CMD TRICKS

Posted: December 21, 2014 in hacking, programming

A
ARP Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP).
ASSOC Displays or modifies file extension associations.
AT The AT command has been deprecated. Please use schtasks.exe instead.
ATTRIB Displays or changes file attributes.
AUDITPOL
B
BCDBOOT Bcdboot – Bcd boot file creation and repair tool. The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store.
BCDEDIT Sets properties in boot database to control boot loading.
BITSADMIN BITS administration utility.
BOOTCFG This command line tool can be used to configure, query, change or delete the boot entry settings in the BOOT.INI file.
BREAK Sets or clears extended CTRL+C checking.
C
CACLS Displays or modifies access control lists (ACLs) of files.
CALL Calls one batch program from another.
CD Displays the name of or changes the current directory.
CERTREQ
CERTUTIL
CHANGE
CHCP Displays or sets the active code page number.
CHDIR Displays the name of or changes the current directory.
CHGLOGON Enable, disable, or drain session logins.
CHGPORT List or change COM port mappings for DOS application compatibility.
CHGUSR Change Install Mode.
CHKDSK Checks a disk and displays a status report.
CHKNTFS Displays or modifies the checking of disk at boot time.
CHOICE This tool allows users to select one item from a list of choices and returns the index of the selected choice.
CIPHER Displays or alters the encryption of directories [files] on NTFS partitions.
CLIP Redirects output of command line tools to the Windows clipboard. This text output can then be pasted into other programs.
CLS Clears the screen.
CMD Starts a new instance of the Windows command interpreter.
CMDKEY Creates, displays, and deletes stored user names and passwords.
COLOR Sets the default console foreground and background colors.
COMP Compares the contents of two files or sets of files.
COMPACT Displays or alters the compression of files on NTFS partitions.
CONVERT Converts FAT volumes to NTFS. You cannot convert the current drive.
COPY Copies one or more files to another location.
CSCRIPT
D
DATE Displays or sets the date.
DEFRAG Optimizes and defragments files on local volumes to improve system performance.
DEL Deletes one or more files.
DIR Displays a list of files and subdirectories in a directory.
DISKCOMP Compares the contents of two floppy disks.
DISKCOPY Copies the contents of one floppy disk to another.
DISKPART Displays or configures Disk Partition properties.
DISKPERF
DISKRAID
DISM
DISPDIAG Logs display information to a file in the current directory.
DOSKEY Edits command lines, recalls Windows commands, and creates macros.
DPATH Allows programs to open data files in specified directories as if they were in the current directory.
DRIVERQUERY Displays current device driver status and properties.
E
ECHO Displays messages, or turns command echoing on or off.
ENDLOCAL Ends localization of environment changes in a batch file.
ERASE Deletes one or more files.
EVENTCREATE This command line tool enables an administrator to create a custom event ID and message in a specified event log.
EXIT Quits the CMD.EXE program (command interpreter).
EXPAND Expands one or more compressed files.
EXTRACT 1991-96 Gilles Vollant
F
FC Compares two files or sets of files, and displays the differences between them.
FIND Searches for a text string in a file or files.
FINDSTR Searches for strings in files.
FINGER Displays information about a user on a specified system running the Finger service. Output varies based on the remote system.
FLTMC
FOR Runs a specified command for each file in a set of files.
FORFILES Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs.
FORMAT Formats a disk for use with Windows.
FSUTIL Displays or configures the file system properties.
FTP Transfers files to and from a computer running an FTP server service (sometimes called a daemon). Ftp can be used interactively.
FTYPE Displays or modifies file types used in file extension associations.
G
GETMAC This tool enables an administrator to display the MAC address for network adapters on a system.
GOTO Directs the Windows command interpreter to a labeled line in a batch program.
GPRESULT Displays Group Policy information for machine or user.
GPUPDATE Updates multiple Group Policy settings.
H
HELP Provides Help information for Windows commands.
HOSTNAME Prints the name of the current host.
I
ICACLS Display, modify, backup, or restore ACLs for files and directories.
IF Performs conditional processing in batch programs.
IPCONFIG The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.
L
LABEL Creates, changes, or deletes the volume label of a disk.
LODCTR Updates registry values related to performance counters.
LOGMAN Microsoft r Logman.exe (6.2.9200.16384)
LOGOFF Terminates a session.
M
MAKECAB Cabinet Maker – Lossless Data Compression Tool
MANAGE-BDE Configures BitLocker Drive Encryption on disk volumes.
MD Creates a directory.
MKDIR Creates a directory.
MKLINK Creates Symbolic Links and Hard Links
MODE Configures a system device.
MORE Displays output one screen at a time.
MOUNTVOL Creates, deletes, or lists a volume mount point.
MOVE Moves one or more files from one directory to another directory.
MRINFO
MSG Send a message to a user.
N
NBTSTAT Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
NET
NETCFG
NETSH
NETSTAT Displays protocol statistics and current TCP/IP network connections.
NLTEST
NSLOOKUP
O
OPENFILES Displays files opened by remote users for a file share.
P
PATH Displays or sets a search path for executable files.
PATHPING
PAUSE Suspends processing of a batch file and displays a message.
PING
PNPUNATTEND AuditSystem, Unattend online driver install
PNPUTIL Microsoft PnP Utility
POPD Restores the previous value of the current directory saved by PUSHD.
POWERCFG Enables users to control power settings on a local system.
PRINT Prints a text file.
PRINTBRM Access the Backup Recovery Migration tool through a command line interface.
PROMPT Changes the Windows command prompt.
PUSHD Saves the current directory then changes it.
Q
QAPPSRV Displays the available Remote Desktop Session Host servers on the network.
QPROCESS Displays information about processes.
QUERY
QUSER Display information about users logged on to the system.
QWINSTA Display information about Remote Desktop Services sessions.
R
RASDIAL
RD Removes a directory.
REAGENTC This command can only be executed from an elevated command prompt. REAGENTC.EXE: Operation failed: 5 REAGENTC.EXE: An error has occurred.
RECIMG
RECOVER Recovers readable information from a bad or defective disk.
REG
REGINI
REGISTER-CIMPROVIDER Registers CIM Provider into system
RELOG Relog creates new performance logs from data in existing performance logs by changing the sampling rate and/or converting the file format. Supports all performance log formats, including Windows NT 4.0 compressed logs.
REM Records comments (remarks) in batch files or CONFIG.SYS.
REN Renames a file or files.
RENAME Renames a file or files.
REPAIR-BDE BitLocker Drive Encryption: Repair Tool version 6.2.9200
REPLACE Replaces files.
RESET
RMDIR Removes a directory.
ROBOCOPY Advanced utility to copy files and directory trees
ROUTE Manipulates network routing tables.
RPCPING
S
SC Displays or configures services (background processes).
SCHTASKS Schedules commands and programs to run on a computer.
SECEDIT
SET Displays, sets, or removes Windows environment variables.
SETLOCAL Begins localization of environment changes in a batch file.
SETX Creates or modifies environment variables in the user or system environment. Can set variables based on arguments, regkeys or file input.
SFC You must be an administrator running a console session in order to use the sfc utility.
SHIFT Shifts the position of replaceable parameters in batch files.
SHUTDOWN Allows proper local or remote shutdown of machine.
SORT Sorts input.
START Starts a separate window to run a specified program or command.
SUBST Associates a path with a drive letter.
SXSTRACE
SYSTEMINFO Displays machine specific properties and configuration.
T
TAKEOWN This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership.
TASKKILL Kill or stop a running process or application.
TASKLIST Displays all currently running tasks including services.
TIME Displays or sets the system time.
TIMEOUT This utility accepts a timeout parameter to wait for the specified time period (in seconds) or until any key is pressed. It also accepts a parameter to ignore the key press.
TITLE Sets the window title for a CMD.EXE session.
TRACERPT
TRACERT
TREE Graphically displays the directory structure of a drive or path.
TSCON Attaches a user session to a remote desktop session.
TSDISCON Disconnects a Remote Desktop Services session.
TSKILL Ends a process.
TYPE Displays the contents of a text file.
TYPEPERF Typeperf writes performance data to the command window or to a log file. To stop Typeperf, press CTRL+C.
TZUTIL
U
UNLODCTR Removes counter names and explain text for the specified extensible counter.
V
VAULTCMD Creates, displays and deletes stored credentials.
VER Displays the Windows version.
VERIFY Tells Windows whether to verify that your files are written correctly to a disk.
VOL Displays a disk volume label and serial number.
VSSADMIN vssadmin 1.1 – Volume Shadow Copy Service administrative command-line tool
W
W32TM
WAITFOR This tool sends, or waits for, a signal on a system. When /S is not specified, the signal will be broadcasted to all the systems in a domain. If /S is specified, then the signal will be sent only to the specified system.
WBADMIN wbadmin 1.0 – Backup command-line tool
WECUTIL
WEVTUTIL
WHERE Displays the location of files that match the search pattern. By default, the search is done along the current directory and in the paths specified by the PATH environment variable.
WHOAMI This utility can be used to get user name and group information along with the respective security identifiers (SID), claims, privileges, logon identifier (logon ID) for the current user on the local system. I.e. who is the current logged on user? If no switch is specified, tool displays the user name in NTLM format (domain\username).
WINRM Windows Remote Management (WinRM) is the Microsoft implementation of the WS-Management protocol which provides a secure way to communicate with local and remote computers using web services.
WINRS
WMIC Displays WMI information inside interactive command shell.
X
XCOPY Copies files and directory trees.

ARP   (Version 6.2.9200.16384)

Displays and modifies the IP-to-Physical address translation tables used by

address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]

ARP -d inet_addr [if_addr]

ARP -a [inet_addr] [-N if_addr] [-v]

-a            Displays current ARP entries by interrogating the current

protocol data.  If inet_addr is specified, the IP and Physical

addresses for only the specified computer are displayed.  If

more than one network interface uses ARP, entries for each ARP

table are displayed.

-g            Same as -a.

-v            Displays current ARP entries in verbose mode.  All invalid

entries and entries on the loop-back interface will be shown.

inet_addr     Specifies an internet address.

-N if_addr    Displays the ARP entries for the network interface specified

by if_addr.

-d            Deletes the host specified by inet_addr. inet_addr may be

wildcarded with * to delete all hosts.

-s            Adds the host and associates the Internet address inet_addr

with the Physical address eth_addr.  The Physical address is

given as 6 hexadecimal bytes separated by hyphens. The entry

is permanent.

eth_addr      Specifies a physical address.

if_addr       If present, this specifies the Internet address of the

interface whose address translation table should be modified.

If not present, the first applicable interface will be used.

Example:

> arp -s 157.55.85.212   00-aa-00-62-c6-09  …. Adds a static entry.

> arp -a                                    …. Displays the arp table.

Back to the top of this page

ASSOC   (internal command)

Displays or modifies file extension associations

ASSOC [.ext[=[fileType]]]

.ext      Specifies the file extension to associate the file type with

fileType  Specifies the file type to associate with the file extension

Type ASSOC without parameters to display the current file associations.

If ASSOC is invoked with just a file extension, it displays the current

file association for that file extension.  Specify nothing for the file

type and the command will delete the association for the file extension.

Back to the top of this page

AT   (Version 6.2.9200.16384)

The AT command has been deprecated. Please use schtasks.exe instead.

The AT command schedules commands and programs to run on a computer at

a specified time and date. The Schedule service must be running to use

the AT command.

AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]

AT [\\computername] time [/INTERACTIVE]

[ /EVERY:date[,…] | /NEXT:date[,…]] “command”

\\computername     Specifies a remote computer. Commands are scheduled on the

local computer if this parameter is omitted.

id                 Is an identification number assigned to a scheduled

command.

/delete            Cancels a scheduled command. If id is omitted, all the

scheduled commands on the computer are canceled.

/yes               Used with cancel all jobs command when no further

confirmation is desired.

time               Specifies the time when command is to run.

/interactive       Allows the job to interact with the desktop of the user

who is logged on at the time the job runs.

/every:date[,…]  Runs the command on each specified day(s) of the week or

month. If date is omitted, the current day of the month

is assumed.

/next:date[,…]   Runs the specified command on the next occurrence of the

day (for example, next Thursday).  If date is omitted, the

current day of the month is assumed.

“command”          Is the Windows NT command, or batch program to be run.

Back to the top of this page

ATTRIB   (Version 6.2.9200.16384)

Displays or changes file attributes.

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I]

[drive:][path][filename] [/S [/D] [/L]]

+   Sets an attribute.

–   Clears an attribute.

R   Read-only file attribute.

A   Archive file attribute.

S   System file attribute.

H   Hidden file attribute.

I   Not content indexed file attribute.

X   No scrub file attribute.

V   Integrity attribute.

[drive:][path][filename]

Specifies a file or files for attrib to process.

/S  Processes matching files in the current folder

and all subfolders.

/D  Processes folders as well.

/L  Work on the attributes of the Symbolic Link versus

the target of the Symbolic Link

Back to the top of this page

AUDITPOL   (Version 6.2.9200.16384)

Usage: AuditPol command [<sub-command><options>]

Commands (only one command permitted per execution)

/?               Help (context-sensitive)

/get             Displays the current audit policy.

/set             Sets the audit policy.

/list            Displays selectable policy elements.

/backup          Saves the audit policy to a file.

/restore         Restores the audit policy from a file.

/clear           Clears the audit policy.

/remove          Removes the per-user audit policy for a user account.

/resourceSACL    Configure global resource SACLs

Use AuditPol <command> /? for details on each command

Back to the top of this page

BCDBOOT   (Version 6.2.9200.16384)

Bcdboot – Bcd boot file creation and repair tool.

The bcdboot.exe command-line tool is used to copy critical boot files to the

system partition and to create a new system BCD store.

bcdboot <source> [/l <locale>] [/s <volume-letter> [/f <firmware>]] [/v]

[/m [{OS Loader ID}]] [/addlast]

source     Specifies the location of the windows system root.

/l         Specifies an optional locale parameter to use when

initializing the BCD store. The default is US English.

/s         Specifies an optional volume letter parameter to designate

the target system partition where boot environment files are

copied.  The default is the system partition identified by

the firmware.

/v         Enables verbose mode.

/m         If an OS loader GUID is provided, this option merges the

given loader object with the system template to produce a

bootable entry. Otherwise, only global objects are merged.

/d         Specifies that the existing default windows boot entry

should be preserved.

/f         Used with the /s command, specifies the firmware type of the

target system partition. Options for <firmware> are ‘UEFI’,

‘BIOS’, or ‘ALL’.

/addlast   Specifies that the windows boot manager firmware entry

should be added last. The default behavior is to add it

first.

Examples: bcdboot c:\windows /l en-us

bcdboot c:\windows /s h:

bcdboot c:\windows /s h: /f UEFI

bcdboot c:\windows /m {d58d10c6-df53-11dc-878f-00064f4f4e08}

bcdboot c:\windows /d /addlast

Back to the top of this page

BCDEDIT   (Version 6.2.9200.16384)

BCDEDIT – Boot Configuration Data Store Editor

The Bcdedit.exe command-line tool modifies the boot configuration data store.

The boot configuration data store contains boot configuration parameters and

controls how the operating system is booted. These parameters were previously

in the Boot.ini file (in BIOS-based operating systems) or in the nonvolatile

RAM entries (in Extensible Firmware Interface-based operating systems). You can

use Bcdedit.exe to add, delete, edit, and append entries in the boot

configuration data store.

For detailed command and option information, type bcdedit.exe /? <command>. For

example, to display detailed information about the /createstore command, type:

bcdedit.exe /? /createstore

For an alphabetical list of topics in this help file, run “bcdedit /? TOPICS”.

Commands that operate on a store

================================

/createstore    Creates a new and empty boot configuration data store.

/export         Exports the contents of the system store to a file. This file

can be used later to restore the state of the system store.

/import         Restores the state of the system store using a backup file

created with the /export command.

/sysstore       Sets the system store device (only affects EFI systems, does

not persist across reboots, and is only used in cases where

the system store device is ambiguous).

Commands that operate on entries in a store

===========================================

/copy           Makes copies of entries in the store.

/create         Creates new entries in the store.

/delete         Deletes entries from the store.

/mirror         Creates mirror of entries in the store.

Run bcdedit /? ID for information about identifiers used by these commands.

Commands that operate on entry options

======================================

/deletevalue    Deletes entry options from the store.

/set            Sets entry option values in the store.

Run bcdedit /? TYPES for a list of datatypes used by these commands.

Run bcdedit /? FORMATS for a list of valid data formats.

Commands that control output

============================

/enum           Lists entries in the store.

/v              Command-line option that displays entry identifiers in full,

rather than using names for well-known identifiers.

Use /v by itself as a command to display entry identifiers

in full for the ACTIVE type.

Running “bcdedit” by itself is equivalent to running “bcdedit /enum ACTIVE”.

Commands that control the boot manager

======================================

/bootsequence   Sets the one-time boot sequence for the boot manager.

/default        Sets the default entry that the boot manager will use.

/displayorder   Sets the order in which the boot manager displays the

multiboot menu.

/timeout        Sets the boot manager time-out value.

/toolsdisplayorder  Sets the order in which the boot manager displays

the tools menu.

Commands that control Emergency Management Services for a boot application

==========================================================================

/bootems        Enables or disables Emergency Management Services

for a boot application.

/ems            Enables or disables Emergency Management Services for an

operating system entry.

/emssettings    Sets the global Emergency Management Services parameters.

Command that control debugging

==============================

/bootdebug      Enables or disables boot debugging for a boot application.

/dbgsettings    Sets the global debugger parameters.

/debug          Enables or disables kernel debugging for an operating system

entry.

/hypervisorsettings  Sets the hypervisor parameters.

Back to the top of this page

BITSADMIN   (Version 7.6.9200.16384)

BITSADMIN version 3.0 [ 7.6.9200 ]

BITS administration utility.

(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command

The following commands are available:

/HELP           Prints this help

/?              Prints this help

/UTIL /?        Prints the list of utilities commands

/PEERCACHING /?   Prints the list of commands to manage Peercaching

/CACHE /?       Prints the list of cache management commands

/PEERS /?       Prints the list of peer management commands

/LIST    [/ALLUSERS] [/VERBOSE]     List the jobs

/MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager

/RESET   [/ALLUSERS]                Deletes all jobs in the manager

/TRANSFER <job name> [type] [/PRIORITY priority] [/ACLFLAGS flags]

remote_url local_name

Transfers one of more files.

[type] may be /DOWNLOAD or /UPLOAD; default is download

Multiple URL/file pairs may be specified.

Unlike most commands, <job name> may only be a name and not a GUID.

/CREATE [type] <job name>               Creates a job

[type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download

Unlike most commands, <job name> may only be a name and not a GUID.

/INFO <job> [/VERBOSE]                   Displays information about the job

/ADDFILE <job> <remote_url> <local_name> Adds a file to the job

/ADDFILESET <job> <textfile>             Adds multiple files to the job

Each line of <textfile> lists a file’s remote name and local name, separated

by spaces.  A line beginning with ‘#’ is treated as a comment.

Once the file set is read into memory, the contents are added to the job.

/ADDFILEWITHRANGES  <job> <remote_url> <local_name range_list>

Like /ADDFILE, but BITS will read only selected byte ranges of the URL.

range_list is a comma-delimited series of offset and length pairs.

For example,

0:100,2000:100,5000:eof

instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting

at offset 2000, and the remainder of the URL starting at offset 5000.

/REPLACEREMOTEPREFIX <job> <old_prefix> <new_prefix>

All files whose URL begins with <old_prefix> are changed to use <new_prefix>

Note that BITS currently supports HTTP/HTTPS downloads and uploads.

It also supports UNC paths and file:// paths as URLS

/LISTFILES <job>                     Lists the files in the job

/SUSPEND <job>                       Suspends the job

/RESUME <job>                        Resumes the job

/CANCEL <job>                        Cancels the job

/COMPLETE <job>                      Completes the job

/GETTYPE <job>                       Retrieves the job type

/GETACLFLAGS <job>                   Retrieves the ACL propagation flags

/SETACLFLAGS <job> <ACL_flags>       Sets the ACL propagation flags for the job

O – OWNER       G – GROUP

D – DACL        S – SACL

Examples:

bitsadmin /setaclflags MyJob OGDS

bitsadmin /setaclflags MyJob OGD

/GETBYTESTOTAL <job>                 Retrieves the size of the job

/GETBYTESTRANSFERRED <job>           Retrieves the number of bytes transferred

/GETFILESTOTAL <job>                 Retrieves the number of files in the job

/GETFILESTRANSFERRED <job>           Retrieves the number of files transferred

/GETCREATIONTIME <job>               Retrieves the job creation time

/GETMODIFICATIONTIME <job>           Retrieves the job modification time

/GETCOMPLETIONTIME <job>             Retrieves the job completion time

/GETSTATE <job>                      Retrieves the job state

/GETERROR <job>                      Retrieves detailed error information

/GETOWNER <job>                      Retrieves the job owner

/GETDISPLAYNAME <job>                Retrieves the job display name

/SETDISPLAYNAME <job> <display_name> Sets the job display name

/GETDESCRIPTION <job>                Retrieves the job description

/SETDESCRIPTION <job> <description>  Sets the job description

/GETPRIORITY    <job>                Retrieves the job priority

/SETPRIORITY    <job> <priority>     Sets the job priority

Priority usage choices:

FOREGROUND

HIGH

NORMAL

LOW

/GETNOTIFYFLAGS <job>                 Retrieves the notify flags

/SETNOTIFYFLAGS <job> <notify_flags>  Sets the notify flags

For more help on this option, please refer to the MSDN help page for SetNotifyFlags

/GETNOTIFYINTERFACE <job>             Determines if notify interface is registered

/GETMINRETRYDELAY <job>               Retrieves the retry delay in seconds

/SETMINRETRYDELAY <job> <retry_delay> Sets the retry delay in seconds

/GETNOPROGRESSTIMEOUT <job>           Retrieves the no progress timeout in seconds

/SETNOPROGRESSTIMEOUT <job> <timeout> Sets the no progress timeout in seconds

/GETMAXDOWNLOADTIME <job>             Retrieves the download timeout in seconds

/SETMAXDOWNLOADTIME <job> <timeout>   Sets the download timeout in seconds

/GETERRORCOUNT <job>                  Retrieves an error count for the job

/SETPROXYSETTINGS <job> <usage>      Sets the proxy usage

usage choices:

PRECONFIG   – Use the owner’s default Internet settings.

AUTODETECT  – Force autodetection of proxy.

NO_PROXY    – Do not use a proxy server.

OVERRIDE    – Use an explicit proxy list and bypass list.

Must be followed by a proxy list and a proxy bypass list.

NULL or “” may be used for an empty proxy bypass list.

Examples:

bitsadmin /setproxysettings MyJob PRECONFIG

bitsadmin /setproxysettings MyJob AUTODETECT

bitsadmin /setproxysettings MyJob NO_PROXY

bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 “<local>”

bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL

/GETPROXYUSAGE <job>                 Retrieves the proxy usage setting

/GETPROXYLIST <job>                  Retrieves the proxy list

/GETPROXYBYPASSLIST <job>            Retrieves the proxy bypass list

/TAKEOWNERSHIP <job>                 Take ownership of the job

/SETNOTIFYCMDLINE <job> <program_name> [program_parameters]

Sets a program to execute for notification, and optionally parameters.

The program name and parameters can be NULL.

IMPORTANT: if parameters are non-NULL, then the program name should be the

first parameter.

Examples:

bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe  NULL

bitsadmin /SetNotifyCmdLine MyJob c:\callback.exe “c:\callback.exe parm1 parm2”

bitsadmin /SetNotifyCmdLine MyJob NULL NULL

/GETNOTIFYCMDLINE <job>              Returns the job’s notification command line

/SETCREDENTIALS <job> <target> <scheme> <username> <password>

Adds credentials to a job.

<target> may be either SERVER or PROXY

<scheme> may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT.

/REMOVECREDENTIALS <job> <target> <scheme>

Removes credentials from a job.

/GETCUSTOMHEADERS <job>                           Gets the Custom HTTP Headers

/SETCUSTOMHEADERS <job> <header1> <header2> <…> Sets the Custom HTTP Headers

/GETCLIENTCERTIFICATE <job>                       Gets the job’s Client Certificate Information

/SETCLIENTCERTIFICATEBYID <job> <store_location> <store_name> <hexa-decimal_cert_id>

Sets a client authentication certificate to a job.

<store_location> may be

1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),

4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),

7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/SETCLIENTCERTIFICATEBYNAME <job> <store_location> <store_name> <subject_name>

Sets a client authentication certificate to a job.

<store_location> may be

1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),

4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),

7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/REMOVECLIENTCERTIFICATE <job>                Removes the Client Certificate Information from the job

/SETSECURITYFLAGS <job> <value>

Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

The value is an unsigned integer with the following interpretation for the bits in the binary representation.

Enable CRL Check                                 : Set the least significant bit

Ignore invalid common name in server certificate : Set the 2nd bit from right

Ignore invalid date in  server certificate       : Set the 3rd bit from right

Ignore invalid certificate authority in server

certificate                                    : Set the 4th bit from right

Ignore invalid usage of certificate              : Set the 5th bit from right

Redirection policy                               : Controlled by the 9th-11th bits from right

0,0,0  – Redirects will be automatically allowed.

0,0,1  – Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs.

0,1,0  – BITS will fail the job if a redirect occurs.

Allow redirection from HTTPS to HTTP             : Set the 12th bit from right

/GETSECURITYFLAGS <job>

Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

/SETVALIDATIONSTATE  <job>  <file-index> <true|false>

<file-index> starts from 0

Sets the content-validation state of the given file within the job.

/GETVALIDATIONSTATE  <job>  <file-index>

<file-index> starts from 0

Reports the content-validation state of the given file within the job.

/GETTEMPORARYNAME  <job>  <file-index>

<file-index> starts from 0

Reports the temporary filename of the given file within the job.

The following options control peercaching of a particular job:

/SETPEERCACHINGFLAGS  <job> <value>

Sets the flags for the job’s peercaching behavior.

The value is an unsigned integer with the following interpretation for the bits in the binary representation.

Allow the job’s data to be downloaded from a peer : Set the least significant bit

Allow the job’s data to be served to peers        : Set the 2nd bit from right

/GETPEERCACHINGFLAGS  <job>

Reports the flags for the job’s peercaching behavior.

The following options are valid for UPLOAD-REPLY jobs only:

/GETREPLYFILENAME <job>        Gets the path of the file containing the server reply

/SETREPLYFILENAME <job> <path> Sets the path of the file containing the server reply

/GETREPLYPROGRESS <job>        Gets the size and progress of the server reply

/GETREPLYDATA     <job>        Dumps the server’s reply data in hex format

The following options can be placed before the command:

/RAWRETURN                     Return data more suitable for parsing

/WRAP                          Wrap output around console (default)

/NOWRAP                        Don’t wrap output around console

The /RAWRETURN option strips new line characters and formatting.

It is recognized by the /CREATE and /GET* commands.

Commands that take a <job> parameter will accept either a job name or a job ID

GUID inside braces.  BITSADMIN reports an error if a name is ambiguous.

Back to the top of this page

BOOTCFG   (Version 6.2.9200.16384)

BOOTCFG /parameter [arguments]

Description:

This command line tool can be used to configure, query, change or

delete the boot entry settings in the BOOT.INI file.

Parameter List:

/Copy       Makes a copy of an existing boot entry.

/Delete     Deletes an existing boot entry from the BOOT.INI file.

/Query      Displays the current boot entries and their settings.

/Raw        Allows the user to specify any switch to be added.

/Timeout    Allows the user to change the Timeout value.

/Default    Allows the user to change the Default boot entry.

/EMS        Allows the user to configure the /redirect switch

for headless support.

/Debug      Allows the user to specify the port and baudrate for

remote debugging.

/Addsw      Allows the user to add predefined switches.

/Rmsw       Allows the user to remove predefined switches.

/Dbg1394    Allows the user to configure 1394 port for debugging.

/?          Displays this help message.

Examples:

BOOTCFG /Copy /?

BOOTCFG /Delete /?

BOOTCFG /Query /?

BOOTCFG /Raw /?

BOOTCFG /Timeout /?

BOOTCFG /EMS /?

BOOTCFG /Debug /?

BOOTCFG /Addsw /?

BOOTCFG /Rmsw /?

BOOTCFG /Dbg1394 /?

BOOTCFG /Default /?

BOOTCFG /?

WARNING: BOOT.INI is used for boot options on Windows XP and earlier

operating systems.  Use the BCDEDIT command line tool to modify

Windows Vista boot options.

Back to the top of this page

BREAK   (internal command)

Sets or Clears Extended CTRL+C checking on DOS system

This is present for Compatibility with DOS systems. It has no effect

under Windows.

If Command Extensions are enabled, and running on the Windows

platform, then the BREAK command will enter a hard coded breakpoint

if being debugged by a debugger.

Back to the top of this page

CACLS   (Version 6.2.9200.16384)

NOTE: Cacls is now deprecated, please use Icacls.

Displays or modifies access control lists (ACLs) of files

CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]

[/R user […]] [/P user:perm […]] [/D user […]]

filename      Displays ACLs.

/T            Changes ACLs of specified files in

the current directory and all subdirectories.

/L            Work on the Symbolic Link itself versus the target

/M            Changes ACLs of volumes mounted to a directory

/S            Displays the SDDL string for the DACL.

/S:SDDL       Replaces the ACLs with those specified in the SDDL string

(not valid with /E, /G, /R, /P, or /D).

/E            Edit ACL instead of replacing it.

/C            Continue on access denied errors.

/G user:perm  Grant specified user access rights.

Perm can be: R  Read

W  Write

C  Change (write)

F  Full control

/R user       Revoke specified user’s access rights (only valid with /E).

/P user:perm  Replace specified user’s access rights.

Perm can be: N  None

R  Read

W  Write

C  Change (write)

F  Full control

/D user       Deny specified user access.

Wildcards can be used to specify more than one file in a command.

You can specify more than one user in a command.

Abbreviations:

CI – Container Inherit.

The ACE will be inherited by directories.

OI – Object Inherit.

The ACE will be inherited by files.

IO – Inherit Only.

The ACE does not apply to the current file/directory.

ID – Inherited.

The ACE was inherited from the parent directory’s ACL.

Back to the top of this page

CALL   (internal command)

Calls one batch program from another.

CALL [drive:][path]filename [batch-parameters]

batch-parameters   Specifies any command-line information required by the

batch program.

