Microsoft Windows Shell Commands
The Shell is a command language interpreter that executes commands read from a standard input device, such as a keyboard, or from a file. Each command has a number of options, or switches, as they are known, which tailor the output of the command in question. A switch follows the command, and is made of a '/', followed by one or more letters of the alphabet. Commands such as 'netstat' differ slightly, with options following the command, that start with a '-' and are followed by one or more letters of the alphabet.
Either search for a specific command or view by category:
| diskpart | This allows you to manage disks, volumes, partitions and virtual hard disks on a computer. Issuing the 'diskpart' command starts the 'dispart' command prompt. diskpart Once within the 'diskpart' command prompt, the disks on the computer can be listed and one can be selected. list disk select disk 0 Once the disk has been selected, a primary partition can be created. create partition primary This partition should then be visible when 'list partition' is run. list partition The new partition can be selected from the list. select partition 1 Once the partition is selected, it can be formatted. format FS=NTFS quick A drive letter can also be assigned. assign letter=x If at any time help is required, whilst inside the 'diskpart' command prompt, the 'help' command can be used. help In order to exit the 'diskpart' utility, 'exit' must be specified. exit |
| date | Allows for the system date to be viewed and changed. If the 'date' command is used with no additional options, it will display the current system date and allow for the entry of a new date. Specifying the '/t' option just displays the current system date. date date /t |
| driverquery | Displays a list of installed device drivers and their properties. driverquery |
| hostname | Displays the name of the machine. hostname |
| sc query | Displays active services and drivers. sc query |
| set | Displays information on environment variables. set Display information relating to a specific environment variable, for example the 'path' environment variable. set path |
| systeminfo | Displays system information relating to the machine the command is run on. systeminfo |
| time | Allows for the system time to be viewed and changed. If the 'time' command is used with no additional options, it will display the current system time and allow for the entry of a new time. Specifying the '/t' option just displays the current system time. time time /t |
| ver | Displays the operating system version number. ver |
| whoami | Displays the username of the current user. The information is displayed in the format 'hostname\username' whoami |
| format | As the name suggests, 'format' can be used to format mass storage. Both the file system and volume label can be specified using the 'fs' and 'v' switches respectively. format e: /fs:NTFS /v:Backup It is also possible to perform a quick format using the 'q' switch. format e: /q /fs:NTFS /v:Backup |
| help | The 'help' command can be used, in conjunction with a specified command, such as 'dir', to get help on this command. It should be noted that a lot of commands have a '?' switch, which can be used to display the same help information. help dir dir /? |
| ipconfig | This shows TCP/IP and network adapter information, including the IPv4 address, the subnet mask and the default gateway. ipconfig In order to include additional information, such as DNS and DHCP server information, the 'all' switch can be added. ipconfig /all If it is required to release the current DHCP information and discard the IP address, the 'release' switch can be used. ipconfig /release In order to renew the DHCP information and obtain a new IP address, the 'renew' switch can be utilised. ipconfig /renew It is also possible to display the DNS cache on the local machine. ipconfig /displaydns If it is necessary to clear the DNS cache on the local machine, this can be achieved using the 'flushdns' option. ipconfig /flushdns |
| gpresult | This can be used to verify Group Policy settings for the current computer. The 'r' switch signifies that a summary should be displayed. gpresult /r Group Policy settings for a particular user on a domain can also be obtained using 'gpresult'. gpresult /user domain-name/user-name /v |
| gpupdate | Active Directory Group Policy is usually updated automatically at start-up, however, an update can be forced using 'gpupdate' with the 'f' switch, whilst the system is running. gpupdate /force With appropriate permissions, a Group Policy update can also be forced on another specified machine on the network. gpupdate /target:computer-name /force Again, with the appropriate permissions, an update can be forced on another user on the network. gpupdate /target:user-name /force |
| taskkill | This can be used, for example to end all tasks associated with a particular application, or end an individual process using the Process ID. taskkill /IM notepad.exe taskkill /PID 1234 /t The 't' switch used with 'taskkill' also ensures that any child processes are ended. |
