Windows Command and Tools Part 1

Windows Commands and Tools Part 1
ALEXANDRE BORGES - BLOG

Author: Alexandre Borges
Revision: A.1
Website: http://alexandreborges.org
This document is the first part of a series of articles about useful Windows commands
(graphical or not) which can help you in a daily administration. Most them are self-explanatory.
All commands were tested in a Windows 7 environment. Enjoy it!
Command 1: How to verify the firewall status (WinXP and Win7

deprecated command)
C:\>netsh firewall show state
Firewall status:
------------------------------------------------------------------Profile
= Standard
Operational mode
= Disable
Exception mode
= Enable
Multicast/broadcast response mode = Enable
Notification mode
= Enable
Group policy version
= Windows Firewall
Remote admin mode
= Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
------------------------------------------------------------------5800 TCP
Any (null)
5900 TCP
Any (null)
1900 UDP
Any (null)
2869 TCP
Any (null)
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488
Command 2: How to verify the firewall status and configuration (Win7)

C:\>netsh advfirewall show allprofiles
Domain Profile Settings:
---------------------------------------------------------------------http://alexandreborges.org
Page 1

State
OFF
Firewall Policy
BlockInbound,AllowOutbound
LocalFirewallRules
N/A (GPO-store only)
LocalConSecRules
InboundUserNotification
Enable
RemoteManagement
Disable
UnicastResponseToMulticast
Enable
Logging:
LogAllowedConnections
Disable
LogDroppedConnections
Disable
FileName
%systemroot%\system32\LogFiles\Firewall\pfirewall
.log
MaxFileSize
4096
Private Profile Settings:

---------------------------------------------------------------------State
OFF
Firewall Policy
LocalFirewallRules
LocalConSecRules
Enable
RemoteManagement
Disable
Enable
Logging:
Disable
Disable
FileName
.log
MaxFileSize
4096
Public Profile Settings:

---------------------------------------------------------------------State
OFF
Firewall Policy
LocalFirewallRules
LocalConSecRules
Enable
RemoteManagement
Disable
Enable
Logging:
Disable
Disable
FileName
.log
MaxFileSize
4096
Ok.
http://alexandreborges.org
Page 2
Command 3: How to verify the firewall configuration (WinXP and Win7

deprecated command)
C:\>netsh firewall show config
Domain profile configuration:
------------------------------------------------------------------Operational mode
= Disable
Exception mode
= Enable
Notification mode
= Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
------------------------------------------------------------------Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
------------------------------------------------------------------1900 UDP
Enable Inbound
Windows Live Communications Platform (SSDP)
2869 TCP
Enable Inbound
Windows Live Communications Platform (UPnP)
ICMP configuration for Domain profile:
Mode Type Description
------------------------------------------------------------------Enable 2 Allow outbound packet too big
Standard profile configuration (current):
------------------------------------------------------------------Operational mode
= Disable
Exception mode
= Enable
Notification mode
= Enable
Service configuration for Standard profile:
Mode Customized Name
------------------------------------------------------------------Enable No
File and Printer Sharing
Enable No
Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
------------------------------------------------------------------Enable Inbound
Apache HTTP Server / C:\program files (x86)\postgresql\enterprisedbapachephp\apache\bin\httpd.exe
Disable Inbound
Free Download Manager / C:\program files (x86)\free download
manager\fdm.exe
Enable Inbound
Dropbox /
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
Enable Inbound
vncviewer.exe / C:\Program Files (x86)\UltraVNC\vncviewer.exe
Page 3

Enable Inbound
WinSCP: SFTP, FTP and SCP client / C:\program files
(x86)\winscp\winscp.exe
Enable Inbound
Microsoft OneNote / C:\Program Files (x86)\Microsoft
Office\Office14\ONENOTE.EXE
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
------------------------------------------------------------------5800 TCP
Enable Inbound
vnc5800
5900 TCP
Enable Inbound
vnc5900
1900 UDP
Enable Inbound
Windows Live Communications Platform (SSDP)
2869 TCP
Enable Inbound
Windows Live Communications Platform (UPnP)
ICMP configuration for Standard profile:
Mode Type Description
------------------------------------------------------------------Enable 2 Allow outbound packet too big
Log configuration:
------------------------------------------------------------------File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .
Command 4: How to list the running processes