If Command Extensions are enabled CALL changes as follows:

CALL command now accepts labels as the target of the CALL.  The syntax

is:

CALL :label arguments

A new batch file context is created with the specified arguments and

control is passed to the statement after the label specified.  You must

“exit” twice by reaching the end of the batch script file twice.  The

first time you read the end, control will return to just after the CALL

statement.  The second time will exit the batch script.  Type GOTO /?

for a description of the GOTO :EOF extension that will allow you to

“return” from a batch script.

In addition, expansion of batch script argument references (%0, %1,

etc.) have been changed as follows:

%* in a batch script refers to all the arguments (e.g. %1 %2 %3

%4 %5 …)

Substitution of batch parameters (%n) has been enhanced.  You can

now use the following optional syntax:

%~1         – expands %1 removing any surrounding quotes (“)

%~f1        – expands %1 to a fully qualified path name

%~d1        – expands %1 to a drive letter only

%~p1        – expands %1 to a path only

%~n1        – expands %1 to a file name only

%~x1        – expands %1 to a file extension only

%~s1        – expanded path contains short names only

%~a1        – expands %1 to file attributes

%~t1        – expands %1 to date/time of file

%~z1        – expands %1 to size of file

%~$PATH:1   – searches the directories listed in the PATH

environment variable and expands %1 to the fully

qualified name of the first one found.  If the

environment variable name is not defined or the

file is not found by the search, then this

modifier expands to the empty string

The modifiers can be combined to get compound results:

%~dp1       – expands %1 to a drive letter and path only

%~nx1       – expands %1 to a file name and extension only

%~dp$PATH:1 – searches the directories listed in the PATH

environment variable for %1 and expands to the

drive letter and path of the first one found.

%~ftza1     – expands %1 to a DIR like output line

In the above examples %1 and PATH can be replaced by other

valid values.  The %~ syntax is terminated by a valid argument

number.  The %~ modifiers may not be used with %*

Back to the top of this page

CD   (internal command)

Displays the name of or changes the current directory.

CHDIR [/D] [drive:][path]

CHDIR [..]

CD [/D] [drive:][path]

CD [..]

..   Specifies that you want to change to the parent directory.

Type CD drive: to display the current directory in the specified drive.

Type CD without parameters to display the current drive and directory.

Use the /D switch to change current drive in addition to changing current

directory for a drive.

If Command Extensions are enabled CHDIR changes as follows:

The current directory string is converted to use the same case as

the on disk names.  So CD C:\TEMP would actually set the current

directory to C:\Temp if that is the case on disk.

CHDIR command does not treat spaces as delimiters, so it is possible to

CD into a subdirectory name that contains a space without surrounding

the name with quotes.  For example:

cd \winnt\profiles\username\programs\start menu

is the same as:

cd “\winnt\profiles\username\programs\start menu”

which is what you would have to type if extensions were disabled.

Back to the top of this page

CERTREQ   (Version 6.2.9200.16384)

Usage:

CertReq -?

CertReq [-v] -?

CertReq [-Command] -?

CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]

Submit a request to a Certification Authority.

Options:

-attrib AttributeString

-binary

-PolicyServer PolicyServer

-config ConfigString

-Anonymous

-Kerberos

-ClientCertificate ClientCertId

-UserName UserName

-p Password

-crl

-rpc

-AdminForceMachine

-RenewOnBehalfOf

CertReq -Retrieve [Options] RequestId [CertFileOut [CertChainFileOut [FullResponseFileOut]]]

Retrieve a response to a previous request from a Certification Authority.

Options:

-binary

-PolicyServer PolicyServer

-config ConfigString

-Anonymous

-Kerberos

-ClientCertificate ClientCertId

-UserName UserName

-p Password

-crl

-rpc

-AdminForceMachine

CertReq -New [Options] [PolicyFileIn [RequestFileOut]]

Create a new request as directed by PolicyFileIn

Options:

-attrib AttributeString

-binary

-cert CertId

-PolicyServer PolicyServer

-config ConfigString

-Anonymous

-Kerberos

-ClientCertificate ClientCertId

-UserName UserName

-p Password

-pin Pin

-user

-machine

-xchg ExchangeCertFile

CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn]

Accept and install a response to a previous new request.

Options:

-user

-machine

-pin Pin

CertReq -Policy [Options] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]]

Construct a cross certification or qualified subordination request

from an existing CA certificate or from an existing request.

Options:

-attrib AttributeString

-binary

-cert CertId

-PolicyServer PolicyServer

-Anonymous

-Kerberos

-ClientCertificate ClientCertId

-UserName UserName

-p Password

-pin Pin

-noEKU

-AlternateSignatureAlgorithm

-HashAlgorithm HashAlgorithm

CertReq -Sign [Options] [RequestFileIn [RequestFileOut]]

Sign a certificate request with an enrollment agent or qualified

subordination signing certificate.

Options:

-binary

-cert CertId

-PolicyServer PolicyServer

-Anonymous

-Kerberos

-ClientCertificate ClientCertId

-UserName UserName

-p Password

-pin Pin

-crl

-noEKU

-HashAlgorithm HashAlgorithm

CertReq -Enroll [Options] TemplateName

CertReq -Enroll -cert CertId [Options] Renew [ReuseKeys]

Enroll for or renew a certificate.

Options:

-PolicyServer PolicyServer

-user

-machine

-pin Pin

Back to the top of this page

CERTUTIL   (Version 6.2.9200.16384)

Verbs:

-dump             — Dump configuration information or files

-asn              — Parse ASN.1 file

-decodehex        — Decode hexadecimal-encoded file

-decode           — Decode Base64-encoded file

-encode           — Encode file to Base64

-deny             — Deny pending request

-resubmit         — Resubmit pending request

-setattributes    — Set attributes for pending request

-setextension     — Set extension for pending request

-revoke           — Revoke Certificate

-isvalid          — Display current certificate disposition

-getconfig        — Get default configuration string

-ping             — Ping Active Directory Certificate Services Request interface

-pingadmin        — Ping Active Directory Certificate Services Admin interface

-CAInfo           — Display CA Information

-ca.cert          — Retrieve the CA’s certificate

-ca.chain         — Retrieve the CA’s certificate chain

-GetCRL           — Get CRL

-CRL              — Publish new CRLs [or delta CRLs only]

-shutdown         — Shutdown Active Directory Certificate Services

-installCert      — Install Certification Authority certificate

-renewCert        — Renew Certification Authority certificate

-schema           — Dump Certificate Schema

-view             — Dump Certificate View

-db               — Dump Raw Database

-deleterow        — Delete server database row

-backup           — Backup Active Directory Certificate Services

-backupDB         — Backup Active Directory Certificate Services database

-backupKey        — Backup Active Directory Certificate Services certificate and private key

-restore          — Restore Active Directory Certificate Services

-restoreDB        — Restore Active Directory Certificate Services database

-restoreKey       — Restore Active Directory Certificate Services certificate and private key

-importPFX        — Import certificate and private key

-dynamicfilelist  — Display dynamic file List

-databaselocations — Display database locations

-hashfile         — Generate and display cryptographic hash over a file

-store            — Dump certificate store

-addstore         — Add certificate to store

-delstore         — Delete certificate from store

-verifystore      — Verify certificate in store

-repairstore      — Repair key association or update certificate properties or key security descriptor

-viewstore        — Dump certificate store

-viewdelstore     — Delete certificate from store

-dsPublish        — Publish certificate or CRL to Active Directory

-ADTemplate       — Display AD templates

-Template         — Display Enrollment Policy templates

-TemplateCAs      — Display CAs for template

-CATemplates      — Display templates for CA

-SetCASites       — Manage Site Names for CAs

-enrollmentServerURL — Display, add or delete enrollment server URLs associated with a CA

-ADCA             — Display AD CAs

-CA               — Display Enrollment Policy CAs

-Policy           — Display Enrollment Policy

-PolicyCache      — Display or delete Enrollment Policy Cache entries

-CredStore        — Display, add or delete Credential Store entries

-InstallDefaultTemplates — Install default certificate templates

-URLCache         — Display or delete URL cache entries

-pulse            — Pulse autoenrollment events

-MachineInfo      — Display Active Directory machine object information

-DCInfo           — Display domain controller information

-EntInfo          — Display enterprise information

-TCAInfo          — Display CA information

-SCInfo           — Display smart card information

-SCRoots          — Manage smart card root certificates

-verifykeys       — Verify public/private key set

-verify           — Verify certificate, CRL or chain

-verifyCTL        — Verify AuthRoot or Disallowed Certificates CTL

-sign             — Re-sign CRL or certificate

-vroot            — Create/delete web virtual roots and file shares

-vocsproot        — Create/delete web virtual roots for OCSP web proxy

-addEnrollmentServer — Add an Enrollment Server application

-deleteEnrollmentServer — Delete an Enrollment Server application

-addPolicyServer  — Add a Policy Server application

-deletePolicyServer — Delete a Policy Server application

-oid              — Display ObjectId or set display name

-error            — Display error code message text

-getreg           — Display registry value

-setreg           — Set registry value

-delreg           — Delete registry value

-ImportKMS        — Import user keys and certificates into server database for key archival

-ImportCert       — Import a certificate file into the database

-GetKey           — Retrieve archived private key recovery blob, generate a recovery script,

or recover archived keys

-RecoverKey       — Recover archived private key

-MergePFX         — Merge PFX files

-ConvertEPF       — Convert PFX files to EPF file

-?                — Display this usage message

CertUtil -?              — Display a verb list (command list)

CertUtil -dump -?        — Display help text for the “dump” verb

CertUtil -v -?           — Display all help text for all verbs

CertUtil: -? command completed successfully.

Back to the top of this page

CHANGE   (Version 6.2.9200.16384)

CHANGE { LOGON | PORT | USER }

Back to the top of this page

CHCP   (internal command)

Displays or sets the active code page number.

CHCP [nnn]

nnn   Specifies a code page number.

Type CHCP without a parameter to display the active code page number.

Back to the top of this page

CHDIR   (internal command)

Displays the name of or changes the current directory.

CHDIR [/D] [drive:][path]

CHDIR [..]

CD [/D] [drive:][path]

CD [..]

..   Specifies that you want to change to the parent directory.

Type CD drive: to display the current directory in the specified drive.

Type CD without parameters to display the current drive and directory.

Use the /D switch to change current drive in addition to changing current

directory for a drive.

If Command Extensions are enabled CHDIR changes as follows:

The current directory string is converted to use the same case as

the on disk names.  So CD C:\TEMP would actually set the current

directory to C:\Temp if that is the case on disk.

CHDIR command does not treat spaces as delimiters, so it is possible to

CD into a subdirectory name that contains a space without surrounding

the name with quotes.  For example:

cd \winnt\profiles\username\programs\start menu

is the same as:

cd “\winnt\profiles\username\programs\start menu”

which is what you would have to type if extensions were disabled.

Back to the top of this page

CHGLOGON   (Version 6.2.9200.16384)

Enable, disable, or drain session logins.

CHANGE LOGON {/QUERY | /ENABLE | /DISABLE | /DRAIN | /DRAINUNTILRESTART}

/QUERY    Query current session login mode.

/ENABLE   Enable user login from sessions.

/DISABLE  Disable user login from sessions.

/DRAIN    Disable new user logons, but allow reconnections to existing sessions.

/DRAINUNTILRESTART    Disable new user logons until the server is restarted, but allow reconnections to existing sessions.

Back to the top of this page

CHGPORT   (Version 6.2.9200.16384)

List or change COM port mappings for DOS application compatibility.

CHANGE PORT [portx=porty | /D portx | /QUERY]

portx=porty  Map port x to port y.

/D portx    Delete mapping for port x.

/QUERY      Display current mapping ports.

Back to the top of this page

CHGUSR   (Version 6.2.9200.16384)

Change Install Mode.

CHANGE USER {/EXECUTE | /INSTALL | /QUERY}

/EXECUTE  Enable execute mode (default).

/INSTALL  Enable install mode.

/QUERY    Display current settings.

Back to the top of this page

CHKDSK   (Version 6.2.9200.16384)

Checks a disk and displays a status report.

CHKDSK [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]] [/B] [/scan] [/spotfix]

volume              Specifies the drive letter (followed by a colon),

mount point, or volume name.

filename            FAT/FAT32 only: Specifies the files to check for

fragmentation.

/F                  Fixes errors on the disk.

/V                  On FAT/FAT32: Displays the full path and name of every

file on the disk.

On NTFS: Displays cleanup messages if any.

/R                  Locates bad sectors and recovers readable information

(implies /F, when /scan not specified).

/L:size             NTFS only:  Changes the log file size to the specified

number of kilobytes.  If size is not specified, displays

current size.

/X                  Forces the volume to dismount first if necessary.

All opened handles to the volume would then be invalid

(implies /F).

/I                  NTFS only: Performs a less vigorous check of index

entries.

/C                  NTFS only: Skips checking of cycles within the folder

structure.

/B                  NTFS only: Re-evaluates bad clusters on the volume

(implies /R)

/scan               NTFS only: Runs a online scan on the volume

/forceofflinefix    NTFS only: (Must be used with “/scan”)

Bypass all online repair; all defects found

are queued for offline repair (i.e. “chkdsk /spotfix”).

/perf               NTFS only: (Must be used with “/scan”)

Uses more system resources to complete a scan as fast as

possible. This may have a negative performance impact on

other tasks running on the system.

/spotfix            NTFS only: Runs spot fixing on the volume

/sdcleanup          NTFS only: Garbage collect unneeded security descriptor

data (implies /F).

/offlinescanandfix  Runs an offline scan and fix on the volume.

The /I or /C switch reduces the amount of time required to run Chkdsk by

skipping certain checks of the volume.

Back to the top of this page

CHKNTFS   (Version 6.2.9200.16384)

Displays or modifies the checking of disk at boot time.

CHKNTFS volume […]

CHKNTFS /D

CHKNTFS /T[:time]

CHKNTFS /X volume […]

CHKNTFS /C volume […]

volume         Specifies the drive letter (followed by a colon),

mount point, or volume name.

/D             Restores the machine to the default behavior; all drives are

checked at boot time and chkdsk is run on those that are

dirty.

/T:time        Changes the AUTOCHK initiation countdown time to the

specified amount of time in seconds.  If time is not

specified, displays the current setting.

/X             Excludes a drive from the default boot-time check.  Excluded

drives are not accumulated between command invocations.

/C             Schedules a drive to be checked at boot time; chkdsk will run

if the drive is dirty.

If no switches are specified, CHKNTFS will display if the specified drive is

dirty or scheduled to be checked on next reboot.

Back to the top of this page

CHOICE   (Version 6.2.9200.16384)

CHOICE [/C choices] [/N] [/CS] [/T timeout /D choice] [/M text]

Description:

This tool allows users to select one item from a list

of choices and returns the index of the selected choice.

Parameter List:

/C    choices       Specifies the list of choices to be created.

Default list is “YN”.

/N                  Hides the list of choices in the prompt.

The message before the prompt is displayed

and the choices are still enabled.

/CS                 Enables case-sensitive choices to be selected.

By default, the utility is case-insensitive.

/T    timeout       The number of seconds to pause before a default

choice is made. Acceptable values are from 0 to

  1. If 0 is specified, there will be no pause

and the default choice is selected.

/D    choice        Specifies the default choice after nnnn seconds.

Character must be in the set of choices specified

by /C option and must also specify nnnn with /T.

/M    text          Specifies the message to be displayed before

the prompt. If not specified, the utility

displays only a prompt.

/?                  Displays this help message.

NOTE:

The ERRORLEVEL environment variable is set to the index of the

key that was selected from the set of choices. The first choice

listed returns a value of 1, the second a value of 2, and so on.

If the user presses a key that is not a valid choice, the tool

sounds a warning beep. If tool detects an error condition,

it returns an ERRORLEVEL value of 255. If the user presses

CTRL+BREAK or CTRL+C, the tool returns an ERRORLEVEL value

of 0. When you use ERRORLEVEL parameters in a batch program, list

them in decreasing order.

Examples:

CHOICE /?

CHOICE /C YNC /M “Press Y for Yes, N for No or C for Cancel.”

CHOICE /T 10 /C ync /CS /D y

CHOICE /C ab /M “Select a for option 1 and b for option 2.”

CHOICE /C ab /N /M “Select a for option 1 and b for option 2.”

Back to the top of this page

CIPHER   (Version 6.2.9200.16384)

Displays or alters the encryption of directories [files] on NTFS partitions.

CIPHER [/E | /D | /C]

[/S:directory] [/B] [/H] [pathname […]]

CIPHER /K [/ECC:256|384|521]

CIPHER /R:filename [/SMARTCARD] [/ECC:256|384|521]

CIPHER /U [/N]

CIPHER /W:directory

CIPHER /X[:efsfile] [filename]

CIPHER /Y

CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:filename | /USER:username]

[/S:directory] [/B] [/H] [pathname […]]

CIPHER /FLUSHCACHE [/SERVER:servername]

CIPHER /REMOVEUSER /CERTHASH:hash

[/S:directory] [/B] [/H] [pathname […]]

CIPHER /REKEY [pathname […]]

/B        Abort if an error is encountered. By default, CIPHER continues

executing even if errors are encountered.

/C        Displays information on the encrypted file.

/D        Decrypts the specified files or directories.

/E        Encrypts the specified files or directories. Directories will be

marked so that files added afterward will be encrypted. The

encrypted file could become decrypted when it is modified if the

parent directory is not encrypted. It is recommended that you

encrypt the file and the parent directory.

/H        Displays files with the hidden or system attributes. These files

are omitted by default.

/K        Creates a new certificate and key for use with EFS. If this

option is chosen, all the other options will be ignored.

Note: By default, /K creates a certificate and key that conform

to current group policy. If ECC is specified, a self-signed

certificate will be created with the supplied key size.

/N        This option only works with /U. This will prevent keys being

updated. This is used to find all the encrypted files on the

local drives.

/R        Generates an EFS recovery key and certificate, then writes them

to a .PFX file (containing certificate and private key) and a

.CER file (containing only the certificate). An administrator may

add the contents of the .CER to the EFS recovery policy to create

the recovery key for users, and import the .PFX to recover

individual files. If SMARTCARD is specified, then writes the

recovery key and certificate to a smart card. A .CER file is

generated (containing only the certificate). No .PFX file is

generated.

Note: By default, /R creates an 2048-bit RSA recovery key and

certificate. If ECC is specified, it must be followed by a

key size of 256, 384, or 521.

/S        Performs the specified operation on the given directory and all

files and subdirectories within it.

/U        Tries to touch all the encrypted files on local drives. This will

update user’s file encryption key or recovery keys to the current

ones if they are changed. This option does not work with other

options except /N.

/W        Removes data from available unused disk space on the entire

volume. If this option is chosen, all other options are ignored.

The directory specified can be anywhere in a local volume. If it

is a mount point or points to a directory in another volume, the

data on that volume will be removed.

/X        Backup EFS certificate and keys into file filename. If efsfile is

provided, the current user’s certificate(s) used to encrypt the

file will be backed up. Otherwise, the user’s current EFS

certificate and keys will be backed up.

/Y        Displays your current EFS certificate thumbnail on the local PC.

/ADDUSER  Adds a user to the specified encrypted file(s). If CERTHASH is

provided, cipher will search for a certificate with this SHA1

hash. If CERTFILE is provided, cipher will extract the

certificate from the file. If USER is provided, cipher will

try to locate the user’s certificate in Active Directory Domain

Services.

/FLUSHCACHE

Clears the calling user’s EFS key cache on the specified server.

If servername is not provided, cipher clears the user’s key cache

on the local machine.

/REKEY    Updates the specified encrypted file(s) to use the configured

EFS current key.

/REMOVEUSER

Removes a user from the specified file(s). CERTHASH must be the

SHA1 hash of the certificate to remove.

directory A directory path.

filename  A filename without extensions.

pathname  Specifies a pattern, file or directory.

efsfile   An encrypted file path.

Used without parameters, CIPHER displays the encryption state of the

current directory and any files it contains. You may use multiple directory

names and wildcards. You must put spaces between multiple parameters.

Back to the top of this page

CLIP   (Version 6.2.9200.16384)

CLIP

Description:

Redirects output of command line tools to the Windows clipboard.

This text output can then be pasted into other programs.

Parameter List:

/?                  Displays this help message.

Examples:

DIR | CLIP          Places a copy of the current directory

listing into the Windows clipboard.

CLIP < README.TXT   Places a copy of the text from readme.txt

on to the Windows clipboard.

Back to the top of this page

CLS   (internal command)

Clears the screen.

CLS

Back to the top of this page

CMD   (Version 6.2.9200.16384)

Starts a new instance of the Windows command interpreter

CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF]

[[/S] [/C | /K] string]

/C      Carries out the command specified by string and then terminates

/K      Carries out the command specified by string but remains

/S      Modifies the treatment of string after /C or /K (see below)

/Q      Turns echo off

/D      Disable execution of AutoRun commands from registry (see below)

/A      Causes the output of internal commands to a pipe or file to be ANSI

/U      Causes the output of internal commands to a pipe or file to be

Unicode

/T:fg   Sets the foreground/background colors (see COLOR /? for more info)

/E:ON   Enable command extensions (see below)

/E:OFF  Disable command extensions (see below)

/F:ON   Enable file and directory name completion characters (see below)

/F:OFF  Disable file and directory name completion characters (see below)

/V:ON   Enable delayed environment variable expansion using ! as the

delimiter. For example, /V:ON would allow !var! to expand the

variable var at execution time.  The var syntax expands variables

at input time, which is quite a different thing when inside of a FOR

loop.

/V:OFF  Disable delayed environment expansion.

Note that multiple commands separated by the command separator ‘&&’

are accepted for string if surrounded by quotes.  Also, for compatibility

reasons, /X is the same as /E:ON, /Y is the same as /E:OFF and /R is the

same as /C.  Any other switches are ignored.

If /C or /K is specified, then the remainder of the command line after

the switch is processed as a command line, where the following logic is

used to process quote (“) characters:

  1. If all of the following conditions are met, then quote characters

on the command line are preserved:

– no /S switch

– exactly two quote characters

– no special characters between the two quote characters,

where special is one of: &<>()@ˆ|

– there are one or more whitespace characters between the

two quote characters

– the string between the two quote characters is the name

of an executable file.

  1. Otherwise, old behavior is to see if the first character is

a quote character and if so, strip the leading character and

remove the last quote character on the command line, preserving

any text after the last quote character.

If /D was NOT specified on the command line, then when CMD.EXE starts, it

looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if

either or both are present, they are executed first.

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun

and/or

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

Command Extensions are enabled by default.  You may also disable

extensions for a particular invocation by using the /E:OFF switch.  You

can enable or disable extensions for all invocations of CMD.EXE on a

machine and/or user logon session by setting either or both of the

following REG_DWORD values in the registry using REGEDIT.EXE:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions

and/or

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions

to either 0x1 or 0x0.  The user specific setting takes precedence over

the machine setting.  The command line switches take precedence over the

registry settings.

In a batch file, the SETLOCAL ENABLEEXTENSIONS or DISABLEEXTENSIONS arguments

takes precedence over the /E:ON or /E:OFF switch. See SETLOCAL /? for details.

The command extensions involve changes and/or additions to the following

commands:

DEL or ERASE

COLOR

CD or CHDIR

MD or MKDIR

PROMPT

PUSHD

POPD

SET

SETLOCAL

ENDLOCAL

IF

FOR

CALL

SHIFT

GOTO

START (also includes changes to external command invocation)

ASSOC

FTYPE

To get specific details, type commandname /? to view the specifics.

Delayed environment variable expansion is NOT enabled by default.  You

can enable or disable delayed environment variable expansion for a

particular invocation of CMD.EXE with the /V:ON or /V:OFF switch.  You

can enable or disable delayed expansion for all invocations of CMD.EXE on a

machine and/or user logon session by setting either or both of the

following REG_DWORD values in the registry using REGEDIT.EXE:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion

and/or

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion

to either 0x1 or 0x0.  The user specific setting takes precedence over

the machine setting.  The command line switches take precedence over the

registry settings.

In a batch file the SETLOCAL ENABLEDELAYEDEXPANSION or DISABLEDELAYEDEXPANSION

arguments takes precedence over the /V:ON or /V:OFF switch. See SETLOCAL /?

for details.

If delayed environment variable expansion is enabled, then the exclamation

character can be used to substitute the value of an environment variable

at execution time.

You can enable or disable file name completion for a particular

invocation of CMD.EXE with the /F:ON or /F:OFF switch.  You can enable

or disable completion for all invocations of CMD.EXE on a machine and/or

user logon session by setting either or both of the following REG_DWORD

values in the registry using REGEDIT.EXE:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar

and/or

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar

with the hex value of a control character to use for a particular

function (e.g.  0x4 is Ctrl-D and 0x6 is Ctrl-F).  The user specific

settings take precedence over the machine settings.  The command line

switches take precedence over the registry settings.

If completion is enabled with the /F:ON switch, the two control

characters used are Ctrl-D for directory name completion and Ctrl-F for

file name completion.  To disable a particular completion character in

the registry, use the value for space (0x20) as it is not a valid

control character.

Completion is invoked when you type either of the two control

characters.  The completion function takes the path string to the left

of the cursor appends a wild card character to it if none is already

present and builds up a list of paths that match.  It then displays the

first matching path.  If no paths match, it just beeps and leaves the

display alone.  Thereafter, repeated pressing of the same control

character will cycle through the list of matching paths.  Pressing the

Shift key with the control character will move through the list

backwards.  If you edit the line in any way and press the control

character again, the saved list of matching paths is discarded and a new

one generated.  The same occurs if you switch between file and directory

name completion.  The only difference between the two control characters

is the file completion character matches both file and directory names,

while the directory completion character only matches directory names.

If file completion is used on any of the built in directory commands

(CD, MD or RD) then directory completion is assumed.

The completion code deals correctly with file names that contain spaces

or other special characters by placing quotes around the matching path.

Also, if you back up, then invoke completion from within a line, the

text to the right of the cursor at the point completion was invoked is

discarded.

The special characters that require quotes are:

<space>

&()[]{}ˆ=;!’+,`~

Back to the top of this page

CMDKEY   (Version 6.2.9200.16384)

Creates, displays, and deletes stored user names and passwords.

The syntax of this command is:

CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}]

Examples:

To list available credentials:

cmdkey /list

cmdkey /list:targetname

To create domain credentials:

cmdkey /add:targetname /user:username /pass:password

cmdkey /add:targetname /user:username /pass

cmdkey /add:targetname /user:username

cmdkey /add:targetname /smartcard

To create generic credentials:

The /add switch may be replaced by /generic to create generic credentials

To delete existing credentials:

cmdkey /delete:targetname

To delete RAS credentials:

cmdkey /delete /ras

Back to the top of this page

COLOR   (internal command)

Sets the default console foreground and background colors.

COLOR [attr]

attr        Specifies color attribute of console output

Color attributes are specified by TWO hex digits — the first

corresponds to the background; the second the foreground.  Each digit

can be any of the following values:

0 = Black       8 = Gray

1 = Blue        9 = Light Blue

2 = Green       A = Light Green

3 = Aqua        B = Light Aqua

4 = Red         C = Light Red

5 = Purple      D = Light Purple

6 = Yellow      E = Light Yellow

7 = White       F = Bright White

If no argument is given, this command restores the color to what it was

when CMD.EXE started.  This value either comes from the current console

window, the /T command line switch or from the DefaultColor registry

value.

The COLOR command sets ERRORLEVEL to 1 if an attempt is made to execute

the COLOR command with a foreground and background color that are the

same.

Example: “COLOR fc” produces light red on bright white

Back to the top of this page

COMP   (Version 6.2.9200.16384)

Compares the contents of two files or sets of files.

COMP [data1] [data2] [/D] [/A] [/L] [/N=number] [/C] [/OFF[LINE]]

data1      Specifies location and name(s) of first file(s) to compare.

data2      Specifies location and name(s) of second files to compare.

/D         Displays differences in decimal format.

/A         Displays differences in ASCII characters.

/L         Displays line numbers for differences.

/N=number  Compares only the first specified number of lines in each file.

/C         Disregards case of ASCII letters when comparing files.

/OFF[LINE] Do not skip files with offline attribute set.

To compare sets of files, use wildcards in data1 and data2 parameters.

Back to the top of this page

COMPACT   (Version 6.2.9200.16384)

Displays or alters the compression of files on NTFS partitions.

COMPACT [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [filename […]]

/C        Compresses the specified files.  Directories will be marked

so that files added afterward will be compressed.

/U        Uncompresses the specified files.  Directories will be marked

so that files added afterward will not be compressed.

/S        Performs the specified operation on files in the given

directory and all subdirectories.  Default “dir” is the

current directory.

/A        Displays files with the hidden or system attributes.  These

files are omitted by default.

/I        Continues performing the specified operation even after errors

have occurred.  By default, COMPACT stops when an error is

encountered.

/F        Forces the compress operation on all specified files, even

those which are already compressed.  Already-compressed files

are skipped by default.

/Q        Reports only the most essential information.

filename  Specifies a pattern, file, or directory.

Used without parameters, COMPACT displays the compression state of

the current directory and any files it contains. You may use multiple

filenames and wildcards.  You must put spaces between multiple

parameters.

Back to the top of this page

CONVERT   (Version 6.2.9200.16384)

Converts a FAT volume to NTFS.

CONVERT volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X]

volume      Specifies the drive letter (followed by a colon),

mount point, or volume name.

/FS:NTFS    Specifies that the volume will be converted to NTFS.

/V          Specifies that Convert will be run in verbose mode.

/CvtArea:filename

Specifies a contiguous file in the root directory

that will be the place holder for NTFS system files.

/NoSecurity Specifies that the security settings on the converted

files and directories allow access by all users.

/X          Forces the volume to dismount first if necessary.

All open handles to the volume will not be valid.

Back to the top of this page

COPY   (internal command)

Copies one or more files to another location.

COPY [/D] [/V] [/N] [/Y | /-Y] [/Z] [/L] [/A | /B ] source [/A | /B]

[+ source [/A | /B] [+ …]] [destination [/A | /B]]

source       Specifies the file or files to be copied.

/A           Indicates an ASCII text file.

/B           Indicates a binary file.

/D           Allow the destination file to be created decrypted

destination  Specifies the directory and/or filename for the new file(s).

/V           Verifies that new files are written correctly.

/N           Uses short filename, if available, when copying a file with a

non-8dot3 name.

/Y           Suppresses prompting to confirm you want to overwrite an

existing destination file.

/-Y          Causes prompting to confirm you want to overwrite an

existing destination file.

/Z           Copies networked files in restartable mode.

/L           If the source is a symbolic link, copy the link to the target

instead of the actual file the source link points to.

The switch /Y may be preset in the COPYCMD environment variable.

