50 Basic Windows Commands with Examples

by Robert Allen December 8, 2022

Learn basic windows commands that can help you with troubleshooting,
configuration, and gathering system details.

Most of these commands are built into windows so there is no need to download or
install anything (the only exception is the Sysinternals commands). Also, these
Windows Commands can be run from the command prompt or PowerShell console.

Tip: Most windows commands include a help menu that lists all the command
options and syntax. Type the command followed by /? to view the help menu.
For example, ping /?

Let’s get started.

1. ping (test network connection)

The ping command tests network connectivity between two devices by sending ICMP
echo requests. For example, computer A tests if it has connectivity to computer B by
sending some packets back and forth.

The ping command is still one of my favorite tools for testing basic network
connectivity. It’s fast and very easy to use. In addition, I use it for the following:

Test for packet loss

Test latency
 Test DNS queries
Test connectivity with configuring new connections (can my router talk to the
next hop such as the ISPs router?)

Ping Examples

To test the connectivity to another device by IP use the command below.

ping 192.168.100.1

Ping by hostname.

ping dc1.ad.activedirectorypro.com

For most windows commands you can type the command followed by /? to view the
help info, it will display the full syntax and parameters. So to view the help for ping
use this command:

ping /?
-l switch specifies a packet size.

ping -l 2024 192.168.5.1

-a switch will do a reverse name resolution on the IP (PTR record lookup).

ping -a 142.250.177.46

-t switch will do a continuous ping. A very popular command for testing network
connectivity.

ping -a 192.168.5.1

Send any command output to a text file.

ping -t > c:\it\test-ping.txt

For more details on the ping command see Microsoft’s ping documentation.

2. ipconfig (get network adapter details)

The ipconfig command is used to display a computers TCP/IP configuration. You can
display the IP info for a single or all network cards installed on a computer.

This command can also display the DNS cache on the local machine, flush DNS,
release and renew the DHCP address on all network cards.

ipconfig command examples

To view the IP configuration for all network cards on a computer type the command
below and press enter.
 ipconfig /all

/all switch to display IP info for all network cards.

ipconfig /all

/flushdns switch to clear the local DNS resolver cache.

ipconfig /flushdns

/registerdns to trigger dynamic registration of the DNS names and IP addresses that
are configured on the computer.

ipconfig /registerdns

/release to release DHCP addresses. This will release DCHP address on the network
cards that are configured for DHCP.
 ipconfig /release

/renew switch will renew DHCP address for all network cards.

ipconfig /renew

/displaydns switch will display the DNS client cache.

ipconfig /displaydns

3. nslookup (find dns records)

The nslookup command is used to check DNS records and troubleshoot DNS. This is
a must-have command for any sysadmin or network engineer. You can do all kinds of
tests to verify DNS is working correctly, you can check PTR, A, MX, SOA, and many
other types of DNS records. It’s another one of my favorite windows commands for
network troubleshooting.

Nslookup command examples

To test that the A record of a hostname follow these two steps

Step 1: Type nslookup and press enter

Step 2: type in a domain name and press enter

4. tracert (network troubleshooting)

The tracert command is used to track the pathway a packet takes from a source IP to
the destination address. This simply means it’s going to display each hop (router) that
the packet passes through to reach its destination.

This command I don’t use very often but still comes in handy when troubleshooting
the network. For example, we had some speed issues with a website from our ISP, on
a different ISP we had no issues. The ISP had us run a traceroute so they could see
the path it took.

Tracert examples

The syntax for this command is tracert followed by the hostname or IP.

tracert google.com
This command has very few options. The only command line switch on this one that I
find useful is the -d which is used to not resolve the address to hostname.

5. shutdown command

The shutdown command does exactly that, it shuts down a computer. This command
is useful for shutting down or restarting local or remote computers. It also provides a
quick way to see all the logs for why a computer restarted or was shut down.

shutdown examples
This command will restart computer pc2.

shutdown /r /m \\pc2

This command will shut down the remote computer.

shutdown /s /m \\pc2

View previous shutdown/restart logs.

shutdown /d

Here is an example output for the shutdown /d command. This can be useful to
quickly check why a computer restarted or shutdown.
More shutdown examples

Some of these use multiple switches, refer to the help file shutdown /? for an
explanation of each command switch.

