Rob van der Woude's Scripting Pages

Microsoft Windows 7 Ultimate Service Pack 1

Version 6.1.7601 (64 bits)

English - United States

 

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

A
 
ACCESSCHK Accesschk v6.01 - Reports effective permissions for securable objects
ACINIUPD utility to update the INI file.
ADRESTORE AdRestore v1.1
APPVERIF Application Verifier 10.0.10586 (x64)
ARP Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP).
ASSOC Displays or modifies file extension associations.
AT The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command.
ATTRIB Displays or changes file attributes.
AUDITPOL Audit Policy Program
AUTORUNSC Autorunsc shows programs configured to autostart during boot.
 
B
 
BCDBOOT Bcdboot - Bcd boot file creation and repair tool. The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store.
BCDEDIT Sets properties in boot database to control boot loading.
BDEHDCFG This command prepares your hard drive for BitLocker Drive Encryption.
BITSADMIN BITS administration utility.
BOOTCFG This command line tool can be used to configure, query, change or delete the boot entry settings in the BOOT.INI file.
BREAK Sets or clears extended CTRL+C checking.
 
C
 
CACLS Displays or modifies access control lists (ACLs) of files.
CALL Calls one batch program from another.
CD Displays the name of or changes the current directory.
CDBURN Microsoft® CD ISO Burn Utility
CERTREQ CertReq.exe
CERTUTIL CertUtil.exe
CHANGE Remote Desktop Services Change Utility
CHCP Displays or sets the active code page number.
CHDIR Displays the name of or changes the current directory.
CHGLOGON Enable, disable, or drain session logins.
CHGPORT List or change COM port mappings for DOS application compatibility.
CHGUSR Change Install Mode.
CHKDSK Checks a disk and displays a status report.
CHKNTFS Displays or modifies the checking of disk at boot time.
CHOICE This tool allows users to select one item from a list of choices and returns the index of the selected choice.
CIPHER This program is blocked by group policy. For more information, contact your system administrator.
CLIP Redirects output of command line tools to the Windows clipboard. This text output can then be pasted into other programs.
CLS Clears the screen.
CMD Starts a new instance of the Windows command interpreter.
CMDKEY Creates, displays, and deletes stored user names and passwords.
COLOR Sets the default console foreground and background colors.
COMP Compares the contents of two files or sets of files.
COMPACT Displays or alters the compression of files on NTFS partitions.
CONTIG Contig v1.7 - Makes files contiguous
CONVERT Converts FAT volumes to NTFS. You cannot convert the current drive.
COPY Copies one or more files to another location.
COREINFO Coreinfo v3.31 - Dump information on system CPU and memory topology
CSCRIPT Microsoft ® Console Based Script Host
 
D
 
DATE Displays or sets the date.
DEFRAG Locates and consolidates fragmented files on local volumes to improve system performance.
DEL Deletes one or more files.
DEVCON Device Console Help
DHCPLOC Detects rogue DHCP server
DIANTZ Cabinet Maker - Lossless Data Compression Tool
DIR Displays a list of files and subdirectories in a directory.
DISKCOMP Compares the contents of two floppy disks.
DISKCOPY Copies the contents of one floppy disk to another.
DISKPART Displays or configures Disk Partition properties.
DISKPERF Disk Performance Configuration Utility
DISKRAID Microsoft DiskRAID version 6.1.7601
DISM DISM enumerates, installs, uninstalls, configures, and updates features and packages in Windows images. The commands that are available depend on the image being serviced and whether the image is offline or running.
DISPDIAG Logs display information to a file in the current directory.
DJOIN Unattended Setup Generic Command For Domain Join
DOSKEY Edits command lines, recalls Windows commands, and creates macros.
DPATH Allows programs to open data files in specified directories as if they were in the current directory.
DRIVERQUERY Displays current device driver status and properties.
DSADD This tool's commands add specific types of objects to the directory.
DSGET This tool's commands display the selected properties of a specific object in the directory.
DSMOD This dsmod command modifies existing objects in the directory.
DSMOVE This command moves or renames an object within the directory.
DSQUERY This tool's commands suite allow you to query the directory according to specified criteria.
DSRM This command deletes objects from the directory.
DU Du v1.5 - report directory disk usage
DVDBURN Microsoft® DVD Burn Utility
 
E
 
ECHO Displays messages, or turns command echoing on or off.
ENDLOCAL Ends localization of environment changes in a batch file.
EPAL Elevated Priviledge Application Launcher
ERASE Deletes one or more files.
EVENTCREATE This command line tool enables an administrator to create a custom event ID and message in a specified event log.
EXIT Quits the CMD.EXE program (command interpreter).
EXPAND Expands one or more compressed files.
 
F
 
FC Compares two files or sets of files, and displays the differences between them.
FILEVER Prints file version information.
FIND Searches for a text string in a file or files.
FINDLINKS FindLinks v1.0 - Locate file hard links
FINDSTR Searches for strings in files.
FINGER Displays information about a user on a specified system running the Finger service. Output varies based on the remote system.
FLTMC Filter Manager Control Program
FOR Runs a specified command for each file in a set of files.
FORFILES Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs.
FORMAT Formats a disk for use with Windows.
FSUTIL Displays or configures the file system properties.
FTP Transfers files to and from a computer running an FTP server service (sometimes called a daemon). Ftp can be used interactively.
FTYPE Displays or modifies file types used in file extension associations.
 
