Blog

Windows Command Line Tools You Should Know and Love

Posted on May 22, 2009 by Eric Westfall2 Comments

Many Windows users hold the command line to be a shadowy and obscure creature, devoid of any real usefulness. However, those who dare to delve into the Windows command line, may just find a whole world of useful and powerful tools.  I’ve been an avid command line junkie since I first started using Windows and with the release of things like Windows Server 2008 Server Core and Windows Hyper-V Server, shell based administration is not always an option.

Let’s take a look at five of my favorite command line tools, and explore how they can help you work smarter and faster or expose new scripting capability that’s difficult or impossible in the clicky clicky world of the GUI….

Netsh.exe

As you begin to use the Windows command line, you’ll start to find some tools that are so versatile, their use seems almost endless; the netsh command is one of those tools. Netsh provides so many configuration and monitoring options, that it could have it’s own series of blog posts, so I’ll just cover some of the basics here. The netsh command is especially well suited to configuration of network interfaces and the Windows Firewall.

To start, let’s look at configuration of network interfaces. The first thing we want to do is list all network interfaces on the system, to accomplish this, issue the netsh interface show interface command. This should return a formatted list of interfaces, their administrative state as well as their connection status.

Let’s suppose that we have a network interface named Production Interface on the system that we would like to configure to use a static IP address. To accomplish this, we would issue the following commands:

netsh interface ip set address “Production Interface” static 172.20.41.10 255.255.255.0 172.20.41.1
netsh interface ip set dnsservers “Production Interface” static 172.20.41.5 primary
netsh interface ip add dnsservers “Production Interface” 172.20.41.6

With the first command, we tell netsh to configure the interface with a static IP address and give it the necessary subnet mask and gateway information. The second command tells netsh to add the primary DNS server IP address. Adding additional DNS servers uses a slightly differing syntax, which can be seen in the third command.

Another great feature of the netsh command is configuration and monitoring of the Windows Firewall. Now working with the Windows Firewall varies depending on the version of Windows you are running. For example, Windows XP only provides the basic Windows Firewall, while Windows Vista, Server 2008 and Windows 7 provide a more robust firewall called Windows Firewall with Advanced Security. For the purposes of this example, we will work with the Advanced Security version. To work with the Windows Firewall using the netsh command, try issuing the following commands:

netsh advfirewall show allprofiles
Provides basic firewall configurations for all network profiles on the system. This is a quick and easy way to determine if the Windows Firewall is enabled or not.

netsh advfirewall set allprofiles state off
Turn the firewall operation mode (state) to off for all network profiles on the system.

netsh advfirewall firewall add rule name=”HTTP TCP 80″ protocol=tcp dir=in localport=80 action=allow
Configure an inbound rule to allow incoming TCP traffic to port 80 to pass through the firewall.

For more information about the netsh command, check out Microsoft Article KB242468

Findstr.exe

If there’s one thing I love about Linux, it’s the nearly limitless methods of working with and manipulating text / configuration files, especially using regular expressions. Well, Windows has had a pretty good solution to regular expression pattern matching since Windows 2000 in the form of the findstr command.

The findstr command allows a user to search through a file or files, or string values piped in from another command, using powerful regular expression patterns. For those of you not familiar with regular expressions, these are pre-defined pattern elements that can be pieced together to describe a set of string values, which are then executed by a regular expression engine (such as grep in *nix, or findstr in Windows). So let’s take a look at a few scenarios where the findstr command may come in handy:

Let’s suppose we have a series of PHP files in a web directory and we need to find all files with MySQL database connection references. We could open each file and search, or we could issue the following command.

findstr /s /i “<mysql_connect/>” *.php
The /s switch tells findstr to search for matching files in the current directory and all subdirectories. The /i switch enforces case insensitivity. Within the search string, the meta characters <…../>tell findstr that we want to look for strings with exact matches to the string value. Finally, we specify the search should look only at PHP source files.