Log user off of a remote computer.

shutdown /l /m \\pc2

Restart a remote computer with no countdown.

shutdown /r /m \\pc2 /t 0
Shutdown the local computer and specify the time period before shutdown in
seconds.

shutdown /s /t 60

Shutdown a remote computer with a custom message.

shutdown /m \\pc2 /c "Rebooting computer, have a nice day"

Abort a system shutdown.

shutdown /a

Force applications to close without warning.

shutdown /s /f

6. gpupdate (group policy update)

The gpupdate command is used to apply group policies on a computer in a windows
domain. This is a very popular command, I see a lot of helpdesk techs that use it.
Sometimes you can run this command to refresh the GPOs and avoid a reboot but
that doesn’t always work.

gpupdate command examples

This command will pull down any GPO changes to the computer.

gpupdate
Use /force to reapply all the GPOs on the computer.

gpupdate /force

Check out my gpupdate tutorial for more examples and a video walkthrough.

7. netstat (display network connections)

This is such an awesome command.

The netstat command displays TCP/IP connection information, ethernet stats, and the
computer’s routing table. As a sysadmin I use this command on Windows servers and
clients when troubleshooting connection issues. I can verify application servers are
working correctly by checking that the service is running and listening for
connections on the port.

netstat command examples

Display all active and listening ports.

netstat -a

Display all connections in numerical order.

netstat -a -n

Here is the output of the above command. You can see how you can verify server and
client connectivity. It shows that my domain controller with IP 192.168.100.10 has
established these four connections with IP 192.168.100.11.
More netstat examples

Displays the executable that is used to create the connection.

netstat -ab

Displays ethernet statistics. This is a quick way to check for network card errors and
discards.

netstat -e
Displays the exe and the process ID (PID) associated with the connection.

netstat -abo

Displays the computer local routing table.

netstat -r

Displays FQDN with the connection info.

netstat -af

8. dcdiag (test domain controller)

If you are the administrator of Active Directory then you must know this command.
This command will analyze the state of your domain controllers, it has over 30 built in
tests. You should be running this command at regular intervals to ensure your domain
environment is healthy.

dcdiag examples

To run dcdiag on a specific domain controller use this command

 dcdiag /s:DC1

9. net stop and net start (windows services)

Simple command to start and stop windows services.

Examples

In this example, I will stop and start the printer spooler service.

net stop spooler

and now start the spooler service.

net start spooler

That is it for this command, there are no additional parameters.

10. systeminfo
The systeminfo command displays configuration details on a computer such as OS
name and version, hardware information, boot time, logon server, and more.

There are a lot of details this command displays, I like to use this command to check
the windows server uptime and when it was last booted.
You can run this command on remote computers with the /s parameter.

system info /s pc1

11. getmac (get mac address)

This command returns the MAC address from all the network cards on a system.
When troubleshooting a client connection issue I will often need the computer’s MAC
address so I can verify I see it connected on the switch. This command is the best way
to quickly grab a computer’s MAC address.

To run it on a local computer just type getmac.

To run on a remote computer use the /s parameter.

getmac /s pc1

12. gpresult (group policy results)

The gpresult command reports on what group policies and settings are applied to a
user or computer.

This is another must know command if you work with Active Directory servers.

To display all applied GPOs run this command. Note: You need to run the command
prompt in administrator mode or it will not generate a full report.

gpresult /r

The above command will give a report for both user and computer applied GPOs.
and the computer settings.
More GPResult examples

Display GPOs applied to the user.

gpresult /r /scope:user

Display GPOs applied to the computer.

gpresult /r /scope:computer

Display GPOs for a remote computer.

gpresult /s pcname

Generate an HTML report.

gpresult /h c:\report.html

Send command output to a text file.

gpresult /r > c:\result.txt

13. whoami command

This command displays who is currently logged on to the local system. It also can
display what groups a user belongs to. Use this command to display the logged on
users group membership.

Get the current logged on user.

whoami

Display the user groups to which the current user belongs.

whoami /groups
Pretty cool right?

More whoami commands

Display the user name in UPN format

whoami /upn

Displays current domain, username and users SID

whoami /user

Displays all information for the current user

whoami /all

14. telnet client

I use the windows telnet client to test if a remote host is allowing connection on a
specific port. I typically use this when someone says your firewall is blocking a
program from working.

If you know the port number the application runs on you can use the command
below. In this example, I installed filezilla server so port 21 should be open.

The syntax is telnet + hostname or IP + port number

telnet srv01 21

You may or may not get a response back from the remote server. In this case with
filezilla I do. You could also just get a blank screen on a successful connection.

If it doesn’t get a connection you should get a message like the below.
That is all I use the telnet client for. For complete command syntax view Microsoft’s
telnet documentation.