G
 
GETMAC This tool enables an administrator to display the MAC address for network adapters on a system.
GOTO Directs the Windows command interpreter to a labeled line in a batch program.
GPRESULT Displays Group Policy information for machine or user.
GPUPDATE Updates Group Policies settings.
 
H
 
HANDLE Handle v4.0
HELP Provides Help information for Windows commands.
HEX2DEC Hex2dec - converts hex to decimal and vice versa
HOSTNAME Prints the name of the current host.
 
I
 
ICACLS Display, modify, backup, or restore ACLs for files and directories.
IF Performs conditional processing in batch programs.
IFMEMBER Return Code shows number of groups this user is a member of.
IPCONFIG The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.
ISCSICLI Microsoft iSCSI Initiator Version 6.1 Build 7601
 
J
 
JT Microsoft (R) Task Scheduler Command Line Utility
JUNCTION Junction v1.06 - Windows junction creator and reparse point viewer
 
L
 
LABEL Creates, changes, or deletes the volume label of a disk.
LDMDUMP Logical Disk Manager Configuration Dump v1.03
LISTDLLS ListDLLs v3.1 - List loaded DLLs
LODCTR Updates registry values related to performance counters.
LOGEVENT Log an user event to EventLog registry.
LOGMAN Microsoft © Logman.exe (6.1.7601.18869)
LOGOFF Terminates a session.
LOGONSESSIONS Usage: logonsessions [-c[t]] [-p]
LPR Sends a print job to a network printer
 
M
 
MAKECAB Cabinet Maker - Lossless Data Compression Tool
MANAGE-BDE Configures BitLocker Drive Encryption on disk volumes.
MD Creates a directory.
MKDIR Creates a directory.
MKLINK Creates Symbolic Links and Hard Links
MODE Configures a system device.
MORE Displays output one screen at a time.
MOUNTVOL Creates, deletes, or lists a volume mount point.
MOVE Moves one or more files from one directory to another directory.
MOVEFILE Movefile v1.01 - copies over an in-use file at boot time
MRINFO Multicast Information
MSG Send a message to a user.
 
N
 
NBTSTAT Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
NET Net Command
NETCFG WinPE network installer
NETSH Network Command Shell
NETSTAT Displays protocol statistics and current TCP/IP network connections.
NLTEST Microsoft® Logon Server Test Utility
NSLOOKUP nslookup
 
O
 
OPENFILES Displays files opened by remote users for a file share.
 
P
 
PATH Displays or sets a search path for executable files.
PATHPING TCP/IP PathPing Command
PAUSE Suspends processing of a batch file and displays a message.
PING TCP/IP Ping Command
PNPUNATTEND AuditSystem, Unattend online driver install
PNPUTIL Microsoft PnP Utility
POPD Restores the previous value of the current directory saved by PUSHD.
PORTQRY Displays the state of TCP and UDP ports.
POWERCFG This command line tool enables users to control the power settings on a system.
POWERSHELL Windows PowerShell
PRINT Prints a text file.
PRINTBRM Access the Backup Recovery Migration tool through a command line interface.
PRNCNFG.VBS Printer configuration script for WMI on Windows used to get and set printer configuration also used to rename a printer
PRNDRVR.VBS Driver script for WMI on Windows used to add, delete, and list drivers.
PRNJOBS.VBS Job control script for WMI on Windows used to pause, resume, cancel and list jobs
PRNMNGR.VBS Printer script for WMI on Windows used to add, delete, and list printers and connections also for getting and setting the default printer
PRNPORT.VBS Port script for WMI on Windows used to add, delete and list ports also for getting and setting the port configuration
PRNQCTL.VBS Printer control script for WMI on Windows used to pause, resume and purge a printer also used to print a test page on a printer
PROCDUMP With contributions from Andrew Richards
PROMPT Changes the Windows command prompt.
PSEXEC Execute processes remotely
PSFILE PsFile lists or closes files opened remotely.
PSGETSID Translates SIDs to names and vice versa
PSINFO Local and remote system information viewer
PSKILL Terminates processes on local or remote systems
PSLIST Process information lister
PSLOGGEDON See who's logged on
PSLOGLIST local and remote event log viewer
PSPASSWD Local and remote password changer
PSPING PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility
PSSERVICE Service information and configuration utility
PSSHUTDOWN Shutdown, logoff and power manage local and remote systems
PSSUSPEND Process Suspender
PUBPRN.VBS Publish printers from a non Windows 2000 server into Windows 2000 DS
PUSHD Saves the current directory then changes it.
 
Q
 
QAPPSRV Displays the available Remote Desktop Session Host servers on the network.
QPROCESS Displays information about processes.
QUERY MultiUser Query Utility
QUSER Display information about users logged on to the system.
QWINSTA Display information about Remote Desktop Sessions.
 
