file or files. |
REPAIR-BDE | BitLocker Drive Encryption: Repair Tool version 6.3.9600 |
REPLACE | Replaces files. |
RESET | Remote Desktop Services Reset Utility |
RMDIR | Removes a directory. |
ROBOCOPY | Advanced utility to copy files and directory trees |
ROUTE | Manipulates network routing tables. |
RPCPING | RPC Ping Utility |
RUNAS | Run As Utility |
S | |
SC | Displays or configures services (background processes). |
SCHTASKS | Schedules commands and programs to run on a computer. |
SDBINST | Application Compatibility Database Installer |
SECEDIT | Windows Security Configuration Editor Command Tool |
SET | Displays, sets, or removes Windows environment variables. |
SETLOCAL | Begins localization of environment changes in a batch file. |
SETVER | Sets the version number that MS-DOS reports to a program. |
SETX | Creates or modifies environment variables in the user or system environment. Can set variables based on arguments, regkeys or file input. |
SFC | Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions. |
SHIFT | Shifts the position of replaceable parameters in batch files. |
SHUTDOWN | Allows proper local or remote shutdown of machine. |
SORT | Sorts input. |
START | Starts a separate window to run a specified program or command. |
SUBINACL | SubInAcl version 5.2.3790.1180 |
SUBST | Associates a path with a drive letter. |
SXSTRACE | Sxs Tracing Tool |
SYSTEMINFO | Displays machine specific properties and configuration. |
T | |
TAKEOWN | This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership. |
TASKKILL | Kill or stop a running process or application. |
TASKLIST | Displays all currently running tasks including services. |
TIME | Displays or sets the system time. |
TIMEOUT | This utility accepts a timeout parameter to wait for the specified time period (in seconds) or until any key is pressed. It also accepts a parameter to ignore the key press. |
TITLE | Sets the window title for a CMD.EXE session. |
TRACERPT | Event Trace Report Tool |
TRACERT | TCP/IP Traceroute Command |
TREE | Graphically displays the directory structure of a drive or path. |
TSCON | Attaches a user session to a remote desktop session. |
TSDISCON | Disconnects a Remote Desktop Services session. |
TSKILL | Ends a process. |
TYPE | Displays the contents of a text file. |
TYPEPERF | Typeperf writes performance data to the command window or to a log file. To stop Typeperf, press CTRL+C. |
TZUTIL | Windows Time Zone Utility |
U | |
UNLODCTR | Removes counter names and explain text for the specified extensible counter. |
V | |
VAULTCMD | Creates, displays and deletes stored credentials. |
VER | Displays the Windows version. |
VERIFIER | Driver Verifier Manager |
VERIFY | Tells Windows whether to verify that your files are written correctly to a disk. |
VOL | Displays a disk volume label and serial number. |
VSSADMIN | vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool |
W | |
W32TM | Windows Time Service Diagnostic Tool |
WAITFOR | This tool sends, or waits for, a signal on a system. When /S is not specified, the signal will be broadcasted to all the systems in a domain. If /S is specified, then the signal will be sent only to the specified system. |
WBADMIN | wbadmin 1.0 - Backup command-line tool |
WECUTIL | Event Collector Command Line Utility |
WEVTUTIL | Eventing Command Line Utility |
WHERE | Displays the location of files that match the search pattern. By default, the search is done along the current directory and in the paths specified by the PATH environment variable. |
WHOAMI | This utility can be used to get user name and group information along with the respective security identifiers (SID), claims, privileges, logon identifier (logon ID) for the current user on the local system. I.e. who is the current logged on user? If no switch is specified, tool displays the user name in NTLM format (domain\username). |
WINRM | Windows Remote Management (WinRM) is the Microsoft implementation of the WS-Management protocol which provides a secure way to communicate with local and remote computers using web services. |
WINRS | winrs |
WMIC | Displays WMI information inside interactive command shell. |
X | |
XCOPY | Copies files and directory trees. |
Allows programs to open data files in specified directories as if they were in the current directory. APPEND [[drive:]path[;...]] [/X[:ON | :OFF]] [/PATH:ON | /PATH:OFF] [/E] APPEND ; [drive:]path Specifies a drive and directory to append. /X:ON Applies appended directories to file searches and application execution. /X:OFF Applies appended directories only to requests to open files. /X:OFF is the default setting. /PATH:ON Applies appended directories to file requests that already specify a path. /PATH:ON is the default setting. /PATH:OFF Turns off the effect of /PATH:ON. /E Stores a copy of the appended directory list in an environment variable named APPEND. /E may be used only the first time you use APPEND after starting your system. Type APPEND ; to clear the appended directory list. Type APPEND without parameters to display the appended directory list.
Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). ARP -s inet_addr eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr] [-N if_addr] [-v] -a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed. -g Same as -a. -v Displays current ARP entries in verbose mode. All invalid entries and entries on the loop-back interface will be shown. inet_addr Specifies an internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts. -s Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies a physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Example: > arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry. > arp -a .... Displays the arp table.
Displays or modifies file extension associations ASSOC [.ext[=[fileType]]] .ext Specifies the file extension to associate the file type with fileType Specifies the file type to associate with the file extension Type ASSOC without parameters to display the current file associations. If ASSOC is invoked with just a file extension, it displays the current file association for that file extension. Specify nothing for the file type and the command will delete the association for the file extension.
The AT command has been deprecated. Please use schtasks.exe instead. The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command. AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [\\computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] "command" \\computername Specifies a remote computer. Commands are scheduled on the local computer if this parameter is omitted. id Is an identification number assigned to a scheduled command. /delete Cancels a scheduled command. If id is omitted, all the scheduled commands on the computer are canceled. /yes Used with cancel all jobs command when no further confirmation is desired. time Specifies the time when command is to run. /interactive Allows the job to interact with the desktop of the user who is logged on at the time the job runs. /every:date[,...] Runs the command on each specified day(s) of the week or month. If date is omitted, the current day of the month is assumed. /next:date[,...] Runs the specified command on the next occurrence of the day (for example, next Thursday). If date is omitted, the current day of the month is assumed. "command" Is the Windows NT command, or batch program to be run.
Displays or changes file attributes. ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]] + Sets an attribute. - Clears an attribute. R Read-only file attribute. A Archive file attribute. S System file attribute. H Hidden file attribute. I Not content indexed file attribute. X No scrub file attribute. V Integrity attribute. [drive:][path][filename] Specifies a file or files for attrib to process. /S Processes matching files in the current folder and all subfolders. /D Processes folders as well. /L Work on the attributes of the Symbolic Link versus the target of the Symbolic Link
Usage: AuditPol command [<sub-command><options>] Commands (only one command permitted per execution) /? Help (context-sensitive) /get Displays the current audit policy. /set Sets the audit policy. /list Displays selectable policy elements. /backup Saves the audit policy to a file. /restore Restores the audit policy from a file. /clear Clears the audit policy. /remove Removes the per-user audit policy for a user account. /resourceSACL Configure global resource SACLs Use AuditPol <command> /? for details on each command
Bcdboot - Bcd boot file creation and repair tool. The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store. bcdboot <source> [/l <locale>] [/s <volume-letter> [/f <firmware>]] [/v] [/m [{OS Loader ID}]] [/addlast] source Specifies the location of the windows system root. /l Specifies an optional locale parameter to use when initializing the BCD store. The default is US English. /s Specifies an optional volume letter parameter to designate the target system partition where boot environment files are copied. The default is the system partition identified by the firmware. /v Enables verbose mode. /m If an OS loader GUID is provided, this option merges the given loader object with the system template to produce a bootable entry. Otherwise, only global objects are merged. /d Specifies that the existing default windows boot entry should be preserved. /f Used with the /s command, specifies the firmware type of the target system partition. Options for <firmware> are 'UEFI', 'BIOS', or 'ALL'. /addlast Specifies that the windows boot manager firmware entry should be added last. The default behavior is to add it first. Examples: bcdboot c:\windows /l en-us bcdboot c:\windows /s h: bcdboot c:\windows /s h: /f UEFI bcdboot c:\windows /m {d58d10c6-df53-11dc-878f-00064f4f4e08} bcdboot c:\windows /d /addlast
BCDEDIT - Boot Configuration Data Store Editor The Bcdedit.exe command-line tool modifies the boot configuration data store. The boot configuration data store contains boot configuration parameters and controls how the operating system is booted. These parameters were previously in the Boot.ini file (in BIOS-based operating systems) or in the nonvolatile RAM entries (in Extensible Firmware Interface-based operating systems). You can use Bcdedit.exe to add, delete, edit, and append entries in the boot configuration data store. For detailed command and option information, type bcdedit.exe /? <command>. For example, to display detailed information about the /createstore command, type: bcdedit.exe /? /createstore For an alphabetical list of topics in this help file, run "bcdedit /? TOPICS". Commands that operate on a store ================================ /createstore Creates a new and empty boot configuration data store. /export Exports the contents of the system store to a file. This file can be used later to restore the state of the system store. /import Restores the state of the system store using a backup file created with the /export command. /sysstore Sets the system store device (only affects EFI systems, does not persist across reboots, and is only used in cases where the system store device is ambiguous). Commands that operate on entries in a store =========================================== /copy Makes copies of entries in the store. /create Creates new entries in the store. /delete Deletes entries from the store. /mirror Creates mirror of entries in the store. Run bcdedit /? ID for information about identifiers used by these commands. Commands that operate on entry options ====================================== /deletevalue Deletes entry options from the store. /set Sets entry option values in the store. Run bcdedit /? TYPES for a list of datatypes used by these commands. Run bcdedit /? FORMATS for a list of valid data formats. Commands that control output ============================ /enum Lists entries in the store. /v Command-line option that displays entry identifiers in full, rather than using names for well-known identifiers. Use /v by itself as a command to display entry identifiers in full for the ACTIVE type. Running "bcdedit" by itself is equivalent to running "bcdedit /enum ACTIVE". Commands that control the boot manager ====================================== /bootsequence Sets the one-time boot sequence for the boot manager. /default Sets the default entry that the boot manager will use. /displayorder Sets the order in which the boot manager displays the multiboot menu. /timeout Sets the boot manager time-out value. /toolsdisplayorder Sets the order in which the boot manager displays the tools menu. Commands that control Emergency Management Services for a boot application ========================================================================== /bootems Enables or disables Emergency Management Services for a boot application. /ems Enables or disables Emergency Management Services for an operating system entry. /emssettings Sets the global Emergency Management Services parameters. Command that control debugging ============================== /bootdebug Enables or disables boot debugging for a boot application. /dbgsettings Sets the global debugger parameters. /debug Enables or disables kernel debugging for an operating system entry. /hypervisorsettings Sets the hypervisor parameters.
BITSADMIN version 3.0 [ 7.7.9600 ] BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command The following commands are available: /HELP Prints this help /? Prints this help /UTIL /? Prints the list of utilities commands /PEERCACHING /? Prints the list of commands to manage Peercaching /CACHE /? Prints the list of cache management commands /PEERS /? Prints the list of peer management commands /LIST [/ALLUSERS] [/VERBOSE] List the jobs /MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager /RESET [/ALLUSERS] Deletes all jobs in the manager /TRANSFER <job name> [type] [/PRIORITY priority] [/ACLFLAGS flags] remote_url local_name Transfers one of more files. [type] may be /DOWNLOAD or /UPLOAD; default is download Multiple URL/file pairs may be specified. Unlike most commands, <job name> may only be a name and not a GUID. /CREATE [type] <job name> Creates a job [type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download Unlike most commands, <job name> may only be a name and not a GUID. /INFO <job> [/VERBOSE] Displays information about the job /ADDFILE <job> <remote_url> <local_name> Adds a file to the job /ADDFILESET <job> <textfile> Adds multiple files to the job Each line of <textfile> lists a file's remote name and local name, separated by spaces. A line beginning with '#' is treated as a comment. Once the file set is read into memory, the contents are added to the job. /ADDFILEWITHRANGES <job> <remote_url> <local_name range_list> Like /ADDFILE, but BITS will read only selected byte ranges of the URL. range_list is a comma-delimited series of offset and length pairs. For example, 0:100,2000:100,5000:eof instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting at offset 2000, and the remainder of the URL starting at offset 5000. /REPLACEREMOTEPREFIX <job> <old_prefix> <new_prefix> All files whose URL begins with <old_prefix> are changed to use <new_prefix> Note that BITS currently supports HTTP/HTTPS downloads and uploads. It also supports UNC paths and file:// paths as URLS /LISTFILES <job> Lists the files in the job /SUSPEND <job> Suspends the job /RESUME <job> Resumes the job /CANCEL <job> Cancels the job /COMPLETE <job> Completes the job /GETTYPE <job> Retrieves the job type /GETACLFLAGS <job> Retrieves the ACL propagation flags /SETACLFLAGS <job> <ACL_flags> Sets the ACL propagation flags for the job O - OWNER G - GROUP D - DACL S - SACL Examples: bitsadmin /setaclflags MyJob OGDS bitsadmin /setaclflags MyJob OGD /GETBYTESTOTAL <job> Retrieves the size of the job /GETBYTESTRANSFERRED <job> Retrieves the number of bytes transferred /GETFILESTOTAL <job> Retrieves the number of files in the job /GETFILESTRANSFERRED <job> Retrieves the number of files transferred /GETCREATIONTIME <job> Retrieves the job creation time /GETMODIFICATIONTIME <job> Retrieves the job modification time /GETCOMPLETIONTIME <job> Retrieves the job completion time /GETSTATE <job> Retrieves the job state /GETERROR <job> Retrieves detailed error information /GETOWNER <job> Retrieves the job owner /GETDISPLAYNAME <job> Retrieves the job display name /SETDISPLAYNAME <job> <display_name> Sets the job display name /GETDESCRIPTION <job> Retrieves the job description /SETDESCRIPTION <job> <description> Sets the job description /GETPRIORITY <job> Retrieves the job priority /SETPRIORITY <job> <priority> Sets the job priority Priority usage choices: FOREGROUND HIGH NORMAL LOW /GETNOTIFYFLAGS <job> Retrieves the notify flags /SETNOTIFYFLAGS <job> <notify_flags> Sets the notify flags For more help on this option, please refer to the MSDN help page for SetNotifyFlags /GETNOTIFYINTERFACE <job> Determines if notify interface is registered /GETMINRETRYDELAY <job> Retrieves the retry delay in seconds /SETMINRETRYDELAY <job> <retry_delay> Sets the retry delay in seconds /GETNOPROGRESSTIMEOUT <job> Retrieves the no progress timeout in seconds /SETNOPROGRESSTIMEOUT <job> <timeout> Sets the no progress timeout in seconds /GETMAXDOWNLOADTIME <job> Retrieves the download timeout in seconds /SETMAXDOWNLOADTIME <job> <timeout> Sets the download timeout in seconds /GETERRORCOUNT <job> Retrieves an error count for the job /SETPROXYSETTINGS <job> <usage> Sets the proxy usage usage choices: PRECONFIG - Use the owner's default Internet settings. AUTODETECT - Force autodetection of proxy. NO_PROXY - Do not use a proxy server. OVERRIDE - Use an explicit proxy list and bypass list. Must be followed by a proxy list and a proxy bypass list. NULL or "" may be used for an empty proxy bypass list. Examples: bitsadmin /setproxysettings MyJob PRECONFIG bitsadmin /setproxysettings MyJob AUTODETECT bitsadmin /setproxysettings MyJob NO_PROXY bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "<local>" bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL /GETPROXYUSAGE <job> Retrieves the proxy usage setting /GETPROXYLIST <job> Retrieves the proxy list /GETPROXYBYPASSLIST <job> Retrieves the proxy bypass list /TAKEOWNERSHIP <job> Take ownership of the job /SETNOTIFYCMDLINE <job> <program_name> [program_parameters] Sets a program to execute for notification, and optionally parameters. The program name and parameters can be NULL. IMPORTANT: if parameters are non-NULL, then the program name should be the first parameter. Examples: bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe NULL bitsadmin /SetNotifyCmdLine MyJob c:\callback.exe "c:\callback.exe parm1 parm2" bitsadmin /SetNotifyCmdLine MyJob NULL NULL /GETNOTIFYCMDLINE <job> Returns the job's notification command line /SETCREDENTIALS <job> <target> <scheme> <username> <password> Adds credentials to a job. <target> may be either SERVER or PROXY <scheme> may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT. /REMOVECREDENTIALS <job> <target> <scheme> Removes credentials from a job. /GETCUSTOMHEADERS <job> Gets the Custom HTTP Headers /SETCUSTOMHEADERS <job> <header1> <header2> <...> Sets the Custom HTTP Headers /GETCLIENTCERTIFICATE <job> Gets the job's Client Certificate Information /SETCLIENTCERTIFICATEBYID <job> <store_location> <store_name> <hexa-decimal_cert_id> Sets a client authentication certificate to a job. <store_location> may be 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE), 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY), 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). /SETCLIENTCERTIFICATEBYNAME <job> <store_location> <store_name> <subject_name> Sets a client authentication certificate to a job. <store_location> may be 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE), 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY), 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). /REMOVECLIENTCERTIFICATE <job> Removes the Client Certificate Information from the job /SETSECURITYFLAGS <job> <value> Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer. The value is an unsigned integer with the following interpretation for the bits in the binary representation. Enable CRL Check : Set the least significant bit Ignore invalid common name in server certificate : Set the 2nd bit from right Ignore invalid date in server certificate : Set the 3rd bit from right Ignore invalid certificate authority in server certificate : Set the 4th bit from right Ignore invalid usage of certificate : Set the 5th bit from right Redirection policy : Controlled by the 9th-11th bits from right 0,0,0 - Redirects will be automatically allowed. 0,0,1 - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs. 0,1,0 - BITS will fail the job if a redirect occurs. Allow redirection from HTTPS to HTTP : Set the 12th bit from right /GETSECURITYFLAGS <job> Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer. /SETVALIDATIONSTATE <job> <file-index> <true|false> <file-index> starts from 0 Sets the content-validation state of the given file within the job. /GETVALIDATIONSTATE <job> <file-index> <file-index> starts from 0 Reports the content-validation state of the given file within the job. /GETTEMPORARYNAME <job> <file-index> <file-index> starts from 0 Reports the temporary filename of the given file within the job. The following options control peercaching of a particular job: /SETPEERCACHINGFLAGS <job> <value> Sets the flags for the job's peercaching behavior. The value is an unsigned integer with the following interpretation for the bits in the binary representation. Allow the job's data to be downloaded from a peer : Set the least significant bit Allow the job's data to be served to peers : Set the 2nd bit from right /GETPEERCACHINGFLAGS <job> Reports the flags for the job's peercaching behavior. The following options are valid for UPLOAD-REPLY jobs only: /GETREPLYFILENAME <job> Gets the path of the file containing the server reply /SETREPLYFILENAME <job> <path> Sets the path of the file containing the server reply /GETREPLYPROGRESS <job> Gets the size and progress of the server reply /GETREPLYDATA <job> Dumps the server's reply data in hex format The following options can be placed before the command: /RAWRETURN Return data more suitable for parsing /WRAP Wrap output around console (default) /NOWRAP Don't wrap output around console The /RAWRETURN option strips new line characters and formatting. It is recognized by the /CREATE and /GET* commands. Commands that take a <job> parameter will accept either a job name or a job ID GUID inside braces. BITSADMIN reports an error if a name is ambiguous.
BOOTCFG /parameter [arguments] Description: This command line tool can be used to configure, query, change or delete the boot entry settings in the BOOT.INI file. Parameter List: /Copy Makes a copy of an existing boot entry. /Delete Deletes an existing boot entry from the BOOT.INI file. /Query Displays the current boot entries and their settings. /Raw Allows the user to specify any switch to be added. /Timeout Allows the user to change the Timeout value. /Default Allows the user to change the Default boot entry. /EMS Allows the user to configure the /redirect switch for headless support. /Debug Allows the user to specify the port and baudrate for remote debugging. /Addsw Allows the user to add predefined switches. /Rmsw Allows the user to remove predefined switches. /Dbg1394 Allows the user to configure 1394 port for debugging. /? Displays this help message. Examples: BOOTCFG /Copy /? BOOTCFG /Delete /? BOOTCFG /Query /? BOOTCFG /Raw /? BOOTCFG /Timeout /? BOOTCFG /EMS /? BOOTCFG /Debug /? BOOTCFG /Addsw /? BOOTCFG /Rmsw /? BOOTCFG /Dbg1394 /? BOOTCFG /Default /? BOOTCFG /? WARNING: BOOT.INI is used for boot options on Windows XP and earlier operating systems. Use the BCDEDIT command line tool to modify Windows Vista boot options.
Sets or Clears Extended CTRL+C checking on DOS system This is present for Compatibility with DOS systems. It has no effect under Windows. If Command Extensions are enabled, and running on the Windows platform, then the BREAK command will enter a hard coded breakpoint if being debugged by a debugger.
NOTE: Cacls is now deprecated, please use Icacls. Displays or modifies access control lists (ACLs) of files CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm] [/R user [...]] [/P user:perm [...]] [/D user [...]] filename Displays ACLs. /T Changes ACLs of specified files in the current directory and all subdirectories. /L Work on the Symbolic Link itself versus the target /M Changes ACLs of volumes mounted to a directory /S Displays the SDDL string for the DACL. /S:SDDL Replaces the ACLs with those specified in the SDDL string (not valid with /E, /G, /R, /P, or /D). /E Edit ACL instead of replacing it. /C Continue on access denied errors. /G user:perm Grant specified user access rights. Perm can be: R Read W Write C Change (write) F Full control /R user Revoke specified user's access rights (only valid with /E). /P user:perm Replace specified user's access rights. Perm can be: N None R Read W Write C Change (write) F Full control /D user Deny specified user access. Wildcards can be used to specify more than one file in a command. You can specify more than one user in a command. Abbreviations: CI - Container Inherit. The ACE will be inherited by directories. OI - Object Inherit. The ACE will be inherited by files. IO - Inherit Only. The ACE does not apply to the current file/directory. ID - Inherited. The ACE was inherited from the parent directory's ACL.
Calls one batch program from another. CALL [drive:][path]filename [batch-parameters] batch-parameters Specifies any command-line information required by the batch program. If Command Extensions are enabled CALL changes as follows: CALL command now accepts labels as the target of the CALL. The syntax is: CALL :label arguments A new batch file context is created with the specified arguments and control is passed to the statement after the label specified. You must "exit" twice by reaching the end of the batch script file twice. The first time you read the end, control will return to just after the CALL statement. The second time will exit the batch script. Type GOTO /? for a description of the GOTO :EOF extension that will allow you to "return" from a batch script. In addition, expansion of batch script argument references (%0, %1, etc.) have been changed as follows: %* in a batch script refers to all the arguments (e.g. %1 %2 %3 %4 %5 ...) Substitution of batch parameters (%n) has been enhanced. You can now use the following optional syntax: %~1 - expands %1 removing any surrounding quotes (") %~f1 - expands %1 to a fully qualified path name %~d1 - expands %1 to a drive letter only %~p1 - expands %1 to a path only %~n1 - expands %1 to a file name only %~x1 - expands %1 to a file extension only %~s1 - expanded path contains short names only %~a1 - expands %1 to file attributes %~t1 - expands %1 to date/time of file %~z1 - expands %1 to size of file %~$PATH:1 - searches the directories listed in the PATH environment variable and expands %1 to the fully qualified name of the first one found. If the environment variable name is not defined or the file is not found by the search, then this modifier expands to the empty string The modifiers can be combined to get compound results: %~dp1 - expands %1 to a drive letter and path only %~nx1 - expands %1 to a file name and extension only %~dp$PATH:1 - searches the directories listed in the PATH environment variable for %1 and expands to the drive letter and path of the first one found. %~ftza1 - expands %1 to a DIR like output line In the above examples %1 and PATH can be replaced by other valid values. The %~ syntax is terminated by a valid argument number. The %~ modifiers may not be used with %*
Displays the name of or changes the current directory. CHDIR [/D] [drive:][path] CHDIR [..] CD [/D] [drive:][path] CD [..] .. Specifies that you want to change to the parent directory. Type CD drive: to display the current directory in the specified drive. Type CD without parameters to display the current drive and directory. Use the /D switch to change current drive in addition to changing current directory for a drive. If Command Extensions are enabled CHDIR changes as follows: The current directory string is converted to use the same case as the on disk names. So CD C:\TEMP would actually set the current directory to C:\Temp if that is the case on disk. CHDIR command does not treat spaces as delimiters, so it is possible to CD into a subdirectory name that contains a space without surrounding the name with quotes. For example: cd \winnt\profiles\username\programs\start menu is the same as: cd "\winnt\profiles\username\programs\start menu" which is what you would have to type if extensions were disabled.
Usage: CertReq -? CertReq [-v] -? CertReq [-Command] -? CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]] Submit a request to a Certification Authority. Options: -attrib AttributeString -binary -PolicyServer PolicyServer -config ConfigString -Anonymous -Kerberos -ClientCertificate ClientCertId -UserName UserName -p Password -crl -rpc -AdminForceMachine -RenewOnBehalfOf -NoChallenge CertReq -Retrieve [Options] RequestId [CertFileOut [CertChainFileOut [FullResponseFileOut]]] Retrieve a response to a previous request from a Certification Authority. Options: -binary -PolicyServer PolicyServer -config ConfigString -Anonymous -Kerberos -ClientCertificate ClientCertId -UserName UserName -p Password -crl -rpc -AdminForceMachine CertReq -New [Options] [PolicyFileIn [RequestFileOut]] Create a new request as directed by PolicyFileIn Options: -attrib AttributeString -binary -cert CertId -PolicyServer PolicyServer -config ConfigString -Anonymous -Kerberos -ClientCertificate ClientCertId -UserName UserName -p Password -pin Pin -user -machine -xchg ExchangeCertFile CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn] Accept and install a response to a previous new request. Options: -user -machine -pin Pin CertReq -Policy [Options] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]] Construct a cross certification or qualified subordination request from an existing CA certificate or from an existing request. Options: -attrib AttributeString -binary -cert CertId -PolicyServer PolicyServer -Anonymous -Kerberos -ClientCertificate ClientCertId -UserName UserName -p Password -pin Pin -noEKU -AlternateSignatureAlgorithm -HashAlgorithm HashAlgorithm CertReq -Sign [Options] [RequestFileIn [RequestFileOut]] Sign a certificate request with an enrollment agent or qualified subordination signing certificate. Options: -binary -cert CertId -PolicyServer PolicyServer -Anonymous -Kerberos -ClientCertificate ClientCertId -UserName UserName -p Password -pin Pin -crl -noEKU -HashAlgorithm HashAlgorithm CertReq -Enroll [Options] TemplateName CertReq -Enroll -cert CertId [Options] Renew [ReuseKeys] Enroll for or renew a certificate. Options: -PolicyServer PolicyServer -user -machine -pin Pin
Verbs: -dump -- Dump configuration information or files -asn -- Parse ASN.1 file -decodehex -- Decode hexadecimal-encoded file -decode -- Decode Base64-encoded file -encode -- Encode file to Base64 -deny -- Deny pending request -resubmit -- Resubmit pending request -setattributes -- Set attributes for pending request -setextension -- Set extension for pending request -revoke -- Revoke Certificate -isvalid -- Display current certificate disposition -getconfig -- Get default configuration string -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface -CAInfo -- Display CA Information -ca.cert -- Retrieve the CA's certificate -ca.chain -- Retrieve the CA's certificate chain -GetCRL -- Get CRL -CRL -- Publish new CRLs [or delta CRLs only] -shutdown -- Shutdown Active Directory Certificate Services -installCert -- Install Certification Authority certificate -renewCert -- Renew Certification Authority certificate -schema -- Dump Certificate Schema -view -- Dump Certificate View -db -- Dump Raw Database -deleterow -- Delete server database row -backup -- Backup Active Directory Certificate Services -backupDB -- Backup Active Directory Certificate Services database -backupKey -- Backup Active Directory Certificate Services certificate and private key -restore -- Restore Active Directory Certificate Services -restoreDB -- Restore Active Directory Certificate Services database -restoreKey -- Restore Active Directory Certificate Services certificate and private key -importPFX -- Import certificate and private key -dynamicfilelist -- Display dynamic file List -databaselocations -- Display database locations -hashfile -- Generate and display cryptographic hash over a file -store -- Dump certificate store -addstore -- Add certificate to store -delstore -- Delete certificate from store -verifystore -- Verify certificate in store -repairstore -- Repair key association or update certificate properties or key security descriptor -viewstore -- Dump certificate store -viewdelstore -- Delete certificate from store -UI -- Certificate Trust List: -attest -- Verify Key Attestation Request -dsPublish -- Publish certificate or CRL to Active Directory -ADTemplate -- Display AD templates -Template -- Display Enrollment Policy templates -TemplateCAs -- Display CAs for template -CATemplates -- Display templates for CA -SetCASites -- Manage Site Names for CAs -enrollmentServerURL -- Display, add or delete enrollment server URLs associated with a CA -ADCA -- Display AD CAs -CA -- Display Enrollment Policy CAs -Policy -- Display Enrollment Policy -PolicyCache -- Display or delete Enrollment Policy Cache entries -CredStore -- Display, add or delete Credential Store entries -InstallDefaultTemplates -- Install default certificate templates -URLCache -- Display or delete URL cache entries -pulse -- Pulse autoenrollment events -MachineInfo -- Display Active Directory machine object information -DCInfo -- Display domain controller information -EntInfo -- Display enterprise information -TCAInfo -- Display CA information -SCInfo -- Display smart card information -SCRoots -- Manage smart card root certificates -verifykeys -- Verify public/private key set -verify -- Verify certificate, CRL or chain -verifyCTL -- Verify AuthRoot or Disallowed Certificates CTL -syncWithWU -- Sync with Windows Update -generateSSTFromWU -- Generate SST from Windows Update -sign -- Re-sign CRL or certificate -vroot -- Create/delete web virtual roots and file shares -vocsproot -- Create/delete web virtual roots for OCSP web proxy -addEnrollmentServer -- Add an Enrollment Server application -deleteEnrollmentServer -- Delete an Enrollment Server application -addPolicyServer -- Add a Policy Server application -deletePolicyServer -- Delete a Policy Server application -oid -- Display ObjectId or set display name -error -- Display error code message text -getreg -- Display registry value -setreg -- Set registry value -delreg -- Delete registry value -ImportKMS -- Import user keys and certificates into server database for key archival -ImportCert -- Import a certificate file into the database -GetKey -- Retrieve archived private key recovery blob, generate a recovery script, or recover archived keys -RecoverKey -- Recover archived private key -MergePFX -- Merge PFX files -ConvertEPF -- Convert PFX files to EPF file -? -- Display this usage message CertUtil -? -- Display a verb list (command list) CertUtil -dump -? -- Display help text for the "dump" verb CertUtil -v -? -- Display all help text for all verbs CertUtil: -? command completed successfully.
Displays or sets the active code page number. CHCP [nnn] nnn Specifies a code page number. Type CHCP without a parameter to display the active code page number.
Displays the name of or changes the current directory. CHDIR [/D] [drive:][path] CHDIR [..] CD [/D] [drive:][path] CD [..] .. Specifies that you want to change to the parent directory. Type CD drive: to display the current directory in the specified drive. Type CD without parameters to display the current drive and directory. Use the /D switch to change current drive in addition to changing current directory for a drive. If Command Extensions are enabled CHDIR changes as follows: The current directory string is converted to use the same case as the on disk names. So CD C:\TEMP would actually set the current directory to C:\Temp if that is the case on disk. CHDIR command does not treat spaces as delimiters, so it is possible to CD into a subdirectory name that contains a space without surrounding the name with quotes. For example: cd \winnt\profiles\username\programs\start menu is the same as: cd "\winnt\profiles\username\programs\start menu" which is what you would have to type if extensions were disabled.
Enable, disable, or drain session logins. CHANGE LOGON {/QUERY | /ENABLE | /DISABLE | /DRAIN | /DRAINUNTILRESTART} /QUERY Query current session login mode. /ENABLE Enable user login from sessions. /DISABLE Disable user login from sessions. /DRAIN Disable new user logons, but allow reconnections to existing sessions. /DRAINUNTILRESTART Disable new user logons until the server is restarted, but allow reconnections to existing sessions.
List or change COM port mappings for DOS application compatibility. CHANGE PORT [portx=porty | /D portx | /QUERY] portx=porty Map port x to port y. /D portx Delete mapping for port x. /QUERY Display current mapping ports.
Change Install Mode. CHANGE USER {/EXECUTE | /INSTALL | /QUERY} /EXECUTE Enable execute mode (default). /INSTALL Enable install mode. /QUERY Display current settings.
