compact

COMPACT: This command Displays or alters the compression of files on NTFS partitions or marked that folder so files which added later on will be compressed/Uncompressed automatically .

Switches:

/C        Compresses the specified files and Directories will be marked so files which added later on will be compressed automatically.
/U        Uncompresses the specified files.  Directories will be marked so files which added later on will not be compressed.
/S        Performs the specified operation on files in the given directory and all subdirectories. Default “dir” is the current directory.
/A        Displays files with the hidden or system attributes. These files are omitted by default.
/I        Continues performing the specified operation even after errors have occurred.  By default, COMPACT stops when an error is encountered.
/F        Forces the compress operation on all specified files, even those which are already compressed. Already-compressed files are skipped by default.
/Q        Reports only the most essential information.
filename  Specifies a pattern, file, or directory.

Running compact command without any switches will displays the compression state of the current directory and any files it contains. You may use multiple
filenames and wildcards.

Note:
The compact command is the command line version of the NTFS file system compression feature. The compression state of a directory indicates whether files are automatically compressed when they are added to the directory. Setting the compression state of a directory does not necessarily change the compression state of files that are already in the directory.

You cannot use compact to read, write, or mount volumes that have been compressed using DriveSpace or DoubleSpace.

You cannot use compact to compress file allocation table (FAT) or FAT32 partitions.

Example:

Compact /c /a /i *
This command will compress current folder and will display all files with the hidden or system attributes and continue the operation even after errors have occured.

Compact /u /a /i *
This command will uncompress current folder and will display all files with the hidden or system attributes and continue the operation even after errors have occured.

Icacls

Icacls: A command to add/modify Access Control List, this command can save ACL of file/directories to single file and later on can be restore from the saved file, below are some switches or command line arguments to use the functionaly of the command.

Switches:

/T indicates that this operation is performed on all matching files/directories under the specified directory.

/C continue the operation on all file, error messages will still be displayed.

/L operation is performed on a symbolic link itself versus its target.

/Q indicates that icacls should supress success messages.

ICACLS preserves the canonical ordering of ACE entries:
Explicit denials
Explicit grants
Inherited denials
Inherited grants

perm is a permission mask and can be specified in one of two forms:
a sequence of simple rights:
N – no access
F – full access
M – modify access
RX – read and execute access
R – read-only access
W – write-only access
D – delete access
a comma-separated list in parentheses of specific rights:
DE – delete
RC – read control
WDAC – write DAC
WO – write owner
S – synchronize
AS – access system security
MA – maximum allowed
GR – generic read
GW – generic write
GE – generic execute
GA – generic all
RD – read data/list directory
WD – write data/add file
AD – append data/add subdirectory
REA – read extended attributes
WEA – write extended attributes
X – execute/traverse
DC – delete child
RA – read attributes
WA – write attributes
inheritance rights may precede either form and are applied
only to directories:
(OI) – object inherit
(CI) – container inherit
(IO) – inherit only
(NP) – don’t propagate inherit
(I) – permission inherited from parent container

Examples:

icacls c:\windows\* /save AclFile /T
This command Will save the ACLs for all files under c:\windows and its subdirectories to AclFile.

icacls c:\windows\ /restore AclFile
This command Will restore the Acls for every file listed in AclFile

icacls file /grant Administrator: (D,WDAC)
This command Will grant the user Administrator Delete and Write DAC permissions to file.

icacls file /grant *S-1-1-0: (D,WDAC)
This command Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file.

Format

Format – A command to format a Disk/Floppy

Format command creates a new root directory and file system for the disk. It can also check for bad areas on the disk, and can delete all data on the disk. before using a new disk, we must first use this command to format the disk.

