TASKLIST

This tool displays a list of currently running processes on either a local or remote machine.

Syntax
TASKLIST Parameters

Parameter List:

/S system Specifies the remote system to connect to.
/U domain\user Specifies the user context under which the command should execute.
/P  password Specifies the password for the given user context. Prompts for input if omitted.
/M module Lists all tasks currently using the given exe/dll name. If the module name is not specified all loaded modules are displayed.
/SVC Displays services hosted in each process.
/V Displays verbose task information.
/FI filter Displays a set of tasks that match a given criteria specified by the filter.
/FO format Specifies the output format. Valid values: “TABLE”, “LIST”, “CSV”.
/NH Specifies that the “Column Header” should not be displayed in the output. Valid only for “TABLE” and “CSV” formats.

 

Available Filters:

Filter Name Valid Operators Valid Value(s)
STATUS eq, ne RUNNING |NOT RESPONDING | UNKNOWN
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eqnegtltgele Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format of hh:mm:ss.
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name

NOTE: “WINDOWTITLE” and “STATUS” filters are not supported when querying a remote machine.

Examples:
TASKLIST
TASKLIST /M
TASKLIST /SVC /FO LIST
TASKLIST /S system /FO LIST
TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”

BCDBOOT

BCDBOOT – A boot file creation and repair tool.

BCDBOOT command line tool is used to copy critical boot files to the system partition and to create a new system BCD store.

Syntax
bcdboot options

Options

source Provide the location of the windows system root.
/l Provide an optional locale parameter to use when initializing the BCD store. The default is US English.
/s Provide an optional volume letter parameter to designate the target system partition where boot environment files are copied. The default is the system partition identified by the firmware.
/v Enables verbose mode.
/m If an OS loader GUID is provided, this option merges the given loader object with the system template to produce a bootable entry. Otherwise, only global objects are merged.

BCDboot can update an existing boot environment on the system partition:

If there is already a boot entry for this Windows partition, by default, BCDboot erases the old boot entry and its values. To retain the values from an existing boot entry when you update the system files, you can use the /m option together with the BDCBoot.exe command.

BCDboot copies newer versions of files from the Windows image to the system partition.

If a BCD store already exists on the system partition, BCDboot creates a new boot entry in the existing BCD store based on settings in the BCD-Template file.

On BIOS-based systems, the system partition is the active partition on disks using the Master Boot Record (MBR) disk format. BCDboot creates the \Boot directory on the system partition and copies all required boot-environment files to this directory.

Supported OS:  Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008 R2 or Windows Server 2008

Examples:
bcdboot c:\windows /l en-us
bcdboot c:\windows /s g:
bcdboot c:\windows /m {d58d11c6-df54-12dc-878f-00064f4f4e09}

MountVol

MountVol windows command helps you to create, delete and list mount points.

You can use Mountvol windows command to manage mount points without using a drive letter.

Syntax
MountVol Parameters

Parameters

path Specifies the existing NTFS directory where the mount point will reside.
VolumeName Specifies the volume name that is the target of the mount point.
/D Removes the volume mount point from the specified directory.
/L Lists the mounted volume name for the specified directory.
/P Removes the volume mount point from the specified directory, dismounts the volume, and makes the volume not mountable. You can make the volume mount point.mountable again by creating a volume
/R Removes volume mount point directories and registry settings for volumes that are no longer in the system.
/N Disables automatic mounting of new volumes.
/E Re-enables automatic mounting of new volumes.
  • If you need to expand your volume space without reformatting or replacing a hard drive, you can add a mount path to another volume.
  • If you are running out of drive letters to use, mount your local volumes with no drive letters.
  • The benefit is that if you use one volume with several mount paths, you can access all local volumes using a single drive letter (such as C:). You need not remember which volume corresponds to which drive letter, although you can mount local volumes and still have them assigned to drive letters.

Example
Command to list mounted volume.
Mountvol c: /L

Below is a command to disable automatic mounting.
MountVol/n

Below is a command to Re-enables automatic mounting.
MountVol /e

PATH Command

Path Command to set the PATH of evnironment variable.