C:\>tasklist
Image Name
PID Session Name
Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process
0 Services
0
24 K
System
4 Services
0
56 K
smss.exe
436 Services
0
656 K
csrss.exe
628 Services
0 4.048 K
wininit.exe
704 Services
0
328 K
csrss.exe
728 Console
1 20.552 K
services.exe
772 Services
0 9.912 K
(truncated output)
Command 5: How to list the running services associated with processes

Page 4

C:\>tasklist /SVC
Image Name
PID Services
========================= ========
============================================
System Idle Process
0 N/A
System
4 N/A
smss.exe
436 N/A
csrss.exe
628 N/A
wininit.exe
704 N/A
csrss.exe
728 N/A
services.exe
772 N/A
lsass.exe
784 KeyIso, ProtectedStorage, SamSs
lsm.exe
792 N/A
svchost.exe
900 DcomLaunch, PlugPlay, Power
nvvsvc.exe
976 NVSvc
svchost.exe
1016 RpcEptMapper, RpcSs
(truncated output)
Command 6: How to list started services

C:\>net start
These Windows services are started:
Adobe Acrobat Update Service
Application Information
avast! Antivirus
Background Intelligent Transfer Service
Base Filtering Engine
Bitvise SSH Server
Bluetooth Support Service
Certificate Propagation
CNG Key Isolation
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
(truncated output)
Command 7: How to list network connections

C:\>netstat -oban
Active Connections
Proto Local Address
TCP 0.0.0.0:22
[BvSshServer.exe]
Foreign Address
State
0.0.0.0:0
LISTENING
PID
13232
Page 5

TCP 0.0.0.0:135
0.0.0.0:0
RpcSs
[svchost.exe]
TCP 0.0.0.0:445
0.0.0.0:0
Can not obtain ownership information
TCP 0.0.0.0:554
0.0.0.0:0
[wmpnetwk.exe]
TCP 0.0.0.0:902
0.0.0.0:0
[vmware-authd.exe]
TCP 0.0.0.0:912
0.0.0.0:0
(truncated output)
LISTENING
1016
LISTENING
LISTENING
4728
LISTENING
3136
LISTENING
3136
Command 8: How to list local shares

C:\>net view 127.0.0.1
Shared resources at 127.0.0.1
Share name
Type Used as Comment
------------------------------------------------------------------------------Home_Printer Print
Home_Printer
Users
Disk
WCProWIAInbox Disk
The command completed successfully.
Command 9: How to check logged users on

C:\>net user
User accounts for \\EXADATA
------------------------------------------------------------------------------Administrator
ALEXANDRE BORGES
Guest
The command completed successfully.
Command 10: How to open Local User and Group Administration GUI
C:\>lusrmgr.msc
Page 6
Command 11: How to open the Eventviewer

C:\>eventvwr.msc
Command 12: How to get motherboard info (1)

C:\>wmic baseboard list brief
Manufacturer Model Name
Product SerialNumber
SKU
Dell Inc.
Base Board 08V9YG /D5965S1/CN7590022400A3/
Command 13: How to get motherboard info (2)

Page 7
C:\>wmic baseboard get manufacturer

Manufacturer
Dell Inc.
Command 14: How to get cpu info (1)

C:\>wmic cpu list brief
Caption
DeviceID Manufacturer MaxClockSpeed Name
SocketDesignation
Intel64 Family 6 Model 42 Stepping 7 CPU0 GenuineIntel 2501
Intel(R) Core(TM) i72920XM CPU @ 2.50GHz CPU 1
Command 15: How to get CPU info (2)

C:\>wmic cpu list full
AddressWidth=64
Architecture=9
Availability=3
Caption=Intel64 Family 6 Model 42 Stepping 7
ConfigManagerErrorCode=
ConfigManagerUserConfig=
CpuStatus=1
CreationClassName=Win32_Processor
CurrentClockSpeed=1975
CurrentVoltage=0
DataWidth=64
Description=Intel64 Family 6 Model 42 Stepping 7
DeviceID=CPU0
ErrorCleared=
ErrorDescription=
ExtClock=100
Family=198
InstallDate=
L2CacheSize=256
L2CacheSpeed=
LastErrorCode=
Level=6
LoadPercentage=
Manufacturer=GenuineIntel
MaxClockSpeed=2501
Name=Intel(R) Core(TM) i7-2920XM CPU @ 2.50GHz
OtherFamilyDescription=
PNPDeviceID=
PowerManagementCapabilities=
PowerManagementSupported=FALSE
ProcessorId=BFEBFBFF000206A7
ProcessorType=3
Revision=10759
Page 8

