Collections of useful commands

Useful Commands:

Ping -a x.x.x.x

Hostname

Nbtstat -a : display a hostname with MAC address

nslookup yahoo.com

ipconfig

ipconfig /all

ipconfig /release : release IP from DHCP

ipconfig /renew: renew IP from DHCP

NETSTAT

NETSTAT utility shows the protocols statistics and the current established TCP/IP connections in the computer.

Arp -a : to find MAC address

tracert ip address or website address

chkdsk /F - repair harddisk problems

netsh diag>show all

net view : to find the attached local file server list

net accounts : shows password mechanism

OSK : onscreen keyboard

Recovers readable information from a bad or defective disk.

RECOVER [drive:][path]filename

systeminfo : System Up Time report

gpresult : displaying Group policy details

gpresult /Username to display domain user policy

gpupdate /force & gpupdate /sync - to update the Group Policy

wmic : displaying BIOS information ie Model, serial number.

Atrrib: to change the file or folder properties

attrib -r -s -h filepath

cacls file or folder path /E /G everyone:F to change the permissions

Run as Admin in Command Line

runas /user:REQUIREDUSERNAME /savecred c:\PATH\TO\APP.exe

C:\>runas /noprofile /user:mymachine\administrator cmd

Enter the password for mymachine\administrator:

To find BIOS details

Product name, model name, serial number
WMIC csproduct get Vendor, Name, Version, IdentifyingNumber

·Serial number
WMIC bios get serialnumber

·wmic csproduct get name,vendor,identifyingNumber

·MAC Address
WMIC nic where (description like 'Intel%') get macaddress, description

·wmic nic get macaddress,description

·Processor
WMIC cpu get ADDRESSWIDTH, DESCRIPTION, CURRENTCLOCKSPEED, NUMBEROFCORES, MANUFACTURER

·Memory
WMIC memphysical get maxcapacity,memorydevices
WMIC memorychip get datawidth,capacity,speed,totalwidth

WMIC BIOS GET /FORMAT:CSV.XSL

wmic diskdrive get name,size,model

wmic partition get name,size,type

wmic bios get name,serialnumber,version

wmic csproduct get name

wmic bios get serial number

wmic baseboard get product,manufacturer

wmic product list brief

wmic service list brief
wmic process list brief
wmic startup list brief

wmic product get name

wmic process list brief

Determine user currently logged in remotely

wmic /node:remotecomputer computersystem get username

Remotely list startup apps

wmic /node:machinename startup list full

wmic STARTUP GET Caption, Command, User

Get OS Information and export to CSV, html, xsl, mof

wmic /output:wmicbuild.csv os get /all /format:csv

wmic /output:wmicbuild.html os get /all /format:htable

Remotely change the IP to a static IP (Index is Interface#)

wmic /node:machinename nicconfig where Index=1 call EnableStatic ("172.16.10.10"), ("255.255.0.0")

Remotely change IP to use DHCP

wmic /node:machinename nicconfig where Index=1 call EnableDHCP

Remotely Display machine’s MAC Address

wmic /node:machinename nic get macaddress

Remotely list running processes every second

wmic /node:machinename process list brief /every:1

Delete ARPCache

netsh int ip delete arpcache

Remotely display System Info

wmic /node:machinename computersystem list full

Full Drive Info

wmic diskdrive list full

wmic partition list full

Bios Info

wmic bios list full

List all Hotfixes and Services Packs

wmic qfe

Remotely List Local Enabled Accounts

wmic /node:machinename USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name

Start a service

wmic /node:machinename 4 service lanmanserver CALL Startservice

List Services with brief description

wmic service list brief

List useraccounts

wmic useraccount

wmic useraccount list brief

Enable RDP

wmic /node:"machinename 4" path Win32_TerminalServiceSetting where AllowTSConnections=“0” call SetAllowTSConnections “1”

List number of times a user logged on

wmic netlogin where (name like "%adm%") get numberoflogons

Display Shares

wmic share list brief

wmic bios get /format:list

Go to registry and navigating the values given below.......

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\Sys temBiosDate
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\Sys temBiosVersion
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\Vid eoBiosDate
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\Vid eoBiosVersion

Set IP address from Command Line

C:\>netsh interface ip set address name="Local Area Connection" static 192.168.1.x 255.255.255.0 192.168.1.1

interface ip set dns “Local Area Connection” static 192.168.1.1

interface ip set address “Local Area Connection” dhcp

Stop Services from command line.

FIREWALL.CPL

XP:

sc stop sharedaccess

sc start sharedaccess

Vista:

Sc stop mpssvc

Sc start mpssvc

Change IP address in Remote system :

regfind -p HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\Tcpip\parameters

gpresult /USER rajeshxxx /V Start > run > CMD > type " gpresult" the Group Policy Results command line tool verifies all policy settings in effect for a specific user or computer

netsh interface ip show config

netsh diag>ping adapter

devmgmt.msc Start > run > Device manager viewing, installing, removing & disabling hardware items

sysdm.cpl (or) Win + Pause/Break Start > run > system properties

lusrmgr.msc Start > run >

services.msc Start > run >

control userpasswords2 Start > run >

Instant Lock shortcut %windir%\system32\rundll32.exe user32.dll,LockWorkStation Right clik on desktop > new > shortcut > type the command

Shutdown –r –t 00 to restart

Shutdown –s –t 00 to shutdown

Remote system shutdown

Shutdown –I shutdown remote system interactively

Shutdown –a to stop shutdown