DOS COMMANDS SYNTAX 1, TREASURE--> DOWNLOAD
| 1). ADDUSERS = Add or list users to/from a CSV file... |
|---|
| Automate the creation of a large number of users Syntax Create Users: AddUsers /c filename [/s:x] [/?] Domain Password_options Dump to file: AddUsers /d{:u} filename [/s:x] [/?] Domain Password_options Erase Users: AddUsers /e filename [/s:x] [/?] Domain Password_options key Filename - The comma-delimited file that AddUsers uses for data. /s:x - Change the delimiter character used in filename to x. e.g. /s:~ would make the delimiter "~" Domain - Query the Primary Domain Controller (PDC) of domain. You can also use \\Servername to specify the machine where user accounts are created or read. AddUsers will use the local computer by default (if you do not specify Domain) /c - Create user accounts, local groups, and global groups as specified by filename. /d{:u} - Dump user accounts, local groups, and global groups to filename. The (:u) is an optional switch that causes current accounts to be written to the specified file in Unicode text format. Choosing to dump current user accounts does not save the account's passwords or any security information for the accounts. Note: Password information is not saved in a user account dump and if you use the same file to create accounts, all passwords of newly created accounts will be empty. To back up security information for accounts, use a Tape Backup. /e - Erase the user accounts specified in the file name. CAUTION: Be careful when erasing user accounts, as it is not possible to recreate an account with the same SID. This option will not erase built-in accounts. Password_options /p: - Set account creation options, used along with any combination of the following: * l - Users do not have to change passwords at next logon. * c - Users cannot change passwords. * e - Passwords never expire. (implies l option) * d - Accounts disabled. By default, all created users are required to change their password at logon. Example Create a comma-delimited text file, which contains the new users to be created. Following the Syntax as follows: [Users] User Name,Full name, Password, Description, HomeDrive, Homepath, Profile, Script e.g. [User] jimmye,James Edward Phillip II,,,,,, alexd,Alex Denuur,,,E:\,E:\users\alexd,, ronj,Ron Jarook,ChangeThis,,E:\,E:\users\ronj,, sarahs,Sarah Smith,,,,,, u0123,Mike Olarte,,,,,, Save the file as C:\Users.txt and execute the command AddUsers MyDomain /c c:\Users.txt /p:e |
| 2). ARP = Address Resolution Protocol... |
|---|
| ARP - Address Resolution Protocol Display and modify the IP-to-Physical address translation tables used by address resolution protocol. Syntax View the contents of the local ARP cache table ARP -a [ip_addr] [-N if_addr] Add a static Arp entry for frequent accessed hosts ARP -s ip_addr eth_addr [if_addr] Delete an entry ARP -d ip_addr [if_addr] Key -a Display current ARP entries. May include more than one network interface. If ip_addr is specified, the IP and Physical addresses for only the specified computer are displayed. -g Same as -a. -N if_addr Display the ARP entries for the network interface specified by if_addr. -d ip_addr Delete the host specified by ip_addr. -d * will delete all hosts. -s Add the host and associates the Internet address ip_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies a physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. If two hosts on the same sub-net cannot ping each other successfully, try running ARP -a to list the addresses on each computer to see if they have the correct MAC addresses. A host's MAC address can be checked using IPCONFIG. If another host with a duplicate IP address exists on the network, the ARP cache may have had the MAC address for the other computer placed in it. ARP -d is used to delete an entry that may be incorrect. Examples Display the ARP cache tables for all interfaces: C:\> arp -a Display the ARP cache table for the interface on IP address 10.1.4.99: C:\> arp -a -N 10.1.4.99 Add a static ARP cache entry on IP addr 10.1.4.77 to the physical address 00-AA-21-4A-2F-9A: C:\> arp -s 10.1.4.77 00-AA-21-4A-2F-9A |
| 3). ASSOC = Change file extension associations... |
|---|
| Display or change the association between a file extension and a fileType Syntax ASSOC .ext = [fileType] ASSOC ASSOC .ext ASSOC .ext = Key .ext : The file extension fileType : The type of file A file extension is the last few characters in a FileName after the period. So a file called JANUARY.HTML has the file extension .HTML The File extension is used by Windows NT to determine the type of information stored in the file and therefore which application(s) will be able to display the information in the file. File extensions are not case sensitive and are not limited to 3 characters. More than one file extension may be associated with the same File Type. e.g. both the extension .JPG and the extension .JPEG may be associated with the File Type "jpegfile" At any one time a given file extension may only be associated with one File Type. e.g. If you change the extension .JPG so it is associated with the File Type "txtfile" then it's normal association with "jpegfile" will disappear. Removing the association to "txtfile" does not restore the association to "jpegfile" File Types can be displayed in the Windows Explorer GUI: [View, Options, File Types] however the spelling is usually different to that expected by the ASSOC command e.g. the File Type "txtfile" is displayed in the GUI as "Text Document"and "jpegfile" is displayed as "image/jpeg" The command ASSOC followed by just a file extension will display the current File Type for that extension. ASSOC without any parameters will display all the current file associations. ASSOC with ".ext=" will delete the association for that file extension. Did you leave the Always Use This Program To Open This File option turned on? To change it back so it prompts you to specify a program each time, just delete the association for that file type ASSOC .ext= [where .ext is the file extension]. Now when you double-click on a file of that type, the system will ask you what program you want to use. Using the ASSOC command will edit values stored in the registry at HKey_Classes_Root\. Therefore it's possible to use registry permissions to protect a file extension and prevent any file association changes. Examples: Viewing file associations: ASSOC .txt ASSOC .doc ASSOC >backup.txt Editing file associations: ASSOC .txt=txtfile ASSOC .DIC=txtfile ASSOC .html=Htmlfile Deleting a file association: ASSOC .html= Repair .REG and .EXE file associations: ASSOC .EXE=exefile ASSOC .REG=regfile Digging through CLASSES_ROOT entries often reveals more than one shell for the same application, for example the Apple Quick Time player has two entries, one to "open" (which gives an annoying nag screen) and one to just "play" the QT file: [HKEY_CLASSES_ROOT\MOVFile\shell\open] and [play] In cases like this you can change the default action e.g. [HKEY_CLASSES_ROOT\MOVFile\shell] @="play" |