Checks a disk and displays a status report. CHKDSK [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]] [/B] [/scan] [/spotfix] volume Specifies the drive letter (followed by a colon), mount point, or volume name. filename FAT/FAT32 only: Specifies the files to check for fragmentation. /F Fixes errors on the disk. /V On FAT/FAT32: Displays the full path and name of every file on the disk. On NTFS: Displays cleanup messages if any. /R Locates bad sectors and recovers readable information (implies /F, when /scan not specified). /L:size NTFS only: Changes the log file size to the specified number of kilobytes. If size is not specified, displays current size. /X Forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid (implies /F). /I NTFS only: Performs a less vigorous check of index entries. /C NTFS only: Skips checking of cycles within the folder structure. /B NTFS only: Re-evaluates bad clusters on the volume (implies /R) /scan NTFS only: Runs a online scan on the volume /forceofflinefix NTFS only: (Must be used with "/scan") Bypass all online repair; all defects found are queued for offline repair (i.e. "chkdsk /spotfix"). /perf NTFS only: (Must be used with "/scan") Uses more system resources to complete a scan as fast as possible. This may have a negative performance impact on other tasks running on the system. /spotfix NTFS only: Runs spot fixing on the volume /sdcleanup NTFS only: Garbage collect unneeded security descriptor data (implies /F). /offlinescanandfix Runs an offline scan and fix on the volume. The /I or /C switch reduces the amount of time required to run Chkdsk by skipping certain checks of the volume.
Displays or modifies the checking of disk at boot time. CHKNTFS volume [...] CHKNTFS /D CHKNTFS /T[:time] CHKNTFS /X volume [...] CHKNTFS /C volume [...] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /D Restores the machine to the default behavior; all drives are checked at boot time and chkdsk is run on those that are dirty. /T:time Changes the AUTOCHK initiation countdown time to the specified amount of time in seconds. If time is not specified, displays the current setting. /X Excludes a drive from the default boot-time check. Excluded drives are not accumulated between command invocations. /C Schedules a drive to be checked at boot time; chkdsk will run if the drive is dirty. If no switches are specified, CHKNTFS will display if the specified drive is dirty or scheduled to be checked on next reboot.
CHOICE [/C choices] [/N] [/CS] [/T timeout /D choice] [/M text] Description: This tool allows users to select one item from a list of choices and returns the index of the selected choice. Parameter List: /C choices Specifies the list of choices to be created. Default list is "YN". /N Hides the list of choices in the prompt. The message before the prompt is displayed and the choices are still enabled. /CS Enables case-sensitive choices to be selected. By default, the utility is case-insensitive. /T timeout The number of seconds to pause before a default choice is made. Acceptable values are from 0 to 9999. If 0 is specified, there will be no pause and the default choice is selected. /D choice Specifies the default choice after nnnn seconds. Character must be in the set of choices specified by /C option and must also specify nnnn with /T. /M text Specifies the message to be displayed before the prompt. If not specified, the utility displays only a prompt. /? Displays this help message. NOTE: The ERRORLEVEL environment variable is set to the index of the key that was selected from the set of choices. The first choice listed returns a value of 1, the second a value of 2, and so on. If the user presses a key that is not a valid choice, the tool sounds a warning beep. If tool detects an error condition, it returns an ERRORLEVEL value of 255. If the user presses CTRL+BREAK or CTRL+C, the tool returns an ERRORLEVEL value of 0. When you use ERRORLEVEL parameters in a batch program, list them in decreasing order. Examples: CHOICE /? CHOICE /C YNC /M "Press Y for Yes, N for No or C for Cancel." CHOICE /T 10 /C ync /CS /D y CHOICE /C ab /M "Select a for option 1 and b for option 2." CHOICE /C ab /N /M "Select a for option 1 and b for option 2."
Displays or alters the encryption of directories [files] on NTFS partitions. CIPHER [/E | /D | /C] [/S:directory] [/B] [/H] [pathname [...]] CIPHER /K [/ECC:256|384|521] CIPHER /R:filename [/SMARTCARD] [/ECC:256|384|521] CIPHER /U [/N] CIPHER /W:directory CIPHER /X[:efsfile] [filename] CIPHER /Y CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:filename | /USER:username] [/S:directory] [/B] [/H] [pathname [...]] CIPHER /FLUSHCACHE [/SERVER:servername] CIPHER /REMOVEUSER /CERTHASH:hash [/S:directory] [/B] [/H] [pathname [...]] CIPHER /REKEY [pathname [...]] /B Abort if an error is encountered. By default, CIPHER continues executing even if errors are encountered. /C Displays information on the encrypted file. /D Decrypts the specified files or directories. /E Encrypts the specified files or directories. Directories will be marked so that files added afterward will be encrypted. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended that you encrypt the file and the parent directory. /H Displays files with the hidden or system attributes. These files are omitted by default. /K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. Note: By default, /K creates a certificate and key that conform to current group policy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /N This option only works with /U. This will prevent keys being updated. This is used to find all the encrypted files on the local drives. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery key for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is generated. Note: By default, /R creates an 2048-bit RSA recovery key and certificate. If ECC is specified, it must be followed by a key size of 256, 384, or 521. /S Performs the specified operation on the given directory and all files and subdirectories within it. /U Tries to touch all the encrypted files on local drives. This will update user's file encryption key or recovery keys to the current ones if they are changed. This option does not work with other options except /N. /W Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed. /X Backup EFS certificate and keys into file filename. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up. /Y Displays your current EFS certificate thumbprint on the local PC. /ADDUSER Adds a user to the specified encrypted file(s). If CERTHASH is provided, cipher will search for a certificate with this SHA1 hash. If CERTFILE is provided, cipher will extract the certificate from the file. If USER is provided, cipher will try to locate the user's certificate in Active Directory Domain Services. /FLUSHCACHE Clears the calling user's EFS key cache on the specified server. If servername is not provided, cipher clears the user's key cache on the local machine. /REKEY Updates the specified encrypted file(s) to use the configured EFS current key. /REMOVEUSER Removes a user from the specified file(s). CERTHASH must be the SHA1 hash of the certificate to remove. directory A directory path. filename A filename without extensions. pathname Specifies a pattern, file or directory. efsfile An encrypted file path. Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.
CLIP Description: Redirects output of command line tools to the Windows clipboard. This text output can then be pasted into other programs. Parameter List: /? Displays this help message. Examples: DIR | CLIP Places a copy of the current directory listing into the Windows clipboard. CLIP < README.TXT Places a copy of the text from readme.txt on to the Windows clipboard.
Starts a new instance of the Windows command interpreter CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF] [[/S] [/C | /K] string] /C Carries out the command specified by string and then terminates /K Carries out the command specified by string but remains /S Modifies the treatment of string after /C or /K (see below) /Q Turns echo off /D Disable execution of AutoRun commands from registry (see below) /A Causes the output of internal commands to a pipe or file to be ANSI /U Causes the output of internal commands to a pipe or file to be Unicode /T:fg Sets the foreground/background colors (see COLOR /? for more info) /E:ON Enable command extensions (see below) /E:OFF Disable command extensions (see below) /F:ON Enable file and directory name completion characters (see below) /F:OFF Disable file and directory name completion characters (see below) /V:ON Enable delayed environment variable expansion using ! as the delimiter. For example, /V:ON would allow !var! to expand the variable var at execution time. The var syntax expands variables at input time, which is quite a different thing when inside of a FOR loop. /V:OFF Disable delayed environment expansion. Note that multiple commands separated by the command separator '&&' are accepted for string if surrounded by quotes. Also, for compatibility reasons, /X is the same as /E:ON, /Y is the same as /E:OFF and /R is the same as /C. Any other switches are ignored. If /C or /K is specified, then the remainder of the command line after the switch is processed as a command line, where the following logic is used to process quote (") characters: 1. If all of the following conditions are met, then quote characters on the command line are preserved: - no /S switch - exactly two quote characters - no special characters between the two quote characters, where special is one of: &<>()@ˆ| - there are one or more whitespace characters between the two quote characters - the string between the two quote characters is the name of an executable file. 2. Otherwise, old behavior is to see if the first character is a quote character and if so, strip the leading character and remove the last quote character on the command line, preserving any text after the last quote character. If /D was NOT specified on the command line, then when CMD.EXE starts, it looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if either or both are present, they are executed first. HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Command Extensions are enabled by default. You may also disable extensions for a particular invocation by using the /E:OFF switch. You can enable or disable extensions for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions to either 0x1 or 0x0. The user specific setting takes precedence over the machine setting. The command line switches take precedence over the registry settings. In a batch file, the SETLOCAL ENABLEEXTENSIONS or DISABLEEXTENSIONS arguments takes precedence over the /E:ON or /E:OFF switch. See SETLOCAL /? for details. The command extensions involve changes and/or additions to the following commands: DEL or ERASE COLOR CD or CHDIR MD or MKDIR PROMPT PUSHD POPD SET SETLOCAL ENDLOCAL IF FOR CALL SHIFT GOTO START (also includes changes to external command invocation) ASSOC FTYPE To get specific details, type commandname /? to view the specifics. Delayed environment variable expansion is NOT enabled by default. You can enable or disable delayed environment variable expansion for a particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You can enable or disable delayed expansion for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion to either 0x1 or 0x0. The user specific setting takes precedence over the machine setting. The command line switches take precedence over the registry settings. In a batch file the SETLOCAL ENABLEDELAYEDEXPANSION or DISABLEDELAYEDEXPANSION arguments takes precedence over the /V:ON or /V:OFF switch. See SETLOCAL /? for details. If delayed environment variable expansion is enabled, then the exclamation character can be used to substitute the value of an environment variable at execution time. You can enable or disable file name completion for a particular invocation of CMD.EXE with the /F:ON or /F:OFF switch. You can enable or disable completion for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar with the hex value of a control character to use for a particular function (e.g. 0x4 is Ctrl-D and 0x6 is Ctrl-F). The user specific settings take precedence over the machine settings. The command line switches take precedence over the registry settings. If completion is enabled with the /F:ON switch, the two control characters used are Ctrl-D for directory name completion and Ctrl-F for file name completion. To disable a particular completion character in the registry, use the value for space (0x20) as it is not a valid control character. Completion is invoked when you type either of the two control characters. The completion function takes the path string to the left of the cursor appends a wild card character to it if none is already present and builds up a list of paths that match. It then displays the first matching path. If no paths match, it just beeps and leaves the display alone. Thereafter, repeated pressing of the same control character will cycle through the list of matching paths. Pressing the Shift key with the control character will move through the list backwards. If you edit the line in any way and press the control character again, the saved list of matching paths is discarded and a new one generated. The same occurs if you switch between file and directory name completion. The only difference between the two control characters is the file completion character matches both file and directory names, while the directory completion character only matches directory names. If file completion is used on any of the built in directory commands (CD, MD or RD) then directory completion is assumed. The completion code deals correctly with file names that contain spaces or other special characters by placing quotes around the matching path. Also, if you back up, then invoke completion from within a line, the text to the right of the cursor at the point completion was invoked is discarded. The special characters that require quotes are: <space> &()[]{}ˆ=;!'+,`~
Creates, displays, and deletes stored user names and passwords. The syntax of this command is: CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}] Examples: To list available credentials: cmdkey /list cmdkey /list:targetname To create domain credentials: cmdkey /add:targetname /user:username /pass:password cmdkey /add:targetname /user:username /pass cmdkey /add:targetname /user:username cmdkey /add:targetname /smartcard To create generic credentials: The /add switch may be replaced by /generic to create generic credentials To delete existing credentials: cmdkey /delete:targetname To delete RAS credentials: cmdkey /delete /ras
Sets the default console foreground and background colors. COLOR [attr] attr Specifies color attribute of console output Color attributes are specified by TWO hex digits -- the first corresponds to the background; the second the foreground. Each digit can be any of the following values: 0 = Black 8 = Gray 1 = Blue 9 = Light Blue 2 = Green A = Light Green 3 = Aqua B = Light Aqua 4 = Red C = Light Red 5 = Purple D = Light Purple 6 = Yellow E = Light Yellow 7 = White F = Bright White If no argument is given, this command restores the color to what it was when CMD.EXE started. This value either comes from the current console window, the /T command line switch or from the DefaultColor registry value. The COLOR command sets ERRORLEVEL to 1 if an attempt is made to execute the COLOR command with a foreground and background color that are the same. Example: "COLOR fc" produces light red on bright white
Compares the contents of two files or sets of files. COMP [data1] [data2] [/D] [/A] [/L] [/N=number] [/C] [/OFF[LINE]] data1 Specifies location and name(s) of first file(s) to compare. data2 Specifies location and name(s) of second files to compare. /D Displays differences in decimal format. /A Displays differences in ASCII characters. /L Displays line numbers for differences. /N=number Compares only the first specified number of lines in each file. /C Disregards case of ASCII letters when comparing files. /OFF[LINE] Do not skip files with offline attribute set. To compare sets of files, use wildcards in data1 and data2 parameters.
Displays or alters the compression of files on NTFS partitions. COMPACT [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [filename [...]] /C Compresses the specified files. Directories will be marked so that files added afterward will be compressed. /U Uncompresses the specified files. Directories will be marked so that files added afterward will not be compressed. /S Performs the specified operation on files in the given directory and all subdirectories. Default "dir" is the current directory. /A Displays files with the hidden or system attributes. These files are omitted by default. /I Continues performing the specified operation even after errors have occurred. By default, COMPACT stops when an error is encountered. /F Forces the compress operation on all specified files, even those which are already compressed. Already-compressed files are skipped by default. /Q Reports only the most essential information. filename Specifies a pattern, file, or directory. Used without parameters, COMPACT displays the compression state of the current directory and any files it contains. You may use multiple filenames and wildcards. You must put spaces between multiple parameters.
Converts a FAT volume to NTFS. CONVERT volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /FS:NTFS Specifies that the volume will be converted to NTFS. /V Specifies that Convert will be run in verbose mode. /CvtArea:filename Specifies a contiguous file in the root directory that will be the place holder for NTFS system files. /NoSecurity Specifies that the security settings on the converted files and directories allow access by all users. /X Forces the volume to dismount first if necessary. All open handles to the volume will not be valid.
Copies one or more files to another location. COPY [/D] [/V] [/N] [/Y | /-Y] [/Z] [/L] [/A | /B ] source [/A | /B] [+ source [/A | /B] [+ ...]] [destination [/A | /B]] source Specifies the file or files to be copied. /A Indicates an ASCII text file. /B Indicates a binary file. /D Allow the destination file to be created decrypted destination Specifies the directory and/or filename for the new file(s). /V Verifies that new files are written correctly. /N Uses short filename, if available, when copying a file with a non-8dot3 name. /Y Suppresses prompting to confirm you want to overwrite an existing destination file. /-Y Causes prompting to confirm you want to overwrite an existing destination file. /Z Copies networked files in restartable mode. /L If the source is a symbolic link, copy the link to the target instead of the actual file the source link points to. The switch /Y may be preset in the COPYCMD environment variable. This may be overridden with /-Y on the command line. Default is to prompt on overwrites unless COPY command is being executed from within a batch script. To append files, specify a single file for destination, but multiple files for source (using wildcards or file1+file2+file3 format).
Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. Usage: CScript scriptname.extension [option...] [arguments...] Options: //B Batch mode: Suppresses script errors and prompts from displaying //D Enable Active Debugging //E:engine Use engine for executing script //H:CScript Changes the default script host to CScript.exe //H:WScript Changes the default script host to WScript.exe (default) //I Interactive mode (default, opposite of //B) //Job:xxxx Execute a WSF job //Logo Display logo (default) //Nologo Prevent logo display: No banner will be shown at execution time //S Save current command line options for this user //T:nn Time out in seconds: Maximum time a script is permitted to run //X Execute script in debugger //U Use Unicode for redirected I/O from the console
Displays or sets the date. DATE [/T | date] Type DATE without parameters to display the current date setting and a prompt for a new one. Press ENTER to keep the same date. If Command Extensions are enabled the DATE command supports the /T switch which tells the command to just output the current date, without prompting for a new date.
Runs Debug, a program testing and editing tool. DEBUG [[drive:][path]filename [testfile-parameters]] [drive:][path]filename Specifies the file you want to test. testfile-parameters Specifies command-line information required by the file you want to test. After Debug starts, type ? to display a list of debugging commands.
Microsoft Drive Optimizer Copyright (c) 2013 Microsoft Corp. Description: Optimizes and defragments files on local volumes to improve system performance. Syntax: defrag <volumes> | /C | /E <volumes> [<task(s)>] [/H] [/M | [/U] [/V]] Where <task(s)> is omitted (traditional defrag), or as follows: /A | [/D] [/K] [/L] | /O | /X Or, to track an operation already in progress on a volume: defrag <volume> /T Parameters: Value Description /A Perform analysis on the specified volumes. /C Perform the operation on all volumes. /D Perform traditional defrag (this is the default). /E Perform the operation on all volumes except those specified. /H Run the operation at normal priority (default is low). /K Perform slab consolidation on the specified volumes. /L Perform retrim on the specified volumes. /M Run the operation on each volume in parallel in the background. /O Perform the proper optimization for each media type. /T Track an operation already in progress on the specified volume. /U Print the progress of the operation on the screen. /V Print verbose output containing the fragmentation statistics. /X Perform free space consolidation on the specified volumes. Examples: defrag C: /U /V defrag C: D: /M defrag C:\mountpoint /A /U defrag /C /H /V
Deletes one or more files. DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names names Specifies a list of one or more files or directories. Wildcards may be used to delete multiple files. If a directory is specified, all files within the directory will be deleted. /P Prompts for confirmation before deleting each file. /F Force deleting of read-only files. /S Delete specified files from all subdirectories. /Q Quiet mode, do not ask if ok to delete on global wildcard /A Selects files to delete based on attributes attributes R Read-only files S System files H Hidden files A Files ready for archiving I Not content indexed Files L Reparse Points - Prefix meaning not If Command Extensions are enabled DEL and ERASE change as follows: The display semantics of the /S switch are reversed in that it shows you only the files that are deleted, not the ones it could not find.
Displays a list of files and subdirectories in a directory. DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N] [/O[[:]sortorder]] [/P] [/Q] [/R] [/S] [/T[[:]timefield]] [/W] [/X] [/4] [drive:][path][filename] Specifies drive, directory, and/or files to list. /A Displays files with specified attributes. attributes D Directories R Read-only files H Hidden files A Files ready for archiving S System files I Not content indexed files L Reparse Points - Prefix meaning not /B Uses bare format (no heading information or summary). /C Display the thousand separator in file sizes. This is the default. Use /-C to disable display of separator. /D Same as wide but files are list sorted by column. /L Uses lowercase. /N New long list format where filenames are on the far right. /O List by files in sorted order. sortorder N By name (alphabetic) S By size (smallest first) E By extension (alphabetic) D By date/time (oldest first) G Group directories first - Prefix to reverse order /P Pauses after each screenful of information. /Q Display the owner of the file. /R Display alternate data streams of the file. /S Displays files in specified directory and all subdirectories. /T Controls which time field displayed or used for sorting timefield C Creation A Last Access W Last Written /W Uses wide list format. /X This displays the short names generated for non-8dot3 file names. The format is that of /N with the short name inserted before the long name. If no short name is present, blanks are displayed in its place. /4 Displays four-digit years Switches may be preset in the DIRCMD environment variable. Override preset switches by prefixing any switch with - (hyphen)--for example, /-W.
Compares the contents of two floppy disks. DISKCOMP [drive1: [drive2:]]
Copies the contents of one floppy disk to another. DISKCOPY [drive1: [drive2:]] [/V] /V Verifies that the information is copied correctly. The two floppy disks must be the same type. You may specify the same drive for drive1 and drive2.
Microsoft DiskPart version 6.3.9600 Copyright (C) 1999-2013 Microsoft Corporation. On computer: LTROB2 Microsoft DiskPart syntax: diskpart [/s <script>] [/?] /s <script> - Use a DiskPart script. /? - Show this help screen.
DISKPERF [-Y[D|V] | -N[D|V]] [\\computername] -Y Sets the system to start all disk performance counters when the system is restarted. -YD Enables the disk performance counters for physical drives. when the system is restarted. -YV Enables the disk performance counters for logical drives or storage volumes when the system is restarted. -N Sets the system to disable all disk performance counters when the system is restarted. -ND Disables the disk performance counters for physical drives. -NV Disables the disk performance counters for logical drives. \\computername Is the name of the computer you want to see or set disk performance counter use. The computer must be a Windows 2000 system. NOTE: Disk performance counters are permanently enabled on systems beyond Windows 2000.
Microsoft DiskRAID version 6.3.9600 Copyright (C) 2003-2013 Microsoft Corporation. On computer: LTROB2 Usage: DISKRAID [/? | [/s <script>] [/v]] Launches the DiskRAID application. /? specifies that DiskRAID should display this usage text. /s <script> specifies that DiskRAID should execute commands from the script file at the location specified. /v specifies that DiskRAID should run in verbose mode, printing out additional information about each command being executed. Examples: DISKRAID DISKRAID /v
Deployment Image Servicing and Management tool Version: 6.3.9600.16384 DISM.exe [dism_options] {Imaging_command} [<Imaging_arguments>] DISM.exe {/Image:<path_to_offline_image> | /Online} [dism_options] {servicing_command} [<servicing_arguments>] DESCRIPTION: DISM enumerates, installs, uninstalls, configures, and updates features and packages in Windows images. The commands that are available depend on the image being serviced and whether the image is offline or running. GENERIC IMAGING COMMANDS: /Get-MountedImageInfo - Displays information about mounted WIM and VHD images. /Get-ImageInfo - Displays information about images in a WIM or VHD file. /Commit-Image - Saves changes to a mounted WIM or VHD image. /Unmount-Image - Unmounts a mounted WIM or VHD image. /Mount-Image - Mounts an image from a WIM or VHD file. /Remount-Image - Recovers an orphaned image mount directory. /Cleanup-Mountpoints - Deletes resources associated with corrupted mounted images. WIM COMMANDS: /List-Image - Displays a list of the files and folders in a specified image. /Delete-Image - Deletes the specified volume image from a WIM file that has multiple volume images. /Split-Image - Splits an existing .wim file into multiple read-only split WIM (SWM) files. /Export-Image - Exports a copy of the specified image to another file. /Append-Image - Adds another image to a WIM file. /Capture-Image - Captures an image of a drive into a new WIM file. Captured directories include all subfolders and data /Apply-Image - Applies an image. /Get-MountedWimInfo - Displays information about mounted WIM images. /Get-WimInfo - Displays information about images in a WIM file. /Commit-Wim - Saves changes to a mounted WIM image. /Unmount-Wim - Unmounts a mounted WIM image. /Mount-Wim - Mounts an image from a WIM file. /Remount-Wim - Recovers an orphaned WIM mount directory. /Cleanup-Wim - Deletes resources associated with mounted WIM images that are corrupted. IMAGE SPECIFICATIONS: /Online - Targets the running operating system. /Image - Specifies the path to the root directory of an offline Windows image. DISM OPTIONS: /English - Displays command line output in English. /Format - Specifies the report output format. /WinDir - Specifies the path to the Windows directory. /SysDriveDir - Specifies the path to the system-loader file named BootMgr. /LogPath - Specifies the logfile path. /LogLevel - Specifies the output level shown in the log (1-4). /NoRestart - Suppresses automatic reboots and reboot prompts. /Quiet - Suppresses all output except for error messages. /ScratchDir - Specifies the path to a scratch directory. For more information about these DISM options and their arguments, specify an option immediately before /?. Examples: DISM.exe /Mount-Wim /? DISM.exe /ScratchDir /? DISM.exe /Image:C:\test\offline /? DISM.exe /Online /?
Logs display information to a file in the current directory. Usage: dispdiag [-testacpi] [-d] [-delay <seconds>] [-brightnesslogging] [-out <FilePath>] -testacpi runs hotkey diagnostics test -d generates a dmp file as well with additional data. -delay delays the collection of data by specified time in seconds. -out <FilePath> path where the dispdiag file should be saved, including filename. This must be the last parameter -brightnesslogging toggle verbose brightness logging. -ccddatabaselogging <on|off> toggle Ccd database access logging. Output: Name of the saved file.
Edits command lines, recalls Windows commands, and creates macros. DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL | :exename]] [/HISTORY] [/INSERT | /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename] [macroname=[text]] /REINSTALL Installs a new copy of Doskey. /LISTSIZE=size Sets size of command history buffer. /MACROS Displays all Doskey macros. /MACROS:ALL Displays all Doskey macros for all executables which have Doskey macros. /MACROS:exename Displays all Doskey macros for the given executable. /HISTORY Displays all commands stored in memory. /INSERT Specifies that new text you type is inserted in old text. /OVERSTRIKE Specifies that new text overwrites old text. /EXENAME=exename Specifies the executable. /MACROFILE=filename Specifies a file of macros to install. macroname Specifies a name for a macro you create. text Specifies commands you want to record. UP and DOWN ARROWS recall commands; ESC clears command line; F7 displays command history; ALT+F7 clears command history; F8 searches command history; F9 selects a command by number; ALT+F10 clears macro definitions. The following are some special codes in Doskey macro definitions: $T Command separator. Allows multiple commands in a macro. $1-$9 Batch parameters. Equivalent to %1-%9 in batch programs. $* Symbol replaced by everything following macro name on command line.
Allows programs to open data files in specified directories as if they were in the current directory. APPEND [[drive:]path[;...]] [/X[:ON | :OFF]] [/PATH:ON | /PATH:OFF] [/E] APPEND ; [drive:]path Specifies a drive and directory to append. /X:ON Applies appended directories to file searches and application execution. /X:OFF Applies appended directories only to requests to open files. /X:OFF is the default setting. /PATH:ON Applies the appended directories to file requests that already specify a path. /PATH:ON is the default setting. /PATH:OFF Turns off the effect of /PATH:ON. /E Stores a copy of the appended directory list in an environment variable named APPEND. /E may be used only the first time you use APPEND after starting up your system. Type APPEND ; to clear the appended directory list. Type APPEND without parameters to display the appended directory list.
DRIVERQUERY [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/SI] [/V] Description: Enables an administrator to display a list of installed device drivers. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specify the password for the given user context. /FO format Specifies the type of output to display. Valid values to be passed with the switch are "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed. Valid for "TABLE" and "CSV" format only. /SI Provides information about signed drivers. /V Displays verbose output. Not valid for signed drivers. /? Displays this help message. Examples: DRIVERQUERY DRIVERQUERY /FO CSV /SI DRIVERQUERY /NH DRIVERQUERY /S ipaddress /U user /V DRIVERQUERY /S system /U domain\user /P password /FO LIST
Displays messages, or turns command-echoing on or off. ECHO [ON | OFF] ECHO [message] Type ECHO without parameters to display the current echo setting.
MS-DOS Editor Version 2.0.026 Copyright (c) Microsoft Corp 1995. EDIT [/B] [/H] [/R] [/S] [/<nnn>] [/?] [file(s)] /B - Forces monochrome mode. /H - Displays the maximum number of lines possible for your hardware. /R - Load file(s) in read-only mode. /S - Forces the use of short filenames. /<nnn> - Load binary file(s), wrapping lines to <nnn> characters wide. /? - Displays this help screen. [file] - Specifies initial files(s) to load. Wildcards and multiple filespecs can be given.
Starts Edlin, a line-oriented text editor. EDLIN [drive:][path]filename [/B] /B Ignores end-of-file (CTRL+Z) characters.
Ends localization of environment changes in a batch file. Environment changes made after ENDLOCAL has been issued are not local to the batch file; the previous settings are not restored on termination of the batch file. ENDLOCAL If Command Extensions are enabled ENDLOCAL changes as follows: If the corresponding SETLOCAL enable or disabled command extensions using the new ENABLEEXTENSIONS or DISABLEEXTENSIONS options, then after the ENDLOCAL, the enabled/disabled state of command extensions will be restored to what it was prior to the matching SETLOCAL command execution.
Deletes one or more files. DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names names Specifies a list of one or more files or directories. Wildcards may be used to delete multiple files. If a directory is specified, all files within the directory will be deleted. /P Prompts for confirmation before deleting each file. /F Force deleting of read-only files. /S Delete specified files from all subdirectories. /Q Quiet mode, do not ask if ok to delete on global wildcard /A Selects files to delete based on attributes attributes R Read-only files S System files H Hidden files A Files ready for archiving I Not content indexed Files L Reparse Points - Prefix meaning not If Command Extensions are enabled DEL and ERASE change as follows: The display semantics of the /S switch are reversed in that it shows you only the files that are deleted, not the ones it could not find.
EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid [/L logname] [/SO srcname] /T type /D description Description: This command line tool enables an administrator to create a custom event ID and message in a specified event log. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /L logname Specifies the event log to create an event in. /T type Specifies the type of event to create. Valid types: SUCCESS, ERROR, WARNING, INFORMATION. /SO source Specifies the source to use for the event (if not specified, source will default to 'eventcreate'). A valid source can be any string and should represent the application or component that is generating the event. /ID id Specifies the event ID for the event. A valid custom message ID is in the range of 1 - 1000. /D description Specifies the description text for the new event. /? Displays this help message. Examples: EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "My custom error event for the application log" EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO WinWord /D "Winword event 999 happened due to low diskspace" EVENTCREATE /S system /T ERROR /ID 100 /L APPLICATION /D "Custom job failed to install" EVENTCREATE /S system /U user /P password /ID 1 /T ERROR /L APPLICATION /D "User access failed due to invalid user credentials"
Converts .EXE (executable) files to binary format. EXE2BIN [drive1:][path1]input-file [[drive2:][path2]output-file] input-file Specifies the .EXE file to be converted. output-file Specifies the binary file to be created.
Quits the CMD.EXE program (command interpreter) or the current batch script. EXIT [/B] [exitCode] /B specifies to exit the current batch script instead of CMD.EXE. If executed from outside a batch script, it will quit CMD.EXE exitCode specifies a numeric number. if /B is specified, sets ERRORLEVEL that number. If quitting CMD.EXE, sets the process exit code with that number.
Microsoft (R) File Expansion Utility Version 6.3.9600.16384 Copyright (c) Microsoft Corporation. All rights reserved. Expands one or more compressed files. EXPAND [-R] Source Destination EXPAND -R Source [Destination] EXPAND -I Source [Destination] EXPAND -D Source.cab [-F:Files] EXPAND Source.cab -F:Files Destination -R Rename expanded files. -I Rename expanded files but ignore directory structure. -D Display list of files in source. Source Source file specification. Wildcards may be used. -F:Files Name of files to expand from a .CAB. Destination Destination file | path specification. Destination may be a directory. If Source is multiple files and -r is not specified, Destination must be a directory.
Compares two files or sets of files and displays the differences between them FC [/A] [/C] [/L] [/LBn] [/N] [/OFF[LINE]] [/T] [/U] [/W] [/nnnn] [drive1:][path1]filename1 [drive2:][path2]filename2 FC /B [drive1:][path1]filename1 [drive2:][path2]filename2 /A Displays only first and last lines for each set of differences. /B Performs a binary comparison. /C Disregards the case of letters. /L Compares files as ASCII text. /LBn Sets the maximum consecutive mismatches to the specified number of lines. /N Displays the line numbers on an ASCII comparison. /OFF[LINE] Do not skip files with offline attribute set. /T Does not expand tabs to spaces. /U Compare files as UNICODE text files. /W Compresses white space (tabs and spaces) for comparison. /nnnn Specifies the number of consecutive lines that must match after a mismatch. [drive1:][path1]filename1 Specifies the first file or set of files to compare. [drive2:][path2]filename2 Specifies the second file or set of files to compare.
Prints file version information. FILEVER [/S] [/V] [/E] [/X] [/B] [/A] [/D] [[drive:][path][filename]] /S Displays files in specified directory and all subdirectories. /V List verbose version information if available. /E List executables only. /X Displays short names generated for non-8dot3 file names. /B Uses bare format (no dir listing). /A Don't display file attributes. /D Don't display file date and time.
Searches for a text string in a file or files. FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] "string" [[drive:][path]filename[ ...]] /V Displays all lines NOT containing the specified string. /C Displays only the count of lines containing the string. /N Displays line numbers with the displayed lines. /I Ignores the case of characters when searching for the string. /OFF[LINE] Do not skip files with offline attribute set. "string" Specifies the text string to find. [drive:][path]filename Specifies a file or files to search. If a path is not specified, FIND searches the text typed at the prompt or piped from another command.