Path Command will add the path to environment variable which system used to search for executable files. When we run a command without providing a command location it first search at the location set to environment variable.

Syntax

Path Pathname
Path ;
Path

Parameters.

Pathname Specifies the drive and directory to set the path
; Specifies Separates directories
%path% Specifies Windows XP to append the command path to the existing set of directories listed in the PATH environment variable.

Example…

Path command will add Temp directory to look in for executable file and will remove existing paths to the current command prompt only.
Path C:\Temp

This below path command will clear the path to the current command prompt.
Path ;

Merge C:\temp path including the path already added.
Path = %path%; C:\temp

When you include %path% in the syntax, Cmd.exe replaces it with the command path value found in the PATH variable

Current directory
The operating system always searches in the current directory first, before it searches the directories in the command path.

Files with the same name, different extensions

You might have some files in the same directory that share the same file name but have different extensions. For example, you have Inventory.Exe to create network inventory, Inventory.bat to create Disk inventory in your network.

Operating system searches for a file in the following order: .exe, .com, .bat, and .cmd..

Findstr

Searches for patterns of text in files using regular expressions.

 

Syntax

findstr [Options] [Parameter_1] [Parameter_2]

Options

/p  Skips files with non-printable characters.
/b  Matches the pattern if at the beginning of a line.
/o   Prints seek offset before each matching line.
/e  Matches the pattern if at the end of a line.
/l   Uses search strings literally.
/r  Uses search strings as regular expressions. Findstr interprets all metacharacters as regular expressions unless you use /l.
/s  Searches for matching files in the current directory and all subdirectories.
/m  Prints only the file name if a file contains a match.
/i   Specifies that the search is not to be case-sensitive.
/n  Prints the line number before each line that matches.
/x    Prints lines that match exactly.
/v   Prints only lines that do not contain a match.

Parameter_1

/f: file Reads file list from the specified file.

Parameter_2

/c: string Uses specified text as a literal search string.
/g: file Gets search strings from the specified file.
/d: dirlist Searches a comma-delimited list of directories.
/a: ColorAttribute Specifies color attributes with two hexadecimal digits.
strings Specified text to be searched for in FileName.

Findstr is capable of finding the exact text you are looking for in any ASCII file or files. Sometimes you have only part of the information you want to search. findstr has capability to search for patterns of text using regular expressions.

Regular Expressions

. Wildcard: any character
* Repeat: zero or more occurrences of previous character or class
^ Line position: beginning of line
$ Line position: end of line
[class] Character class: any one character in set
[^class] Inverse class: any one character not in set
[xy] Range: any characters within the specified range
\x Escape: literal use of metacharacter x
\<xyz Word position: beginning of word
xyz\> Word position: end of word

Examples

Use spaces to separate multiple search strings. To search for “hello” or “here” in file xyz.txt
findstr “hello here” xyz.txt

To search every file in the current directory and all subdirectories that contained the word Table and ignores the case sensitive.
findstr /s /i Table *.*

To search all occurrences of lines that contain the word “HELLO, and include the line number where each occurrence is found.
findstr /b /n /c:” *HELLO” *.txt

DiskPart

DiskPart command to manage Disks

DiskPart is a text-mode command to manage disk from command prompt, there are various action can be performed from command.