This may be overridden with /-Y on the command line.  Default is

to prompt on overwrites unless COPY command is being executed from

within a batch script.

To append files, specify a single file for destination, but multiple files

for source (using wildcards or file1+file2+file3 format).

Back to the top of this page

CSCRIPT   (Version 5.8.9200.16384)

Microsoft (R) Windows Script Host Version 5.8

Copyright (C) Microsoft Corporation. All rights reserved.

Usage: CScript scriptname.extension [option…] [arguments…]

Options:

//B         Batch mode: Suppresses script errors and prompts from displaying

//D         Enable Active Debugging

//E:engine  Use engine for executing script

//H:CScript Changes the default script host to CScript.exe

//H:WScript Changes the default script host to WScript.exe (default)

//I         Interactive mode (default, opposite of //B)

//Job:xxxx  Execute a WSF job

//Logo      Display logo (default)

//Nologo    Prevent logo display: No banner will be shown at execution time

//S         Save current command line options for this user

//T:nn      Time out in seconds:  Maximum time a script is permitted to run

//X         Execute script in debugger

//U         Use Unicode for redirected I/O from the console

Back to the top of this page

DATE   (internal command)

Displays or sets the date.

DATE [/T | date]

Type DATE without parameters to display the current date setting and

a prompt for a new one.  Press ENTER to keep the same date.

If Command Extensions are enabled the DATE command supports

the /T switch which tells the command to just output the

current date, without prompting for a new date.

Back to the top of this page

DEFRAG   (Version 6.2.9200.16384)

Microsoft Drive Optimizer

Copyright (c) 2012 Microsoft Corp.

Description:

Optimizes and defragments files on local volumes to

improve system performance.

Syntax:

defrag <volumes> | /C | /E <volumes> [<task(s)>] [/H] [/M | [/U] [/V]]

Where <task(s)> is omitted (traditional defrag), or as follows:

/A | [/D] [/K] [/L] | /O | /X

Or, to track an operation already in progress on a volume:

defrag <volume> /T

Parameters:

Value   Description

/A      Perform analysis on the specified volumes.

/C      Perform the operation on all volumes.

/D      Perform traditional defrag (this is the default).

/E      Perform the operation on all volumes except those specified.

/H      Run the operation at normal priority (default is low).

/K      Perform slab consolidation on the specified volumes.

/L      Perform retrim on the specified volumes.

/M      Run the operation on each volume in parallel in the background.

/O      Perform the proper optimization for each media type.

/T      Track an operation already in progress on the specified volume.

/U      Print the progress of the operation on the screen.

/V      Print verbose output containing the fragmentation statistics.

/X      Perform free space consolidation on the specified volumes.

Examples:

defrag C: /U /V

defrag C: D: /M

defrag C:\mountpoint /A /U

defrag /C /H /V

Back to the top of this page

DEL   (internal command)

Deletes one or more files.

DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

names         Specifies a list of one or more files or directories.

Wildcards may be used to delete multiple files. If a

directory is specified, all files within the directory

will be deleted.

/P            Prompts for confirmation before deleting each file.

/F            Force deleting of read-only files.

/S            Delete specified files from all subdirectories.

/Q            Quiet mode, do not ask if ok to delete on global wildcard

/A            Selects files to delete based on attributes

attributes    R  Read-only files            S  System files

H  Hidden files               A  Files ready for archiving

I  Not content indexed Files  L  Reparse Points

–  Prefix meaning not

If Command Extensions are enabled DEL and ERASE change as follows:

The display semantics of the /S switch are reversed in that it shows

you only the files that are deleted, not the ones it could not find.

Back to the top of this page

DIR   (internal command)

Displays a list of files and subdirectories in a directory.

DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N]

[/O[[:]sortorder]] [/P] [/Q] [/R] [/S] [/T[[:]timefield]] [/W] [/X] [/4]

[drive:][path][filename]

Specifies drive, directory, and/or files to list.

/A          Displays files with specified attributes.

attributes   D  Directories                R  Read-only files

H  Hidden files               A  Files ready for archiving

S  System files               I  Not content indexed files

L  Reparse Points             –  Prefix meaning not

/B          Uses bare format (no heading information or summary).

/C          Display the thousand separator in file sizes.  This is the

default.  Use /-C to disable display of separator.

/D          Same as wide but files are list sorted by column.

/L          Uses lowercase.

/N          New long list format where filenames are on the far right.

/O          List by files in sorted order.

sortorder    N  By name (alphabetic)       S  By size (smallest first)

E  By extension (alphabetic)  D  By date/time (oldest first)

G  Group directories first    –  Prefix to reverse order

/P          Pauses after each screenful of information.

/Q          Display the owner of the file.

/R          Display alternate data streams of the file.

/S          Displays files in specified directory and all subdirectories.

/T          Controls which time field displayed or used for sorting

timefield   C  Creation

A  Last Access

W  Last Written

/W          Uses wide list format.

/X          This displays the short names generated for non-8dot3 file

names.  The format is that of /N with the short name inserted

before the long name. If no short name is present, blanks are

displayed in its place.

/4          Displays four-digit years

Switches may be preset in the DIRCMD environment variable.  Override

preset switches by prefixing any switch with – (hyphen)–for example, /-W.

Back to the top of this page

DISKCOMP   (Version 6.2.9200.16384)

Compares the contents of two floppy disks.

DISKCOMP [drive1: [drive2:]]

Back to the top of this page

DISKCOPY   (Version 6.2.9200.16384)

Copies the contents of one floppy disk to another.

DISKCOPY [drive1: [drive2:]] [/V]

/V   Verifies that the information is copied correctly.

The two floppy disks must be the same type.

You may specify the same drive for drive1 and drive2.

Back to the top of this page

DISKPERF   (Version 6.2.9200.16384)

DISKPERF [-Y[D|V] | -N[D|V]] [\\computername]

-Y  Sets the system to start all disk performance counters

when the system is restarted.

-YD Enables the disk performance counters for physical drives.

when the system is restarted.

-YV Enables the disk performance counters for logical drives

or storage volumes when the system is restarted.

-N  Sets the system to disable all disk performance counters

when the system is restarted.

-ND Disables the disk performance counters for physical drives.

-NV Disables the disk performance counters for logical drives.

\\computername        Is the name of the computer you want to

see or set disk performance counter use.

The computer must be a Windows 2000 system.

NOTE: Disk performance counters are permanently enabled on

systems beyond Windows 2000.

Back to the top of this page

DISKRAID   (Version 6.2.9200.16384)

Access is denied.

Back to the top of this page

DISM   (Version 6.2.9200.16384)

Error: 740

Elevated permissions are required to run DISM.

Use an elevated command prompt to complete these tasks.

Back to the top of this page

DISPDIAG   (Version 6.2.9200.16384)

Logs display information to a file in the current directory.

Usage: dispdiag [-testacpi] [-d] [-delay <seconds>] [-brightnesslogging] [-out <FilePath>]

-testacpi            runs hotkey diagnostics test

-d                   generates a dmp file as well with additional data.

-delay               delays the collection of data by specified time in seconds.

-out <FilePath>      path where the dispdiag file should be saved, including filename. This must be the last parameter

-brightnesslogging   toggle verbose brightness logging.

Output:

Name of the saved file.

Back to the top of this page

DOSKEY   (Version 6.2.9200.16384)

Edits command lines, recalls Windows commands, and creates macros.

DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL | :exename]]

[/HISTORY] [/INSERT | /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename]

[macroname=[text]]

/REINSTALL          Installs a new copy of Doskey.

/LISTSIZE=size      Sets size of command history buffer.

/MACROS             Displays all Doskey macros.

/MACROS:ALL         Displays all Doskey macros for all executables which have

Doskey macros.

/MACROS:exename     Displays all Doskey macros for the given executable.

/HISTORY            Displays all commands stored in memory.

/INSERT             Specifies that new text you type is inserted in old text.

/OVERSTRIKE         Specifies that new text overwrites old text.

/EXENAME=exename    Specifies the executable.

/MACROFILE=filename Specifies a file of macros to install.

macroname           Specifies a name for a macro you create.

text                Specifies commands you want to record.

UP and DOWN ARROWS recall commands; ESC clears command line; F7 displays

command history; ALT+F7 clears command history; F8 searches command

history; F9 selects a command by number; ALT+F10 clears macro definitions.

The following are some special codes in Doskey macro definitions:

$T     Command separator.  Allows multiple commands in a macro.

$1-$9  Batch parameters.  Equivalent to %1-%9 in batch programs.

$*     Symbol replaced by everything following macro name on command line.

Back to the top of this page

DPATH   (internal command)

Allows programs to open data files in specified directories as if they were

in the current directory.

APPEND [[drive:]path[;…]] [/X[:ON | :OFF]] [/PATH:ON | /PATH:OFF] [/E]

APPEND ;

[drive:]path Specifies a drive and directory to append.

/X:ON        Applies appended directories to file searches and

application execution.

/X:OFF       Applies appended directories only to requests to open files.

/X:OFF is the default setting.

/PATH:ON     Applies the appended directories to file requests that already

specify a path.  /PATH:ON is the default setting.

/PATH:OFF    Turns off the effect of /PATH:ON.

/E           Stores a copy of the appended directory list in an environment

variable named APPEND.  /E may be used only the first time

you use APPEND after starting up your system.

Type APPEND ; to clear the appended directory list.

Type APPEND without parameters to display the appended directory list.

Back to the top of this page

DRIVERQUERY   (Version 6.2.9200.16384)

DRIVERQUERY [/S system [/U username [/P [password]]]]

[/FO format] [/NH] [/SI] [/V]

Description:

Enables an administrator to display a list of

installed device drivers.

Parameter List:

/S     system           Specifies the remote system to connect to.

/U     [domain\]user    Specifies the user context

under which the command should execute.

/P     [password]       Specify the password for the given

user context.

/FO    format           Specifies the type of output to display.

Valid values to be passed with the

switch are “TABLE”, “LIST”, “CSV”.

/NH                     Specifies that the “Column Header”

should not be displayed. Valid for

“TABLE” and “CSV” format only.

/SI                     Provides information about signed drivers.

/V                      Displays verbose output. Not valid

for signed drivers.

/?                      Displays this help message.

Examples:

DRIVERQUERY

DRIVERQUERY /FO CSV /SI

DRIVERQUERY /NH

DRIVERQUERY /S ipaddress /U user /V

DRIVERQUERY /S system /U domain\user /P password /FO LIST

Back to the top of this page

ECHO   (internal command)

Displays messages, or turns command-echoing on or off.

ECHO [ON | OFF]

ECHO [message]

Type ECHO without parameters to display the current echo setting.

Back to the top of this page

ENDLOCAL   (internal command)

Ends localization of environment changes in a batch file.

Environment changes made after ENDLOCAL has been issued are

not local to the batch file; the previous settings are not

restored on termination of the batch file.

ENDLOCAL

If Command Extensions are enabled ENDLOCAL changes as follows:

If the corresponding SETLOCAL enable or disabled command extensions

using the new ENABLEEXTENSIONS or DISABLEEXTENSIONS options, then

after the ENDLOCAL, the enabled/disabled state of command extensions

will be restored to what it was prior to the matching SETLOCAL

command execution.

Back to the top of this page

ERASE   (internal command)

Deletes one or more files.

DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

names         Specifies a list of one or more files or directories.

Wildcards may be used to delete multiple files. If a

directory is specified, all files within the directory

will be deleted.

/P            Prompts for confirmation before deleting each file.

/F            Force deleting of read-only files.

/S            Delete specified files from all subdirectories.

/Q            Quiet mode, do not ask if ok to delete on global wildcard

/A            Selects files to delete based on attributes

attributes    R  Read-only files            S  System files

H  Hidden files               A  Files ready for archiving

I  Not content indexed Files  L  Reparse Points

–  Prefix meaning not

If Command Extensions are enabled DEL and ERASE change as follows:

The display semantics of the /S switch are reversed in that it shows

you only the files that are deleted, not the ones it could not find.

Back to the top of this page

EVENTCREATE   (Version 6.2.9200.16384)

EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid

[/L logname] [/SO srcname] /T type /D description

Description:

This command line tool enables an administrator to create

a custom event ID and message in a specified event log.

Parameter List:

/S    system           Specifies the remote system to connect to.

/U    [domain\]user    Specifies the user context under which

the command should execute.

/P    [password]       Specifies the password for the given

user context. Prompts for input if omitted.

/L    logname          Specifies the event log to create

an event in.

/T    type             Specifies the type of event to create.

Valid types: SUCCESS, ERROR, WARNING, INFORMATION.

/SO   source           Specifies the source to use for the

event (if not specified, source will default

to ‘eventcreate’). A valid source can be any

string and should represent the application

or component that is generating the event.

/ID   id               Specifies the event ID for the event. A

valid custom message ID is in the range

of 1 – 1000.

/D    description      Specifies the description text for the new event.

/?                     Displays this help message.

Examples:

EVENTCREATE /T ERROR /ID 1000

/L APPLICATION /D “My custom error event for the application log”

EVENTCREATE /T ERROR /ID 999 /L APPLICATION

/SO WinWord /D “Winword event 999 happened due to low diskspace”

EVENTCREATE /S system /T ERROR /ID 100

/L APPLICATION /D “Custom job failed to install”

EVENTCREATE /S system /U user /P password /ID 1 /T ERROR

/L APPLICATION /D “User access failed due to invalid user credentials”

Back to the top of this page

EXIT   (internal command)

Quits the CMD.EXE program (command interpreter) or the current batch

script.

EXIT [/B] [exitCode]

/B          specifies to exit the current batch script instead of

CMD.EXE.  If executed from outside a batch script, it

will quit CMD.EXE

exitCode    specifies a numeric number.  if /B is specified, sets

ERRORLEVEL that number.  If quitting CMD.EXE, sets the process

exit code with that number.

Back to the top of this page

EXPAND   (Version 6.2.9200.16384)

Microsoft (R) File Expansion Utility  Version 6.2.9200.16384

Copyright (c) Microsoft Corporation. All rights reserved.

Expands one or more compressed files.

EXPAND [-R] Source Destination

EXPAND -R Source [Destination]

EXPAND -I Source [Destination]

EXPAND -D Source.cab [-F:Files]

EXPAND Source.cab -F:Files Destination

-R           Rename expanded files.

-I           Rename expanded files but ignore directory structure.

-D           Display list of files in source.

Source       Source file specification.  Wildcards may be used.

-F:Files     Name of files to expand from a .CAB.

Destination  Destination file | path specification.

Destination may be a directory.

If Source is multiple files and -r is not specified,

Destination must be a directory.

Back to the top of this page

EXTRACT

Extract NT – Extract file in wImage – V 2.10 (c) 1991-96 Gilles Vollant

Visit web page : http://ourworld.compuserve.com/homepages/gvollant/extract.htm

Usage:

Extract -l <file> [<Files names>]             List file in an image

Extract -e <file> [x:outpath] [<Files names>] Extract files

Extract -x <file> [x:outpath] [<Files names>] eXtract files with pathname

Extract -i <file> [<Files names>] [-Fnnn]     Inject files on an image

Extract -b <file>                             Show boot sector information

Using -oe or -ox instead -e or -x extract Overwriting existing files

Using -it instead -i Truncate unused image part

-Fnnn : size of image you want create (360,720,120,144,172,288…)

Utilities from Gilles VOLLANT – 13 rue Mansart 91540 MENNECY – FRANCE

Internet : 100144.2636@compuserve.com

Extract is a freeware, but if you like this software, you can send me

$20 or 100 French Francs, and I send you WinImage, a very powerful Windows 3.1

and Windows NT shareware I wrote with a superset of Extract functionnality

Back to the top of this page

FC   (Version 6.2.9200.16384)

Compares two files or sets of files and displays the differences between

them

FC [/A] [/C] [/L] [/LBn] [/N] [/OFF[LINE]] [/T] [/U] [/W] [/nnnn]

[drive1:][path1]filename1 [drive2:][path2]filename2

FC /B [drive1:][path1]filename1 [drive2:][path2]filename2

/A         Displays only first and last lines for each set of differences.

/B         Performs a binary comparison.

/C         Disregards the case of letters.

/L         Compares files as ASCII text.

/LBn       Sets the maximum consecutive mismatches to the specified

number of lines.

/N         Displays the line numbers on an ASCII comparison.

/OFF[LINE] Do not skip files with offline attribute set.

/T         Does not expand tabs to spaces.

/U         Compare files as UNICODE text files.

/W         Compresses white space (tabs and spaces) for comparison.

/nnnn      Specifies the number of consecutive lines that must match

after a mismatch.

[drive1:][path1]filename1

Specifies the first file or set of files to compare.

[drive2:][path2]filename2

Specifies the second file or set of files to compare.

Back to the top of this page

FIND   (Version 6.2.9200.16384)

Searches for a text string in a file or files.

FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] “string” [[drive:][path]filename[ …]]

/V         Displays all lines NOT containing the specified string.

/C         Displays only the count of lines containing the string.

/N         Displays line numbers with the displayed lines.

/I         Ignores the case of characters when searching for the string.

/OFF[LINE] Do not skip files with offline attribute set.

“string”   Specifies the text string to find.

[drive:][path]filename

Specifies a file or files to search.

If a path is not specified, FIND searches the text typed at the prompt

or piped from another command.

Back to the top of this page

FINDSTR   (Version 6.2.9200.16384)

Searches for strings in files.

FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file]

[/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]]

strings [[drive:][path]filename[ …]]

/B         Matches pattern if at the beginning of a line.

/E         Matches pattern if at the end of a line.

/L         Uses search strings literally.

/R         Uses search strings as regular expressions.

/S         Searches for matching files in the current directory and all

subdirectories.

/I         Specifies that the search is not to be case-sensitive.

/X         Prints lines that match exactly.

/V         Prints only lines that do not contain a match.

/N         Prints the line number before each line that matches.

/M         Prints only the filename if a file contains a match.

/O         Prints character offset before each matching line.

/P         Skip files with non-printable characters.

/OFF[LINE] Do not skip files with offline attribute set.

/A:attr    Specifies color attribute with two hex digits. See “color /?”

/F:file    Reads file list from the specified file(/ stands for console).

/C:string  Uses specified string as a literal search string.

/G:file    Gets search strings from the specified file(/ stands for console).

/D:dir     Search a semicolon delimited list of directories

strings    Text to be searched for.

[drive:][path]filename

Specifies a file or files to search.

Use spaces to separate multiple search strings unless the argument is prefixed

with /C.  For example, ‘FINDSTR “hello there” x.y’ searches for “hello” or

“there” in file x.y.  ‘FINDSTR /C:”hello there” x.y’ searches for

“hello there” in file x.y.

Regular expression quick reference:

.        Wildcard: any character

*        Repeat: zero or more occurrences of previous character or class

ˆ        Line position: beginning of line

$        Line position: end of line

[class]  Character class: any one character in set

[ˆclass] Inverse class: any one character not in set

[x-y]    Range: any characters within the specified range

\x       Escape: literal use of metacharacter x

\<xyz    Word position: beginning of word

xyz\>    Word position: end of word

For full information on FINDSTR regular expressions refer to the online Command

Reference.

Back to the top of this page

FINGER   (Version 6.2.9200.16384)

Displays information about a user on a specified system running the

Finger service. Output varies based on the remote system.

FINGER [-l] [user]@host […]

-l        Displays information in long list format.

user      Specifies the user you want information about. Omit the user

parameter to display information about all users on the

specifed host.

@host     Specifies the server on the remote system whose users you

want information about.

Back to the top of this page

FLTMC   (Version 6.2.9200.16384)

** Invalid command

Valid commands:

load        Loads a Filter driver

unload      Unloads a Filter driver

filters     Lists the Filters currently registered in the system

instances   Lists the Instances for a Filter or Volume currently

registered in the system

volumes     Lists all volumes/RDRs in the system

attach      Creates a Filter Instance to a Volume

detach      Removes a Filter Instance from a Volume

Use fltmc help [ command ] for help on a specific command

Back to the top of this page

FOR   (internal command)

Runs a specified command for each file in a set of files.

FOR %variable IN (set) DO command [command-parameters]

%variable  Specifies a single letter replaceable parameter.

(set)      Specifies a set of one or more files.  Wildcards may be used.

command    Specifies the command to carry out for each file.

command-parameters

Specifies parameters or switches for the specified command.

To use the FOR command in a batch program, specify %%variable instead

of %variable.  Variable names are case sensitive, so %i is different

from %I.

If Command Extensions are enabled, the following additional

forms of the FOR command are supported:

FOR /D %variable IN (set) DO command [command-parameters]

If set contains wildcards, then specifies to match against directory

names instead of file names.

FOR /R [[drive:]path] %variable IN (set) DO command [command-parameters]

Walks the directory tree rooted at [drive:]path, executing the FOR

statement in each directory of the tree.  If no directory

specification is specified after /R then the current directory is

assumed.  If set is just a single period (.) character then it

will just enumerate the directory tree.

FOR /L %variable IN (start,step,end) DO command [command-parameters]

The set is a sequence of numbers from start to end, by step amount.

So (1,1,5) would generate the sequence 1 2 3 4 5 and (5,-1,1) would

generate the sequence (5 4 3 2 1)

FOR /F [“options”] %variable IN (file-set) DO command [command-parameters]

FOR /F [“options”] %variable IN (“string”) DO command [command-parameters]

FOR /F [“options”] %variable IN (‘command’) DO command [command-parameters]

or, if usebackq option present:

FOR /F [“options”] %variable IN (file-set) DO command [command-parameters]

FOR /F [“options”] %variable IN (‘string’) DO command [command-parameters]

FOR /F [“options”] %variable IN (`command`) DO command [command-parameters]

file-set is one or more file names.  Each file is opened, read

and processed before going on to the next file in file-set.

Processing consists of reading in the file, breaking it up into

individual lines of text and then parsing each line into zero or

more tokens.  The body of the for loop is then called with the

variable value(s) set to the found token string(s).  By default, /F

passes the first blank separated token from each line of each file.

Blank lines are skipped.  You can override the default parsing

behavior by specifying the optional “options” parameter.  This

is a quoted string which contains one or more keywords to specify

different parsing options.  The keywords are:

eol=c           – specifies an end of line comment character

(just one)

skip=n          – specifies the number of lines to skip at the

beginning of the file.

delims=xxx      – specifies a delimiter set.  This replaces the

default delimiter set of space and tab.

tokens=x,y,m-n  – specifies which tokens from each line are to

be passed to the for body for each iteration.

This will cause additional variable names to

be allocated.  The m-n form is a range,

specifying the mth through the nth tokens.  If

the last character in the tokens= string is an

asterisk, then an additional variable is

allocated and receives the remaining text on

the line after the last token parsed.

usebackq        – specifies that the new semantics are in force,

where a back quoted string is executed as a

command and a single quoted string is a

literal string command and allows the use of

double quotes to quote file names in

file-set.

Some examples might help:

FOR /F “eol=; tokens=2,3* delims=, ” %i in (myfile.txt) do @echo %i %j %k

would parse each line in myfile.txt, ignoring lines that begin with

a semicolon, passing the 2nd and 3rd token from each line to the for

body, with tokens delimited by commas and/or spaces.  Notice the for

body statements reference %i to get the 2nd token, %j to get the

3rd token, and %k to get all remaining tokens after the 3rd.  For

file names that contain spaces, you need to quote the filenames with

double quotes.  In order to use double quotes in this manner, you also

need to use the usebackq option, otherwise the double quotes will be

interpreted as defining a literal string to parse.

%i is explicitly declared in the for statement and the %j and %k

are implicitly declared via the tokens= option.  You can specify up

to 26 tokens via the tokens= line, provided it does not cause an

attempt to declare a variable higher than the letter ‘z’ or ‘Z’.

Remember, FOR variables are single-letter, case sensitive, global,

and you can’t have more than 52 total active at any one time.

You can also use the FOR /F parsing logic on an immediate string, by

making the file-set between the parenthesis a quoted string,

using single quote characters.  It will be treated as a single line

of input from a file and parsed.

Finally, you can use the FOR /F command to parse the output of a

command.  You do this by making the file-set between the

parenthesis a back quoted string.  It will be treated as a command

line, which is passed to a child CMD.EXE and the output is captured

into memory and parsed as if it was a file.  So the following

example:

FOR /F “usebackq delims==” %i IN (`set`) DO @echo %i

would enumerate the environment variable names in the current

environment.

In addition, substitution of FOR variable references has been enhanced.

You can now use the following optional syntax:

%~I         – expands %I removing any surrounding quotes (“)

%~fI        – expands %I to a fully qualified path name

%~dI        – expands %I to a drive letter only

%~pI        – expands %I to a path only

%~nI        – expands %I to a file name only

%~xI        – expands %I to a file extension only

%~sI        – expanded path contains short names only

%~aI        – expands %I to file attributes of file

%~tI        – expands %I to date/time of file

%~zI        – expands %I to size of file

%~$PATH:I   – searches the directories listed in the PATH

environment variable and expands %I to the

fully qualified name of the first one found.

If the environment variable name is not

defined or the file is not found by the

search, then this modifier expands to the

empty string

The modifiers can be combined to get compound results:

%~dpI       – expands %I to a drive letter and path only

%~nxI       – expands %I to a file name and extension only

%~fsI       – expands %I to a full path name with short names only

%~dp$PATH:I – searches the directories listed in the PATH

environment variable for %I and expands to the

drive letter and path of the first one found.

%~ftzaI     – expands %I to a DIR like output line

In the above examples %I and PATH can be replaced by other valid

values.  The %~ syntax is terminated by a valid FOR variable name.

Picking upper case variable names like %I makes it more readable and

avoids confusion with the modifiers, which are not case sensitive.

Back to the top of this page

FORFILES   (Version 6.2.9200.16384)

FORFILES [/P pathname] [/M searchmask] [/S]

[/C command] [/D [+ | -] {dd-MM-yyyy | dd}]

Description:

Selects a file (or set of files) and executes a

command on that file. This is helpful for batch jobs.

Parameter List:

/P    pathname      Indicates the path to start searching.

The default folder is the current working

directory (.).

/M    searchmask    Searches files according to a searchmask.

The default searchmask is ‘*’ .

/S                  Instructs forfiles to recurse into

subdirectories. Like “DIR /S”.

/C    command       Indicates the command to execute for each file.

Command strings should be wrapped in double

quotes.

The default command is “cmd /c echo @file”.

The following variables can be used in the

command string:

@file    – returns the name of the file.

@fname   – returns the file name without

extension.

@ext     – returns only the extension of the

file.

@path    – returns the full path of the file.

@relpath – returns the relative path of the

file.

@isdir   – returns “TRUE” if a file type is

a directory, and “FALSE” for files.

@fsize   – returns the size of the file in

bytes.

@fdate   – returns the last modified date of the

file.

@ftime   – returns the last modified time of the

file.

To include special characters in the command

line, use the hexadecimal code for the character

in 0xHH format (ex. 0x09 for tab). Internal

CMD.exe commands should be preceded with

“cmd /c”.

/D    date          Selects files with a last modified date greater

than or equal to (+), or less than or equal to

(-), the specified date using the

“dd-MM-yyyy” format; or selects files with a

last modified date greater than or equal to (+)

the current date plus “dd” days, or less than or

equal to (-) the current date minus “dd” days. A

valid “dd” number of days can be any number in

the range of 0 – 32768.

“+” is taken as default sign if not specified.

/?                  Displays this help message.

Examples:

FORFILES /?

FORFILES

FORFILES /P C:\WINDOWS /S /M DNS*.*

FORFILES /S /M *.txt /C “cmd /c type @file | more”

FORFILES /P C:\ /S /M *.bat

FORFILES /D -30 /M *.exe

/C “cmd /c echo @path 0x09 was changed 30 days ago”

FORFILES /D 01-01-2001

/C “cmd /c echo @fname is new since Jan 1st 2001”

FORFILES /D +13-6-2014 /C “cmd /c echo @fname is new today”

FORFILES /M *.exe /D +1

FORFILES /S /M *.doc /C “cmd /c echo @fsize”

FORFILES /M *.txt /C “cmd /c if @isdir==FALSE notepad.exe @file”

Back to the top of this page

FORMAT   (Version 6.2.9200.16384)

Formats a disk for use with Windows.

FORMAT volume [/FS:file-system] [/V:label] [/Q] [/L] [/A:size] [/C] [/I:state] [/X] [/P:passes] [/S:state]

FORMAT volume [/V:label] [/Q] [/F:size] [/P:passes]

FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors] [/P:passes]

FORMAT volume [/V:label] [/Q] [/P:passes]

FORMAT volume [/Q]

volume          Specifies the drive letter (followed by a colon),

mount point, or volume name.

/FS:filesystem  Specifies the type of the file system (FAT, FAT32, exFAT,

NTFS, UDF).

/V:label        Specifies the volume label.

/Q              Performs a quick format. Note that this switch overrides /P.

/C              NTFS only: Files created on the new volume will be compressed

by default.

/X              Forces the volume to dismount first if necessary.  All opened

handles to the volume would no longer be valid.

/R:revision     UDF only: Forces the format to a specific UDF version

(1.02, 1.50, 2.00, 2.01, 2.50).  The default

revision is 2.01.

/D              UDF 2.50 only: Metadata will be duplicated.

/L              NTFS Only: Use large size file records.

By default, the volume will be formatted with small size file

records.

/A:size         Overrides the default allocation unit size. Default settings

are strongly recommended for general use.

NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.

FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,

(128K, 256K for sector size > 512 bytes).

FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,

(128K, 256K for sector size > 512 bytes).

exFAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,

128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M.

Note that the FAT and FAT32 files systems impose the

following restrictions on the number of clusters on a volume:

FAT: Number of clusters <= 65526

FAT32: 65526 < Number of clusters < 4177918

Format will immediately stop processing if it decides that

the above requirements cannot be met using the specified

cluster size.

NTFS compression is not supported for allocation unit sizes

above 4096.

/F:size         Specifies the size of the floppy disk to format (1.44)

/T:tracks       Specifies the number of tracks per disk side.

/N:sectors      Specifies the number of sectors per track.

/P:count        Zero every sector on the volume.  After that, the volume

will be overwritten “count” times using a different

random number each time.  If “count” is zero, no additional

overwrites are made after zeroing every sector.  This switch

is ignored when /Q is specified.

/S:state        Specifies support for short filenames (enable, disable)

Short names are disabled by default

Back to the top of this page

FSUTIL   (Version 6.2.9200.16384)

/? is an invalid parameter.

