Top 10 Windows Built-In Command Line Tools

For many Windows users, the thought of using the Command Prompt is either a scary experience or something that they will never need. But for some, the command prompt is a powerful tool that can be far more useful than many graphical tools available in Windows.

Being a System Administrator, I constantly use the command prompt, mostly because I access systems remotely and many tasks can be performed quickly with out the graphics over head (even though connecting via Terminal Server is very convenient).

So if you are an avid user of the command line, here are my top 10 built-in (non third party) command line tools for XP, Vista and WIndows server versions (remember these commands are not your typical tools, such as find, copy, move, dir, etc..).

1 - systeminfo - Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax: SYSTEMINFO /S system /U user

2 - ipconfig - This tool may be most useful tool for viewing and troubleshooting TCP/IP problems. It's capability includes release or renew an adapter IP Address, display and flush DNS cache, re-register the system name in DNS. WIth Vista and some server versions, ipconfig includes support for IPv6.

Some examples when usinging ipconfig.

• To view all TCP/IP information, use: ipconfig /all
• To view the local DNS cache, use: ipconfig /displaydns
• To delete the contents in the local DNS cache, use: ipconfig /flushdns

3 - tasklist and taskkill - If you are used to Windows Task Manager, then you'll find tasklist very easy to use. This tool displays a list of currently running processes, including image name, PID (Process ID) and memory usage on local or remote machines. Using the /V switch displays more information in verbose mode that includes, CPU Time, user name, and modules. Tasklist includes a filter option to display a set of task based on the criteria specified. But the best use of the filter is using it to display programs running inside svchost.exe process.

Of course, there will be times when a process needs to be killed and taskkill can be used to terminate those trouble processes. A single or multiple processes can be killed using the PID (/PID ) or image name (/IM ). Here are two examples for doing just that:

TASKKILL /IM notepad.exe
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T

Both tasklist and taskkill can connect to remote systems using the /S (system name) /U (user name) switches.

4 - netstat - Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In additon to the above info, you can view Ethernet statistics, and resolve connecting host IP Addresses to a fully qualified domain name. I usually run the netstat command using the -a (displays all connection info), -n (sorts in numerical form) and -b (displays executable name) switches.

5 - type - A lesser known tool to those who don't work with the command prompt. For Administrators, the type command is the perfect tool for viewing text files. But what many people don't know about the type tool, is it's capability to read multiple files at once. For example to view multiple text files, just separate each file with a space:

type firstfile.txt secondfile.txt thirdfile.txt

For files that are large, you can control text scrolling using the more command.

6 - net command - Although this tool is more known as a command, the net command is really like a power drill with different bits and is used to update, fix, or view the network or network settings.

It is mostly used for viewing (only services that are started), stopping and starting services:

• net stop server
  
• net start server
• net start (display running services)

and for connecting (mapping) and disconnecting with shared network drives:

• net use m: \\myserver\sharename
  
• net use m: \\myserver\sharename /delete
  

Other commands used with net command are, accounts (manage user accounts), net print (manage print jobs), and net share (manage shares).

Below are all the options that can be used with the net command.

[ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |HELPMSG | LOCALGROUP | PAUSE | PRINT | SESSION | SHARE | START |STATISTICS | STOP | TIME | USE | USER | VIEW ]

To display the complete syntax for each command, just type net help followed by the command - net help use .

7 - nslookup - With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers.

Nslookup can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:

To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.

Don't let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:

set ds (displays detailed debugging information of behind the scenes communication when resolving an host or IP Address).

set domain (sets the default domain to use when resolving, so you don't need to type the fully qualified name each time).

set type (sets the query record type that will be returned, such as A, MX, NS)

server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)

To exit out of interactive mode, type exit .

8 - ping and tracert - These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.

To ping a system just type at the prompt: ping www.google.com. By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to hostname (-a ).

To use tracert, type at the prompt: tracert www.google.com. You can force tracert to not resolve address to hostnames by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.

9 - gpresult - Used mostly in environments that implement group poicies, gpresults (Group Policy Results) verifies all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.

10 - netsh - Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. It capabilities include:

• Configure interfaces
• Configure routing protocols
• Configure filters
• Configure routes
• Configure remote access behavior for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
• Display the configuration of a currently running router on any computer

Some examples of what you can do with netsh:

• Enable or disable Windows firewall:

netsh firewall set opmode disable

netsh firewall set opmode disable

• Enable or disable ICMP Echo Request (for pinging) in Windows firewall:

netsh firewall set icmpsetting 8 enable

netsh firewall set icmpsetting 8 disable

• Configure your NIC to automatically obtain an IP address from a DHCP server:

netsh interface ip set address "Local Area Connection" dhcp

(For the above command, if your NIC is named something else, use netsh interface ip show config and replace the name at Local Area Connection).

As you can see netsh can do alot. Instead of re-inventing the wheel, check out the following Microsoft article for more info on netsh.

The use of Windows command line tools can be a powerful alternative when only a command prompt is available. I'm sure there are plenty more commands that I have not mention.

Let us know what your favorite command line tool is and leave a comment below.