Windows Commands

Question 1

dir

Answer 1

List files and directories

dir [<path>] [/...]

/o:x - list files in a particular order where x could be n to list by name, s to list by size, e to list by extension, or d to list by date.

/t:x - specifies which timestamp on the files and directories is displayed and used for sorting. x can be c for created on, a for last access and w for last modified.

/a:x - displays files with the attribute indicated by x: r for readonly, h for hidden, s for system and a for archive.

/P - pause after each screen of information.

Examples:
Display Creation Time:

dir /TC

Display Last Access Time:

dir /TA

Display Last Write Time:

dir /TW

Sort by Creation Time (oldest first):

dir /TC /O:D

Sort by Last Access Time (newest first):

dir /TA /O:-D

List Files by Size, Displaying Creation Time:

dir C:\mydir /TC /O:S

Display all .log files with eight characters in the filename:

dir ????????.log

/A - Displays files with specified attributes.

/B - Uses bare format (no heading information or summary).

Question 2

move

Answer 2

Move files.

move [/...] [<from>] [<to>]

/y - Stops prompting for confirmation that you want to overwrite an existing destination file.

-y - Starts prompting for confirmation that you want to overwrite an existing destination file

/? - Display help in the command prompt

Examples:

move /y \data\*.xls \reports\

Question 3

copy

Answer 3

Copies one or more files from one location to another. Cannot copy a directory.

/y - Suppresses prompting to confirm that you want to overwrite an existing destination file.

/-y - Prompts you to confirm that you want to overwrite an existing destination file.

copy [/...] [<from>] [<to>]

Question 4

robocopy

Answer 4

Or “robust copy” - is another file copy utility. Microsoft now recommends using robocopy rather than xcopy since the former is designed to work better with long filenames and NTFS attributes.

robocopy <from> <to> [<file>] [/...]

/s - Copy subdirectories. Exclude empty directories.

/e - Copy subdirectories. Include empty directories.

/mov - Move files and delete them from the source after they are copied.

/move - Move files and directories, delete them from the source after they are copied.

/mir - Mirror. Tells robocopy to copy everything from the source and make the destination mirror it. That means robocopy will delete anything in the destination that doesn’t match the source folders and files.

Question 5

xcopy

Answer 5

A utility that allows you to copy the contents of more than one directory at a time and retain the directory structure

/s - Copies directories and subdirectories unless they’re empty. If you omit /s, xcopy works within a single directory.

/e - Copies all subdirectories, even if they are empty

/t - Copies the subdirectory structure (the tree) only, not files. To copy empty directories, must be used with /e

/h - Copies hidden and system files.

/k - Copies files and retains read-only attribute to destination files if present. By default, xcopy removes the read-only attribute.

/y - Supresses prompting to confirm overwriting files.

/d [:MM-DD-YYYY] - Copies files changed on or after the specified date (useful for backups)

xcopy <from> [<to>] [/...]

Question 6

md (mkdir)

Answer 6

Creates a directory at a specified path

md <directory> - Creates a new directory with the specified name.
md <path\directory> - Creates a new directory at a specified path.

Question 7

rmdir

Answer 7

Deletes the specified directory if it’s empty.

Same as rd

/s - Deletes the specified directory and all its subdirectories and files (use with caution as it performs a recursive delete).

/q - Quiet mode; does not prompt for confirmation when used with /s.

For example:

rmdir OldFolder deletes “OldFolder” if it’s empty.
rmdir /s /q C:\Users\Example\OldFolder

Question 8

diskpart

Answer 8

The command interface underlying the Disk Management tool.

There are too many options in diskpart to cover here, but the basic process of inspecting disks and partitions is as follows:

1. Run the diskpart utility, and then enter select disk 0 at the prompt (or the number of the disk you want to check).
2. Enter detail disk to display configuration information for the disk. The utility should report that the partitions (or volumes) are healthy. If diskpart reports that the hard disk has no partitions, the partition table may have become corrupted.
3. Enter either select partition 0 or select volume 0 at the prompt (or the number of the partition or volume you want to check).
4. Enter either detail partition or detail volume to view information about the object. You can now use commands such as assign (change the drive letter), delete (destroy the volume), or extend.
5. Enter exit to quit diskpart.

Question 9

format

Answer 9

Used to prepare a storage device (like a hard drive, USB drive, or other media) for use by erasing its contents and setting up a file system.

Key switches for the format command:

format <drive letter>: - Formats the specified drive.
/fs:<file system> - Specifies the file system to use (e.g., NTFS, FAT32, exFAT).
/q - Performs a quick format. Deletes the file table and the root directory of a previously formatted volume, but doesn’t perform a sector-by-sector scan for bad areas.
/v:<label> - Specifies a volume label for the formatted drive.
/x - Forces the volume to dismount before formatting (useful if the drive is in use).
For example:

format D: /fs:NTFS formats the D: drive with the NTFS file system.
format E: /q /v:DataDrive performs a quick format on the E: drive and sets its label to “DataDrive.”