| 4). ASSOCIAT = One step file association... |
|---|
| One step file association. This utility does the job of both ASSOC and FTYPE, in one step. ASSOCIATE assigns an extension directly with an executable application. This is done by automatically adding a new FileType to the system registry. Syntax ASSOCIATE .ext filename [/q /d /f] Key .ext : Extension to be associated. filename : Executable program to associate .ext with. /q : Quiet - Suppress interactive prompts. /f : Force - Force overwrite or delete without questions. /d : Delete - Delete the association. A file extension is the last few characters in a FileName after the period. So a file called JANUARY.HTML has the file extension .HTML The File extension is used by Windows NT to determine the type of information stored in the file and therefore which application(s) will be able to display the information in the file. File extensions are not case sensitive and are not limited to 3 characters. Example: adding a File Association To add the File Type "SQLfile"=Notepad.exe and also set the File Association of .SQL="SQLfile" run this command: ASSOCIATE .SQL Notepad.exe Example: Removing a File Association ASSOCIATE .SQL /d Note that /d will delete the File Association but will NOT delete the File Type. File types created by Associate.exe are always given a name in the form xxxfile, where xxx is the file extension. |
| 5). ATTRIB = Change file attributes... |
|---|
| Display or change file attributes. Find Filenames. Syntax ATTRIB [ + attribute | - attribute ] [pathname] [/S [/D]] Key + : Turn an attribute ON - : Clear an attribute OFF pathname : Drive and/or filename e.g. C:\*.txt /S : Search the pathname including all subfolders. /D : Process folders as well attributes: R Read-only (1) H Hidden (2) A Archive (32) S System (4) extended attributes: E Encrypted C Compressed (128:read-only) I Not content-indexed L Symbolic link/Junction (64:read-only) N Normal (0: cannot be used for file selection) O Offline P Sparse file T Temporary The numeric values may be used when changing attributes with VBS/WSH If no attribute is specified attrib will return the current attribute settings. Used with just the /S option ATTRIB will quickly search for a particular filename. Hidden and System attributes take priority. If a file has both the Hidden and System attributes set, you can clear both attributes only with a single ATTRIB command. For example, to clear the Hidden and System attributes for the RECORD.TXT file, you would type: ATTRIB -S -H RECORD.TXT File Attributes You can use wildcards (? and *) with the filename parameter to display or change the attributes for a group of files. Remember that, if a file has the System or Hidden attribute set, you must clear that attribute before you can change any other attributes. Directory Attributes You can display or change the attributes for a directory/folder. To use ATTRIB with a directory, you must explicitly specify the directory name; you cannot use wildcards to work with directories. For example, to hide the directory C:\SECRET, you would type the following: ATTRIB +H C:\SECRET The following command would affect only files, not directories: ATTRIB +H C:*.* The Read-only attribute for a folder is generally ignored by applications, however the Read-only and System attributes are used by Windows Explorer to determine whether the folder is a special folder, such as My Documents, Favorites, Fonts, etc. Setting the Read-Only attribute on a folder can affect performance, particularly on shared drives because Windows Explorer will be forced to request the Desktop.ini of every sub-folder to see if any special folder settings need to be set. Viewing archive attributes The Archive attribute (A) is used to mark files that have changed since they were previously backed up. The (A) flag is automatically updated by Windows as the file is saved. If the (A) flag is present - the file is new or has been changed since the last backup. The MSBACKUP, RESTORE, and XCOPY commands use these Archive attributes, as do many (but not all) 3rd party backup solutions. Constants - the following attribute values are returned by the GetFileAttributes function: FILE_ATTRIBUTE_READONLY = 1 FILE_ATTRIBUTE_HIDDEN = 2 FILE_ATTRIBUTE_SYSTEM = 4 FILE_ATTRIBUTE_DIRECTORY = 16 FILE_ATTRIBUTE_ARCHIVE = 32 FILE_ATTRIBUTE_ENCRYPTED = 64 FILE_ATTRIBUTE_NORMAL = 128 FILE_ATTRIBUTE_TEMPORARY = 256 FILE_ATTRIBUTE_SPARSE_FILE = 512 FILE_ATTRIBUTE_REPARSE_POINT = 1024 FILE_ATTRIBUTE_COMPRESSED = 2048 FILE_ATTRIBUTE_OFFLINE = 4096 FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = 8192 |
| 6). BCDBOOT = Create or repair a system partition... |
|---|
| (EXPLAN-BCDBOOT.exe (Windows 7 /2008) Set up a system partition, repair the boot environment located on the system partition. Syntax BCDBOOT source [/l locale] [/s volume-letter] [/v] [/m [{OS Loader GUID}]] Options source The location of the Windows directory to use as the source for copying boot-environment files. /l The locale. default = US English. /s The volume letter of the system partition. The default is the system partition identified by the firmware. /v Enable verbose mode /m By default, merge only global objects. If an OS Loader GUID is specified, merge the given loader object within the system template to produce a bootable entry. BCDboot may also be run from Windows PE (Preinstallation Environment) Examples Initialize the system partition using files from the operating system image installed on the C: volume: C:\> bcdboot C:\Windows Set the default BCD locale to Japanese, and copy BCD (Boot Configuration Data) files to drive S: C:\> bcdboot C:\Windows /l ja-jp /s S: Merge the OS loader in the current BCD store identified with the given GUID in the new BCD store: C:\> bcdboot c:\windows /m {d58d10c6-df53-11dc-878f-00064f4f4e08} |