Searches for strings in files. FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file] [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]] strings [[drive:][path]filename[ ...]] /B Matches pattern if at the beginning of a line. /E Matches pattern if at the end of a line. /L Uses search strings literally. /R Uses search strings as regular expressions. /S Searches for matching files in the current directory and all subdirectories. /I Specifies that the search is not to be case-sensitive. /X Prints lines that match exactly. /V Prints only lines that do not contain a match. /N Prints the line number before each line that matches. /M Prints only the filename if a file contains a match. /O Prints character offset before each matching line. /P Skip files with non-printable characters. /OFF[LINE] Do not skip files with offline attribute set. /A:attr Specifies color attribute with two hex digits. See "color /?" /F:file Reads file list from the specified file(/ stands for console). /C:string Uses specified string as a literal search string. /G:file Gets search strings from the specified file(/ stands for console). /D:dir Search a semicolon delimited list of directories strings Text to be searched for. [drive:][path]filename Specifies a file or files to search. Use spaces to separate multiple search strings unless the argument is prefixed with /C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or "there" in file x.y. 'FINDSTR /C:"hello there" x.y' searches for "hello there" in file x.y. Regular expression quick reference: . Wildcard: any character * Repeat: zero or more occurrences of previous character or class ˆ Line position: beginning of line $ Line position: end of line [class] Character class: any one character in set [ˆclass] Inverse class: any one character not in set [x-y] Range: any characters within the specified range \x Escape: literal use of metacharacter x \<xyz Word position: beginning of word xyz\> Word position: end of word For full information on FINDSTR regular expressions refer to the online Command Reference.
Displays information about a user on a specified system running the Finger service. Output varies based on the remote system. FINGER [-l] [user]@host [...] -l Displays information in long list format. user Specifies the user you want information about. Omit the user parameter to display information about all users on the specifed host. @host Specifies the server on the remote system whose users you want information about.
** Invalid command Valid commands: load Loads a Filter driver unload Unloads a Filter driver filters Lists the Filters currently registered in the system instances Lists the Instances for a Filter or Volume currently registered in the system volumes Lists all volumes/RDRs in the system attach Creates a Filter Instance to a Volume detach Removes a Filter Instance from a Volume Use fltmc help [ command ] for help on a specific command
Runs a specified command for each file in a set of files. FOR %variable IN (set) DO command [command-parameters] %variable Specifies a single letter replaceable parameter. (set) Specifies a set of one or more files. Wildcards may be used. command Specifies the command to carry out for each file. command-parameters Specifies parameters or switches for the specified command. To use the FOR command in a batch program, specify %%variable instead of %variable. Variable names are case sensitive, so %i is different from %I. If Command Extensions are enabled, the following additional forms of the FOR command are supported: FOR /D %variable IN (set) DO command [command-parameters] If set contains wildcards, then specifies to match against directory names instead of file names. FOR /R [[drive:]path] %variable IN (set) DO command [command-parameters] Walks the directory tree rooted at [drive:]path, executing the FOR statement in each directory of the tree. If no directory specification is specified after /R then the current directory is assumed. If set is just a single period (.) character then it will just enumerate the directory tree. FOR /L %variable IN (start,step,end) DO command [command-parameters] The set is a sequence of numbers from start to end, by step amount. So (1,1,5) would generate the sequence 1 2 3 4 5 and (5,-1,1) would generate the sequence (5 4 3 2 1) FOR /F ["options"] %variable IN (file-set) DO command [command-parameters] FOR /F ["options"] %variable IN ("string") DO command [command-parameters] FOR /F ["options"] %variable IN ('command') DO command [command-parameters] or, if usebackq option present: FOR /F ["options"] %variable IN (file-set) DO command [command-parameters] FOR /F ["options"] %variable IN ('string') DO command [command-parameters] FOR /F ["options"] %variable IN (`command`) DO command [command-parameters] file-set is one or more file names. Each file is opened, read and processed before going on to the next file in file-set. Processing consists of reading in the file, breaking it up into individual lines of text and then parsing each line into zero or more tokens. The body of the for loop is then called with the variable value(s) set to the found token string(s). By default, /F passes the first blank separated token from each line of each file. Blank lines are skipped. You can override the default parsing behavior by specifying the optional "options" parameter. This is a quoted string which contains one or more keywords to specify different parsing options. The keywords are: eol=c - specifies an end of line comment character (just one) skip=n - specifies the number of lines to skip at the beginning of the file. delims=xxx - specifies a delimiter set. This replaces the default delimiter set of space and tab. tokens=x,y,m-n - specifies which tokens from each line are to be passed to the for body for each iteration. This will cause additional variable names to be allocated. The m-n form is a range, specifying the mth through the nth tokens. If the last character in the tokens= string is an asterisk, then an additional variable is allocated and receives the remaining text on the line after the last token parsed. usebackq - specifies that the new semantics are in force, where a back quoted string is executed as a command and a single quoted string is a literal string command and allows the use of double quotes to quote file names in file-set. Some examples might help: FOR /F "eol=; tokens=2,3* delims=, " %i in (myfile.txt) do @echo %i %j %k would parse each line in myfile.txt, ignoring lines that begin with a semicolon, passing the 2nd and 3rd token from each line to the for body, with tokens delimited by commas and/or spaces. Notice the for body statements reference %i to get the 2nd token, %j to get the 3rd token, and %k to get all remaining tokens after the 3rd. For file names that contain spaces, you need to quote the filenames with double quotes. In order to use double quotes in this manner, you also need to use the usebackq option, otherwise the double quotes will be interpreted as defining a literal string to parse. %i is explicitly declared in the for statement and the %j and %k are implicitly declared via the tokens= option. You can specify up to 26 tokens via the tokens= line, provided it does not cause an attempt to declare a variable higher than the letter 'z' or 'Z'. Remember, FOR variables are single-letter, case sensitive, global, and you can't have more than 52 total active at any one time. You can also use the FOR /F parsing logic on an immediate string, by making the file-set between the parenthesis a quoted string, using single quote characters. It will be treated as a single line of input from a file and parsed. Finally, you can use the FOR /F command to parse the output of a command. You do this by making the file-set between the parenthesis a back quoted string. It will be treated as a command line, which is passed to a child CMD.EXE and the output is captured into memory and parsed as if it was a file. So the following example: FOR /F "usebackq delims==" %i IN (`set`) DO @echo %i would enumerate the environment variable names in the current environment. In addition, substitution of FOR variable references has been enhanced. You can now use the following optional syntax: %~I - expands %I removing any surrounding quotes (") %~fI - expands %I to a fully qualified path name %~dI - expands %I to a drive letter only %~pI - expands %I to a path only %~nI - expands %I to a file name only %~xI - expands %I to a file extension only %~sI - expanded path contains short names only %~aI - expands %I to file attributes of file %~tI - expands %I to date/time of file %~zI - expands %I to size of file %~$PATH:I - searches the directories listed in the PATH environment variable and expands %I to the fully qualified name of the first one found. If the environment variable name is not defined or the file is not found by the search, then this modifier expands to the empty string The modifiers can be combined to get compound results: %~dpI - expands %I to a drive letter and path only %~nxI - expands %I to a file name and extension only %~fsI - expands %I to a full path name with short names only %~dp$PATH:I - searches the directories listed in the PATH environment variable for %I and expands to the drive letter and path of the first one found. %~ftzaI - expands %I to a DIR like output line In the above examples %I and PATH can be replaced by other valid values. The %~ syntax is terminated by a valid FOR variable name. Picking upper case variable names like %I makes it more readable and avoids confusion with the modifiers, which are not case sensitive.
FORFILES [/P pathname] [/M searchmask] [/S] [/C command] [/D [+ | -] {dd-MM-yyyy | dd}] Description: Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs. Parameter List: /P pathname Indicates the path to start searching. The default folder is the current working directory (.). /M searchmask Searches files according to a searchmask. The default searchmask is '*' . /S Instructs forfiles to recurse into subdirectories. Like "DIR /S". /C command Indicates the command to execute for each file. Command strings should be wrapped in double quotes. The default command is "cmd /c echo @file". The following variables can be used in the command string: @file - returns the name of the file. @fname - returns the file name without extension. @ext - returns only the extension of the file. @path - returns the full path of the file. @relpath - returns the relative path of the file. @isdir - returns "TRUE" if a file type is a directory, and "FALSE" for files. @fsize - returns the size of the file in bytes. @fdate - returns the last modified date of the file. @ftime - returns the last modified time of the file. To include special characters in the command line, use the hexadecimal code for the character in 0xHH format (ex. 0x09 for tab). Internal CMD.exe commands should be preceded with "cmd /c". /D date Selects files with a last modified date greater than or equal to (+), or less than or equal to (-), the specified date using the "dd-MM-yyyy" format; or selects files with a last modified date greater than or equal to (+) the current date plus "dd" days, or less than or equal to (-) the current date minus "dd" days. A valid "dd" number of days can be any number in the range of 0 - 32768. "+" is taken as default sign if not specified. /? Displays this help message. Examples: FORFILES /? FORFILES FORFILES /P C:\WINDOWS /S /M DNS*.* FORFILES /S /M *.txt /C "cmd /c type @file | more" FORFILES /P C:\ /S /M *.bat FORFILES /D -30 /M *.exe /C "cmd /c echo @path 0x09 was changed 30 days ago" FORFILES /D 01-01-2001 /C "cmd /c echo @fname is new since Jan 1st 2001" FORFILES /D +24-11-2013 /C "cmd /c echo @fname is new today" FORFILES /M *.exe /D +1 FORFILES /S /M *.doc /C "cmd /c echo @fsize" FORFILES /M *.txt /C "cmd /c if @isdir==FALSE notepad.exe @file"
Formats a disk for use with Windows. FORMAT volume [/FS:file-system] [/V:label] [/Q] [/L] [/A:size] [/C] [/I:state] [/X] [/P:passes] [/S:state] FORMAT volume [/V:label] [/Q] [/F:size] [/P:passes] FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors] [/P:passes] FORMAT volume [/V:label] [/Q] [/P:passes] FORMAT volume [/Q] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /FS:filesystem Specifies the type of the file system (FAT, FAT32, exFAT, NTFS, UDF). /V:label Specifies the volume label. /Q Performs a quick format. Note that this switch overrides /P. /C NTFS only: Files created on the new volume will be compressed by default. /X Forces the volume to dismount first if necessary. All opened handles to the volume would no longer be valid. /R:revision UDF only: Forces the format to a specific UDF version (1.02, 1.50, 2.00, 2.01, 2.50). The default revision is 2.01. /D UDF 2.50 only: Metadata will be duplicated. /L NTFS Only: Use large size file records. By default, the volume will be formatted with small size file records. /A:size Overrides the default allocation unit size. Default settings are strongly recommended for general use. NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K. FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, (128K, 256K for sector size > 512 bytes). FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, (128K, 256K for sector size > 512 bytes). exFAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, 128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M. Note that the FAT and FAT32 files systems impose the following restrictions on the number of clusters on a volume: FAT: Number of clusters <= 65526 FAT32: 65526 < Number of clusters < 4177918 Format will immediately stop processing if it decides that the above requirements cannot be met using the specified cluster size. NTFS compression is not supported for allocation unit sizes above 4096. /F:size Specifies the size of the floppy disk to format (1.44) /T:tracks Specifies the number of tracks per disk side. /N:sectors Specifies the number of sectors per track. /P:count Zero every sector on the volume. After that, the volume will be overwritten "count" times using a different random number each time. If "count" is zero, no additional overwrites are made after zeroing every sector. This switch is ignored when /Q is specified. /S:state Specifies support for short filenames (enable, disable) Short names are disabled by default
/? is an invalid parameter. ---- Commands Supported ---- 8dot3name 8dot3name management behavior Control file system behavior dirty Manage volume dirty bit file File specific commands fsinfo File system information hardlink Hardlink management objectid Object ID management quota Quota management repair Self healing management reparsepoint Reparse point management resource Transactional Resource Manager management sparse Sparse file control transaction Transaction management usn USN management volume Volume management
Transfers files to and from a computer running an FTP server service (sometimes called a daemon). Ftp can be used interactively. FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-A] [-x:sendbuffer] [-r:recvbuffer] [-b:asyncbuffers] [-w:windowsize] [host] -v Suppresses display of remote server responses. -n Suppresses auto-login upon initial connection. -i Turns off interactive prompting during multiple file transfers. -d Enables debugging. -g Disables filename globbing (see GLOB command). -s:filename Specifies a text file containing FTP commands; the commands will automatically run after FTP starts. -a Use any local interface when binding data connection. -A login as anonymous. -x:send sockbuf Overrides the default SO_SNDBUF size of 8192. -r:recv sockbuf Overrides the default SO_RCVBUF size of 8192. -b:async count Overrides the default async count of 3 -w:windowsize Overrides the default transfer buffer size of 65535. host Specifies the host name or IP address of the remote host to connect to. Notes: - mget and mput commands take y/n/q for yes/no/quit. - Use Control-C to abort commands.
Displays or modifies file types used in file extension associations FTYPE [fileType[=[openCommandString]]] fileType Specifies the file type to examine or change openCommandString Specifies the open command to use when launching files of this type. Type FTYPE without parameters to display the current file types that have open command strings defined. FTYPE is invoked with just a file type, it displays the current open command string for that file type. Specify nothing for the open command string and the FTYPE command will delete the open command string for the file type. Within an open command string %0 or %1 are substituted with the file name being launched through the assocation. %* gets all the parameters and %2 gets the 1st parameter, %3 the second, etc. %~n gets all the remaining parameters starting with the nth parameter, where n may be between 2 and 9, inclusive. For example: ASSOC .pl=PerlScript FTYPE PerlScript=perl.exe %1 %* would allow you to invoke a Perl script as follows: script.pl 1 2 3 If you want to eliminate the need to type the extensions, then do the following: set PATHEXT=.pl;%PATHEXT% and the script could be invoked as follows: script 1 2 3
GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V] Description: This tool enables an administrator to display the MAC address for network adapters on a system. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /FO format Specifies the format in which the output is to be displayed. Valid values: "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed in the output. Valid only for TABLE and CSV formats. /V Specifies that verbose output is displayed. /? Displays this help message. Examples: GETMAC /? GETMAC /FO csv GETMAC /S system /NH /V GETMAC /S system /U user GETMAC /S system /U domain\user /P password /FO list /V GETMAC /S system /U domain\user /P password /FO table /NH
Directs cmd.exe to a labeled line in a batch program. GOTO label label Specifies a text string used in the batch program as a label. You type a label on a line by itself, beginning with a colon. If Command Extensions are enabled GOTO changes as follows: GOTO command now accepts a target label of :EOF which transfers control to the end of the current batch script file. This is an easy way to exit a batch script file without defining a label. Type CALL /? for a description of extensions to the CALL command that make this feature useful.
GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope] [/USER targetusername] [/R | /V | /Z] [(/X | /H) <filename> [/F]] Description: This command line tool displays the Resultant Set of Policy (RSoP) information for a target user and computer. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should run. Can not be used with /X, /H. /P [password] Specifies the password for the given user context. Prompts for input if omitted. Cannot be used with /X, /H. /SCOPE scope Specifies whether the user or the computer settings need to be displayed. Valid values: "USER", "COMPUTER". /USER [domain\]user Specifies the user name for which the RSoP data is to be displayed. /X <filename> Saves the report in XML format at the location and with the file name specified by the <filename> parameter. (valid in Windows Vista SP1 and later and Windows Server 2008 and later) /H <filename> Saves the report in HTML format at the location and with the file name specified by the <filename> parameter. (valid in Windows at least Vista SP1 and at least Windows Server 2008) /F Forces Gpresult to overwrite the file name specified in the /X or /H command. /R Displays RSoP summary data. /V Specifies that verbose information should be displayed. Verbose information provides additional detailed settings that have been applied with a precedence of 1. /Z Specifies that the super-verbose information should be displayed. Super- verbose information provides additional detailed settings that have been applied with a precedence of 1 and higher. This allows you to see if a setting was set in multiple places. See the Group Policy online help topic for more information. /? Displays this help message. Examples: GPRESULT /R GPRESULT /H GPReport.html GPRESULT /USER targetusername /V GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z GPRESULT /S system /U username /P password /SCOPE USER /V
Description: Updates multiple Group Policy settings. Syntax: Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:<value>] [/Logoff] [/Boot] [/Sync] Parameters: Value Description /Target:{Computer | User} Specifies that only User or only Computer policy settings are updated. By default, both User and Computer policy settings are updated. /Force Reapplies all policy settings. By default, only policy settings that have changed are applied. /Wait:{value} Sets the number of seconds to wait for policy processing to finish. The default is 600 seconds. The value '0' means not to wait. The value '-1' means to wait indefinitely. When the time limit is exceeded, the command prompt returns, but policy processing continues. /Logoff Causes a logoff after the Group Policy settings have been updated. This is required for those Group Policy client-side extensions that do not process policy on a background update cycle but do process policy when a user logs on. Examples include user-targeted Software Installation and Folder Redirection. This option has no effect if there are no extensions called that require a logoff. /Boot Causes a computer restart after the Group Policy settings are applied. This is required for those Group Policy client-side extensions that do not process policy on a background update cycle but do process policy at computer startup. Examples include computer-targeted Software Installation. This option has no effect if there are no extensions called that require a restart. /Sync Causes the next foreground policy application to be done synchronously. Foreground policy applications occur at computer start up and user logon. You can specify this for the user, computer or both using the /Target parameter. The /Force and /Wait parameters will be ignored if specified.
Enable Windows to display an extended character set in graphics mode. GRAFTABL [xxx] GRAFTABL /STATUS xxx Specifies a code page number. /STATUS Displays the current code page selected for use with GRAFTABL.
Provides help information for Windows commands. HELP [command] command - displays help information on that command.
Prints the name of the current host. hostname
ICACLS name /save aclfile [/T] [/C] [/L] [/Q] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved. ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] applies the stored DACLs to files in directory. ICACLS name /setowner user [/T] [/C] [/L] [/Q] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose. ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] finds all matching names that contain an ACL explicitly mentioning Sid. ICACLS name /verify [/T] [/C] [/L] [/Q] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts. ICACLS name /reset [/T] [/C] [/L] [/Q] replaces ACLs with default inherited ACLs for all matching files. ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. The level is to be specified as one of: L[ow] M[edium] H[igh] Inheritance options for the integrity ACE may precede the level and are applied only to directories. /inheritance:e|d|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEs Note: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. /L indicates that this operation is performed on a symbolic link itself versus its target. /Q indicates that icacls should suppress success messages. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access W - write-only access D - delete access a comma-separated list in parentheses of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent container Examples: icacls c:\windows\* /save AclFile /T - Will save the ACLs for all files under c:\windows and its subdirectories to AclFile. icacls c:\windows\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file.
Performs conditional processing in batch programs. IF [NOT] ERRORLEVEL number command IF [NOT] string1==string2 command IF [NOT] EXIST filename command NOT Specifies that Windows should carry out the command only if the condition is false. ERRORLEVEL number Specifies a true condition if the last program run returned an exit code equal to or greater than the number specified. string1==string2 Specifies a true condition if the specified text strings match. EXIST filename Specifies a true condition if the specified filename exists. command Specifies the command to carry out if the condition is met. Command can be followed by ELSE command which will execute the command after the ELSE keyword if the specified condition is FALSE The ELSE clause must occur on the same line as the command after the IF. For example: IF EXIST filename. ( del filename. ) ELSE ( echo filename. missing. ) The following would NOT work because the del command needs to be terminated by a newline: IF EXIST filename. del filename. ELSE echo filename. missing Nor would the following work, since the ELSE command must be on the same line as the end of the IF command: IF EXIST filename. del filename. ELSE echo filename. missing The following would work if you want it all on one line: IF EXIST filename. (del filename.) ELSE echo filename. missing If Command Extensions are enabled IF changes as follows: IF [/I] string1 compare-op string2 command IF CMDEXTVERSION number command IF DEFINED variable command where compare-op may be one of: EQU - equal NEQ - not equal LSS - less than LEQ - less than or equal GTR - greater than GEQ - greater than or equal and the /I switch, if specified, says to do case insensitive string compares. The /I switch can also be used on the string1==string2 form of IF. These comparisons are generic, in that if both string1 and string2 are both comprised of all numeric digits, then the strings are converted to numbers and a numeric comparison is performed. The CMDEXTVERSION conditional works just like ERRORLEVEL, except it is comparing against an internal version number associated with the Command Extensions. The first version is 1. It will be incremented by one when significant enhancements are added to the Command Extensions. CMDEXTVERSION conditional is never true when Command Extensions are disabled. The DEFINED conditional works just like EXIST except it takes an environment variable name and returns true if the environment variable is defined. %ERRORLEVEL% will expand into a string representation of the current value of ERRORLEVEL, provided that there is not already an environment variable with the name ERRORLEVEL, in which case you will get its value instead. After running a program, the following illustrates ERRORLEVEL use: goto answer%ERRORLEVEL% :answer0 echo Program had return code 0 :answer1 echo Program had return code 1 You can also use numerical comparisons above: IF %ERRORLEVEL% LEQ 1 goto okay %CMDCMDLINE% will expand into the original command line passed to CMD.EXE prior to any processing by CMD.EXE, provided that there is not already an environment variable with the name CMDCMDLINE, in which case you will get its value instead. %CMDEXTVERSION% will expand into a string representation of the current value of CMDEXTVERSION, provided that there is not already an environment variable with the name CMDEXTVERSION, in which case you will get its value instead.
USAGE: ipconfig [/allcompartments] [/? | /all | /renew [adapter] | /release [adapter] | /renew6 [adapter] | /release6 [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] | /showclassid6 adapter | /setclassid6 adapter [classid] ] where adapter Connection name (wildcard characters * and ? allowed, see examples) Options: /? Display this help message /all Display full configuration information. /release Release the IPv4 address for the specified adapter. /release6 Release the IPv6 address for the specified adapter. /renew Renew the IPv4 address for the specified adapter. /renew6 Renew the IPv6 address for the specified adapter. /flushdns Purges the DNS Resolver cache. /registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache. /showclassid Displays all the dhcp class IDs allowed for adapter. /setclassid Modifies the dhcp class id. /showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter. /setclassid6 Modifies the IPv6 DHCP class id. The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed. For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed. Examples: > ipconfig ... Show information > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its name starting with EL > ipconfig /release *Con* ... release all matching connections, eg. "Wired Ethernet Connection 1" or "Wired Ethernet Connection 2" > ipconfig /allcompartments ... Show information about all compartments > ipconfig /allcompartments /all ... Show detailed information about all compartments
Microsoft iSCSI Initiator Version 6.3 Build 9600 iscsicli iscsicli AddTarget <TargetName> <TargetAlias> <TargetPortalAddress> <TargetPortalSocket> <Target flags> <Persist> <Login Flags> <Header Digest> <Data Digest> <Max Connections> <DefaultTime2Wait> <DefaultTime2Retain> <Username> <Password> <AuthType> <Mapping Count> <Target Lun> <OS Bus> <Os Target> <OS Lun> ... iscsicli RemoveTarget <TargetName> iscsicli AddTargetPortal <TargetPortalAddress> <TargetPortalSocket> [HBA Name] [Port Number] <Security Flags> <Login Flags> <Header Digest> <Data Digest> <Max Connections> <DefaultTime2Wait> <DefaultTime2Retain> <Username> <Password> <AuthType> iscsicli RemoveTargetPortal <TargetPortalAddress> <TargetPortalSocket> [HBA Name] [Port Number] iscsicli RefreshTargetPortal <TargetPortalAddress> <TargetPortalSocket> [HBA Name] [Port Number] iscsicli ListTargets [ForceUpdate] iscsicli ListTargetPortals iscsicli TargetInfo <TargetName> [Discovery Mechanism] iscsicli LoginTarget <TargetName> <ReportToPNP> <TargetPortalAddress> <TargetPortalSocket> <InitiatorInstance> <Port number> <Security Flags> <Login Flags> <Header Digest> <Data Digest> <Max Connections> <DefaultTime2Wait> <DefaultTime2Retain> <Username> <Password> <AuthType> <Key> <Mapping Count> <Target Lun> <OS Bus> <Os Target> <OS Lun> ... iscsicli LogoutTarget <SessionId> iscsicli PersistentLoginTarget <TargetName> <ReportToPNP> <TargetPortalAddress> <TargetPortalSocket> <InitiatorInstance> <Port number> <Security Flags> <Login Flags> <Header Digest> <Data Digest> <Max Connections> <DefaultTime2Wait> <DefaultTime2Retain> <Username> <Password> <AuthType> <Key> <Mapping Count> <Target Lun> <OS Bus> <Os Target> <OS Lun> ... iscsicli ListPersistentTargets iscsicli RemovePersistentTarget <Initiator Name> <TargetName> <Port Number> <Target Portal Address> <Target Portal Socket> iscsicli AddConnection <SessionId> <Initiator Instance> <Port Number> <Target Portal Address> <Target Portal Socket> <Security Flags> <Login Flags> <Header Digest> <Data Digest> <Max Connections> <DefaultTime2Wait> <DefaultTime2Retain> <Username> <Password> <AuthType> <Key> iscsicli RemoveConnection <SessionId> <ConnectionId> iscsicli ScsiInquiry <SessionId> <LUN> <EvpdCmddt> <PageCode> iscsicli ReadCapacity <SessionId> <LUN> iscsicli ReportLUNs <SessionId> iscsicli ReportTargetMappings iscsicli ListInitiators iscsicli AddiSNSServer <iSNS Server Address> iscsicli RemoveiSNSServer <iSNS Server Address> iscsicli RefreshiSNSServer <iSNS Server Address> iscsicli ListiSNSServers iscsicli FirewallExemptiSNSServer iscsicli NodeName <node name> iscsicli SessionList <Show Session Info> iscsicli CHAPSecret <chap secret> iscsicli TunnelAddr <Initiator Name> <InitiatorPort> <Destination Address> <Tunnel Address> <Persist> iscsicli GroupKey <Key> <Persist> iscsicli BindPersistentVolumes iscsicli BindPersistentDevices iscsicli ReportPersistentDevices iscsicli AddPersistentDevice <Volume or Device Path> iscsicli RemovePersistentDevice <Volume or Device Path> iscsicli ClearPersistentDevices iscsicli Ping <Initiator Name> <Address> [Request Count] [Request Size] [Request Timeout] iscsicli GetPSKey <Initiator Name> <initiator Port> <Id Type> <Id> iscsicli PSKey <Initiator Name> <initiator Port> <Security Flags> <Id Type> <Id> <Key> <persist> Quick Commands iscsicli QLoginTarget <TargetName> [CHAP Username] [CHAP Password] iscsicli QAddTarget <TargetName> <TargetPortalAddress> iscsicli QAddTargetPortal <TargetPortalAddress> [CHAP Username] [CHAP Password] iscsicli QAddConnection <SessionId> <Initiator Instance> <Target Portal Address> [CHAP Username] [CHAP Password] Target Mappings: <Target Lun> is the LUN value the target uses to expose the LUN. It must be in the form 0x0123456789abcdef <OS Bus> is the bus number the OS should use to surface the LUN <OS Target> is the target number the OS should use to surface the LUN <OS LUN> is the LUN number the OS should use to surface the LUN Payload Id Type: ID_IPV4_ADDR is 1 - Id format is 1.2.3.4 ID_FQDN is 2 - Id format is ComputerName ID_IPV6_ADDR is 5 - Id form is IPv6 Address Security Flags: TunnelMode is 0x00000040 TransportMode is 0x00000020 PFS Enabled is 0x00000010 Aggressive Mode is 0x00000008 Main mode is 0x00000004 IPSEC/IKE Enabled is 0x00000002 Valid Flags is 0x00000001 Login Flags: ISCSI_LOGIN_FLAG_REQUIRE_IPSEC 0x00000001 IPsec is required for the operation ISCSI_LOGIN_FLAG_MULTIPATH_ENABLED 0x00000002 Multipathing is enabled for the target on this initiator AuthType: ISCSI_NO_AUTH_TYPE = 0, No iSCSI in-band authentication is used ISCSI_CHAP_AUTH_TYPE = 1, One way CHAP (Target authenticates initiator is used) ISCSI_MUTUAL_CHAP_AUTH_TYPE = 2 Mutual CHAP (Target and Initiator authenticate each other is used) Target Flags: ISCSI_TARGET_FLAG_HIDE_STATIC_TARGET 0x00000002 If this flag is set then the target will never be reported unless it is also discovered dynamically. ISCSI_TARGET_FLAG_MERGE_TARGET_INFORMATION 0x00000004 If this flag is set then the target information passed will be merged with any target information already statically configured for the target CHAP secrets, CHAP passwords and IPSEC preshared keys can be specified as a text string or as a sequence of hexadecimal values. The value specified on the command line is always considered a string unless the first two characters 0x in which case it is considered a hexadecimal value. For example 0x12345678 specifies a 4 byte secret All numerical values are assumed decimal unless preceeded by 0x. If preceeded by 0x then value is assumed to be hex iscsicli can also be run in command line mode where iscsicli commands can be entered directly from the console. To enter command line mode, just run iscsicli without any parameters The operation completed successfully.
Creates, changes, or deletes the volume label of a disk. LABEL [drive:][label] LABEL [/MP] [volume] [label] drive: Specifies the drive letter of a drive. label Specifies the label of the volume. /MP Specifies that the volume should be treated as a mount point or volume name. volume Specifies the drive letter (followed by a colon), mount point, or volume name. If volume name is specified, the /MP flag is unnecessary.
LODCTR Updates registry values related to performance counters. Usage: LODCTR <INI-FileName> INI-FileName is the name of the initialization file that contains the counter name definitions and explain text for an extensible counter DLL. LODCTR /S:<Backup-FileName> save the current perf registry strings and info to <Backup-FileName> LODCTR /R:<Backup-FileName> restore the perf registry strings and info using <Backup-FileName> LODCTR /R rebuild the perf registry strings and info from scratch based on the current registry settings and backup INI files. LODCTR /T:<Service-Name> set the performance counter service as trusted. LODCTR /E:<Service-Name> enable the performance counter service. LODCTR /D:<Service-Name> disable the performance counter service. LODCTR /Q LODCTR /Q:<Service-Name> query the performance counter service information, either query all or specified one. LODCTR /M:<Counter-Manifest> install Windows Vista performance counter provider definition XML file to system repository. Note: any arguments with spaces in the names must be enclosed within Double Quotation marks.