15. set (get system details)

The set command displays environment variable information.

I don’t use this command that often but still is useful to check a user’s logon server or
quickly look at the environment variables.

One little trick with this command is you can type the command followed by string
and it will only display those results. For example, if I want to find everything that
starts with path I would use this command

set path

Now it just displays everything that starts with “path”.

16. cd (change directory)

The cd command allows you to change to another directory on your computer.

For example to change to the windows directory use this command.

cd windows

You can also start typing the directory name and hit tab to auto complete. For example, to change to the “Program
Files” directory I can type cd pro and hit tab and it will auto complete the path.

17. mkdir (make directory)

The mkdir command will create a directory or subdirectory. It creates the directory in
the current directory. For example, in the command prompt, my path is c:\it, if I type
mkdir folder1 it will create folder1 in the c:\it folder.

If I look in windows explorer I’ll see the folder1 directory.

18. sfc (system file checker)

The sfc command can be used to verify and replace important windows system files. If
you experience a blue screen or other crashes the sfc command may fix the issue. The
below command will scan all protected operating system files and repair if needed.

sfc /scannow
 You can also run a test only without repairing it.

sfc /verifyonly

19. net use (connect to network resources)

The net use command is used to connect and remove shared sources such as network
drives and printers.

In this example, I’ll map a network drive to my srv-vm1 server

net use \\srv-vm1\share

You can use net use to list resources.

To remove a resource use /delete

net use z: /delete

20. chkdsk (check disk)

The chkdsk command scans the file system on the disk and checks the integrity of the
files and metadata. There are many command line options with this command so
check the help menu for full details (chkdsk /?).

To check the disk in read-only mode run the below command.

chkdsk
Use /F to fix any errors found on the disk.

chkdsk /f

21. Route Print (View local routing table)

To view the local computers routing table use the route print command. This is useful
when the computer has multiple network interface cards and you need to determine
the route network traffic is taking.

route print
22. powercfg (Power Settings)
List and configure power settings with the powercfg command

List all power schemes:

powercfg /list

Change monitor timeout:

powercfg /change monitor-timeout-ac 5

Check out the powercfg guide from Windows Central for more examples.

23. tasklist (display running processes)

Tasklist will display the running processes on the local computer.
24. taskkill (end process)
Terminate a process by the PID number. In this example, I forcefully end process PID
1808.

taskkill /pid 1808 /f

25. format
The format command is used to format a partition on a hard drive or flash drive. This
will wipe all data from the partition.
In this example, I will format the E drive to the NTFS file system.

format e: /fs:NTFS

26. cls (clear screen)

The cls command will clear the command prompt console. This is useful when the
screen has a lot of information on it and you want a blank screen.

At the windows command prompt type cls and press enter to clear the screen.

27. diskpart
Diskpart allows you to manage disks, partitions, and volumes on your local computer.
You can delete, create, format, extend and shrink volumes.

To display a list of disks on the local computer is these commands.

diskpart
list disk
28. robocopy
Robocopy allows you to easily copy files and directories from one location to another.
This is a very popular windows command for moving file servers to another server.

Copy files from one server to another.

robocopy c:\source \\srv-vm2\share /z /e /copyall

For more examples, check out my guide 21 robocopy examples with screenshots.

29. xcopy
Xcopy is another windows command used to copy files and folders. To copy all files
and folders to a new location use this command.

xcopy c:\myfolder e:myfolder

30. del
The del command is used to delete files and folders. Deleting files with the del
command does not go to the recycle bin.

Delete a single file.

del c:\it\pass.txt

Delete all exe files.

del c:\it\*.exe

Delete files and subfolders.

 del c:\it\*.*

31. assoc (file association)

The assoc command displays or modifies file name extension associations.

List all current file name extension associations.

assoc

Here is an example of creating a file association. I will associate the .jpg file extension
with jpegfile file type.

assoc .jpg=jpgfile

32. schtasks (scheduled tasks)

The schtasks commands lets you add, remove, change and view scheduled tasks on
the local computer.
View scheduled tasks:

schtasks

Delete a scheduled task:

SCHTASKS /Delete /TN "\Backup\Backup and Restore"

33. net user

The net user command displays user account information on a local computer or the
domain.

On a PC type net user to see the computer’s account info.

To get all the user accounts from the domain controller.

net user /domain

Get domain account details.

net user username /domain

34. arp
The arp command displays and modifies the Address Resolution Protocol (ARP) cache
on the local computer.
Display the arp cache for all interfaces:

arp -a

To clear the arp cache use this command:

arp -d

35. hostname
This windows command displays the host name of the computer.

hostname
36. cipher (encrypt data)
The cipher command is useful for overwriting deleted data in windows. When you
delete data from Windows the data can be recovered by using data recovery
software. With the cipher command, you can remove the deleted data from the disk
so no one can recover it.