Syntax:
Format Volume Options

Options

/A:size Overrides the default allocation unit size. Default settings are strongly recommended for general use. NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K. FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, (128K, 256K for sector size > 512 bytes). FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, (128K, 256K for sector size > 512 bytes). exFAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K, 128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M.
/C NTFS only: Files created on the new volume will be compressed by default.
/D UDF 2.50 only: Metadata will be duplicated.
/F:size Specifies the size of the floppy disk to format (1.44)
/FS:filesystem Specifies the type of the file system (FAT, FAT32, exFAT, NTFS or UDF).
/N:sectors Specifies the number of sectors per track.
/P:passes Zero every sector on the volume passes times. This switch is not valid with /Q
/Q Performs a quick format. Note that this switch overrides /P.
/R:revision UDF only: Forces the format to a specific UDF version (1.02, 1.50, 2.00, 2.01, 2.50).  The default revision is 2.01.
/S:state Where “state” is either “enable” or “disable” Short names are enabled by default
/T:tracks Specifies the number of tracks per disk side.
/V:label Specifies the volume label.
/X Forces the volume to dismount first if necessary.  All opened handles to the volume would no longer be valid.
volume Specifies the drive letter (followed by a colon), mount point, or volume name.

Note:  FAT and FAT32 files systems impose the following restrictions on the number of clusters on a volume: FAT: Number of clusters <= 65526
FAT32: 65526 < Number of clusters < 4177918
Format will immediately stop processing if it decides that the above requirements cannot be met using the specified cluster size. NTFS compression is not supported for allocation unit sizes above 4096.

Example
This command will format Volume C

Format C:

NetStat

Netstat – A command to display Network Statistics.

Netstat is a command which is very useful for network statistics, we can view all open network ports of the system weather it is in Listening or Established mode.

Syntax
Netstat

Options

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.
-e Displays Ethernet statistics. This may be combined with the -s option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics.  By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
interval Redisplays selected statistics, pausing interval seconds between each display.  Press CTRL+C to stop redisplaying statistics.  If omitted, netstat will print the current configuration information once.

Example
This command will display all connection and listening port.
netstat -a

This command will display all connection in numerical form (without resolving IP address to name).
netstat -a -n

Below command will display statistics.
netstat -s

Output 

IPv4 Statistics
IPv6 Statistics
ICMPv4 Statistics
ICMPv6 Statistics
TCP Statistics for IPv4
TCP Statistics for IPv6
UDP Statistics for IPv4
UDP Statistics for IPv6

schtasks

 Schtasks Command to configure a scheduled tasks

Schtasks – A command or programs to execute a task periodically or at a specific time.

Syntax
schtaks Parameter1 Paramerer2

Parameter1

/Create Creates a new scheduled task.
/Delete Deletes the scheduled task(s).
/Query Displays all scheduled tasks.
/Change Changes the properties of scheduled task.
/Run Runs the scheduled task on demand.
/End Stops the currently running scheduled task.
/ShowSid  Shows the security identifier corresponding to a scheduled t ask name.

Parameter2 (for /create)