Role=CPU
SocketDesignation=CPU 1
Status=OK
StatusInfo=3
Stepping=
SystemCreationClassName=Win32_ComputerSystem
SystemName=EXADATA
UniqueId=
UpgradeMethod=1
Version=
VoltageCaps=
Command 16: How to get CDROM info (1)

C:\>wmic cdrom list status
Availability Drive ErrorCleared MediaLoaded NeedsCleaning Status StatusInfo
3
D:
FALSE
OK
3
E:
FALSE
OK

C:\>wmic cdrom list brief
Caption
Drive Manufacturer
VolumeName
MATSHITA BD-RE UJ252
D: (Standard CD-ROM drives)
ELBY CLONEDRIVE SCSI CdRom Device E: (Standard CD-ROM drives)

C:\>wmic cdrom list full
Availability=3
Capabilities={3,4,7}
CapabilityDescriptions={"Random Access"," Supports writing"," Supports Removable Media"}
CompressionMethod=Unknown
ConfigManagerErrorCode=0
ConfigManagerUserConfig=FALSE
DefaultBlockSize=
Description=CD-ROM Drive
DeviceID=IDE\CDROMMATSHITA_BDRE_UJ252____________________1.01____\4&2A37E9BC&0&0.1.0
Drive=D:
DriveIntegrity=
ErrorCleared=
ErrorDescription=
ErrorMethodology=
FileSystemFlags=
FileSystemFlagsEx=
Page 9

Id=D:
InstallDate=
LastErrorCode=
Manufacturer=(Standard CD-ROM drives)
MaxBlockSize=
MaximumComponentLength=
MaxMediaSize=
MediaLoaded=FALSE
MediaType=DVD Writer
MfrAssignedRevisionLevel=1.01
MinBlockSize=
Name=MATSHITA BD-RE UJ252
NeedsCleaning=
NumberOfMediaSupported=
PNPDeviceID=IDE\CDROMMATSHITA_BDRE_UJ252____________________1.01____\4&2A37E9BC&0&0.1.0
PowerManagementSupported=
RevisionLevel=
SCSIBus=0
SCSILogicalUnit=0
SCSIPort=0
SCSITargetId=1
Size=
Status=OK
StatusInfo=
SystemName=EXADATA
TransferRate=-1
VolumeName=
VolumeSerialNumber=
(truncated output)
Command 19: How to get BootConfig Information (1)

C:\>wmic bootconfig list brief
BootDirectory Caption
Name
SettingID
C:\Windows \Device\Harddisk0\Partition2 BootConfiguration
Command 20: How to get BootConfig Information (2)

C:\>wmic bootconfig list full
BootDirectory=C:\Windows
ConfigurationPath=C:\Windows
Description=\Device\Harddisk0\Partition2
LastDrive=Q:
Name=BootConfiguration
ScratchDirectory=C:\Windows\system32\config\systemprofile\AppData\Local\Temp
Page 10

SettingID=
TempDirectory=C:\Windows\system32\config\systemprofile\AppData\Local\Temp
Command 21: How to get Device Memory information

C:\>wmic devicememoryaddress list status
Command 22: How to get Drive list information (1)

C:\>wmic diskdrive list brief
Caption DeviceID
Model
Partitions Size
ST9750420AS \\.\PHYSICALDRIVE0 ST9750420AS 3
750153761280
Command 23: How to get Drive list information (2)

C:\>wmic diskdrive list full
Availability=
BytesPerSector=512
Capabilities={3,4,10}
Page 11

