Home
Command lines in Windows
September 11, 2018 |
Some cases, we can use command lines so that open tools, access system,... where we cannot open by GUI in windows or linux OS.
I. Command lines in Windows
1. Open Remote Desktop Connection
Typing the flowing command line below:
C:\Users\<user_name>> mstsc
How to check port of Remote Desktop:
1. Open regedit
2. Go to Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
3. find PortNumber
4. You can edit port and restart Remote Desktop Services.
4. You can edit port and restart Remote Desktop Services.
Typing the flowing command line below:
C:\Users\<user_name>> ssms
3. Open other command line window with administator user.
Typing the flowing command line below:
C:\Users\<user_name>> runas /user:Administrator cmd
and then enter password.
4. Restart a Windows service
net stop workstation
net start workstation
With the command line, we can resolve the issue:
"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed".
5. "Netstat" command line.
Netstart command is used show TCP/IP port in windows. We can use for check port which program is using or not.
Displays protocol statistics and current TCP/IP network connections.
NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]
-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-f Displays Fully Qualified Domain Names (FQDN) for foreign
addresses.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.
Example:
netstat -ab
netstat -aon
6. "TaskList" command line
TaskList is show task is runing in windows as Task Manager.
========================================
c:\>tasklist /?
TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]
Description:
This tool displays a list of currently running processes on
either a local or remote machine.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which
the command should execute.
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/M [module] Lists all tasks currently using the given
exe/dll name. If the module name is not
specified all loaded modules are displayed.
/SVC Displays services hosted in each process.
/V Displays verbose task information.
/FI filter Displays a set of tasks that match a
given criteria specified by the filter.
/FO format Specifies the output format.
Valid values: "TABLE", "LIST", "CSV".
/NH Specifies that the "Column Header" should
not be displayed in the output.
Valid only for "TABLE" and "CSV" formats.
/? Displays this help message.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------------------
STATUS eq, ne RUNNING |
NOT RESPONDING | UNKNOWN
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name
NOTE: "WINDOWTITLE" and "STATUS" filters are not supported when querying
a remote machine.
Examples:
TASKLIST
TASKLIST /M
TASKLIST /V /FO CSV
TASKLIST /SVC /FO LIST
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running""
=======================================
Example:
c:\>tasklist
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 964 K
smss.exe 356 Services 0 1,240 K
csrss.exe 472 Services 0 5,368 K
wininit.exe 544 Services 0 4,836 K
csrss.exe 552 Console 1 12,436 K
services.exe 600 Services 0 10,428 K
lsass.exe 616 Services 0 14,536 K
lsm.exe 624 Services 0 6,344 K
winlogon.exe 684 Console 1 6,968 K
svchost.exe 768 Services 0 9,468 K
nvvsvc.exe 848 Services 0 7,308 K
nvSCPAPISvr.exe 872 Services 0 5,792 K
7. "Taskkill" command line.
TaskKill is used to kill a program is runing. We can kill follow by PID or program name.
TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/T] [/F]
Description:
This tool is used to terminate tasks by process id (PID) or image name.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which the
command should execute.
/P [password] Specifies the password for the given user
context. Prompts for input if omitted.
/FI filter Applies a filter to select a set of tasks.
Allows "*" to be used. ex. imagename eq acme*
/PID processid Specifies the PID of the process to be terminated.
Use TaskList to get the PID.
/IM imagename Specifies the image name of the process
to be terminated. Wildcard '*' can be used
to specify all tasks or image names.
/T Terminates the specified process and any
child processes which were started by it.
/F Specifies to forcefully terminate the process(es).
/? Displays this help message.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- -------------------------
STATUS eq, ne RUNNING |
NOT RESPONDING | UNKNOWN
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
NOTE
----
1) Wildcard '*' for /IM switch is accepted only when a filter is applied.
2) Termination of remote processes will always be done forcefully (/F).
3) "WINDOWTITLE" and "STATUS" filters are not considered when a remote
machine is specified.
Examples:
TASKKILL /IM notepad.exe
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM cmd.exe /T
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"
8. Set IP V4
netsh interface ipv4 set address name="Wi-Fi" static <IP> 255.255.255.0 <DEFAULT_GATE_WAY>
netsh interface ipv4 set dns name="Wi-Fi" static 8.8.8.8
netsh interface ipv4 set dns name="Wi-Fi" static 8.8.4.4 index=2
9. Add user Logon Service
To add "Log on as a service" permissions:
- Run Start > Control Panel > Administrative Tools > Local Security Policy
- Select Local Policies > User Rights Assignment > Log on as a service
Click Add User or Group, and then add the appropriate account to the list of accounts that possess the Log on as a service right.
10. Check Share in Windows
$ net share
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
The command completed successfully.11. Disable/Enable copy/past clipboard
1. Run the Local Group Policy Editor: gpedit.msc
2. Go to Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Device and Resource Redirection;
12. Enable telnet client by cmd
$ dism /online /Disable-Feature /FeatureName:TelnetClient
$ dism /online /Enable-Feature /FeatureName:TelnetClient13. Bypass Windows 11 Requirement check
1. Enter Shift + F10
2. Enter regedit
3. Go to HEKY_LOCAL_MACHINE\SYSTEM\Setup
4. Created folder "LabConfig"
5. Create D-word 32 byte key : BypassTPMCheck > set value 1
Create D-word 32 byte key : BypassSecureBootCheck> set value 1
14. How to enable enable nested vtx/amd-v in Virtual Box.
- Go to virtualbox installation folder
- VBoxManage modifyvm <VirtualMachineName> --nested-hw-virt on
15. Tail of log
Windows powershell
Get-Content <file> -Wait16. Recovering USB when you install bootable linux
Open windows cmd by administrator
$ diskpart
$ list disk
$ select disk <N>
$ clean
=> Go to Disk Management in Windows and set path and format it.
17. Merge multiple files in windows
$ copy /b file1.txt +file2.txt final_file.txt
$ copy /b *.txt final-text.txt
Previous Article