Microsoft r Logman.exe (6.3.9600.16384) Usage: LOGMAN [create|query|start|stop|delete|update|import|export] [options] Verbs: create Create a new data collector. query Query data collector properties. If no name is given all data collectors are listed. start Start an existing data collector and set the begin time to manual. stop Stop an existing data collector and set the end time to manual. delete Delete an existing data collector. update Update an existing data collector's properties. import Import a data collector set from an XML file. export Export a data collector set to an XML file. Adverbs: counter Create a counter data collector. trace Create a trace data collector. alert Create an alert data collector. cfg Create a configuration data collector. providers Show registered providers. Options (counter): -c <path [path [...]]> Performance counters to collect. -cf <filename> File listing performance counters to collect, one per line. -f <bin|bincirc|csv|tsv|sql> Specifies the log format for the data collector. For SQL database format, you must use the -o option in the command line with the DNS!log option. The defaults is binary. -sc <value> Maximum number of samples to collect with a performance counter data collector. -si <[[hh:]mm:]ss> Sample interval for performance counter data collectors. Options (trace): -f <bin|bincirc|csv|tsv|sql> Specifies the log format for the data collector. For SQL database format, you must use the -o option in the command line with the DNS!log option. The defaults is binary. -mode <trace_mode> Event Trace Session logger mode. For more information visit - http://go.microsoft.com/fwlink/?LinkID=136464 -ct <perf|system|cycle> Specifies the clock resolution to use when logging the time stamp for each event. You can use query performance counter, system time, or CPU cycle. -ln <logger_name> Logger name for Event Trace Sessions. -ft <[[hh:]mm:]ss> Event Trace Session flush timer. -[-]p <provider [flags [level]]> A single Event Trace provider to enable. The terms 'Flags' and 'Keywords' are synonymous in this context. -pf <filename> File listing multiple Event Trace providers to enable. -[-]rt Run the Event Trace Session in real-time mode. -[-]ul Run the Event Trace Session in user mode. -bs <value> Event Trace Session buffer size in kb. -nb <min max> Number of Event Trace Session buffers. Options (alert): -[-]el Enable/Disable event log reporting. -th <threshold [threshold [...]]> Specify counters and their threshold values for and alert. -[-]rdcs <name> Data collector set to start when alert fires. -[-]tn <task> Task to run when alert fires. -[-]targ <argument> Task arguments. -si <[[hh:]mm:]ss> Sample interval for performance counter data collectors. Options (cfg): -[-]ni Enable/Disable network interface query. -reg <path [path [...]]> Registry values to collect. -mgt <query [query [...]]> WMI objects to collect. -ftc <path [path [...]]> Full path to the files to collect. Options: -? Displays context sensitive help. -s <computer> Perform the command on specified remote system. -config <filename> Settings file containing command options. [-n] <name> Name of the target object. -pid <pid> Process identifier. -xml <filename> Name of the XML file to import or export. -as Perform the requested operation asynchronously. -[-]u <user [password]> User to Run As. Entering a * for the password produces a prompt for the password. The password is not displayed when you type it at the password prompt. -m <[start] [stop]> Change to manual start or stop instead of a scheduled begin or end time. -rf <[[hh:]mm:]ss> Run the data collector for the specified period of time. -b <dd-MM-yyyy HH:mm:ss[AM|PM]> Begin the data collector at specified time. -e <dd-MM-yyyy HH:mm:ss[AM|PM]> End the data collector at specified time. -o <path|dsn!log> Path of the output log file or the DSN and log set name in a SQL database. The default path is '%systemdrive%\PerfLogs\Admin'. -[-]r Repeat the data collector daily at the specified begin and end times. -[-]a Append to an existing log file. -[-]ow Overwrite an existing log file. -[-]v <nnnnnn|mmddhhmm> Attach file versioning information to the end of the log name. -[-]rc <task> Run the command specified each time the log is closed. -[-]max <value> Maximum log file size in MB or number of records for SQL logs. -[-]cnf <[[hh:]mm:]ss> Create a new file when the specified time has elapsed or when the max size is exceeded. -y Answer yes to all questions without prompting. -fd Flushes all the active buffers of an existing Event Trace Session to disk. -ets Send commands to Event Trace Sessions directly without saving or scheduling. Note: Where [-] is listed, an extra - negates the option. For example --u turns off the -u option. More Information: Microsoft TechNet - http://go.microsoft.com/fwlink/?LinkID=136332 Examples: logman start perf_log logman update perf_log -si 10 -f csv -v mmddhhmm logman create counter perf_log -c "\Processor(_Total)\% Processor Time" logman create counter perf_log -c "\Processor(_Total)\% Processor Time" -max 10 -rf 01:00 logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile logman create alert new_alert -th "\Processor(_Total)\% Processor Time>50" logman create cfg cfg_log -reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\\" logman create cfg cfg_log -mgt "root\cimv2:SELECT * FROM Win32_OperatingSystem" logman query providers logman query providers Microsoft-Windows-Diagnostics-Networking logman start process_trace -p Microsoft-Windows-Kernel-Process 0x10 win:Informational -ets logman start usermode_trace -p "Service Control Manager Trace" -ul -ets logman query usermode_trace -p "Service Control Manager Trace" -ul -ets logman stop usermode_trace -p "Service Control Manager Trace" -ul -ets logman start process_trace -p Microsoft-Windows-Kernel-Process -mode newfile -max 1 -o output%d.etl -ets logman start "NT Kernel Logger" -o log.etl -ets logman start "NT Kernel Logger" -p "Windows Kernel Trace" (process,thread) -ets
Terminates a session. LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V] [/VM] sessionname The name of the session. sessionid The ID of the session. /SERVER:servername Specifies the Remote Desktop server containing the user session to log off (default is current). /V Displays information about the actions performed. /VM Logs off a session on server or within virtual machine. The unique ID of the session needs to be specified.
Cabinet Maker - Lossless Data Compression Tool MAKECAB [/V[n]] [/D var=value ...] [/L dir] source [destination] MAKECAB [/V[n]] [/D var=value ...] /F directive_file [...] source File to compress. destination File name to give compressed file. If omitted, the last character of the source file name is replaced with an underscore (_) and used as the destination. /F directives A file with MakeCAB directives (may be repeated). Refer to Microsoft Cabinet SDK for information on directive_file. /D var=value Defines variable with specified value. /L dir Location to place destination (default is current directory). /V[n] Verbosity level (1..3).
BitLocker Drive Encryption: Configuration Tool version 6.3.9600 Copyright (C) 2013 Microsoft Corporation. All rights reserved. manage-bde[.exe] -parameter [arguments] Description: Configures BitLocker Drive Encryption on disk volumes. Parameter List: -status Provides information about BitLocker-capable volumes. -on Encrypts the volume and turns BitLocker protection on. -off Decrypts the volume and turns BitLocker protection off. -pause Pauses encryption, decryption, or free space wipe. -resume Resumes encryption, decryption, or free space wipe. -lock Prevents access to BitLocker-encrypted data. -unlock Allows access to BitLocker-encrypted data. -autounlock Manages automatic unlocking of data volumes. -protectors Manages protection methods for the encryption key. -SetIdentifier or -si Configures the identification field for a volume. -ForceRecovery or -fr Forces a BitLocker-protected OS to recover on restarts. -changepassword Modifies password for a data volume. -changepin Modifies PIN for a volume. -changekey Modifies startup key for a volume. -KeyPackage or -kp Generates a key package for a volume. -upgrade Upgrades the BitLocker version. -WipeFreeSpace or -w Wipes the free space on the volume. -ComputerName or -cn Runs on another computer. Examples: "ComputerX", "127.0.0.1" -? or /? Displays brief help. Example: "-ParameterSet -?" -Help or -h Displays complete help. Example: "-ParameterSet -h" Examples: manage-bde -status manage-bde -on C: -RecoveryPassword -RecoveryKey F:\ manage-bde -unlock E: -RecoveryKey F:\84E151C1...7A62067A512.bek
Creates a directory. MKDIR [drive:]path MD [drive:]path If Command Extensions are enabled MKDIR changes as follows: MKDIR creates any intermediate directories in the path, if needed. For example, assume \a does not exist then: mkdir \a\b\c\d is the same as: mkdir \a chdir \a mkdir b chdir b mkdir c chdir c mkdir d which is what you would have to type if extensions were disabled.
Displays the amount of used and free memory in your system. MEM [/PROGRAM | /DEBUG | /CLASSIFY] /PROGRAM or /P Displays status of programs currently loaded in memory. /DEBUG or /D Displays status of programs, internal drivers, and other information. /CLASSIFY or /C Classifies programs by memory usage. Lists the size of programs, provides a summary of memory in use, and lists largest memory block available.
Creates a directory. MKDIR [drive:]path MD [drive:]path If Command Extensions are enabled MKDIR changes as follows: MKDIR creates any intermediate directories in the path, if needed. For example, assume \a does not exist then: mkdir \a\b\c\d is the same as: mkdir \a chdir \a mkdir b chdir b mkdir c chdir c mkdir d which is what you would have to type if extensions were disabled.
Creates a symbolic link. MKLINK [[/D] | [/H] | [/J]] Link Target /D Creates a directory symbolic link. Default is a file symbolic link. /H Creates a hard link instead of a symbolic link. /J Creates a Directory Junction. Link specifies the new symbolic link name. Target specifies the path (relative or absolute) that the new link refers to.
Configures system devices. Serial port: MODE COMm[:] [BAUD=b] [PARITY=p] [DATA=d] [STOP=s] [to=on|off] [xon=on|off] [odsr=on|off] [octs=on|off] [dtr=on|off|hs] [rts=on|off|hs|tg] [idsr=on|off] Device Status: MODE [device] [/STATUS] Redirect printing: MODE LPTn[:]=COMm[:] Select code page: MODE CON[:] CP SELECT=yyy Code page status: MODE CON[:] CP [/STATUS] Display mode: MODE CON[:] [COLS=c] [LINES=n] Typematic rate: MODE CON[:] [RATE=r DELAY=d]
Displays output one screen at a time. MORE [/E [/C] [/P] [/S] [/Tn] [+n]] < [drive:][path]filename command-name | MORE [/E [/C] [/P] [/S] [/Tn] [+n]] MORE /E [/C] [/P] [/S] [/Tn] [+n] [files] [drive:][path]filename Specifies a file to display one screen at a time. command-name Specifies a command whose output will be displayed. /E Enable extended features /C Clear screen before displaying page /P Expand FormFeed characters /S Squeeze multiple blank lines into a single line /Tn Expand tabs to n spaces (default 8) Switches can be present in the MORE environment variable. +n Start displaying the first file at line n files List of files to be displayed. Files in the list are separated by blanks. If extended features are enabled, the following commands are accepted at the -- More -- prompt: P n Display next n lines S n Skip next n lines F Display next file Q Quit = Show line number ? Show help line <space> Display next page <ret> Display next line
Creates, deletes, or lists a volume mount point. MOUNTVOL [drive:]path VolumeName MOUNTVOL [drive:]path /D MOUNTVOL [drive:]path /L MOUNTVOL [drive:]path /P MOUNTVOL /R MOUNTVOL /N MOUNTVOL /E path Specifies the existing NTFS directory where the mount point will reside. VolumeName Specifies the volume name that is the target of the mount point. /D Removes the volume mount point from the specified directory. /L Lists the mounted volume name for the specified directory. /P Removes the volume mount point from the specified directory, dismounts the volume, and makes the volume not mountable. You can make the volume mountable again by creating a volume mount point. /R Removes volume mount point directories and registry settings for volumes that are no longer in the system. /N Disables automatic mounting of new volumes. /E Re-enables automatic mounting of new volumes. Possible values for VolumeName along with current mount points are: \\?\Volume{c661ca5f-2b59-11e2-af9b-806e6f6e6963}\ C:\ \\?\Volume{c661ca60-2b59-11e2-af9b-806e6f6e6963}\ D:\
Moves files and renames files and directories. To move one or more files: MOVE [/Y | /-Y] [drive:][path]filename1[,...] destination To rename a directory: MOVE [/Y | /-Y] [drive:][path]dirname1 dirname2 [drive:][path]filename1 Specifies the location and name of the file or files you want to move. destination Specifies the new location of the file. Destination can consist of a drive letter and colon, a directory name, or a combination. If you are moving only one file, you can also include a filename if you want to rename the file when you move it. [drive:][path]dirname1 Specifies the directory you want to rename. dirname2 Specifies the new name of the directory. /Y Suppresses prompting to confirm you want to overwrite an existing destination file. /-Y Causes prompting to confirm you want to overwrite an existing destination file. The switch /Y may be present in the COPYCMD environment variable. This may be overridden with /-Y on the command line. Default is to prompt on overwrites unless MOVE command is being executed from within a batch script.
Usage: mrinfo [-n?] [-i address] [-t secs] [-r retries] destination -n Display IP addresses in numeric format -i address Address of local interface to send query out -t seconds Timeout in seconds for IGMP queries (default = 3 seconds) -r retries Number of extra times to send the SNMP queries (default = 0) -? Print Usage destination Address or name of destination
Send a message to a user. MSG {username | sessionname | sessionid | @filename | *} [/SERVER:servername] [/TIME:seconds] [/V] [/W] [message] username Identifies the specified username. sessionname The name of the session. sessionid The ID of the session. @filename Identifies a file containing a list of usernames, sessionnames, and sessionids to send the message to. * Send message to all sessions on specified server. /SERVER:servername server to contact (default is current). /TIME:seconds Time delay to wait for receiver to acknowledge msg. /V Display information about actions being performed. /W Wait for response from user, useful with /V. message Message to send. If none specified, prompts for it or reads from stdin.
Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [interval] ] -a (adapter status) Lists the remote machine's name table given its name -A (Adapter status) Lists the remote machine's name table given its IP address. -c (cache) Lists NBT's cache of remote [machine] names and their IP addresses -n (names) Lists local NetBIOS names. -r (resolved) Lists names resolved by broadcast and via WINS -R (Reload) Purges and reloads the remote cache name table -S (Sessions) Lists sessions table with the destination IP addresses -s (sessions) Lists sessions table converting destination IP addresses to computer NETBIOS names. -RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh RemoteName Remote host machine name. IP address Dotted decimal representation of the IP address. interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics.
The syntax of this command is: NET [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP | HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START | STATISTICS | STOP | TIME | USE | USER | VIEW ]
netcfg [-v] [-e] [-winpe] [-l <full-path-to-component-INF>] -c <p|s|c> -i <comp-id> -winpe installs TCP/IP, NetBIOS and Microsoft Client for Windows preinstallation environment -l provides the location of INF -c provides the class of the component to be installed (p == Protocol, s == Service, c == Client) -i provides the component ID The arguments must be passed in the order shown. Examples: netcfg -l c:\oemdir\myprot.inf -c p -i myprot Installs protocol 'myprot' using c:\oemdir\myprot.inf netcfg -c s -i MS_Server Installs service 'MS_Server' OR netcfg [-v] -winpe Example: netcfg -v -winpe Installs TCP/IP, NetBIOS, and Microsoft Client for Windows preinstallation environment OR netcfg [-v] -q <comp-id> Example: netcfg -q MS_IPX Displays if component 'MS_IPX' is installed OR netcfg [-v] [-e] -u <comp-id> Example: netcfg -u MS_IPX Uninstalls component 'MS_IPX' OR netcfg [-v] -s <a|n> -s provides the type of components to show (a == adapters, n == net components) Example: netcfg -s n Shows all installed net components OR netcfg [-v] -b <comp-id> Example: netcfg -b ms_tcpip Shows binding paths containing 'MS_TCPIP' General Notes: -v Run in verbose (detailed) mode -e Use servicing environment variables during install and uninstall -? Displays this help information
Usage: NETSH [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]UserName] [-p Password | *] [Command | -f ScriptFile] The following commands are available: Commands in this context: ? - Displays a list of commands. add - Adds a configuration entry to a list of entries. advfirewall - Changes to the `netsh advfirewall' context. branchcache - Changes to the `netsh branchcache' context. bridge - Changes to the `netsh bridge' context. delete - Deletes a configuration entry from a list of entries. dhcpclient - Changes to the `netsh dhcpclient' context. dnsclient - Changes to the `netsh dnsclient' context. dump - Displays a configuration script. exec - Runs a script file. firewall - Changes to the `netsh firewall' context. help - Displays a list of commands. http - Changes to the `netsh http' context. interface - Changes to the `netsh interface' context. ipsec - Changes to the `netsh ipsec' context. lan - Changes to the `netsh lan' context. mbn - Changes to the `netsh mbn' context. namespace - Changes to the `netsh namespace' context. nap - Changes to the `netsh nap' context. netio - Changes to the `netsh netio' context. p2p - Changes to the `netsh p2p' context. ras - Changes to the `netsh ras' context. rpc - Changes to the `netsh rpc' context. set - Updates configuration settings. show - Displays information. trace - Changes to the `netsh trace' context. wcn - Changes to the `netsh wcn' context. wfp - Changes to the `netsh wfp' context. winhttp - Changes to the `netsh winhttp' context. winsock - Changes to the `netsh winsock' context. wlan - Changes to the `netsh wlan' context. The following sub-contexts are available: advfirewall branchcache bridge dhcpclient dnsclient firewall http interface ipsec lan mbn namespace nap netio p2p ras rpc trace wcn wfp winhttp winsock wlan To view help for a command, type the command, followed by a space, and then type ?.
Displays protocol statistics and current TCP/IP network connections. NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval] -a Displays all connections and listening ports. -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions. -e Displays Ethernet statistics. This may be combined with the -s option. -f Displays Fully Qualified Domain Names (FQDN) for foreign addresses. -n Displays addresses and port numbers in numerical form. -o Displays the owning process ID associated with each connection. -p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default. -t Displays the current connection offload state. -x Displays NetworkDirect connections, listeners, and shared endpoints. -y Displays the TCP connection template for all connections. Cannot be combined with the other options. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.
Loads country-specific information. NLSFUNC [[drive:][path]filename] [drive:][path]filename Specifies the file containing country-specific information.
Usage: nltest [/OPTIONS] /SERVER:<ServerName> - Specify <ServerName> /QUERY - Query <ServerName> netlogon service /REPL - Force partial sync on <ServerName> BDC /SYNC - Force full sync on <ServerName> BDC /PDC_REPL - Force UAS change message from <ServerName> PDC /SC_QUERY:<DomainName> - Query secure channel for <Domain> on <ServerName> /SC_RESET:<DomainName>[\<DcName>] - Reset secure channel for <Domain> on <ServerName> to <DcName> /SC_VERIFY:<DomainName> - Verify secure channel for <Domain> on <ServerName> /SC_CHANGE_PWD:<DomainName> - Change a secure channel password for <Domain> on <ServerName> /DCLIST:<DomainName> - Get list of DC's for <DomainName> /DCNAME:<DomainName> - Get the PDC name for <DomainName> /DSGETDC:<DomainName> - Call DsGetDcName /PDC /DS /DSP /GC /KDC /TIMESERV /GTIMESERV /WS /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG /DS_6 /DS_8 /DS_9 /TRY_NEXT_CLOSEST_SITE /SITE:<SiteName> /ACCOUNT:<AccountName> /RET_DNS /RET_NETBIOS /DNSGETDC:<DomainName> - Call DsGetDcOpen/Next/Close /PDC /GC /KDC /WRITABLE /LDAPONLY /FORCE /SITESPEC /DSGETFTI:<DomainName> - Call DsGetForestTrustInformation /UPDATE_TDO /DSGETSITE - Call DsGetSiteName /DSGETSITECOV - Call DsGetDcSiteCoverage /DSADDRESSTOSITE:[MachineName] - Call DsAddressToSiteNamesEx /ADDRESSES:<Address1,Address2,...> /PARENTDOMAIN - Get the name of the parent domain of this machine /WHOWILL:<Domain>* <User> [<Iteration>] - See if <Domain> will log on <User> /FINDUSER:<User> - See which trusted domain will log on <User> /TRANSPORT_NOTIFY - Notify netlogon of new transport /DBFLAG:<HexFlags> - New debug flag /USER:<UserName> - Query User info on <ServerName> /TIME:<Hex LSL> <Hex MSL> - Convert NT GMT time to ascii /LOGON_QUERY - Query number of cumulative logon attempts /DOMAIN_TRUSTS - Query domain trusts on <ServerName> /PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V /DSREGDNS - Force registration of all DC-specific DNS records /DSDEREGDNS:<DnsHostName> - Deregister DC-specific DNS records for specified DC /DOM:<DnsDomainName> /DOMGUID:<DomainGuid> /DSAGUID:<DsaGuid> /DSQUERYDNS - Query the status of the last update for all DC-specific DNS records /BDC_QUERY:<DomainName> - Query replication status of BDCs for <DomainName> /LIST_DELTAS:<FileName> - display the content of given change log file /CDIGEST:<Message> /DOMAIN:<DomainName> - Get client digest /SDIGEST:<Message> /RID:<RID in hex> - Get server digest /SHUTDOWN:<Reason> [<Seconds>] - Shutdown <ServerName> for <Reason> /SHUTDOWN_ABORT - Abort a system shutdown
Usage: nslookup [-opt ...] # interactive mode using default server nslookup [-opt ...] - server # interactive mode using 'server' nslookup [-opt ...] host # just look up 'host' using default server nslookup [-opt ...] host server # just look up 'host' using 'server'
OPENFILES /parameter [arguments] Description: Enables an administrator to list or disconnect files and folders that have been opened on a system. Parameter List: /Disconnect Disconnects one or more open files. /Query Displays files opened locally or from shared folders. /Local Enables / Disables the display of local open files. /? Displays this help message. Examples: OPENFILES /Disconnect /? OPENFILES /Query /? OPENFILES /Local /?
Displays or sets a search path for executable files. PATH [[drive:]path[;...][;%PATH%] PATH ; Type PATH ; to clear all search-path settings and direct cmd.exe to search only in the current directory. Type PATH without parameters to display the current path. Including %PATH% in the new path setting causes the old path to be appended to the new setting.
Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-4] [-6] target_name Options: -g host-list Loose source route along host-list. -h maximum_hops Maximum number of hops to search for target. -i address Use the specified source address. -n Do not resolve addresses to hostnames. -p period Wait period milliseconds between pings. -q num_queries Number of queries per hop. -w timeout Wait timeout milliseconds for each reply. -4 Force using IPv4. -6 Force using IPv6.
Suspends processing of a batch program and displays the message Press any key to continue . . .
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] [-R] [-S srcaddr] [-c compartment] [-p] [-4] [-6] target_name Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet (IPv4-only). -i TTL Time To Live. -v TOS Type Of Service (IPv4-only. This setting has been deprecated and has no effect on the type of service field in the IP Header). -r count Record route for count hops (IPv4-only). -s count Timestamp for count hops (IPv4-only). -j host-list Loose source route along host-list (IPv4-only). -k host-list Strict source route along host-list (IPv4-only). -w timeout Timeout in milliseconds to wait for each reply. -R Use routing header to test reverse route also (IPv6-only). Per RFC 5095 the use of this routing header has been deprecated. Some systems may drop echo requests if this header is used. -S srcaddr Source address to use. -c compartment Routing compartment identifier. -p Ping a Hyper-V Network Virtualization provider address. -4 Force using IPv4. -6 Force using IPv6.
DESCRIPTION: AuditSystem, Unattend online driver install USAGE: PnPUnattend.exe [auditSystem | /help /? /h] [/s] [/L] auditSystem Online driver install. /help /? /h This help. /s Search without installing. /L Print Logging information to the command line.
Microsoft PnP Utility Usage: ------ pnputil.exe [-f | -i] [ -? | -a | -d | -e ] <INF name> Examples: pnputil.exe -a a:\usbcam\USBCAM.INF -> Add package specified by USBCAM.INF pnputil.exe -a c:\drivers\*.inf -> Add all packages in c:\drivers\ pnputil.exe -i -a a:\usbcam\USBCAM.INF -> Add and install driver package pnputil.exe -e -> Enumerate all 3rd party packages pnputil.exe -d oem0.inf -> Delete package oem0.inf pnputil.exe -f -d oem0.inf -> Force delete package oem0.inf pnputil.exe -? -> This usage screen
Changes to the directory stored by the PUSHD command. POPD If Command Extensions are enabled the POPD command will delete any temporary drive letter created by PUSHD when you POPD that drive off the pushed directory stack.
POWERCFG /COMMAND [ARGUMENTS] Description: Enables users to control power settings on a local system. For detailed command and option information, run "POWERCFG /? <COMMAND>" Command List: /LIST, /L Lists all power schemes. /QUERY, /Q Displays the contents of a power scheme. /CHANGE, /X Modifies a setting value in the current power scheme. /CHANGENAME Modifies the name and description of a power scheme. /DUPLICATESCHEME Duplicates a power scheme. /DELETE, /D Deletes a power scheme. /DELETESETTING Deletes a power setting. /SETACTIVE, /S Makes a power scheme active on the system. /GETACTIVESCHEME Retrieves the currently active power scheme. /SETACVALUEINDEX Sets the value associated with a power setting while the system is powered by AC power. /SETDCVALUEINDEX Sets the value associated with a power setting while the system is powered by DC power. /IMPORT Imports all power settings from a file. /EXPORT Exports a power scheme to a file. /ALIASES Displays all aliases and their corresponding GUIDs. /GETSECURITYDESCRIPTOR Gets a security descriptor associated with a specified power setting, power scheme, or action. /SETSECURITYDESCRIPTOR Sets a security descriptor associated with a power setting, power scheme, or action. /HIBERNATE, /H Enables and disables the hibernate feature. /AVAILABLESLEEPSTATES, /A Reports the sleep states available on the system. /DEVICEQUERY Returns a list of devices that meet specified criteria. /DEVICEENABLEWAKE Enables a device to wake the system from a sleep state. /DEVICEDISABLEWAKE Disables a device from waking the system from a sleep state. /LASTWAKE Reports information about what woke the system from the last sleep transition. /WAKETIMERS Enumerates active wake timers. /REQUESTS Enumerates application and driver Power Requests. /REQUESTSOVERRIDE Sets a Power Request override for a particular Process, Service, or Driver. /ENERGY Analyzes the system for common energy-efficiency and battery life problems. /BATTERYREPORT Generates a report of battery usage. /SLEEPSTUDY Generates a diagnostic connected standby report.
Prints a text file. PRINT [/D:device] [[drive:][path]filename[...]] /D:device Specifies a print device.
Access the Backup Recovery Migration tool through a command line interface. PrintBrm -B|R|Q [-S <server>] -F <file> [-D <directory>] [-O FORCE] [-P ALL|ORIG] [-NOBIN] [-LPR2TCP] [-C <config file>] [-NOACL] [-?] -B Backup the server to the specified file -R Restore the configuration in the file to the server -Q Query the server or the backup file -S <server name> Target server -F <file name> Target backup File -D <directory> Unpack the backup file to (with -R) or repack a backup file from (with -B) the given directory -O FORCE Force overwriting of existing objects -P ALL|ORIG Publish all printers in directory, or publish printers that were published originally -NOBIN Omit the binaries from the backup -LPR2TCP Convert LPR ports to Standard TCP/IP ports on restore -C <file name> Use the specified configuration file for BRM -NOACL Remove ACLs from print queues on restore -? Display this help
Changes the cmd.exe command prompt. PROMPT [text] text Specifies a new command prompt. Prompt can be made up of normal characters and the following special codes: $A & (Ampersand) $B | (pipe) $C ( (Left parenthesis) $D Current date $E Escape code (ASCII code 27) $F ) (Right parenthesis) $G > (greater-than sign) $H Backspace (erases previous character) $L < (less-than sign) $N Current drive $P Current drive and path $Q = (equal sign) $S (space) $T Current time $V Windows version number $_ Carriage return and linefeed $$ $ (dollar sign) If Command Extensions are enabled the PROMPT command supports the following additional formatting characters: $+ zero or more plus sign (+) characters depending upon the depth of the PUSHD directory stack, one character for each level pushed. $M Displays the remote name associated with the current drive letter or the empty string if current drive is not a network drive.
PsExec v1.98 - Execute processes remotely Copyright (C) 2001-2010 Mark Russinovich Sysinternals - www.sysinternals.com PsExec executes a program on a remote system, where remotely executed console applications execute interactively. Usage: psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd][-n s][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments] -a Separate processors on which the application can run with commas where 1 is the lowest numbered CPU. For example, to run the application on CPU 2 and CPU 4, enter: "-a 2,4" -c Copy the specified program to the remote system for execution. If you omit this option the application must be in the system path on the remote system. -d Don't wait for process to terminate (non-interactive). -e Does not load the specified account's profile. -f Copy the specified program even if the file already exists on the remote system. -i Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session. -h If the target system is Vista or higher, has the process run with the account's elevated token, if available. -l Run process as limited user (strips the Administrators group and allows only privileges assigned to the Users group). On Windows Vista the process runs with Low Integrity. -n Specifies timeout in seconds connecting to remote computers. -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. -s Run the remote process in the System account. -u Specifies optional user name for login to remote computer. -v Copy the specified file only if it has a higher version number or is newer on than the one on the remote system. -w Set the working directory of the process (relative to remote computer). -x Display the UI on the Winlogon secure desktop (local system only). -priority Specifies -low, -belownormal, -abovenormal, -high or -realtime to run the process at a different priority. Use -background to run at low memory and I/O priority on Vista. computer Direct PsExec to run the application on the remote computer or computers specified. If you omit the computer name PsExec runs the application on the local system, and if you specify a wildcard (\\*), PsExec runs the command on all computers in the current domain. @file PsExec will execute the command on each of the computers listed in the file. program Name of application to execute. arguments Arguments to pass (note that file paths must be absolute paths on the target system). You can enclose applications that have spaces in their name with quotation marks e.g. psexec \\marklap "c:\long name app.exe". Input is only passed to the remote system when you press the enter key, and typing Ctrl-C terminates the remote process. If you omit a user name the process will run in the context of your account on the remote system, but will not have access to network resources (because it is impersonating). Specify a valid user name in the Domain\User syntax if the remote process requires access to network resources or to run in a different account. Note that the password is transmitted in clear text to the remote system. Error codes returned by PsExec are specific to the applications you execute, not PsExec.
psfile v1.02 - psfile Copyright © 2001 Mark Russinovich Sysinternals PsFile lists or closes files opened remotely. Usage: PSFILE [\\RemoteComputer [-u Username [-p Password]]] [[Id | path] [-c]] -u Specifies optional user name for login to remote computer. -p Specifies password for user name. Id Id of file to print information for or close. Path Full or partial path of files to match. -c Closes file identified by file Id. Omitting a file identifier has PsFile list all files opened remotely.
PsGetSid v1.44 - Translates SIDs to names and vice versa Copyright (C) 1999-2008 Mark Russinovich Sysinternals - www.sysinternals.com Usage: PSGETSID [\\computer[,computer2[,...] | @file] [-u Username [-p Password]]] [account | SID] -u Specifies optional user name for login to remote computer. -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. account PsGetSid will report the SID for the specified user account rather than the computer. SID PsGetSid will report the account for the specified SID. computer Direct PsGetSid to perform the command on the remote computer or computers specified. If you omit the computer name PsGetSid runs the command on the local system, and if you specify a wildcard (\\*), PsGetSid runs the command on all computers in the current domain. @file PsGetSid will execute the command on each of the computers listed in the file.
PsInfo v1.77 - Local and remote system information viewer Copyright (C) 2001-2009 Mark Russinovich Sysinternals - www.sysinternals.com PsInfo returns information about a local or remote Windows NT/2000/XP system. Usage: psinfo [-h] [-s] [-d] [-c [-t delimiter]] [filter] [\\computer[,computer[,..]]|@file [-u Username [-p Password]]] -u Specifies optional user name for login to remote computer. -p Specifies password for user name. -h Show installed hotfixes. -s Show installed software. -d Show disk volume information. -c Print in CSV format -t The default delimiter for the -c option is a comma, but can be overriden with the specified character. Use "\t" to specify tab. filter Psinfo will only show data for the field matching the filter. e.g. "psinfo service" lists only the service pack field. computer Direct PsInfo to perform the command on the remote computer or computers specified. If you omit the computer name PsInfo runs the command on the local system, and if you specify a wildcard (\\*), PsInfo runs the command on all computers in the current domain. @file PsInfo will run against the computers listed in the file specified.
PsKill v1.15 - Terminates processes on local or remote systems Copyright (C) 1999-2012 Mark Russinovich Sysinternals - www.sysinternals.com Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name> -t Kill the process and its descendants. -u Specifies optional user name for login to remote computer. -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
pslist v1.3 - Sysinternals PsList Copyright (C) 2000-2012 Mark Russinovich Sysinternals - www.sysinternals.com Usage: PSLIST [-d][-m][-x][-t][-s [n] [-r n] [\\computer [-u username][-p password][name|pid] -d Show thread detail. -m Show memory detail. -x Show processes, memory information and threads. -t Show process tree. -s [n] Run in task-manager mode, for optional seconds specified. Press Escape to abort. -r n Task-manager mode refresh rate in seconds (default is 1). \\computer Specifies remote computer. -u Optional user name for remote login. -p Optional password for remote login. If you don't present on the command line pslist will prompt you for it if necessary. name Show information about processes that begin with the name specified. -e Exact match the process name. pid Show information about specified process. All memory values are displayed in KB. Abbreviation key: Pri Priority Thd Number of Threads Hnd Number of Handles VM Virtual Memory WS Working Set Priv Private Virtual Memory Priv Pk Private Virtual Memory Peak Faults Page Faults NonP Non-Paged Pool Page Paged Pool Cswtch Context Switches
PsLoggedon v1.34 - See who's logged on Copyright (C) 2000-2010 Mark Russinovich Sysinternals - www.sysinternals.com Usage: PSLOGGEDON [-l] [-x] [\\computername] or PSLOGGEDON [username] -l Show only local logons -x Don't show logon times
PsLoglist v2.71 - local and remote event log viewer Copyright (C) 2000-2009 Mark Russinovich Sysinternals - www.sysinternals.com PsLogList dumps event logs on a local or remote NT system. Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event source[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file] <event log> @file Psloglist will execute the command on each of the computers listed in the file. -a Dump records timestamped after specified date. -b Dump records timestamped before specified date. -c Clear event log after displaying. -d Only display records from previous n days. -e Exclude events with the specified ID or IDs (up to 10). -f Filter event types, using starting letter (e.g. "-f we" to filter warnings and errors). -g Export an event log as an evt file. -h Only display records from previous n hours. -i Show only events with the specified ID or IDs (up to 10). -l Dump the contents of the specified saved event log file. -m Only display records from previous n minutes. -n Only display n most recent records. -o Show only records from the specified event source or sources (e.g. "-o cdrom"). Append '*' to specify substring match. -p Specifies password for user name. -q Omit records from the specified event source or sources (e.g. "-q cdrom"). Append '*' to specify substring match. -r Dump log from least recent to most recent. -s Records are listed on one line each with delimited fields, which is convenient for string searches. -t The default delimiter for the -s option is a comma, but can be overriden with the specified character. Use "\t" to specify tab. -u Specifies optional user name for login to remote computer. -w Wait for new events, dumping them as they generate (local system only.) -x Dump extended data. -z List event logs registered on specified system. eventlog Specifies event log to dump. Default is system. If the -l switch is present then the event log name specifies how to interpret the event log file.