CapabilityDescriptions={"Random Access","Supports Writing","SMART Notification"}
CompressionMethod=
ConfigManagerErrorCode=0
ConfigManagerUserConfig=FALSE
DefaultBlockSize=
Description=Disk drive
DeviceID=\\.\PHYSICALDRIVE0
ErrorCleared=
ErrorDescription=
ErrorMethodology=
Index=0
InstallDate=
InterfaceType=SCSI
LastErrorCode=
Manufacturer=(Standard disk drives)
MaxBlockSize=
MaxMediaSize=
MediaLoaded=TRUE
MediaType=Fixed hard disk media
MinBlockSize=
Model=ST9750420AS
Name=\\.\PHYSICALDRIVE0
NeedsCleaning=
NumberOfMediaSupported=
Partitions=3
PNPDeviceID=IDE\DISKST9750420AS_____________________________0002DEM1\4&2A
37E9BC&0&0.0.0
PowerManagementSupported=
SCSIBus=0
SCSILogicalUnit=0
SCSIPort=0
SCSITargetId=0
SectorsPerTrack=63
Signature=-1475602650
Size=750153761280
Status=OK
StatusInfo=
SystemName=EXADATA
TotalCylinders=91201
TotalHeads=255
TotalSectors=1465144065
TotalTracks=23256255
TracksPerCylinder=255
(truncated output)
Command 24: How to get Windows Environment information

C:\>wmic environment list full
Page 12
Description=<SYSTEM>\ComSpec
InstallDate=
Name=ComSpec
Status=OK
SystemVariable=TRUE
UserName=<SYSTEM>
VariableValue=%SystemRoot%\system32\cmd.exe
Description=<SYSTEM>\FP_NO_HOST_CHECK
InstallDate=
Name=FP_NO_HOST_CHECK
Status=OK
SystemVariable=TRUE
UserName=<SYSTEM>
VariableValue=NO
Description=<SYSTEM>\OS
InstallDate=
Name=OS
Status=OK
SystemVariable=TRUE
UserName=<SYSTEM>
VariableValue=Windows_NT
Description=<SYSTEM>\Path
InstallDate=
Name=Path
Status=OK
SystemVariable=TRUE
UserName=<SYSTEM>
VariableValue=C:\Python33\;%GTK_BASEPATH%\bin;C:\Ruby193\bin;C:\Program
Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Commo
n Files\Microsoft Shared\Windows
Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMRO
OT%\System32\WindowsPowerShell\v1.0\;C:\
Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft Windows Performance
Toolkit\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLS
hared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files
(x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Fil
es (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files
(x86)\Roxio\OEM\AudioCore\;c:\Program Files (x86)\Microsoft SQL Server\100\To
ols\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft
SQL Server\100\DTS\Binn\;C:\Program Files (x86)\GNU\GnuPG\
pub;C:\Program Files (x86)\Bitvise SSH Client
(truncated output)
Page 13
Command 25: How to get Interrupt information

C:\>wmic irq list full
Availability CSName Description Hardware InstallDate IRQNumber Name
TriggerType Vector
2
EXADATA IRQ 17
TRUE
17
IRQ17
OK 2
2
EXADATA IRQ 19
TRUE
19
IRQ19
OK 2
2
EXADATA IRQ 4294967294 TRUE
-2
IRQ4294967294
2
-3
IRQ4294967293
2
-4
IRQ4294967292
2
-5
IRQ4294967291
2
-6
IRQ4294967290
2
-7
IRQ4294967289
2
-8
IRQ4294967288
2
-9
IRQ4294967287
2
EXADATA IRQ 0
TRUE
0
IRQ0
OK 2
Shareable Status TriggerLevel

2
2
OK
OK
OK
OK
OK
OK
OK
OK
2
17
19
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
-1
-1
-1
-1
-1
-1
-1
-1
-1
Command 26: How to get System Service Order information

C:\>wmic loadorder list full
DriverEnabled GroupOrder Name
Status
TRUE
1
System Reserved
OK
TRUE
2
EMS
OK
TRUE
3
WdfLoadGroup
OK
TRUE
4
Boot Bus Extender
OK
TRUE
5
System Bus Extender
OK
TRUE
6
SCSI miniport
OK
TRUE
7
Port
OK
TRUE
8
Primary Disk
OK
TRUE
9
SCSI Class
OK
TRUE
10
SCSI CDROM Class
OK
TRUE
11
FSFilter Infrastructure
OK
TRUE
12
FSFilter System
OK
Command 27: How to get Computer System Product information