Syntax

Diskpart

SELECT Select an object (DISK, PARTITION, VOLUME, VDISK)
Example to select object number (0,1,2…)
Select Disk 0
Select Partition 0
Select Volume 0
Select Vdisk 0
LIST List an object (DISK, PARTITION, VOLUME, VDISK)
Example…
List Disk
List Partition
List Volume
List Vdisk
DETAIL Provide details about an object.
Example…
Detail Disk
Detail Partition
Detail Volume
Detail Vdisk
ACTIVE Selected partition will be marked as active.
ADD Add a mirror to a simple volume
ASSIGN Assign a drive letter.
ATTRIBUTES Display selected Disk or Volume attributes.
Example…
Attributes Disk
Attributes Volume
ATTACH Attaches a virtual disk file.
AUTOMOUNT Enable and disable automatic mounting of basic volumes.
BREAK Break a mirror set.
CLEAN Clear the configuration information, or all information, off the disk.
COMPACT Attempts to reduce the physical size of the file.
CONVERT Convert between different disk formats.
CREATE Create Volume
Example…
Create Volume Raid
Create Volume Simple
Create Volume Stripe
Create Volume Mirror
Create Partition EFI
Create Partition Extended
Create Partition Logical
Create Partition MSR
Create Partition Primary
Create Vdisk File=”filename”
DELETE  Delete an object.
DETACH  Detaches a virtual disk file.
EXIT  Exit DiskPart.
EXTEND  Extend a volume.
EXPAND  Expands the maximum size available on a virtual disk.
FILESYSTEMS  Display current and supported file systems on the volume.
FORMAT  Format the volume or partition.
IMPORT  Import a disk group.
INACTIVE  Mark the selected partition as inactive.
ONLINE  Online an object that is currently marked as offline.
OFFLINE  Offline an object that is currently marked as online.
REMOVE  Remove a drive letter or mount point assignment.
REPAIR  Repair a RAID
RESCAN  Rescan the computer looking for disks and volumes.
SAN  Display or set the SAN policy for the currently booted OS.
SHRINK  Reduce the size of the selected volume.

chkntfs

Chkntfs command to display a scheduled of automatic system checking

CHKNTFS modifies the behavior of the Autochk program, run at boot-time, to prevent CHKDSK from running automatically if Windows automatically schedules it, Displays whether automatic system checking is scheduled to be run on a FAT, FAT32, or NTFS volume when the computer is started. This utility works with ChkDsk to ensure your system remains problem free and sets up your drive to use chkdsk during the boot process , rather than after windows has booted, to ensure utility can gain full access to the drive.

Syntax

chkntfs drive:
chkntfs /d

Drive: Specifies the drive letter, Displays a message that identifies the file system of the specified volume.
/d Restores all chkntfs default settings, except the countdown time for automatic file checking. Default behavior is to check all volumes when the computer is started.
/t [:time ] Changes the Autochk.exe initiation countdown time (in seconds). If you do not specify time, /t option displays the current countdown time
/x drive: Excludes the specified drive from being checked when the computer starts.
/c drive: Schedules the specified drive to be checked when the computer starts.

You must be a member of the Administrators group, to run chkntfs. You can set the Autochk.exe countdown time to zero.

Examples

Command to display the Autochk.exe initiation countdown time.
chkntfs /t

Command to change the countdown time to 20 seconds.
chkntfs /t:20

Command to exclude both drives D: and E:
chkntfs /x D: E:

Command to Schedules the specified drive
chkntfs /c d:

Nslookup

Nslookup command to troubleshoot DNS issues.

Nslookup is a command line administrative tool that displays information which you can use to diagnose Domain Name System (DNS) infrastructure.

Syntax

Nslookup

Domain Name Display information about the host/domain NAME using default server
Domain_Name DNS As above, use DNS as server
help or ? Display information on common commands
Set OPTIONS 
All Display current server and host details
debug Display debugging information
nod2 Display exhaustive debugging information
defname append domain name to each query
recurse ask for recursive answer to query
search use domain search list
novc always use a virtual circuit
domain=NAME set default domain name to NAME
srchlist=N1[/N2/…/N6] set domain to N1 and search list to N1,N2, etc.
root=NAME set root server to NAME
retry=X set number of retries to X
timeout=X set initial time-out interval to X seconds
Type=X Set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV)
queryType=X same as type
class=X set query class (ex. IN (Internet), ANY)
msxfr use MS fast zone transfer
ixfrver=X current version to use in IXFR transfer request
server NAME set default server to NAME, using current default server
lserver NAME set default server to NAME, using initial server
finger [USER] finger the optional NAME at the current default host
root set current default server to the root
ls [opt] DOMAIN [> FILE] list addresses in DOMAIN (optional: output to FILE)
-a list canonical names and aliases
-d list all records
-t type list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.)
view FILE sort an ‘ls’ output file and view it with pg
exit exit the program