PsPasswd v1.23 - Local and remote password changer Copyright (C) 2003-2010 Mark Russinovich Sysinternals - www.sysinternals.com PsPasswd changes passwords on a local or remote system. Usage for local accounts: pspasswd [\\[computer[,computer,[,...]]|@file] [-u Username [-p Password]]] Account [NewPassword] Usage for domain accounts: pspasswd Domain\Account [NewPassword] computer Computer or computers on which the local account exists. If you omit the computer name, the local computer is assumed. If you specify a wildcard (\\*), PsPasswd runs the command on all computers in the current domain or workgroup. @file PsPasswd will change the password on the computers listed in the file. -u Specifies optional user name for login to remote computer. -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. Domain Specifies name of the domain of the target account. Account Specifies name of the account for password change. NewPassword New password. If omitted a NULL password is applied.
PsService v2.24 - Service information and configuration utility Copyright (C) 2001-2010 Mark Russinovich Sysinternals - www.sysinternals.com PsService lists or controls services on a local or remote system. Usage: PSSERVICE [\\Computer [-u Username [-p Password]]] <cmd> <optns> Cmd is one of the following: query Queries the status of a service config Queries the configuration setconfig Sets the configuration start Starts a service stop Stops a service restart Stops and then restarts a service pause Pauses a service cont Continues a paused service depend Enumerates the services that depend on the one specified find Searches for an instance of a service on the network security Reports the security permissions assigned to a service Use the username and password to log into the remote computer in cases where your account does not have permissions to perform the action you specify. Omitting a command queries the active services on the specified computer. Enter -? for help on a particular command.
PsShutdown v2.52 - Shutdown, logoff and power manage local and remote systems Copyright (C) 1999-2006 Mark Russinovich Sysinternals - www.sysinternals.com usage: psshutdown -s|-r|-h|-d|-k|-a|-l|-o [-f] [-c] [-t [nn|h:m]] [-v nn] [-e [u|p]:xx:yy] [-m "message"] [-u Username [-p password]] [-n s] [\\computer[,computer[,...]|@file] -a Abort a shutdown (only possible while countdown is in progress) -c Allow the shutdown to be aborted by the interactive user -d Suspend the computer -e Shutdown reason code (available on Windows XP and higher). Specify 'u' for unplanned and 'p' for planned shutdown reason codes. xx is the major reason code (must be less than 256) yy is the minor reason code (must be less than 65536) -f Forces running applications to close -h Hibernate the computer -k Poweroff the computer (reboot if poweroff is not supported) -l Lock the computer -m Message to display to logged on users -n Specifies timeout in seconds connecting to remote computers -o Logoff the console user -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password. -r Reboot after shutdown -s Shutdown without poweroff -t Specifies countdown in seconds until shutdown (default is 20) or the time of shutdown (in 24 hour notation) -u Specifies optional user name for login to remote computer. -v Display message for the specified number of seconds before the shutdown. If you omit this parameter the shutdown notification dialog displays and specifying a value of 0 omits the dialog. computer Shutdown the computer or computers specified @file Shutdown the computers listed in the file specified Reasons defined on this computer (U = unplanned, P = planned): Type Major Minor Title U 0 0 Other (Unplanned) P 0 0 Other (Planned) U 1 1 Hardware: Maintenance (Unplanned) P 1 1 Hardware: Maintenance (Planned) U 1 2 Hardware: Installation (Unplanned) P 1 2 Hardware: Installation (Planned) U 2 2 Operating System: Recovery (Unplanned) P 2 2 Operating System: Recovery (Planned) P 2 3 Operating System: Upgrade (Planned) U 2 4 Operating System: Reconfiguration (Unplanned) P 2 4 Operating System: Reconfiguration (Planned) P 2 16 Operating System: Service pack (Planned) U 2 17 Operating System: Hot fix (Unplanned) P 2 17 Operating System: Hot fix (Planned) U 2 18 Operating System: Security fix (Unplanned) P 2 18 Operating System: Security fix (Planned) U 4 1 Application: Maintenance (Unplanned) P 4 1 Application: Maintenance (Planned) P 4 2 Application: Installation (Planned) U 4 5 Application: Unresponsive U 4 6 Application: Unstable U 5 19 Security issue (Unplanned) P 5 19 Security issue (Planned) U 5 20 Loss of network connectivity (Unplanned) P 7 0 Legacy API shutdown
PsSuspend v1.06 - Process Suspender Copyright © 2001-2003 Mark Russinovich Sysinternals PsSuspend suspends or resumes processes on a local or remote NT system. Usage: pssuspend [-r] [\\RemoteComputer [-u Username [-p Password]]] <process Id or name> -r Resume. -u Specifies optional user name for login to remote computer. -p Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
Stores the current directory for use by the POPD command, then changes to the specified directory. PUSHD [path | ..] path Specifies the directory to make the current directory. If Command Extensions are enabled the PUSHD command accepts network paths in addition to the normal drive letter and path. If a network path is specified, PUSHD will create a temporary drive letter that points to that specified network resource and then change the current drive and directory, using the newly defined drive letter. Temporary drive letters are allocated from Z: on down, using the first unused drive letter found.
Displays the available Remote Desktop Session Host servers on the network. QUERY TERMSERVER [servername] [/DOMAIN:domain] [/ADDRESS] [/CONTINUE] servername Identifies a Remote Desktop Session Host server. /DOMAIN:domain Displays information for the specified domain (defaults to the current domain). /ADDRESS Displays network and node addresses. /CONTINUE Does not pause after each screen of information.
Displays information about processes. QUERY PROCESS [* | processid | username | sessionname | /ID:nn | programname] [/SERVER:servername] * Display all visible processes. processid Display process specified by processid. username Display all processes belonging to username. sessionname Display all processes running at sessionname. /ID:nn Display all processes running at session nn. programname Display all processes associated with programname. /SERVER:servername The Remote Desktop Session Host server to be queried.
QUERY { PROCESS | SESSION | TERMSERVER | USER }
Display information about users logged on to the system. QUERY USER [username | sessionname | sessionid] [/SERVER:servername] username Identifies the username. sessionname Identifies the session named sessionname. sessionid Identifies the session with ID sessionid. /SERVER:servername The server to be queried (default is current).
Display information about Remote Desktop Services sessions. QUERY SESSION [sessionname | username | sessionid] [/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER] [/VM] sessionname Identifies the session named sessionname. username Identifies the session with user username. sessionid Identifies the session with ID sessionid. /SERVER:servername The server to be queried (default is current). /MODE Display current line settings. /FLOW Display current flow control settings. /CONNECT Display current connect settings. /COUNTER Display current Remote Desktop Services counters information. /VM Display information about sessions within virtual machines.
USAGE: RASDIAL entryname [username [password|*]] [/DOMAIN:domain] [/PHONE:phonenumber] [/CALLBACK:callbacknumber] [/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX] RASDIAL [entryname] /DISCONNECT RASDIAL Please refer to our privacy statement at 'http://go.microsoft.com/fwlink/?linkid=280262'
Removes (deletes) a directory. RMDIR [/S] [/Q] [drive:]path RD [/S] [/Q] [drive:]path /S Removes all directories and files in the specified directory in addition to the directory itself. Used to remove a directory tree. /Q Quiet mode, do not ask if ok to remove a directory tree with /S
Configures the Windows Recovery Environment (Windows RE) and system reset. REAGENTC.EXE <command> <arguments> The following commands can be specified: /info - Displays Windows RE and system reset configuration information. /setreimage - Sets the location of the custom Windows RE image. /enable - Enables Windows RE. /disable - Disables Windows RE. /boottore - Configures the system to start Windows RE next time the system starts up. /setosimage - Sets the location of the recovery image used by system reset. /setbootshelllink - Adds an entry to the Reset and Restore page in the boot menu. For more information about these commands and their arguments, type REAGENTC.EXE <command> /?. Examples: REAGENTC.EXE /setreimage /? REAGENTC.EXE /disable /? REAGENTC.EXE: Operation Successful.
Configures the recovery image Windows uses to refresh your PC. RECIMG.EXE <command> <arguments> The recimg.exe command line tool lets you configure a custom recovery image for Windows to use when you refresh your PC. When you create a custom recovery image, it will contain the desktop apps you've installed, and the Windows system files in their current state. Recovery images do not contain your documents, personal settings, user profiles, or apps from Windows Store, because that information is preserved at the time you refresh your PC. When you create a custom recovery image, recimg will store it in the specified directory, and set it as the active recovery image. If a custom recovery image is set as the active recovery image, Windows will use it when you refresh your PC. You can use the /setcurrent and /deregister options to select which recovery image Windows will use. All recovery images have the filename CustomRefresh.wim. If no CustomRefresh.wim file is found in the active recovery image directory, Windows will fall back to the default image (or to installation media) when you refresh your PC. Note that you cannot reset your PC using a custom recovery image. Custom recovery images can only be used to refresh your PC. The following commands can be specified: /createimage <directory> Captures a new custom recovery image in the location specified by <directory>, and sets it as the active recovery image. /setcurrent <directory> Sets the active recovery image to the CustomRefresh.wim file in the location specified by <directory>. Windows will use this image when you refresh your PC, even if a recovery image provided by your PC's manufacturer is present. /deregister Deregisters the current custom recovery image. If a recovery image provided by your PC's manufacturer is present, Windows will use that image when you refresh your PC. Otherwise, Windows will use your installation media when you refresh your PC. /showcurrent Displays the path to the directory in which the current active recovery image is stored. /help, /? Displays this help text.
Recovers readable information from a bad or defective disk. RECOVER [drive:][path]filename Consult the online Command Reference in Windows Help before using the RECOVER command.
REG Operation [Parameter List] Operation [ QUERY | ADD | DELETE | COPY | SAVE | LOAD | UNLOAD | RESTORE | COMPARE | EXPORT | IMPORT | FLAGS ] Return Code: (Except for REG COMPARE) 0 - Successful 1 - Failed For help on a specific operation type: REG Operation /? Examples: REG QUERY /? REG ADD /? REG DELETE /? REG COPY /? REG SAVE /? REG RESTORE /? REG LOAD /? REG UNLOAD /? REG COMPARE /? REG EXPORT /? REG IMPORT /? REG FLAGS /?
usage: REGINI [-m \\machinename | -h hivefile hiveroot] [-i n] [-o outputWidth] [-b] textFiles... where: -m specifies a remote Windows NT machine whose registry is to be manipulated. -h specifies a specify local hive to manipulate. -i n specifies the display indentation multiple. Default is 4 -o outputWidth specifies how wide the output is to be. By default the outputWidth is set to the width of the console window if standard output has not been redirected to a file. In the latter case, an outputWidth of 240 is used. -b specifies that REGINI should be backward compatible with older versions of REGINI that did not strictly enforce line continuations and quoted strings Specifically, REG_BINARY, REG_RESOURCE_LIST and REG_RESOURCE_REQUIREMENTS_LIST data types did not need line continuations after the first number that gave the size of the data. It just kept looking on following lines until it found enough data values to equal the data length or hit invalid input. Quoted strings were only allowed in REG_MULTI_SZ. They could not be specified around key or value names, or around values for REG_SZ or REG_EXPAND_SZ Finally, the old REGINI did not support the semicolon as an end of line comment character. textFiles is one or more ANSI or Unicode text files with registry data. Some general rules are: Semicolon character is an end-of-line comment character, provided it is the first non-blank character on a line Backslash character is a line continuation character. All characters from the backslash up to but not including the first non-blank character of the next line are ignored. If there is more than one space before the line continuation character, it is replaced by a single space. Indentation is used to indicate the tree structure of registry keys The REGDMP program uses indentation in multiples of 4. You may use hard tab characters for indentation, but embedded hard tab characters are converted to a single space regardless of their position Values should come before child keys, as they are associated with the previous key at or above the value's indentation level. For key names, leading and trailing space characters are ignored and not included in the key name, unless the key name is surrounded by quotes. Imbedded spaces are part of a key name. Key names can be followed by an Access Control List (ACL) which is a series of decimal numbers, separated by spaces, bracketed by a square brackets (e.g. [8 4 17]). The valid numbers and their meanings are: 1 - Administrators Full Access 2 - Administrators Read Access 3 - Administrators Read and Write Access 4 - Administrators Read, Write and Delete Access 5 - Creator Full Access 6 - Creator Read and Write Access 7 - World Full Access 8 - World Read Access 9 - World Read and Write Access 10 - World Read, Write and Delete Access 11 - Power Users Full Access 12 - Power Users Read and Write Access 13 - Power Users Read, Write and Delete Access 14 - System Operators Full Access 15 - System Operators Read and Write Access 16 - System Operators Read, Write and Delete Access 17 - System Full Access 18 - System Read and Write Access 19 - System Read Access 20 - Administrators Read, Write and Execute Access 21 - Interactive User Full Access 22 - Interactive User Read and Write Access 23 - Interactive User Read, Write and Delete Access If there is an equal sign on the same line as a left square bracket then the equal sign takes precedence, and the line is treated as a registry value. If the text between the square brackets is the string DELETE with no spaces, then REGINI will delete the key and any values and keys under it. For registry values, the syntax is: value Name = type data Leading spaces, spaces on either side of the equal sign and spaces between the type keyword and data are ignored, unless the value name is surrounded by quotes. If the text to the right of the equal sign is the string DELETE, then REGINI will delete the value. The value name may be left off or be specified by an at-sign character which is the same thing, namely the empty value name. So the following two lines are identical: = type data @ = type data This syntax means that you can't create a value with leading or trailing spaces, an equal sign or an at-sign in the value name, unless you put the name in quotes. Valid value types and format of data that follows are: REG_SZ text REG_EXPAND_SZ text REG_MULTI_SZ "string1" "str""ing2" ... REG_DATE mm/dd/yyyy HH:MM DayOfWeek REG_DWORD numberDWORD REG_BINARY numberOfBytes numberDWORD(s)... REG_NONE (same format as REG_BINARY) REG_RESOURCE_LIST (same format as REG_BINARY) REG_RESOURCE_REQUIREMENTS (same format as REG_BINARY) REG_RESOURCE_REQUIREMENTS_LIST (same format as REG_BINARY) REG_FULL_RESOURCE_DESCRIPTOR (same format as REG_BINARY) REG_QWORD numberQWORD REG_MULTISZ_FILE fileName REG_BINARYFILE fileName If no value type is specified, default is REG_SZ For REG_SZ and REG_EXPAND_SZ, if you want leading or trailing spaces in the value text, surround the text with quotes. The value text can contain any number of imbedded quotes, and REGINI will ignore them, as it only looks at the first and last character for quote characters. For REG_MULTI_SZ, each component string is surrounded by quotes. If you want an imbedded quote character, then double quote it, as in string2 above. For REG_BINARY, the value data consists of one or more numbers The default base for numbers is decimal. Hexidecimal may be specified by using 0x prefix. The first number is the number of data bytes, excluding the first number. After the first number must come enough numbers to fill the value. Each number represents one DWORD or 4 bytes. So if the first number was 0x5 you would need two more numbers after that to fill the 5 bytes. The high order 3 bytes of the second DWORD would be ignored. Whenever specifying a registry path, either on the command line or in an input file, the following prefix strings can be used: HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_USER USER: Each of these strings can stand alone as the key name or be followed a backslash and a subkey path.
Registers CIM Provider into system Usage: Register-CimProvider.exe -Namespace <NamespaceName> -ProviderName <ProviderName> -Path <ProviderDllPath> [-Impersonation <True or False>] [-Decoupled <SDDL>] [-HostingModel <HostingModel>] [-Localize <locale>] [-NoAutorecover] [-SupportWQL] [-GenerateUnregistration] [-ForceUpdate] [-Verbose] -Namespace <NamespaceName> Specifies the target namespace of the provider. -ProviderName <ProviderName> Specifies the provider name. -Path <ProviderDllPath> Specifies the provider binary path. -Impersonation <True or False> Specifies foldidentity of decoupled provider, by default is True. -Decoupled <SDDL> Registers provider as decoupled and specifies the security descriptor that determines the set of users that can successfully register the provider. -HostingModel <HostingModel> Specifies the HostingModel of coupled provider. -Localize <locale> Localizes the provider with resource of specified locale. -NoAutorecover Doesn't autorecover the provider. -SupportWQL Passes the query expression to the filter. -GenerateUnregistration Generate the uninstall mof for the registration, which is disabled by default. -ForceUpdate Force update the class if it exists in the system. -Verbose Outputs registration log.
Microsoft r Relog.exe (6.3.9600.16384) Relog creates new performance logs from data in existing performance logs by changing the sampling rate and/or converting the file format. Supports all performance log formats, including Windows NT 4.0 compressed logs. Usage: RELOG <filename [filename ...]> [options] Parameters: <filename [filename ...]> Performance file to relog. Options: -? Displays context sensitive help. -a Append output to the existing binary file. -c <path [path ...]> Counters to filter from the input log. -cf <filename> File listing performance counters to filter from the input log. Default is all counters in the original log file. -f <CSV|TSV|BIN|SQL> Output file format. -t <value> Only write every nth record into the output file. Default is to write every record. -o Output file path or SQL database. -b <dd-MM-yyyy HH:mm:ss[AM|PM]> Begin time for the first record to write into the output file. -e <dd-MM-yyyy HH:mm:ss[AM|PM]> End time for the last record to write into the output file. -config <filename> Settings file containing command options. -q List performance counters in the input file. -y Answer yes to all questions without prompting. Examples: relog logfile.csv -c "\Processor(_Total)\% Processor Time" -o logfile.blg relog logfile.blg -cf counters.txt -f bin relog logfile.blg -f csv -o logfile.csv -t 2 relog logfile.blg -q -o counters.txt
Records comments (remarks) in a batch file or CONFIG.SYS. REM [comment]
Renames a file or files. RENAME [drive:][path]filename1 filename2. REN [drive:][path]filename1 filename2. Note that you cannot specify a new drive or path for your destination file.
Renames a file or files. RENAME [drive:][path]filename1 filename2. REN [drive:][path]filename1 filename2. Note that you cannot specify a new drive or path for your destination file.
BitLocker Drive Encryption: Repair Tool version 6.3.9600 Copyright (C) 2013 Microsoft Corporation. All rights reserved. Usage: repair-bde[.exe] InputVolume { OutputVolumeOrImage } { {-RecoveryPassword|-rp} NumericalPassword | {-RecoveryKey|-rk} PathToExternalKeyFile | {-Password|-pw} } [{-KeyPackage|-kp} PathToKeyPackage] [{-LogFile|-lf} PathToLogFile] [{-?|/?}] Description: Attempts to repair or decrypt a damaged BitLocker-encrypted volume using the supplied recovery information. If BitLocker was in the process of encryption or decryption or had been suspended prior to volume failure a clear key will be present on the volume. Repair-bde attempts to use this clear key by default if another key is not specified. WARNING! To avoid additional data loss, you should have a spare hard drive available. Use this spare drive to store decrypted output or to back up the contents of the damaged volume. Parameters: InputVolume The BitLocker-encrypted volume to repair. Example: "C:", "\\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}". OutputVolumeOrImage The volume to store decrypted contents, or the file location to create an image file of the contents. Examples: "D:", "D:\imagefile.img". WARNING! All information on this output volume will be overwritten. -rk or -RecoveryKey Provide an external key to unlock the volume. Example: "F:\RecoveryKey.bek". -rp or -RecoveryPassword Provide a numerical password to unlock the volume. Example: "111111-222222-333333-...". -pw or -Password Provide a password to unlock the volume. -kp or -KeyPackage Optional. Provide a key package to unlock the volume. Example: "F:\ExportedKeyPackage" If this option is blank, the tool will look for the key package automatically. This option is needed only if required by the tool. -lf or -LogFile Optional. Provide a path to a file that will store progress information. Example: "F:\log.txt". -f or -Force Optional. When used, forces a volume to be dismounted even if it cannot be locked. This option is needed only if required by the tool. -? or /? Shows this screen. Examples: repair-bde C: D: -rk F:\RecoveryKey.bek -Force repair-bde C: D: -rp 111111-222222-[...] -lf F:\log.txt repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[...] repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek repair-bde C: D: -pw
Replaces files. REPLACE [drive1:][path1]filename [drive2:][path2] [/A] [/P] [/R] [/W] REPLACE [drive1:][path1]filename [drive2:][path2] [/P] [/R] [/S] [/W] [/U] [drive1:][path1]filename Specifies the source file or files. [drive2:][path2] Specifies the directory where files are to be replaced. /A Adds new files to destination directory. Cannot use with /S or /U switches. /P Prompts for confirmation before replacing a file or adding a source file. /R Replaces read-only files as well as unprotected files. /S Replaces files in all subdirectories of the destination directory. Cannot use with the /A switch. /W Waits for you to insert a disk before beginning. /U Replaces (updates) only files that are older than source files. Cannot use with the /A switch.
Removes (deletes) a directory. RMDIR [/S] [/Q] [drive:]path RD [/S] [/Q] [drive:]path /S Removes all directories and files in the specified directory in addition to the directory itself. Used to remove a directory tree. /Q Quiet mode, do not ask if ok to remove a directory tree with /S
------------------------------------------------------------------------------- ROBOCOPY :: Robust File Copy for Windows ------------------------------------------------------------------------------- Started : Sunday, 24 November, 2013 14:34:38 Usage :: ROBOCOPY source destination [file [file]...] [options] source :: Source Directory (drive:\path or \\server\share\path). destination :: Destination Dir (drive:\path or \\server\share\path). file :: File(s) to copy (names/wildcards: default is "*.*"). :: :: Copy options : :: /S :: copy Subdirectories, but not empty ones. /E :: copy subdirectories, including Empty ones. /LEV:n :: only copy the top n LEVels of the source directory tree. /Z :: copy files in restartable mode. /B :: copy files in Backup mode. /ZB :: use restartable mode; if access denied use Backup mode. /J :: copy using unbuffered I/O (recommended for large files). /EFSRAW :: copy all encrypted files in EFS RAW mode. /COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT). (copyflags : D=Data, A=Attributes, T=Timestamps). (S=Security=NTFS ACLs, O=Owner info, U=aUditing info). /SEC :: copy files with SECurity (equivalent to /COPY:DATS). /COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU). /NOCOPY :: COPY NO file info (useful with /PURGE). /SECFIX :: FIX file SECurity on all files, even skipped files. /TIMFIX :: FIX file TIMes on all files, even skipped files. /PURGE :: delete dest files/dirs that no longer exist in source. /MIR :: MIRror a directory tree (equivalent to /E plus /PURGE). /MOV :: MOVe files (delete from source after copying). /MOVE :: MOVE files AND dirs (delete from source after copying). /A+:[RASHCNET] :: add the given Attributes to copied files. /A-:[RASHCNET] :: remove the given Attributes from copied files. /CREATE :: CREATE directory tree and zero-length files only. /FAT :: create destination files using 8.3 FAT file names only. /256 :: turn off very long path (> 256 characters) support. /MON:n :: MONitor source; run again when more than n changes seen. /MOT:m :: MOnitor source; run again in m minutes Time, if changed. /RH:hhmm-hhmm :: Run Hours - times when new copies may be started. /PF :: check run hours on a Per File (not per pass) basis. /IPG:n :: Inter-Packet Gap (ms), to free bandwidth on slow lines. /SL :: copy symbolic links versus the target. /MT[:n] :: Do multi-threaded copies with n threads (default 8). n must be at least 1 and not greater than 128. This option is incompatible with the /IPG and /EFSRAW options. Redirect output using /LOG option for better performance. /DCOPY:copyflag[s] :: what to COPY for directories (default is /DCOPY:DA). (copyflags : D=Data, A=Attributes, T=Timestamps). /NODCOPY :: COPY NO directory info (by default /DCOPY:DA is done). /NOOFFLOAD :: copy files without using the Windows Copy Offload mechanism. :: :: File Selection Options : :: /A :: copy only files with the Archive attribute set. /M :: copy only files with the Archive attribute and reset it. /IA:[RASHCNETO] :: Include only files with any of the given Attributes set. /XA:[RASHCNETO] :: eXclude files with any of the given Attributes set. /XF file [file]... :: eXclude Files matching given names/paths/wildcards. /XD dirs [dirs]... :: eXclude Directories matching given names/paths. /XC :: eXclude Changed files. /XN :: eXclude Newer files. /XO :: eXclude Older files. /XX :: eXclude eXtra files and directories. /XL :: eXclude Lonely files and directories. /IS :: Include Same files. /IT :: Include Tweaked files. /MAX:n :: MAXimum file size - exclude files bigger than n bytes. /MIN:n :: MINimum file size - exclude files smaller than n bytes. /MAXAGE:n :: MAXimum file AGE - exclude files older than n days/date. /MINAGE:n :: MINimum file AGE - exclude files newer than n days/date. /MAXLAD:n :: MAXimum Last Access Date - exclude files unused since n. /MINLAD:n :: MINimum Last Access Date - exclude files used since n. (If n < 1900 then n = n days, else n = YYYYMMDD date). /XJ :: eXclude Junction points. (normally included by default). /FFT :: assume FAT File Times (2-second granularity). /DST :: compensate for one-hour DST time differences. /XJD :: eXclude Junction points for Directories. /XJF :: eXclude Junction points for Files. :: :: Retry Options : :: /R:n :: number of Retries on failed copies: default 1 million. /W:n :: Wait time between retries: default is 30 seconds. /REG :: Save /R:n and /W:n in the Registry as default settings. /TBD :: wait for sharenames To Be Defined (retry error 67). :: :: Logging Options : :: /L :: List only - don't copy, timestamp or delete any files. /X :: report all eXtra files, not just those selected. /V :: produce Verbose output, showing skipped files. /TS :: include source file Time Stamps in the output. /FP :: include Full Pathname of files in the output. /BYTES :: Print sizes as bytes. /NS :: No Size - don't log file sizes. /NC :: No Class - don't log file classes. /NFL :: No File List - don't log file names. /NDL :: No Directory List - don't log directory names. /NP :: No Progress - don't display percentage copied. /ETA :: show Estimated Time of Arrival of copied files. /LOG:file :: output status to LOG file (overwrite existing log). /LOG+:file :: output status to LOG file (append to existing log). /UNILOG:file :: output status to LOG file as UNICODE (overwrite existing log). /UNILOG+:file :: output status to LOG file as UNICODE (append to existing log). /TEE :: output to console window, as well as the log file. /NJH :: No Job Header. /NJS :: No Job Summary. /UNICODE :: output status as UNICODE. :: :: Job Options : :: /JOB:jobname :: take parameters from the named JOB file. /SAVE:jobname :: SAVE parameters to the named job file /QUIT :: QUIT after processing command line (to view parameters). /NOSD :: NO Source Directory is specified. /NODD :: NO Destination Directory is specified. /IF :: Include the following Files. :: :: Remarks : :: Using /PURGE or /MIR on the root directory of the volume will cause robocopy to apply the requested operation on files inside the System Volume Information directory as well. If this is not intended then the /XD switch may be used to instruct robocopy to skip that directory.
Manipulates network routing tables. ROUTE [-f] [-p] [-4|-6] command [destination] [MASK netmask] [gateway] [METRIC metric] [IF interface] -f Clears the routing tables of all gateway entries. If this is used in conjunction with one of the commands, the tables are cleared prior to running the command. -p When used with the ADD command, makes a route persistent across boots of the system. By default, routes are not preserved when the system is restarted. Ignored for all other commands, which always affect the appropriate persistent routes. -4 Force using IPv4. -6 Force using IPv6. command One of these: PRINT Prints a route ADD Adds a route DELETE Deletes a route CHANGE Modifies an existing route destination Specifies the host. MASK Specifies that the next parameter is the 'netmask' value. netmask Specifies a subnet mask value for this route entry. If not specified, it defaults to 255.255.255.255. gateway Specifies gateway. interface the interface number for the specified route. METRIC specifies the metric, ie. cost for the destination. All symbolic names used for destination are looked up in the network database file NETWORKS. The symbolic names for gateway are looked up in the host name database file HOSTS. If the command is PRINT or DELETE. Destination or gateway can be a wildcard, (wildcard is specified as a star '*'), or the gateway argument may be omitted. If Dest contains a * or ?, it is treated as a shell pattern, and only matching destination routes are printed. The '*' matches any string, and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*. Pattern match is only allowed in PRINT command. Diagnostic Notes: Invalid MASK generates an error, that is when (DEST & MASK) != DEST. Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1 The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination. Examples: > route PRINT > route PRINT -4 > route PRINT -6 > route PRINT 157* .... Only prints those matching 157* > route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2 destinationˆ ˆmask ˆgateway metricˆ ˆ Interfaceˆ If IF is not given, it tries to find the best interface for a given gateway. > route ADD 3ffe::/32 3ffe::1 > route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2 CHANGE is used to modify gateway and/or metric only. > route DELETE 157.0.0.0 > route DELETE 3ffe::/32
Usage: rpcping [-t <protseq>] [-s <server_addr>] [-e <endpoint> |-f <interface UUID>[,MajorVer]] [-O <Interface Object UUID] [-i <#_iterations>] [-u <security_package_id>] [-a <authn_level>] [-N <server_princ_name>] [-I <auth_identity>] [-C <capabilities>] [-T <identity_tracking>] [-M <impersonation_type>] [-S <server_sid>] [-P <proxy_auth_identity>] [-F <RPCHTTP_flags>] [-H <RPC/HTTP_authn_schemes>] [-o <binding_options>] [-B <server_certificate_subject>] [-b] [-E] [-q] [-c] [-A <http_proxy_auth_identity>] [-U <HTTP_proxy_authn_schemes>] [-r <report_results_interval>] [-v <verbose_level>] Pings a server using RPC. Options are: -t <protseq> - protocol sequence to use. Can be one of the standard RPC protocol sequences - ncacn_ip_tcp, ncacn_np, ncacn_http, etc. If not specified, default is ncacn_ip_tcp. -s <server_addr> - the server address. If not specified, the local machine will be pinged. E.g. server, server.com, 157.59.244.141 -e <endpoint> - the endpoint to ping. If none is specified, the endpoint mapper on the target machine will be pinged. This option is mutually exclusive with the interface (-f) option. -o <binding_options> - the binding options for the RPC ping. See the MSDN for more details (RpcStringBindingCompose and RPC over HTTP). -f <interface UUID>[,MajorVer] - the interface to ping. This option is mutually exclusive with the endpoint option. The interface is specified as a UUID. If the MajorVer is not specified, version 1 of the interface will be sought. When interface is specified, rpcping will query the endpoint mapper on the target machine to retrieve the endpoint for the specified interface. The endpoint mapper will be queried using the options specified in the command line. -O <Object UUID> - Object Uuid if the interface registerd one. -i <#_iterations> - number of calls to make. The default is 1. This option is useful for measuring connection latency if multiple iterations are specified. -u <security_package_id> - the security package (security provider) RPC will use to make the call. The security package is identified as a number or a name. If a number is used it is the same number as in the RpcBindingSetAuthInfoEx API. The table below gives the names and numbers. Names are not case sensitive: Negotiate - 9 or one of nego, snego or negotiate NTLM - 10 or NTLM SChannel - 14 or SChannel Kerberos - 16 or Kerberos Kernel - 20 or Kernel If you specify this option you must specify authentication level other than none. There is no default for this option. If it is not specified, RPC will not use security for the ping. -a <authn_level> - the authentication level to use. Possible values are connect, call, pkt, integrity and privacy. If this option is specified, the security package id (-u) must also be specified. There is no default for this option. If this option is not specified, RPC will not use security for the ping. -N <server_princ_name> - specifies a server principal name. Same semantics as the ServerPrincName argument to RpcBindingSetAuthInfoEx. See the MSDN for more information on RpcBidningSetAuthInfoEx. This field can be used only when authentication level and security package are selected. -I <auth_identity> - allows you to specify alternative identity to connect to the server. The identity is in the form user,domain,password where the three fields have the obvious meaning. If the user name, domain or password have special characters that can be interpreted by the shell be sure to enclose the identity in double quotes. You can specify * instead of the password and RPC will prompt you to enter the password without echoing it on the screen. If this field is not specified, the identity of the logged on user will be used. This field can be used only when authentication level and security package are selected. -C <capabilities> - a hex bitmask of flags. It has the same meaning as the Capabilities field in the RPC_SECURITY_QOS structure described in the MSDN. This field can be used only when authentication level and security package are selected. -T <identity_tracking> - can be static or dynamic. If not specified, dynamic is the default. This field can be used only when authentication level and security package are selected. -M <impersonation_type> - can be anonymous, identify, impersonate or delegate. Default is impersonate. This field can be used only when authentication level and security package are selected. -S <server_sid> - the expected SID of the server. For more information see the Sid field in the RPC_SECURITY_QOS structure in the MSDN. Using this option requires Windows .NET Server 2003 or higher. This field can be used only when authentication level and security package are selected. -P <proxy_auth_identity> - specifies the identity to authenticate with to the RPC/HTTP proxy. Has the same format as for the -I option. Also, you must specify security package (-u), authentication level (-a), and authentication schemes (-H) in order to use this option. -F <RPCHTTP_flags> - the flags to pass for RPC/HTTP front end authentication. The flags may be specified as numbers or names The currently recognized flags are: Use SSL - 1 or ssl or use_ssl Use first auth scheme - 2 or first or use_first See the Flags field in RPC_HTTP_TRANSPORT_CREDENTIALS for more information. Also, you must specify security package (-u) and authentication level (-a) in order to use this option. -H <RPC/HTTP_authn_schemes> - the authentication schemes to use for RPC/HTTP front end authentication. This option is a list of numerical values or names separated by comma. E.g. Basic,NTLM. Recognized values are (names are not case sensitive: Basic - 1 or Basic NTLM - 2 or NTLM Certificate - 65536 or Cert Also, you must specify security package (-u) and authentication level (-a) in order to use this option. -B <server_certificate_subject> - the server certificate subject. For more information, see the ServerCertificateSubject field in the RPC_HTTP_TRANSPORT_CREDENTIALS structure in the MSDN. You must use SSL for this option to work. Also, you must specify security package (-u) and authentication level (-a) in order to use this option. -b - retrieves the server certificate subject from the certificate sent by the server and prints it to a screen or a log file. Valid only when the Proxy Echo only option (-E) and the use SSL options are specified. Also, you must specify security package (-u) and authentication level (-a) in order to use this option. -R - specifies the HTTP proxy. if it's 'none', we will not use HTTP proxy but directly attempt the RPC proxy. the value 'default' means to use the IE settings in your client machine. any other value will be treated as the explicit HTTP proxy. if you don't specify this flag, the default value is assumed, that is, the IE settings are checked. this flag is valid only when the -E (Echo Only) flag is enabled. -E - restricts the ping to the RPC/HTTP proxy only. The ping does not reach the server. Useful when trying to establish whether the RPC/HTTP proxy is reachable. Also, you must specify security package (-u) and authentication level (-a) in order to use this option. To specify an HTTP proxy, use the -R flag. If an HTTP proxy is specified in the -o flag, this option will be ignored. -q - quiet mode. Does not issue any prompts except for passwords. Assumes 'Y' response to all queries. Use this option with care. -c - use smart card certificate. RPCPing will prompt user to choose smart card. -A <http_proxy_auth_identity> - specifies the identity to authenticate with to the HTTP proxy. Has the same format as for the -I option. Also, you must specify authentication schemes (-U), security package (-u) and authentication level (-a) in order to use this option. -U <HTTP_proxy_authn_schemes> - the authentication schemes to use for HTTP proxy authentication. This option is a list of numerical values or names separated by comma. E.g. Basic,NTLM. Recognized values are (names are not case sensitive: Basic - 1 or Basic NTLM - 2 or NTLM You must specify security package (-u) and authentication level (-a) in order to use this option. -r <report_results_interval> - if multiple iterations are specified, this option will make rpcping display current execution statistics periodically instead after the last call. The report interval is given in seconds. Default is 15. -v <verbose_level> - tells rpcping how verbose to make the output. Default value is 1. 2 and 3 provide more output from rpcping. Example: Find out if your Exchange server that you connect through RPC/HTTP is accessible: rpcping -t ncacn_http -s exchange_server -o RpcProxy=front_end_proxy -P "username,domain,*" -H Basic -u NTLM -a connect -F 3 When prompted for the password, enter it. exchange_server is the name of your exchange server, front_end_proxy is the name of your proxy, username and domain are your user name and domain as you would enter them in the Outlook prompt. The other parameters will ask rpcping to ping your Exchange server in exactly the same way as Outlook will connect to it for the typical profile. -p - Prompt for credentials if authentication fails.