C:\>wmic csproduct list full
Description=Computer System Product
IdentifyingNumber=D5965S1
Name=Precision M4600
SKUNumber=
UUID=4C4C4544-0035-3910-8036-C4C04F355331
Vendor=Dell Inc.
Version=01
Command 28: How to get Memory Chip information (1)

Page 14
C:\>wmic memorychip list full

BankLabel=BANK 0
Capacity=4294967296
DataWidth=64
Description=Physical Memory
DeviceLocator=ChannelA-DIMM0
FormFactor=12
HotSwappable=
InstallDate=
InterleaveDataDepth=2
InterleavePosition=1
Manufacturer=830B
MemoryType=0
Model=
Name=Physical Memory
OtherIdentifyingInfo=
PartNumber=NT4GC64B8HG0NS-DI
PositionInRow=1
PoweredOn=
Removable=
Replaceable=
SerialNumber=F0F51611
SKU=
Speed=1600
Status=
Tag=Physical Memory 0
TotalWidth=64
TypeDetail=128
(truncated output)
Command 29: How to get Memory Chip information (2)

C:\>wmic memorychip list brief
Capacity DeviceLocator MemoryType Name
Tag
TotalWidth
4294967296 ChannelA-DIMM0 0
Physical Memory Physical Memory 0 64
4294967296 ChannelA-DIMM1 0
4294967296 ChannelB-DIMM0 0
4294967296 ChannelB-DIMM1 0
Command 30: How to get Network Interface Controller information

C:\>wmic nic list status
Availability DeviceID Name
3
0
WAN Miniport (SSTP)
3
1
WAN Miniport (IKEv2)
Status StatusInfo
Page 15

3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
3
2
3
4
5
6
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
26
29
30
31
32
33
34
36
WAN Miniport (L2TP)

WAN Miniport (PPTP)
WAN Miniport (PPPOE)
WAN Miniport (IPv6)
WAN Miniport (Network Monitor)
WAN Miniport (IP)
Bluetooth Device (Personal Area Network)
RAS Async Adapter
Microsoft 6to4 Adapter
Intel(R) 82579LM Gigabit Network Connection
Intel(R) Centrino(R) Ultimate-N 6300 AGN
VMware Virtual Ethernet Adapter for VMnet1
Microsoft ISATAP Adapter
Microsoft ISATAP Adapter #3
Microsoft Virtual WiFi Miniport Adapter
Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
VirtualBox Bridged Networking Driver Miniport
SAMSUNG Mobile USB Remote NDIS Network Device
VirtualBox Host-Only Ethernet Adapter
Teredo Tunneling Pseudo-Interface
Command 31: How to get Network Adpater Manager information

C:\>wmic nicconfig list status
Description
DHCPLeaseExpires
Index
WAN Miniport (SSTP)
0
WAN Miniport (IKEv2)
1
WAN Miniport (L2TP)
2
WAN Miniport (PPTP)
3
WAN Miniport (PPPOE)
4
WAN Miniport (IPv6)
5
WAN Miniport (Network Monitor)
6
WAN Miniport (IP)
8
Bluetooth Device (Personal Area Network)
9
RAS Async Adapter
10
Microsoft 6to4 Adapter
11
Intel(R) 82579LM Gigabit Network Connection
12
Intel(R) Centrino(R) Ultimate-N 6300 AGN
20140308021400.000000-180 13
14
15
16
17
18
Page 16

19
20
Microsoft Virtual WiFi Miniport Adapter
21
Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
23
24
SAMSUNG Mobile USB Remote NDIS Network Device
VirtualBox Host-Only Ethernet Adapter
34
Microsoft Teredo Tunneling Adapter
36
22
26
29
30
31
32
33
Command 32: How to get Operating System information (1)

C:\>wmic os list brief
BuildNumber Organization RegisteredUser SerialNumber
SystemDirectory Version
7601
xxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxx
C:\Windows\system32 6.1.7601

C:\>wmic os list status
Name
Status
Microsoft Windows 7 Ultimate |C:\Windows|\Device\Harddisk0\Partition3 OK

C:\>wmic os list free
Command 35: How to get Pagefile information

C:\>wmic pagefile list status
CurrentUsage Name
Status
870
C:\pagefile.sys
Command 36: How to get Partition information (1)

Page 17

C:\>wmic partition list status
Index Name
Status StatusInfo
0 Disk #0, Partition #0
Command 37: How to get Partition information (2)