| 7). BOOTCFG = Edit Windows boot settings... |
|---|
| (EXPLAIN-BOOTCFG.exe) Edit the Windows boot settings stored in Boot.ini Syntax BOOTCFG /addsw Add OS load options for an OS entry in boot.ini BOOTCFG /copy Duplicate the entries for an OS instance. BOOTCFG /dbg1394 Configure 1394 port debugging BOOTCFG /debug Edit the debug settings for an OS. BOOTCFG /default Specify the default OS BOOTCFG /delete Delete an OS entry [operating systems] section of Boot.ini BOOTCFG /ems Redirect the EMS console to a remote computer (server only). (Emergency Management Services) BOOTCFG /list List entries in boot.ini BOOTCFG /query Display section entries from Boot.ini BOOTCFG /raw Add OS load options, specified as a string BOOTCFG /rebuild Totally rebuild boot.ini (use when Windows won't start) BOOTCFG /rmsw Remove OS load options for an OS BOOTCFG /timeout Change the OS time-out value. Detailed options for all the above are available from BOOTCFG /? Items in bold are only available from the recovery console Default identification strings: OS Load Options = /Fastdetect Load Identifier = Microsoft Windows XP Professional If you intend to rebuild the boot.ini file, delete it first - boot into the recovery console then: ATTRIB -H -R -S C:\Boot.ini DEL C:\Boot.ini Bootcfg /Rebuild Fixboot |
| 8). BROWSTAT = Get domain, browser and PDC info... |
|---|
| (EXPLAIN-BROWSTAT.exe) Get domain, browser and PDC info. Syntax BROWSTAT option Options: BROWSTAT Dumpnet BROWSTAT dn : Display the transports bound to browser BROWSTAT GetPdc Transport Domain BROWSTAT gp Transport Domain : List the PDC name (via NetBIOS) BROWSTAT GetMaster Transport Domain BROWSTAT gm Transport Domain : List the remote Master Browser name(via NetBIOS) BROWSTAT Getblist Transport BROWSTAT gb Transport : List the backup DNS Servers. BROWSTAT ListWfw BROWSTAT wfw : WindowsForWorkgroups servers running browser. BROWSTAT Stats \\ServerName BROWSTAT sts \\ServerName : List all browser statistics BROWSTAT Status : Display Transport,Primary DNS BROWSTAT sta and Backup DNS servers. BROWSTAT Status -v domain : Verbose Status Display BROWSTAT sta -v domain include Server OS and active browsers. BROWSTAT Tickle BROWSTAT Tic : Force remote master to stop. BROWSTAT Elect BROWSTAT el : Force election on remote domain BROWSTAT View Transport BROWSTAT vw Transport BROWSTAT vw Transport ‹domain› BROWSTAT vw Transport \\Server BROWSTAT vw Transport \\‹Server› /DOMAIN ‹DomainToQuery› The VIEW options can enumerate server services running across a server or domain. Other Browstat features will only work only within a single network subnet. To span subnets/routers across a domain, run browstat via psexec. In the list displays, the following flags are used: W = Workstation NT = Windows NT S = Server W95 = Windows95 SQL = SQLServer WFW = WindowsForWorkgroups SS = StandardServer MFPN= MS Netware PDC = PrimaryDomainController NV = Novell BDC = BackupDomainController XN = Xenix TS = Time Source MBC = Member Server PQ = Print Queue Server DL = Dial-in Server AFP = AFP Server OSF = OSF Server VMS = VMS Server PBR = Potential Browser BBR = Backup Browser, MBR = Master Browser DMB = DomainMaster Browser DFS = Distributed File System Examples Display transports: C:\>browstat dn List of transports currently bound to the browser 1 \Device\NetBT_Tcpip_{B1AFFCA2-6410-4644-9FE7-BA6C274FD4F3} List the backup DNS servers for transport #1: C:\>browstat gb 1 Browser: \\PC00096 Browser: \\PC00082 List Print queues for transport #1: C:\> BROWSTAT vw 1 |find "PQ" |
| 9). CACLS = Change file permissions... |
|---|
| (EXPLAIN-CACLS.exe) Display or modify Access Control Lists (ACLs) for files and folders. Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL's from the folder where it was created. Syntax CACLS pathname [options] Options: /T Search the pathname including all subfolders. /E Edit ACL (leave existing rights unchanged) /C Continue on access denied errors. /G user:permission Grant access rights, permision can be: R Read W Write C Change (read/write) F Full control /R user Revoke specified user's access rights (only valid with /E). /P user:permission Replace access rights, permission can be: N None R Read W Write C Change (read/write) F Full control /D user Deny access to user. In all the options above "user" can be a UserName or a Workgroup (either local or global) You can specify more than one user:permission in a single command. Wildcards can be used to specify multiple files. If a UserName or WGname includes spaces then it must be surrounded with quotes e.g. "Authenticated Users" If no options are specified CACLS will display the ACLs for the file(s) Setting Deny permission (/D) will deny access to a user even if they also belong to a group that grants access. Limitations Cacls cannot display or modify the ACL state of files locked in exclusive use. Cacls cannot set the following permissions: change permissions, take ownership, execute, delete use XCACLS to set any of these. Using CACLS The CACLS command does not provide a /Y switch to automatically answer 'Y' to the Y/N prompt. However, you can pipe the 'Y' character into the CACLS command using ECHO, use the following syntax: ECHO Y| CACLS /g To edit a file you must have the "Change" ACL (or be the file's owner) To use the CACLS command and change an ACL requires "FULL Control" File "Ownership" will always override all ACL's - you always have Full Control over files that you create. If CACLS is used without the /E switch all existing rights on [pathname] will be replaced, any attempt to use the /E switch to