/D Specifies the day of the week to run the task. Valid values: MON, TUE, WED, THU, FRI, SAT, SUN and for MONTHLY schedules 1 – 31 (days of the month). Wildcard “*” specifies all days.
/DELAY Specifies the wait time to delay the running of the task after the trigger is fired.  The time format is mmmm:ss.  This option is only valid for schedule types ONSTART, ONLOGON, ONEVENT.
/DU Specifies the duration to run the task. The time format is HH:mm. This is not applicable with /ET and for schedule types: ONSTART, ONLOGON, ONIDLE, ONEVENT.
/EC ChannelName  Specifies the event channel for OnEvent triggers.
/ED Specifies the last date when the task should run. The format is mm/dd/yyyy. This is not applicable for schedule types: ONCE, ONSTART, ONLOGON, ONIDLE, ONEVENT.
/ET Specifies the end time to run the task. The time format is HH:mm (24 hour time) for example, 14:50 for 2:50 PM. This is not applicable for schedule types: ONSTART, ONLOGON, ONIDLE, ONEVENT.
/F Forcefully creates the task and suppresses warnings if the specified task already exists.
/I Specifies the amount of idle time to wait before running a scheduled ONIDLE task. Valid range: 1 – 999 minutes.
/IT Enables the task to run interactively only if the /RU user is currently logged on at the time the job runs. This task runs only if the user is logged in.
/K Terminates the task at the endtime or duration time. This is not applicable for schedule types: ONSTART, ONLOGON, ONIDLE, ONEVENT. Either /ET or /DU must be specified.
/M Specifies month(s) of the year. Defaults to the first day of the month. Valid values: JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC. Wildcard “*” specifies all months.
/MO Schedule type to allow  schedule recurrence.
/NP No password is stored.  The task runs non-interactively as the given user.  Only local resources are available.
/P Specifies the password for the given user context. Prompts for input if omitted.
/RI Specifies the repetition interval in minutes. This is not applicable for schedule types: MINUTE, HOURLY, ONSTART, ONLOGON, ONIDLE, ONEVENT. Valid range: 1 – 599940 minutes. If ither /ET or /DU is specified, then it defaults to 10 minutes.
/RL Sets the Run Level for the job. Valid values are LIMITED and HIGHEST. The default is LIMITED.
/RP Specifies the password for “run as” user. To prompt for the password, the value must be either “*” or none. This password is ignored for the system account.
/RU Specifies the “run as” user account (user context) under which the task runs. For the system account, valid values are “”, “NT AUTHORITY\SYSTEM” or “SYSTEM”.
/S Specifies the remote system to connect to. If omitted the system parameter defaults to the local system.
/SC Specifies the schedule frequency. Valid schedule types: MINUTE, HOURLY, DAILY, WEEKLY, MONTHLY, ONCE, ONSTART, ONLOGON, ONIDLE, ONEVENT.
/SD Specifies the first date on which the task runs. The format is mm/dd/yyyy. Defaults to the current date. This is not applicable for schedule types: ONCE, ONSTART, ONLOGON, ONIDLE, ONEVENT.
/ST Specifies the start time to run the task. The time format is HH:mm (24 hour time) for example, 14:30 for 2:30 PM. Defaults to current time if /ST is not specified.  This option is required with /SC ONCE.
/TN Specifies a name which uniquely identifies this scheduled task.
/TR Specifies the path and file name of the program to be run at the scheduled time. Example: C:\windows\system32\cmd.exe
/U Specifies the user context under which SchTasks.exe should execute.
/V1 Creates a task visible to pre-Vista platforms. Not compatible with /XML.
/XML Creates a task from the task XML specified in a file. Can be combined with /RU and /RP switches, or with /RP alone, when task XML already contains the principal.
/Z Marks the task for deletion after its final run.

Parameter2 (for /Query)

/FO Specifies the format for the output. Valid values: TABLE, LIST, CSV.
/NH Specifies that the column header should not be displayed in the output. This is valid only for TABLE format.
/P Specifies the password for the given user context. Prompts for input if omitted.
/S Specifies the remote system to connect to.
/TN Specifies the task name for which to retrieve the information, else all of them.
/U Specifies the user context under which schtasks.exe should execute.
/V Displays verbose task output.
/XML Displays task definitions in XML format.

 Parameter2 (for /Delete)

/P Specifies the password for the given user context. Prompts for input if omitted.
/S Specifies the remote system to connect to.
/TN Identifies the scheduled task to run now.
/U Specifies the user context under which the schtasks.exe should execute.
/F Forcefully deletes the task and suppresses warnings if the specified task is currently running

 Parameter2 (for /Run, /End)

/P Specifies the password for the given user context. Prompts for input if omitted.
/S Specifies the remote system to connect to.
/TN Identifies the scheduled task to run now.
/U Specifies the user context under which the schtasks.exe should execute.