C:\>wmic partition list brief
BootPartition Index Name
FALSE
TRUE
FALSE
NumberOfBlocks PrimaryPartition Size

80262
TRUE
41094144
1540096
TRUE
788529152
1463517184 TRUE
749320798208
Command 38: How to get Printer information

C:\>wmic printer list status
Name
Status
Xerox WorkCentre 6015NI-00000FAX Unknown
Xerox WorkCentre 6015NI-00000 Unknown
Xerox WorkCentre 6015NI Fax
Unknown
Xerox WorkCentre 6015NI
Unknown
Microsoft XPS Document Writer Unknown
hp psc 1310 series
Unknown
Home_Printer
Unknown
Fax
Unknown
Enviar para o OneNote 2010
Unknown
CutePDF Writer
Unknown
Command 39: How to get Processes information (1)

C:\>wmic process list status | more
Name
ProcessId Status
System Idle Process
0
System
4
smss.exe
432
csrss.exe
624
wininit.exe
688
csrss.exe
712
services.exe
756
lsass.exe
776
lsm.exe
784
svchost.exe
880
nvvsvc.exe
956
GbpSv.exe
980
Page 18

winlogon.exe
(truncated output)
1004
Command 40: How to get Processes information (2)

C:\>wmic process list brief
HandleCount Name
0
System Idle Process
1158
System
37
smss.exe
1105
csrss.exe
87
wininit.exe
1074
csrss.exe
315
services.exe
1109
lsass.exe
220
lsm.exe
441
svchost.exe
135
nvvsvc.exe
261
GbpSv.exe
122
winlogon.exe
495
svchost.exe
748
svchost.exe
806
svchost.exe
1381
svchost.exe
1662
svchost.exe
540
svchost.exe
756
vsmon.exe
(truncated output)
Priority ProcessId ThreadCount WorkingSetSize

0
0
8
24576
8
4
203
49152
11
432
2
708608
13
624
10
2756608
13
688
3
405504
13
712
13
54697984
9
756
9
8773632
9
776
8
10244096
8
784
11
3227648
8
880
12
8175616
8
956
5
3563520
8
980
10
5713920
13
1004
3
2789376
8
568
11
13266944
8
780
22
35950592
8
1048
27
254738432
8
1092
21
72777728
8
1116
44
62246912
8
1372
17
16363520
8
1536
29
56446976
Command 41: How to get Patch information

C:\>wmic qfe list brief
Description FixComments HotFixID
ServicePackInEffect Status
Update
KB2849697
Update
KB2849696
Update
KB2841134
Update
KB2670838
Update
KB971033
Security Update
KB2425227
Security Update
KB2479943
Update
KB2484033
Update
KB2488113
Security Update
KB2491683
Update
KB2492386
Update
KB2505438
Update
KB2506014
InstallDate InstalledBy
InstalledOn Name
NT AUTHORITY\SYSTEM
12/2/2013
NT AUTHORITY\SYSTEM
12/2/2013
NT AUTHORITY\SYSTEM
12/2/2013
NT AUTHORITY\SYSTEM
2/28/2013
EXADATA\Administrator 7/11/2012
NT AUTHORITY\SYSTEM
7/13/2012
NT AUTHORITY\SYSTEM
7/13/2012
NT AUTHORITY\SYSTEM
7/13/2012
NT AUTHORITY\SYSTEM
7/13/2012
NT AUTHORITY\SYSTEM
7/13/2012
NT AUTHORITY\SYSTEM
7/13/2012
NT AUTHORITY\SYSTEM
7/17/2012
NT AUTHORITY\SYSTEM
7/13/2012
Page 19

Security Update
(truncated output)
KB2506212
NT AUTHORITY\SYSTEM
7/13/2012
Command 42: How to get Driver information

C:\>wmic sysdriver list brief
Command 43: How to get System Account information (1)

C:\>wmic sysaccount list brief
Page 20
Command 44: How to get System Account information (2)

C:\>wmic sysaccount list status
Command 45: How to get Recovery OS information (1)

C:\>wmic recoveros list brief
DebugFilePath
Name
%SystemRoot%\MEMORY.DMP
Microsoft Windows 7 Ultimate
|C:\Windows|\Device\Harddisk0\Partition3
SettingID
Command 46: How to get Recovery OS information (2)