—- Commands Supported —-

8dot3name       8dot3name management

behavior        Control file system behavior

dirty           Manage volume dirty bit

file            File specific commands

fsinfo          File system information

hardlink        Hardlink management

objectid        Object ID management

quota           Quota management

repair          Self healing management

reparsepoint    Reparse point management

resource        Transactional Resource Manager management

sparse          Sparse file control

transaction     Transaction management

usn             USN management

volume          Volume management

Back to the top of this page

FTP   (Version 6.2.9200.16384)

Transfers files to and from a computer running an FTP server service

(sometimes called a daemon). Ftp can be used interactively.

FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-A] [-x:sendbuffer] [-r:recvbuffer] [-b:asyncbuffers] [-w:windowsize] [host]

-v              Suppresses display of remote server responses.

-n              Suppresses auto-login upon initial connection.

-i              Turns off interactive prompting during multiple file

transfers.

-d              Enables debugging.

-g              Disables filename globbing (see GLOB command).

-s:filename     Specifies a text file containing FTP commands; the

commands will automatically run after FTP starts.

-a              Use any local interface when binding data connection.

-A              login as anonymous.

-x:send sockbuf Overrides the default SO_SNDBUF size of 8192.

-r:recv sockbuf Overrides the default SO_RCVBUF size of 8192.

-b:async count  Overrides the default async count of 3

-w:windowsize   Overrides the default transfer buffer size of 65535.

host            Specifies the host name or IP address of the remote

host to connect to.

Notes:

– mget and mput commands take y/n/q for yes/no/quit.

– Use Control-C to abort commands.

Back to the top of this page

FTYPE   (internal command)

Displays or modifies file types used in file extension associations

FTYPE [fileType[=[openCommandString]]]

fileType  Specifies the file type to examine or change

openCommandString Specifies the open command to use when launching files

of this type.

Type FTYPE without parameters to display the current file types that

have open command strings defined.  FTYPE is invoked with just a file

type, it displays the current open command string for that file type.

Specify nothing for the open command string and the FTYPE command will

delete the open command string for the file type.  Within an open

command string %0 or %1 are substituted with the file name being

launched through the assocation.  %* gets all the parameters and %2

gets the 1st parameter, %3 the second, etc.  %~n gets all the remaining

parameters starting with the nth parameter, where n may be between 2 and 9,

inclusive.  For example:

ASSOC .pl=PerlScript

FTYPE PerlScript=perl.exe %1 %*

would allow you to invoke a Perl script as follows:

script.pl 1 2 3

If you want to eliminate the need to type the extensions, then do the

following:

set PATHEXT=.pl;%PATHEXT%

and the script could be invoked as follows:

script 1 2 3

Back to the top of this page

GETMAC   (Version 6.2.9200.16384)

GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V]

Description:

This tool enables an administrator to display the MAC address

for network adapters on a system.

Parameter List:

/S     system            Specifies the remote system to connect to.

/U     [domain\]user     Specifies the user context under

which the command should execute.

/P     [password]        Specifies the password for the given

user context. Prompts for input if omitted.

/FO    format            Specifies the format in which the output

is to be displayed.

Valid values: “TABLE”, “LIST”, “CSV”.

/NH                      Specifies that the “Column Header” should

not be displayed in the output.

Valid only for TABLE and CSV formats.

/V                       Specifies that verbose output is displayed.

/?                       Displays this help message.

Examples:

GETMAC /?

GETMAC /FO csv

GETMAC /S system /NH /V

GETMAC /S system /U user

GETMAC /S system /U domain\user /P password /FO list /V

GETMAC /S system /U domain\user /P password /FO table /NH

Back to the top of this page

GOTO   (internal command)

Directs cmd.exe to a labeled line in a batch program.

GOTO label

label   Specifies a text string used in the batch program as a label.

You type a label on a line by itself, beginning with a colon.

If Command Extensions are enabled GOTO changes as follows:

GOTO command now accepts a target label of :EOF which transfers control

to the end of the current batch script file.  This is an easy way to

exit a batch script file without defining a label.  Type CALL /?  for a

description of extensions to the CALL command that make this feature

useful.

Back to the top of this page

GPRESULT   (Version 6.2.9200.16384)

GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope]

[/USER targetusername] [/R | /V | /Z] [(/X | /H) <filename> [/F]]

Description:

This command line tool displays the Resultant Set of Policy (RSoP)

information for a target user and computer.

Parameter List:

/S        system           Specifies the remote system to connect to.

/U        [domain\]user    Specifies the user context under which the

command should run.

Can not be used with /X, /H.

/P        [password]       Specifies the password for the given user

context. Prompts for input if omitted.

Cannot be used with /X, /H.

/SCOPE    scope            Specifies whether the user or the

computer settings need to be displayed.

Valid values: “USER”, “COMPUTER”.

/USER     [domain\]user    Specifies the user name for which the

RSoP data is to be displayed.

/X        <filename>       Saves the report in XML format at the

location and with the file name specified

by the <filename> parameter. (valid in Windows

Vista SP1 and later and Windows Server 2008 and later)

/H        <filename>       Saves the report in HTML format at the

location and with the file name specified by

the <filename> parameter. (valid in Windows

at least Vista SP1 and at least Windows Server 2008)

/F                         Forces Gpresult to overwrite the file name

specified in the /X or /H command.

/R                         Displays RSoP summary data.

/V                         Specifies that verbose information should

be displayed. Verbose information provides

additional detailed settings that have

been applied with a precedence of 1.

/Z                         Specifies that the super-verbose

information should be displayed. Super-

verbose information provides additional

detailed settings that have been applied

with a precedence of 1 and higher. This

allows you to see if a setting was set in

multiple places. See the Group Policy

online help topic for more information.

/?                         Displays this help message.

Examples:

GPRESULT /R

GPRESULT /H GPReport.html

GPRESULT /USER targetusername /V

GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z

GPRESULT /S system /U username /P password /SCOPE USER /V

Back to the top of this page

GPUPDATE   (Version 6.2.9200.16384)

Description:  Updates multiple Group Policy settings.

Syntax:  Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]

[/Logoff] [/Boot] [/Sync]

Parameters:

Value                      Description

/Target:{Computer | User}  Specifies that only User or only Computer

policy settings are updated. By default,

both User and Computer policy settings are

updated.

/Force                     Reapplies all policy settings. By default,

only policy settings that have changed are

applied.

/Wait:{value}              Sets the number of seconds to wait for policy

processing to finish. The default is 600

seconds. The value ‘0’ means not to wait.

The value ‘-1’ means to wait indefinitely.

When the time limit is exceeded, the command

prompt returns, but policy processing

continues.

/Logoff                    Causes a logoff after the Group Policy settings

have been updated. This is required for

those Group Policy client-side extensions

that do not process policy on a background

update cycle but do process policy when a

user logs on. Examples include user-targeted

Software Installation and Folder Redirection.

This option has no effect if there are no

extensions called that require a logoff.

/Boot                      Causes a computer restart after the Group Policy settings

are applied. This is required for those

Group Policy client-side extensions that do

not process policy on a background update cycle

but do process policy at computer startup.

Examples include computer-targeted Software

Installation. This option has no effect if

there are no extensions called that require

a restart.

/Sync                      Causes the next foreground policy application to

be done synchronously. Foreground policy

applications occur at computer start up and user

logon. You can specify this for the user,

computer or both using the /Target parameter.

The /Force and /Wait parameters will be ignored

if specified.

Back to the top of this page

HELP   (Version 6.2.9200.16384)

Provides help information for Windows commands.

HELP [command]

command – displays help information on that command.

Back to the top of this page

HOSTNAME   (Version 6.2.9200.16384)

Prints the name of the current host.

hostname

Back to the top of this page

ICACLS   (Version 6.2.9200.16384)

ICACLS name /save aclfile [/T] [/C] [/L] [/Q]

stores the DACLs for the files and folders that match the name

into aclfile for later use with /restore. Note that SACLs,

owner, or integrity labels are not saved.

ICACLS directory [/substitute SidOld SidNew […]] /restore aclfile

[/C] [/L] [/Q]

applies the stored DACLs to files in directory.

ICACLS name /setowner user [/T] [/C] [/L] [/Q]

changes the owner of all matching names. This option does not

force a change of ownership; use the takeown.exe utility for

that purpose.

ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]

finds all matching names that contain an ACL

explicitly mentioning Sid.

ICACLS name /verify [/T] [/C] [/L] [/Q]

finds all files whose ACL is not in canonical form or whose

lengths are inconsistent with ACE counts.

ICACLS name /reset [/T] [/C] [/L] [/Q]

replaces ACLs with default inherited ACLs for all matching files.

ICACLS name [/grant[:r] Sid:perm[…]]

[/deny Sid:perm […]]

[/remove[:g|:d]] Sid[…]] [/T] [/C] [/L] [/Q]

[/setintegritylevel Level:policy[…]]

/grant[:r] Sid:perm grants the specified user access rights. With :r,

the permissions replace any previously granted explicit permissions.

Without :r, the permissions are added to any previously granted

explicit permissions.

/deny Sid:perm explicitly denies the specified user access rights.

An explicit deny ACE is added for the stated permissions and

the same permissions in any explicit grant are removed.

/remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With

:g, it removes all occurrences of granted rights to that Sid. With

:d, it removes all occurrences of denied rights to that Sid.

/setintegritylevel [(CI)(OI)]Level explicitly adds an integrity

ACE to all matching files.  The level is to be specified as one

of:

L[ow]

M[edium]

H[igh]

Inheritance options for the integrity ACE may precede the level

and are applied only to directories.

/inheritance:e|d|r

e – enables inheritance

d – disables inheritance and copy the ACEs

r – remove all inherited ACEs

Note:

Sids may be in either numerical or friendly name form. If a numerical

form is given, affix a * to the start of the SID.

/T indicates that this operation is performed on all matching

files/directories below the directories specified in the name.

/C indicates that this operation will continue on all file errors.

Error messages will still be displayed.

/L indicates that this operation is performed on a symbolic link

itself versus its target.

/Q indicates that icacls should suppress success messages.

ICACLS preserves the canonical ordering of ACE entries:

Explicit denials

Explicit grants

Inherited denials

Inherited grants

perm is a permission mask and can be specified in one of two forms:

a sequence of simple rights:

N – no access

F – full access

M – modify access

RX – read and execute access

R – read-only access

W – write-only access

D – delete access

a comma-separated list in parentheses of specific rights:

DE – delete

RC – read control

WDAC – write DAC

WO – write owner

S – synchronize

AS – access system security

MA – maximum allowed

GR – generic read

GW – generic write

GE – generic execute

GA – generic all

RD – read data/list directory

WD – write data/add file

AD – append data/add subdirectory

REA – read extended attributes

WEA – write extended attributes

X – execute/traverse

DC – delete child

RA – read attributes

WA – write attributes

inheritance rights may precede either form and are applied

only to directories:

(OI) – object inherit

(CI) – container inherit

(IO) – inherit only

(NP) – don’t propagate inherit

(I) – permission inherited from parent container

Examples:

icacls c:\windows\* /save AclFile /T

– Will save the ACLs for all files under c:\windows

and its subdirectories to AclFile.

icacls c:\windows\ /restore AclFile

– Will restore the Acls for every file within

AclFile that exists in c:\windows and its subdirectories.

icacls file /grant Administrator:(D,WDAC)

– Will grant the user Administrator Delete and Write DAC

permissions to file.

icacls file /grant *S-1-1-0:(D,WDAC)

– Will grant the user defined by sid S-1-1-0 Delete and

Write DAC permissions to file.

Back to the top of this page

IF   (internal command)

Performs conditional processing in batch programs.

IF [NOT] ERRORLEVEL number command

IF [NOT] string1==string2 command

IF [NOT] EXIST filename command

NOT               Specifies that Windows should carry out

the command only if the condition is false.

ERRORLEVEL number Specifies a true condition if the last program run

returned an exit code equal to or greater than the number

specified.

string1==string2  Specifies a true condition if the specified text strings

match.

EXIST filename    Specifies a true condition if the specified filename

exists.

command           Specifies the command to carry out if the condition is

met.  Command can be followed by ELSE command which

will execute the command after the ELSE keyword if the

specified condition is FALSE

The ELSE clause must occur on the same line as the command after the IF.  For

example:

IF EXIST filename. (

del filename.

) ELSE (

echo filename. missing.

)

The following would NOT work because the del command needs to be terminated

by a newline:

IF EXIST filename. del filename. ELSE echo filename. missing

Nor would the following work, since the ELSE command must be on the same line

as the end of the IF command:

IF EXIST filename. del filename.

ELSE echo filename. missing

The following would work if you want it all on one line:

IF EXIST filename. (del filename.) ELSE echo filename. missing

If Command Extensions are enabled IF changes as follows:

IF [/I] string1 compare-op string2 command

IF CMDEXTVERSION number command

IF DEFINED variable command

where compare-op may be one of:

EQU – equal

NEQ – not equal

LSS – less than

LEQ – less than or equal

GTR – greater than

GEQ – greater than or equal

and the /I switch, if specified, says to do case insensitive string

compares.  The /I switch can also be used on the string1==string2 form

of IF.  These comparisons are generic, in that if both string1 and

string2 are both comprised of all numeric digits, then the strings are

converted to numbers and a numeric comparison is performed.

The CMDEXTVERSION conditional works just like ERRORLEVEL, except it is

comparing against an internal version number associated with the Command

Extensions.  The first version is 1.  It will be incremented by one when

significant enhancements are added to the Command Extensions.

CMDEXTVERSION conditional is never true when Command Extensions are

disabled.

The DEFINED conditional works just like EXIST except it takes an

environment variable name and returns true if the environment variable

is defined.

%ERRORLEVEL% will expand into a string representation of

the current value of ERRORLEVEL, provided that there is not already

an environment variable with the name ERRORLEVEL, in which case you

will get its value instead.  After running a program, the following

illustrates ERRORLEVEL use:

goto answer%ERRORLEVEL%

:answer0

echo Program had return code 0

:answer1

echo Program had return code 1

You can also use numerical comparisons above:

IF %ERRORLEVEL% LEQ 1 goto okay

%CMDCMDLINE% will expand into the original command line passed to

CMD.EXE prior to any processing by CMD.EXE, provided that there is not

already an environment variable with the name CMDCMDLINE, in which case

you will get its value instead.

%CMDEXTVERSION% will expand into a string representation of the

current value of CMDEXTVERSION, provided that there is not already

an environment variable with the name CMDEXTVERSION, in which case you

will get its value instead.

Back to the top of this page

IPCONFIG   (Version 6.2.9200.16384)

USAGE:

ipconfig [/allcompartments] [/? | /all |

/renew [adapter] | /release [adapter] |

/renew6 [adapter] | /release6 [adapter] |

/flushdns | /displaydns | /registerdns |

/showclassid adapter |

/setclassid adapter [classid] |

/showclassid6 adapter |

/setclassid6 adapter [classid] ]

where

adapter             Connection name

(wildcard characters * and ? allowed, see examples)

Options:

/?               Display this help message

/all             Display full configuration information.

/release         Release the IPv4 address for the specified adapter.

/release6        Release the IPv6 address for the specified adapter.

/renew           Renew the IPv4 address for the specified adapter.

/renew6          Renew the IPv6 address for the specified adapter.

/flushdns        Purges the DNS Resolver cache.

/registerdns     Refreshes all DHCP leases and re-registers DNS names

/displaydns      Display the contents of the DNS Resolver Cache.

/showclassid     Displays all the dhcp class IDs allowed for adapter.

/setclassid      Modifies the dhcp class id.

/showclassid6    Displays all the IPv6 DHCP class IDs allowed for adapter.

/setclassid6     Modifies the IPv6 DHCP class id.

The default is to display only the IP address, subnet mask and

default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address

leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed.

Examples:

> ipconfig                       … Show information

> ipconfig /all                  … Show detailed information

> ipconfig /renew                … renew all adapters

> ipconfig /renew EL*            … renew any connection that has its

name starting with EL

> ipconfig /release *Con*        … release all matching connections,

  1. “Wired Ethernet Connection 1” or

“Wired Ethernet Connection 2”

> ipconfig /allcompartments      … Show information about all

compartments

> ipconfig /allcompartments /all … Show detailed information about all

compartments

Back to the top of this page

LABEL   (Version 6.2.9200.16384)

Creates, changes, or deletes the volume label of a disk.

LABEL [drive:][label]

LABEL [/MP] [volume] [label]

drive:          Specifies the drive letter of a drive.

label           Specifies the label of the volume.

/MP             Specifies that the volume should be treated as a

mount point or volume name.

volume          Specifies the drive letter (followed by a colon),

mount point, or volume name.  If volume name is specified,

the /MP flag is unnecessary.

Back to the top of this page

LODCTR   (Version 6.2.9200.16384)

LODCTR

Updates registry values related to performance counters.

Usage:

LODCTR <INI-FileName>

INI-FileName is the name of the initialization file that contains

the counter name definitions and explain text for an extensible

counter DLL.

LODCTR /S:<Backup-FileName>

save the current perf registry strings and info to <Backup-FileName>

LODCTR /R:<Backup-FileName>

restore the perf registry strings and info using <Backup-FileName>

LODCTR /R

rebuild the perf registry strings and info from scratch based on the current

registry settings and backup INI files.

LODCTR /T:<Service-Name>

set the performance counter service as trusted.

LODCTR /E:<Service-Name>

enable the performance counter service.

LODCTR /D:<Service-Name>

disable the performance counter service.

LODCTR /Q

LODCTR /Q:<Service-Name>

query the performance counter service information, either query all or specified one.

LODCTR /M:<Counter-Manifest>

install Windows Vista performance counter provider definition XML file

to system repository.

Note: any arguments with spaces in the names must be enclosed within

Double Quotation marks.

Back to the top of this page

LOGMAN   (Version 6.2.9200.16384)

Microsoft r Logman.exe (6.2.9200.16384)

Usage:

LOGMAN [create|query|start|stop|delete|update|import|export] [options]

Verbs:

create                        Create a new data collector.

query                         Query data collector properties. If no name

is given all data collectors are listed.

start                         Start an existing data collector and set the

begin time to manual.

stop                          Stop an existing data collector and set the

end time to manual.

delete                        Delete an existing data collector.

update                        Update an existing data collector’s properties.

import                        Import a data collector set from an XML file.

export                        Export a data collector set to an XML file.

Adverbs:

counter                       Create a counter data collector.

trace                         Create a trace data collector.

alert                         Create an alert data collector.

cfg                           Create a configuration data collector.

providers                     Show registered providers.

Options (counter):

-c <path [path […]]>        Performance counters to collect.

-cf <filename>                File listing performance counters to collect,

one per line.

-f <bin|bincirc|csv|tsv|sql>  Specifies the log format for the data

collector. For SQL database format, you must

use the -o option in the command line with

the DNS!log option. The defaults is binary.

-sc <value>                   Maximum number of samples to collect with a

performance counter data collector.

-si <[[hh:]mm:]ss>            Sample interval for performance counter data

collectors.

Options (trace):

-f <bin|bincirc|csv|tsv|sql>  Specifies the log format for the data

collector. For SQL database format, you must

use the -o option in the command line with

the DNS!log option. The defaults is binary.

-mode <trace_mode>            Event Trace Session logger mode. For more

information visit –

http://go.microsoft.com/fwlink/?LinkID=136464

-ct <perf|system|cycle>       Specifies the clock resolution to use when

logging the time stamp for each event. You

can use query performance counter, system

time, or CPU cycle.

-ln <logger_name>             Logger name for Event Trace Sessions.

-ft <[[hh:]mm:]ss>            Event Trace Session flush timer.

-[-]p <provider [flags [level]]> A single Event Trace provider to enable.

The terms ‘Flags’ and ‘Keywords’ are

synonymous in this context.

-pf <filename>                File listing multiple Event Trace providers

to enable.

-[-]rt                        Run the Event Trace Session in real-time mode.

-[-]ul                        Run the Event Trace Session in user mode.

-bs <value>                   Event Trace Session buffer size in kb.

-nb <min max>                 Number of Event Trace Session buffers.

Options (alert):

-[-]el                        Enable/Disable event log reporting.

-th <threshold [threshold […]]> Specify counters and their threshold

values for and alert.

-[-]rdcs <name>               Data collector set to start when alert fires.

-[-]tn <task>                 Task to run when alert fires.

-[-]targ <argument>           Task arguments.

-si <[[hh:]mm:]ss>            Sample interval for performance counter data

collectors.

Options (cfg):

-[-]ni                        Enable/Disable network interface query.

-reg <path [path […]]>      Registry values to collect.

-mgt <query [query […]]>    WMI objects to collect.

-ftc <path [path […]]>      Full path to the files to collect.

Options:

-?                            Displays context sensitive help.

-s <computer>                 Perform the command on specified remote system.

-config <filename>            Settings file containing command options.

[-n] <name>                   Name of the target object.

-pid <pid>                    Process identifier.

-xml <filename>               Name of the XML file to import or export.

-as                           Perform the requested operation asynchronously.

-[-]u <user [password]>       User to Run As. Entering a * for the password

produces a prompt for the password. The

password is not displayed when you type it at

the password prompt.

-m <[start] [stop]>           Change to manual start or stop instead of a

scheduled begin or end time.

-rf <[[hh:]mm:]ss>            Run the data collector for the specified

period of time.

-b <dd-MM-yyyy HH:mm:ss[AM|PM]> Begin the data collector at specified time.

-e <dd-MM-yyyy HH:mm:ss[AM|PM]> End the data collector at specified time.

-o <path|dsn!log>             Path of the output log file or the DSN and

log set name in a SQL database. The default

path is ‘%systemdrive%\PerfLogs\Admin’.

-[-]r                         Repeat the data collector daily at the

specified begin and end times.

-[-]a                         Append to an existing log file.

-[-]ow                        Overwrite an existing log file.

-[-]v <nnnnnn|mmddhhmm>       Attach file versioning information to the end

of the log name.

-[-]rc <task>                 Run the command specified each time the log

is closed.

-[-]max <value>               Maximum log file size in MB or number of

records for SQL logs.

-[-]cnf <[[hh:]mm:]ss>        Create a new file when the specified time has

elapsed or when the max size is exceeded.

-y                            Answer yes to all questions without prompting.

-fd                           Flushes all the active buffers of an existing

Event Trace Session to disk.

-ets                          Send commands to Event Trace Sessions

directly without saving or scheduling.

Note:

Where [-] is listed, an extra – negates the option.

For example –u turns off the -u option.

More Information:

Microsoft TechNet – http://go.microsoft.com/fwlink/?LinkID=136332

Examples:

logman start perf_log

logman update perf_log -si 10 -f csv -v mmddhhmm

logman create counter perf_log -c “\Processor(_Total)\% Processor Time”

logman create counter perf_log -c “\Processor(_Total)\% Processor Time” -max 10 -rf 01:00

logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile

logman create alert new_alert -th “\Processor(_Total)\% Processor Time>50”

logman create cfg cfg_log -reg “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\\”

logman create cfg cfg_log -mgt “root\cimv2:SELECT * FROM Win32_OperatingSystem”

logman query providers

logman query providers Microsoft-Windows-Diagnostics-Networking

logman start process_trace -p Microsoft-Windows-Kernel-Process 0x10 win:Informational -ets

logman start usermode_trace -p “Service Control Manager Trace” -ul -ets

logman query usermode_trace -p “Service Control Manager Trace” -ul -ets

logman stop usermode_trace -p “Service Control Manager Trace” -ul -ets

logman start process_trace -p Microsoft-Windows-Kernel-Process -mode newfile -max 1 -o output%d.etl -ets

logman start “NT Kernel Logger” -o log.etl -ets

logman start “NT Kernel Logger” -p “Windows Kernel Trace” (process,thread) -ets

Back to the top of this page

LOGOFF   (Version 6.2.9200.16384)

Terminates a session.

LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V] [/VM]

sessionname         The name of the session.

sessionid           The ID of the session.

/SERVER:servername  Specifies the Remote Desktop server containing the user

session to log off (default is current).

/V                  Displays information about the actions performed.

/VM                 Logs off a session on server or within virtual machine. The unique ID of the session needs to be specified.

Back to the top of this page

MAKECAB   (Version 6.2.9200.16384)

Cabinet Maker – Lossless Data Compression Tool

MAKECAB [/V[n]] [/D var=value …] [/L dir] source [destination]

MAKECAB [/V[n]] [/D var=value …] /F directive_file […]

source         File to compress.

destination    File name to give compressed file.  If omitted, the

last character of the source file name is replaced

with an underscore (_) and used as the destination.

/F directives  A file with MakeCAB directives (may be repeated). Refer to

Microsoft Cabinet SDK for information on directive_file.

/D var=value   Defines variable with specified value.

/L dir         Location to place destination (default is current directory).

/V[n]          Verbosity level (1..3).

Back to the top of this page

MANAGE-BDE   (Version 6.2.9200.16384)

BitLocker Drive Encryption: Configuration Tool version 6.2.9200

Copyright (C) 2012 Microsoft Corporation. All rights reserved.

manage-bde[.exe] -parameter [arguments]

Description:

Configures BitLocker Drive Encryption on disk volumes.

Parameter List:

-status     Provides information about BitLocker-capable volumes.

-on         Encrypts the volume and turns BitLocker protection on.

-off        Decrypts the volume and turns BitLocker protection off.

-pause      Pauses encryption, decryption, or free space wipe.

-resume     Resumes encryption, decryption, or free space wipe.

-lock       Prevents access to BitLocker-encrypted data.

-unlock     Allows access to BitLocker-encrypted data.

-autounlock Manages automatic unlocking of data volumes.

-protectors Manages protection methods for the encryption key.

-SetIdentifier or -si

Configures the identification field for a volume.

-ForceRecovery or -fr

Forces a BitLocker-protected OS to recover on restarts.

-changepassword

Modifies password for a data volume.

-changepin  Modifies PIN for a volume.

-changekey  Modifies startup key for a volume.

-KeyPackage or -kp

Generates a key package for a volume.

-upgrade    Upgrades the BitLocker version.

-WipeFreeSpace or -w

Wipes the free space on the volume.

-ComputerName or -cn

Runs on another computer. Examples: “ComputerX”, “127.0.0.1”

-? or /?    Displays brief help. Example: “-ParameterSet -?”

-Help or -h Displays complete help. Example: “-ParameterSet -h”

Examples:

manage-bde -status

manage-bde -on C: -RecoveryPassword -RecoveryKey F:\

manage-bde -unlock E: -RecoveryKey F:\84E151C1…7A62067A512.bek

Back to the top of this page

MD   (internal command)

Creates a directory.

MKDIR [drive:]path

MD [drive:]path

If Command Extensions are enabled MKDIR changes as follows:

MKDIR creates any intermediate directories in the path, if needed.

For example, assume \a does not exist then:

mkdir \a\b\c\d

is the same as:

mkdir \a

chdir \a

mkdir b

chdir b

mkdir c

chdir c

mkdir d

which is what you would have to type if extensions were disabled.

Back to the top of this page

MKDIR   (internal command)

Creates a directory.

MKDIR [drive:]path

MD [drive:]path

If Command Extensions are enabled MKDIR changes as follows:

MKDIR creates any intermediate directories in the path, if needed.

For example, assume \a does not exist then:

mkdir \a\b\c\d

is the same as:

mkdir \a

chdir \a

mkdir b

chdir b

mkdir c

chdir c

mkdir d

which is what you would have to type if extensions were disabled.

Back to the top of this page

MKLINK   (internal command)

Creates a symbolic link.

MKLINK [[/D] | [/H] | [/J]] Link Target

/D      Creates a directory symbolic link.  Default is a file

symbolic link.

/H      Creates a hard link instead of a symbolic link.

/J      Creates a Directory Junction.

Link    specifies the new symbolic link name.

Target  specifies the path (relative or absolute) that the new link

refers to.

Back to the top of this page

MODE   (Version 6.2.9200.16384)

Configures system devices.

Serial port:       MODE COMm[:] [BAUD=b] [PARITY=p] [DATA=d] [STOP=s]

[to=on|off] [xon=on|off] [odsr=on|off]

[octs=on|off] [dtr=on|off|hs]

[rts=on|off|hs|tg] [idsr=on|off]

Device Status:     MODE [device] [/STATUS]

Redirect printing: MODE LPTn[:]=COMm[:]

Select code page:  MODE CON[:] CP SELECT=yyy

Code page status:  MODE CON[:] CP [/STATUS]

Display mode:      MODE CON[:] [COLS=c] [LINES=n]

Typematic rate:    MODE CON[:] [RATE=r DELAY=d]

Back to the top of this page

MORE   (Version 6.2.9200.16384)

Displays output one screen at a time.

MORE [/E [/C] [/P] [/S] [/Tn] [+n]] < [drive:][path]filename

command-name | MORE [/E [/C] [/P] [/S] [/Tn] [+n]]

MORE /E [/C] [/P] [/S] [/Tn] [+n] [files]

[drive:][path]filename  Specifies a file to display one

screen at a time.

command-name            Specifies a command whose output

will be displayed.

/E      Enable extended features

/C      Clear screen before displaying page

/P      Expand FormFeed characters

/S      Squeeze multiple blank lines into a single line

/Tn     Expand tabs to n spaces (default 8)

Switches can be present in the MORE environment

variable.

+n      Start displaying the first file at line n

files   List of files to be displayed. Files in the list

are separated by blanks.

If extended features are enabled, the following commands

are accepted at the — More — prompt:

P n     Display next n lines

S n     Skip next n lines

F       Display next file

Q       Quit

=       Show line number

?       Show help line

<space> Display next page

<ret>   Display next line

Back to the top of this page

MOUNTVOL   (Version 6.2.9200.16384)

Creates, deletes, or lists a volume mount point.

MOUNTVOL [drive:]path VolumeName

MOUNTVOL [drive:]path /D

MOUNTVOL [drive:]path /L

MOUNTVOL [drive:]path /P

MOUNTVOL /R

MOUNTVOL /N

MOUNTVOL /E

path        Specifies the existing NTFS directory where the mount

point will reside.

VolumeName  Specifies the volume name that is the target of the mount

point.

/D          Removes the volume mount point from the specified directory.

/L          Lists the mounted volume name for the specified directory.

/P          Removes the volume mount point from the specified directory,

dismounts the volume, and makes the volume not mountable.

You can make the volume mountable again by creating a volume

mount point.

/R          Removes volume mount point directories and registry settings

for volumes that are no longer in the system.

/N          Disables automatic mounting of new volumes.

/E          Re-enables automatic mounting of new volumes.

