Commonly Used CMD Commands Every Windows User Should Know
It will take approximately 5 minutes to read this article.
Many of you may aware of command line commands which helps you to rule your computer from a black box.
Most of the Linux & MacOS users are using their command line tools nearly for their all computer jobs to handle some situations quickly.
Since Microsoft Command Line (cmd) tool has lesser known famous, I’ve prepared most used 10 commands that will save your life if you are starting to use your command line.
This is the topmost command for seeing the IP address,subnet mask and default gateway also includes the display and flush DNS cache, re-register the system name in DNS. This will most useful tool for viewing and troubleshooting TCP/IP problem.
- To view IP ,subnet mask address : ipconfig
- To view all TCP/IP information, use: ipconfig /all
- To view the local DNS cache, use: ipconfig /displaydns
- To delete the contents of the local DNS cache, use: ipconfig /flushdns
Have a need to display operating system configuration information for a local or remote machine, including service pack levels? Then systeminfo is the tool to use. When I need to connect to a system that I am not familiar with, this is the first tool I run. The output of this command gives me all the info I need including: host name, OS type, version, product ID, install date, boot time and hardware info (processor and memory). Also knowing what hot fixes are installed can be a big help when troubleshooting problems. This tool can be used to connect to a machine remotely using the following syntax:
SYSTEMINFO /S system /U user
If you are used to Windows Task Manager, then you’ll find tasklist very easy to use. This tool displays a list of currently running processes, including image name, PID (Process ID) and memory usage on local or remote machines. Using the /V switch displays more information in verbose mode that includes, CPU Time, user name, and modules. Tasklist includes a filter option to display a set of task based on the criteria specified. But the best use of the filter is using it to display programs running inside svchost.exe process.
Of course, there will be times when a process needs to be killed and taskkill can be used to terminate those trouble processes. A single or multiple processes can be killed using the PID (/PID ) or image name (/IM ). Here are two examples for doing just that:
TASKKILL /IM notepad.exe
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
Both tasklist and taskkill can connect to remote systems using the /S (system name) /U (user name) switches.
Most files in Windows are associated with a specific program that is assigned to open the file by default. At times, remembering these associations can become confusing. You can remind yourself by entering the command “assoc” to display a full list of file name extensions and program associations.
You can also extend the command to change file associations. For example
will change the file association for text files to whatever program you enter after the equal sign. The ASSOC command itself will reveal both the extension names and program names, which will help you properly use this command. You can probably do this more easily in the GUI, but the command line interface is a perfectly functional alternative.
Deleting files on a mechanical hard drive doesn’t really delete them at all. Instead, it marks the files as no longer accessible and the space they took up as free. The files remain recoverable until the system overwrites them with new data, which can take some time.
which will wipe free space on the drive. The command does not overwrite undeleted data, so you will not wipe out files you need by running this command.
You can use a host of other cipher commands, however, they are generally redundant with Bitlocker enabled versions of Windows.
Entering the command “netstat -an” will provide you with a list of currently open ports and related IP addresses. This command will also tell you what state the port is in – listening, established or closed.
This is a great command for when you’re trying to troubleshoot devices connected to your PC or when you fear a Trojan infected your system and you’re trying to locate a malicious connection.
This is a more advanced version of ping that’s useful if there are multiple routers between your PC and the device you’re testing. Like ping, you use this command by typing “pathping” followed by the IP address, but unlike ping, pathping also relays some information about the route the test packets take.
The “tracert” command is similar to pathping. Once again, type “tracert” followed by the IP address or domain you’d like to trace. You’ll receive information about each step in the route between your PC and the target. Unlike pathping, however, tracert also tracks how much time (in milliseconds) each hop between servers or devices takes.
Powercfg is a very powerful command for managing and tracking how your computer uses energy. You can use the command “powercfg /hibernate on” and “powercfg /hibernate off” to manage hibernation, and you can also use the command “powercfg /a” to view the power-saving states currently available on your PC.
Another useful command is
powercfg /devicequery s1_supported
which displays a list of devices on your computer that support connected standby. When enabled, ou can use these devices to bring your computer out of standby – even remotely. You can enable this by selecting the device in Device Manager, opening its properties, going to the Power Management tab and then checking the “Allow this device to wake the computer” box.
will show you what device last woke your PC from a sleep state. You can use this command to troubleshoot your PC if it seems to wake from sleep at random.
You can use the
command to build a detailed power consumption report for your PC. The report saves to the directory indicated after the command finishes. This report will let you know of any system faults that might increase power consumption, like devices blocking certain sleep modes, or poorly configured to respond to your power management settings.
Windows 8 added
which provides a detailed analysis of battery use, if applicable. Normally output to your Windows user directory, the report provides details about the time and length of charge and discharge cycles, lifetime average battery life, and estimated battery capacity.
As of Windows 8/8.1 there is now a shutdown command that – you guessed it! – shuts down your computer. Are Windows shutdowns an ordeal? Time to crack down on this process and save time. Most solutions are super simple and only take a few seconds, promised!