 Example

This command will create a schedule to open Calculator every alternate day.
schtasks /create /tn “Caculator” /tr calc.exe /sc daily /mo 2

This command will create a schedule to open Calculator on every Friday.
schtasks /create /tn “Caculator” /tr calc.exe /sc Weekly /d fri

This command will create a schedule to open Calculator on 2nd day of Month.
schtasks /create /tn “Caculator” /tr calc.exe /sc Monthly /d 2

This command will create a schedule to open Calculator on 2nd day of Month at 10 AM.
schtasks /create /tn “Caculator” /tr calc.exe /sc Monthly /d 2 /st 10:00

 

TASKLIST

This tool displays a list of currently running processes on either a local or remote machine.

Syntax
TASKLIST Parameters

Parameter List:

/S system Specifies the remote system to connect to.
/U domain\user Specifies the user context under which the command should execute.
/P  password Specifies the password for the given user context. Prompts for input if omitted.
/M module Lists all tasks currently using the given exe/dll name. If the module name is not specified all loaded modules are displayed.
/SVC Displays services hosted in each process.
/V Displays verbose task information.
/FI filter Displays a set of tasks that match a given criteria specified by the filter.
/FO format Specifies the output format. Valid values: “TABLE”, “LIST”, “CSV”.
/NH Specifies that the “Column Header” should not be displayed in the output. Valid only for “TABLE” and “CSV” formats.

 

Available Filters:

Filter Name Valid Operators Valid Value(s)
STATUS eq, ne RUNNING |NOT RESPONDING | UNKNOWN
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eqnegtltgele Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss.
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name

NOTE: “WINDOWTITLE” and “STATUS” filters are not supported when querying a remote machine.

Examples:
TASKLIST
TASKLIST /M
TASKLIST /SVC /FO LIST
TASKLIST /S system /FO LIST
TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”

BCDBOOT

BCDBOOT – A boot file creation and repair tool.

BCDBOOT command line tool is used to copy critical boot files to the system partition and to create a new system BCD store.

Syntax
bcdboot options

Options

source Provide the location of the windows system root.
/l Provide an optional locale parameter to use when initializing the BCD store. The default is US English.
/s Provide an optional volume letter parameter to designate the target system partition where boot environment files are copied. The default is the system partition identified by the firmware.
/v Enables verbose mode.
/m If an OS loader GUID is provided, this option merges the given loader object with the system template to produce a bootable entry. Otherwise, only global objects are merged.

BCDboot can update an existing boot environment on the system partition:

If there is already a boot entry for this Windows partition, by default, BCDboot erases the old boot entry and its values. To retain the values from an existing boot entry when you update the system files, you can use the /m option together with the BDCBoot.exe command.

BCDboot copies newer versions of files from the Windows image to the system partition.

If a BCD store already exists on the system partition, BCDboot creates a new boot entry in the existing BCD store based on settings in the BCD-Template file.

On BIOS-based systems, the system partition is the active partition on disks using the Master Boot Record (MBR) disk format. BCDboot creates the \Boot directory on the system partition and copies all required boot-environment files to this directory.

Supported OS:  Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008

Examples:
bcdboot c:\windows /l en-us
bcdboot c:\windows /s g:
bcdboot c:\windows /m {d58d11c6-df54-12dc-878f-00064f4f4e09}

CACLS

CACLS allows you to modify ACL rights.

CACLS used to modify ACL rights on files and folders for users and groups on the local computer.

Syntax
Cacls Path Options

Options

filename Displays ACLs.
/T Changes ACLs of specified files in the current directory and all subdirectories.
/L Work on the Symbolic Link itself versus the target
/M Changes ACLs of volumes mounted to a directory
/S Displays the SDDL string for the DACL.
/S:SDDL Replaces the ACLs with those specified in the SDDL string (not valid with /E, /G, /R, /P, or /D).
/E Edit ACL instead of replacing it.
/C Continue on access denied errors.
/G user:perm Grant specified user access rights.
Perm can be:
R  Read
W  Write
C  Change (write)
F  Full control
/R user Revoke specified user’s access rights (only valid with /E).
/P user:perm Replace specified user’s access rights.
Perm can be: N  None
R  Read
W  Write
C  Change (write)
F  Full control
/D user Deny specified user access.
Abbreviations:
CI Container Inherit.
The ACE will be inherited by directories.
OI Object Inherit.
The ACE will be inherited by files.
IO Inherit Only.
The ACE does not apply to the current file/directory.
ID Inherited.
The ACE was inherited from the parent directory’s ACL.