change a [user:permission] that already exists will raise an error. To be sure the CALCS command will work without errors use /E /R to remove ACL rights for the user concerned, then use /E to add the desired rights. The /T option will only traverse subfolders below the current directory. If no options are specified CACLS will display the current ACLs e.g. To display the current folder CACLS . Display permissions for one file CACLS MyFile.txt Display permissions for multiple files CACLS *.txt Inherited folder permissions are displayed as: OI - Object inherit - This folder and files. (no inheritance to subfolders) CI - Container inherit - This folder and subfolders. IO - Inherit only - The ACE does not apply to the current file/directory These can be combined as folllows: (OI)(CI) This folder, subfolders, and files. (OI)(CI)(IO) Subfolders and files only. (CI)(IO) Subfolders only. (OI) (IO) Files only. So BUILTIN\Administrators:(OI)(CI)F means that both files and Subdirectories will inherit 'F' (Fullcontrol) similarly (CI)R means Directories will inherit 'R' (Read folders only = List permission) To actually change the inheritance of a folder/directory use iCACLS /grant or iCACLs /deny When cacls is applied to the current folder only there is no inheritance and so no output. Errors when changing permissions If a user or group has a permission on a file or folder and you grant a second permission to the same user/group on the same folder, NTFS will sometimes produce the error message "The parameter is incorrect" To fix this (or prevent it happening) revoke the permission first (/e /r) and then reapply (/e /g) Examples: Add Read-Only permission to a single file CACLS myfile.txt /E /G "Power Users":R Add Full Control permission to a second group of users CACLS myfile.txt /E /G "FinanceUsers":F Now revoke the Read permissions from the first group CACLS myfile.txt /E /R "Power Users" Now give the first group Full-control: CACLS myfile.txt /E /G "Power Users":F Give the Finance group Full Control of a folder and all sub folders CACLS c:\docs\work /E /T /C /G "FinanceUsers":F |
| 10). CALL = Call one batch program from another... |
|---|
| (EXPLAIN-CALL) Call one batch program from another. Syntax CALL [drive:][path]filename [parameters] CALL :label [parameters] CALL internal_cmd Key: pathname The batch program to run parameters Any command-line arguments :label Jump to a label in the current batch script. internal_cmd Any internal command, first expanding any variables in the argument CALL a second batch file The CALL command will launch a new batch file context along with any specified arguments. When the end of the second batch file is reached (or if EXIT is used), control will return to just after the initial CALL statement. CALL a subroutine (:label) The CALL command will pass control to the statement after the label specified along with any specified arguments . To exit the subroutine specify GOTO:eof this will transfer control to the end of the current subroutine. Arguments can be passed either as a simple string or using a variable: CALL MyScript.cmd "1234" CALL OtherScript.cmd %_MyVariable% Use a label to CALL a subroutine A label is defined by a single colon followed by a name. This is the basis of a batch file function. CALL :s_display_result 123 ECHO Done GOTO :eof :s_display_result ECHO The result is %1 GOTO :eof At the end of the subroutine, GOTO :eof will return to the position where you used CALL. Example @ECHO OFF SETLOCAL CALL :s_staff SMITH 100 GOTO s_last_bit :s_staff ECHO Name is %1 ECHO Rate is %2 GOTO :eof :s_last_bit ECHO The end of the script Advanced usage : CALLing internal commands In addition to the above, CALL can also be used to run any internal command (SET, ECHO etc) and also expand any environment variables passed on the same line. For example @ECHO off SETLOCAL set server1=frodo3 set server2=gandalf4 set server3=ascom5 set server4=last1 ::run the Loop for each of the servers call :loop server1 call :loop server2 call :loop server3 call :loop server4 goto:eof :loop set _var=%1 :: Evaluate the server name CALL SET _result=%%%_var%%% echo The server name is %_result% goto :eof :s_next_bit :: continue below :: Note the line shown in bold has three '%' symbols :: The CALL will expand this to: SET _result=%server1% Each CALL does one substitution of the variables. (You can also do CALL CALL... for multiple substitutions) If you CALL an executable or resource kit utility make sure it's available on the machine where the batch will be running, also check you have the latest versions of any resource kit utilities. If Command Extensions are disabled, the CALL command will not accept batch labels. |
| 11). CD = Change Directory - move to a specific Folder... |
|---|
| (EXPLAIN-CD) Change Directory - Select a Folder (and drive) Syntax CD [/D] [drive:][path] CD [..] Key /D : change the current DRIVE in addition to changing folder. Examples To change to the parent directory. C:\Work> CD .. To change to the grant-parent directory. C:\Work\backup\January> CD ..\.. To change to the ROOT directory. C:\Work\backup\January> CD \ To display the current directory in the specified drive. C:\> CD D: To display the current drive and directory. C:\Work> CD To display the current drive and directory. C:\Work> ECHO "%CD%" In a batch file to display the location of the batch script file (%0) C:\> ECHO "%~dp0" Moving down the folder tree with a full path reference to the ROOT folder... C:\windows> CD \windows\java C:\windows\java> Moving down the folder tree with a reference RELATIVE to the current folder... C:\windows> CD java C:\windows\java> Moving up and down the folder tree in one command... C:\windows\java> CD ..\system32 C:\windows\system32> If Command Extensions are enabled the CD command is enhanced as follows: 1) The current directory string is converted to use the correct CASE. So CD C:\wiNnt would actually set the current directory to C:\Winnt 2) CD does not treat spaces as delimiters, so it is possible to CD into a subfolder name that contains a space without surrounding the name with quotes. For example: cd \My folder is the same as: cd "\My folder" 3) An asterisk can be used to complete a folder name e.g. from C:\ C:> CD pro* will move to C:\Program Files CHDIR is a synonym for CD Tab Completion This allows changing current folder by entering part of the path and pressing TAB C:> CD Prog [PRESS TAB] Will go to C:\Program Files\ Tab Completion is disabled by default, it has been known to create difficulty when using a batch script to process text files that contain TAB characters. Tab Completion is turned on by setting the registry value shown below REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "CompletionChar"=dword:00000009 Changing the Current drive simply enter the drive letter followed by a colon C:> E: E:> To change drive and directory at the same time, use CD with the /D switch C:> cd /D E:\utils E:\utils\> |
