Windows Commands¶

# System summary
systeminfo

# OS version
winver

# Environment variables
set

# Disk usage
wmic logicaldisk get size,freespace,caption

# Installed software
wmic product get name,version

# List local users
net user

# Add local user
net user username Password123! /add

# Add to local admins
net localgroup administrators username /add

# List local groups
net localgroup

# Domain user info
net user username /domain

# List all services
sc query type= all

# Start / stop a service
net start "Service Name"
net stop "Service Name"

# Query a specific service
sc query "wuauserv"

# Set service startup type
sc config "wuauserv" start= auto

# List processes
tasklist

# Kill a process by name
taskkill /IM notepad.exe /F

# Kill by PID
taskkill /PID 1234 /F

# Find files recursively
dir /s /b *.log

# Copy directory tree
robocopy C:\source D:\dest /E /COPYALL /LOG:copy.log

# Check file permissions
icacls "C:\path\to\folder"

# Take ownership
takeown /F "C:\path" /R /D Y
icacls "C:\path" /grant Administrators:F /T

# IP configuration
ipconfig /all

# Flush DNS cache
ipconfig /flushdns

# Test connectivity
ping -n 4 8.8.8.8

# Trace route
tracert google.com

# Open connections
netstat -ano

# DNS lookup
nslookup domain.com

# Query Security log for failed logins (Event ID 4625)
wevtutil qe Security /q:"*[System[EventID=4625]]" /f:text /c:20

# Query System log for errors
wevtutil qe System /q:"*[System[Level=2]]" /f:text /c:20