C:\>wmic recoveros list full
AutoReboot=TRUE
DebugFilePath=%SystemRoot%\MEMORY.DMP
Page 21

Description=
KernelDumpOnly=FALSE
Name=Microsoft Windows 7 Ultimate |C:\Windows|\Device\Harddisk0\Partition3
OverwriteExistingDebugFile=TRUE
SendAdminAlert=FALSE
SettingID=
WriteDebugInfo=TRUE
WriteToSystemLog=TRUE
Command 47: How to get Command Startup information

C:\>wmic startup list brief
Command 48: How to get Physical Enclosure information

C:\>wmic systemenclosure list brief
LockPresent Manufacturer Model SecurityStatus SerialNumber SMBIOSAssetTag
FALSE
Dell Inc.
3
D5965S1
Command 49: How to get Volume information

C:\>wmic volume list brief
C:\>wmic volume list status
Page 22
Command 50: How to get Share information

C:\>wmic share list status
C:\>wmic share list brief
Page 23
Command 51: How to get Computer System Registry information

C:\>wmic registry list status
C:\>wmic registry list brief
C:\>wmic registry list full
Command 52: How to get Remote Desktop Account information

C:\>wmic rdaccount list brief
Command 53: How to get SCSI Controller information

C:\>wmic scsicontroller list status
Page 24
Command 54: How to get Windows Group information

C:\>wmic group list brief
Command 55: How to get Eventlog information

C:\>wmic nteventlog list brief
C:\>wmic nteventlog list status
Command 56: How to get System Driver information (usual way)

Page 25
C:\>driverquery
Alexandre Borges.
Page 26

Windows Command and Tools Part 1

Uploaded by

Copyright:

Available Formats

Windows Command and Tools Part 1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Windows Command and Tools Part 1

Uploaded by

Copyright:

Available Formats

What commands can be used to verify the firewall status?

What commands can be used to verify the firewall status?

What commands can be used to verify the firewall configuration?

What commands can be used to verify the firewall configuration?

Windows Commands and Tools Part 1

ALEXANDRE BORGES - BLOG

Command 1: How to verify the firewall status (WinXP and Win7

Command 2: How to verify the firewall status and configuration (Win7)

Windows Commands and Tools Part 1

Private Profile Settings:

Public Profile Settings:

Windows Commands and Tools Part 1

Command 3: How to verify the firewall configuration (WinXP and Win7

Windows Commands and Tools Part 1

Command 4: How to list the running processes

Command 5: How to list the running services associated with processes

Windows Commands and Tools Part 1

Command 6: How to list started services

Command 7: How to list network connections

Windows Commands and Tools Part 1

Command 8: How to list local shares

Type Used as Comment

Command 9: How to check logged users on

Windows Commands and Tools Part 1

Command 11: How to open the Eventviewer

Command 12: How to get motherboard info (1)

Command 13: How to get motherboard info (2)

Windows Commands and Tools Part 1

C:\>wmic baseboard get manufacturer

Command 14: How to get cpu info (1)

Command 15: How to get CPU info (2)

Windows Commands and Tools Part 1

Command 16: How to get CDROM info (1)

Command 17: How to get CDROM info (2)

Command 18: How to get CDROM info (3)

Windows Commands and Tools Part 1

Command 19: How to get BootConfig Information (1)

Command 20: How to get BootConfig Information (2)

Windows Commands and Tools Part 1

Command 21: How to get Device Memory information

Command 22: How to get Drive list information (1)

Command 23: How to get Drive list information (2)

Windows Commands and Tools Part 1

Command 24: How to get Windows Environment information

Windows Commands and Tools Part 1

Windows Commands and Tools Part 1

Command 25: How to get Interrupt information

Shareable Status TriggerLevel

Command 26: How to get System Service Order information

Command 27: How to get Computer System Product information

Command 28: How to get Memory Chip information (1)

Windows Commands and Tools Part 1

C:\>wmic memorychip list full

Command 29: How to get Memory Chip information (2)

Command 30: How to get Network Interface Controller information

Windows Commands and Tools Part 1

WAN Miniport (L2TP)

Command 31: How to get Network Adpater Manager information

Windows Commands and Tools Part 1