Note

  • If ComputerToFind is an IP address and the query is for an A or PTR resource record type, the name of the computer is returned. If ComputerToFind is a name and does not have a trailing period, the default DNS domain name is appended to the name. This behavior depends on the state of the following set subcommands: domainsrchlistdefname, and search.
  • If you type a hyphen (-) instead of ComputerToFind, the command prompt changes to nslookup interactive mode.
  • The command-line length must be less than 256 characters.
  • Nslookup has two modes: interactive and noninteractive.

If you need to look up only a single piece of data, use noninteractive mode. For the first parameter, type the name or IP address of the computer that you want to look up. For the second parameter, type the name or IP address of a DNS name server. If you omit the second argument, nslookup uses the default DNS name server.

If you need to look up more than one piece of data, you can use interactive mode. Type a hyphen (-) for the first parameter and the name or IP address of a DNS name server for the second parameter. Or, omit both parameters and nslookup uses the default DNS name server. Following are some tips about working in interactive mode:

    • To interrupt interactive commands at any time, press CTRL+B.
    • To exit, type exit.

Example:

Nslookup Domain_Name

Display All details of Domain_Name
Nslookup
Set type = all
Domain_Name

More

Displays one screen of output at a time.

Syntax

Command | more
More /c /p /s /t

Key

Path\FileName  Specifies the file to display.
command  A command for which you want to display the output.
/E Enable extended features
/c  Clears screen before displaying page.
/p  Expands form-feed characters.
/s  Multiple blank lines squeeze to one blank line.
/t n  Changes tabs to the number of spaces specified by n.
+n  Displays first file starting from the line specified by n.
files  Specifies list of files to display. file names should be separated with a space.

If /E is used extended features will be enabled, the following keystrokes can be use with the — More — prompt

SPACEBAR Display next page
ENTER Display next line
f Display next file
q Quit
= Show line number
n Display next n lines
n Skip next n lines

Examples

To view the file named File.txt that you want to view on your screen, type
more < File.txt

The more command displays the first screen of information from File.txt, and then the following prompt appears:

— More —

You can then press the SPACEBAR to see the next screen of information.

To clear the screen before displaying File.txt, type

More /c < File.txt

The more command displays the first screen of information from File.txt, and then the following prompt appears:

— More —

To display the file one line at a time, press ENTER.

To display the next page, press the SPACEBAR.
To display the next file listed on the command line, type f.
To quit more, type q.

To display the current line number, type =. The current line number will be added to the more prompt

To display specific number of lines, type pMore prompts you for the number of lines to display as follows:

Move command

Move command to move one or more Files and Directory

Move command is functionality equivalent to copying a file or directory and erasing it from the current directory.

Syntax

Move Source Destination

 Key

/y     Will not prompt you weather to overwrite an existing destination file.
/-y    Prompts you to confirm to overwrite an existing destination file.
Source     Specifies the path and name of the file or folder. 
Destination  Specifies the path and name to move files or folder.

Note:

  • Using the /y command-line option
    The /y command-line option might be preset in the COPYCMD environment variable. You can override this with /-y on the command line. The default is to prompt on overwrite.
  • Moving encrypted files to a volume that does not support Encrypting File System (EFS) will give an error. Decrypt the files first or move the files to a volume that does support EFS.

Both Source and Target may be either a folder or a single file.

Example…

In the current folder
Move source_file.doc destination_file.doc

Move from a different folder/directory:
MOVE “C:\home\file1.doc” “D:\work\file2.doc” (Renamed file at destination)
MOVE “C:\home\file1.doc” “D:\work\file1.doc”

Specify the source only, with a wildcard will Move all the files into the current directory:
MOVE “C:\home\*.doc”