Introduction
Many new command-line tools were introduced with Windows Vista and Windows Server 2008, and some in Windows 7 and Windows Server 2008 R2. Some are replacements for previous tools providing enhancements and some are completely new.
auditpol
You can configure, create, backup and restore audit policies on local and remote computers. This replaces auditusr.exe.
Audit categories include account logon events, account management, directory service access, logon events, object access, policy changes, privilege use, process tracking, and system events. Enabling auditing, records the events for the specified categories in the Security log which you can access via the Event Viewer.
To retrieve the policy for the System category:
auditpol /get /category:”System”
To backup all auditing settings to a CSV-formatted text file:
auditpol /backup /file:auditpolicy.csv
To restore all auditing settings from a previously created CSV-formatted text file using /backup:
auditpol /restore /file:c:\auditpolicy.csv
bcdedit
The Boot Configuration Data (BCD) replaces boot.ini, holding the boot configuration settings. Thus the BCDEdit tool replaces the boot.ini editor bootcfg.exe. BCDEdit lets you manage the BCD stores. You can create, delete, and reorder the boot loader.
View the Boot Manager and Boot Loader details:
bcdedit
Set the default operating system:
bcdedit /default ID
Change the description of a boot entry:
Bcdedit /set ID description “THE NEW DESCRIPTION”
bitsadmin
Lets you manage file transfers made via the Background Intelligent Transfer Service (BITS). BITS uses idle network bandwidth for the file transfers, reducing impact on network performance. It’s used by several Microsoft components, including Windows Update, Microsoft Update, Windows Server Update Services, and Systems Management Server.
Download a file from a URL to your hard drive:
bitsadmin /transfer DOWNLOADJOBNAME /download /priority normal http://downloadsrv/file.zip c:\file.zip
Monitor all jobs in the queue, refreshing the status every 5 seconds:
bitsadmin /monitor
Cancel all jobs in the transfer queue:
bitsadmin /reset
BITSAdmin is deprecated starting with Windows 7/Server 2008 R2 and tools for the BITS service are now provided by BITS PowerShell cmdlets.
cmdkey
Lets you manage stored user names and passwords from the Windows Credentials Manager. Though you can also access the Credentials Manager via a GUI from the Control Panel, commands can make it easier to remove and/or add login credentials for multiple PCs.
Display the list of user names and credentials:
cmdkey /list
Add a user name and password for a user to access a server/computer:
cmdkey /add:SERVER /user:USERNAME /pass:PASSWORD
(Omitting the password would prompt the user for it when logging on.)
Delete the credential stored for a server/computer:
cmdkey /delete:SERVER
icacls
This updated version of cacls lets you display, modify, backup, and restore access control lists (ACLs) and DACLs of files and directories. You can also set mandatory labels of an object for interaction with Mandatory Integrity Control.
Save the DACLs for all files and subdirectories in the C:\Windows directory:
icacls c:\windows\* /save BACKFILENAME /t
Restore the DACLs for all files and subdirectories in the C:\Windows directory:
icacls c:\windows\ /restore BACKFILENAME
Give a user Delete and Write permissions to a file:
Icacls FILENAME /grant USERNAME:(d,wdac)
mklink
This helps you create, modify and delete symbolic links, hard links, and directory junctions. Symbolic links are soft links, essentially just a shortcut folder or file that when double-clicked on, redirects the user to the specified directory or file. Hard links are direct links that stay synchronized with the original file. It essentially creates a duplicate file that appears to be separate from the original file. Directory Junctions are hard links for directories, creating what looks like a separate duplicate directory but is linked directly to and stays in sync with the original directory.
Create a symbolic link or shortcut folder (C:\MyDocs) that redirects the user to the C:\Users\UserName\My Documents folder:
mklink /d C:\MyDocs “C:\Users\UserName\My Documents”
Create a hard link (C:\MyDocs\LinkToMyFile.txt) to the C:\Users\UserName\My Documents\MyFile.txtfile.
mklink /h C:\MyDocs\LinkToMyFile.txt “C:\Users\UserName\My Documents\MyFile.txt”
Create a directory junction (C:\MyPics) that links directly to the C:\Users\UserName\MyPictures folder:
mklink /j C:\MyPics “C:\Users\UserName\MyPictures”
query
You can display current information about application servers, objects, processes, sessions, and users on the network.