ERROR: Unrecognized command DESCRIPTION: SC is a command line program used for communicating with the Service Control Manager and services. USAGE: sc <server> [command] [service name] <option1> <option2>... The option <server> has the form "\\ServerName" Further help on commands can be obtained by typing: "sc [command]" Commands: query-----------Queries the status for a service, or enumerates the status for types of services. queryex---------Queries the extended status for a service, or enumerates the status for types of services. start-----------Starts a service. pause-----------Sends a PAUSE control request to a service. interrogate-----Sends an INTERROGATE control request to a service. continue--------Sends a CONTINUE control request to a service. stop------------Sends a STOP request to a service. config----------Changes the configuration of a service (persistent). description-----Changes the description of a service. failure---------Changes the actions taken by a service upon failure. failureflag-----Changes the failure actions flag of a service. sidtype---------Changes the service SID type of a service. privs-----------Changes the required privileges of a service. managedaccount--Changes the service to mark the service account password as managed by LSA. qc--------------Queries the configuration information for a service. qdescription----Queries the description for a service. qfailure--------Queries the actions taken by a service upon failure. qfailureflag----Queries the failure actions flag of a service. qsidtype--------Queries the service SID type of a service. qprivs----------Queries the required privileges of a service. qtriggerinfo----Queries the trigger parameters of a service. qpreferrednode--Queries the preferred NUMA node of a service. qrunlevel-------Queries the run level of a service. qmanagedaccount-Queries whether a services uses an account with a password managed by LSA. qprotection-----Queries the process protection level of a service. delete----------Deletes a service (from the registry). create----------Creates a service. (adds it to the registry). control---------Sends a control to a service. sdshow----------Displays a service's security descriptor. sdset-----------Sets a service's security descriptor. showsid---------Displays the service SID string corresponding to an arbitrary name. triggerinfo-----Configures the trigger parameters of a service. preferrednode---Sets the preferred NUMA node of a service. runlevel--------Sets the run level of a service. GetDisplayName--Gets the DisplayName for a service. GetKeyName------Gets the ServiceKeyName for a service. EnumDepend------Enumerates Service Dependencies. The following commands don't require a service name: sc <server> <command> <option> boot------------(ok | bad) Indicates whether the last boot should be saved as the last-known-good boot configuration Lock------------Locks the Service Database QueryLock-------Queries the LockStatus for the SCManager Database EXAMPLE: sc start MyService Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:
SCHTASKS /parameter [arguments] Description: Enables an administrator to create, delete, query, change, run and end scheduled tasks on a local or remote system. Parameter List: /Create Creates a new scheduled task. /Delete Deletes the scheduled task(s). /Query Displays all scheduled tasks. /Change Changes the properties of scheduled task. /Run Runs the scheduled task on demand. /End Stops the currently running scheduled task. /ShowSid Shows the security identifier corresponding to a scheduled task name. /? Displays this help message. Examples: SCHTASKS SCHTASKS /? SCHTASKS /Run /? SCHTASKS /End /? SCHTASKS /Create /? SCHTASKS /Delete /? SCHTASKS /Query /? SCHTASKS /Change /? SCHTASKS /ShowSid /?
Usage: SDBINST [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name" -? - print this help text. -p - Allow SDBs containing patches. -q - Quiet mode: prompts are auto-accepted. -u - Uninstall. -g {guid} - GUID of file (uninstall only). -n "name" - Internal name of file (uninstall only).
The syntax of this command is: secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]
Displays, sets, or removes cmd.exe environment variables. SET [variable=[string]] variable Specifies the environment-variable name. string Specifies a series of characters to assign to the variable. Type SET without parameters to display the current environment variables. If Command Extensions are enabled SET changes as follows: SET command invoked with just a variable name, no equal sign or value will display the value of all variables whose prefix matches the name given to the SET command. For example: SET P would display all variables that begin with the letter 'P' SET command will set the ERRORLEVEL to 1 if the variable name is not found in the current environment. SET command will not allow an equal sign to be part of the name of a variable. Two new switches have been added to the SET command: SET /A expression SET /P variable=[promptString] The /A switch specifies that the string to the right of the equal sign is a numerical expression that is evaluated. The expression evaluator is pretty simple and supports the following operations, in decreasing order of precedence: () - grouping ! ~ - - unary operators * / % - arithmetic operators + - - arithmetic operators << >> - logical shift & - bitwise and ˆ - bitwise exclusive or | - bitwise or = *= /= %= += -= - assignment &= ˆ= |= <<= >>= , - expression separator If you use any of the logical or modulus operators, you will need to enclose the expression string in quotes. Any non-numeric strings in the expression are treated as environment variable names whose values are converted to numbers before using them. If an environment variable name is specified but is not defined in the current environment, then a value of zero is used. This allows you to do arithmetic with environment variable values without having to type all those % signs to get their values. If SET /A is executed from the command line outside of a command script, then it displays the final value of the expression. The assignment operator requires an environment variable name to the left of the assignment operator. Numeric values are decimal numbers, unless prefixed by 0x for hexadecimal numbers, and 0 for octal numbers. So 0x12 is the same as 18 is the same as 022. Please note that the octal notation can be confusing: 08 and 09 are not valid numbers because 8 and 9 are not valid octal digits. The /P switch allows you to set the value of a variable to a line of input entered by the user. Displays the specified promptString before reading the line of input. The promptString can be empty. Environment variable substitution has been enhanced as follows: %PATH:str1=str2% would expand the PATH environment variable, substituting each occurrence of "str1" in the expanded result with "str2". "str2" can be the empty string to effectively delete all occurrences of "str1" from the expanded output. "str1" can begin with an asterisk, in which case it will match everything from the beginning of the expanded output to the first occurrence of the remaining portion of str1. May also specify substrings for an expansion. %PATH:~10,5% would expand the PATH environment variable, and then use only the 5 characters that begin at the 11th (offset 10) character of the expanded result. If the length is not specified, then it defaults to the remainder of the variable value. If either number (offset or length) is negative, then the number used is the length of the environment variable value added to the offset or length specified. %PATH:~-10% would extract the last 10 characters of the PATH variable. %PATH:~0,-2% would extract all but the last 2 characters of the PATH variable. Finally, support for delayed environment variable expansion has been added. This support is always disabled by default, but may be enabled/disabled via the /V command line switch to CMD.EXE. See CMD /? Delayed environment variable expansion is useful for getting around the limitations of the current expansion which happens when a line of text is read, not when it is executed. The following example demonstrates the problem with immediate variable expansion: set VAR=before if "%VAR%" == "before" ( set VAR=after if "%VAR%" == "after" @echo If you see this, it worked ) would never display the message, since the %VAR% in BOTH IF statements is substituted when the first IF statement is read, since it logically includes the body of the IF, which is a compound statement. So the IF inside the compound statement is really comparing "before" with "after" which will never be equal. Similarly, the following example will not work as expected: set LIST= for %i in (*) do set LIST=%LIST% %i echo %LIST% in that it will NOT build up a list of files in the current directory, but instead will just set the LIST variable to the last file found. Again, this is because the %LIST% is expanded just once when the FOR statement is read, and at that time the LIST variable is empty. So the actual FOR loop we are executing is: for %i in (*) do set LIST= %i which just keeps setting LIST to the last file found. Delayed environment variable expansion allows you to use a different character (the exclamation mark) to expand environment variables at execution time. If delayed variable expansion is enabled, the above examples could be written as follows to work as intended: set VAR=before if "%VAR%" == "before" ( set VAR=after if "!VAR!" == "after" @echo If you see this, it worked ) set LIST= for %i in (*) do set LIST=!LIST! %i echo %LIST% If Command Extensions are enabled, then there are several dynamic environment variables that can be expanded but which don't show up in the list of variables displayed by SET. These variable values are computed dynamically each time the value of the variable is expanded. If the user explicitly defines a variable with one of these names, then that definition will override the dynamic one described below: %CD% - expands to the current directory string. %DATE% - expands to current date using same format as DATE command. %TIME% - expands to current time using same format as TIME command. %RANDOM% - expands to a random decimal number between 0 and 32767. %ERRORLEVEL% - expands to the current ERRORLEVEL value %CMDEXTVERSION% - expands to the current Command Processor Extensions version number. %CMDCMDLINE% - expands to the original command line that invoked the Command Processor. %HIGHESTNUMANODENUMBER% - expands to the highest NUMA node number on this machine.
Begins localization of environment changes in a batch file. Environment changes made after SETLOCAL has been issued are local to the batch file. ENDLOCAL must be issued to restore the previous settings. When the end of a batch script is reached, an implied ENDLOCAL is executed for any outstanding SETLOCAL commands issued by that batch script. SETLOCAL If Command Extensions are enabled SETLOCAL changes as follows: SETLOCAL batch command now accepts optional arguments: ENABLEEXTENSIONS / DISABLEEXTENSIONS enable or disable command processor extensions. These arguments takes precedence over the CMD /E:ON or /E:OFF switches. See CMD /? for details. ENABLEDELAYEDEXPANSION / DISABLEDELAYEDEXPANSION enable or disable delayed environment variable expansion. These arguments takes precedence over the CMD /V:ON or /V:OFF switches. See CMD /? for details. These modifications last until the matching ENDLOCAL command, regardless of their setting prior to the SETLOCAL command. The SETLOCAL command will set the ERRORLEVEL value if given an argument. It will be zero if one of the two valid arguments is given and one otherwise. You can use this in batch scripts to determine if the extensions are available, using the following technique: VERIFY OTHER 2>nul SETLOCAL ENABLEEXTENSIONS IF ERRORLEVEL 1 echo Unable to enable extensions This works because on old versions of CMD.EXE, SETLOCAL does NOT set the ERRORLEVEL value. The VERIFY command with a bad argument initializes the ERRORLEVEL value to a non-zero value.
Sets the version number that MS-DOS reports to a program. Display current version table: SETVER [drive:path] Add entry: SETVER [drive:path] filename n.nn Delete entry: SETVER [drive:path] filename /DELETE [/QUIET] [drive:path] Specifies location of the SETVER.EXE file. filename Specifies the filename of the program. n.nn Specifies the MS-DOS version to be reported to the program. /DELETE or /D Deletes the version-table entry for the specified program. /QUIET Hides the message typically displayed during deletion of version-table entry.
SetX has three ways of working: Syntax 1: SETX [/S system [/U [domain\]user [/P [password]]]] var value [/M] Syntax 2: SETX [/S system [/U [domain\]user [/P [password]]]] var /K regpath [/M] Syntax 3: SETX [/S system [/U [domain\]user [/P [password]]]] /F file {var {/A x,y | /R x,y string}[/M] | /X} [/D delimiters] Description: Creates or modifies environment variables in the user or system environment. Can set variables based on arguments, regkeys or file input. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. var Specifies the environment variable to set. value Specifies a value to be assigned to the environment variable. /K regpath Specifies that the variable is set based on information from a registry key. Path should be specified in the format of hive\key\...\value. For example, HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\TimeZoneInformation\StandardName. /F file Specifies the filename of the text file to use. /A x,y Specifies absolute file coordinates (line X, item Y) as parameters to search within the file. /R x,y string Specifies relative file coordinates with respect to "string" as the search parameters. /M Specifies that the variable should be set in the system wide (HKEY_LOCAL_MACHINE) environment. The default is to set the variable under the HKEY_CURRENT_USER environment. /X Displays file contents with x,y coordinates. /D delimiters Specifies additional delimiters such as "," or "\". The built-in delimiters are space, tab, carriage return, and linefeed. Any ASCII character can be used as an additional delimiter. The maximum number of delimiters, including the built-in delimiters, is 15. /? Displays this help message. NOTE: 1) SETX writes variables to the master environment in the registry. 2) On a local system, variables created or modified by this tool will be available in future command windows but not in the current CMD.exe command window. 3) On a remote system, variables created or modified by this tool will be available at the next logon session. 4) The valid Registry Key data types are REG_DWORD, REG_EXPAND_SZ, REG_SZ, REG_MULTI_SZ. 5) Supported hives: HKEY_LOCAL_MACHINE (HKLM), HKEY_CURRENT_USER (HKCU). 6) Delimiters are case sensitive. 7) REG_DWORD values are extracted from the registry in decimal format. Examples: SETX MACHINE COMPAQ SETX MACHINE "COMPAQ COMPUTER" /M SETX MYPATH "%PATH%" SETX MYPATH ~PATH~ SETX /S system /U user /P password MACHINE COMPAQ SETX /S system /U user /P password MYPATH ˆ%PATHˆ% SETX TZONE /K HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\TimeZoneInformation\StandardName SETX BUILD /K "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber" /M SETX /S system /U user /P password TZONE /K HKEY_LOCAL_MACHINE\ System\CurrentControlSet\Control\TimeZoneInformation\ StandardName SETX /S system /U user /P password BUILD /K "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\ CurrentVersion\CurrentBuildNumber" /M SETX /F ipconfig.out /X SETX IPADDR /F ipconfig.out /A 5,11 SETX OCTET1 /F ipconfig.out /A 5,3 /D "#$*." SETX IPGATEWAY /F ipconfig.out /R 0,7 Gateway SETX /S system /U user /P password /F c:\ipconfig.out /X
Microsoft (R) Windows (R) Resource Checker Version 6.0 Copyright (C) Microsoft Corporation. All rights reserved. Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions. SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>] [/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>] /SCANNOW Scans integrity of all protected system files and repairs files with problems when possible. /VERIFYONLY Scans integrity of all protected system files. No repair operation is performed. /SCANFILE Scans integrity of the referenced file, repairs file if problems are identified. Specify full path <file> /VERIFYFILE Verifies the integrity of the file with full path <file>. No repair operation is performed. /OFFBOOTDIR For offline repair specify the location of the offline boot directory /OFFWINDIR For offline repair specify the location of the offline windows directory e.g. sfc /SCANNOW sfc /VERIFYFILE=c:\windows\system32\kernel32.dll sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows sfc /VERIFYONLY
Changes the position of replaceable parameters in a batch file. SHIFT [/n] If Command Extensions are enabled the SHIFT command supports the /n switch which tells the command to start shifting at the nth argument, where n may be between zero and eight. For example: SHIFT /2 would shift %3 to %2, %4 to %3, etc. and leave %0 and %1 unaffected.
Usage: SHUTDOWN [/i | /l | /s | /r | /g | /a | /p | /h | /e | /o] [/hybrid] [/f] [/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]] No args Display help. This is the same as typing /?. /? Display help. This is the same as not typing any options. /i Display the graphical user interface (GUI). This must be the first option. /l Log off. This cannot be used with /m or /d options. /s Shutdown the computer. /r Full shutdown and restart the computer. /g Full shutdown and restart the computer. After the system is rebooted, restart any registered applications. /a Abort a system shutdown. This can only be used during the time-out period. /p Turn off the local computer with no time-out or warning. Can be used with /d and /f options. /h Hibernate the local computer. Can be used with the /f option. /hybrid Performs a shutdown of the computer and prepares it for fast startup. Must be used with /s option. /e Document the reason for an unexpected shutdown of a computer. /o Go to the advanced boot options menu and restart the computer. Must be used with /r option. /m \\computer Specify the target computer. /t xxx Set the time-out period before shutdown to xxx seconds. The valid range is 0-315360000 (10 years), with a default of 30. If the timeout period is greater than 0, the /f parameter is implied. /c "comment" Comment on the reason for the restart or shutdown. Maximum of 512 characters allowed. /f Force running applications to close without forewarning users. The /f parameter is implied when a value greater than 0 is specified for the /t parameter. /d [p|u:]xx:yy Provide the reason for the restart or shutdown. p indicates that the restart or shutdown is planned. u indicates that the reason is user defined. If neither p nor u is specified the restart or shutdown is unplanned. xx is the major reason number (positive integer less than 256). yy is the minor reason number (positive integer less than 65536). Reasons on this computer: (E = Expected U = Unexpected P = planned, C = customer defined) Type Major Minor Title U 0 0 Other (Unplanned) E 0 0 Other (Unplanned) E P 0 0 Other (Planned) U 0 5 Other Failure: System Unresponsive E 1 1 Hardware: Maintenance (Unplanned) E P 1 1 Hardware: Maintenance (Planned) E 1 2 Hardware: Installation (Unplanned) E P 1 2 Hardware: Installation (Planned) E 2 2 Operating System: Recovery (Unplanned) E P 2 2 Operating System: Recovery (Planned) P 2 3 Operating System: Upgrade (Planned) E 2 4 Operating System: Reconfiguration (Unplanned) E P 2 4 Operating System: Reconfiguration (Planned) P 2 16 Operating System: Service pack (Planned) 2 17 Operating System: Hot fix (Unplanned) P 2 17 Operating System: Hot fix (Planned) 2 18 Operating System: Security fix (Unplanned) P 2 18 Operating System: Security fix (Planned) E 4 1 Application: Maintenance (Unplanned) E P 4 1 Application: Maintenance (Planned) E P 4 2 Application: Installation (Planned) E 4 5 Application: Unresponsive E 4 6 Application: Unstable U 5 15 System Failure: Stop error U 5 19 Security issue (Unplanned) E 5 19 Security issue (Unplanned) E P 5 19 Security issue (Planned) E 5 20 Loss of network connectivity (Unplanned) U 6 11 Power Failure: Cord Unplugged U 6 12 Power Failure: Environment P 7 0 Legacy API shutdown
SORT [/R] [/+n] [/M kilobytes] [/L locale] [/REC recordbytes] [[drive1:][path1]filename1] [/T [drive2:][path2]] [/O [drive3:][path3]filename3] /+n Specifies the character number, n, to begin each comparison. /+3 indicates that each comparison should begin at the 3rd character in each line. Lines with fewer than n characters collate before other lines. By default comparisons start at the first character in each line. /L[OCALE] locale Overrides the system default locale with the specified one. The ""C"" locale yields the fastest collating sequence and is currently the only alternative. The sort is always case insensitive. /M[EMORY] kilobytes Specifies amount of main memory to use for the sort, in kilobytes. The memory size is always constrained to be a minimum of 160 kilobytes. If the memory size is specified the exact amount will be used for the sort, regardless of how much main memory is available. The best performance is usually achieved by not specifying a memory size. By default the sort will be done with one pass (no temporary file) if it fits in the default maximum memory size, otherwise the sort will be done in two passes (with the partially sorted data being stored in a temporary file) such that the amounts of memory used for both the sort and merge passes are equal. The default maximum memory size is 90% of available main memory if both the input and output are files, and 45% of main memory otherwise. /REC[ORD_MAXIMUM] characters Specifies the maximum number of characters in a record (default 4096, maximum 65535). /R[EVERSE] Reverses the sort order; that is, sorts Z to A, then 9 to 0. [drive1:][path1]filename1 Specifies the file to be sorted. If not specified, the standard input is sorted. Specifying the input file is faster than redirecting the same file as standard input. /T[EMPORARY] [drive2:][path2] Specifies the path of the directory to hold the sort's working storage, in case the data does not fit in main memory. The default is to use the system temporary directory. /O[UTPUT] [drive3:][path3]filename3 Specifies the file where the sorted input is to be stored. If not specified, the data is written to the standard output. Specifying the output file is faster than redirecting standard output to the same file.
Starts a separate window to run a specified program or command. START ["title"] [/D path] [/I] [/MIN] [/MAX] [/SEPARATE | /SHARED] [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL] [/NODE <NUMA node>] [/AFFINITY <hex affinity mask>] [/WAIT] [/B] [command/program] [parameters] "title" Title to display in window title bar. path Starting directory. B Start application without creating a new window. The application has ˆC handling ignored. Unless the application enables ˆC processing, ˆBreak is the only way to interrupt the application. I The new environment will be the original environment passed to the cmd.exe and not the current environment. MIN Start window minimized. MAX Start window maximized. SEPARATE Start 16-bit Windows program in separate memory space. SHARED Start 16-bit Windows program in shared memory space. LOW Start application in the IDLE priority class. NORMAL Start application in the NORMAL priority class. HIGH Start application in the HIGH priority class. REALTIME Start application in the REALTIME priority class. ABOVENORMAL Start application in the ABOVENORMAL priority class. BELOWNORMAL Start application in the BELOWNORMAL priority class. NODE Specifies the preferred Non-Uniform Memory Architecture (NUMA) node as a decimal integer. AFFINITY Specifies the processor affinity mask as a hexadecimal number. The process is restricted to running on these processors. The affinity mask is interpreted differently when /AFFINITY and /NODE are combined. Specify the affinity mask as if the NUMA node's processor mask is right shifted to begin at bit zero. The process is restricted to running on those processors in common between the specified affinity mask and the NUMA node. If no processors are in common, the process is restricted to running on the specified NUMA node. WAIT Start application and wait for it to terminate. command/program If it is an internal cmd command or a batch file then the command processor is run with the /K switch to cmd.exe. This means that the window will remain after the command has been run. If it is not an internal cmd command or batch file then it is a program and will run as either a windowed application or a console application. parameters These are the parameters passed to the command/program. NOTE: The SEPARATE and SHARED options are not supported on 64-bit platforms. Specifying /NODE allows processes to be created in a way that leverages memory locality on NUMA systems. For example, two processes that communicate with each other heavily through shared memory can be created to share the same preferred NUMA node in order to minimize memory latencies. They allocate memory from the same NUMA node when possible, and they are free to run on processors outside the specified node. start /NODE 1 application1.exe start /NODE 1 application2.exe These two processes can be further constrained to run on specific processors within the same NUMA node. In the following example, application1 runs on the low-order two processors of the node, while application2 runs on the next two processors of the node. This example assumes the specified node has at least four logical processors. Note that the node number can be changed to any valid node number for that computer without having to change the affinity mask. start /NODE 1 /AFFINITY 0x3 application1.exe start /NODE 1 /AFFINITY 0xc application2.exe If Command Extensions are enabled, external command invocation through the command line or the START command changes as follows: non-executable files may be invoked through their file association just by typing the name of the file as a command. (e.g. WORD.DOC would launch the application associated with the .DOC file extension). See the ASSOC and FTYPE commands for how to create these associations from within a command script. When executing an application that is a 32-bit GUI application, CMD.EXE does not wait for the application to terminate before returning to the command prompt. This new behavior does NOT occur if executing within a command script. When executing a command line whose first token is the string "CMD " without an extension or path qualifier, then "CMD" is replaced with the value of the COMSPEC variable. This prevents picking up CMD.EXE from the current directory. When executing a command line whose first token does NOT contain an extension, then CMD.EXE uses the value of the PATHEXT environment variable to determine which extensions to look for and in what order. The default value for the PATHEXT variable is: .COM;.EXE;.BAT;.CMD Notice the syntax is the same as the PATH variable, with semicolons separating the different elements. When searching for an executable, if there is no match on any extension, then looks to see if the name matches a directory name. If it does, the START command launches the Explorer on that path. If done from the command line, it is the equivalent to doing a CD /D to that path.