R
 
RASDIAL Remote Access Command Line Dial UI
RD Removes a directory.
RDPSIGN Remote Desktop Session Host Server Sign Tool
REAGENTC Configures the Windows Recovery Environment (RE).
RECIMG Configures the recovery image Windows uses to refresh your PC.
RECOVER Recovers readable information from a bad or defective disk.
REG Registry Console Tool
REGDELNULL RegDelNull v1.10 - Delete Registry keys with embedded Nulls
REGINI Registry Initializer
REGISTER-CIMPROVIDER Registers CIM Provider into system
RELOG Relog creates new performance logs from data in existing performance logs by changing the sampling rate and/or converting the file format. Supports all performance log formats, including Windows NT 4.0 compressed logs.
REM Records comments (remarks) in batch files or CONFIG.SYS.
REN Renames a file or files.
RENAME Renames a file or files.
REPAIR-BDE Attempts to repair or decrypt a damaged BitLocker-encrypted volume using the
REPLACE Replaces files.
RESET Remote Desktop Services Reset Utility
RMDIR Removes a directory.
ROBOCOPY Advanced utility to copy files and directory trees
ROUTE Manipulates network routing tables.
RPCPING RPC Ping Utility
RU Ru v1.1 - report registry key usage
RUNAS Run As Utility
RWINSTA Reset Session Utility
 
S
 
SC Displays or configures services (background processes).
SCHTASKS Schedules commands and programs to run on a computer.
SDBINST Application Compatibility Database Installer
SDELETE SDelete - Secure Delete v1.61
SECEDIT Windows Security Configuration Editor Command Tool
SET Displays, sets, or removes Windows environment variables.
SETLOCAL Begins localization of environment changes in a batch file.
SETSPN Query or reset the computer's SPN attribute
SETX Creates or modifies environment variables in the user or system environment. Can set variables based on arguments, regkeys or file input.
SFC Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions.
SHADOW Session Remote Control Utility
SHIFT Shifts the position of replaceable parameters in batch files.
SHORTCUT Windows 95 Shortcut Maker
SHUTDOWN Allows proper local or remote shutdown of machine.
SIGCHECK Sigcheck v2.42 - File version and signature viewer
SOON Command Scheduling Utility
SORT Sorts input.
START Starts a separate window to run a specified program or command.
STREAMS Streams v1.56 - Enumerate alternate NTFS data streams
STRINGS Strings v2.51
SUBINACL SubInAcl version 5.2.3790.1180
SUBST Associates a path with a drive letter.
SXSTRACE Sxs Tracing Tool
SYNC Sync 2.2: Disk Flusher for Windows 9x/Me/NT/2K/XP
SYSTEMINFO Displays machine specific properties and configuration.
 
T
 
TAKEOWN This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership.
TASKKILL Kill or stop a running process or application.
TASKLIST Displays all currently running tasks including services.
TIME Displays or sets the system time.
TIMEOUT This utility accepts a timeout parameter to wait for the specified time period (in seconds) or until any key is pressed. It also accepts a parameter to ignore the key press.
TITLE Sets the window title for a CMD.EXE session.
TRACERPT Event Trace Report Tool
TRACERT TCP/IP Traceroute Command
TREE Graphically displays the directory structure of a drive or path.
TSCON Attaches a user session to a remote desktop session.
TSDISCON Disconnects a remote desktop session.
TSKILL Ends a process.
TYPE Displays the contents of a text file.
TYPEPERF Typeperf writes performance data to the command window or to a log file. To stop Typeperf, press CTRL+C.
TZUTIL Windows Time Zone Utility
 
U
 
UNLODCTR Removes counter names and explain text for the specified extensible counter.
 
V
 
VAULTCMD Creates, displays and deletes stored credentials.
VER Displays the Windows version.
VERIFIER Driver Verifier Manager
VERIFY Tells Windows whether to verify that your files are written correctly to a disk.
VOL Displays a disk volume label and serial number.
VOLUMEID VolumeID V2.01 - Set disk volume id
VSSADMIN This program is blocked by group policy. For more information, contact your system administrator.
 
W
 
W32TM Windows Time Service Diagnostic Tool
WAITFOR This tool sends, or waits for, a signal on a system. When /S is not specified, the signal will be broadcasted to all the systems in a domain. If /S is specified, then the signal will be sent only to the specified system.
WBADMIN wbadmin 1.0 - Backup command-line tool
WECUTIL Event Collector Command Line Utility
WEVTUTIL Eventing Command Line Utility
WHERE Displays the location of files that match the search pattern. By default, the search is done along the current directory and in the paths specified by the PATH environment variable.
WHOAMI This utility can be used to get user name and group information along with the respective security identifiers (SID), privileges, logon identifier (logon ID) for the current user (access token) on the local system. i.e. who is the current logged on user? If no switch is specified, tool displays the user name in NTLM format (domain\username).
WHOIS Whois v1.12 - Domain information lookup utility
WINRM Windows Remote Management (WinRM) is the Microsoft implementation of the WS-Management protocol which provides a secure way to communicate with local and remote computers using web services.
WINRS winrs
WINSAT Windows System Assessment Tool
WMIC Displays WMI information inside interactive command shell.
 
X
 
XCOPY Copies files and directory trees.