Example
this command will grant permission read only to specified user.
CACLS filename /g username:R

This command will grant Full permission to specified user.
CACLS filename /g username:F

COMP Command

Comp Command to compare the file contents byte by byte.

Comp command can compare two files resided on different drives or locations. When this command compares the files, it displays the locations and their file names. Without using parameters will prompts you to enter the files you want to compare.

Syntax

Comp Parameters

Parameters

File1 Specifies location and name(s) of first file(s) to compare.
File2 Specifies location and name(s) of second files to compare.
/D Displays differences in decimal format.
/A Displays differences in ASCII characters.
/L Displays line numbers for differences.
/N=number Compares only the first specified number of lines in each file.
/C Disregards case of ASCII letters when comparing files.
/OFF[LINE] Do not skip files with offline attribute set.

Remarks
The files that you want compare can have the same file name in different directories or on different drives.

How the comp command identifies mismatching information

comp displays messages to identify the locations of unequal information in the two files. Each message indicates the memory address of the unequal bytes and the contents of the bytes. Message appears in the following format:

Compare error at OFFSET xxxxxxxx
file1 = xx
file2 = xx

After 10 unequal comparisons, comp stops comparing the files and displays the following message:
10 Mismatches – ending compare

Comparing files of different sizes
You cannot compare files of different sizes unless you specify the /n command-line option.

Examples
To compare the contents of two directories C:\User with the backup directory \\Backup\User.
Comp c:\User \\backup\User

To compare the first ten lines of the text files in the \user directory and display the result in decimal format.

Comp \User\Data.txt \\backup\User\Data.txt /n=10 /d

CSVDE

CSVDE Imports and exports data from Active Directory Domain Services.

CSVDE command extracts information in a comma-separated value (CSV) format. You can use Csvde to import and export Active Directory data that uses the comma-separated value format. Use Microsoft Excel to open this .csv file and view the header and value information

Syntax

CSVDE Options

Options

-i Used for Import, default mode is export.
-f File specify File to import or export from
-s Server The domain controller in which the import or export operation need to perform.
-c String1 String2 Replaces all occurrences of String1 with String2. When you import data from one domain to another and you want to replace the distinguished name.
-v For verbose mode.
-j Path Log file location. The default is the current path.
-t PortNumber LDAP port. The default LDAP port is 389. The global catalog port is 3268.
-u Specifies Unicode format.
-d BaseDN Sets the distinguished name of the search base for data export.
-r LDAPFilter Creates an LDAP search filter for data export.
-p Scope Search scope. Search scope options are Base, OneLevel, or SubTree.
-l LDAPAttributeList Sets the list of attributes to return in the results of an export query.
-o LDAPAttributeList Specifies the list of attributes to omit from the results of an export query.
-g Omits paged searches.
-m Omits attributes, such as ObjectGUID, objectSID, pwdLastSet attributes.
-n Omits the export of binary values.
-k Ignores errors during an import operation and continues processing.
Object already exists
Constraint violation
Attribute or value already exists
-a [UserDN Password] Sets the command to run using the supplied user & Password Example…(“cn=user,dc=yourcompany,dc=com password”)
-b [UserDN Password] Performs a secure LDAP bind with the NEGOTIATE authentication method.

Example

Import a domain from a file YourDomain.csv and store a log in c:\temp folder
Csvde -i -f yourdomain.csv -j c:\temp

Export a domain to a file YourDomain.csv (Default mode is Export)
csvde -f yourdomain.csv

To export only the user account object attributes from a domain to a file named Users.csv, you can use the following command.
csvde -r objectClass=user -f users.csv