Useful commands
for Windows administrators
Managing a Windows 2000 Active Directory with about 100 servers, over 1500
computers and 35 sites, the following commands often helped me answer questions
or solve problems.
Most commands are "one-liners", but for some I had to make
an exception and go to the right directory first.
These commands could all be used in batch files, though some may need some
"parsing" with
FOR /F
to
retrieve only the required substrings from the displayed information.
Notes: |
(1) |
Commands that use external, or third party, or non-native utilities contain
hyperlinks to these utilities' download sites. |
|
(2) |
Replace command arguments displayed in italics with
your own values. |
|
(3) |
Commands or utilities that require Windows Server 2003 are marked bright blue. |
Warning: |
|
Most commands on this page are very powerful tools. Like most powerful
tools they could cause a lot of damage in the hands of insufficiently skilled
users. Treat these commands like you would (or should) treat a chainsaw: with
utmost care. Do not use them if you do not fully understand what they do or
how they do it. Any damage caused using these commands is completely
your own responsibility. |
How many users are logged on/connected to a server?
Sometimes we may need to know how many users are logged on to a (file)
server, like maybe when there is a performance degradation.
At the server's
console itself, with native commands only:
NET SESSION | FIND /C "\\"
Remotely, with the help of
SysInternals'
PSTools:
PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing
FIND /C "\\"
by
FIND "\\"
(removing
the
/C
switch) you'll get a
list of logged on users
instead of just the
number of users.
Who is logged on to a computer?
We often need to know who is currently logged on to a remote
computer.
With native Windows (up to and including XP) commands only:
NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"
The first name in the list usually is the logged on user (try playing with
the
NET NAME
command to learn more
about the names displayed by
NBTSTAT
).
This is the
fastest way to find the logged on user name, and the results that you
do get
are correct, but
NBTSTAT
won't always
return a user name, even when a user
is logged on.
Using
WMIC (Windows XP Professional and
later):
WMIC /Node:remotecomputer ComputerSystem Get UserName
This is arguably the most reliable (native) command to find out who is logged
on.
With the help of
SysInternals'
PSTools:
PSLOGGEDON -L \\remotecomputer
or:
PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "
or:
PSEXEC \\remotecomputer NET NAME
or for Windows XP only:
PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"
Using
REG.EXE (Windows 2000 and
later):
FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
SET LoggedinUser=%%B
)
)
or for Windows 7:
FOR /F %%A IN ('REG Query \\remotecomputer\HKU /K /F "S-1-5-21-" ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (') DO (
FOR /F "tokens=2*" %%B IN ('REG Query "\\remotecomputer\%%~A\Volatile Environment" /V "UserName" ˆ| FIND /V ":"') DO (
SET LoggedinUser=%%C
)
)
NETSH
and
WMIC
are for XP or later, and are the
most reliable of all commands shown here.
WMIC
requires WMI
enabled remote computers and Windows XP on the administrator's computer;
NETSH
requires Windows XP on the local
and remote
computers.
PSLOGGEDON
is a more accurate solution than
NBTSTAT
, but it will return the last logged on user if no one is
currently logged on.
The
NET
and
NBTSTAT
commands show more or less
identical results, but the
NBTSTAT
command is
much
faster.
The
REG
command is accurate, but may need to be modified
depending on the version used.
More information on REG versions can be found
on my
REG Query page.
For Windows NT 4 and 2000: use
NBTSTAT
(fast, but it won't
always return the user name!), and only switch to
REG
if
NBTSTAT
doesn't return a user name (modify the REG command for
Windows NT 4).
For Windows XP and later: if you want to search lots of
computers for logged on users, I recommend you try
NBTSTAT
first
(fast, but it won't always return the user name!), and only switch to
NETSH
,
REG
or
WMIC
(accurate) if
NBTSTAT
doesn't return a user name.
Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH
command).
What is this collegue's login name?
My collegues often forget to mention their logon account name when calling
the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect
me to know all 1500+ accounts by heart.