| tasklist | This shows all tasks running on the system in a similar fashion to Task Manager. The information displayed includes the 'Image Name', which can be the name of an executable file, such as 'notepad.exe', and the Process ID (PID). tasklist |
| net | Net commands can be used to perform numerous tasks on Windows operating systems, from Windows XP onwards, as well as server versions. Below are just a few of these. Display all available net commands. net Get help on a net command. net help user Show all the computers on the network. net view List the shares on the current computer, or a specified computer or server. net share net view computer-name net view \\server-name Share a folder called ‘stuff’ on the current computer. net share shareit=c:\stuff Map a network share to a drive letter. net use z: \\server-name\share-name See the users on the system in question. net user Add a local user to the current computer. net user username password /add Delete a specified local user on the current computer. net user username /delete List the local groups on the system in question. net localgroup View the current password requirements. net accounts |
| nslookup | This can be used to lookup information from DNS servers, such as canonical names and IP addresses. nslookup www.stuartsplace.com If you get a non-authoritative answer it means that it is from local cache, rather than the DNS server that would normally provide DNS information for the website in question. A lookup can also be done in the other direction, by using an IP address. nslookup 8.8.8.8 |
| netstat | Used to determine what type of network connections are occurring inbound as well as outbound from the machine in question. It shows the protocol, local address, including the ephemeral port number, foreign address, including ephemeral port number, and the state. netstat Specifying the 'a' option displays more detail, showing all connections and listening ports. netstat -a To include the name of the executable involved in creating the connection or listening port, the 'b' option can be used. netstat -b The 'f' option will include the fully qualified domain name, where there is one, for foreign addresses. netstat -f To simplify the output, the 'n' option can be utilised. netstat -n To display the routing table, the 'r' option can be specified. netstat -r |
| tracert | This is a diagnostic tool that can be used to determines the route, from the current machine, to a destination, by sending Internet Control Message Protocol (ICMP) echo packets to the destination. The resulting information shows the time taken in milliseconds to each router, as well as the IP address. It should be noted that some routers are design not to return back any details, so you may not get all the information you require. tracert www.stuartsplace.com This also works with an IP address. tracert 8.8.8.8 |
| chkdsk | This checks the file system and file system metadata of a volume for logical and physical errors. If run on its own, this command will only display any issues. chkdsk In order to check and fix the error that have been found, the 'f' switch needs to be used. It should be noted that if the disk in question is in use, a prompt will appear asking for confirmation for the check to happen following the next restart. chkdsk /f The 'r' switch includes all the functionality of 'f', with the addition of an analysis of physical disk errors. Again, this would need to be performed following a restart if the disk is in use. chkdsk /r |
| dism | The Deployment Image Servicing and Management tool (DISM) is used to manage Windows Imaging Format (WIM) files, as well as check and fix your current system image online with Microsoft. The health of the current image can be checked and corrected as follows. dism /online /cleanup-image /restorehealth Information relating to a specified Windows image file can also be obtained. dism /Get-WIMInfo /WimFile:d:\sources\boot.wim |
| sfc | System File Checker scans all protected system files to verify their integrity and repair any issues. sfc /scannow |
| shutdown | The 'shutdown' command can be used to logoff, shutdown, or restart a computer. The 'l' switch is for logging off, the 'r' switch is to for a system restart, and 's' is to shut the system down. shutdown /l shutdown /r shutdown /s It is also possible to delay a shutdown or restart by a specified number of seconds using the 't' switch. shutdown /r /t 60 shutdown /s /t 60 If it is necessary to abort a time delayed shutdown or restart, the 'a' switch can be used. shutdown /a |
| ping | The 'ping' command is a utility that tests the reachability of a host over an IP network, such as a Local Area Network (LAN), or the Internet. It uses Internet Control Message Protocol (ICMP) echo request messages to contact the host and corresponding replies are received if the host is reachable. By default, in Windows, four echo request messages are sent, so four responses should be received. Included with each response is the corresponding IP address, the round-trip time in milliseconds and the time to live (TTL), which signifies how many hops it took to reach the destination. ping www.stuartsplace.com If a different number of echo requests is desired from the default, the 'n' switch can be used, followed by the number of messages. ping /n 2 www.stuartsplace.com To continue sending echo requests until either Ctrl+Enter is used to interrupt the command, or Ctrl+C is used to quite the command, the 't' switch can be used. ping /t www.stuartsplace.com An IP address can also be used with the 'ping' command, instead of a domain name. Here, the IP address of one of Google's DNS servers is used. ping 8.8.8.8 The 'a' switch can be utilised when trying to ping an IP address to resolve it to a hostname. In the case of the Google DNS server in the previous example, the hostname 'dns.google', will be returned. ping /a 8.8.8.8 |