Question 10

chkdsk

Answer 10

Scans the file system and/or disk sectors for faults and can attempt to repair any problems detected. A version of Check Disk (autochk) will also run automatically if the system detects file system errors at boot.

There are three ways to run the tool:

chkdsk X: (where X is the drive letter but no switch is used) runs the tool in read-only mode. The scan will report whether errors need to be repaired.
chkdsk X: /f attempts to fix file system errors.
chkdsk X: /r fixes file system errors and attempts recovery of bad sectors. You are prompted to save any recoverable data, which is copied to the root directory as filennnn.chk files.
Check Disk cannot fix open files, so you may be prompted to schedule the scan for the next system restart.

Question 11

shutdown

Answer 11

Safely halt the system or log out.

/s - Shutdown. Close all open programs and services before powering off the computer. The user should save changes in any open files first but will be prompted to save any open files during shutdown.

/t nn - Specify delay in seconds before shutdown starts; the default is 30 seconds.

/a - Abort. Abort shutdown (if it is in progress)

/h - Hibernate. Save the current session to disk before powering off the computer.

/l - Close all open programs and services started under the user account, but leave the computer running.

/r - Restart. Close all open programs and services before rebooting without powering down. This is also called a soft reset.

Shutdown now:
~~~
shutdown now
~~~

Restart now:
~~~
shutdown -r now
~~~

Question 12

sfc

Answer 12

The Windows Resource Protection mechanism prevents damage to or malicious use of system files and registry keys and files. The System File Checker utility (sfc) provides a manual interface for verifying system files and restoring them from cache if they are found to be corrupt or damaged.

The program can be used from an administrative command prompt in the following modes:

sfc /scannow - runs a scan immediately.
sfc /scanonce - schedules a scan when the computer is next restarted.
sfc /scanboot - schedules a scan that runs each time the PC boots.

Question 13

winver

Answer 13

Display Windows version information by opening a GUI. Its predecessor, ver, prints the version to the command line.

Question 14

net

Answer 14

net use Manages shared network resources such as mapped drives or shared printers

net use <drive letter>: \\<server>\<share> - Connect to a network resource

net use <drive letter>: \\<server>\<share> /user:<domain>\<username> <password> - Connect with specific user credentials

net use - Display active connections

net use <drive letter>: /delete - Disconnect from a network resource

net use * /delete - Disconnect all active connections

net view can be used to list all Windows hosts on the network

Question 15

DISM

Answer 15

Deployment Image Servicing and Management - (DISM)

DISM utility can be used to slipstream operating system (OS) updates into a Windows install image. When an administrator is creating and maintaining disk images, it is important to include any necessary device drivers and relevant OS updates. DISM can be used to interact with an online image, which is a running Windows installation, or an offline image, such as a .wim, .vhd, or .vhdx file. DISM is a command-line tool that can be used to interact with Windows system images. It is commonly used in conjunction with other command-line system repair utilities such as the System File Checker (sfc) tool and the Check Disk (Chkdsk) tool.

Image - is used to specify an offline image, such as a .wim, .vhd, or .vhdx file.

/Online - specifies that DISM should operate on the running Windows installation and not on an offline image.

/Cleanup-Image - specifies that DISM should perform image maintenance and requires one of the following parameters: /CheckHealth, /ScanHealth, /RestoreHealth.

/CheckHealth - checks to see whether the image has been flagged as corrupt.

/ScanHealth - scans the image for corruption.

/RestoreHealth - scans the image and performs the necessary repairs.

By default, the DISM tool uses the Windows Update service to repair an online image; however, the /LimitAccess command-line switch can be used in conjunction with the /Source command-line switch to specify an alternate repair source.

Question 16

rd

Answer 16

rd Command in Windows

Same as rmdir

The rd (or rmdir) command in Windows is used to delete directories.

Key Switches for rd

1. rd <directory>
   Removes the specified directory if it’s empty.
2. /s
   Removes the specified directory and all its contents, including subdirectories and files (recursively deletes).
3. /q
   Quiet mode; does not prompt for confirmation when used with /s.

Examples

• rd TestFolder
  Deletes “TestFolder” if it is empty.
• rd /s /q C:\Users\Example\TestFolder
  Deletes “TestFolder” and all its contents without asking for confirmation.

This command is used primarily for cleaning up directories in Windows, especially when you need to remove a directory and all its files and subdirectories.

Question 17

reg / regsvr32

Answer 17

The reg command is a full Registry editing tool. You can view Registry keys and values, import and export some or all of a Registry, and even compare two different versions of a Registry. The tool is so powerful that it has multiple levels of help so you can tailor a command to accomplish very tight Registry edits. For example, typing reg /? brings up a list of 12 specific operations that you can search for help on, such as reg query /? and reg add /?.