With (native) Windows Server 2003
commands only:
DSQUERY USER -name *lastname* | DSGET USER -samid -display
Note: |
Windows Server 2003's "DSTools"
will work fine in Windows 2000 and XP too, when copied. Keep in mind,
however, that some Windows Server 2003 Active Directory functionality
is not available in Windows 2000 Active
Directories. |
What is the full name for this login name?
With the native
NET command:
NET USER loginname /DOMAIN | FIND /I " name "
With (native) Windows Server 2003 commands:
DSQUERY USER -samid *loginname* | DSGET USER -samid -display
Note: |
The NET command may seem more universal, because it requires neither Active
Directory nor Windows Server 2003 commands, but it is language
dependent! For non-English Windows you may need to modify FIND's search
string. |
What groups is this user a member of?
In Windows NT 4 and later, users usually are members of global groups. These
global groups in turn are members of (domain) local groups. Access permissions
are given to (domain) local groups.
To check if a user has access to a
resource, we need to check group membership
recursively.
With
(native) Windows Server 2003 commands:
DSQUERY USER -samid loginname | DSGET USER -memberof -expand
What permissions does a user have on this directory?
One could use the previous command to check what permissions a user has on a
certain directory.
However, sometimes
SHOWACLS
from the
Windows
Server 2003 Resource Kit Tools is a better alternative:
CD /D d:\directory2check
SHOWACLS /U:domain\userid
When did someone last change his password?
With the native
NET command:
NET USER loginname /DOMAIN | FIND /I "Password last set"
How do I reset someone's password?
With the native
NET command:
NET USER loginname newpassword /DOMAIN
With (native) Windows Server 2003 commands:
DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword
Note: |
To prevent the new password from being displayed on screen replace it with
an asterisk (*); you will then be prompted (twice) to type the new password
"blindly". |
Is someone's account locked?
With the native
NET command:
NET USER loginname /DOMAIN | FIND /I "Account active"
The account is either locked ("Locked") or active ("Yes").
How to unlock a locked account
With the native
NET command:
NET USER loginname /DOMAIN /ACTIVE:YES
or, if the password needs to be reset as well:
NET USER loginname newpassword /DOMAIN /ACTIVE:YES
Make sure a local user's password never expires
With
WMIC (Windows XP Professional or
later):
WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="FALSE"
Make sure a local user's password will expire
With
WMIC (Windows XP Professional or
later):
WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="TRUE"
List all domains and workgroups in the network
With the native
NET command:
NET VIEW /DOMAIN
List all computers in the network
With the native
NET command:
NET VIEW
or, to list the names only:
FOR /F "skip=3 delims=\ " %%A IN ('NET VIEW') DO ECHO.%%A
delims
is a backslash, followed by
a tab and a space.
List all domain controllers
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain DC
NETDOM
is part of the support tools found in the
\SUPPORT
directory of the Windows 2000 installation
CDROM.
With (native) Windows Server 2003 commands (Active Directory only):
DSQUERY Server
or, if you prefer host names only (tip by Jim Christian Flatin):
DSQUERY Server -o rdn
Find the primary domain controller
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain PDC
or, to find the FSMO with (native) Windows Server 2003 commands (Active
Directory only):
NETDOM QUERY /D:mydomain.com FSMO
NETDOM
is part of the support tools found in the
\SUPPORT
directory of the Windows 2000 installation
CDROM.
List all member servers
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain SERVER
NETDOM
is part of the support tools found in the
\SUPPORT
directory of the Windows 2000 installation
CDROM.
List all workstations
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain WORKSTATION
NETDOM
is part of the support tools found in the
\SUPPORT
directory of the Windows 2000 installation
CDROM.
Delete a computer account
With native Windows 2000 commands:
NETDOM /DOMAIN:MyDomain MEMBER \\computer2Bdeleted /DELETE
NETDOM
is part of the support tools found in the
\SUPPORT
directory of the Windows 2000 installation
CDROM.