Now, let’s suppose we want to find all PHP files that reference any type of MySQL operation, such as establishing a connection or disconnecting from a database connection. To accomplish this, let’s try the following command.

findstr /s /i “<mysql.*” *.php

The main difference in this command is that rather than closing the search string with />, we close it with .* instead. This tells findstr we want to search for strings beginning with mysql and followed by any valid characters. For example, this would find the PHP mysql_connect() and mysql_close() commands.

systeminfo | findstr /i “<system.*”

This example pipes the output from the systeminfo command into findstr, looking for all strings containing the word system. This will return some useful information such as system uptime, manufacturer, model, etc.

For more information about the findstr command take a look at the Online Command Reference

Sc.exe

Services play a big role in the Windows world, so it makes sense that there is a command line tool that let’s you interact with the Windows Service Controller. The sc command allows you to view, configure and control Windows services locally and on remote systems. So let’s take a look at a few of the common uses for this tool

sc servername query w3svc
Query the status of the IIS World Wide Web Publishing Service on a remote computer. Note, that when using the sc command to work with a specific service, you need to provide the actual service name, not the display name. If you don’t know it, you can get it by issuing sc servername getkeyname “World Wide Web Publishing Service”

sc servername qc w3svc
Query configuration information for a service on a remote system. The qc parameter returns some useful information like the start type (e.g. Automatic, Manual, Disabled), binary path, display name and service dependencies.

sc servername {start|stop} w3svc
Send a start or stop control to the service.

sc servername config w3svc start= demand
Configure a service start type to manual. Note, the space after start= is intentional and part of the correct syntax. This option can be especially useful when used in system restart scripts, or to stop a service and prevent it from recovering. For example, if you wanted to ensure Microsoft SQL Server doesn’t start when you reboot the system, issue sc servername config mssqlserver start= disabled.

For more information about the sc command, check out the Online Command Reference

Psexec.exe

Psexec is the swiss army knife of Windows command line tools. It is not part of the native tools suite, however it is a Microsoft supported tool and is part of the PsTools Suite, available here. The psexec command allows you to execute processes on a remote system and redirect console output to the local system. The possibilities with this command are pretty much limitless, but  here are a few ways I put psexec to work.

psexec servername -u servernameadministrator cmd.exe
Opens a remote command shell to a system, similar to telnet without requiring any special services to be running. Once this command completes, you’ll be back at a command prompt running on the remote system. At this point, you can issue commands as if you were local (e.g. ipconfig /all) and the output will be redirected to your console.

psexec servername -u servernameadministrator “ipconfig /flushdns”
Executes a single command on a remote system and terminates back to your local command shell.

For more information about the psexec command, check out the Online Command Reference

Tasklist / Taskkill

One thing every administrator needs to be able to do is see and control processes running on a system. Using the tasklist and taskkill commands, this is actually quite simple, so let’s look at a few examples.

tasklist /s servername /u servernameadministrator /p password /fi “status eq running” /v
Displays all running processes, specifying that we want verbose output.  This command will return the process name, process id, session name, user name, memory usage and processor time.

tasklist /s servername /u servernameadministrator /p password /fi “status eq running” /fi “imagename eq sqlwriter.exe” /v
Displays all running processes with the name sqlwriter.exe with verbose output.

taskkill /s servername /u servernameadministrator /p password /fi “status eq running” /fi “imagename eq notepad.exe”
Terminates any running processes with the name notepad.exe. We could also provide the /f and /t switch to forcefully terminate processes and to terminate the specified process and any child procesess.

taskkill /s servername /u servernameadministrator /p password /t /f /fi “memusage ge 46080″ /fi “status eq running”
Forcefully terminates any running process with memory usage greater than 46,080 KB (45 MB), and terminates any child processes.

For more information about the tasklist and/or taskkill commands, check out the Online Command Reference

I hope this has been an interesting look at a few cool ways you can begin administrating your Windows systems using command line tools. While I don’t advocate always using the command line, I encourage you to look deeper at the tools available to you and find ways you can put these tools to work for you. For more command line goodness, check out the links below.

Microsoft TechNet – Windows Command Line Reference

Windows Command Line Reference and Examples