| 12). CHANGE = Change Terminal Server Session properties... |
|---|
| (EXPLAIN-CHANGE) Change Terminal Server Session properties, use when installing software on a terminal server. Syntax CHANGE USER /options CHANGE LOGON /options CHANGE PORT /options Options: To change .INI file mapping: (administrator rights required) CHANGE USER /INSTALL Enable install mode. This command has to be run before installing any new software on a Terminal Server. This will create a .ini file for the application in the TS system directory. CHANGE USER /EXECUTE Enable execute mode (default) Run this when an installation is complete. CHANGE USER /QUERY Display current settings. To enable or disable terminal session logins: CHANGE LOGON /QUERY Query current terminal session login mode. CHANGE LOGON /ENABLE Enable user login from terminal sessions. CHANGE LOGON /DISABLE Disable user login from terminal sessions. To list or change COM port mappings for the current session. This can allow DOS applications to access high numbered ports e.g. COM12 CHANGE PORT portx=porty Map port x to port y. CHANGE PORT /D portx Delete mapping for port x. CHANGE PORT /QUERY Display current mapping ports. How .ini files work: Installing an application will create a .ini file in the TS system directory. The first time a user runs the application, the application looks in the home directory for its .ini file. If none is found then Terminal Server will copy the .ini file from the system directory to the users home directory. Each user will have a unique copy of the application's .ini file in their home directory. To learn more about what happens when the system is put into install mode run CHANGE USER /? The CHANGE command replaces CHGLOGON, CHGUSER, and CHGPORT from Citrix Winframe. |
| 13). CHKDSK = Check Disk - check and repair disk problems... |
|---|
| (EXPLAIN-chkdsk.exe) Check Disk - check and repair disk problems Syntax CHKDSK [drive:][[path]filename] [/F] [/V] [/R] [/L[:size]] Key [drive:] The drive to check. filename File(s) to check for fragmentation (FAT only). /F Automatically Fix file system errors on the disk. /X Fix file system errors on the disk, (Win2003 and above) dismounts the volume first, closing all open file handles. /R Scan for and attempt Recovery of bad sectors. /V Display the full path and name of every file on the disk. /L:size NTFS only: change the log file size to the specified number of kilobytes. If size is not specified, displays the current log size and the drive type (FAT or NTFS). /C Skip directory corruption checks. /I Skip corruption checks that compare directory entries to the file record segment (FRS) in the volume's master file table (MFT) Example: CHKDSK C: /F Fixing Errors /F If the drive is the boot partition, you will be prompted to run the check during the next boot If you specify the /f switch, chkdsk will show an error if open files are found on the disk. Chkdsk /f will lock the volume, making data unavailable until chkdsk is finished. If you use chkdsk /f on a disk with a very large number of files (millions), chkdsk may take a long time to complete. When you delete a file or folder that has 'custom' permissions, the ACL is not deleted, it is cached. Chkdsk /f will remove ACLs that are no longer used. This is often the cause of the rather worrying message: "Windows found problems with the file system. Run chkdsk with the /F (fix) option to correct these." It is normal for chkdsk /F to remove unused index entries and unused security descriptors every time you run it, these do not indicate a problem with the file system. Scan only (without /f switch) If a file needs to be fixed chkdsk will alert you with a message but will not fix the error(s). chkdsk may report lost allocation units on the disk - it will produce this report even if the files are in-use (open). If corruption is found, consider closing all files and repairing the disk with /F. Running chkdsk on a data volume that is in use by another program or process may incorrectly report errors when none are present. To avoid this, close all programs or processes that have open handles to the volume. On computers running Windows 2003 SP1, chkdsk automatically creates a shadow copy, so you can check volumes that are 'in use' by another program or process. This enables an accurate report against a live file server. On earlier versions of Windows, chkdsk would always lock the volume, making data unavailable. Run at Bootup Running at bootup is often the easiest way to close all open file handles. Use the GUI, chkntfs or the FSUTIL dirty commands to set or query the volumes 'dirty' bit so that Windows will run chkdsk when the computer is restarted. Event Logs Chkdsk will log error messages in the Event Viewer - System Log. Chkdsk /f removes ACLs that are no longer used and reports this in the Event Viewer - Application Log. Cluster (or block) Size CHKDSK produces a report that shows the the block /cluster size typically: "4096 bytes in each allocation unit." When the cluster size is greater than 4 KB on an NTFS volume, none of the NTFS compression functions are available. Exit codes 0 No errors were found 1 Errors were found and fixed. 2 Could not check the disk, did not or could not fix errors. Notes: Consider the time required to run Chkdsk to repair any errors that occur. Chkdsk times are determined by the number of files on the volume and by the number of files in the largest folder. Chkdsk performance was improved by 30% under Windows 2003 and around 50% in 2008 R2. To issue chkdsk on a hard drive you must be a member of the Administrators group. When CHKDSK is set to run at boot-up there is a delay to allow the check to be cancelled - this can be configured in the registry: HKLM\System\CurrentControlSet\Control\Session Manager REG_DWORD:AutoChkTimeOutData The value is the time in seconds that you want CHKDSK to wait (0 = no delay) default is 10 seconds. Chkdsk is also available from the Recovery Console (with different parameters.) Disk Errors |