This is of course redundant with the already easily accessed shutdown button, but what’s not redundant is the
shutdown /r /o
command, which restarts your PC and launches the Advanced Start Options menu, which is where you can access Safe Mode and Windows recovery utilities. This is useful if you want to restart your computer for troubleshooting purposes.
System File Checker is an automatic scan and repair tool that focuses on Windows system files.
You will need to run the command prompt with administrator privileges and enter the command
If SFC finds any corrupt or missing files, it will automatically replace them using cached copies kept by Windows for this purpose alone. The command can require a half-hour to run on older notebooks.
Recovery Image(Windows 8)
Virtually all Windows 8/8.1 computers ship from the factory with a recovery image, but the image may include bloatware you’d rather not have re-installed. Once you’ve un-installed the software you can create a new image using the “recimg” command. Entering this command presents a very detailed explanation of how to use it.
You must have administrator privileges to use the recimg command, and you can only access the custom recovery image you create via the Windows 8 “refresh” feature.
In Windows 10, system recovery has changed. Windows 10 systems don’t come with a recovery partition, which makes it more important than ever to create a recovery drive.
Drivers remain among the most important software installed on a PC. Improperly configured or missing drivers can cause all sorts of trouble, so its good to have access to a list of what’s on your PC. That’s exactly what the “driverquery” command does. You can extend it to “driverquery -v” to obtain more information, including the directory in which the driver is installed.
You can use this command to identify differences in text between two files. It’s particularly useful for writers and programmers trying to find small changes between two versions of a file. Simply type “fc” and then the directory path and file name of the two files you want to compare.
You can also extend the command in several ways. Typing “/b” compares only binary output, “/c” disregards the case of text in the comparison, and “/l” only compares ASCII text.
So, for example, you could use the following:
fc /l "C:\Program Files (x86)\example1.doc" "C:\Program Files (x86)\example2.doc"
The above command compares ASCII text in two word documents.
type is used to read the text document in command prompt . You can read multiple texts in continuously
Need to know who (or what) is making a connection to your computer? Then netstat is the tool you want to run. The output provides valuable information of all connections and listening ports, including the executable used in the connections. In addition to the above info, you can view Ethernet statistics, and resolve to connect host IP Addresses to a fully qualified domain name. I usually run the netstat command using the -a(displays all connection info), -n (sorts in numerical form) and -b (displays executable name) switches.
With the Internet, DNS (Domain Name Service) is the key for allowing us to use friendly names when surfing the web instead of needing to remember IP Addresses. But when there are problems, nslookup can be a valuable tool for testing and troubleshooting DNS servers.
Nslookup can be run in two modes: interactive and noninteractive. The noninteractive mode is useful when only a single piece of data needs to be returned. For example, to resolve google.com:
To use the interactive mode, just type nslookup at the prompt. To see all available options, type help while in interactive mode.
Don’t let the help results intimidate you. Nslookup is easy to use. Some of the options I use when troubleshooting are:
set ds (displays detailed debugging information of behind the scenes communication when resolving a host or IP Address).
set domain (sets the default domain to use when resolving, so you don’t need to type the fully qualified name each time).
set type (sets the query record type that will be returned, such as A, MX, NS)
server NAME (allows you to point nslookup to use other DNS servers than what is configured on your computer)
To exit out of interactive mode, type exit .
These tools can be helpful with connectivity to other systems. Ping will test whether a particular host is reachable across an IP network, while tracert (traceroute) is used to determine the route taken by packets across an IP network.
To ping a system just type at the prompt:
By default, ping will send three ICMP request to the host and listen for ICMP “echo response” replies. Ping also includes switches to control the number of echo requests to send (-n ), and to resolve IP addresses to the hostname (-a ).
To use tracert, type at the prompt:
You can force tracert to not resolve address to host names by using the -d switch, or set the desired timeout (milliseconds) for each reply using -w switch.
Used mostly in environments that implement group policies, gpresults (Group Policy Results) verify all policy settings in effect for a specific user or computer. The command is simple to use, just enter gpresults at the prompt. It can also be used to connect to computers remotely using the /S and /U switches.
Without a doubt the most powerful command line tool available in Windows. Netsh is like the swiss army knife for configuring and monitoring Windows computers from the command prompt. Its capabilities include:
- Configure interfaces
- Configure routing protocols
- Configure filters
- Configure routes
- Configure remote access behaviour for Windows-based remote access routers that are running the Routing and Remote Access Server (RRAS) Service
- Display the configuration of a currently running router on any computer
Some examples of what you can do with netsh:
- Enable or disable Windows firewall:
netsh firewall set opmode disable
netsh firewall set opmode disable
- Enable or disable ICMP Echo Request (for pinging) in Windows firewall:
netsh firewall set icmpsetting 8 enable
netsh firewall set icmpsetting 8 disable
- Configure your NIC to automatically obtain an IP address from a DHCP server:
netsh interface ip set address “Local Area Connection” dhcp