Possible values for VolumeName along with current mount points are:

\\?\Volume{52aa3a55-c7da-11e3-be65-806e6f6e6963}\

*** NO MOUNT POINTS ***

\\?\Volume{52aa3a58-c7da-11e3-be65-806e6f6e6963}\

E:\

\\?\Volume{52aa3a59-c7da-11e3-be65-806e6f6e6963}\

F:\

\\?\Volume{52aa3a56-c7da-11e3-be65-806e6f6e6963}\

C:\

\\?\Volume{52aa3a57-c7da-11e3-be65-806e6f6e6963}\

D:\

\\?\Volume{52aa3a5d-c7da-11e3-be65-806e6f6e6963}\

G:\

\\?\Volume{f99eb951-e40b-11e3-bea0-e8039a972c8e}\

H:\

Back to the top of this page

MOVE   (internal command)

Moves files and renames files and directories.

To move one or more files:

MOVE [/Y | /-Y] [drive:][path]filename1[,…] destination

To rename a directory:

MOVE [/Y | /-Y] [drive:][path]dirname1 dirname2

[drive:][path]filename1 Specifies the location and name of the file

or files you want to move.

destination             Specifies the new location of the file. Destination

can consist of a drive letter and colon, a

directory name, or a combination. If you are moving

only one file, you can also include a filename if

you want to rename the file when you move it.

[drive:][path]dirname1  Specifies the directory you want to rename.

dirname2                Specifies the new name of the directory.

/Y                      Suppresses prompting to confirm you want to

overwrite an existing destination file.

/-Y                     Causes prompting to confirm you want to overwrite

an existing destination file.

The switch /Y may be present in the COPYCMD environment variable.

This may be overridden with /-Y on the command line.  Default is

to prompt on overwrites unless MOVE command is being executed from

within a batch script.

Back to the top of this page

MRINFO   (Version 6.2.9200.16384)

Usage: mrinfo [-n?] [-i address] [-t secs] [-r retries] destination

-n           Display IP addresses in numeric format

-i address   Address of local interface to send query out

-t seconds   Timeout in seconds for IGMP queries (default = 3 seconds)

-r retries   Number of extra times to send the SNMP queries (default = 0)

-?           Print Usage

destination  Address or name of destination

Back to the top of this page

MSG   (Version 6.2.9200.16384)

Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}

[/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

username            Identifies the specified username.

sessionname         The name of the session.

sessionid           The ID of the session.

@filename           Identifies a file containing a list of usernames,

sessionnames, and sessionids to send the message to.

*                   Send message to all sessions on specified server.

/SERVER:servername  server to contact (default is current).

/TIME:seconds       Time delay to wait for receiver to acknowledge msg.

/V                  Display information about actions being performed.

/W                  Wait for response from user, useful with /V.

message             Message to send.  If none specified, prompts for it

or reads from stdin.

Back to the top of this page

NBTSTAT   (Version 6.2.9200.16384)

Displays protocol statistics and current TCP/IP connections using NBT

(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]

[-r] [-R] [-RR] [-s] [-S] [interval] ]

-a   (adapter status) Lists the remote machine’s name table given its name

-A   (Adapter status) Lists the remote machine’s name table given its

IP address.

-c   (cache)          Lists NBT’s cache of remote [machine] names and their IP addresses

-n   (names)          Lists local NetBIOS names.

-r   (resolved)       Lists names resolved by broadcast and via WINS

-R   (Reload)         Purges and reloads the remote cache name table

-S   (Sessions)       Lists sessions table with the destination IP addresses

-s   (sessions)       Lists sessions table converting destination IP

addresses to computer NETBIOS names.

-RR  (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

RemoteName   Remote host machine name.

IP address   Dotted decimal representation of the IP address.

interval     Redisplays selected statistics, pausing interval seconds

between each display. Press Ctrl+C to stop redisplaying

statistics.

Back to the top of this page

NET   (Version 6.2.9200.16384)

The syntax of this command is:

NET

[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |

HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START |

STATISTICS | STOP | TIME | USE | USER | VIEW ]

Back to the top of this page

NETCFG   (Version 6.2.9200.16384)

netcfg [-v] [-e] [-winpe] [-l <full-path-to-component-INF>] -c <p|s|c>

-i <comp-id>

-winpe installs TCP/IP, NetBIOS and Microsoft Client for Windows

preinstallation environment

-l     provides the location of INF

-c     provides the class of the component to be installed (p == Protocol,

s == Service, c == Client)

-i     provides the component ID

The arguments must be passed in the order shown.

Examples:

netcfg -l c:\oemdir\myprot.inf -c p -i myprot

Installs protocol ‘myprot’ using c:\oemdir\myprot.inf

netcfg -c s -i MS_Server

Installs service ‘MS_Server’

OR

netcfg [-v] -winpe

Example:

netcfg -v -winpe

Installs TCP/IP, NetBIOS, and Microsoft Client for Windows

preinstallation environment

OR

netcfg [-v] -q <comp-id>

Example:

netcfg -q MS_IPX

Displays if component ‘MS_IPX’ is installed

OR

netcfg [-v] [-e] -u <comp-id>

Example:

netcfg -u MS_IPX

Uninstalls component ‘MS_IPX’

OR

netcfg [-v] -s <a|n>

-s  provides the type of components to show (a == adapters,

n == net components)

Example:

netcfg -s n

Shows all installed net components

OR

netcfg [-v] -b <comp-id>

Example:

netcfg -b ms_tcpip

Shows binding paths containing ‘MS_TCPIP’

General Notes:

-v    Run in verbose (detailed) mode

-e    Use servicing environment variables during install and uninstall

-?    Displays this help information

Back to the top of this page

NETSH   (Version 6.2.9200.16384)

Usage: NETSH [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]UserName] [-p Password | *]

[Command | -f ScriptFile]

The following commands are available:

Commands in this context:

?              – Displays a list of commands.

add            – Adds a configuration entry to a list of entries.

advfirewall    – Changes to the `netsh advfirewall’ context.

branchcache    – Changes to the `netsh branchcache’ context.

bridge         – Changes to the `netsh bridge’ context.

delete         – Deletes a configuration entry from a list of entries.

dhcpclient     – Changes to the `netsh dhcpclient’ context.

dnsclient      – Changes to the `netsh dnsclient’ context.

dump           – Displays a configuration script.

exec           – Runs a script file.

firewall       – Changes to the `netsh firewall’ context.

help           – Displays a list of commands.

http           – Changes to the `netsh http’ context.

interface      – Changes to the `netsh interface’ context.

ipsec          – Changes to the `netsh ipsec’ context.

lan            – Changes to the `netsh lan’ context.

mbn            – Changes to the `netsh mbn’ context.

namespace      – Changes to the `netsh namespace’ context.

nap            – Changes to the `netsh nap’ context.

netio          – Changes to the `netsh netio’ context.

p2p            – Changes to the `netsh p2p’ context.

ras            – Changes to the `netsh ras’ context.

rpc            – Changes to the `netsh rpc’ context.

set            – Updates configuration settings.

show           – Displays information.

trace          – Changes to the `netsh trace’ context.

wcn            – Changes to the `netsh wcn’ context.

wfp            – Changes to the `netsh wfp’ context.

winhttp        – Changes to the `netsh winhttp’ context.

winsock        – Changes to the `netsh winsock’ context.

wlan           – Changes to the `netsh wlan’ context.

The following sub-contexts are available:

advfirewall branchcache bridge dhcpclient dnsclient firewall http interface ipsec lan mbn namespace nap netio p2p ras rpc trace wcn wfp winhttp winsock wlan

To view help for a command, type the command, followed by a space, and then

type ?.

Back to the top of this page

NETSTAT   (Version 6.2.9200.16384)

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-x] [-t] [interval]

-a            Displays all connections and listening ports.

-b            Displays the executable involved in creating each connection or

listening port. In some cases well-known executables host

multiple independent components, and in these cases the

sequence of components involved in creating the connection

or listening port is displayed. In this case the executable

name is in [] at the bottom, on top is the component it called,

and so forth until TCP/IP was reached. Note that this option

can be time-consuming and will fail unless you have sufficient

permissions.

-e            Displays Ethernet statistics. This may be combined with the -s

option.

-f            Displays Fully Qualified Domain Names (FQDN) for foreign

addresses.

-n            Displays addresses and port numbers in numerical form.

-o            Displays the owning process ID associated with each connection.

-p proto      Shows connections for the protocol specified by proto; proto

may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s

option to display per-protocol statistics, proto may be any of:

IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.

-r            Displays the routing table.

-s            Displays per-protocol statistics.  By default, statistics are

shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;

the -p option may be used to specify a subset of the default.

-t            Displays the current connection offload state.

-x            Displays NetworkDirect connections, listeners, and shared

endpoints.

-y            Displays the TCP connection template for all connections.

Cannot be combined with the other options.

interval      Redisplays selected statistics, pausing interval seconds

between each display.  Press CTRL+C to stop redisplaying

statistics.  If omitted, netstat will print the current

configuration information once.

Back to the top of this page

NLTEST   (Version 6.2.9200.16384)

Usage: nltest [/OPTIONS]

/SERVER:<ServerName> – Specify <ServerName>

/QUERY – Query <ServerName> netlogon service

/REPL – Force partial sync on <ServerName> BDC

/SYNC – Force full sync on <ServerName> BDC

/PDC_REPL – Force UAS change message from <ServerName> PDC

/SC_QUERY:<DomainName> – Query secure channel for <Domain> on <ServerName>

/SC_RESET:<DomainName>[\<DcName>] – Reset secure channel for <Domain> on <ServerName> to <DcName>

/SC_VERIFY:<DomainName> – Verify secure channel for <Domain> on <ServerName>

/SC_CHANGE_PWD:<DomainName> – Change a secure channel  password for <Domain> on <ServerName>

/DCLIST:<DomainName> – Get list of DC’s for <DomainName>

/DCNAME:<DomainName> – Get the PDC name for <DomainName>

/DSGETDC:<DomainName> – Call DsGetDcName /PDC /DS /DSP /GC /KDC

/TIMESERV /GTIMESERV /WS /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG /DS_6 /DS_8

/TRY_NEXT_CLOSEST_SITE /SITE:<SiteName> /ACCOUNT:<AccountName> /RET_DNS /RET_NETBIOS

/DNSGETDC:<DomainName> – Call DsGetDcOpen/Next/Close /PDC /GC

/KDC /WRITABLE /LDAPONLY /FORCE /SITESPEC

/DSGETFTI:<DomainName> – Call DsGetForestTrustInformation

/UPDATE_TDO

/DSGETSITE – Call DsGetSiteName

/DSGETSITECOV – Call DsGetDcSiteCoverage

/DSADDRESSTOSITE:[MachineName] – Call DsAddressToSiteNamesEx

/ADDRESSES:<Address1,Address2,…>

/PARENTDOMAIN – Get the name of the parent domain of this machine

/WHOWILL:<Domain>* <User> [<Iteration>] – See if <Domain> will log on <User>

/FINDUSER:<User> – See which trusted domain will log on <User>

/TRANSPORT_NOTIFY – Notify netlogon of new transport

/DBFLAG:<HexFlags> – New debug flag

/USER:<UserName> – Query User info on <ServerName>

/TIME:<Hex LSL> <Hex MSL> – Convert NT GMT time to ascii

/LOGON_QUERY – Query number of cumulative logon attempts

/DOMAIN_TRUSTS – Query domain trusts on <ServerName>

/PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V

/DSREGDNS – Force registration of all DC-specific DNS records

/DSDEREGDNS:<DnsHostName> – Deregister DC-specific DNS records for specified DC

/DOM:<DnsDomainName> /DOMGUID:<DomainGuid> /DSAGUID:<DsaGuid>

/DSQUERYDNS – Query the status of the last update for all DC-specific DNS records

/BDC_QUERY:<DomainName> – Query replication status of BDCs for <DomainName>

/LIST_DELTAS:<FileName> – display the content of given change log file

/CDIGEST:<Message> /DOMAIN:<DomainName> – Get client digest

/SDIGEST:<Message> /RID:<RID in hex> – Get server digest

/SHUTDOWN:<Reason> [<Seconds>] – Shutdown <ServerName> for <Reason>

/SHUTDOWN_ABORT – Abort a system shutdown

Back to the top of this page

NSLOOKUP   (Version 6.2.9200.16384)

Usage:

nslookup [-opt …]             # interactive mode using default server

nslookup [-opt …] – server    # interactive mode using ‘server’

nslookup [-opt …] host        # just look up ‘host’ using default server

nslookup [-opt …] host server # just look up ‘host’ using ‘server’

Back to the top of this page

OPENFILES   (Version 6.2.9200.16384)

OPENFILES /parameter [arguments]

Description:

Enables an administrator to list or disconnect files and folders

that have been opened on a system.

Parameter List:

/Disconnect      Disconnects one or more open files.

/Query           Displays files opened locally or from shared

folders.

/Local           Enables / Disables the display of local open files.

/?               Displays this help message.

Examples:

OPENFILES /Disconnect /?

OPENFILES /Query /?

OPENFILES /Local /?

Back to the top of this page

PATH   (internal command)

Displays or sets a search path for executable files.

PATH [[drive:]path[;…][;%PATH%]

PATH ;

Type PATH ; to clear all search-path settings and direct cmd.exe to search

only in the current directory.

Type PATH without parameters to display the current path.

Including %PATH% in the new path setting causes the old path to be

appended to the new setting.

Back to the top of this page

PATHPING   (Version 6.2.9200.16384)

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n]

[-p period] [-q num_queries] [-w timeout]

[-4] [-6] target_name

Options:

-g host-list     Loose source route along host-list.

-h maximum_hops  Maximum number of hops to search for target.

-i address       Use the specified source address.

-n               Do not resolve addresses to hostnames.

-p period        Wait period milliseconds between pings.

-q num_queries   Number of queries per hop.

-w timeout       Wait timeout milliseconds for each reply.

-4               Force using IPv4.

-6               Force using IPv6.

Back to the top of this page

PAUSE   (internal command)

Suspends processing of a batch program and displays the message

Press any key to continue . . .

Back to the top of this page

PING   (Version 6.2.9200.16384)

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

[-r count] [-s count] [[-j host-list] | [-k host-list]]

[-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name

Options:

-t             Ping the specified host until stopped.

To see statistics and continue – type Control-Break;

To stop – type Control-C.

-a             Resolve addresses to hostnames.

-n count       Number of echo requests to send.

-l size        Send buffer size.

-f             Set Don’t Fragment flag in packet (IPv4-only).

-i TTL         Time To Live.

-v TOS         Type Of Service (IPv4-only. This setting has been deprecated

and has no effect on the type of service field in the IP Header).

-r count       Record route for count hops (IPv4-only).

-s count       Timestamp for count hops (IPv4-only).

-j host-list   Loose source route along host-list (IPv4-only).

-k host-list   Strict source route along host-list (IPv4-only).

-w timeout     Timeout in milliseconds to wait for each reply.

-R             Use routing header to test reverse route also (IPv6-only).

Per RFC 5095 the use of this routing header has been

deprecated. Some systems may drop echo requests if

this header is used.

-S srcaddr     Source address to use.

-4             Force using IPv4.

-6             Force using IPv6.

Back to the top of this page

PNPUNATTEND   (Version 6.2.9200.16384)

DESCRIPTION:

AuditSystem, Unattend online driver install

USAGE:

PnPUnattend.exe [auditSystem | /help /? /h] [/s] [/L]

auditSystem   Online driver install.

/help /? /h    This help.

/s             Search without installing.

/L             Print Logging information to the command line.

Back to the top of this page

PNPUTIL   (Version 6.2.9200.16384)

Microsoft PnP Utility

Usage:

——

pnputil.exe [-f | -i] [ -? | -a | -d | -e ] <INF name>

Examples:

pnputil.exe -a a:\usbcam\USBCAM.INF      -> Add package specified by USBCAM.INF

pnputil.exe -a c:\drivers\*.inf          -> Add all packages in c:\drivers\

pnputil.exe -i -a a:\usbcam\USBCAM.INF   -> Add and install driver package

pnputil.exe -e                           -> Enumerate all 3rd party packages

pnputil.exe -d oem0.inf                  -> Delete package oem0.inf

pnputil.exe -f -d oem0.inf               -> Force delete package oem0.inf

pnputil.exe -?                           -> This usage screen

Back to the top of this page

POPD   (internal command)

Changes to the directory stored by the PUSHD command.

POPD

If Command Extensions are enabled the POPD command will delete

any temporary drive letter created by PUSHD when you POPD that

drive off the pushed directory stack.

Back to the top of this page

POWERCFG   (Version 6.2.9200.16384)

POWERCFG /COMMAND [ARGUMENTS]

Description:

Enables users to control power settings on a local system.

For detailed command and option information, run “POWERCFG /? <COMMAND>”

Command List:

/LIST, /L          Lists all power schemes.

/QUERY, /Q         Displays the contents of a power scheme.

/CHANGE, /X        Modifies a setting value in the current power scheme.

/CHANGENAME        Modifies the name and description of a power scheme.

/DUPLICATESCHEME   Duplicates a power scheme.

/DELETE, /D        Deletes a power scheme.

/DELETESETTING     Deletes a power setting.

/SETACTIVE, /S     Makes a power scheme active on the system.

/GETACTIVESCHEME   Retrieves the currently active power scheme.

/SETACVALUEINDEX   Sets the value associated with a power setting

while the system is powered by AC power.

/SETDCVALUEINDEX   Sets the value associated with a power setting

while the system is powered by DC power.

/IMPORT            Imports all power settings from a file.

/EXPORT            Exports a power scheme to a file.

/ALIASES           Displays all aliases and their corresponding GUIDs.

/GETSECURITYDESCRIPTOR

Gets a security descriptor associated with a specified

power setting, power scheme, or action.

/SETSECURITYDESCRIPTOR

Sets a security descriptor associated with a

power setting, power scheme, or action.

/HIBERNATE, /H     Enables and disables the hibernate feature.

/AVAILABLESLEEPSTATES, /A

Reports the sleep states available on the system.

/DEVICEQUERY       Returns a list of devices that meet specified criteria.

/DEVICEENABLEWAKE  Enables a device to wake the system from a sleep state.

/DEVICEDISABLEWAKE Disables a device from waking the system from a sleep

state.

/LASTWAKE          Reports information about what woke the system from the

last sleep transition.

/WAKETIMERS        Enumerates active wake timers.

/REQUESTS          Enumerates application and driver Power Requests.

/REQUESTSOVERRIDE  Sets a Power Request override for a particular Process,

Service, or Driver.

/ENERGY            Analyzes the system for common energy-efficiency and

battery life problems.

/BATTERYREPORT     Generates a report of battery usage.

Back to the top of this page

PRINT   (Version 6.2.9200.16384)

Prints a text file.

PRINT [/D:device] [[drive:][path]filename[…]]

/D:device   Specifies a print device.

Back to the top of this page

PRINTBRM   (Version 6.2.9200.16384)

Access the Backup Recovery Migration tool through a command line interface.

PrintBrm -B|R|Q [-S <server>] -F <file> [-D <directory>] [-O FORCE] [-P ALL|ORIG] [-NOBIN] [-LPR2TCP] [-C <config file>] [-NOACL] [-?]

-B               Backup the server to the specified file

-R               Restore the configuration in the file to the server

-Q               Query the server or the backup file

-S <server name> Target server

-F <file name>   Target backup File

-D <directory>   Unpack the backup file to (with -R) or repack a backup file from (with -B) the given directory

-O FORCE         Force overwriting of existing objects

-P ALL|ORIG      Publish all printers in directory, or publish printers that were published originally

-NOBIN           Omit the binaries from the backup

-LPR2TCP         Convert LPR ports to Standard TCP/IP ports on restore

-C <file name>   Use the specified configuration file for BRM

-NOACL           Remove ACLs from print queues on restore

-?               Display this help

Back to the top of this page

PROMPT   (internal command)

Changes the cmd.exe command prompt.

PROMPT [text]

text    Specifies a new command prompt.

Prompt can be made up of normal characters and the following special codes:

$A   & (Ampersand)

$B   | (pipe)

$C   ( (Left parenthesis)

$D   Current date

$E   Escape code (ASCII code 27)

$F   ) (Right parenthesis)

$G   > (greater-than sign)

$H   Backspace (erases previous character)

$L   < (less-than sign)

$N   Current drive

$P   Current drive and path

$Q   = (equal sign)

$S     (space)

$T   Current time

$V   Windows version number

$_   Carriage return and linefeed

$$   $ (dollar sign)

If Command Extensions are enabled the PROMPT command supports

the following additional formatting characters:

$+   zero or more plus sign (+) characters depending upon the

depth of the PUSHD directory stack, one character for each

level pushed.

$M   Displays the remote name associated with the current drive

letter or the empty string if current drive is not a network

drive.

Back to the top of this page

PUSHD   (internal command)

Stores the current directory for use by the POPD command, then

changes to the specified directory.

PUSHD [path | ..]

path        Specifies the directory to make the current directory.

If Command Extensions are enabled the PUSHD command accepts

network paths in addition to the normal drive letter and path.

If a network path is specified, PUSHD will create a temporary

drive letter that points to that specified network resource and

then change the current drive and directory, using the newly

defined drive letter.  Temporary drive letters are allocated from

Z: on down, using the first unused drive letter found.

Back to the top of this page

QAPPSRV   (Version 6.2.9200.16384)

Displays the available Remote Desktop Session Host servers on the network.

QUERY TERMSERVER [servername] [/DOMAIN:domain] [/ADDRESS] [/CONTINUE]

servername      Identifies a Remote Desktop Session Host server.

/DOMAIN:domain  Displays information for the specified domain (defaults

to the current domain).

/ADDRESS        Displays network and node addresses.

/CONTINUE       Does not pause after each screen of information.

Back to the top of this page

QPROCESS   (Version 6.2.9200.16384)

Displays information about processes.

QUERY PROCESS [* | processid | username | sessionname | /ID:nn | programname]

[/SERVER:servername]

*                  Display all visible processes.

processid          Display process specified by processid.

username           Display all processes belonging to username.

sessionname        Display all processes running at sessionname.

/ID:nn             Display all processes running at session nn.

programname        Display all processes associated with programname.

/SERVER:servername The Remote Desktop Session Host server to be queried.

Back to the top of this page

QUERY   (Version 6.2.9200.16384)

QUERY { PROCESS | SESSION | TERMSERVER | USER }

Back to the top of this page

QUSER   (Version 6.2.9200.16384)

Display information about users logged on to the system.

QUERY USER [username | sessionname | sessionid] [/SERVER:servername]

username            Identifies the username.

sessionname         Identifies the session named sessionname.

sessionid           Identifies the session with ID sessionid.

/SERVER:servername  The server to be queried (default is current).

Back to the top of this page

QWINSTA   (Version 6.2.9200.16384)

Display information about Remote Desktop Services sessions.

QUERY SESSION [sessionname | username | sessionid]

[/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER] [/VM]

sessionname         Identifies the session named sessionname.

username            Identifies the session with user username.

sessionid           Identifies the session with ID sessionid.

/SERVER:servername  The server to be queried (default is current).

/MODE               Display current line settings.

/FLOW               Display current flow control settings.

/CONNECT            Display current connect settings.

/COUNTER            Display current Remote Desktop Services counters information.

/VM                 Display information about sessions within virtual machines.

Back to the top of this page

RASDIAL   (Version 6.2.9200.16384)

USAGE:

RASDIAL entryname [username [password|*]] [/DOMAIN:domain]

[/PHONE:phonenumber] [/CALLBACK:callbacknumber]

[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

RASDIAL [entryname] /DISCONNECT

RASDIAL

Please refer to our privacy statement at

http://go.microsoft.com/fwlink/?LinkId=190175&#8217;

Back to the top of this page

RD   (internal command)

Removes (deletes) a directory.

RMDIR [/S] [/Q] [drive:]path

RD [/S] [/Q] [drive:]path

/S      Removes all directories and files in the specified directory

in addition to the directory itself.  Used to remove a directory

tree.

/Q      Quiet mode, do not ask if ok to remove a directory tree with /S

Back to the top of this page

REAGENTC   (Version 6.2.9200.16384)

This command can only be executed from an elevated command prompt.

REAGENTC.EXE: Operation failed: 5

REAGENTC.EXE: An error has occurred.

Back to the top of this page

RECIMG   (Version 6.2.9200.16384)

ERROR: This application should be run with administrator privileges. Open

an elevated prompt and try again.

Back to the top of this page

RECOVER   (Version 6.2.9200.16384)

Recovers readable information from a bad or defective disk.

RECOVER [drive:][path]filename

Consult the online Command Reference in Windows Help

before using the RECOVER command.

Back to the top of this page

REG   (Version 6.2.9200.16384)

REG Operation [Parameter List]

Operation  [ QUERY   | ADD    | DELETE  | COPY    |

SAVE    | LOAD   | UNLOAD  | RESTORE |

COMPARE | EXPORT | IMPORT  | FLAGS ]

Return Code: (Except for REG COMPARE)

0 – Successful

1 – Failed

For help on a specific operation type:

REG Operation /?

Examples:

REG QUERY /?

REG ADD /?

REG DELETE /?

REG COPY /?

REG SAVE /?

REG RESTORE /?

REG LOAD /?

REG UNLOAD /?

REG COMPARE /?

REG EXPORT /?

REG IMPORT /?

REG FLAGS /?

Back to the top of this page

REGINI   (Version 6.2.9200.16384)

usage: REGINI [-m \\machinename | -h hivefile hiveroot]

[-i n] [-o outputWidth]

[-b] textFiles…

where: -m specifies a remote Windows NT machine whose registry is to be manipulated.

-h specifies a specify local hive to manipulate.

-i n specifies the display indentation multiple.  Default is 4

-o outputWidth specifies how wide the output is to be.  By default the

outputWidth is set to the width of the console window if standard

output has not been redirected to a file.  In the latter case, an

outputWidth of 240 is used.

-b specifies that REGINI should be backward compatible with older

versions of REGINI that did not strictly enforce line continuations

and quoted strings Specifically, REG_BINARY, REG_RESOURCE_LIST and

REG_RESOURCE_REQUIREMENTS_LIST data types did not need line

continuations after the first number that gave the size of the data.

It just kept looking on following lines until it found enough data

values to equal the data length or hit invalid input.  Quoted

strings were only allowed in REG_MULTI_SZ.  They could not be

specified around key or value names, or around values for REG_SZ or

REG_EXPAND_SZ  Finally, the old REGINI did not support the semicolon

as an end of line comment character.

textFiles is one or more ANSI or Unicode text files with registry data.

Some general rules are:

Semicolon character is an end-of-line comment character, provided it

is the first non-blank character on a line

Backslash character is a line continuation character.  All

characters from the backslash up to but not including the first

non-blank character of the next line are ignored.  If there is more

than one space before the line continuation character, it is

replaced by a single space.

Indentation is used to indicate the tree structure of registry keys

The REGDMP program uses indentation in multiples of 4.  You may use

hard tab characters for indentation, but embedded hard tab

characters are converted to a single space regardless of their

position

Values should come before child keys, as they are associated with

the previous key at or above the value’s indentation level.

For key names, leading and trailing space characters are ignored and

not included in the key name, unless the key name is surrounded by

quotes.  Imbedded spaces are part of a key name.

Key names can be followed by an Access Control List (ACL) which is a

series of decimal numbers, separated by spaces, bracketed by a

square brackets (e.g.  [8 4 17]).  The valid numbers and their

meanings are:

1  – Administrators Full Access

2  – Administrators Read Access

3  – Administrators Read and Write Access

4  – Administrators Read, Write and Delete Access

5  – Creator Full Access

6  – Creator Read and Write Access

7  – World Full Access

8  – World Read Access

9  – World Read and Write Access

10 – World Read, Write and Delete Access

11 – Power Users Full Access

12 – Power Users Read and Write Access

13 – Power Users Read, Write and Delete Access

14 – System Operators Full Access

15 – System Operators Read and Write Access

16 – System Operators Read, Write and Delete Access

17 – System Full Access

18 – System Read and Write Access

19 – System Read Access

20 – Administrators Read, Write and Execute Access

21 – Interactive User Full Access

22 – Interactive User Read and Write Access

23 – Interactive User Read, Write and Delete Access

If there is an equal sign on the same line as a left square bracket

then the equal sign takes precedence, and the line is treated as a

registry value.  If the text between the square brackets is the

string DELETE with no spaces, then REGINI will delete the key and

any values and keys under it.

For registry values, the syntax is:

value Name = type data

Leading spaces, spaces on either side of the equal sign and spaces

between the type keyword and data are ignored, unless the value name

is surrounded by quotes.  If the text to the right of the equal sign

is the string DELETE, then REGINI will delete the value.

The value name may be left off or be specified by an at-sign

character which is the same thing, namely the empty value name.  So

the following two lines are identical:

= type data

@ = type data

This syntax means that you can’t create a value with leading or

trailing spaces, an equal sign or an at-sign in the value name,

unless you put the name in quotes.

Valid value types and format of data that follows are:

REG_SZ text

REG_EXPAND_SZ text

REG_MULTI_SZ “string1” “str””ing2” …

REG_DATE mm/dd/yyyy HH:MM DayOfWeek

REG_DWORD numberDWORD

REG_BINARY numberOfBytes numberDWORD(s)…

REG_NONE (same format as REG_BINARY)

REG_RESOURCE_LIST (same format as REG_BINARY)

REG_RESOURCE_REQUIREMENTS (same format as REG_BINARY)

REG_RESOURCE_REQUIREMENTS_LIST (same format as REG_BINARY)

REG_FULL_RESOURCE_DESCRIPTOR (same format as REG_BINARY)

REG_QWORD numberQWORD

REG_MULTISZ_FILE fileName

REG_BINARYFILE fileName

If no value type is specified, default is REG_SZ

For REG_SZ and REG_EXPAND_SZ, if you want leading or trailing spaces

in the value text, surround the text with quotes.  The value text

can contain any number of imbedded quotes, and REGINI will ignore

them, as it only looks at the first and last character for quote

characters.

For REG_MULTI_SZ, each component string is surrounded by quotes.  If

you want an imbedded quote character, then double quote it, as in

string2 above.

For REG_BINARY, the value data consists of one or more numbers The

default base for numbers is decimal.  Hexidecimal may be specified

by using 0x prefix.  The first number is the number of data bytes,

excluding the first number.  After the first number must come enough

numbers to fill the value.  Each number represents one DWORD or 4

bytes.  So if the first number was 0x5 you would need two more

numbers after that to fill the 5 bytes.  The high order 3 bytes

of the second DWORD would be ignored.

Whenever specifying a registry path, either on the command line

or in an input file, the following prefix strings can be used:

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_USER

USER:

Each of these strings can stand alone as the key name or be followed

a backslash and a subkey path.