| 14). CHKNTFS = Check the NTFS file system... |
|---|
| (EXPLAIN-CHKNTFS.exe) Check the NTFS file system with CHKDSK Syntax CHKNTFS drive: [...] CHKNTFS /C drive: [...] CHKNTFS /X drive: [...] CHKNTFS /t[:Time] CHKNTFS /D Key drive : Specifies a drive letter. /C : Check - schedules chkdsk to be run at the next reboot. /X : Exclude a drive from the default boot-time check. Excluded drives are not accumulated between command invocations. /T : Change the Autochk.exe initiation countdown time (time in seconds) If you don't specify Time: displays the current countdown time. /D : Restore the machine to the default behavior; all drives are checked at boot time and chkdsk is run on those that are dirty. This undoes the effect of the /X option. If no switches are specified, CHKNTFS will display the status of the dirty bit for each drive. /T option is new in Win XP |
| 15). CHOICE = Accept keyboard input to a batch file...? |
|---|
| (EXPLAIN-CHOICE.exe (Resource Kit/Standard Vista command) Accept user input to a batch file. Choice allows single key-presses to be captured from the keyboard. Syntax CHOICE [/C[:]choiceKeys] [/N] [/S] [/T[:]k,nn] [text] Key /C[:]choiceKeys : One or more keys the user can press. Default is YN /N : Do not display choiceKeys at end of prompt string. /S : case Sensitive. /T[:]k,dd : Default the choice to k after dd seconds text : Message string to display the choices available The Windows 2003 version has some slight differences: CHOICE [/c [choiceKeys]] [/N] [/CS] [/t Timeout /d Choice] [/m Text] key /C[:]choiceKeys : One or more keys the user can press. Default is YN /N : Do not display choiceKeys at end of prompt string. /CS : Case Sensitive. /T dd : Timeout in dd seconds /d choiceKey : Choice made on Timeout /m text : Message string to describe the choices available ERRORLEVEL will return the numerical offset of choiceKeys. Availability Choice.com was originally supplied on the Windows 95 install CD, however there are some issues with this version under NT - multiple concurrent invocations of CHOICE will clobber each other. CHOICE.com will also burn a lot of CPU's when in a wait state. The NT and 2000 Resource Kits contain CHOICE.EXE which behaves a lot better. In Windows 2003 CHOICE became a built-in command so it is no longer in the resource kit. Examples: CHOICE /C:FH /M select [F] Floppy or [H] Hard drive IF errorlevel 2 goto s_hard IF errorlevel 1 goto s_floppy Note the order of the IF statements above, IF errorlevel 1 will return TRUE for an errorlevel of 2 CHOICE can be used to set a specific %errorlevel% for example to set the %errorlevel% to 6 : ECHO 6| CHOICE /C:123456 /N >NUL |
| 16). CIPHER = Encrypt or Decrypt files/folders... |
|---|
| (EXPLAIN-CIPHER) Encrypt or Decrypt files and folders. Without parameters cipher will display the encryption state of the current folder and files. NTFS volumes only. Syntax: Encrypt/Decrypt: CIPHER [{/e | /d}] [/s:Folder] [options] [/u[/n]] [{PathName [...]] New recovery agent certificate: CIPHER /r:PathNameWithoutExtension Remove data: CIPHER /w:PathName Backup Keys: CIPHER /x[:PathName] options: /e Encrypt the folders. Folders are marked so that files that are added to the folder later are encrypted too. /d Decrypt the folders. Folders are marked so that files that are added to the folder later are encrypted too. /s:Folder Performs the operation in the folder and all subfolders. /a Perform the operation for files and directories. /i Continue even after errors occur. By default, cipher stops when it encounters an error. /f Force the encryption or decryption of all specified objects. By default, cipher skips files that have been encrypted or decrypted already. /q Quiet - Report only essential information. /h Display files with hidden or system attributes. By default, these files are not encrypted or decrypted. /k Create a new file encryption key for the user running cipher. /u Update the user's file encryption key or recovery agent's key to the current ones in all of the encrypted files on local drives (that is, if the keys have been changed). This option only works with /n. /n Prevent keys from being updated. Use this option to find all of the encrypted files on the local drives. This option only works with /u. PathName A pattern, file, or folder. /r:PathNameWithoutExtension Generate a new recovery agent certificate and private key, and then write them to files with the filename PathNameWithoutExtension. /w:PathName Remove data from unused portions of a volume. PathName can indicate any directory on the desired volume. Cipher does not obtain an exclusive lock on the drive. This option can take a long time to complete and should only be used when necessary. /x[:PathName] PathNameWithoutExtension Identifies the certificates and private keys used by EFS for the currently logged on user and backs them up to a file. If PathName is provided, the certificate used to encrypt the files is backed up. Otherwise, the user's current EFS certificate and keys will be backed up. The certificates and private keys are written to a file name PathNameWithoutExtension plus the file extension .pfx. Notes It is recommended that you always encrypt both the file and the folder in which it resides, this prevents an encrypted file from becoming decrypted when it is modified. Cipher cannot encrypt files that are marked as read-only. Cipher will accept multiple folder names and wildcard characters. You must separate multiple parameters with at least one space. Examples List encrypted files in the reports folder are: CIPHER c:\reports\* Encrypt the Reports folder and all subfolders: CIPHER /e /s:C:\reports To back up the certificate and private key currently used to encrypt and decrypt EFS files to a file named c:\myefsbackup.pfx, type: CIPHER /x c:\myefsbackup |