 

ACCESSCHK   (Version 6.1.0.0)

Accesschk v6.01 - Reports effective permissions for securable objects
Copyright (C) 2006-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: accesschk [-s][-e][-u][-r][-w][-n][-v]-[f <account>,...][[-a]|[-k]|[-m]|[-p [-f] [-t]]|[-h][-o [-t <object type>]][-c]|[-d]] [[[-l|-L] [-i]]|[username]] <file, directory, event log, registry key, process, service, object>
   -a     Name is a Windows account right. Specify '*' as the name to show all
          rights assigned to a user. Note that when you specify a specific
          right, only groups and accounts directly assigned the right are
          displayed.
   -c     Name is a Windows Service e.g. ssdpsrv. Specify '*' as the
          name to show all services and 'scmanager' to check the security
          of the Service Control Manager.
   -d     Only process directories or top level key.
   -e     Only show explicitly set Integrity Levels (Windows Vista and
          higher only).
   -f     If following -p, shows full process token information including
          groups and privileges. Otherwise is a list of comma-separated
          accounts to filter from the output.
   -h     Name is a file or printer share. Specify '*' as the name to show
          all shares.
   -i     Ignore objects with only inherited ACEs when dumping full access
          control lists.
   -k     Name is a Registry key e.g. hklm\software
   -l     Show full security descriptor. Add -i to ignore inherited ACEs.
          Specify upper-case L to have the output format as SDDL.
   -m     Name is an event log (specify '*' as the name to show all event logs.
   -n     Show only objects that have no access.
   -o     Name is an object in the Object Manager namespace (default is root).
          To view the contents of a directory, specify the name with a trailing
          backslash or add -s. Add -t and an object type (e.g. section) to
          see only objects of a specific type.
   -p     Name is a process name or PID e.g. cmd.exe (specify '*' as the
          name to show all processes). Add -f to show full process
          token information including groups and privileges. Add -t to show
          threads.
   -q     Omit banner.
   -r     Show only objects that have read access.
   -s     Recurse.
   -t     Object type filter e.g. "section"
   -u     Suppress errors.
   -v     Verbose (includes Windows Vista Integrity Level).
   -w     Show only objects that have write access.

If you specify a user or group name and path AccessChk will report the
effective permissions for that account; otherwise it will show the effective
access for accounts referenced in the security descriptor.

By default the path name is interpreted as a file system path (use the
"\pipe\" prefix to specify a named pipe path). For each object AccessChk
prints R if the account has read access, W for write access and nothing if
it has neither. The -v switch has AccessChk dump the specific
accesses granted to an account.

 

ACINIUPD   (Version 5.0.2158.1)

ACINIUPD: utility to update the INI file.

aciniupd [/e | /k] [/u] [/v] ini_file section key new_value.
  /e  Update the value for the key in the section specified.
  /k  Update the key name with the new key name in the section specified.
  /u  Update INI file in user's windows directory instead of system directory.
  /v  Verbose mode.

 

ADRESTORE

AdRestore v1.1
by Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: AdRestore [-r] [searchfilter]

   -r       Prompt to restore deleted objects found.

This command enumerates all objects with the string "comp" in the name.

     adrestore comp

 

APPVERIF   (Version 10.0.10586.15)

Application Verifier 10.0.10586 (x64)
Copyright (c) Microsoft Corporation. All rights reserved.

Application Verifier Command Line Usage:                  

    -enable TEST ... -for TARGET ... [-with [TEST.]PROPERTY=VALUE ...] 
    -disable TEST ... -for TARGET ...                   
    -query TEST ... -for TARGET ...                     
    -configure STOP ... -for TARGET ... -with PROPERTY=VALUE...
    -verify TARGET [-faults [PROBABILITY [TIMEOUT [DLL ...]]]] 
    -export log -for TARGET -with To=XML_FILE [Symbols=SYMBOL_PATH] [StampFrom=LOG_STAMP] [StampTo=LOG_STAMP] [Log=RELATIVE_TO_LAST_INDEX] 
    -delete {logs|settings} -for TARGET ...                  
    -stamp log -for TARGET -with Stamp=LOG_STAMP [Log=RELATIVE_TO_LAST_INDEX] 
    -logtoxml LOGFILE XMLFILE                                
    -installprovider PROVIDERBINARY                          
    -sppath [PROTECTED_PROCESS_LOG_PATH]                     
    -cppath                                                  
    -logtofile [enable | disable]                                

Available Tests:

    Heaps
    Handles
    Locks
    Memory
    TLS
    Exceptions
    DirtyStacks
    LowRes
    DangerousAPIs
    TimeRollOver
    Threadpool
    Leak
    SRWLock
    HighVersionLie
    LuaPriv
    PrintAPI
    PrintDriver
    Networking
    NTLMCaller
    NTLMDowngrade
    Webservices
    Cuzz

(For descriptions of tests, run appverif.exe in GUI mode.)

Examples:
    appverif -enable handles locks -for foo.exe bar.exe
        (turn on handles locks for foo.exe & bar.exe)
    appverif -enable heaps handles -for foo.exe -with heaps.full=false
        (turn on handles and normal pageheap for foo.exe)
    appverif -enable heaps -for foo.exe -with full=true dlls=mydll.dll
        (turn on full pageheap for the module of mydll.dll in the foo.exe
    appverif -enable * -for foo.exe
        (turn on all tests for foo.exe)
    appverif -disable * -for foo.exe bar.exe
        (turn off all tests for foo.exe & bar.exe)
    appverif -disable * -for *
        (wipe out all the settings in the system)
    appverif -export log -for foo.exe -with to=c:\sample.xml
        (export the most recently log associated with foo.exe to c:\sample.xml)
    appverif /verify notepad.exe /faults 50000 1000 kernel32.dll advapi32.dll
        (enable fault injection for notepad.exe. Faults should happen with 
         probability 5%, only 1000 msecs after process got launched and only
         for operations initiated from kernel32.dll and advapi32.dll)
    appverif -sppath c:\ProtectedProcessLogs
        (set protected process log path to c:\ProtectedProcessLogs)
    appverif -cppath
        (clear protected process log path)
    appverif -logtofile disable
        (disable appverifier logging to a file for all applications)

 

ARP   (Version 6.1.7600.16385)

Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).

ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr] [-v]

  -a            Displays current ARP entries by interrogating the current
                protocol data.  If inet_addr is specified, the IP and Physical
                addresses for only the specified computer are displayed.  If
                more than one network interface uses ARP, entries for each ARP
                table are displayed.
  -g            Same as -a.
  -v            Displays current ARP entries in verbose mode.  All invalid 
                entries and entries on the loop-back interface will be shown.
  inet_addr     Specifies an internet address.
  -N if_addr    Displays the ARP entries for the network interface specified
                by if_addr.
  -d            Deletes the host specified by inet_addr. inet_addr may be 
                wildcarded with * to delete all hosts.
  -s            Adds the host and associates the Internet address inet_addr
                with the Physical address eth_addr.  The Physical address is
                given as 6 hexadecimal bytes separated by hyphens. The entry
                is permanent.
  eth_addr      Specifies a physical address.
  if_addr       If present, this specifies the Internet address of the
                interface whose address translation table should be modified.
                If not present, the first applicable interface will be used.
Example:
  > arp -s 157.55.85.212   00-aa-00-62-c6-09  .... Adds a static entry.
  > arp -a                                    .... Displays the arp table.

 

ASSOC   (internal command)

Displays or modifies file extension associations

ASSOC [.ext[=[fileType]]]

  .ext      Specifies the file extension to associate the file type with
  fileType  Specifies the file type to associate with the file extension

Type ASSOC without parameters to display the current file associations.
If ASSOC is invoked with just a file extension, it displays the current
file association for that file extension.  Specify nothing for the file
type and the command will delete the association for the file extension.

 

AT   (Version 6.1.7600.16385)

The AT command schedules commands and programs to run on a computer at      
a specified time and date. The Schedule service must be running to use      
the AT command.
                                                           
AT [\\computername] [ [id] [/DELETE] | /DELETE [/YES]]                    
AT [\\computername] time [/INTERACTIVE]
    [ /EVERY:date[,...] | /NEXT:date[,...]] "command"

\\computername     Specifies a remote computer. Commands are scheduled on the
                   local computer if this parameter is omitted.             
id                 Is an identification number assigned to a scheduled      
                   command.                                                 
/delete            Cancels a scheduled command. If id is omitted, all the
                   scheduled commands on the computer are canceled.
/yes               Used with cancel all jobs command when no further
                   confirmation is desired.
time               Specifies the time when command is to run.
/interactive       Allows the job to interact with the desktop of the user   
                   who is logged on at the time the job runs.
/every:date[,...]  Runs the command on each specified day(s) of the week or
                   month. If date is omitted, the current day of the month
                   is assumed.                                              
/next:date[,...]   Runs the specified command on the next occurrence of the
                   day (for example, next Thursday).  If date is omitted, the
                   current day of the month is assumed.
"command"          Is the Windows NT command, or batch program to be run.

 

ATTRIB   (Version 6.1.7600.16385)

Displays or changes file attributes.

ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] 
       [drive:][path][filename] [/S [/D] [/L]]

  +   Sets an attribute.
  -   Clears an attribute.
  R   Read-only file attribute.
  A   Archive file attribute.
  S   System file attribute.
  H   Hidden file attribute.
  I   Not content indexed file attribute.
  [drive:][path][filename]
      Specifies a file or files for attrib to process.
  /S  Processes matching files in the current folder
      and all subfolders.
  /D  Processes folders as well.
  /L  Work on the attributes of the Symbolic Link versus
      the target of the Symbolic Link

 

AUDITPOL   (Version 6.1.7601.23714)

Usage: AuditPol command [<sub-command><options>]


Commands (only one command permitted per execution)
  /?               Help (context-sensitive)
  /get             Displays the current audit policy.
  /set             Sets the audit policy.
  /list            Displays selectable policy elements.
  /backup          Saves the audit policy to a file.
  /restore         Restores the audit policy from a file.
  /clear           Clears the audit policy.
  /remove          Removes the per-user audit policy for a user account.
  /resourceSACL    Configure global resource SACLs


Use AuditPol <command> /? for details on each command

 

AUTORUNSC   (Version 13.51.0.0)

Autorunsc shows programs configured to autostart during boot.

Usage: autorunsc [-a <*|bdeghiklmoprsw>] [-c|-ct] [-h] [-m] [-s] [-u] [-vt] [[-z <systemroot> <userprofile>] | [user]]]
  -a   Autostart entry selection:
     *    All.
     b    Boot execute.
     c    Codecs.
     d    Appinit DLLs.
     e    Explorer addons.
     g    Sidebar gadgets (Vista and higher)
     h    Image hijacks.
     i    Internet Explorer addons.
     k    Known DLLs.
     l    Logon startups (this is the default).
     m    WMI entries.
     n    Winsock protocol and network providers.
     o    Office addins.
     p    Printer monitor DLLs.
     r    LSA security providers.
     s    Autostart services and non-disabled drivers.
     t    Scheduled tasks.
     w    Winlogon entries.
  -c     Print output as CSV.
  -ct    Print output as tab-delimited values.
  -h     Show file hashes.
  -m     Hide Microsoft entries (signed entries if used with -s).
  -s     Verify digital signatures.
  -t     Show timestamps in normalized UTC (YYYYMMDD-hhmmss).
  -u     If VirusTotal check is enabled, show files that are unknown
         by VirusTotal or have non-zero detection, otherwise show only
         unsigned files.
  -x     Print output as XML.
  -v[rs] Query VirusTotal (www.virustotal.com) for malware based on file hash.
         Add 'r' to open reports for files with non-zero detection. Files
         reported as not previously scanned will be uploaded to VirusTotal
         if the 's' option is specified. Note scan results may not be
         available for five or more minutes.
  -vt    Before using VirusTotal features, you must accept
         VirusTotal terms of service. See:

              https://www.virustotal.com/en/about/terms-of-service/

         If you haven't accepted the terms and you omit this
         option, you will be interactively prompted.
  -z     Specifies the offline Windows system to scan.
  user   Specifies the name of the user account for which
         autorun items will be shown. Specify '*' to scan
         all user profiles.

 

BCDBOOT   (Version 6.1.7601.17514)

Bcdboot - Bcd boot file creation and repair tool.

The bcdboot.exe command-line tool is used to copy critical boot files to the
system partition and to create a new system BCD store.

bcdboot <source> [/l <locale>] [/s <volume-letter>] [/v]
                 [/m [{OS Loader ID}]]

  source            Specifies the location of the windows system root.

  /l                Specifies an optional locale parameter to use when
                    initializing the BCD store. The default is US English.

  /s                Specifies an optional volume letter parameter to designate
                    the target system partition where boot environment files are
                    copied.  The default is the system partition identified by
                    the firmware.

  /v                Enables verbose mode.

  /m                If an OS loader GUID is provided, this option merges the 
                    given loader object with the system template to produce a 
                    bootable entry. Otherwise, only global objects are merged.


Examples: bcdboot c:\windows /l en-us
          bcdboot c:\windows /s h:
          bcdboot c:\windows /m {d58d10c6-df53-11dc-878f-00064f4f4e08}

 

BCDEDIT   (Version 6.1.7601.23572)

BCDEDIT - Boot Configuration Data Store Editor

The Bcdedit.exe command-line tool modifies the boot configuration data store.
The boot configuration data store contains boot configuration parameters and
controls how the operating system is booted. These parameters were previously
in the Boot.ini file (in BIOS-based operating systems) or in the nonvolatile
RAM entries (in Extensible Firmware Interface-based operating systems). You can
use Bcdedit.exe to add, delete, edit, and append entries in the boot
configuration data store.

For detailed command and option information, type bcdedit.exe /? <command>. For
example, to display detailed information about the /createstore command, type:

     bcdedit.exe /? /createstore

For an alphabetical list of topics in this help file, run "bcdedit /? TOPICS".

Commands that operate on a store
================================
/createstore    Creates a new and empty boot configuration data store.
/export         Exports the contents of the system store to a file. This file
                can be used later to restore the state of the system store.
/import         Restores the state of the system store using a backup file
                created with the /export command.
/sysstore       Sets the system store device (only affects EFI systems, does
                not persist across reboots, and is only used in cases where
                the system store device is ambiguous).

Commands that operate on entries in a store
===========================================
/copy           Makes copies of entries in the store.
/create         Creates new entries in the store.
/delete         Deletes entries from the store.
/mirror         Creates mirror of entries in the store.

Run bcdedit /? ID for information about identifiers used by these commands.

Commands that operate on entry options
======================================
/deletevalue    Deletes entry options from the store.
/set            Sets entry option values in the store.

Run bcdedit /? TYPES for a list of datatypes used by these commands.
Run bcdedit /? FORMATS for a list of valid data formats.

Commands that control output
============================
/enum           Lists entries in the store.
/v              Command-line option that displays entry identifiers in full,
                rather than using names for well-known identifiers.
                Use /v by itself as a command to display entry identifiers
                in full for the ACTIVE type.

Running "bcdedit" by itself is equivalent to running "bcdedit /enum ACTIVE".

Commands that control the boot manager
======================================
/bootsequence   Sets the one-time boot sequence for the boot manager.
/default        Sets the default entry that the boot manager will use.
/displayorder   Sets the order in which the boot manager displays the
                multiboot menu.
/timeout        Sets the boot manager time-out value.
/toolsdisplayorder  Sets the order in which the boot manager displays
                    the tools menu.

Commands that control Emergency Management Services for a boot application
==========================================================================
/bootems        Enables or disables Emergency Management Services
                for a boot application.
/ems            Enables or disables Emergency Management Services for an
                operating system entry.
/emssettings    Sets the global Emergency Management Services parameters.

Command that control debugging
==============================
/bootdebug      Enables or disables boot debugging for a boot application.
/dbgsettings    Sets the global debugger parameters.
/debug          Enables or disables kernel debugging for an operating system
                entry.
/hypervisorsettings  Sets the hypervisor parameters.

 

BDEHDCFG   (Version 6.1.7601.17514)

BitLocker Drive Preparation Tool version 6.1.7601
Copyright (C) 2006-2008 Microsoft Corporation.

Usage:

BdeHdCfg[.exe] 
               [-driveinfo]
               [-target {default | unallocated | 
                         TargetDriveLetter {shrink | merge}}]
               [-newdriveletter DriveLetter]
               [-size SizeInMegabytes]
               [-quiet] [-restart] [{-? | /?}]

Description:
  This command prepares your hard drive for BitLocker Drive Encryption.