Back to the top of this page

REGISTER-CIMPROVIDER   (Version 6.2.9200.16384)

Registers CIM Provider into system

Usage:  Register-CimProvider.exe

-Namespace <NamespaceName>

-ProviderName <ProviderName>

-Path <ProviderDllPath>

[-Impersonation <True or False>]

[-Decoupled <SDDL>]

[-HostingModel <HostingModel>]

[-Localize <locale>]

[-NoAutorecover]

[-SupportWQL]

[-GenerateUnregistration]

[-ForceUpdate]

[-Verbose]

-Namespace <NamespaceName>

Specifies the target namespace of the provider.

-ProviderName <ProviderName>

Specifies the provider name.

-Path <ProviderDllPath>

Specifies the provider binary path.

-Impersonation <True or False>

Specifies foldidentity of decoupled provider, by default is True.

-Decoupled <SDDL>

Registers provider as decoupled and specifies the security descriptor

that determines the set of users that can successfully register

the provider.

-HostingModel <HostingModel>

Specifies the HostingModel of coupled provider.

-Localize <locale>

Localizes the provider with resource of specified locale.

-NoAutorecover

Doesn’t autorecover the provider.

-SupportWQL

Passes the query expression to the filter.

-GenerateUnregistration

Generate the uninstall mof for the registration,

which is disabled by default.

-ForceUpdate

Force update the class if it exists in the system.

-Verbose

Outputs registration log.

Back to the top of this page

RELOG   (Version 6.2.9200.16384)

Microsoft r Relog.exe (6.2.9200.16384)

Relog creates new performance logs from data in existing performance logs by

changing the sampling rate and/or converting the file format. Supports all

performance log formats, including Windows NT 4.0 compressed logs.

Usage:

RELOG <filename [filename …]>

[options]

Parameters:

<filename [filename …]>     Performance file to relog.

Options:

-?                            Displays context sensitive help.

-a                            Append output to the existing binary file.

-c <path [path …]>          Counters to filter from the input log.

-cf <filename>                File listing performance counters to filter

from the input log. Default is all counters

in the original log file.

-f <CSV|TSV|BIN|SQL>          Output file format.

-t <value>                    Only write every nth record into the output

file. Default is to write every record.

-o                            Output file path or SQL database.

-b <dd-MM-yyyy HH:mm:ss[AM|PM]>   Begin time for the first record to write

into the output file.

-e <dd-MM-yyyy HH:mm:ss[AM|PM]>   End time for the last record to write

into the output file.

-config <filename>            Settings file containing command options.

-q                            List performance counters in the input file.

-y                            Answer yes to all questions without prompting.

Examples:

relog logfile.csv -c “\Processor(_Total)\% Processor Time” -o logfile.blg

relog logfile.blg -cf counters.txt -f bin

relog logfile.blg -f csv -o logfile.csv -t 2

relog logfile.blg -q -o counters.txt

Back to the top of this page

REM   (internal command)

Records comments (remarks) in a batch file or CONFIG.SYS.

REM [comment]

Back to the top of this page

REN   (internal command)

Renames a file or files.

RENAME [drive:][path]filename1 filename2.

REN [drive:][path]filename1 filename2.

Note that you cannot specify a new drive or path for your destination file.

Back to the top of this page

RENAME   (internal command)

Renames a file or files.

RENAME [drive:][path]filename1 filename2.

REN [drive:][path]filename1 filename2.

Note that you cannot specify a new drive or path for your destination file.

Back to the top of this page

REPAIR-BDE   (Version 6.2.9200.16384)

BitLocker Drive Encryption: Repair Tool version 6.2.9200

Copyright (C) 2012 Microsoft Corporation. All rights reserved.

Usage:

repair-bde[.exe] InputVolume

{ OutputVolumeOrImage }

{ {-RecoveryPassword|-rp} NumericalPassword |

{-RecoveryKey|-rk} PathToExternalKeyFile |

{-Password|-pw} }

[{-KeyPackage|-kp} PathToKeyPackage]

[{-LogFile|-lf} PathToLogFile]

[{-?|/?}]

Description:

Attempts to repair or decrypt a damaged BitLocker-encrypted volume using the

supplied recovery information. If BitLocker was in the process of encryption

or decryption or had been suspended prior to volume failure a clear key will

be present on the volume. Repair-bde attempts to use this clear key by

default if another key is not specified.

WARNING! To avoid additional data loss, you should have a spare hard drive

available. Use this spare drive to store decrypted output or to back up the

contents of the damaged volume.

Parameters:

InputVolume

The BitLocker-encrypted volume to repair.

Example: “C:”,

“\\?\Volume{26a21bda-a627-11d7-9931-806e6f6e6963}”.

OutputVolumeOrImage

Optional. The volume to store decrypted contents, or the file

location to create an image file of the contents.

Examples: “D:”, “D:\imagefile.img”.

WARNING! All information on this output volume will be

overwritten.

-rk  or -RecoveryKey

Provide an external key to unlock the volume.

Example: “F:\RecoveryKey.bek”.

-rp  or -RecoveryPassword

Provide a numerical password to unlock the volume.

Example: “111111-222222-333333-…”.

-pw  or -Password

Provide a password to unlock the volume.

-kp  or -KeyPackage

Optional. Provide a key package to unlock the volume.

Example: “F:\ExportedKeyPackage”

If this option is blank, the tool will look for the key package

automatically. This option is needed only if required by the tool.

-lf  or -LogFile

Optional. Provide a path to a file that will store progress

information. Example: “F:\log.txt”.

-f   or -Force

Optional. When used, forces a volume to be dismounted even if

it cannot be locked. This option is needed only if required by

the tool.

-?   or /?

Shows this screen.

Examples:

repair-bde C: D: -rk F:\RecoveryKey.bek -Force

repair-bde C: D: -rp 111111-222222-[…] -lf F:\log.txt

repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[…]

repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek

repair-bde C: D: -pw

Back to the top of this page

REPLACE   (Version 6.2.9200.16384)

Replaces files.

REPLACE [drive1:][path1]filename [drive2:][path2] [/A] [/P] [/R] [/W]

REPLACE [drive1:][path1]filename [drive2:][path2] [/P] [/R] [/S] [/W] [/U]

[drive1:][path1]filename Specifies the source file or files.

[drive2:][path2]         Specifies the directory where files are to be

replaced.

/A                       Adds new files to destination directory. Cannot

use with /S or /U switches.

/P                       Prompts for confirmation before replacing a file or

adding a source file.

/R                       Replaces read-only files as well as unprotected

files.

/S                       Replaces files in all subdirectories of the

destination directory. Cannot use with the /A

switch.

/W                       Waits for you to insert a disk before beginning.

/U                       Replaces (updates) only files that are older than

source files. Cannot use with the /A switch.

Back to the top of this page

RESET   (Version 6.2.9200.16384)

RESET { SESSION }

Back to the top of this page

RMDIR   (internal command)

Removes (deletes) a directory.

RMDIR [/S] [/Q] [drive:]path

RD [/S] [/Q] [drive:]path

/S      Removes all directories and files in the specified directory

in addition to the directory itself.  Used to remove a directory

tree.

/Q      Quiet mode, do not ask if ok to remove a directory tree with /S

Back to the top of this page

ROBOCOPY   (Version 6.2.9200.16384)

——————————————————————————-

ROBOCOPY     ::     Robust File Copy for Windows

——————————————————————————-

Started : 13 June 2014 11:58:33

Usage :: ROBOCOPY source destination [file [file]…] [options]

source :: Source Directory (drive:\path or \\server\share\path).

destination :: Destination Dir  (drive:\path or \\server\share\path).

file :: File(s) to copy  (names/wildcards: default is “*.*”).

::

:: Copy options :

::

/S :: copy Subdirectories, but not empty ones.

/E :: copy subdirectories, including Empty ones.

/LEV:n :: only copy the top n LEVels of the source directory tree.

/Z :: copy files in restartable mode.

/B :: copy files in Backup mode.

/ZB :: use restartable mode; if access denied use Backup mode.

/J :: copy using unbuffered I/O (recommended for large files).

/EFSRAW :: copy all encrypted files in EFS RAW mode.

/COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).

(copyflags : D=Data, A=Attributes, T=Timestamps).

(S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

/SEC :: copy files with SECurity (equivalent to /COPY:DATS).

/COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU).

/NOCOPY :: COPY NO file info (useful with /PURGE).

/SECFIX :: FIX file SECurity on all files, even skipped files.

/TIMFIX :: FIX file TIMes on all files, even skipped files.

/PURGE :: delete dest files/dirs that no longer exist in source.

/MIR :: MIRror a directory tree (equivalent to /E plus /PURGE).

/MOV :: MOVe files (delete from source after copying).

/MOVE :: MOVE files AND dirs (delete from source after copying).

/A+:[RASHCNET] :: add the given Attributes to copied files.

/A-:[RASHCNET] :: remove the given Attributes from copied files.

/CREATE :: CREATE directory tree and zero-length files only.

/FAT :: create destination files using 8.3 FAT file names only.

/256 :: turn off very long path (> 256 characters) support.

/MON:n :: MONitor source; run again when more than n changes seen.

/MOT:m :: MOnitor source; run again in m minutes Time, if changed.

/RH:hhmm-hhmm :: Run Hours – times when new copies may be started.

/PF :: check run hours on a Per File (not per pass) basis.

/IPG:n :: Inter-Packet Gap (ms), to free bandwidth on slow lines.

/SL :: copy symbolic links versus the target.

/MT[:n] :: Do multi-threaded copies with n threads (default 8).

n must be at least 1 and not greater than 128.

This option is incompatible with the /IPG and /EFSRAW options.

Redirect output using /LOG option for better performance.

/DCOPY:copyflag[s] :: what to COPY for directories (default is /DCOPY:DA).

(copyflags : D=Data, A=Attributes, T=Timestamps).

/NODCOPY :: COPY NO directory info (by default /DCOPY:DA is done).

/NOOFFLOAD :: copy files without using the Windows Copy Offload mechanism.

::

:: File Selection Options :

::

/A :: copy only files with the Archive attribute set.

/M :: copy only files with the Archive attribute and reset it.

/IA:[RASHCNETO] :: Include only files with any of the given Attributes set.

/XA:[RASHCNETO] :: eXclude files with any of the given Attributes set.

/XF file [file]… :: eXclude Files matching given names/paths/wildcards.

/XD dirs [dirs]… :: eXclude Directories matching given names/paths.

/XC :: eXclude Changed files.

/XN :: eXclude Newer files.

/XO :: eXclude Older files.

/XX :: eXclude eXtra files and directories.

/XL :: eXclude Lonely files and directories.

/IS :: Include Same files.

/IT :: Include Tweaked files.

/MAX:n :: MAXimum file size – exclude files bigger than n bytes.

/MIN:n :: MINimum file size – exclude files smaller than n bytes.

/MAXAGE:n :: MAXimum file AGE – exclude files older than n days/date.

/MINAGE:n :: MINimum file AGE – exclude files newer than n days/date.

/MAXLAD:n :: MAXimum Last Access Date – exclude files unused since n.

/MINLAD:n :: MINimum Last Access Date – exclude files used since n.

(If n < 1900 then n = n days, else n = YYYYMMDD date).

/XJ :: eXclude Junction points. (normally included by default).

/FFT :: assume FAT File Times (2-second granularity).

/DST :: compensate for one-hour DST time differences.

/XJD :: eXclude Junction points for Directories.

/XJF :: eXclude Junction points for Files.

::

:: Retry Options :

::

/R:n :: number of Retries on failed copies: default 1 million.

/W:n :: Wait time between retries: default is 30 seconds.

/REG :: Save /R:n and /W:n in the Registry as default settings.

/TBD :: wait for sharenames To Be Defined (retry error 67).

::

:: Logging Options :

::

/L :: List only – don’t copy, timestamp or delete any files.

/X :: report all eXtra files, not just those selected.

/V :: produce Verbose output, showing skipped files.

/TS :: include source file Time Stamps in the output.

/FP :: include Full Pathname of files in the output.

/BYTES :: Print sizes as bytes.

/NS :: No Size – don’t log file sizes.

/NC :: No Class – don’t log file classes.

/NFL :: No File List – don’t log file names.

/NDL :: No Directory List – don’t log directory names.

/NP :: No Progress – don’t display percentage copied.

/ETA :: show Estimated Time of Arrival of copied files.

/LOG:file :: output status to LOG file (overwrite existing log).

/LOG+:file :: output status to LOG file (append to existing log).

/UNILOG:file :: output status to LOG file as UNICODE (overwrite existing log).

/UNILOG+:file :: output status to LOG file as UNICODE (append to existing log).

/TEE :: output to console window, as well as the log file.

/NJH :: No Job Header.

/NJS :: No Job Summary.

/UNICODE :: output status as UNICODE.

::

:: Job Options :

::

/JOB:jobname :: take parameters from the named JOB file.

/SAVE:jobname :: SAVE parameters to the named job file

/QUIT :: QUIT after processing command line (to view parameters).

/NOSD :: NO Source Directory is specified.

/NODD :: NO Destination Directory is specified.

/IF :: Include the following Files.

Back to the top of this page

ROUTE   (Version 6.2.9200.16384)

Manipulates network routing tables.

ROUTE [-f] [-p] [-4|-6] command [destination]

[MASK netmask]  [gateway] [METRIC metric]  [IF interface]

-f           Clears the routing tables of all gateway entries.  If this is

used in conjunction with one of the commands, the tables are

cleared prior to running the command.

-p           When used with the ADD command, makes a route persistent across

boots of the system. By default, routes are not preserved

when the system is restarted. Ignored for all other commands,

which always affect the appropriate persistent routes.

-4           Force using IPv4.

-6           Force using IPv6.

command      One of these:

PRINT     Prints  a route

ADD       Adds    a route

DELETE    Deletes a route

CHANGE    Modifies an existing route

destination  Specifies the host.

MASK         Specifies that the next parameter is the ‘netmask’ value.

netmask      Specifies a subnet mask value for this route entry.

If not specified, it defaults to 255.255.255.255.

gateway      Specifies gateway.

interface    the interface number for the specified route.

METRIC       specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database

file NETWORKS. The symbolic names for gateway are looked up in the host name

database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,

(wildcard is specified as a star ‘*’), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only

matching destination routes are printed. The ‘*’ matches any string,

and ‘?’ matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Pattern match is only allowed in PRINT command.

Diagnostic Notes:

Invalid MASK generates an error, that is when (DEST & MASK) != DEST.

Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1

The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

Examples:

> route PRINT

> route PRINT -4

> route PRINT -6

> route PRINT 157*          …. Only prints those matching 157*

> route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 3 IF 2

destinationˆ      ˆmask      ˆgateway     metricˆ    ˆ

Interfaceˆ

If IF is not given, it tries to find the best interface for a given

gateway.

> route ADD 3ffe::/32 3ffe::1

> route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

CHANGE is used to modify gateway and/or metric only.

> route DELETE 157.0.0.0

> route DELETE 3ffe::/32

Back to the top of this page

RPCPING   (Version 6.2.9200.16384)

Usage:

rpcping [-t <protseq>] [-s <server_addr>] [-e <endpoint>

|-f <interface UUID>[,MajorVer]] [-O <Interface Object UUID]

[-i <#_iterations>] [-u <security_package_id>] [-a <authn_level>]

[-N <server_princ_name>] [-I <auth_identity>] [-C <capabilities>]

[-T <identity_tracking>] [-M <impersonation_type>]

[-S <server_sid>] [-P <proxy_auth_identity>] [-F <RPCHTTP_flags>]

[-H <RPC/HTTP_authn_schemes>] [-o <binding_options>]

[-B <server_certificate_subject>] [-b] [-E] [-q] [-c]

[-A <http_proxy_auth_identity>] [-U <HTTP_proxy_authn_schemes>]

[-r <report_results_interval>] [-v <verbose_level>]

Pings a server using RPC. Options are:

-t <protseq> – protocol sequence to use. Can be one of the standard

RPC protocol sequences – ncacn_ip_tcp, ncacn_np, ncacn_http, etc.

If not specified, default is ncacn_ip_tcp.

-s <server_addr> – the server address. If not specified, the local

machine will be pinged. E.g. server, server.com, 157.59.244.141

-e <endpoint> – the endpoint to ping. If none is specified, the endpoint

mapper on the target machine will be pinged. This option is mutually

exclusive with the interface (-f) option.

-o <binding_options> – the binding options for the RPC ping. See the

MSDN for more details (RpcStringBindingCompose and RPC over HTTP).

-f <interface UUID>[,MajorVer] – the interface to ping. This option is

mutually exclusive with the endpoint option. The interface is specified

as a UUID. If the MajorVer is not specified, version 1 of the interface

will be sought. When interface is specified, rpcping will query the

endpoint mapper on the target machine to retrieve the endpoint for the

specified interface. The endpoint mapper will be queried using the

options specified in the command line.

-O <Object UUID> – Object Uuid if the interface registerd one.

-i <#_iterations> – number of calls to make. The default is 1. This

option is useful for measuring connection latency if multiple

iterations are specified.

-u <security_package_id> – the security package (security provider) RPC

will use to make the call. The security package is identified as a

number or a name. If a number is used it is the same number as in the

RpcBindingSetAuthInfoEx API. The table below gives the names and

numbers. Names are not case sensitive:

Negotiate – 9 or one of nego, snego or negotiate

NTLM – 10 or NTLM

SChannel – 14 or SChannel

Kerberos – 16 or Kerberos

Kernel – 20 or Kernel

If you specify this option you must specify authentication level other

than none. There is no default for this option. If it is not specified,

RPC will not use security for the ping.

-a <authn_level> – the authentication level to use. Possible values are

connect, call, pkt, integrity and privacy. If this option is

specified, the security package id (-u) must also be specified. There

is no default for this option. If this option is not specified, RPC

will not use security for the ping.

-N <server_princ_name> – specifies a server principal name. Same semantics

as the ServerPrincName argument to RpcBindingSetAuthInfoEx. See the

MSDN for more information on RpcBidningSetAuthInfoEx. This field can be

used only when authentication level and security package are selected.

-I <auth_identity> – allows you to specify alternative identity to connect

to the server. The identity is in the form user,domain,password where

the three fields have the obvious meaning. If the user name, domain or

password have special characters that can be interpreted by the shell

be sure to enclose the identity in double quotes. You can specify *

instead of the password and RPC will prompt you to enter the password

without echoing it on the screen. If this field is not specified, the

identity of the logged on user will be used. This field can be used

only when authentication level and security package are selected.

-C <capabilities> – a hex bitmask of flags. It has the same meaning as

the Capabilities field in the RPC_SECURITY_QOS structure described

in the MSDN. This field can be used only when authentication level and

security package are selected.

-T <identity_tracking> – can be static or dynamic. If not specified,

dynamic is the default. This field can be used only when authentication

level and security package are selected.

-M <impersonation_type> – can be anonymous, identify, impersonate or

delegate. Default is impersonate. This field can be used only when

authentication level and security package are selected.

-S <server_sid> – the expected SID of the server. For more information

see the Sid field in the RPC_SECURITY_QOS structure in the MSDN. Using

this option requires Windows .NET Server 2003 or higher. This field can

be used only when authentication level and security package are

selected.

-P <proxy_auth_identity> – specifies the identity to authenticate with to

the RPC/HTTP proxy. Has the same format as for the -I option.

Also, you must specify security package (-u), authentication level

(-a), and authentication schemes (-H) in order to use this option.

-F <RPCHTTP_flags> – the flags to pass for RPC/HTTP front end

authentication. The flags may be specified as numbers or names

The currently recognized flags are:

Use SSL – 1 or ssl or use_ssl

Use first auth scheme – 2 or first or use_first

See the Flags field in RPC_HTTP_TRANSPORT_CREDENTIALS for more

information. Also, you must specify security package (-u) and

authentication level (-a) in order to use this option.

-H <RPC/HTTP_authn_schemes> – the authentication schemes to use for

RPC/HTTP front end authentication. This option is a list of numerical

values or names separated by comma. E.g. Basic,NTLM. Recognized values

are (names are not case sensitive:

Basic – 1 or Basic

NTLM – 2 or NTLM

Certificate – 65536 or Cert

Also, you must specify security package (-u) and authentication level

(-a) in order to use this option.

-B <server_certificate_subject> – the server certificate subject. For

more information, see the ServerCertificateSubject field in the

RPC_HTTP_TRANSPORT_CREDENTIALS structure in the MSDN. You must use

SSL for this option to work. Also, you must specify security package

(-u) and authentication level (-a) in order to use this option.

-b – retrieves the server certificate subject from the certificate sent

by the server and prints it to a screen or a log file. Valid only when

the Proxy Echo only option (-E) and the use SSL options are specified.

Also, you must specify security package (-u) and authentication level

(-a) in order to use this option.

-R – specifies the HTTP proxy. if it’s ‘none’, we will not use HTTP proxy but

directly attempt the RPC proxy. the value ‘default’ means to use the IE

settings in your client machine. any other value will be treated as the

explicit HTTP proxy. if you don’t specify this flag, the default value

is assumed, that is, the IE settings are checked. this flag is valid

only when the -E (Echo Only) flag is enabled.

-E – restricts the ping to the RPC/HTTP proxy only. The ping does not

reach the server. Useful when trying to establish whether the RPC/HTTP

proxy is reachable. Also, you must specify security package (-u) and

authentication level (-a) in order to use this option. To specify an

HTTP proxy, use the -R flag. If an HTTP proxy is specified in the -o

flag, this option will be ignored.

-q – quiet mode. Does not issue any prompts except for passwords. Assumes

‘Y’ response to all queries. Use this option with care.

-c – use smart card certificate. RPCPing will prompt user to choose

smart card.

-A <http_proxy_auth_identity> – specifies the identity to authenticate

with to the HTTP proxy. Has the same format as for the -I option.

Also, you must specify authentication schemes (-U), security package

(-u) and authentication level (-a) in order to use this option.

-U <HTTP_proxy_authn_schemes> – the authentication schemes to use for

HTTP proxy authentication. This option is a list of numerical

values or names separated by comma. E.g. Basic,NTLM. Recognized values

are (names are not case sensitive:

Basic – 1 or Basic

NTLM – 2 or NTLM

You must specify security package (-u) and authentication level (-a)

in order to use this option.

-r <report_results_interval> – if multiple iterations are specified, this

option will make rpcping display current execution statistics

periodically instead after the last call. The report interval is given

in seconds. Default is 15.

-v <verbose_level> – tells rpcping how verbose to make the output. Default

value is 1. 2 and 3 provide more output from rpcping.

Example: Find out if your Exchange server that you connect through

RPC/HTTP is accessible:

rpcping -t ncacn_http -s exchange_server -o RpcProxy=front_end_proxy

-P “username,domain,*” -H Basic -u NTLM -a connect -F 3

When prompted for the password, enter it. exchange_server is the name of

your exchange server, front_end_proxy is the name of your proxy, username

and domain are your user name and domain as you would enter them in the

Outlook prompt. The other parameters will ask rpcping to ping your

Exchange server in exactly the same way as Outlook will connect to it for

the typical profile.

-p – Prompt for credentials if authentication fails.

Back to the top of this page

SC   (Version 6.2.9200.16384)

ERROR:  Unrecognized command

DESCRIPTION:

SC is a command line program used for communicating with the

Service Control Manager and services.

USAGE:

sc <server> [command] [service name] <option1> <option2>…

The option <server> has the form “\\ServerName”

Further help on commands can be obtained by typing: “sc [command]”

Commands:

query———–Queries the status for a service, or

enumerates the status for types of services.

queryex———Queries the extended status for a service, or

enumerates the status for types of services.

start———–Starts a service.

pause———–Sends a PAUSE control request to a service.

interrogate—–Sends an INTERROGATE control request to a service.

continue——–Sends a CONTINUE control request to a service.

stop————Sends a STOP request to a service.

config———-Changes the configuration of a service (persistent).

description—–Changes the description of a service.

failure———Changes the actions taken by a service upon failure.

failureflag—–Changes the failure actions flag of a service.

sidtype———Changes the service SID type of a service.

privs———–Changes the required privileges of a service.

managedaccount–Changes the service to mark the service account

password as managed by LSA.

qc————–Queries the configuration information for a service.

qdescription—-Queries the description for a service.

qfailure——–Queries the actions taken by a service upon failure.

qfailureflag—-Queries the failure actions flag of a service.

qsidtype——–Queries the service SID type of a service.

qprivs———-Queries the required privileges of a service.

qtriggerinfo—-Queries the trigger parameters of a service.

qpreferrednode–Queries the preferred NUMA node of a service.

qrunlevel——-Queries the run level of a service.

qmanagedaccount-Queries whether a services uses an account with a

password managed by LSA.

delete———-Deletes a service (from the registry).

create———-Creates a service. (adds it to the registry).

control———Sends a control to a service.

sdshow———-Displays a service’s security descriptor.

sdset———–Sets a service’s security descriptor.

showsid———Displays the service SID string corresponding to an arbitrary name.

triggerinfo—–Configures the trigger parameters of a service.

preferrednode—Sets the preferred NUMA node of a service.

runlevel——–Sets the run level of a service.

GetDisplayName–Gets the DisplayName for a service.

GetKeyName——Gets the ServiceKeyName for a service.

EnumDepend——Enumerates Service Dependencies.

The following commands don’t require a service name:

sc <server> <command> <option>

boot————(ok | bad) Indicates whether the last boot should

be saved as the last-known-good boot configuration

Lock————Locks the Service Database

QueryLock——-Queries the LockStatus for the SCManager Database

EXAMPLE:

sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]:

Back to the top of this page

SCHTASKS   (Version 6.2.9200.16384)

SCHTASKS /parameter [arguments]

Description:

Enables an administrator to create, delete, query, change, run and

end scheduled tasks on a local or remote system.

Parameter List:

/Create         Creates a new scheduled task.

/Delete         Deletes the scheduled task(s).

/Query          Displays all scheduled tasks.

/Change         Changes the properties of scheduled task.

/Run            Runs the scheduled task on demand.

/End            Stops the currently running scheduled task.

/ShowSid        Shows the security identifier corresponding to a scheduled task name.

/?              Displays this help message.

Examples:

SCHTASKS

SCHTASKS /?

SCHTASKS /Run /?

SCHTASKS /End /?

SCHTASKS /Create /?

SCHTASKS /Delete /?

SCHTASKS /Query  /?

SCHTASKS /Change /?

SCHTASKS /ShowSid /?

Back to the top of this page

SECEDIT   (Version 6.2.9200.16384)

The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

Back to the top of this page

SET   (internal command)

Displays, sets, or removes cmd.exe environment variables.

SET [variable=[string]]

variable  Specifies the environment-variable name.

string    Specifies a series of characters to assign to the variable.

Type SET without parameters to display the current environment variables.

If Command Extensions are enabled SET changes as follows:

SET command invoked with just a variable name, no equal sign or value

will display the value of all variables whose prefix matches the name

given to the SET command.  For example:

SET P

would display all variables that begin with the letter ‘P’

SET command will set the ERRORLEVEL to 1 if the variable name is not

found in the current environment.

SET command will not allow an equal sign to be part of the name of

a variable.

Two new switches have been added to the SET command:

SET /A expression

SET /P variable=[promptString]

The /A switch specifies that the string to the right of the equal sign

is a numerical expression that is evaluated.  The expression evaluator

is pretty simple and supports the following operations, in decreasing

order of precedence:

()                  – grouping

! ~ –               – unary operators

* / %               – arithmetic operators

+ –                 – arithmetic operators

<< >>               – logical shift

&                   – bitwise and

ˆ                   – bitwise exclusive or

|                   – bitwise or

= *= /= %= += -=    – assignment

&= ˆ= |= <<= >>=

,                   – expression separator

If you use any of the logical or modulus operators, you will need to

enclose the expression string in quotes.  Any non-numeric strings in the

expression are treated as environment variable names whose values are

converted to numbers before using them.  If an environment variable name

is specified but is not defined in the current environment, then a value

of zero is used.  This allows you to do arithmetic with environment

variable values without having to type all those % signs to get their

values.  If SET /A is executed from the command line outside of a

command script, then it displays the final value of the expression.  The

assignment operator requires an environment variable name to the left of

the assignment operator.  Numeric values are decimal numbers, unless

prefixed by 0x for hexadecimal numbers, and 0 for octal numbers.

So 0x12 is the same as 18 is the same as 022. Please note that the octal

notation can be confusing: 08 and 09 are not valid numbers because 8 and

9 are not valid octal digits.

The /P switch allows you to set the value of a variable to a line of input

entered by the user.  Displays the specified promptString before reading

the line of input.  The promptString can be empty.

Environment variable substitution has been enhanced as follows:

%PATH:str1=str2%

would expand the PATH environment variable, substituting each occurrence

of “str1” in the expanded result with “str2”.  “str2” can be the empty

string to effectively delete all occurrences of “str1” from the expanded

output.  “str1” can begin with an asterisk, in which case it will match

everything from the beginning of the expanded output to the first

occurrence of the remaining portion of str1.

May also specify substrings for an expansion.

%PATH:~10,5%

would expand the PATH environment variable, and then use only the 5

characters that begin at the 11th (offset 10) character of the expanded

result.  If the length is not specified, then it defaults to the

remainder of the variable value.  If either number (offset or length) is

negative, then the number used is the length of the environment variable

value added to the offset or length specified.

%PATH:~-10%

would extract the last 10 characters of the PATH variable.

%PATH:~0,-2%

would extract all but the last 2 characters of the PATH variable.

Finally, support for delayed environment variable expansion has been

added.  This support is always disabled by default, but may be

enabled/disabled via the /V command line switch to CMD.EXE.  See CMD /?

Delayed environment variable expansion is useful for getting around

the limitations of the current expansion which happens when a line

of text is read, not when it is executed.  The following example

demonstrates the problem with immediate variable expansion:

set VAR=before

if “%VAR%” == “before” (

set VAR=after

if “%VAR%” == “after” @echo If you see this, it worked

)

would never display the message, since the %VAR% in BOTH IF statements

is substituted when the first IF statement is read, since it logically

includes the body of the IF, which is a compound statement.  So the

IF inside the compound statement is really comparing “before” with

“after” which will never be equal.  Similarly, the following example

will not work as expected:

set LIST=

for %i in (*) do set LIST=%LIST% %i

echo %LIST%

in that it will NOT build up a list of files in the current directory,

but instead will just set the LIST variable to the last file found.

Again, this is because the %LIST% is expanded just once when the

FOR statement is read, and at that time the LIST variable is empty.

So the actual FOR loop we are executing is:

for %i in (*) do set LIST= %i

which just keeps setting LIST to the last file found.