| 17). CleanMgr = Automated cleanup of Temp files, recycle bin... |
|---|
| (EXPLAIN-CLEANMGR.exe) Automated cleanup of Temp files, Internet files, downloaded files, recycle bin (XP). Syntax CLEANMGR option Options /d driveletter: - Select the drive that you want Disk Cleanup to clean. /sageset:n - Display the Disk Cleanup Settings dialog box and create a registry key to store the settings you select. The n value is stored in the registry and allows you to specify different tasks for Disk Cleanup to run. n can be any integer from 0 to 65535. Specify the %systemroot% drive to see all the available options. /sagerun:n - Run task 'n' All drives in the computer will be enumerated, and the selected profile will be run against each drive. Only one of the 3 options above can be run at a time Examples CLEANMGR /sageset:64 CLEANMGR /sagerun:64 Options that can be chosen for cleanup: Temporary Internet Files Temporary Setup Files Downloaded Program Files Old Chkdsk Files Recycle Bin Temporary Files Temporary Offline Files Offline Files Compress Old Files Catalog Files for the Content Indexer Items in bold may appear in more than one drive i.e not just in %SystemRoot% If you want to choose the options automatically, without any user interaction then run a registry script like this e.g. REGEDIT /S cleanmgr.reg CLEANMGR /sagerun:64 Other items you may want to clear out... Application Data Most files in Application Data are things like browser bookmark files - best left alone. However some applications (e.g. MS Access) leave large files in application data which you probably don't need in a roaming profile, these can be selectively deleted with a batch script like this. Recent files To clear the shortcuts for Start, Documents cd %userprofile%\Recent echo y| del *.* Notice that the 'Recent' folder may contain many more shortcuts than are set to display under Start, Documents. Locked files (Typically IE temp files or the Offline cache) This works on any version of NT, 2000 or XP Close all applications Open a command prompt Click Start, and then Shut Down Simultaneously press CTRL+SHIFT+ALT. While you keep these keys pressed, click Cancel in the Shut Down Windows dialog box. In the command prompt window, navigate to the cache location, and delete all files from the folder (DEL /s) At the command prompt, type explorer, and then press ENTER. |
| 18). CLIP = Copy STDIN to the Windows clipboard... |
|---|
| (EXPLAIN-CLIP.exe (Resource Kit / Windows 7) Copy the result of any command to the Windows clipboard. Syntax command | CLIP CLIP < filename.txt When using clip in a batch script you should warn the user that their clipboard is about to be overwritten. For Example: DIR | CLIP DATE /t | CLIP |
| 19). CMD = Start a new CMD shell... |
|---|
| (EXPLAIN-CMD.exe) Start a new CMD shell. Syntax CMD [charset] [options] [My_Command] Options /C Carries out My_Command and then terminates /K Carries out My_Command but remains My_Command : The command, program or batch script to be run. This can even be several commands separated with '&' (the whole should also be surrounded by "quotes") /T:fg Sets the foreground/background colours /X Enable extensions to CMD.EXE under Windows 2000 you can also use /E:ON /Y Disable extensions to CMD.EXE under Windows 2000 you can also use /E:OFF /A Output ANSI Characters /U Output UNICODE Characters These 2 swiches are useful when piping or redirecting to a file Most common text files under WinNT are ANSI, use these switches when you need to convert the character set. /D Ignore registry AutoRun commands HKLM | HKCU \Software\Microsoft\Command Processor\AutoRun /F:ON Enable auto-completion of pathnames entered at the CMD prompt /F:OFF Disable auto-completion of pathnames entered at the CMD prompt (default) At the command prompt Ctrl-D gives folder name completion and Ctrl-F gives File and folder name completion. These key-strokes will display the first matching path. Thereafter, repeated pressing of the same control key will cycle through the list of matching paths. Pressing SHIFT with the control key will move through the list backwards. /Q Turn echo off /S Strip quote characters from the command_line /V:ON Enable delayed environment variable expansion this allows a FOR loop to specify !variable! instead of %variable% expanding the variable at execution time instead of at input time. /V:OFF Disable delayed environment expansion. Environment expansion preference can be set permanently in the registry HKLM | HKCU \Software\Microsoft\Command Processor\DelayedExpansion Set to either 0x1 or 0x0 /knetdiag /debug /knetdiag /fix The knetdiag switches are undocumented and work in XP only they list and (may) fix these networking issues. If /C or /K is specified, then the remainder of the command line is processed as an immediate command in the new shell. Multiple commands separated by the command separator '&&' are accepted if surrounded by quotes. The following logic is used to process quote (") characters: 1. If all of the following conditions are met, then quote characters on the command line are preserved: - no /S switch - exactly two quote characters - no special characters between the two quote characters, where special is one of: &<>()@^| - there are one or more whitespace characters between the the two quote characters - the string between the two quote characters is the name of an executable file. 2. Otherwise, old behavior is to see if the first character is a quote character and if so, strip the leading character and remove the last quote character on the command line, preserving any text after the last quote character. Command.com vs cmd.exe All the commands on these pages assume you are running the 32 bit or 64 bit command line (cmd.exe) The old 16 bit command processor command.com is supplied to provide backward compatibility