Many new command-line tools were introduced with Windows Vista and Windows Server 2008, and some in Windows 7 and Windows Server 2008 R2. Some are replacements for previous tools providing enhancements and some are completely new.
You can configure, create, backup and restore audit policies on local and remote computers. This replaces auditusr.exe.
Audit categories include account logon events, account management, directory service access, logon events, object access, policy changes, privilege use, process tracking, and system events. Enabling auditing, records the events for the specified categories in the Security log which you can access via the Event Viewer.
To retrieve the policy for the System category:
auditpol /get /category:"System"
To backup all auditing settings to a CSV-formatted text file:
auditpol /backup /file:auditpolicy.csv
To restore all auditing settings from a previously created CSV-formatted text file using /backup:
auditpol /restore /file:c:\auditpolicy.csv
The Boot Configuration Data (BCD) replaces boot.ini, holding the boot configuration settings. Thus the BCDEdit tool replaces the boot.ini editor bootcfg.exe. BCDEdit lets you manage the BCD stores. You can create, delete, and reorder the boot loader.
View the Boot Manager and Boot Loader details:
Set the default operating system:
bcdedit /default ID
Change the description of a boot entry:
Bcdedit /set ID description "THE NEW DESCRIPTION"
Lets you manage file transfers made via the Background Intelligent Transfer Service (BITS). BITS uses idle network bandwidth for the file transfers, reducing impact on network performance. It’s used by several Microsoft components, including Windows Update, Microsoft Update, Windows Server Update Services, and Systems Management Server.
Download a file from a URL to your hard drive:
bitsadmin /transfer DOWNLOADJOBNAME /download /priority normal http://downloadsrv/file.zip c:\file.zip
Monitor all jobs in the queue, refreshing the status every 5 seconds:
Cancel all jobs in the transfer queue:
BITSAdmin is deprecated starting with Windows 7/Server 2008 R2 and tools for the BITS service are now provided by BITS PowerShell cmdlets.
Lets you manage stored user names and passwords from the Windows Credentials Manager. Though you can also access the Credentials Manager via a GUI from the Control Panel, commands can make it easier to remove and/or add login credentials for multiple PCs.
Display the list of user names and credentials:
Add a user name and password for a user to access a server/computer:
cmdkey /add:SERVER /user:USERNAME /pass:PASSWORD
(Omitting the password would prompt the user for it when logging on.)
Delete the credential stored for a server/computer:
This updated version of cacls lets you display, modify, backup, and restore access control lists (ACLs) and DACLs of files and directories. You can also set mandatory labels of an object for interaction with Mandatory Integrity Control.
Save the DACLs for all files and subdirectories in the C:\Windows directory:
icacls c:\windows\* /save BACKFILENAME /t
Restore the DACLs for all files and subdirectories in the C:\Windows directory:
icacls c:\windows\ /restore BACKFILENAME
Give a user Delete and Write permissions to a file:
Icacls FILENAME /grant USERNAME:(d,wdac)
This helps you create, modify and delete symbolic links, hard links, and directory junctions. Symbolic links are soft links, essentially just a shortcut folder or file that when double-clicked on, redirects the user to the specified directory or file. Hard links are direct links that stay synchronized with the original file. It essentially creates a duplicate file that appears to be separate from the original file. Directory Junctions are hard links for directories, creating what looks like a separate duplicate directory but is linked directly to and stays in sync with the original directory.
Create a symbolic link or shortcut folder (C:\MyDocs) that redirects the user to the C:\Users\UserName\My Documents folder:
mklink /d C:\MyDocs "C:\Users\UserName\My Documents"
Create a hard link (C:\MyDocs\LinkToMyFile.txt) to the C:\Users\UserName\My Documents\MyFile.txtfile.
mklink /h C:\MyDocs\LinkToMyFile.txt "C:\Users\UserName\My Documents\MyFile.txt"
Create a directory junction (C:\MyPics) that links directly to the C:\Users\UserName\MyPictures folder:
mklink /j C:\MyPics "C:\Users\UserName\MyPictures"
You can display current information about application servers, objects, processes, sessions, and users on the network.
Show available application servers on the network:
List all processes belonging to the current user
Display all active sessions:
Show all users logged on the system:
Show all users logged on another system:
query user /server:SYSTEMNAME
Robocopy is an enhanced version of copy and xcopy with additional features to perform advanced file and directory copying. It can resume copying after network interruptions and preserve original timestamps, NTFS ACLs, and audit information. It also has the ability to skip files that already appear in the destination folder with identical size and timestamp and to delete files from the destination that are no longer present in the source.
Copy files from one server to another, but skipping files already in the destination:
robocopy \\SERVER1\DIRECTORY \\SERVER2\DIRECTORY*.* /S
List files over 32 MBs in size:
robocopy C:\DIRECTORY /MAX:33554432 /L
Move files over 14 days old:
robocopy C:\SOURCEDIRECTORY C:\DESTINATIONDIRECTORY /move /minage:14
It enables you to ping a server using a remote procedure call (RPC) and to confirm the RPC connectivity. It’s most useful for troubleshooting the connection between a Microsoft Exchange Server and client. You can do simple pings or send simulated traffic of common Outlook RPC/HTTP requests. You can also verify that the client can contact the backend ports. If you receive errors, you can reference causes of common verbose responses.
Test the RPC proxy server:
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
This allows administrators to take ownership of a file or directory even if access has been denied. This can help if you’re locked out of a folder or file after someone messed with the ACL. After using takeown, you may still need to adjust the ACL with icacls commands.
Change ownership of file to current admin user:
takeown /f FILENAME
Change ownership of file to the Administrators group instead of the current admin user:
takeown/a /f FILENAME
Change ownership of directory and all its files and subdirectories to current admin user:
takeown /f C:\DIRECTORY/r
Enables you to back up and restore your operating system, volumes, files, folders, and applications via an elevated command prompt. Wbadmin replaces the previous Microsoft Windows Backup command-line utility, NTBackup.
Create a backup of drive E and D and save the backup to drive F:
wbadmin start backup -backupTarget:f: -include:e:,d:\mountpoint
Check the status of backup operations:
wbadmin get status
This displays user, group, and privileges information for the current user.
Display the current domain and user name:
Display all the user, group, and privileges information:
This gives you command-line access to the assessment tools used to generate the Windows Experience Index (WEI) score introduced by Microsoft in Windows Vista. It measures various hardware performance characteristics and capabilities, and then gives a number from 1.0 and 5.9 for Windows Vista and from 1.0 and 7.9 for Windows 7.
Assess the ability of a system to display the Aero desktop effects.
Assess the ability of a system to run Direct 3D applications, such as games.
Assesses the performance of disk drives.
Assess the performance of the CPU(s).
Run all assessments (data saved at %systemroot%\performance\winsat\datastore) and display results on the System dialog in Windows:
Display relevant system information:
We discovered some of the new command-line tools introduced in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. I’ll leave you with a few tips on using the Command Prompt:
- Typing the_command /? usually shows help information.
- You can open a new Command Prompt window directly to a folder location by right-clicking the folder in Windows while holding the Shift key and then selecting Open Command Window Here.
- You can drag and drop files or folders onto a Command Prompt to quickly paste in its location.
- Press F7 for command-line history, and then hit Enter to execute.
- Path names with spaces must be enclosed in "quotation marks".