  Command line parameters are not case-sensitive.

Parameters:
  -driveinfo
        Displays information about valid target drives.

  -target
        Specifies the target and operation.

        Specify 'shrink' to create a new active partition.
        Specify 'merge' to make an existing partition active.
        Specify 'unallocated' to use unformatted space on disk.
        Specify 'default' for the target to be chosen automatically.

        Examples: -target D: merge
                  -target C: shrink
                  -target unallocated
                  -target default

  -newdriveletter
        Specifies the desired drive letter for the new drive. This option is
        only valid when a new drive is created.

        Example: -newdriveletter S:

  -size
        Specifies the desired size of the new drive. This option is only valid
        when a new drive is created.

        If not specified, the Drive Preparation Tool assumes the required
        minimum size of 300 megabytes.

        Example: -size 700
        
  -quiet
        Specifies operation in quiet mode. No output from the drive preparation
        tool is displayed.

  -restart
        Enables an automatic restart after drive preparation.

        You must restart your computer before enabling BitLocker.

  -? or /?
        Displays help for this command.

Examples:
    BdeHdCfg -target c: shrink -newdriveletter x: -size 300 -quiet -restart
    BdeHdCfg -target d: merge -quiet -restart
    BdeHdCfg -target unallocated -newdriveletter s:
    BdeHdCfg -target default

 

BITSADMIN   (Version 7.5.7601.17514)

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command
The following commands are available:

/HELP           Prints this help 
/?              Prints this help 
/UTIL /?        Prints the list of utilities commands 
/PEERCACHING /?   Prints the list of commands to manage Peercaching
/CACHE /?       Prints the list of cache management commands 
/PEERS /?       Prints the list of peer management commands

/LIST    [/ALLUSERS] [/VERBOSE]     List the jobs
/MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager
/RESET   [/ALLUSERS]                Deletes all jobs in the manager

/TRANSFER <job name> [type] [/PRIORITY priority] [/ACLFLAGS flags] 
          remote_url local_name
    Transfers one of more files.
    [type] may be /DOWNLOAD or /UPLOAD; default is download
    Multiple URL/file pairs may be specified.
    Unlike most commands, <job name> may only be a name and not a GUID.

/CREATE [type] <job name>               Creates a job
    [type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download
    Unlike most commands, <job name> may only be a name and not a GUID.

/INFO <job> [/VERBOSE]                   Displays information about the job
/ADDFILE <job> <remote_url> <local_name> Adds a file to the job
/ADDFILESET <job> <textfile>             Adds multiple files to the job
   Each line of <textfile> lists a file's remote name and local name, separated
   by spaces.  A line beginning with '#' is treated as a comment.
   Once the file set is read into memory, the contents are added to the job.

/ADDFILEWITHRANGES  <job> <remote_url> <local_name range_list>
   Like /ADDFILE, but BITS will read only selected byte ranges of the URL.
   range_list is a comma-delimited series of offset and length pairs.
   For example,

       0:100,2000:100,5000:eof

   instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting
   at offset 2000, and the remainder of the URL starting at offset 5000.

/REPLACEREMOTEPREFIX <job> <old_prefix> <new_prefix>
    All files whose URL begins with <old_prefix> are changed to use <new_prefix>

Note that BITS currently supports HTTP/HTTPS downloads and uploads.
It also supports UNC paths and file:// paths as URLS

/LISTFILES <job>                     Lists the files in the job
/SUSPEND <job>                       Suspends the job
/RESUME <job>                        Resumes the job
/CANCEL <job>                        Cancels the job
/COMPLETE <job>                      Completes the job

/GETTYPE <job>                       Retrieves the job type
/GETACLFLAGS <job>                   Retrieves the ACL propagation flags

/SETACLFLAGS <job> <ACL_flags>       Sets the ACL propagation flags for the job
  O - OWNER       G - GROUP 
  D - DACL        S - SACL  

  Examples:
      bitsadmin /setaclflags MyJob OGDS
      bitsadmin /setaclflags MyJob OGD

/GETBYTESTOTAL <job>                 Retrieves the size of the job
/GETBYTESTRANSFERRED <job>           Retrieves the number of bytes transferred
/GETFILESTOTAL <job>                 Retrieves the number of files in the job
/GETFILESTRANSFERRED <job>           Retrieves the number of files transferred
/GETCREATIONTIME <job>               Retrieves the job creation time
/GETMODIFICATIONTIME <job>           Retrieves the job modification time
/GETCOMPLETIONTIME <job>             Retrieves the job completion time
/GETSTATE <job>                      Retrieves the job state
/GETERROR <job>                      Retrieves detailed error information
/GETOWNER <job>                      Retrieves the job owner
/GETDISPLAYNAME <job>                Retrieves the job display name
/SETDISPLAYNAME <job> <display_name> Sets the job display name
/GETDESCRIPTION <job>                Retrieves the job description
/SETDESCRIPTION <job> <description>  Sets the job description
/GETPRIORITY    <job>                Retrieves the job priority
/SETPRIORITY    <job> <priority>     Sets the job priority
   Priority usage choices:
      FOREGROUND 
      HIGH
      NORMAL
      LOW
/GETNOTIFYFLAGS <job>                 Retrieves the notify flags
/SETNOTIFYFLAGS <job> <notify_flags>  Sets the notify flags
    For more help on this option, please refer to the MSDN help page for SetNotifyFlags
/GETNOTIFYINTERFACE <job>             Determines if notify interface is registered
/GETMINRETRYDELAY <job>               Retrieves the retry delay in seconds
/SETMINRETRYDELAY <job> <retry_delay> Sets the retry delay in seconds
/GETNOPROGRESSTIMEOUT <job>           Retrieves the no progress timeout in seconds
/SETNOPROGRESSTIMEOUT <job> <timeout> Sets the no progress timeout in seconds
/GETMAXDOWNLOADTIME <job>             Retrieves the download timeout in seconds
/SETMAXDOWNLOADTIME <job> <timeout>   Sets the download timeout in seconds
/GETERRORCOUNT <job>                  Retrieves an error count for the job