for 16 bit DOS applications. Command.com has very limited functionality compared to cmd.exe e.g. it will fail to set an %errorlevel% after many commands. If you name your batch scripts with the extension .CMD rather than .BAT then they will not run under command.com even if copied to a Windows 95 machine. The %COMSPEC% environment variable will show if you are running CMD.EXE or command.com On 64 bit versions of windows the 32 bit CMD.exe can be found at %windir%\SysWoW64\cmd.exe To reduce compatibility issues, the WOW64 subsystem isolates 32-bit binaries from 64-bit binaries by redirecting registry calls and some file system calls. Opening CMD from Windows Explorer You can open a new CMD prompt by choosing START, RUN, cmd, OK Registry Keys for CMD: ;Allow UNC paths at command prompt [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor] "DisableUNCCheck"=dword:00000001 ; Run a command when CMD.exe starts [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor] "AutoRun"=- ; Activate Automatic Completion [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor] "CompletionChar"=0x9 ; For Windows 7: Add an elevated 'Open CMD prompt here (Admin)' option to the ; context menu for file system folders: [HKEY_CLASSES_ROOT\Directory\shell\runas] @="Open CMD prompt here (Admin)" [HKEY_CLASSES_ROOT\Directory\shell\runas\command] @="cmd.exe /k pushd %L" ; For Windows 7: Add an elevated 'Open CMD prompt here (Admin)' option to the ; My Computer context menu: [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\runas] @="Open CMD prompt here (Admin)" [HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\runas\command] @="cmd.exe" Previous Commands Pressing the UP arrow will list previous commands entered at the command prompt. Other DOSKEY function keys are loaded by default (F7, F8, F9) Copy and Paste / QuickEdit To simplify the use of cut and paste at the Command Prompt, enable QuickEdit mode as follows: Activate the control menu at the top left of the current cmd window, go to Properties, Options tab and then tick against QuickEdit Mode. Now you can select text with the mouse and hit Enter (or right click) to copy it to the clipboard. Paste anywhere using Control+V (or Right Click) or via the menu. ESC will cancel any selection and return to editing mode. When copying between windows, you may need one click to select the window and a second click to paste. Run multiple instances of CMD.exe At the command line or in a batch script CMD will start a new instance of CMD.exe which will appear in the same window. The EXIT command will close the second CMD instance and return to the previous shell. A method of calling one Batch script from another is to run a command like CMD /c C:\docs\myscript.cmd The output of CMD can be redirected into a text file. Notice that where CMD /c is used, the EXIT command is not required. The environment Variable %CMDCMDLINE% will expand into the original command line passed to CMD.EXE The native version of CMD.exe is always in %windir%\system32, on 64 bit operating systems there is also a 32 bit CMD.exe in %windir%\SysWOW64 Pausing or stopping a batch script Execution of any batch script can be paused by pressing CTRL-S This also works for pausing a single command such as a DIR listing Pressing any key will resume the operation. Execution of any batch script can be stopped by pressing CTRL-C If one batch file CALLs another batch file CTRL-C will exit both batch scripts. If CMD /c is used to call one batch file from another then CTRL-C will cause only one of the batch scripts to terminate. (see also EXIT) Long Commands and long filenames Under Windows XP, the CMD command line is limited to 8,191 characters. For all versions of Windows, NTFS and FAT allows pathnames of up to 260 characters. A workaround for the limited pathname length is to prefix \\?\ for example: \\?\C:\TEMP\Long_Directory\Long_Filename.txt Full Screen The key combination ALT + ENTER will switch a CMD window to full screen mode. press ALT and ENTER again to return to a normal Window. Command Extensions Much of the functionality of CMD.exe can be disabled - this will affect all the internal commands, Command Extensions are enabled by default. This is controlled by setting a value in the registry: HKCU\Software\Microsoft\Command Processor\EnableExtensions Alternatively under Win XP you can run CMD /e:on or CMD /e:off |
| 20). CMDKEY = Manage stored usernames/passwords... |
|---|
| (EXPLAIN-CMDKEY.exe (Windows 7) Create, list or delete stored user names, passwords or credentials. Syntax cmdkey [{/add:TargetName|/generic:TargetName}] {/smartcard|/user:UserName [/pass:Password]} [/delete{:TargetName|/ras}] /list:TargetName Key: /add Add a user name and password to the list. TargetName The computer or domain name that this entry will be associated with. /generic Add generic credentials to the list. /smartcard Retrieve the credential from a smart card. /user:UserName The user or account name to store with this entry. If UserName is not supplied, it will be requested. /pass:Password The password to store with this entry. If Password is not supplied, it will be requested. /delete: Delete a user name and password from the list. If TargetName is specified, that entry will be deleted. If /ras is specified, the stored remote access entry will be deleted. /list Display the list of stored user names and credentials. If TargetName is not specified, all stored user names and credentials will be listed. If more than one smart card is found, cmdkey will prompt the user to specify which one to use. Once stored, passwords are not displayed. Examples: Display a list of stored user names and credentials: cmdkey /list Add a user name and password for user Kate to access computer Server01 with the password passme, type: cmdkey /add:server01 /user:Kate /pass:passme Add a user name for user Kate to access computer Server01 and prompt for the password whenever Server01 is accessed: cmdkey /add:server01 /user:Kate Delete the stored credential for remote access: cmdkey /delete /ras Delete the stored credential for Server01: cmdkey /delete:Server01 |
No comments:
Post a Comment