"I need an up-to-date list of disk space usage for all servers, on
my desk in 5 minutes"
Sounds familiar?
With (native) Windows XP Professional or Windows Server 2003 commands:
FOR /F %%A IN (servers.txt) DO (
WMIC /Node:%%A LogicalDisk Where DriveType="3" Get DeviceID,FileSystem,FreeSpace,Size /Format:csv | MORE /E +2 >> SRVSPACE.CSV
)
The only prerequisites are:
- SRVSPACE.CSV should not exist or be empty,
- a list of server names in a file named SERVERS.TXT, one server name on each
line,
- and WMIC.EXE, which is native in Windows XP
Professional and later.
The CSV file format is ServerName,DeviceID,FileSystem,FreeSpace,Size (one
line for each harddisk partition on each server).
If you have a strict server naming convention, SERVERS.TXT itself can be
generated with the
NET
command:
FOR /F "delims=\ " %%A IN ('NET VIEW ^| FINDSTR /R /B /C:"\\\\SRV\-"') DO (>>SERVERS.TXT ECHO.%%A)
Notes: |
(1) |
assuming server names start with "SRV-"; modify to match your own naming
convention. |
|
(2) |
delims is a backslash, followed by a tab and a
space. |
List all drivers on any PC
With (native) Windows XP Professional or Windows Server 2003 commands:
DRIVERQUERY /V /FO CSV > %ComputerName%.csv
Or, for remote computers:
DRIVERQUERY /S remote_PC /V /FO CSV > remote_PC.csv
List all printers on any PC
With (native) Windows XP+ commands:
WMIC /Node:remote_PC Path Win32_Printer Get DeviceID
List all local administrators
With (native) Windows NT 4+ commands:
NET LOCALGROUP Administrators
Or, to remove header and footer lines:
FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
FOR /F "tokens=*" %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"
Locate rogue DHCP servers
Never had an "illegal" router wreaking havoc on your network yet...?
With a (native) Windows Server 2003 command:
DHCPLOC -p local_IP_address [ valid_DHCP_server1 [ valid_DHCP_server2 [ .. ] ] ]
DHCPLOC.EXE
is native in Windows Server 2003, and will run in Windows XP if
copied/installed.
I didn't test this in Windows Server 2003 yet, but in
Windows XP you need to press "d" to start the discovery, or "q" to quit.
Disable Windows Firewall for domain only
Disable the firewall only when the computer (e.g. a laptop) is connected to
the domain:
NETSH Firewall Set OpMode Mode = DISABLE Profile = DOMAIN
Completely disable Windows Firewall (not recommended)
Disable the firewall comletely (not recommended unless an alternative
enterprise firewall is used that requires you to do so):
SC [ \\Remote_computer ] Stop SharedAccess
SC [ \\Remote_computer ] Config SharedAccess start= disabled
Is IP v4 supported on this computer?
Check if IP v4 is supported on the local computer:
PING 127.0.0.1 | FIND "TTL=" >NUL 2>&1
IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)
or:
WMIC Path Win32_PingStatus WHERE "Address='127.0.0.1'" Get StatusCode /Format:Value | FINDSTR /X "StatusCode=0" >NUL 2>&1
IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)
The
WMIC command is faster, but requires
Windows XP Professional or later.
Is IP v6 supported on this computer?
Check if IP v6 is supported on the local computer:
PING ::1 | FINDSTR /R /C:"::1:[ˆ$]" >NUL 2>&1
IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)
or:
WMIC Path Win32_PingStatus WHERE "Address='::1'" Get StatusCode >NUL 2>&1
IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)
The
WMIC command is faster, but requires
Windows XP Professional or later.
Which updates were installed on this compter?
Windows 7 and 8:
DISM /Online /Get-Packages
or:
WMIC QFE List
DISM
will return
far more details than
WMIC
.
Windows 2000 and XP:
QFECHECK /V