Show available application servers on the network:
Query appservers
List all processes belonging to the current user
query process
Display all active sessions:
query session
Show all users logged on the system:
query user
Show all users logged on another system:
query user /server:SYSTEMNAME
robocopy
Robocopy is an enhanced version of copy and xcopy with additional features to perform advanced file and directory copying. It can resume copying after network interruptions and preserve original timestamps, NTFS ACLs, and audit information. It also has the ability to skip files that already appear in the destination folder with identical size and timestamp and to delete files from the destination that are no longer present in the source.
Copy files from one server to another, but skipping files already in the destination:
robocopy \\SERVER1\DIRECTORY \\SERVER2\DIRECTORY*.* /S
List files over 32 MBs in size:
robocopy C:\DIRECTORY /MAX:33554432 /L
Move files over 14 days old:
robocopy C:\SOURCEDIRECTORY C:\DESTINATIONDIRECTORY /move /minage:14
rpcping
It enables you to ping a server using a remote procedure call (RPC) and to confirm the RPC connectivity. It’s most useful for troubleshooting the connection between a Microsoft Exchange Server and client. You can do simple pings or send simulated traffic of common Outlook RPC/HTTP requests. You can also verify that the client can contact the backend ports. If you receive errors, you can reference causes of common verbose responses.
Test the RPC proxy server:
rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P “user,domain,*” -I “user,domain,*” -H 2 -u 10 -a connect -F 3 -v 3 -E -R none
takeown
This allows administrators to take ownership of a file or directory even if access has been denied. This can help if you’re locked out of a folder or file after someone messed with the ACL. After using takeown, you may still need to adjust the ACL with icacls commands.
Change ownership of file to current admin user:
takeown /f FILENAME
Change ownership of file to the Administrators group instead of the current admin user:
takeown/a /f FILENAME
Change ownership of directory and all its files and subdirectories to current admin user:
takeown /f C:\DIRECTORY/r
wbadmin
Enables you to back up and restore your operating system, volumes, files, folders, and applications via an elevated command prompt. Wbadmin replaces the previous Microsoft Windows Backup command-line utility, NTBackup.
Create a backup of drive E and D and save the backup to drive F:
wbadmin start backup -backupTarget:f: -include:e:,d:\mountpoint
Check the status of backup operations:
wbadmin get status
whoami
This displays user, group, and privileges information for the current user.
Display the current domain and user name:
whoami
Display all the user, group, and privileges information:
whoami /all
winsat
This gives you command-line access to the assessment tools used to generate the Windows Experience Index (WEI) score introduced by Microsoft in Windows Vista. It measures various hardware performance characteristics and capabilities, and then gives a number from 1.0 and 5.9 for Windows Vista and from 1.0 and 7.9 for Windows 7.
Assess the ability of a system to display the Aero desktop effects.
winsat dwm
Assess the ability of a system to run Direct 3D applications, such as games.
winsat d3d
Assesses the performance of disk drives.
winsat disk
Assess the performance of the CPU(s).
winsat cpu
Run all assessments (data saved at %systemroot%\performance\winsat\datastore) and display results on the System dialog in Windows:
winsat formal
Display relevant system information:
winsat features
Summary
We discovered some of the new command-line tools introduced in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. I’ll leave you with a few tips on using the Command Prompt:
- Typing the_command /? usually shows help information.
- You can open a new Command Prompt window directly to a folder location by right-clicking the folder in Windows while holding the Shift key and then selecting Open Command Window Here.
- You can drag and drop files or folders onto a Command Prompt to quickly paste in its location.
- Press F7 for command-line history, and then hit Enter to execute.
- Path names with spaces must be enclosed in “quotation marks”.