SubInAcl version 5.2.3790.1180 USAGE ----- Usage : SubInAcl [/option...] /object_type object_name [[/action[=parameter]...] /options : /outputlog=FileName /errorlog=FileName /noverbose /verbose (default) /notestmode (default) /testmode /alternatesamserver=SamServer /offlinesam=FileName /stringreplaceonoutput=string1=string2 /expandenvironmentsymbols (default) /noexpandenvironmentsymbols /statistic (default) /nostatistic /dumpcachedsids=FileName /separator=character /applyonly=[dacl,sacl,owner,group] /nocrossreparsepoint (default) /crossreparsepoint /object_type : /service /keyreg /subkeyreg /file /subdirectories[=directoriesonly|filesonly] /clustershare /kernelobject /metabase /printer /onlyfile /process /share /samobject /action : /display[=dacl|sacl|owner|primarygroup|sdsize|sddl] (default) /setowner=owner /replace=[DomainName\]OldAccount=[DomainName\]New_Account /accountmigration=[DomainName\]OldAccount=[DomainName\]New_Account /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]] /migratetodomain=SourceDomain=DestDomain=[MappingFile[=Both]] /findsid=[DomainName\]Account[=stop|continue] /suppresssid=[DomainName\]Account /confirm /ifchangecontinue /cleandeletedsidsfrom=DomainName[=dacl|sacl|owner|primarygroup|all] /testmode /accesscheck=[DomainName\]Username /setprimarygroup=[DomainName\]Group /grant=[DomainName\]Username[=Access] /deny=[DomainName\]Username[=Access] /sgrant=[DomainName\]Username[=Access] /sdeny=[DomainName\]Username[=Access] /sallowdeny==[DomainName\]Username[=Access] /revoke=[DomainName\]Username /perm /audit /compactsecuritydescriptor /pathexclude=pattern /objectexclude=pattern /sddl=sddl_string /objectcopysecurity=object_path /pathcopysecurity=path_container Usage : SubInAcl [/option...] /playfile file_name Usage : SubInAcl /help [keyword] SubInAcl /help /full keyword can be : features usage syntax sids view_mode test_mode object_type domain_migration server_migration substitution_features editing_features - or - any [/option] [/action] [/object_type] SYNTAX ------ describe SubInAcl syntax The SubInAcl syntax is analog to the UNIX find tool. For each object, SubInAcl : 1. retrieves the security descriptor of the object 2. applies the /action(s). The /actions are executed in the order of the command line 3. If : - the security descriptor has been modified and - the /testmode switch has not been specified the changes are applied to the object For instance : - SubInAcl /outputlog=result.txt /subdirectories \\Server\c$\temp\*.* /grant=Dom\John=F /noverbose /display For each file below \\Server\c$\temp, SubInAcl will - open the file - grant full control for dom\john - display the security setting in noverbose mode - save the security descriptor. All outputs will be saved in result.txt You can specify as many /actions as you wish. You must specify at least 3 characters for each action. The command line is not case-sensitive Ex: SubInAcl /file c:\temp\*.txt /replace=John=Smith /display for each *.txt file will - replace John with Smith - display the whole security descriptor - apply the changes if any SubInAcl error messages are sent to the Standard error. You can use the /output switch to save both outputs and errors in the same file. FEATURES -------- describes SubInAcl main features SubInAcl was designed to help administrators to manage security on various objects. It provides : - a unified way to manipulate security for different kinds of objects (files, registry keys, services, printer,...) - a console tool that allows to write scripts to automate security tasks - some features that help administrators to modify security if some changes occur in their organization: - user, group deletions (/suppresssid, /cleandeletedsidsfrom ) - user, group migrations (/replace , /accountmigration) - domain, server migration (/changedomain, /migratetodomain) ... - security descriptor editing features : - owner ( /setowner ) - primary group ( /setprimarygroup ) - permissions ( /grant , /deny , /revoke ) - audit ( /sgrant, /sdeny, /sallowdeny) - access to remote objects - save and restore permissions (/playfile , /outputlog , /display ) You need SeBackupPrivilege SeRestorePrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeChangeNotifyPrivilege privileges (locally or remotely) to run this tool Type SubInAcl /help to get extended help SIDS ---- sids : explain how SubInAcl retrieves and translates SIDs The security descriptor references users and groupswith a SID (Security Identifier). A SID can be expressed in one of the following form: + DomainName\Account (ex: DOM\Administrators ) + StandaloneServer\Group + Account ( see LookupAccount API ) + s-1-x-x-x-x . x is expressed in decimal (ex: S-1-5-21-56248481-1302087933-1644394174-1001) Warning : In that case, no check is done to verify the existence of this SID. SubInAcl maintains a local cache of SIDs to minimize SID to "Human Name" translation network cost. SubInAcl queries the server where the ressource object is located to translate or retrieve SIDs. If needed, you can specify another SAM server to translate SIDs (see /alternatesamserver). If you try to replace SIDs and the originated domain or server is not online, you can provide a file containing the needed SIDs (see /offlinesam). You can dump the local cache of SIDs in a file (see /dumpcachedsids). VIEW_MODE --------- /noverbose /verbose SubInAcl can be used in a quiet mode (/noverbose) or a in verbose mode (/verbose , /Noverbose ) You can specify these switches either : - for the entire comand line : SubInAcl /noverbose /file *.dat /display - after a specific action : SubInacl /file *.dat /display /noverbose /display TEST_MODE --------- /testmode /notestmode (default) If /testmode is specified, the changes will not be reflected to the object security descriptor. This option is useful to test the validity of a comand. Ex : SubInacl /subdirec \\server\share\*.* /changedomain=DOMA=DOMB /ifchangecontinue /noverbose /display /testmode For each file modified this comand displays the modified security descriptor. But these changes will not physically apply to the files OBJECT_TYPE ----------- /file /subdirectories /onlyfile /keyreg /subkeyreg /service /share /clustershare /printer /kernelobject /metabase /process /samobject SubInAcl can work with various objects: - Files : /file /subdirectories /onlyfile - Registry keys : /keyreg /subkeyreg - Services : /service - Shares : /share /clustershare - Printer : /printer - Kernel named objects : /kernelobject - IIS adminidstration rights : /metabase // - Process : /process - Sam : /SamObject The actions are valid for all objects Most of them support the enumeration with the * character DOMAIN_MIGRATION ---------------- explain how to migrate security between domain SIDs The main purpose of SubInAcl is to help administrators to migrate user(s) if the domain architecture has changed. For instance, the user John has moved and is now member of the DOMB domain. You can reflect this change with : SubInAcl /subdirec \\server\share\*.* /replace=OldDomain\John=DOMB\John N.B: A trust relationship must be enabled between the domain of server and OldDomain and NEWDOMAIN N.B: If a trust relationship cannot be enabled, you can use the /alternatesamserver=Server. Server should be the name of Domain Controller Server Sample : You have worked with a unique domain. You want to migrate a BDC named MIGRCONTROL with all the files and the users utilized on a new domain 1. Reinstall the BDC as PDC to the NEWDOMAIN (without erasing the files) 2. Create the users on NEWDOMAIN 3. Create a "trusted relationship" with OLDDOMAIN 4. Run SubInAcl /noverbose /subdirectories x:\*.* /changedomain=OLDDOMAIN=NEWDOMAIN 5. Verify the changes with SubInAcl /noverbose /subdirectories x:\*.* Sample : You have worked with a standalone server named SERVER in a workgroup environment. You want to move this server (including users) to a domain DOM. 1. Move SERVER to the domain DOM 2. Create the users in the DOM domain 3. SubInAcl /noverbose /subdirectories \\server\share /changedomain=SERVER=DOM See /changedomain /migratedomain /replace actions SERVER_MIGRATION ---------------- explain how to migrate SIDs when objects are moved from one server to another one Migrating file system from one local server to another local server is not a trivial task. SubInAcl Version 2.2 has been enhanced to help this migration process. To migrate file system files from one local server and to preserve security, you can perform the following steps: 1. use scopy to copy files and ACLs on destination server 2. create local groups on the destination server 3. Use /changedomain or /changedomain with the /alternatesamserver option : By default SubInAcl queries the server where the objects are located to retrieve SIDS. This server is not aware of the SIDs valid on another standalone server To address this issue, you can use the /alternatesamserver option to ask SubInAcl to to use the alternamesamserver server if a SID resolution is not successfull on the initial server. Sample : SubInAcl /alternatesamserver=SourceServer /subdirect \\DestServer\Share\*.* /migratedomain=SourceServer=DestServer See /alternatesamserver /migratedomain /offlinesam EDITING_FEATURES ---------------- how to edit parts of the security descriptor SubInAcl allows to modify each part of a a security descriptor : - owner see /owner=SID or /setowner=SID - primary group see /setprimarygroup=GroupSID - system ACL (SubInAcl name = Audit ACL) with Access Control Entries (SubInAcl name= AAce = Audit ACE) see /audit /sgrant /sdeny /sallowdeny - discretionnary ACL (SubInAcl name = Perm ACL ) with Access Control Entries (SubInAcl name= PAce = Perm ACE) see /perm /pace=xxx /revoke=SID /grant=SID=Access /deny=SID=access /sgrant=SID=Access /sdeny=SID=access /sallowdeny=SID=access- or the full security descriptor see /sddl=sddl_string /SERVICE -------- /service service_name manipulate service - \\ServerName\Messenger - \\ServerName\M* - Messenger N.B: /driver can be used also. /driver * will display all driversm /service * will display all services /KEYREG ------- /keyreg registry_key manipulate registry keys - HKEY_CURRENT_USER\Software - HKEY_CURRENT_USER\Software\*Version - \\Srv\HKEY_LOCAL_MACHINE\KeyPath /SUBKEYREG ---------- /subkeyreg registry_key manipulate registry keys and subkeys - HKEY_CURRENT_USER\Software - HKEY_CURRENT_USER\Software\*Version - \\Srv\HKEY_LOCAL_MACHINE\KeyPath /FILE ----- /file filename manipulate files N.B: SubInAcl is not supported on DFS volumes - *.obj - c:\temp\*.obj - \\servername\share\*.exe - c:\ /file=directoriesonly will apply parameters on directories only /file=filesonly will apply parameters on files only /SUBDIRECTORIES --------------- /subdirectories file_path manipulate files in specified directory and all subdirectories - c:\temp\*.obj : work with all obj files - c:\temp\test : work with all test files below the c:\temp directory - c:\temp\test\*.* : work with all files below temp\test - c:\temp\test\ : work with all files below temp\test /subdirectories=directoriesonly will apply parameters on directories only /subdirectories=filesonly will apply parameters on files only /ONLYFILE --------- /onlyfile file_name open a file without using the FindFilexxx mechanism. Can be used to access named pipes or mailslot - \\.\pipe\pipename /SAMOBJECT ---------- /samobject samobject allow to access ACL associated to SAM objects(users,localgroup,globalgroup). Can be used to allow a localgroup(alias) created by a power users on a member to be updated by another power users member - \\samserver\localgroup - \\samserver\*users* - *group* - Subinacl /samobject \\sams\testgroup /grant=poweruser1=f /SHARE ------ /share file_share_name access a network file share. - \\server\share - \\server\test* /CLUSTERSHARE ------------- /clustershare \\clustername\fileshareresource access a cluster file share resource. - \\clustername\FileShare_Resource_Name - \\clustername\s* /KERNELOBJECT ------------- /kernelobject kernel_object_name access a named kernel object. Can be used to view mutex, sections, events objects /PROCESS -------- /process pid_or_executable_pattern access a process object. - notepad.* or pid_in_decimal /METABASE ---------- /metabase metabase_path access to IIS metabase AdminACL metabase property Note that this property can only be used with these Metabase paths /LM/MSFTPSVC , /LM/MSFTPSVC/n , /LM/W3SVC , /LM/W3SVC/ This object doesn't support enumeration. - SubInAcl /metabase \\ServerName\LM\W3SVC /grant=administrator=F /PRINTER --------- /printer printername access to printer - \\server\printer1 - \\server\* /DISPLAY -------- /display[=dacl|sacl|owner|primarygroup|sdsize|sddl] display the security descriptor You can also view part of the security descriptor. /display=dacl will display the discretionary acl. /display=sddl will display the security using the Win32 SDDL security descriptor string format (see Platform SDK) The /noverbose display can be used to reapply the security descriptor (see /playfile) /PLAYFILE --------- /playfile playfile The /playfile feature allows SubInacl to run in a batch mode. The format of the playfile command file is : + object_type object_name /action[=parameter]... /action[=parameter]... +object_type object_name /action[=parameter]... SubInacl /playfile=playfile.txt with With playfile : +subdirec *.txt /grant=everyone=R +service RkillSrv /display will give the same result than SubInAcl /subdirectories *.txt /grant=everyone=R SubInAcl /service RkillSrv /display One typical usage of the playfile feature is to allow to reapply security settings saved previously because the output format of the noverbose /display is a playfile compatible format: 1.a) SubInAcl /noverbose /outputlog=d:\SubInaclSave.txt /subdirectories c:\*.* /display This command saves all security settings for the files on C: drive. Sids will be saved in the Domain\user string format The /display option in a noverbose mode uses an output playfile compatible format or 1.b) SubInAcl /error=d:\Err.txt /outputlog=d:\SubInaclSave.txt /subdirectories c:\*.* /display=sddl This command saves all security settings using the Win32 SDDL format. Sids will be saved in the S-1-x-x form. This will not require SubInacl to translate Sids This may minimize the elapsed time and resource usage 2) SubInAcl /playfile d:\SubInaclSave.txt This command will reapply the previously saved settings. One other advantage of using a playfile is to improve performance and save network bandwidth because SubInacl maintains a local cache of SIDs. For instance if you issue : SubInacl /subdirectories c:\*.* /migrate=domain1=domain2 And SubInacl /subdirectories d:\*.* /migrate=domain1=domain2 Batching these commands will reduce the network usage bandwidth and improve performance because SID TO HUMAN NAME resolution process will be reduced. /OUTPUTLOG ---------- /outputlog=filename all outputs will be send in filename. You need to use /errlog switch to redirect all errors in a different file /ERRORLOG --------- /errorlog=filename.txt all errors will be send in the filename.txt /ALTERNATESAMSERVER ------------------- /alternatesamserver=Server SubInAcl queries the Server where the object is located to lookup Sids. Under some circumstances , you may need ( see server_migration or domain_migration) to retrieve Sids from another server. If a Sid resolution is unsuccessful, this option allows SubInAcl to query the alternamesamserver. /OFFLINESAM ----------- /offlinesam=FileName By default, SubInAcl queries the Server where the object is located to lookup Sids.Under some circumstances (migration where the source server is offline or if a domain is no longer available, want to avoid network round trip for SIDs retrievals), you may allow SubInAcl.exe to retrieve SIDs from the FileName file. File format is : __cachefileonly__=s-1-9-cacheonly domain\simon=S-1-5-21-1190502449-1716722630-1654032285-1105 nat\julien=S-1-5-21-1060284298-436374069-1708537768-1005 where domain\simon and nat\julien can be a domain account or server account. With the __cachefileonly__ line in the file, SubInAcl.exe will not query SAM Server(s) anymore. All needed SIDs should be found in the SAM cache file /DUMPCACHEDSIDS --------------- /dumpcachedsids=FileName At the end of the subinacl execution, you can dump the contents of the local cache Sids in a file. This file can later be used for future SubInacl execution (see . /offlinesam) to speed up the Sids resolution process) /SETOWNER --------- /setowner=SID will change the owner of the object /owner=SID or /setowner=SID owner = DomainName\Administrators will retrieve the Administrators Sid on the server where the object is (see Win32 SDK LookupAccountName function). /REPLACE -------- /replace=DomainName\OldAccount=DomainName\New_Account replace all ACEs (Audit and Permissions) in the object Ex: /replace=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will replace all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID retrieves from NEWDOM domain Warning: if DomainName\New_Account has already an ACE, ACE replacement is skipped /ACCOUNTMIGRATION ----------------- /accountmigration=DomainName\OldAccount=DomainName\New_Account (see /replace) will : - replace owner or primary group if one of them is DomainName\OldAccount. - duplicate ACE(s) with reference to DomainName\OldAccount for New_Account Ex: /accountmigration=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will duplicate all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID retrieves from NEWDOM domain Warning : if DomainName\New_Account has already an ACE, ACE replacement is skipped /CLEANDELETEDSIDSFROM --------------------- /cleandeletedsidsfrom=domain[=dacl|sacl|owner|primarygroup|all] delete all ACEs containing deleted (no valid) Sids from DomainName You can specify which part of the security descriptor will be scanned (default=all) If the owner is deleted, new owner will be the Administrators group. If the primary group is deleted, new primary group will be the Users group. /CHANGEDOMAIN ------------- /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]] replace all ACEs with a Sid from OldDomainName with the equivalent Sid found in NewSamServer Ex: /changedomain=DOM_MARKETING=NEWDOMAIN replace all ACEs containing DOM_MARKETING\ChairMan SID with the ChairMan's SID retrieved on NEWDOMAIN computer The NEWDOMAIN must have a trusted relationship with the server containing the object If you want to explicitly specify the users affected , you can specify a mapping file. The MappingFile file will allow you to specify the list of users affected and the name of the replacing user in the NewDomain Below a sample of a MappingFile simon=julien administrator=administrator OldDomainName\Simon will be replaced by NewDomainName\Julien and OldDomainName\Administrator will be replaced with NewDomainName\Administrator If you use /changedomain=OldDomainName=NewDomainName=MappingFile notation ,only users defined in this file will be migrated. If you use /changedomain=OldDomainName=NewDomainName=MappingFile=Both, the mapping file will be examined first to determine if a mapping user exist. If not, SubInacl will try to find the equivalent user in the NewDomainName /MIGRATETODOMAIN ---------------- /migratetodomain=FromDomainName=ToDomainName[=MappingFile[=Both]] same behavior than /changedomain except that news ACEs will added instead of replacing Ex: /migratetodomain=DOM1=DOM2 each ace with DOM1\User will be duplicated with DOM2\User (If DOM2\User exists) If during the migration there was a serious oversight you can instruct the user to log back onto DOM1. N.B: Owner and Primary Group are migrated to DOM2 /FINDSID -------- /findsid=DomainName\Account[=stop|continue] display the object name containing a reference to DomainName\Account in the security descriptor stop - if Account is found, next parameters will be skipped and changes will not be applied - if Account is not found, next parameter will be executed continue - if Account found, next parameters will be executed - if Account not found, next parameters will be skipped and changes will not be applied /SUPPRESSSID ------------ /suppresssid=DomainName\Account suppress all ACES containing the DomainName\Account SID. If the object's owner is DomainName\Account, the owner is set to Everyone's SID. /PERM ----- /perm suppress all existing permissions aces (PACEs) /AUDIT ------ /audit suppress all existing auditing aces (AACEs) /IFCHANGECONTINUE ----------------- /ifchangecontinue continue to process the next actions only if some changes have been made in the previous actions /TESTMODE --------- /testmode changes will not be applied to the object. This allows to test the modifications /ACCESSCHECK ------------ /accesscheck=Domain\Username display the access granted to the Domain\Username. The password will be asked. This option requires the SeTcbName privilege (Act as Part of the Operating System). This option cannot be used with remote object. Note : the access is checked with the NETWORK security identified granted to the Domain\UserName /SETPRIMARYGROUP ---------------- /setprimarygroup=[DomainName\]Group change the primary group /DENY ----- /deny=[DomainName\]User[=Access] add a denied Permission Ace for the specified User (or group) If Access is not specified, all accesses will be denied. File: F : Full Control C : Change R : Read P : Change Permissions O : Take Ownership X : eXecute E : Read eXecute W : Write D : Delete ClusterShare: F : Full Control R : Read C : Change Printer: F : Full Control M : Manage Documents P : Print -- Press Return To Continue ---- KeyReg: F : Full Control R : Read A : ReAd Control Q : Query Value S : Set Value C : Create SubKey E : Enumerate Subkeys Y : NotifY L : Create Link D : Delete W : Write DAC O : Write Owner Service: F : Full Control R : Generic Read W : Generic Write X : Generic eXecute L : Read controL Q : Query Service Configuration S : Query Service Status E : Enumerate Dependent Services C : Service Change Configuration T : Start Service O : Stop Service P : Pause/Continue Service I : Interrogate Service U : Service User-Defined Control Commands Share: F : Full Control R : Read C : Change Metabase: F : Full Control R : Read - MD_ACR_READ W : Write - MD_ACR_WRITE I : Restricted Write - MD_ACR_RESTRICTED_WRITE U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ E : Enum keys- MD_ACR_ENUM_KEYS D : write Dac- MD_ACR_WRITE_DAC Process: F : Full Control R : Read W : Write X : eXecute SamObject: F : Full Control W : Write R : Read X : Execute /REVOKE ------- /revoke=[DomainName\]User suppress all Permission Ace(s) for the specified User (or group) /GRANT ------ /grant=[DomainName\]User[=Access] will add a Permission Ace for the user. if Access is not specified, the Full Control access will be granted. File: F : Full Control C : Change R : Read P : Change Permissions O : Take Ownership X : eXecute E : Read eXecute W : Write D : Delete ClusterShare: F : Full Control R : Read C : Change Printer: F : Full Control M : Manage Documents P : Print KeyReg: F : Full Control R : Read A : ReAd Control Q : Query Value S : Set Value C : Create SubKey E : Enumerate Subkeys Y : NotifY L : Create Link D : Delete W : Write DAC O : Write Owner Service: F : Full Control R : Generic Read W : Generic Write X : Generic eXecute L : Read controL Q : Query Service Configuration S : Query Service Status E : Enumerate Dependent Services C : Service Change Configuration T : Start Service O : Stop Service P : Pause/Continue Service I : Interrogate Service U : Service User-Defined Control Commands Share: F : Full Control R : Read C : Change Metabase: F : Full Control R : Read - MD_ACR_READ W : Write - MD_ACR_WRITE I : Restricted Write - MD_ACR_RESTRICTED_WRITE U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ E : Enum keys- MD_ACR_ENUM_KEYS D : write Dac- MD_ACR_WRITE_DAC Process: F : Full Control R : Read W : Write X : eXecute SamObject: F : Full Control W : Write R : Read X : Execute /SALLOWDENY ----------- /sallowdeny=[DomainName\]User[=Access] will add an Allow/Failed Audit Ace for the user and remove all existing Audit Ace for this user(or group). if Access is not specified, the Full Control access mask will be used. Ex: SubInacl /file c:\windows\explorer.exe /sallowdeny=everyone=R will set the audit for everyone's successful and failed access /SGRANT ------- /sgrant=[DomainName\]User[=Access] will add a Successfull (Allow) Audit Ace for the user and remove all existing Audit Ace for this user(or group). if Access is not specified, the Full Control access mask will be used. Ex: SubInacl /file c:\windows\explorer.exe /sgrant=everyone=R will set the audit for everyone's successful access File: F : Full Control C : Change R : Read P : Change Permissions O : Take Ownership X : eXecute E : Read eXecute W : Write D : Delete ClusterShare: F : Full Control R : Read C : Change Printer: F : Full Control M : Manage Documents P : Print KeyReg: F : Full Control R : Read A : ReAd Control Q : Query Value S : Set Value C : Create SubKey E : Enumerate Subkeys Y : NotifY L : Create Link D : Delete W : Write DAC O : Write Owner Service: F : Full Control R : Generic Read W : Generic Write X : Generic eXecute L : Read controL Q : Query Service Configuration S : Query Service Status E : Enumerate Dependent Services C : Service Change Configuration T : Start Service O : Stop Service P : Pause/Continue Service I : Interrogate Service U : Service User-Defined Control Commands Share: F : Full Control R : Read C : Change Metabase: F : Full Control R : Read - MD_ACR_READ W : Write - MD_ACR_WRITE I : Restricted Write - MD_ACR_RESTRICTED_WRITE U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ E : Enum keys- MD_ACR_ENUM_KEYS D : write Dac- MD_ACR_WRITE_DAC Process: F : Full Control R : Read W : Write X : eXecute SamObject: F : Full Control W : Write R : Read X : Execute /SDENY ------ /sdeny=[DomainName\]User[=Access] will add a Failed Audit Ace for the user and remove all existing Audit Ace for this user(or group). if Access is not specified, the Full Control access mask will be used. File: F : Full Control C : Change R : Read P : Change Permissions O : Take Ownership X : eXecute E : Read eXecute W : Write D : Delete ClusterShare: F : Full Control R : Read C : Change Printer: F : Full Control M : Manage Documents P : Print KeyReg: F : Full Control R : Read A : ReAd Control Q : Query Value S : Set Value C : Create SubKey E : Enumerate Subkeys Y : NotifY L : Create Link D : Delete W : Write DAC O : Write Owner Service: F : Full Control R : Generic Read W : Generic Write X : Generic eXecute L : Read controL Q : Query Service Configuration S : Query Service Status E : Enumerate Dependent Services C : Service Change Configuration T : Start Service O : Stop Service P : Pause/Continue Service I : Interrogate Service U : Service User-Defined Control Commands Share: F : Full Control R : Read C : Change Metabase: F : Full Control R : Read - MD_ACR_READ W : Write - MD_ACR_WRITE I : Restricted Write - MD_ACR_RESTRICTED_WRITE U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ E : Enum keys- MD_ACR_ENUM_KEYS D : write Dac- MD_ACR_WRITE_DAC Process: F : Full Control R : Read W : Write X : eXecute SamObject: F : Full Control W : Write R : Read X : Execute /OBJECTEXCLUDE -------------- /objectexclude=pattern all objects matching the pattern string will be skipped (eXcluded). The only wildcard valid is *. It can be used everywhere in the string. Pattern may be a name ( *Name.exe ) or a path ( *dir\subdir\*ToExclude* ). /PATHEXCLUDE ------------ /pathexclude=pattern all containers matching the pattern string will not be enumerated. See /objectexclude N.B: the Actions specified will not be applied to the container too. /STATISTIC ---------- /statistic will display statistics when processing is finished. /CROSSREPARSEPOINT ------------------ /crossreparsepoint When processing a file system path, SubInacl will enumerate file and directories below a reparsepoint except if /nocrossreparsepoint. is specified. /STRINGREPLACEONOUTPUT ---------------------- /stringreplaceonoutput=string1=string2 All occurrences of string1 will be replaced by string2 in subinacl output. /SDDL ----- /sddl=sddl_string specify the Security descriptor for the object using the Win32 security descriptor definition language (SDDL) /APPLYONLY ---------- /applyonly=dacl,sacl,owner,group Some subinacl options may change parts (owner,group,dacl,sacl) of the security descriptor. You may restrict the change to some parts of the security descriptor only . For instance /applyonly=dacl,sacl,owner will not modify the primary group field /PATHCOPYSECURITY ----------------- /pathcopysecurity=path_container SubInacl will reset the security descriptor for the object with the same named object in the container path. Ex: - SubInacl /file c:\temp\*.txt /pathcopysecurity=d:\test will replace the security (acls,owner,primarygroup) for c:\temp\1.txt with the security retrieved from d:\test\1.txt (if this file exists) -SubInacl /service Messenger /pathcopysecurity=\\Server will update the security on the service Messenger with the security existing on the remote messenger service /OBJECTCOPYSECURITY ------------------- /objectcopysecurity=object_path SubInacl will reset the security descriptor with the object object_path in the container path. Ex: - SubInacl /file c:\temp\*.txt /objectcopysecurity=d:\test\mask.txt will replace the security (acls,owner,primarygroup) for all txt files in c: emp with the security retrieved on d:\test\amsk.txt will update the security on the service Messenger with the security existing on the remote messenger service
Associates a path with a drive letter. SUBST [drive1: [drive2:]path] SUBST drive1: /D drive1: Specifies a virtual drive to which you want to assign a path. [drive2:]path Specifies a physical drive and path you want to assign to a virtual drive. /D Deletes a substituted (virtual) drive. Type SUBST with no parameters to display a list of current virtual drives.
WinSxs Tracing Utility. Usage: SxsTrace [Options] Options: Trace -logfile:FileName [-nostop] Enabling tracing for sxs. Tracing log is saved to FileName. If -nostop is specified, will not prompt to stop tracing. Parse -logfile:FileName -outfile:ParsedFile [-filter:AppName] Translate the raw trace file into a human readable format and save the result to ParsedFile. Use -filter option to filter the output. Stoptrace Stop the trace if it is not stopped before. Example: SxsTrace Trace -logfile:SxsTrace.etl SxsTrace Parse -logfile:SxsTrace.etl -outfile:SxsTrace.txt
SYSTEMINFO [/S system [/U username [/P [password]]]] [/FO format] [/NH] Description: This tool displays operating system configuration information for a local or remote machine, including service pack levels. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /FO format Specifies the format in which the output is to be displayed. Valid values: "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed in the output. Valid only for "TABLE" and "CSV" formats. /? Displays this help message. Examples: SYSTEMINFO SYSTEMINFO /? SYSTEMINFO /S system SYSTEMINFO /S system /U user SYSTEMINFO /S system /U domain\user /P password /FO TABLE SYSTEMINFO /S system /FO LIST SYSTEMINFO /S system /FO CSV /NH
TAKEOWN [/S system [/U username [/P [password]]]] /F filename [/A] [/R [/D prompt]] Description: This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /F filename Specifies the filename or directory name pattern. Wildcard "*" can be used to specify the pattern. Allows sharename\filename. /A Gives ownership to the administrators group instead of the current user. /R Recurse: instructs tool to operate on files in specified directory and all subdirectories. /D prompt Default answer used when the current user does not have the "list folder" permission on a directory. This occurs while operating recursively (/R) on sub-directories. Valid values "Y" to take ownership or "N" to skip. /SKIPSL Do not follow symbolic links. Only applicable with /R. /? Displays this help message. NOTE: 1) If /A is not specified, file ownership will be given to the current logged on user. 2) Mixed patterns using "?" and "*" are not supported. 3) /D is used to suppress the confirmation prompt. Examples: TAKEOWN /? TAKEOWN /F lostfile TAKEOWN /F \\system\share\lostfile /A TAKEOWN /F directory /R /D N TAKEOWN /F directory /R /A TAKEOWN /F * TAKEOWN /F C:\Windows\System32\acme.exe TAKEOWN /F %windir%\*.txt TAKEOWN /S system /F MyShare\Acme*.doc TAKEOWN /S system /U user /F MyShare\MyBinary.dll TAKEOWN /S system /U domain\user /P password /F share\filename TAKEOWN /S system /U user /P password /F Doc\Report.doc /A TAKEOWN /S system /U user /P password /F Myshare\* TAKEOWN /S system /U user /P password /F Home\Logon /R TAKEOWN /S system /U user /P password /F Myshare\directory /R /A
TASKKILL [/S system [/U username [/P [password]]]] { [/FI filter] [/PID processid | /IM imagename] } [/T] [/F] Description: This tool is used to terminate tasks by process id (PID) or image name. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /FI filter Applies a filter to select a set of tasks. Allows "*" to be used. ex. imagename eq acme* /PID processid Specifies the PID of the process to be terminated. Use TaskList to get the PID. /IM imagename Specifies the image name of the process to be terminated. Wildcard '*' can be used to specify all tasks or image names. /T Terminates the specified process and any child processes which were started by it. /F Specifies to forcefully terminate the process(es). /? Displays this help message. Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- ------------------------- STATUS eq, ne RUNNING | NOT RESPONDING | UNKNOWN IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number. CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. hh - hours, mm - minutes, ss - seconds MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format MODULES eq, ne DLL name SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title NOTE ---- 1) Wildcard '*' for /IM switch is accepted only when a filter is applied. 2) Termination of remote processes will always be done forcefully (/F). 3) "WINDOWTITLE" and "STATUS" filters are not considered when a remote machine is specified. Examples: TASKKILL /IM notepad.exe TASKKILL /PID 1230 /PID 1241 /PID 1253 /T TASKKILL /F /IM cmd.exe /T TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*" TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM * TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"
TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH] Description: This tool displays a list of currently running processes on either a local or remote machine. Parameter List: /S system Specifies the remote system to connect to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /M [module] Lists all tasks currently using the given exe/dll name. If the module name is not specified all loaded modules are displayed. /SVC Displays services hosted in each process. /APPS Displays Store Apps and their accociated processes. /V Displays verbose task information. /FI filter Displays a set of tasks that match a given criteria specified by the filter. /FO format Specifies the output format. Valid values: "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed in the output. Valid only for "TABLE" and "CSV" formats. /? Displays this help message. Filters: Filter Name Valid Operators Valid Value(s) ----------- --------------- -------------------------- STATUS eq, ne RUNNING | SUSPENDED NOT RESPONDING | UNKNOWN IMAGENAME eq, ne Image name PID eq, ne, gt, lt, ge, le PID value SESSION eq, ne, gt, lt, ge, le Session number SESSIONNAME eq, ne Session name CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss. hh - hours, mm - minutes, ss - seconds MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB USERNAME eq, ne User name in [domain\]user format SERVICES eq, ne Service name WINDOWTITLE eq, ne Window title MODULES eq, ne DLL name NOTE: "WINDOWTITLE" and "STATUS" filters are not supported when querying a remote machine. Examples: TASKLIST TASKLIST /M TASKLIST /V /FO CSV TASKLIST /SVC /FO LIST TASKLIST /APPS /FI "STATUS eq RUNNING" TASKLIST /M wbem* TASKLIST /S system /FO LIST TASKLIST /S system /U domain\username /FO CSV /NH TASKLIST /S system /U username /P password /FO TABLE /NH TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"
Displays or sets the system time. TIME [/T | time] Type TIME with no parameters to display the current time setting and a prompt for a new one. Press ENTER to keep the same time. If Command Extensions are enabled the TIME command supports the /T switch which tells the command to just output the current time, without prompting for a new time.
TIMEOUT [/T] timeout [/NOBREAK] Description: This utility accepts a timeout parameter to wait for the specified time period (in seconds) or until any key is pressed. It also accepts a parameter to ignore the key press. Parameter List: /T timeout Specifies the number of seconds to wait. Valid range is -1 to 99999 seconds. /NOBREAK Ignore key presses and wait specified time. /? Displays this help message. NOTE: A timeout value of -1 means to wait indefinitely for a key press. Examples: TIMEOUT /? TIMEOUT /T 10 TIMEOUT /T 300 /NOBREAK TIMEOUT /T -1
Sets the window title for the command prompt window. TITLE [string] string Specifies the title for the command prompt window.
Microsoft r TraceRpt.Exe (6.3.9600.16384) Usage: TRACERPT <[-l] <value [value [...]]>|-rt <session_name [session_name [...]]>> [options] Options: -? Displays context sensitive help. -config <filename> Settings file containing command options. -y Answer yes to all questions without prompting. -f <XML|HTML> Report format. -of <CSV|EVTX|XML> Dump format, the default is XML. -en <ANSI|Unicode> Output file encoding. Only allowed with CSV output format. -df <filename> Microsoft specific counting/reporting schema file. -import <filename [filename [...]]> Event Schema import file. -int <filename> Dump interpreted event structure into specified file. -rts Report raw timestamp in event trace header. Can only be used with -o, not -report or -summary. -tmf <filename> Trace Message Format definition file -tp <value> TMF file search path. Multiple paths can be used, separated with ';'. -i <value> Specifies the provider image path. The matching PDB will be located in the Symbol Server. Multiple paths can be used, separated with ';'. -pdb <value> Specifies the symbol server path. Multiple paths can be used, separated with ';'. -gmt Convert WPP payload timestamps to GMT time -rl <value> System Report Level from 1 to 5, the default value is 1. -summary [filename] Summary report text file. Default is summary.txt. -o [filename] Text output file. Default is dumpfile.xml. -report [filename] Text output report file. Default is workload.xml. -lr Less restrictive; use best effort for events not matching event schema. -export [filename] Event Schema export file. Default is schema.man. [-l] <value [value [...]]> Event Trace log file to process. -rt <session_name [session_name [...]]> Real-time Event Trace Session data source. Examples: tracerpt logfile1.etl logfile2.etl -o logdump.xml -of XML tracerpt logfile.etl -o logdmp.xml -of XML -lr -summary logdmp.txt -report logrpt.xml tracerpt logfile1.etl logfile2.etl -o -report tracerpt logfile.etl counterfile.blg -report logrpt.xml -df schema.xml tracerpt -rt "NT Kernel Logger" -o logfile.csv -of CSV
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name Options: -d Do not resolve addresses to hostnames. -h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list (IPv4-only). -w timeout Wait timeout milliseconds for each reply. -R Trace round-trip path (IPv6-only). -S srcaddr Source address to use (IPv6-only). -4 Force using IPv4. -6 Force using IPv6.
Graphically displays the folder structure of a drive or path. TREE [drive:][path] [/F] [/A] /F Display the names of the files in each folder. /A Use ASCII instead of extended characters.
Attaches a user session to a remote desktop session. TSCON {sessionid | sessionname} [/DEST:sessionname] [/PASSWORD:pw | /PASSWORD:*] [/V] sessionid The ID of the session. sessionname The name of the session. /DEST:sessionname Connect the session to destination sessionname. /PASSWORD:pw Password of user owning identified session. /V Displays information about the actions performed.
Disconnects a Remote Desktop Services session. TSDISCON [sessionid | sessionname] [/SERVER:servername] [/V] [/VM] sessionid The ID of the session. sessionname The name of the session. /SERVER:servername Specifies the Remote Desktop Session Host server (default is current). /V Displays information about the actions performed. /VM Disconnects session on server or within virtual machine. The unique ID of the session needs to be specified.
Ends a process. TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V] processid Process ID for the process to be terminated. processname Process name to be terminated. /SERVER:servername Server containing processID (default is current). /ID or /A must be specified when using processname and /SERVER /ID:sessionid End process running under the specified session. /A End process running under ALL sessions. /V Display information about actions being performed.