Delayed environment variable expansion allows you to use a different

character (the exclamation mark) to expand environment variables at

execution time.  If delayed variable expansion is enabled, the above

examples could be written as follows to work as intended:

set VAR=before

if “%VAR%” == “before” (

set VAR=after

if “!VAR!” == “after” @echo If you see this, it worked

)

set LIST=

for %i in (*) do set LIST=!LIST! %i

echo %LIST%

If Command Extensions are enabled, then there are several dynamic

environment variables that can be expanded but which don’t show up in

the list of variables displayed by SET.  These variable values are

computed dynamically each time the value of the variable is expanded.

If the user explicitly defines a variable with one of these names, then

that definition will override the dynamic one described below:

%CD% – expands to the current directory string.

%DATE% – expands to current date using same format as DATE command.

%TIME% – expands to current time using same format as TIME command.

%RANDOM% – expands to a random decimal number between 0 and 32767.

%ERRORLEVEL% – expands to the current ERRORLEVEL value

%CMDEXTVERSION% – expands to the current Command Processor Extensions

version number.

%CMDCMDLINE% – expands to the original command line that invoked the

Command Processor.

%HIGHESTNUMANODENUMBER% – expands to the highest NUMA node number

on this machine.

Back to the top of this page

SETLOCAL   (internal command)

Begins localization of environment changes in a batch file.  Environment

changes made after SETLOCAL has been issued are local to the batch file.

ENDLOCAL must be issued to restore the previous settings.  When the end

of a batch script is reached, an implied ENDLOCAL is executed for any

outstanding SETLOCAL commands issued by that batch script.

SETLOCAL

If Command Extensions are enabled SETLOCAL changes as follows:

SETLOCAL batch command now accepts optional arguments:

ENABLEEXTENSIONS / DISABLEEXTENSIONS

enable or disable command processor extensions. These

arguments takes precedence over the CMD /E:ON or /E:OFF

switches. See CMD /? for details.

ENABLEDELAYEDEXPANSION / DISABLEDELAYEDEXPANSION

enable or disable delayed environment variable

expansion. These arguments takes precedence over the CMD

/V:ON or /V:OFF switches. See CMD /? for details.

These modifications last until the matching ENDLOCAL command,

regardless of their setting prior to the SETLOCAL command.

The SETLOCAL command will set the ERRORLEVEL value if given

an argument.  It will be zero if one of the two valid arguments

is given and one otherwise.  You can use this in batch scripts

to determine if the extensions are available, using the following

technique:

VERIFY OTHER 2>nul

SETLOCAL ENABLEEXTENSIONS

IF ERRORLEVEL 1 echo Unable to enable extensions

This works because on old versions of CMD.EXE, SETLOCAL does NOT

set the ERRORLEVEL value. The VERIFY command with a bad argument

initializes the ERRORLEVEL value to a non-zero value.

Back to the top of this page

SETX   (Version 6.2.9200.16384)

SetX has three ways of working:

Syntax 1:

SETX [/S system [/U [domain\]user [/P [password]]]] var value [/M]

Syntax 2:

SETX [/S system [/U [domain\]user [/P [password]]]] var /K regpath [/M]

Syntax 3:

SETX [/S system [/U [domain\]user [/P [password]]]]

/F file {var {/A x,y | /R x,y string}[/M] | /X} [/D delimiters]

Description:

Creates or modifies environment variables in the user or system

environment. Can set variables based on arguments, regkeys or

file input.

Parameter List:

/S     system          Specifies the remote system to connect to.

/U     [domain\]user   Specifies the user context under which

the command should execute.

/P     [password]      Specifies the password for the given

user context. Prompts for input if omitted.

var                    Specifies the environment variable to set.

value                  Specifies a value to be assigned to the

environment variable.

/K     regpath         Specifies that the variable is set based

on information from a registry key.

Path should be specified in the format of

hive\key\…\value. For example,

HKEY_LOCAL_MACHINE\System\CurrentControlSet\

Control\TimeZoneInformation\StandardName.

/F     file            Specifies the filename of the text file

to use.

/A     x,y             Specifies absolute file coordinates

(line X, item Y) as parameters to search

within the file.

/R     x,y string      Specifies relative file coordinates with

respect to “string” as the search parameters.

/M                     Specifies that the variable should be set in

the system wide (HKEY_LOCAL_MACHINE)

environment. The default is to set the

variable under the HKEY_CURRENT_USER

environment.

/X                     Displays file contents with x,y coordinates.

/D     delimiters      Specifies additional delimiters such as “,”

or “\”. The built-in delimiters are space,

tab, carriage return, and linefeed. Any

ASCII character can be used as an additional

delimiter. The maximum number of delimiters,

including the built-in delimiters, is 15.

/?                     Displays this help message.

NOTE: 1) SETX writes variables to the master environment in the registry.

2) On a local system, variables created or modified by this tool

will be available in future command windows but not in the

current CMD.exe command window.

3) On a remote system, variables created or modified by this tool

will be available at the next logon session.

4) The valid Registry Key data types are REG_DWORD, REG_EXPAND_SZ,

REG_SZ, REG_MULTI_SZ.

5) Supported hives:  HKEY_LOCAL_MACHINE (HKLM),

HKEY_CURRENT_USER (HKCU).

6) Delimiters are case sensitive.

7) REG_DWORD values are extracted from the registry in decimal

format.

Examples:

SETX MACHINE COMPAQ

SETX MACHINE “COMPAQ COMPUTER” /M

SETX MYPATH “%PATH%”

SETX MYPATH ~PATH~

SETX /S system /U user /P password  MACHINE COMPAQ

SETX /S system /U user /P password MYPATH ˆ%PATHˆ%

SETX TZONE /K HKEY_LOCAL_MACHINE\System\CurrentControlSet\

Control\TimeZoneInformation\StandardName

SETX BUILD /K “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\CurrentBuildNumber” /M

SETX /S system /U user /P password TZONE /K HKEY_LOCAL_MACHINE\

System\CurrentControlSet\Control\TimeZoneInformation\

StandardName

SETX /S system /U user /P password  BUILD /K

“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\

CurrentVersion\CurrentBuildNumber” /M

SETX /F ipconfig.out /X

SETX IPADDR /F ipconfig.out /A 5,11

SETX OCTET1 /F ipconfig.out /A 5,3 /D “#$*.”

SETX IPGATEWAY /F ipconfig.out /R 0,7 Gateway

SETX /S system /U user /P password  /F c:\ipconfig.out /X

Back to the top of this page

SFC   (Version 6.2.9200.16384)

You must be an administrator running a console session in order to

use the sfc utility.

Back to the top of this page

SHIFT   (internal command)

Changes the position of replaceable parameters in a batch file.

SHIFT [/n]

If Command Extensions are enabled the SHIFT command supports

the /n switch which tells the command to start shifting at the

nth argument, where n may be between zero and eight.  For example:

SHIFT /2

would shift %3 to %2, %4 to %3, etc. and leave %0 and %1 unaffected.

Back to the top of this page

SHUTDOWN   (Version 6.2.9200.16384)

Usage: SHUTDOWN [/i | /l | /s | /r | /g | /a | /p | /h | /e | /o] [/hybrid] [/f]

[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c “comment”]]

No args    Display help. This is the same as typing /?.

/?         Display help. This is the same as not typing any options.

/i         Display the graphical user interface (GUI).

This must be the first option.

/l         Log off. This cannot be used with /m or /d options.

/s         Shutdown the computer.

/r         Full shutdown and restart the computer.

/g         Full shutdown and restart the computer. After the system is

rebooted, restart any registered applications.

/a         Abort a system shutdown.

This can only be used during the time-out period.

/p         Turn off the local computer with no time-out or warning.

Can be used with /d and /f options.

/h         Hibernate the local computer.

Can be used with the /f option.

/hybrid    Performs a shutdown of the computer and prepares it for fast startup.

Must be used with /s option.

/e         Document the reason for an unexpected shutdown of a computer.

/o         Go to the advanced boot options menu and restart the computer.

Must be used with /r option.

/m \\computer Specify the target computer.

/t xxx     Set the time-out period before shutdown to xxx seconds.

The valid range is 0-315360000 (10 years), with a default of 30.

If the timeout period is greater than 0, the /f parameter is

implied.

/c “comment” Comment on the reason for the restart or shutdown.

Maximum of 512 characters allowed.

/f         Force running applications to close without forewarning users.

The /f parameter is implied when a value greater than 0 is

specified for the /t parameter.

/d [p|u:]xx:yy  Provide the reason for the restart or shutdown.

p indicates that the restart or shutdown is planned.

u indicates that the reason is user defined.

If neither p nor u is specified the restart or shutdown is

unplanned.

xx is the major reason number (positive integer less than 256).

yy is the minor reason number (positive integer less than 65536).

Reasons on this computer:

(E = Expected U = Unexpected P = planned, C = customer defined)

Type    Major   Minor   Title

U      0       0       Other (Unplanned)

E       0       0       Other (Unplanned)

E P     0       0       Other (Planned)

U      0       5       Other Failure: System Unresponsive

E       1       1       Hardware: Maintenance (Unplanned)

E P     1       1       Hardware: Maintenance (Planned)

E       1       2       Hardware: Installation (Unplanned)

E P     1       2       Hardware: Installation (Planned)

E       2       2       Operating System: Recovery (Planned)

E P     2       2       Operating System: Recovery (Planned)

P     2       3       Operating System: Upgrade (Planned)

E       2       4       Operating System: Reconfiguration (Unplanned)

E P     2       4       Operating System: Reconfiguration (Planned)

P     2       16      Operating System: Service pack (Planned)

2       17      Operating System: Hot fix (Unplanned)

P     2       17      Operating System: Hot fix (Planned)

2       18      Operating System: Security fix (Unplanned)

P     2       18      Operating System: Security fix (Planned)

E       4       1       Application: Maintenance (Unplanned)

E P     4       1       Application: Maintenance (Planned)

E P     4       2       Application: Installation (Planned)

E       4       5       Application: Unresponsive

E       4       6       Application: Unstable

U      5       15      System Failure: Stop error

U      5       19      Security issue (Unplanned)

E       5       19      Security issue (Unplanned)

E P     5       19      Security issue (Planned)

E       5       20      Loss of network connectivity (Unplanned)

U      6       11      Power Failure: Cord Unplugged

U      6       12      Power Failure: Environment

P     7       0       Legacy API shutdown

Back to the top of this page

SORT   (Version 6.2.9200.16384)

SORT [/R] [/+n] [/M kilobytes] [/L locale] [/REC recordbytes]

[[drive1:][path1]filename1] [/T [drive2:][path2]]

[/O [drive3:][path3]filename3]

/+n                         Specifies the character number, n, to

begin each comparison.  /+3 indicates that

each comparison should begin at the 3rd

character in each line.  Lines with fewer

than n characters collate before other lines.

By default comparisons start at the first

character in each line.

/L[OCALE] locale            Overrides the system default locale with

the specified one.  The “”C”” locale yields

the fastest collating sequence and is

currently the only alternative.  The sort

is always case insensitive.

/M[EMORY] kilobytes         Specifies amount of main memory to use for

the sort, in kilobytes.  The memory size is

always constrained to be a minimum of 160

kilobytes.  If the memory size is specified

the exact amount will be used for the sort,

regardless of how much main memory is

available.

The best performance is usually achieved by

not specifying a memory size.  By default the

sort will be done with one pass (no temporary

file) if it fits in the default maximum

memory size, otherwise the sort will be done

in two passes (with the partially sorted data

being stored in a temporary file) such that

the amounts of memory used for both the sort

and merge passes are equal.  The default

maximum memory size is 90% of available main

memory if both the input and output are

files, and 45% of main memory otherwise.

/REC[ORD_MAXIMUM] characters Specifies the maximum number of characters

in a record (default 4096, maximum 65535).

/R[EVERSE]                  Reverses the sort order; that is,

sorts Z to A, then 9 to 0.

[drive1:][path1]filename1   Specifies the file to be sorted.  If not

specified, the standard input is sorted.

Specifying the input file is faster than

redirecting the same file as standard input.

/T[EMPORARY]

[drive2:][path2]          Specifies the path of the directory to hold

the sort’s working storage, in case the data

does not fit in main memory.  The default is

to use the system temporary directory.

/O[UTPUT]

[drive3:][path3]filename3 Specifies the file where the sorted input is

to be stored.  If not specified, the data is

written to the standard output.   Specifying

the output file is faster than redirecting

standard output to the same file.

Back to the top of this page

START   (internal command)

Starts a separate window to run a specified program or command.

START [“title”] [/D path] [/I] [/MIN] [/MAX] [/SEPARATE | /SHARED]

[/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL]

[/NODE <NUMA node>] [/AFFINITY <hex affinity mask>] [/WAIT] [/B]

[command/program] [parameters]

“title”     Title to display in window title bar.

path        Starting directory.

B           Start application without creating a new window. The

application has ˆC handling ignored. Unless the application

enables ˆC processing, ˆBreak is the only way to interrupt

the application.

I           The new environment will be the original environment passed

to the cmd.exe and not the current environment.

MIN         Start window minimized.

MAX         Start window maximized.

SEPARATE    Start 16-bit Windows program in separate memory space.

SHARED      Start 16-bit Windows program in shared memory space.

LOW         Start application in the IDLE priority class.

NORMAL      Start application in the NORMAL priority class.

HIGH        Start application in the HIGH priority class.

REALTIME    Start application in the REALTIME priority class.

ABOVENORMAL Start application in the ABOVENORMAL priority class.

BELOWNORMAL Start application in the BELOWNORMAL priority class.

NODE        Specifies the preferred Non-Uniform Memory Architecture (NUMA)

node as a decimal integer.

AFFINITY    Specifies the processor affinity mask as a hexadecimal number.

The process is restricted to running on these processors.

The affinity mask is interpreted differently when /AFFINITY and

/NODE are combined.  Specify the affinity mask as if the NUMA

node’s processor mask is right shifted to begin at bit zero.

The process is restricted to running on those processors in

common between the specified affinity mask and the NUMA node.

If no processors are in common, the process is restricted to

running on the specified NUMA node.

WAIT        Start application and wait for it to terminate.

command/program

If it is an internal cmd command or a batch file then

the command processor is run with the /K switch to cmd.exe.

This means that the window will remain after the command

has been run.

If it is not an internal cmd command or batch file then

it is a program and will run as either a windowed application

or a console application.

parameters  These are the parameters passed to the command/program.

NOTE: The SEPARATE and SHARED options are not supported on 64-bit platforms.

Specifying /NODE allows processes to be created in a way that leverages memory

locality on NUMA systems.  For example, two processes that communicate with

each other heavily through shared memory can be created to share the same

preferred NUMA node in order to minimize memory latencies.  They allocate

memory from the same NUMA node when possible, and they are free to run on

processors outside the specified node.

start /NODE 1 application1.exe

start /NODE 1 application2.exe

These two processes can be further constrained to run on specific processors

within the same NUMA node.  In the following example, application1 runs on the

low-order two processors of the node, while application2 runs on the next two

processors of the node.  This example assumes the specified node has at least

four logical processors.  Note that the node number can be changed to any valid

node number for that computer without having to change the affinity mask.

start /NODE 1 /AFFINITY 0x3 application1.exe

start /NODE 1 /AFFINITY 0xc application2.exe

If Command Extensions are enabled, external command invocation

through the command line or the START command changes as follows:

non-executable files may be invoked through their file association just

by typing the name of the file as a command.  (e.g.  WORD.DOC would

launch the application associated with the .DOC file extension).

See the ASSOC and FTYPE commands for how to create these

associations from within a command script.

When executing an application that is a 32-bit GUI application, CMD.EXE

does not wait for the application to terminate before returning to

the command prompt.  This new behavior does NOT occur if executing

within a command script.

When executing a command line whose first token is the string “CMD ”

without an extension or path qualifier, then “CMD” is replaced with

the value of the COMSPEC variable.  This prevents picking up CMD.EXE

from the current directory.

When executing a command line whose first token does NOT contain an

extension, then CMD.EXE uses the value of the PATHEXT

environment variable to determine which extensions to look for

and in what order.  The default value for the PATHEXT variable

is:

.COM;.EXE;.BAT;.CMD

Notice the syntax is the same as the PATH variable, with

semicolons separating the different elements.

When searching for an executable, if there is no match on any extension,

then looks to see if the name matches a directory name.  If it does, the

START command launches the Explorer on that path.  If done from the

command line, it is the equivalent to doing a CD /D to that path.

Back to the top of this page

SUBST   (Version 6.2.9200.16384)

Associates a path with a drive letter.

SUBST [drive1: [drive2:]path]

SUBST drive1: /D

drive1:        Specifies a virtual drive to which you want to assign a path.

[drive2:]path  Specifies a physical drive and path you want to assign to

a virtual drive.

/D             Deletes a substituted (virtual) drive.

Type SUBST with no parameters to display a list of current virtual drives.

Back to the top of this page

SXSTRACE   (Version 6.2.9200.16384)

WinSxs Tracing Utility.

Usage: SxsTrace [Options]

Options:

Trace -logfile:FileName [-nostop]

Enabling tracing for sxs.

Tracing log is saved to FileName.

If -nostop is specified, will not prompt to stop tracing.

Parse -logfile:FileName -outfile:ParsedFile  [-filter:AppName]

Translate the raw trace file into a human readable format and save the result to ParsedFile.

Use -filter option to filter the output.

Stoptrace

Stop the trace if it is not stopped before.

Example:  SxsTrace Trace -logfile:SxsTrace.etl

SxsTrace Parse -logfile:SxsTrace.etl -outfile:SxsTrace.txt

Back to the top of this page

SYSTEMINFO   (Version 6.2.9200.16384)

SYSTEMINFO [/S system [/U username [/P [password]]]] [/FO format] [/NH]

Description:

This tool displays operating system configuration information for

a local or remote machine, including service pack levels.

Parameter List:

/S      system           Specifies the remote system to connect to.

/U      [domain\]user    Specifies the user context under which

the command should execute.

/P      [password]       Specifies the password for the given

user context. Prompts for input if omitted.

/FO     format           Specifies the format in which the output

is to be displayed.

Valid values: “TABLE”, “LIST”, “CSV”.

/NH                      Specifies that the “Column Header” should

not be displayed in the output.

Valid only for “TABLE” and “CSV” formats.

/?                       Displays this help message.

Examples:

SYSTEMINFO

SYSTEMINFO /?

SYSTEMINFO /S system

SYSTEMINFO /S system /U user

SYSTEMINFO /S system /U domain\user /P password /FO TABLE

SYSTEMINFO /S system /FO LIST

SYSTEMINFO /S system /FO CSV /NH

Back to the top of this page

TAKEOWN   (Version 6.2.9200.16384)

TAKEOWN [/S system [/U username [/P [password]]]]

/F filename [/A] [/R [/D prompt]]

Description:

This tool allows an administrator to recover access to a file that

was denied by re-assigning file ownership.

Parameter List:

/S           system          Specifies the remote system to

connect to.

/U           [domain\]user   Specifies the user context under

which the command should execute.

/P           [password]      Specifies the password for the

given user context.

Prompts for input if omitted.

/F           filename        Specifies the filename or directory

name pattern. Wildcard “*” can be used

to specify the pattern. Allows

sharename\filename.

/A                           Gives ownership to the administrators

group instead of the current user.

/R                           Recurse: instructs tool to operate on

files in specified directory and all

subdirectories.

/D           prompt          Default answer used when the current user

does not have the “list folder” permission

on a directory.  This occurs while operating

recursively (/R) on sub-directories. Valid

values “Y” to take ownership or “N” to skip.

/?                           Displays this help message.

NOTE: 1) If /A is not specified, file ownership will be given to the

current logged on user.

2) Mixed patterns using “?” and “*” are not supported.

3) /D is used to suppress the confirmation prompt.

Examples:

TAKEOWN /?

TAKEOWN /F lostfile

TAKEOWN /F \\system\share\lostfile /A

TAKEOWN /F directory /R /D N

TAKEOWN /F directory /R /A

TAKEOWN /F *

TAKEOWN /F C:\Windows\System32\acme.exe

TAKEOWN /F %windir%\*.txt

TAKEOWN /S system /F MyShare\Acme*.doc

TAKEOWN /S system /U user /F MyShare\MyBinary.dll

TAKEOWN /S system /U domain\user /P password /F share\filename

TAKEOWN /S system /U user /P password /F Doc\Report.doc /A

TAKEOWN /S system /U user /P password /F Myshare\*

TAKEOWN /S system /U user /P password /F Home\Logon /R

TAKEOWN /S system /U user /P password /F Myshare\directory /R /A

Back to the top of this page

TASKKILL   (Version 6.2.9200.16384)

TASKKILL [/S system [/U username [/P [password]]]]

{ [/FI filter] [/PID processid | /IM imagename] } [/T] [/F]

Description:

This tool is used to terminate tasks by process id (PID) or image name.

Parameter List:

/S    system           Specifies the remote system to connect to.

/U    [domain\]user    Specifies the user context under which the

command should execute.

/P    [password]       Specifies the password for the given user

context. Prompts for input if omitted.

/FI   filter           Applies a filter to select a set of tasks.

Allows “*” to be used. ex. imagename eq acme*

/PID  processid        Specifies the PID of the process to be terminated.

Use TaskList to get the PID.

/IM   imagename        Specifies the image name of the process

to be terminated. Wildcard ‘*’ can be used

to specify all tasks or image names.

/T                     Terminates the specified process and any

child processes which were started by it.

/F                     Specifies to forcefully terminate the process(es).

/?                     Displays this help message.

Filters:

Filter Name   Valid Operators           Valid Value(s)

———–   —————           ————————-

STATUS        eq, ne                    RUNNING |

NOT RESPONDING | UNKNOWN

IMAGENAME     eq, ne                    Image name

PID           eq, ne, gt, lt, ge, le    PID value

SESSION       eq, ne, gt, lt, ge, le    Session number.

CPUTIME       eq, ne, gt, lt, ge, le    CPU time in the format

of hh:mm:ss.

hh – hours,

mm – minutes, ss – seconds

MEMUSAGE      eq, ne, gt, lt, ge, le    Memory usage in KB

USERNAME      eq, ne                    User name in [domain\]user

format

MODULES       eq, ne                    DLL name

SERVICES      eq, ne                    Service name

WINDOWTITLE   eq, ne                    Window title

NOTE

—-

1) Wildcard ‘*’ for /IM switch is accepted only when a filter is applied.

2) Termination of remote processes will always be done forcefully (/F).

3) “WINDOWTITLE” and “STATUS” filters are not considered when a remote

machine is specified.

Examples:

TASKKILL /IM notepad.exe

TASKKILL /PID 1230 /PID 1241 /PID 1253 /T

TASKKILL /F /IM cmd.exe /T

TASKKILL /F /FI “PID ge 1000” /FI “WINDOWTITLE ne untitle*”

TASKKILL /F /FI “USERNAME eq NT AUTHORITY\SYSTEM” /IM notepad.exe

TASKKILL /S system /U domain\username /FI “USERNAME ne NT*” /IM *

TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”

Back to the top of this page

TASKLIST   (Version 6.2.9200.16384)

TASKLIST [/S system [/U username [/P [password]]]]

[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

Description:

This tool displays a list of currently running processes on

either a local or remote machine.

Parameter List:

/S     system           Specifies the remote system to connect to.

/U     [domain\]user    Specifies the user context under which

the command should execute.

/P     [password]       Specifies the password for the given

user context. Prompts for input if omitted.

/M     [module]         Lists all tasks currently using the given

exe/dll name. If the module name is not

specified all loaded modules are displayed.

/SVC                    Displays services hosted in each process.

/V                      Displays verbose task information.

/FI    filter           Displays a set of tasks that match a

given criteria specified by the filter.

/FO    format           Specifies the output format.

Valid values: “TABLE”, “LIST”, “CSV”.

/NH                     Specifies that the “Column Header” should

not be displayed in the output.

Valid only for “TABLE” and “CSV” formats.

/?                      Displays this help message.

Filters:

Filter Name     Valid Operators           Valid Value(s)

———–     —————           ————————–

STATUS          eq, ne                    RUNNING |

NOT RESPONDING | UNKNOWN

IMAGENAME       eq, ne                    Image name

PID             eq, ne, gt, lt, ge, le    PID value

SESSION         eq, ne, gt, lt, ge, le    Session number

SESSIONNAME     eq, ne                    Session name

CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format

of hh:mm:ss.

hh – hours,

mm – minutes, ss – seconds

MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB

USERNAME        eq, ne                    User name in [domain\]user

format

SERVICES        eq, ne                    Service name

WINDOWTITLE     eq, ne                    Window title

MODULES         eq, ne                    DLL name

NOTE: “WINDOWTITLE” and “STATUS” filters are not supported when querying

a remote machine.

Examples:

TASKLIST

TASKLIST /M

TASKLIST /V /FO CSV

TASKLIST /SVC /FO LIST

TASKLIST /M wbem*

TASKLIST /S system /FO LIST

TASKLIST /S system /U domain\username /FO CSV /NH

TASKLIST /S system /U username /P password /FO TABLE /NH

TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”

Back to the top of this page

TIME   (internal command)

Displays or sets the system time.

TIME [/T | time]

Type TIME with no parameters to display the current time setting and a prompt

for a new one.  Press ENTER to keep the same time.

If Command Extensions are enabled the TIME command supports

the /T switch which tells the command to just output the

current time, without prompting for a new time.

Back to the top of this page

TIMEOUT   (Version 6.2.9200.16384)

TIMEOUT [/T] timeout [/NOBREAK]

Description:

This utility accepts a timeout parameter to wait for the specified

time period (in seconds) or until any key is pressed. It also

accepts a parameter to ignore the key press.

Parameter List:

/T        timeout       Specifies the number of seconds to wait.

Valid range is -1 to 99999 seconds.

/NOBREAK                Ignore key presses and wait specified time.

/?                      Displays this help message.

NOTE: A timeout value of -1 means to wait indefinitely for a key press.

Examples:

TIMEOUT /?

TIMEOUT /T 10

TIMEOUT /T 300 /NOBREAK

TIMEOUT /T -1

Back to the top of this page

TITLE   (internal command)

Sets the window title for the command prompt window.

TITLE [string]

string       Specifies the title for the command prompt window.

Back to the top of this page

TRACERPT   (Version 6.2.9200.16384)

Microsoft r TraceRpt.Exe (6.2.9200.16384)

Usage:

TRACERPT <[-l] <value [value […]]>|-rt <session_name [session_name […]]>> [options]

Options:

-?                            Displays context sensitive help.

-config <filename>            Settings file containing command options.

-y                            Answer yes to all questions without prompting.

-f <XML|HTML>                 Report format.

-of <CSV|EVTX|XML>            Dump format, the default is XML.

-en <ANSI|Unicode>            Output file encoding. Only allowed with CSV

output format.

-df <filename>                Microsoft specific counting/reporting schema

file.

-import <filename [filename […]]> Event Schema import file.

-int <filename>               Dump interpreted event structure into

specified file.

-rts                          Report raw timestamp in event trace header.

Can only be used with -o, not -report or

-summary.

-tmf <filename>               Trace Message Format definition file

-tp <value>                   TMF file search path.  Multiple paths can be

used, separated with ‘;’.

-i <value>                    Specifies the provider image path.  The

matching PDB will be located in the Symbol

Server. Multiple paths can be used, separated

with ‘;’.

-pdb <value>                  Specifies the symbol server path.  Multiple

paths can be used, separated with ‘;’.

-gmt                          Convert WPP payload timestamps to GMT time

-rl <value>                   System Report Level from 1 to 5, the default

value is 1.

-summary [filename]           Summary report text file. Default is

summary.txt.

-o [filename]                 Text output file. Default is dumpfile.xml.

-report [filename]            Text output report file. Default is

workload.xml.

-lr                           Less restrictive; use best effort for events

not matching event schema.

-export [filename]            Event Schema export file. Default is

schema.man.

[-l] <value [value […]]>    Event Trace log file to process.

-rt <session_name [session_name […]]> Real-time Event Trace Session data

source.

Examples:

tracerpt logfile1.etl logfile2.etl -o logdump.xml -of XML

tracerpt logfile.etl -o logdmp.xml -of XML -lr -summary logdmp.txt -report logrpt.xml

tracerpt logfile1.etl logfile2.etl -o -report

tracerpt logfile.etl counterfile.blg -report logrpt.xml -df schema.xml

tracerpt -rt “NT Kernel Logger” -o logfile.csv -of CSV

Back to the top of this page

TRACERT   (Version 6.2.9200.16384)

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout]

[-R] [-S srcaddr] [-4] [-6] target_name

Options:

-d                 Do not resolve addresses to hostnames.

-h maximum_hops    Maximum number of hops to search for target.

-j host-list       Loose source route along host-list (IPv4-only).

-w timeout         Wait timeout milliseconds for each reply.

-R                 Trace round-trip path (IPv6-only).

-S srcaddr         Source address to use (IPv6-only).

-4                 Force using IPv4.

-6                 Force using IPv6.

Back to the top of this page

TREE   (Version 6.2.9200.16384)

Graphically displays the folder structure of a drive or path.

TREE [drive:][path] [/F] [/A]

/F   Display the names of the files in each folder.

/A   Use ASCII instead of extended characters.

Back to the top of this page

TSCON   (Version 6.2.9200.16384)

Attaches a user session to a remote desktop session.

TSCON {sessionid | sessionname} [/DEST:sessionname]

[/PASSWORD:pw | /PASSWORD:*] [/V]

sessionid          The ID of the session.

sessionname        The name of the session.

/DEST:sessionname  Connect the session to destination sessionname.

/PASSWORD:pw       Password of user owning identified session.

/V                 Displays information about the actions performed.

Back to the top of this page

TSDISCON   (Version 6.2.9200.16384)

Disconnects a Remote Desktop Services session.

TSDISCON [sessionid | sessionname] [/SERVER:servername] [/V] [/VM]

sessionid           The ID of the session.

sessionname         The name of the session.

/SERVER:servername  Specifies the Remote Desktop Session Host server (default is current).

/V                  Displays information about the actions performed.

/VM                 Disconnects session on server or within virtual machine. The unique ID of the session needs to be specified.

Back to the top of this page

TSKILL   (Version 6.2.9200.16384)

Ends a process.

TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]

processid           Process ID for the process to be terminated.

processname         Process name to be terminated.

/SERVER:servername  Server containing processID (default is current).

/ID or /A must be specified when using processname

and /SERVER

/ID:sessionid       End process running under the specified session.

/A                  End process running under ALL sessions.

/V                  Display information about actions being performed.

Back to the top of this page

TYPE   (internal command)

Displays the contents of a text file or files.