To overwrite deleted data on a volume use the /w switch. For example, I’ll clean the
c:\it\private path

cipher /w:c:\it\private

37. fc (file compare)

The fc command compares two files and displays the difference between the two.

In this example, I’ll check the difference between two text files (ping1.txt and
ping2.txt).
 fc c:\it\ping1.txt c:\it\ping2.txt

38. psexec
PsExec allows you to execute commands on remote computers. This is useful when
you need to troubleshoot a remote computer without taking full control of it.

In this example, I’ll run ipconfig on the remote computer pc1 to get the IP address
information.

psexec \\pc1 ipconfig

To learn more check out my full psexec tutorial.

39. Sysinternals
Sysinternals is a suite of utilities developed by Mark Russinovich and Bryce Cogswell
that is used to troubleshoot and monitor Windows computers. The suite of tools
became very popular with IT administrators for monitoring windows processes and
gathering system details. In 2006 Microsoft acquired the company and its assets.

You can download the suite of tools from the Sysinternals website.

40. rsop (group policy settings)

The RSOP command creates a report of the policies applied to a computer and user.
This is useful for troubleshooting group policy settings on a local computer.
This command requires running with local administrator rights.

rsop

For more details and examples check my full Rsop tutorial.

41. mmc
mmc opens the Microsoft Management Console. You can then add/remove your own
snap-ins for quick access to different management consoles.
42. dir
The dir command lists all files and directories in a specific directory.

To list the contents of the current directory use this command:

dir
To list the contents of another folder either change to that directory or type dir and
its path. For example, I’ll list the contents of c:\it\private.

dir c:\it\private

If the directory has a lot of files and folders you may want to pause the directory
listing so you can view it.

dir /p

43. runas
Runas allows you to run a specific tool or program as a different user. For example,
you are logged in as a regular user (no administrator rights) and you need to run a
program with an account that has local administrator rights.

In this example, I’m logged in as adpro\adam.reed and I’ll run a program (notepad) as
the local administrator account.
 runas /user:administrator c:\windows\notepad.exe

44. rmdir (remove directories)

Do you need to remove a directory? The rmdir command will delete a directory.

The default command will only delete empty directories. If you want to delete a
directory and the files in the directory use the /s switch.

For example, I’ll delete the c:\it\private and all files in that directory.

rmdir c:\it\private /s

45. w32tm (time service)

The w32tm command is used to configure the windows time service settings. If you
need to configure the time service to point to a network time server you can use this
command to configure the settings.

To view the time service configuration run this command.

w32tm /query /computer: /configuration

This command has a lot of options it’s more complicated than it should be. Check out
the w32tm documentation page for more details.

46. msiexec (install msi files)

The msiexec command can be used to install and modify msi and MSP installer
packages. This command is commonly used to silently install software using a msi
installer.

Install a package.

msiexec /i c:\install_file.msi

Install a package with no user interaction.

msiexec /i c:\install_file.msi /quit

47. ver
The ver command displays the Windows version.
48. manage-bde (BitLocker)
Check bitlocker status, encrypt and decrypt data drives.

Check if bitlocker status.

manage-bde -status

Turn on bitlocker and encrypt the drive.

manage-bde -on

49. findstr
Findstr searches for patterns of text in files.

For example, I’ll look for the word food in file ping1.txt

findstr food c:\it\ping1.txt

The above command will search inside the file for any instance of the string food.

Here is what the text file looks like.

 Below you can see the command found the string “food” twice inside the file.

See the Microsoft findstr documentation for more examples.

50. mstsc
The mstsc command starts a remote desktop session to another computer or allows
you t edit a .rdp configuration file.

Connect to the server using full screen, I’ll use 192.168.100.10 in these examples.

mstsc /f 192.168.100.10
Span rdp across multiple monitors.

mstsc /span 192.168.100.10

Is there a command to list all Windows commands?

You can type help to get a list of the system default commands.

Unfortunately, this will not list commands that have been installed by other programs
like the RSAT tools. To see a complete list of commands the Microsoft Windows
Commands documentation.

How do I run the command prompt as administrator?

This is a great question as some commands will not run unless the command prompt
is in administrator mode.

To run the command prompt as an administrator right click on “command prompt”

and select “Run as administrator”