The regsvr32 command, in contrast with reg, can modify the Registry in only one way, adding (or registering) dynamic link library (DLL) files as command components in the Registry. By default, if you run regsvr32 in a 64-bit version of Windows, the 64-bit version runs. This can cause problems if you’re trying to add a 32-bit DLL to the Registry. To accomplish the latter, run the regsvr32.exe file in the %SystemRoot%\Syswow64 folder.

Question 18

hostname

Answer 18

Displays your hostname

Question 19

gpupdate

Answer 19

Group policies define various security settings for Windows systems, such as password complexity, logon attempts, and permissions for users to install software. Group policies can apply to a standalone system or to systems on a domain. It takes time for a group policy change to propagate throughout a domain, but you can force a workstation to update to new policies by running gpupdate on the workstation.

Question 20

gpresult

Answer 20

If you need a quick overview of all security policies applied to a single user or computer, the gpresult tool is for you. You can run gpresult for any user or computer on your network (assuming you have a valid username and password) and you can ask for detailed or summary information.

/S - Specifies the remote system to connect to.

/USER - Specifies the user name for which the RSoP data is to be displayed.

/R - Displays RSoP summary data.

/V - Specifies that verbose information should be displayed. Verbose information provides additional detailed settings that have been applied with a precedence of 1.

/Z - Specifies that the super-verbose information should be displayed. Super- verbose information provides additional detailed settings that have been applied with a precedence of 1 and higher. This allows you to see if a setting was set in multiple places. See the Group Policy online help topic for more information.

Question 21

ping

Answer 21

The ping command in Windows is a diagnostic tool used to test network connectivity between your computer and a remote device by sending Internet Control Message Protocol (ICMP) echo request packets and waiting for a response. It helps identify if the target device is reachable, and it measures the time taken for packets to travel (round-trip time).

Here are the most important switches for the ping command:

• -t: Continuously sends ping requests until manually stopped with Ctrl + C.
• -n <count>: Specifies the number of echo requests to send. Example: ping -n 5 google.com sends 5 requests.
• -l <size>: Sets the size of the packet to send, in bytes. Default is 32 bytes. Example: ping -l 1000 google.com.
• -4: Forces the ping command to use IPv4.
• -6: Forces the ping command to use IPv6.
• -a: Resolves addresses to hostnames.
• -w <timeout>: Specifies the timeout (in milliseconds) to wait for each reply. Example: ping -w 1000 google.com waits 1 second for each reply.

These options allow you to customize how you test network connectivity and diagnose potential issues more effectively.

Question 22

ipconfig [Unix: ifconfig / ip]

Answer 22

Windows offers the command-line tool ipconfig for a quick glance at your network settings. From a command prompt, run ipconfig /all to see all of your TCP/IP settings. The ifconfig command in macOS and other Unixes provides the same level of detail with no switches applied. Much of the Linux world has moved on to the Linux-specific ip command, which is stuffed to the gills with cool features. You can run ip address to get the equivalent information.

When you have a static IP address, ipconfig does little beyond reporting your current IP settings, including your IP address, subnet mask, default gateway, DNS servers, and WINS servers. When using DHCP, however, ipconfig is also the primary tool for releasing and renewing your IP address. Just run ipconfig /renew to get a new IP address or ipconfig /release to give up the IP address you currently have.

Question 23

nslookup [Unix: dig]

Answer 23

The nslookup command is a powerful command-line program that enables you to determine exactly what information the DNS server is giving you about a specific host name. Every modern OS makes nslookup available when you install TCP/IP, though on Unixes I recommend the dig command, which provides more verbose—and more technical—output by default.

Question 24

tracert / pathping [Unix: traceroute]

Answer 24

The tracert (Windows) and traceroute (macOS, Linux) utilities show the route that a packet takes to get to its destination. From a command line, type tracert or traceroute followed by a space and an IP address or URL. The output describes the route from your machine to the destination machine, including all devices the packet passes through and how long each hop between devices takes.

On Windows you can also use the pathping command to see similar information to tracert—but with a better statistical summary of the multiple connection attempts it makes.

Question 25

nbtstat

Answer 25

The nbtstat command is an old command-line utility that predates Windows. It stands for NetBIOS over TCP/IP Statistics. Many versions ago, Windows used NetBIOS for many aspects of LAN file sharing, and even though NetBIOS is long gone, bits of NetBIOS hang on as a way for Windows to resolve host names on the network when a DNS server is not available.

While not covered on the CompTIA A+ Exam, nbtstat can still provide insight when troubleshooting naming issues in small workgroups. Here are a couple of usage examples; to see what your computer’s NetBIOS name is, use the nbtstat -n command.

You can also query a remote machine by IP to find out its NetBIOS name with nbtstat -A (note the uppercase “A”; use a lowercase “a” if you know the machine’s NetBIOS name already):