TYPE [drive:][path]filename

Back to the top of this page

TYPEPERF   (Version 6.2.9200.16384)

Microsoft r TypePerf.exe (6.2.9200.16384)

Typeperf writes performance data to the command window or to a log file. To

stop Typeperf, press CTRL+C.

Usage:

TYPEPERF { <counter [counter …]>

| -cf <filename>

| -q [object]

| -qx [object]

} [options]

Parameters:

<counter [counter …]>       Performance counters to monitor.

Options:

-?                            Displays context sensitive help.

-f <CSV|TSV|BIN|SQL>          Output file format. Default is CSV.

-cf <filename>                File containing performance counters to

monitor, one per line.

-si <[[hh:]mm:]ss>            Time between samples. Default is 1 second.

-o <filename>                 Path of output file or SQL database. Default

is STDOUT.

-q [object]                   List installed counters (no instances). To

list counters for one object, include the

object name, such as Processor.

-qx [object]                  List installed counters with instances. To

list counters for one object, include the

object name, such as Processor.

-sc <samples>                 Number of samples to collect. Default is to

sample until CTRL+C.

-config <filename>            Settings file containing command options.

-s <computer_name>            Server to monitor if no server is specified

in the counter path.

-y                            Answer yes to all questions without prompting.

Note:

Counter is the full name of a performance counter in

“\\<Computer>\<Object>(<Instance>)\<Counter>” format,

such as “\\Server1\Processor(0)\% User Time”.

Examples:

typeperf “\Processor(_Total)\% Processor Time”

typeperf -cf counters.txt -si 5 -sc 50 -f TSV -o domain2.tsv

typeperf -qx PhysicalDisk -o counters.txt

Back to the top of this page

TZUTIL   (Version 6.2.9200.16384)

Windows Time Zone Utility

Usage:

TZUTIL </? | /g | /s TimeZoneID[_dstoff] | /l>

Parameters:

/? Displays usage information.

/g Displays the current time zone ID.

/s TimeZoneID[_dstoff]

Sets the current time zone using the specified time zone ID.

The _dstoff suffix disables Daylight Saving Time adjustments

for the time zone (where applicable).

/l Lists all valid time zone IDs and display names. The output will

be:

<display name>

<time zone ID>

Examples:

TZUTIL /g

TZUTIL /s “Pacific Standard Time”

TZUTIL /s “Pacific Standard Time_dstoff”

Remarks:

An exit code of 0 indicates the command completed successfully.

Back to the top of this page

UNLODCTR   (Version 6.2.9200.16384)

UNLODCTR

Removes counter names and explain text for the specified extensible counter.

Usage:

UNLODCTR <driver>

driver is the name of the device driver which is to have its

counter name definitions and explain text removed from the system’s

registry.

UNLODCTR /m:<manifest>

manifest is the name of the manifest file that contains performance

counter definitions. These counters will be removed from local system.

UNLODCTR /g:{ProviderGuid}

ProviderGuid identifies the performance counter provider being unloaded.

UNLODCTR /p:<ProviderName>

ProviderName identifies the performance counter provider being unloaded.

Note: any arguments with spaces in the names must be enclosed within

Double Quotation marks.

Back to the top of this page

VAULTCMD   (Version 6.2.9200.16384)

Creates, displays and deletes stored credentials.

Following commands are supported.Use VaultCmd /<command> /? for further help

VaultCmd /list

VaultCmd /listschema

VaultCmd /listcreds

VaultCmd /addcreds

VaultCmd /deletecreds

VaultCmd /listproperties

VaultCmd /sync

Back to the top of this page

VER   (internal command)

Displays the Windows version.

VER

Back to the top of this page

VERIFY   (internal command)

Tells cmd.exe whether to verify that your files are written correctly to a

disk.

VERIFY [ON | OFF]

Type VERIFY without a parameter to display the current VERIFY setting.

Back to the top of this page

VOL   (internal command)

Displays the disk volume label and serial number, if they exist.

VOL [drive:]

Back to the top of this page

VSSADMIN   (Version 6.2.9200.16384)

vssadmin 1.1 – Volume Shadow Copy Service administrative command-line tool

(C) Copyright 2001-2012 Microsoft Corp.

—- Commands Supported —-

Delete Shadows        – Delete volume shadow copies

List Providers        – List registered volume shadow copy providers

List Shadows          – List existing volume shadow copies

List ShadowStorage    – List volume shadow copy storage associations

List Volumes          – List volumes eligible for shadow copies

List Writers          – List subscribed volume shadow copy writers

Resize ShadowStorage  – Resize a volume shadow copy storage association

Back to the top of this page

W32TM   (Version 6.2.9200.16384)

w32tm [/? | /register | /unregister ]

? – this help screen.

register – register to run as a service and add default

configuration to the registry.

unregister – unregister service and remove all configuration

information from the registry.

w32tm /monitor [/domain:<domain name>]

[/computers:<name>[,<name>[,<name>…]]]

[/threads:<num>] [/ipprotocol:<4|6>] [/nowarn]

domain – specifies which domain to monitor. If no domain name

is given, or neither the domain nor computers option is

specified, the default domain is used. This option may be

used more than once.

computers – monitors the given list of computers. Computer

names are separated by commas, with no spaces. If a name is

prefixed with a ‘*’, it is treated as an AD PDC. This option

may be used more than once.

threads – how many computers to analyze simultaneously. The

default value is 3. Allowed range is 1-50.

ipprotocol – specify the IP protocol to use. The default is

to use whatever is available.

nowarn – skip warning message.

w32tm /ntte <NT time epoch>

Convert a NT system time, in (10ˆ-7)s intervals from 0h 1-Jan 1601,

into a readable format.

w32tm /ntpte <NTP time epoch>

Convert an NTP time, in (2ˆ-32)s intervals from 0h 1-Jan 1900, into

a readable format.

w32tm /resync [/computer:<computer>] [/nowait] [/rediscover] [/soft]

Tell a computer that it should resynchronize its clock as soon

as possible, throwing out all accumulated error statistics.

computer:<computer> – computer that should resync. If not

specified, the local computer will resync.

nowait – do not wait for the resync to occur;

return immediately. Otherwise, wait for the resync to

complete before returning.

rediscover – redetect the network configuration and rediscover

network sources, then resynchronize.

soft – resync utilizing existing error statistics. Not useful,

provided for compatibility.

w32tm /stripchart /computer:<target> [/period:<refresh>]

[/dataonly] [/samples:<count>] [/packetinfo] [/ipprotocol:<4|6>]

Display a strip chart of the offset between this computer and

another computer.

computer:<target> – the computer to measure the offset against.

period:<refresh> – the time between samples, in seconds. The

default is 2s

dataonly – display only the data, no graphics.

samples:<count> – collect <count> samples, then stop. If not

specified, samples will be collected until Ctrl-C is pressed.

packetinfo – print out NTP packet response message.

ipprotocol – specify the IP protocol to use. The default is

to use whatever is available.

w32tm /config [/computer:<target>] [/update]

[/manualpeerlist:<peers>] [/syncfromflags:<source>]

[/LocalClockDispersion:<seconds>]

[/reliable:(YES|NO)]

[/largephaseoffset:<milliseconds>]

computer:<target> – adjusts the configuration of <target>. If not

specified, the default is the local computer.

update – notifies the time service that the configuration has

changed, causing the changes to take effect.

manualpeerlist:<peers> – sets the manual peer list to <peers>,

which is a space-delimited list of DNS and/or IP addresses.

When specifying multiple peers, this switch must be enclosed in

quotes.

syncfromflags:<source> – sets what sources the NTP client should

sync from. <source> should be a comma separated list of

these keywords (not case sensitive):

MANUAL – sync from peers in the manual peer list

DOMHIER – sync from an AD DC in the domain hierarchy

NO – sync from none

ALL – sync from both manual and domain peers

LocalClockDispersion:<seconds> – configures the accuracy of the

internal clock that w32time will assume when it can’t acquire

time from its configured sources.

reliable:(YES|NO) – set whether this machine is a reliable time source.

This setting is only meaningful on domain controllers.

YES – this machine is a reliable time service

NO – this machine is not a reliable time service

largephaseoffset:<milliseconds> – sets the time difference between

local and network time which w32time will consider a spike.

w32tm /tz

Display the current time zone settings.

w32tm /dumpreg [/subkey:<key>] [/computer:<target>]

Display the values associated with a given registry key.

The default key is HKLM\System\CurrentControlSet\Services\W32Time

(the root key for the time service).

subkey:<key> – displays the values associated with subkey <key>

of the default key.

computer:<target> – queries registry settings for computer <target>.

w32tm /query [/computer:<target>]

{/source | /configuration | /peers | /status}

[/verbose]

Display a computer’s windows time service information.

computer:<target> – query the information of <target>. If not

specified, the default is the local computer.

source: display the time source.

configuration: display the configuration of run-time and where

the setting comes from. In verbose mode, display the undefined

or unused setting too.

peers: display a list of peers and their status.

status: display windows time service status.

verbose: set the verbose mode to display more information.

w32tm /debug {/disable | {/enable /file:<name> /size:<bytes> /entries:<value>

[/truncate]}}

Enable or disable local computer windows time service private log.

disable: disable the private log.

enable: enable the private log.

file:<name> – specify the absolute filename.

size:<bytes> – specify the maximum size for circular logging.

entries:<value> – contains a list of flags, specified by number and

separated by commas, that specify the types of information that

should be logged. Valid numbers are 0 to 300. A range of numbers

is valid, in addition to single numbers, such as 0-100,103,106.

Value 0-300 is for logging all information.

truncate: truncate the file if it exists.

Back to the top of this page

WAITFOR   (Version 6.2.9200.16384)

WaitFor has two ways of working:

Syntax 1: to send a signal

WAITFOR [/S system [/U user [/P [password]]]] /SI signal

Syntax 2: to wait for a signal

WAITFOR [/T timeout] signal

Description:

This tool sends, or waits for, a signal on a system. When /S is not

specified, the signal will be broadcasted to all the systems in a

domain. If /S is specified, then the signal will be sent only

to the specified system.

Parameter List:

/S     system         Specifies remote system to send signal to.

/U     [domain\]user  Specifies the user context under which

the command should execute.

/P     [password]     Specifies the password for the given user context.

/SI                   Sends the signal across the net to waiting machines

/T     timeout        Number of seconds to wait for signal. Valid range

is 1 – 99999. Default is to wait forever for signal.

signal                The name of the signal to wait for or to send.

/?                    Displays this help message.

NOTE: A system can wait for multiple unique signal names.

The signal name cannot exceed 225 characters and cannot

contain characters other than a-z, A-Z, 0-9 and ASCII

characters in the range 128-255.

Examples:

WAITFOR /?

WAITFOR SetupReady

WAITFOR CopyDone /T 100

WAITFOR /SI SetupReady

WAITFOR /S system  /U user /P password /SI CopyDone

Back to the top of this page

WBADMIN   (Version 6.2.9200.16384)

wbadmin 1.0 – Backup command-line tool

(C) Copyright 2012 Microsoft Corporation. All rights reserved.

—- Commands Supported —-

START BACKUP              — Runs a one-time backup.

STOP JOB                  — Stops the currently running backup or recovery

operation.

GET VERSIONS              — Lists details of backups that can be recovered

from a specified location.

GET ITEMS                 — Lists items contained in a backup.

GET STATUS                — Reports the status of the currently running

operation.

Back to the top of this page

WECUTIL   (Version 6.2.9200.16384)

Windows Event Collector Utility

Enables you to create and manage subscriptions to events forwarded from remote

event sources that support WS-Management protocol.

Usage:

You can use either the short (i.e. es, /f) or long (i.e. enum-subscription, /format)

version of the command and option names. Commands, options and option values are

case-insensitive.

(ALL UPPER-CASE = VARIABLE)

wecutil COMMAND [ARGUMENT [ARGUMENT] …] [/OPTION:VALUE [/OPTION:VALUE] …]

Commands:

es (enum-subscription)               List existent subscriptions.

gs (get-subscription)                Get subscription configuration.

gr (get-subscriptionruntimestatus)   Get subscription runtime status.

ss (set-subscription)                Set subscription configuration.

cs (create-subscription)             Create new subscription.

ds (delete-subscription)             Delete subscription.

rs (retry-subscription)              Retry subscription.

qc (quick-config)                    Configure Windows Event Collector service.

Common options:

/h|? (help)

Get general help for the wecutil program.

wecutil { -help | -h | -? }

For arguments and options, see usage of specific commands:

wecutil COMMAND -?

Back to the top of this page

WEVTUTIL   (Version 6.2.9200.16384)

Windows Events Command Line Utility.

Enables you to retrieve information about event logs and publishers, install

and uninstall event manifests, run queries, and export, archive, and clear logs.

Usage:

You can use either the short (for example, ep /uni) or long (for example,

enum-publishers /unicode) version of the command and option names. Commands,

options and option values are not case-sensitive.

Variables are noted in all upper-case.

wevtutil COMMAND [ARGUMENT [ARGUMENT] …] [/OPTION:VALUE [/OPTION:VALUE] …]

Commands:

el | enum-logs          List log names.

gl | get-log            Get log configuration information.

sl | set-log            Modify configuration of a log.

ep | enum-publishers    List event publishers.

gp | get-publisher      Get publisher configuration information.

im | install-manifest   Install event publishers and logs from manifest.

um | uninstall-manifest Uninstall event publishers and logs from manifest.

qe | query-events       Query events from a log or log file.

gli | get-log-info      Get log status information.

epl | export-log        Export a log.

al | archive-log        Archive an exported log.

cl | clear-log          Clear a log.

Common options:

/{r | remote}:VALUE

If specified, run the command on a remote computer. VALUE is the remote computer

name. Options /im and /um do not support remote operations.

/{u | username}:VALUE

Specify a different user to log on to the remote computer. VALUE is a user name

in the form domain\user or user. Only applicable when option /r is specified.

/{p | password}:VALUE

Password for the specified user. If not specified, or if VALUE is “*”, the user

will be prompted to enter a password. Only applicable when the /u option is

specified.

/{a | authentication}:[Default|Negotiate|Kerberos|NTLM]

Authentication type for connecting to remote computer. The default is Negotiate.

/{uni | unicode}:[true|false]

Display output in Unicode. If true, then output is in Unicode.

To learn more about a specific command, type the following:

wevtutil COMMAND /?

Back to the top of this page

WHERE   (Version 6.2.9200.16384)

WHERE [/R dir] [/Q] [/F] [/T] pattern…

Description:

Displays the location of files that match the search pattern.

By default, the search is done along the current directory and

in the paths specified by the PATH environment variable.

Parameter List:

/R       Recursively searches and displays the files that match the

given pattern starting from the specified directory.

/Q       Returns only the exit code, without displaying the list

of matched files. (Quiet mode)

/F       Displays the matched filename in double quotes.

/T       Displays the file size, last modified date and time for all

matched files.

pattern  Specifies the search pattern for the files to match.

Wildcards * and ? can be used in the pattern. The

“$env:pattern” and “path:pattern” formats can also be

specified, where “env” is an environment variable and

the search is done in the specified paths of the “env”

environment variable. These formats should not be used

with /R. The search is also done by appending the

extensions of the PATHEXT variable to the pattern.

/?      Displays this help message.

NOTE: The tool returns an error level of 0 if the search is

successful, of 1 if the search is unsuccessful and

of 2 for failures or errors.

Examples:

WHERE /?

WHERE myfilename1 myfile????.*

WHERE $windir:*.*

WHERE /R c:\windows *.exe *.dll *.bat

WHERE /Q ??.???

WHERE “c:\windows;c:\windows\system32:*.dll”

WHERE /F /T *.dll

Back to the top of this page

WHOAMI   (Version 6.2.9200.16384)

WhoAmI has three ways of working:

Syntax 1:

WHOAMI [/UPN | /FQDN | /LOGONID]

Syntax 2:

WHOAMI { [/USER] [/GROUPS] [/CLAIMS] [/PRIV] } [/FO format] [/NH]

Syntax 3:

WHOAMI /ALL [/FO format] [/NH]

Description:

This utility can be used to get user name and group information

along with the respective security identifiers (SID), claims,

privileges, logon identifier (logon ID) for the current user

on the local system. I.e. who is the current logged on user?

If no switch is specified, tool displays the user name in NTLM

format (domain\username).

Parameter List:

/UPN                    Displays the user name in User Principal

Name (UPN) format.

/FQDN                   Displays the user name in Fully Qualified

Distinguished Name (FQDN) format.

/USER                   Displays information on the current user

along with the security identifier (SID).

/GROUPS                 Displays group membership for current user,

type of account, security identifiers (SID)

and attributes.

/CLAIMS                 Displays claims for current user,

including claim name, flags, type and values.

/PRIV                   Displays security privileges of the current

user.

/LOGONID                Displays the logon ID of the current user.

/ALL                    Displays the current user name, groups

belonged to along with the security

identifiers (SID), claims and privileges for

the current user access token.

/FO       format        Specifies the output format to be displayed.

Valid values are TABLE, LIST, CSV.

Column headings are not displayed with CSV

format. Default format is TABLE.

/NH                     Specifies that the column header should not

be displayed in the output. This is

valid only for TABLE and CSV formats.

/?                      Displays this help message.

Examples:

WHOAMI

WHOAMI /UPN

WHOAMI /FQDN

WHOAMI /LOGONID

WHOAMI /USER

WHOAMI /USER /FO LIST

WHOAMI /USER /FO CSV

WHOAMI /GROUPS

WHOAMI /GROUPS /FO CSV /NH

WHOAMI /CLAIMS

WHOAMI /CLAIMS /FO LIST

WHOAMI /PRIV

WHOAMI /PRIV /FO TABLE

WHOAMI /USER /GROUPS

WHOAMI /USER /GROUPS /CLAIMS /PRIV

WHOAMI /ALL

WHOAMI /ALL /FO LIST

WHOAMI /ALL /FO CSV /NH

WHOAMI /?

Back to the top of this page

WINRM

Windows Remote Management Command Line Tool

Windows Remote Management (WinRM) is the Microsoft implementation of

the WS-Management protocol which provides a secure way to communicate

with local and remote computers using web services.

Usage:

winrm OPERATION RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] …]

[@{KEY=VALUE[;KEY=VALUE]…}]

For help on a specific operation:

winrm g[et] -?        Retrieving management information.

winrm s[et] -?        Modifying management information.

winrm c[reate] -?     Creating new instances of management resources.

winrm d[elete] -?     Remove an instance of a management resource.

winrm e[numerate] -?  List all instances of a management resource.

winrm i[nvoke] -?     Executes a method on a management resource.

winrm id[entify] -?   Determines if a WS-Management implementation is

running on the remote machine.

winrm quickconfig -?  Configures this machine to accept WS-Management

requests from other machines.

winrm configSDDL -?   Modify an existing security descriptor for a URI.

winrm helpmsg -?      Displays error message for the error code.

For help on related topics:

winrm help uris       How to construct resource URIs.

winrm help aliases    Abbreviations for URIs.

winrm help config     Configuring WinRM client and service settings.

winrm help certmapping Configuring client certificate access.

winrm help remoting   How to access remote machines.

winrm help auth       Providing credentials for remote access.

winrm help input      Providing input to create, set, and invoke.

winrm help switches   Other switches such as formatting, options, etc.

winrm help proxy      Providing proxy information.

Back to the top of this page

WINRS   (Version 6.2.9200.16384)

USAGE

=====

(ALL UPPER-CASE = value that must be supplied by user.)

winrs [-/SWITCH[:VALUE]] COMMAND

COMMAND – Any string that can be executed as a command in the cmd.exe shell.

SWITCHES

========

(All switches accept both short form or long form. For example both -r and

-remote are valid.)

-r[emote]:ENDPOINT      – The target endpoint using a NetBIOS name or the standard connection URL: [TRANSPORT://]TARGET[:PORT]. If not specified

-r:localhost is used.

-un[encrypted]          – Specify that the messages to the remote shell will not be encrypted. This is useful for troubleshooting, or when the network traffic is already encrypted using ipsec, or when physical security is enforced. By default the messages are encrypted using Kerberos or NTLM keys. This switch is ignored when HTTPS transport is selected.

-u[sername]:USERNAME    – Specify username on command line. If not specified the tool will use Negotiate authentication or prompt for the name.

If -username is specified, -password must be as well.

-p[assword]:PASSWORD    – Specify password on command line. If -password is not specified but -username is the tool will prompt for the password. If -password is specified, -user must be specified as well.

-t[imeout]:SECONDS      – This option is deprecated.

-d[irectory]:PATH       – Specifies starting directory for remote shell. If not specified the remote shell will start in the user’s home directory defined by the environment variable %USERPROFILE%.

-env[ironment]:STRING=VALUE   – Specifies a single environment variable to be set when shell starts, which allows changing default environment for shell. Multiple occurrences of this switch must be used to specify multiple environment variables.

-noe[cho]               – Specifies that echo should be disabled. This may be necessary to ensure that user’s answers to remote prompts are not displayed locally. By default echo is “on”.

-nop[rofile]            – Specifies that the user’s profile should not be loaded. By default the server will attempt to load the user profile. If the remote user is not a local administrator on the target system then this option will be required (the default will result in error).

-a[llow]d[elegate]      – Specifies that the user’s credentials can be used to access a remote share, for example, found on a different machine than the target endpoint.

-comp[ression]          – Turn on compression.  Older installations on remote machines may not support compression so it is off by default.

-[use]ssl               – Use an SSL connection when using a remote endpoint.  Specifying this instead of the transport “https:” will use the default WinRM default port.

-?                      – Help

To terminate the remote command the user can type Ctrl-C or Ctrl-Break, which will be sent to the remote shell. The second Ctrl-C will force termination of winrs.exe.

To manage active remote shells or WinRS configuration, use the WinRM tool.  The URI alias to manage active shells is shell/cmd.  The URI alias for WinRS configuration is winrm/config/winrs.  Example usage can be found in the WinRM tool by typing “WinRM -?”.

Examples:

winrs -r:https://myserver.com command

winrs -r:myserver.com -usessl command

winrs -r:myserver command

winrs -r:http://127.0.0.1 command

winrs -r:http://169.51.2.101:80 -unencrypted command

winrs -r:https://%5B::FFFF:129.144.52.38] command

winrs -r:http://%5B1080:0:0:0:8:800:200C:417A%5D:80 command

winrs -r:https://myserver.com -t:600 -u:administrator -p:$%fgh7 ipconfig

winrs -r:myserver -env:PATH=ˆ%PATHˆ%;c:\tools -env:TEMP=d:\temp config.cmd

winrs -r:myserver netdom join myserver /domain:testdomain /userd:johns /passwordd:$%fgh789

winrs -r:myserver -ad -u:administrator -p:$%fgh7 dir \\anotherserver\share

Back to the top of this page

WMIC   (Version 6.2.9200.16384)

[global switches] <command>

The following global switches are available:

/NAMESPACE           Path for the namespace the alias operate against.

/ROLE                Path for the role containing the alias definitions.

/NODE                Servers the alias will operate against.

/IMPLEVEL            Client impersonation level.

/AUTHLEVEL           Client authentication level.

/LOCALE              Language id the client should use.

/PRIVILEGES          Enable or disable all privileges.

/TRACE               Outputs debugging information to stderr.

/RECORD              Logs all input commands and output.

/INTERACTIVE         Sets or resets the interactive mode.

/FAILFAST            Sets or resets the FailFast mode.

/USER                User to be used during the session.

/PASSWORD            Password to be used for session login.

/OUTPUT              Specifies the mode for output redirection.

/APPEND              Specifies the mode for output redirection.

/AGGREGATE           Sets or resets aggregate mode.

/AUTHORITY           Specifies the <authority type> for the connection.

/?[:<BRIEF|FULL>]    Usage information.

For more information on a specific global switch, type: switch-name /?

The following alias/es are available in the current role:

ALIAS                    – Access to the aliases available on the local system

BASEBOARD                – Base board (also known as a motherboard or system board) management.

BIOS                     – Basic input/output services (BIOS) management.

BOOTCONFIG               – Boot configuration management.

CDROM                    – CD-ROM management.

COMPUTERSYSTEM           – Computer system management.

CPU                      – CPU management.

CSPRODUCT                – Computer system product information from SMBIOS.

DATAFILE                 – DataFile Management.

DCOMAPP                  – DCOM Application management.

DESKTOP                  – User’s Desktop management.

DESKTOPMONITOR           – Desktop Monitor management.

DEVICEMEMORYADDRESS      – Device memory addresses management.

DISKDRIVE                – Physical disk drive management.

DISKQUOTA                – Disk space usage for NTFS volumes.

DMACHANNEL               – Direct memory access (DMA) channel management.

ENVIRONMENT              – System environment settings management.

FSDIR                    – Filesystem directory entry management.

GROUP                    – Group account management.

IDECONTROLLER            – IDE Controller management.

IRQ                      – Interrupt request line (IRQ) management.

JOB                      – Provides  access to the jobs scheduled using the schedule service.

LOADORDER                – Management of system services that define execution dependencies.

LOGICALDISK              – Local storage device management.

LOGON                    – LOGON Sessions.

MEMCACHE                 – Cache memory management.

MEMORYCHIP               – Memory chip information.

MEMPHYSICAL              – Computer system’s physical memory management.

NETCLIENT                – Network Client management.

NETLOGIN                 – Network login information (of a particular user) management.

NETPROTOCOL              – Protocols (and their network characteristics) management.

NETUSE                   – Active network connection management.

NIC                      – Network Interface Controller (NIC) management.

NICCONFIG                – Network adapter management.

NTDOMAIN                 – NT Domain management.

NTEVENT                  – Entries in the NT Event Log.

NTEVENTLOG               – NT eventlog file management.

ONBOARDDEVICE            – Management of common adapter devices built into the motherboard (system board).

OS                       – Installed Operating System/s management.

PAGEFILE                 – Virtual memory file swapping management.

PAGEFILESET              – Page file settings management.

PARTITION                – Management of partitioned areas of a physical disk.

PORT                     – I/O port management.

PORTCONNECTOR            – Physical connection ports management.

PRINTER                  – Printer device management.

PRINTERCONFIG            – Printer device configuration management.

PRINTJOB                 – Print job management.

PROCESS                  – Process management.

PRODUCT                  – Installation package task management.

QFE                      – Quick Fix Engineering.

QUOTASETTING             – Setting information for disk quotas on a volume.

RDACCOUNT                – Remote Desktop connection permission management.

RDNIC                    – Remote Desktop connection management on a specific network adapter.

RDPERMISSIONS            – Permissions to a specific Remote Desktop connection.

RDTOGGLE                 – Turning Remote Desktop listener on or off remotely.

RECOVEROS                – Information that will be gathered from memory when the operating system fails.

REGISTRY                 – Computer system registry management.

SCSICONTROLLER           – SCSI Controller management.

SERVER                   – Server information management.

SERVICE                  – Service application management.

SHADOWCOPY               – Shadow copy management.

SHADOWSTORAGE            – Shadow copy storage area management.

SHARE                    – Shared resource management.

SOFTWAREELEMENT          – Management of the  elements of a software product installed on a system.

SOFTWAREFEATURE          – Management of software product subsets of SoftwareElement.

SOUNDDEV                 – Sound Device management.

STARTUP                  – Management of commands that run automatically when users log onto the computer system.

SYSACCOUNT               – System account management.

SYSDRIVER                – Management of the system driver for a base service.

SYSTEMENCLOSURE          – Physical system enclosure management.

SYSTEMSLOT               – Management of physical connection points including ports,  slots and peripherals, and proprietary connections points.

TAPEDRIVE                – Tape drive management.

TEMPERATURE              – Data management of a temperature sensor (electronic thermometer).

TIMEZONE                 – Time zone data management.

UPS                      – Uninterruptible power supply (UPS) management.

USERACCOUNT              – User account management.

VOLTAGE                  – Voltage sensor (electronic voltmeter) data management.

VOLUME                   – Local storage volume management.

VOLUMEQUOTASETTING       – Associates the disk quota setting with a specific disk volume.

VOLUMEUSERQUOTA          – Per user storage volume quota management.

WMISET                   – WMI service operational parameters management.

For more information on a specific alias, type: alias /?

CLASS     – Escapes to full WMI schema.

PATH      – Escapes to full WMI object paths.

CONTEXT   – Displays the state of all the global switches.

QUIT/EXIT – Exits the program.

For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /?

Back to the top of this page

XCOPY   (Version 6.2.9200.16384)

Copies files and directory trees.

XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W]

[/C] [/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U]

[/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] [/B] [/J]

[/EXCLUDE:file1[+file2][+file3]…]

source       Specifies the file(s) to copy.

destination  Specifies the location and/or name of new files.

/A           Copies only files with the archive attribute set,

doesn’t change the attribute.

/M           Copies only files with the archive attribute set,

turns off the archive attribute.

/D:m-d-y     Copies files changed on or after the specified date.

If no date is given, copies only those files whose

source time is newer than the destination time.

/EXCLUDE:file1[+file2][+file3]…

Specifies a list of files containing strings.  Each string

should be in a separate line in the files.  When any of the

strings match any part of the absolute path of the file to be

copied, that file will be excluded from being copied.  For

example, specifying a string like \obj\ or .obj will exclude

all files underneath the directory obj or all files with the

.obj extension respectively.

/P           Prompts you before creating each destination file.

/S           Copies directories and subdirectories except empty ones.

/E           Copies directories and subdirectories, including empty ones.

Same as /S /E. May be used to modify /T.

/V           Verifies the size of each new file.

/W           Prompts you to press a key before copying.

/C           Continues copying even if errors occur.

/I           If destination does not exist and copying more than one file,

assumes that destination must be a directory.

/Q           Does not display file names while copying.

/F           Displays full source and destination file names while copying.

/L           Displays files that would be copied.

/G           Allows the copying of encrypted files to destination that does

not support encryption.

/H           Copies hidden and system files also.

/R           Overwrites read-only files.

/T           Creates directory structure, but does not copy files. Does not

include empty directories or subdirectories. /T /E includes

empty directories and subdirectories.

/U           Copies only files that already exist in destination.

/K           Copies attributes. Normal Xcopy will reset read-only attributes.

/N           Copies using the generated short names.

/O           Copies file ownership and ACL information.

/X           Copies file audit settings (implies /O).

/Y           Suppresses prompting to confirm you want to overwrite an

existing destination file.

/-Y          Causes prompting to confirm you want to overwrite an

existing destination file.

/Z           Copies networked files in restartable mode.

/B           Copies the Symbolic Link itself versus the target of the link.

/J           Copies using unbuffered I/O. Recommended for very large files.

The switch /Y may be preset in the COPYCMD environment variable.

This may be overridden with /-Y on the command line.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s