Displays the contents of a text file or files. TYPE [drive:][path]filename
Microsoft r TypePerf.exe (6.3.9600.16384) Typeperf writes performance data to the command window or to a log file. To stop Typeperf, press CTRL+C. Usage: TYPEPERF { <counter [counter ...]> | -cf <filename> | -q [object] | -qx [object] } [options] Parameters: <counter [counter ...]> Performance counters to monitor. Options: -? Displays context sensitive help. -f <CSV|TSV|BIN|SQL> Output file format. Default is CSV. -cf <filename> File containing performance counters to monitor, one per line. -si <[[hh:]mm:]ss> Time between samples. Default is 1 second. -o <filename> Path of output file or SQL database. Default is STDOUT. -q [object] List installed counters (no instances). To list counters for one object, include the object name, such as Processor. -qx [object] List installed counters with instances. To list counters for one object, include the object name, such as Processor. -sc <samples> Number of samples to collect. Default is to sample until CTRL+C. -config <filename> Settings file containing command options. -s <computer_name> Server to monitor if no server is specified in the counter path. -y Answer yes to all questions without prompting. Note: Counter is the full name of a performance counter in "\\<Computer>\<Object>(<Instance>)\<Counter>" format, such as "\\Server1\Processor(0)\% User Time". Examples: typeperf "\Processor(_Total)\% Processor Time" typeperf -cf counters.txt -si 5 -sc 50 -f TSV -o domain2.tsv typeperf -qx PhysicalDisk -o counters.txt
Windows Time Zone Utility Usage: TZUTIL </? | /g | /s TimeZoneID[_dstoff] | /l> Parameters: /? Displays usage information. /g Displays the current time zone ID. /s TimeZoneID[_dstoff] Sets the current time zone using the specified time zone ID. The _dstoff suffix disables Daylight Saving Time adjustments for the time zone (where applicable). /l Lists all valid time zone IDs and display names. The output will be: <display name> <time zone ID> Examples: TZUTIL /g TZUTIL /s "Pacific Standard Time" TZUTIL /s "Pacific Standard Time_dstoff" Remarks: An exit code of 0 indicates the command completed successfully.
UNLODCTR Removes counter names and explain text for the specified extensible counter. Usage: UNLODCTR <driver> driver is the name of the device driver which is to have its counter name definitions and explain text removed from the system's registry. UNLODCTR /m:<manifest> manifest is the name of the manifest file that contains performance counter definitions. These counters will be removed from local system. UNLODCTR /g:{ProviderGuid} ProviderGuid identifies the performance counter provider being unloaded. UNLODCTR /p:<ProviderName> ProviderName identifies the performance counter provider being unloaded. Note: any arguments with spaces in the names must be enclosed within Double Quotation marks.
Creates, displays and deletes stored credentials. Following commands are supported.Use VaultCmd /<command> /? for further help VaultCmd /list VaultCmd /listschema VaultCmd /listcreds VaultCmd /addcreds VaultCmd /deletecreds VaultCmd /listproperties VaultCmd /sync
Driver Verifier Manager - version 6.3.9600.16384 Copyright (c) Microsoft Corporation. All rights reserved. COMMON USAGE: verifier /? verifier /standard /all verifier /standard /driver NAME [NAME ...] verifier /flags FLAGS /all verifier /flags FLAGS /driver NAME [NAME ...] verifier /rules [OPTION ...] verifier /query verifier /querysettings verifier /bootmode [persistent|resetonbootfail|oneboot] verifier /reset verifier /faults [PROB [TAGS [APPS [MINS]]]] verifier /faultssystematic [OPTION ...] verifier /log LOG_FILE_NAME [/interval SECONDS] verifier /volatile /flags FLAGS verifier /volatile /adddriver NAME [NAME ...] verifier /volatile /removedriver NAME [NAME ...] verifier /volatile /faults [PROB [TAGS [APPS [MINS]]]] /? This help. /standard Enable the Driver Verifier standard flags. This is functionally equivalent to '/flags 0x209BB' /all Enable Driver Verifier on all drivers in a system. /driver NAME [NAME ...] Specify the driver or list of drivers that should be verified. NAME is the name and extension of the file to verify (example: driver.sys). To enable Driver Verifier on more than one driver, list all drivers using a space separated list. Wildcard values (such as n*.sys) are not supported. /flags FLAGS Specify which options are enabled for verification. FLAGS value must be a number in decimal or hex (with 0x prefix). Note: Flags are applied to all drivers being checked by Driver Verifier. STANDARD FLAGS: These flags are considered standard options for Driver Verifier and can be set using '/standard' or by the combination of the options: '/flags 0x209BB' bit 0 (0x00000001) - Special pool bit 1 (0x00000002) - Force IRQL checking bit 3 (0x00000008) - Pool tracking bit 4 (0x00000010) - I/O verification bit 5 (0x00000020) - Deadlock detection bit 7 (0x00000080) - DMA checking bit 8 (0x00000100) - Security checks bit 11 (0x00000800) - Miscellaneous checks bit 17 (0x00020000) - DDI compliance checking ADDITIONAL FLAGS: These flags are designed for specific scenario testing. Flags marked with a (*) require I/O Verification (bit 4) also be enabled. Flags marked with a (**) support disabling of individual rules. bit 2 (0x00000004) - Randomized low resources simulation bit 9 (0x00000200) - Force pending I/O requests (*) bit 10 (0x00000400) - IRP logging (*) bit 13 (0x00002000) - Invariant MDL checking for stack (*) bit 14 (0x00004000) - Invariant MDL checking for driver (*) bit 15 (0x00008000) - Power framework delay fuzzing bit 18 (0x00040000) - Systematic low resources simulation bit 19 (0x00080000) - DDI compliance checking (additional) bit 21 (0x00200000) - NDIS/WIFI verification (**) bit 23 (0x00800000) - Kernel synchronization delay fuzzing bit 24 (0x01000000) - VM switch verification /rules [OPTION ...] Options for rules that can be disabled (advanced). query: shows current status of controllable rules. reset: resets all rules to their default state. default ID: sets rule ID to its default state. disable ID: disables specified rule ID. /query Display a summary of Driver Verifier's current activity. /querysettings Display a summary of the options and drivers that are currently enabled, or options and drivers that will be verified after the next boot. The display does not include drivers and options added using /volatile. /bootmode Sets the verifier boot mode. Requires reboot to take effect. persistent: Ensures that DV settings are persistent over many reboots. This is default. resetonbootfail: If OS fails to boot, reset verifier for subsequent boots. oneboot: Only enable verifier for next boot. /reset Clear Driver Verifier flag and driver settings. Does not clear bootmode. Requires reboot to take effect. /faults [PROB [TAGS [APPS [MINS]]]] Enable the Randomized low resources simulation bit and optionally control parameters for the Randomized low resources simulation. PROB: A number between 1 and 10000 specifying the fault injection probability. If this parameter is not specified, then the default value of 600 (6%) will be used. TAGS: A space separated list of the pool tags to be injected with faults. If this parameter is not specified, then any pool allocation can be injected with faults. APPS: A space separated list of the image filename of the applications that will be injected with faults. If this parameter is not specified then the Randomized low resources simulation can take place in any application. MINS: A positive number indicating the of minutes after rebooting during which no fault injection will occur. If this parameter is not specified, then the default length of 8 minutes will be used. /faultssystematic [OPTION ...] Options for controlling the Systematic low resources simulation. enableboottime: enables fault injections across reboots. disableboottime: disables fault injections across reboots (default). recordboottime: enables fault injections in 'what if' mode across reboots. resetboottime: disables fault injections across reboots and clears the stack exclusion list. enableruntime: dynamically enables fault injections. disableruntime: dynamically disables fault injections. recordruntime: dynamically enables fault injections in 'what if' mode. resetruntime: dynamically disables fault injections and clears the previosly faulted stack list. querystatistics: shows the current fault injection statistics. incrementcounter: increments the test pass counter used to identify when a fault was injected. getstackid COUNTER: retrieves the indicated injected stack id. excludestack STACKID: excludes the stack from fault injection. /log LOG_FILE_NAME [/interval SECONDS] Create a log file with the name LOG_FILE_NAME. If '/interval' option is not specified, the default 30 seconds is used. Note: If a 'verifier /log' command is typed at the command line, the command prompt does not return. Use CTRL+C to close the log and return. /volatile Change the verifier settings dynamically without rebooting the system. Volatile settings are in effect until the next system reboot. /volatile /adddriver NAME [NAME ...] Add the specified driver or drivers to the list of drivers that will be checked with volatile settings. /volatile /removedriver NAME [NAME ...] Remove the specified driver or drivers from the list of drivers that are being checked with volatile settings.
Tells cmd.exe whether to verify that your files are written correctly to a disk. VERIFY [ON | OFF] Type VERIFY without a parameter to display the current VERIFY setting.
Displays the disk volume label and serial number, if they exist. VOL [drive:]
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool (C) Copyright 2001-2013 Microsoft Corp. ---- Commands Supported ---- Delete Shadows - Delete volume shadow copies List Providers - List registered volume shadow copy providers List Shadows - List existing volume shadow copies List ShadowStorage - List volume shadow copy storage associations List Volumes - List volumes eligible for shadow copies List Writers - List subscribed volume shadow copy writers Resize ShadowStorage - Resize a volume shadow copy storage association
w32tm [/? | /register | /unregister ] ? - this help screen. register - register to run as a service and add default configuration to the registry. unregister - unregister service and remove all configuration information from the registry. w32tm /monitor [/domain:<domain name>] [/computers:<name>[,<name>[,<name>...]]] [/threads:<num>] [/ipprotocol:<4|6>] [/nowarn] domain - specifies which domain to monitor. If no domain name is given, or neither the domain nor computers option is specified, the default domain is used. This option may be used more than once. computers - monitors the given list of computers. Computer names are separated by commas, with no spaces. If a name is prefixed with a '*', it is treated as an AD PDC. This option may be used more than once. threads - how many computers to analyze simultaneously. The default value is 3. Allowed range is 1-50. ipprotocol - specify the IP protocol to use. The default is to use whatever is available. nowarn - skip warning message. w32tm /ntte <NT time epoch> Convert a NT system time, in (10ˆ-7)s intervals from 0h 1-Jan 1601, into a readable format. w32tm /ntpte <NTP time epoch> Convert an NTP time, in (2ˆ-32)s intervals from 0h 1-Jan 1900, into a readable format. w32tm /resync [/computer:<computer>] [/nowait] [/rediscover] [/soft] Tell a computer that it should resynchronize its clock as soon as possible, throwing out all accumulated error statistics. computer:<computer> - computer that should resync. If not specified, the local computer will resync. nowait - do not wait for the resync to occur; return immediately. Otherwise, wait for the resync to complete before returning. rediscover - redetect the network configuration and rediscover network sources, then resynchronize. soft - resync utilizing existing error statistics. Not useful, provided for compatibility. w32tm /stripchart /computer:<target> [/period:<refresh>] [/dataonly] [/samples:<count>] [/packetinfo] [/ipprotocol:<4|6>] Display a strip chart of the offset between this computer and another computer. computer:<target> - the computer to measure the offset against. period:<refresh> - the time between samples, in seconds. The default is 2s dataonly - display only the data, no graphics. samples:<count> - collect <count> samples, then stop. If not specified, samples will be collected until Ctrl-C is pressed. packetinfo - print out NTP packet response message. ipprotocol - specify the IP protocol to use. The default is to use whatever is available. w32tm /config [/computer:<target>] [/update] [/manualpeerlist:<peers>] [/syncfromflags:<source>] [/LocalClockDispersion:<seconds>] [/reliable:(YES|NO)] [/largephaseoffset:<milliseconds>] computer:<target> - adjusts the configuration of <target>. If not specified, the default is the local computer. update - notifies the time service that the configuration has changed, causing the changes to take effect. manualpeerlist:<peers> - sets the manual peer list to <peers>, which is a space-delimited list of DNS and/or IP addresses. When specifying multiple peers, this switch must be enclosed in quotes. syncfromflags:<source> - sets what sources the NTP client should sync from. <source> should be a comma separated list of these keywords (not case sensitive): MANUAL - sync from peers in the manual peer list DOMHIER - sync from an AD DC in the domain hierarchy NO - sync from none ALL - sync from both manual and domain peers LocalClockDispersion:<seconds> - configures the accuracy of the internal clock that w32time will assume when it can't acquire time from its configured sources. reliable:(YES|NO) - set whether this machine is a reliable time source. This setting is only meaningful on domain controllers. YES - this machine is a reliable time service NO - this machine is not a reliable time service largephaseoffset:<milliseconds> - sets the time difference between local and network time which w32time will consider a spike. w32tm /tz Display the current time zone settings. w32tm /dumpreg [/subkey:<key>] [/computer:<target>] Display the values associated with a given registry key. The default key is HKLM\System\CurrentControlSet\Services\W32Time (the root key for the time service). subkey:<key> - displays the values associated with subkey <key> of the default key. computer:<target> - queries registry settings for computer <target>. w32tm /query [/computer:<target>] {/source | /configuration | /peers | /status} [/verbose] Display a computer's windows time service information. computer:<target> - query the information of <target>. If not specified, the default is the local computer. source: display the time source. configuration: display the configuration of run-time and where the setting comes from. In verbose mode, display the undefined or unused setting too. peers: display a list of peers and their status. status: display windows time service status. verbose: set the verbose mode to display more information. w32tm /debug {/disable | {/enable /file:<name> /size:<bytes> /entries:<value> [/truncate]}} Enable or disable local computer windows time service private log. disable: disable the private log. enable: enable the private log. file:<name> - specify the absolute filename. size:<bytes> - specify the maximum size for circular logging. entries:<value> - contains a list of flags, specified by number and separated by commas, that specify the types of information that should be logged. Valid numbers are 0 to 300. A range of numbers is valid, in addition to single numbers, such as 0-100,103,106. Value 0-300 is for logging all information. truncate: truncate the file if it exists.
WaitFor has two ways of working: Syntax 1: to send a signal WAITFOR [/S system [/U user [/P [password]]]] /SI signal Syntax 2: to wait for a signal WAITFOR [/T timeout] signal Description: This tool sends, or waits for, a signal on a system. When /S is not specified, the signal will be broadcasted to all the systems in a domain. If /S is specified, then the signal will be sent only to the specified system. Parameter List: /S system Specifies remote system to send signal to. /U [domain\]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. /SI Sends the signal across the net to waiting machines /T timeout Number of seconds to wait for signal. Valid range is 1 - 99999. Default is to wait forever for signal. signal The name of the signal to wait for or to send. /? Displays this help message. NOTE: A system can wait for multiple unique signal names. The signal name cannot exceed 225 characters and cannot contain characters other than a-z, A-Z, 0-9 and ASCII characters in the range 128-255. Examples: WAITFOR /? WAITFOR SetupReady WAITFOR CopyDone /T 100 WAITFOR /SI SetupReady WAITFOR /S system /U user /P password /SI CopyDone
wbadmin 1.0 - Backup command-line tool (C) Copyright 2013 Microsoft Corporation. All rights reserved. ---- Commands Supported ---- START BACKUP -- Runs a one-time backup. STOP JOB -- Stops the currently running backup or recovery operation. GET VERSIONS -- Lists details of backups that can be recovered from a specified location. GET ITEMS -- Lists items contained in a backup. GET STATUS -- Reports the status of the currently running operation.
Windows Event Collector Utility Enables you to create and manage subscriptions to events forwarded from remote event sources that support WS-Management protocol. Usage: You can use either the short (i.e. es, /f) or long (i.e. enum-subscription, /format) version of the command and option names. Commands, options and option values are case-insensitive. (ALL UPPER-CASE = VARIABLE) wecutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...] Commands: es (enum-subscription) List existent subscriptions. gs (get-subscription) Get subscription configuration. gr (get-subscriptionruntimestatus) Get subscription runtime status. ss (set-subscription) Set subscription configuration. cs (create-subscription) Create new subscription. ds (delete-subscription) Delete subscription. rs (retry-subscription) Retry subscription. qc (quick-config) Configure Windows Event Collector service. Common options: /h|? (help) Get general help for the wecutil program. wecutil { -help | -h | -? } For arguments and options, see usage of specific commands: wecutil COMMAND -?
Windows Events Command Line Utility. Enables you to retrieve information about event logs and publishers, install and uninstall event manifests, run queries, and export, archive, and clear logs. Usage: You can use either the short (for example, ep /uni) or long (for example, enum-publishers /unicode) version of the command and option names. Commands, options and option values are not case-sensitive. Variables are noted in all upper-case. wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...] Commands: el | enum-logs List log names. gl | get-log Get log configuration information. sl | set-log Modify configuration of a log. ep | enum-publishers List event publishers. gp | get-publisher Get publisher configuration information. im | install-manifest Install event publishers and logs from manifest. um | uninstall-manifest Uninstall event publishers and logs from manifest. qe | query-events Query events from a log or log file. gli | get-log-info Get log status information. epl | export-log Export a log. al | archive-log Archive an exported log. cl | clear-log Clear a log. Common options: /{r | remote}:VALUE If specified, run the command on a remote computer. VALUE is the remote computer name. Options /im and /um do not support remote operations. /{u | username}:VALUE Specify a different user to log on to the remote computer. VALUE is a user name in the form domain\user or user. Only applicable when option /r is specified. /{p | password}:VALUE Password for the specified user. If not specified, or if VALUE is "*", the user will be prompted to enter a password. Only applicable when the /u option is specified. /{a | authentication}:[Default|Negotiate|Kerberos|NTLM] Authentication type for connecting to remote computer. The default is Negotiate. /{uni | unicode}:[true|false] Display output in Unicode. If true, then output is in Unicode. To learn more about a specific command, type the following: wevtutil COMMAND /?
WHERE [/R dir] [/Q] [/F] [/T] pattern... Description: Displays the location of files that match the search pattern. By default, the search is done along the current directory and in the paths specified by the PATH environment variable. Parameter List: /R Recursively searches and displays the files that match the given pattern starting from the specified directory. /Q Returns only the exit code, without displaying the list of matched files. (Quiet mode) /F Displays the matched filename in double quotes. /T Displays the file size, last modified date and time for all matched files. pattern Specifies the search pattern for the files to match. Wildcards * and ? can be used in the pattern. The "$env:pattern" and "path:pattern" formats can also be specified, where "env" is an environment variable and the search is done in the specified paths of the "env" environment variable. These formats should not be used with /R. The search is also done by appending the extensions of the PATHEXT variable to the pattern. /? Displays this help message. NOTE: The tool returns an error level of 0 if the search is successful, of 1 if the search is unsuccessful and of 2 for failures or errors. Examples: WHERE /? WHERE myfilename1 myfile????.* WHERE $windir:*.* WHERE /R c:\windows *.exe *.dll *.bat WHERE /Q ??.??? WHERE "c:\windows;c:\windows\system32:*.dll" WHERE /F /T *.dll
WhoAmI has three ways of working: Syntax 1: WHOAMI [/UPN | /FQDN | /LOGONID] Syntax 2: WHOAMI { [/USER] [/GROUPS] [/CLAIMS] [/PRIV] } [/FO format] [/NH] Syntax 3: WHOAMI /ALL [/FO format] [/NH] Description: This utility can be used to get user name and group information along with the respective security identifiers (SID), claims, privileges, logon identifier (logon ID) for the current user on the local system. I.e. who is the current logged on user? If no switch is specified, tool displays the user name in NTLM format (domain\username). Parameter List: /UPN Displays the user name in User Principal Name (UPN) format. /FQDN Displays the user name in Fully Qualified Distinguished Name (FQDN) format. /USER Displays information on the current user along with the security identifier (SID). /GROUPS Displays group membership for current user, type of account, security identifiers (SID) and attributes. /CLAIMS Displays claims for current user, including claim name, flags, type and values. /PRIV Displays security privileges of the current user. /LOGONID Displays the logon ID of the current user. /ALL Displays the current user name, groups belonged to along with the security identifiers (SID), claims and privileges for the current user access token. /FO format Specifies the output format to be displayed. Valid values are TABLE, LIST, CSV. Column headings are not displayed with CSV format. Default format is TABLE. /NH Specifies that the column header should not be displayed in the output. This is valid only for TABLE and CSV formats. /? Displays this help message. Examples: WHOAMI WHOAMI /UPN WHOAMI /FQDN WHOAMI /LOGONID WHOAMI /USER WHOAMI /USER /FO LIST WHOAMI /USER /FO CSV WHOAMI /GROUPS WHOAMI /GROUPS /FO CSV /NH WHOAMI /CLAIMS WHOAMI /CLAIMS /FO LIST WHOAMI /PRIV WHOAMI /PRIV /FO TABLE WHOAMI /USER /GROUPS WHOAMI /USER /GROUPS /CLAIMS /PRIV WHOAMI /ALL WHOAMI /ALL /FO LIST WHOAMI /ALL /FO CSV /NH WHOAMI /?
Windows Remote Management Command Line Tool Windows Remote Management (WinRM) is the Microsoft implementation of the WS-Management protocol which provides a secure way to communicate with local and remote computers using web services. Usage: winrm OPERATION RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] ...] [@{KEY=VALUE[;KEY=VALUE]...}] For help on a specific operation: winrm g[et] -? Retrieving management information. winrm s[et] -? Modifying management information. winrm c[reate] -? Creating new instances of management resources. winrm d[elete] -? Remove an instance of a management resource. winrm e[numerate] -? List all instances of a management resource. winrm i[nvoke] -? Executes a method on a management resource. winrm id[entify] -? Determines if a WS-Management implementation is running on the remote machine. winrm quickconfig -? Configures this machine to accept WS-Management requests from other machines. winrm configSDDL -? Modify an existing security descriptor for a URI. winrm helpmsg -? Displays error message for the error code. For help on related topics: winrm help uris How to construct resource URIs. winrm help aliases Abbreviations for URIs. winrm help config Configuring WinRM client and service settings. winrm help certmapping Configuring client certificate access. winrm help remoting How to access remote machines. winrm help auth Providing credentials for remote access. winrm help input Providing input to create, set, and invoke. winrm help switches Other switches such as formatting, options, etc. winrm help proxy Providing proxy information.
USAGE ===== (ALL UPPER-CASE = value that must be supplied by user.) winrs [-/SWITCH[:VALUE]] COMMAND COMMAND - Any string that can be executed as a command in the cmd.exe shell. SWITCHES ======== (All switches accept both short form or long form. For example both -r and -remote are valid.) -r[emote]:ENDPOINT - The target endpoint using a NetBIOS name or the standard connection URL: [TRANSPORT://]TARGET[:PORT]. If not specified -r:localhost is used. -un[encrypted] - Specify that the messages to the remote shell will not be encrypted. This is useful for troubleshooting, or when the network traffic is already encrypted using ipsec, or when physical security is enforced. By default the messages are encrypted using Kerberos or NTLM keys. This switch is ignored when HTTPS transport is selected. -u[sername]:USERNAME - Specify username on command line. If not specified the tool will use Negotiate authentication or prompt for the name. If -username is specified, -password must be as well. -p[assword]:PASSWORD - Specify password on command line. If -password is not specified but -username is the tool will prompt for the password. If -password is specified, -user must be specified as well. -t[imeout]:SECONDS - This option is deprecated. -d[irectory]:PATH - Specifies starting directory for remote shell. If not specified the remote shell will start in the user's home directory defined by the environment variable %USERPROFILE%. -env[ironment]:STRING=VALUE - Specifies a single environment variable to be set when shell starts, which allows changing default environment for shell. Multiple occurrences of this switch must be used to specify multiple environment variables. -noe[cho] - Specifies that echo should be disabled. This may be necessary to ensure that user's answers to remote prompts are not displayed locally. By default echo is "on". -nop[rofile] - Specifies that the user's profile should not be loaded. By default the server will attempt to load the user profile. If the remote user is not a local administrator on the target system then this option will be required (the default will result in error). -a[llow]d[elegate] - Specifies that the user's credentials can be used to access a remote share, for example, found on a different machine than the target endpoint. -comp[ression] - Turn on compression. Older installations on remote machines may not support compression so it is off by default. -[use]ssl - Use an SSL connection when using a remote endpoint. Specifying this instead of the transport "https:" will use the default WinRM default port. -? - Help To terminate the remote command the user can type Ctrl-C or Ctrl-Break, which will be sent to the remote shell. The second Ctrl-C will force termination of winrs.exe. To manage active remote shells or WinRS configuration, use the WinRM tool. The URI alias to manage active shells is shell/cmd. The URI alias for WinRS configuration is winrm/config/winrs. Example usage can be found in the WinRM tool by typing "WinRM -?". Examples: winrs -r:https://myserver.com command winrs -r:myserver.com -usessl command winrs -r:myserver command winrs -r:http://127.0.0.1 command winrs -r:http://169.51.2.101:80 -unencrypted command winrs -r:https://[::FFFF:129.144.52.38] command winrs -r:http://[1080:0:0:0:8:800:200C:417A]:80 command winrs -r:https://myserver.com -t:600 -u:administrator -p:$%fgh7 ipconfig winrs -r:myserver -env:PATH=ˆ%PATHˆ%;c:\tools -env:TEMP=d:\temp config.cmd winrs -r:myserver netdom join myserver /domain:testdomain /userd:johns /passwordd:$%fgh789 winrs -r:myserver -ad -u:administrator -p:$%fgh7 dir \\anotherserver\share
[global switches] <command> The following global switches are available: /NAMESPACE Path for the namespace the alias operate against. /ROLE Path for the role containing the alias definitions. /NODE Servers the alias will operate against. /IMPLEVEL Client impersonation level. /AUTHLEVEL Client authentication level. /LOCALE Language id the client should use. /PRIVILEGES Enable or disable all privileges. /TRACE Outputs debugging information to stderr. /RECORD Logs all input commands and output. /INTERACTIVE Sets or resets the interactive mode. /FAILFAST Sets or resets the FailFast mode. /USER User to be used during the session. /PASSWORD Password to be used for session login. /OUTPUT Specifies the mode for output redirection. /APPEND Specifies the mode for output redirection. /AGGREGATE Sets or resets aggregate mode. /AUTHORITY Specifies the <authority type> for the connection. /?[:<BRIEF|FULL>] Usage information. For more information on a specific global switch, type: switch-name /? The following alias/es are available in the current role: ALIAS - Access to the aliases available on the local system BASEBOARD - Base board (also known as a motherboard or system board) management. BIOS - Basic input/output services (BIOS) management. BOOTCONFIG - Boot configuration management. CDROM - CD-ROM management. COMPUTERSYSTEM - Computer system management. CPU - CPU management. CSPRODUCT - Computer system product information from SMBIOS. DATAFILE - DataFile Management. DCOMAPP - DCOM Application management. DESKTOP - User's Desktop management. DESKTOPMONITOR - Desktop Monitor management. DEVICEMEMORYADDRESS - Device memory addresses management. DISKDRIVE - Physical disk drive management. DISKQUOTA - Disk space usage for NTFS volumes. DMACHANNEL - Direct memory access (DMA) channel management. ENVIRONMENT - System environment settings management. FSDIR - Filesystem directory entry management. GROUP - Group account management. IDECONTROLLER - IDE Controller management. IRQ - Interrupt request line (IRQ) management. JOB - Provides access to the jobs scheduled using the schedule service. LOADORDER - Management of system services that define execution dependencies. LOGICALDISK - Local storage device management. LOGON - LOGON Sessions. MEMCACHE - Cache memory management. MEMORYCHIP - Memory chip information. MEMPHYSICAL - Computer system's physical memory management. NETCLIENT - Network Client management. NETLOGIN - Network login information (of a particular user) management. NETPROTOCOL - Protocols (and their network characteristics) management. NETUSE - Active network connection management. NIC - Network Interface Controller (NIC) management. NICCONFIG - Network adapter management. NTDOMAIN - NT Domain management. NTEVENT - Entries in the NT Event Log. NTEVENTLOG - NT eventlog file management. ONBOARDDEVICE - Management of common adapter devices built into the motherboard (system board). OS - Installed Operating System/s management. PAGEFILE - Virtual memory file swapping management. PAGEFILESET - Page file settings management. PARTITION - Management of partitioned areas of a physical disk. PORT - I/O port management. PORTCONNECTOR - Physical connection ports management. PRINTER - Printer device management. PRINTERCONFIG - Printer device configuration management. PRINTJOB - Print job management. PROCESS - Process management. PRODUCT - Installation package task management. QFE - Quick Fix Engineering. QUOTASETTING - Setting information for disk quotas on a volume. RDACCOUNT - Remote Desktop connection permission management. RDNIC - Remote Desktop connection management on a specific network adapter. RDPERMISSIONS - Permissions to a specific Remote Desktop connection. RDTOGGLE - Turning Remote Desktop listener on or off remotely. RECOVEROS - Information that will be gathered from memory when the operating system fails. REGISTRY - Computer system registry management. SCSICONTROLLER - SCSI Controller management. SERVER - Server information management. SERVICE - Service application management. SHADOWCOPY - Shadow copy management. SHADOWSTORAGE - Shadow copy storage area management. SHARE - Shared resource management. SOFTWAREELEMENT - Management of the elements of a software product installed on a system. SOFTWAREFEATURE - Management of software product subsets of SoftwareElement. SOUNDDEV - Sound Device management. STARTUP - Management of commands that run automatically when users log onto the computer system. SYSACCOUNT - System account management. SYSDRIVER - Management of the system driver for a base service. SYSTEMENCLOSURE - Physical system enclosure management. SYSTEMSLOT - Management of physical connection points including ports, slots and peripherals, and proprietary connections points. TAPEDRIVE - Tape drive management. TEMPERATURE - Data management of a temperature sensor (electronic thermometer). TIMEZONE - Time zone data management. UPS - Uninterruptible power supply (UPS) management. USERACCOUNT - User account management. VOLTAGE - Voltage sensor (electronic voltmeter) data management. VOLUME - Local storage volume management. VOLUMEQUOTASETTING - Associates the disk quota setting with a specific disk volume. VOLUMEUSERQUOTA - Per user storage volume quota management. WMISET - WMI service operational parameters management. For more information on a specific alias, type: alias /? CLASS - Escapes to full WMI schema. PATH - Escapes to full WMI object paths. CONTEXT - Displays the state of all the global switches. QUIT/EXIT - Exits the program. For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /?
Copies files and directory trees. XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W] [/C] [/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U] [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] [/B] [/J] [/EXCLUDE:file1[+file2][+file3]...] source Specifies the file(s) to copy. destination Specifies the location and/or name of new files. /A Copies only files with the archive attribute set, doesn't change the attribute. /M Copies only files with the archive attribute set, turns off the archive attribute. /D:m-d-y Copies files changed on or after the specified date. If no date is given, copies only those files whose source time is newer than the destination time. /EXCLUDE:file1[+file2][+file3]... Specifies a list of files containing strings. Each string should be in a separate line in the files. When any of the strings match any part of the absolute path of the file to be copied, that file will be excluded from being copied. For example, specifying a string like \obj\ or .obj will exclude all files underneath the directory obj or all files with the .obj extension respectively. /P Prompts you before creating each destination file. /S Copies directories and subdirectories except empty ones. /E Copies directories and subdirectories, including empty ones. Same as /S /E. May be used to modify /T. /V Verifies the size of each new file. /W Prompts you to press a key before copying. /C Continues copying even if errors occur. /I If destination does not exist and copying more than one file, assumes that destination must be a directory. /Q Does not display file names while copying. /F Displays full source and destination file names while copying. /L Displays files that would be copied. /G Allows the copying of encrypted files to destination that does not support encryption. /H Copies hidden and system files also. /R Overwrites read-only files. /T Creates directory structure, but does not copy files. Does not include empty directories or subdirectories. /T /E includes empty directories and subdirectories. /U Copies only files that already exist in destination. /K Copies attributes. Normal Xcopy will reset read-only attributes. /N Copies using the generated short names. /O Copies file ownership and ACL information. /X Copies file audit settings (implies /O). /Y Suppresses prompting to confirm you want to overwrite an existing destination file. /-Y Causes prompting to confirm you want to overwrite an existing destination file. /Z Copies networked files in restartable mode. /B Copies the Symbolic Link itself versus the target of the link. /J Copies using unbuffered I/O. Recommended for very large files. The switch /Y may be preset in the COPYCMD environment variable. This may be overridden with /-Y on the command line.
This HTML help file was generated by AllHelp.vbs, Version 3.22
Written by Rob van der Woude
http://www.robvanderwoude.com
page last modified: 2015-10-11; loaded in 0.0094 seconds