| copy | Copy one or more files to a different location. copy example.txt e: The '*' wildcard can be used to, for example, copy all files of a specified type from the current location, or simply copy all files. copy *.txt e: copy *.* e: In order to verify that the new files have been written correctly, the 'v' switch can be used. copy /v *.txt e: If files of the same name already exist in the destination location, a confirmation message will appear asking if they need to be overwritten. These messages can be suppressed using the 'y' switch. copy /v /y *.txt e: |
| del | Delete one or more files and directories. del example.txt Multiple files can also be deleted by specifying one name after another. del example.txt example2.txt To delete all text files in one go from the current location, the '*' wildcard can be used. del *.txt All files, regardless of type, can be deleted by using the '*' wildcard either side of a '.'. In this instance confirmation will need to be given. del *.* In order to delete all files and folders, including their contents, a single '*' wildcard can be used. del * |
| echo | The 'echo' command is often used to display text out to the terminal, as part of a batch file, for example, however, it can be used to create a file with the specified text in it. It should be noted that if the file already exists, it will get overwritten. echo This is file3. > example3.txt The command can also be used to append the specified text to an existing file by replacing '>' with '>>'. If the file doesn't already exist, then it gets created. echo This is file3. >> example3.txt |
| erase | Works in the same way as the 'del' command to delete files and directories. |
| md | Create a directory. md Demo |
| mkdir | Works in the same way as the 'md' command to create a directory. |
| move | The 'move' command can be used to move and rename files and directories. To rename a file firstly the current name must be specified and then the new name. If the file isn't in the current location, then the path would need to be included also. move example.txt example2.txt If the destination file name already exists a prompt will appear asking for confirmation. To suppress the confirmation message, the 'y' switch can be used. move /y example.txt example2.txt The renaming of directories works in the same manner. Files and directories can be moved by specifying what you want to move and the destination where they need to be moved to. move example.txt e: Wildcards, such as the '*' can be used in a similar way as when a copy is taking place, for example, selecting all text files, or all files regardless of type. move *.txt e: move *.* e: |
| rd | Delete a directory. rd Demo Note that this will only delete the directory if it is empty. To remove a directory, along with its contents, the 's' switch needs to be used. rd /s Demo |
| rename | Rename a file in a similar fashion to the 'move' command. rename example.txt example2.txt |
| rmdir | Works in the same way as the 'rd' command to delete a directory. |
| robocopy | Robust copy is a more powerful version of 'xcopy'. Like 'xcopy' it is network aware, but it includes additional features such as a restartable mode, with the 'z' switch, that allows a copy to resume after it has been interrupted. The 's' and the 'e' switches operate in the same way as 'xcopy', with 's' including subdirectories and their contents, except empty ones, and 'e' adding in the empty ones as well. robocopy /e /z c:\Demo e: |
| type | The 'type' command can be used to display the contents of a file or files in a terminal window. Where more than one file name is specified, the file contents is displayed one after the other. type example.txt type example.txt example2.txt It can also be used to append the contents of one file to the end of another. If the destination file doesn't already exist, then it gets created. type example.txt >> example2.txt |
| xcopy | Copies files and directories, including subdirectories. Note that, subdirectories, along with their contents, will only be copied if the 's' switch is used. As with the 'copy' command, the 'v' switch can be used to verify that the new files have been written correctly, and the 'y' switch can be used to suppress any messages requesting confirmation to overwrite files. The 's' switch does not include empty subdirectories. If these are required then the 'e' switch needs to be included, instead of 's'. xcopy c:\Demo e: xcopy /s c:\Demo e: xcopy /s /v /y c:\Demo e: By default, 'xcopy' does not include system and hidden files. To includes these, the 'h' switch needs to be used. The 'xcopy' command is also network aware, so UNC paths can be used. |