/SETPROXYSETTINGS <job> <usage>      Sets the proxy usage
   usage choices:
    PRECONFIG   - Use the owner's default Internet settings.
    AUTODETECT  - Force autodetection of proxy.
    NO_PROXY    - Do not use a proxy server.
    OVERRIDE    - Use an explicit proxy list and bypass list. 
                  Must be followed by a proxy list and a proxy bypass list.
                  NULL or "" may be used for an empty proxy bypass list.
  Examples:
      bitsadmin /setproxysettings MyJob PRECONFIG
      bitsadmin /setproxysettings MyJob AUTODETECT
      bitsadmin /setproxysettings MyJob NO_PROXY
      bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "<local>" 
      bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL 

/GETPROXYUSAGE <job>                 Retrieves the proxy usage setting
/GETPROXYLIST <job>                  Retrieves the proxy list
/GETPROXYBYPASSLIST <job>            Retrieves the proxy bypass list

/TAKEOWNERSHIP <job>                 Take ownership of the job

/SETNOTIFYCMDLINE <job> <program_name> [program_parameters] 
    Sets a program to execute for notification, and optionally parameters.
    The program name and parameters can be NULL.
    IMPORTANT: if parameters are non-NULL, then the program name should be the
               first parameter.

  Examples:
    bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe  NULL
    bitsadmin /SetNotifyCmdLine MyJob c:\foo.exe "c:\foo.exe parm1 parm2" 
    bitsadmin /SetNotifyCmdLine MyJob NULL NULL

/GETNOTIFYCMDLINE <job>              Returns the job's notification command line

/SETCREDENTIALS <job> <target> <scheme> <username> <password>
  Adds credentials to a job.
  <target> may be either SERVER or PROXY
  <scheme> may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT. 

/REMOVECREDENTIALS <job> <target> <scheme> 
  Removes credentials from a job.
/GETCUSTOMHEADERS <job>                           Gets the Custom HTTP Headers
/SETCUSTOMHEADERS <job> <header1> <header2> <...> Sets the Custom HTTP Headers
/GETCLIENTCERTIFICATE <job>                       Gets the job's Client Certificate Information
/SETCLIENTCERTIFICATEBYID <job> <store_location> <store_name> <hexa-decimal_cert_id>
  Sets a client authentication certificate to a job.
  <store_location> may be 
	1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),
	4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),
	7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). 

/SETCLIENTCERTIFICATEBYNAME <job> <store_location> <store_name> <subject_name>
  Sets a client authentication certificate to a job.
  <store_location> may be 
	1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),
	4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),
	7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). 

/REMOVECLIENTCERTIFICATE <job>                Removes the Client Certificate Information from the job

/SETSECURITYFLAGS <job> <value>   
   Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.
   The value is an unsigned integer with the following interpretation for the bits in the binary representation.
     Enable CRL Check                                 : Set the least significant bit
     Ignore invalid common name in server certificate : Set the 2nd bit from right
     Ignore invalid date in  server certificate       : Set the 3rd bit from right
     Ignore invalid certificate authority in server
       certificate                                    : Set the 4th bit from right
     Ignore invalid usage of certificate              : Set the 5th bit from right
     Redirection policy                               : Controlled by the 9th-11th bits from right
         0,0,0  - Redirects will be automatically allowed.
         0,0,1  - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs.
         0,1,0  - BITS will fail the job if a redirect occurs.

     Allow redirection from HTTPS to HTTP             : Set the 12th bit from right

/GETSECURITYFLAGS <job>   
   Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

/SETVALIDATIONSTATE  <job>  <file-index> <true|false>
      <file-index> starts from 0          
    Sets the content-validation state of the given file within the job.

/GETVALIDATIONSTATE  <job>  <file-index>  
      <file-index> starts from 0          
    Reports the content-validation state of the given file within the job.

/GETTEMPORARYNAME  <job>  <file-index>  
      <file-index> starts from 0          
    Reports the temporary filename of the given file within the job.

The following options control peercaching of a particular job:

/SETPEERCACHINGFLAGS  <job> <value>   
    Sets the flags for the job's peercaching behavior.
    The value is an unsigned integer with the following interpretation for the bits in the binary representation.
        Allow the job's data to be downloaded from a peer : Set the least significant bit
        Allow the job's data to be served to peers        : Set the 2nd bit from right

/GETPEERCACHINGFLAGS  <job>               
    Reports the flags for the job's peercaching behavior.

The following options are valid for UPLOAD-REPLY jobs only:

/GETREPLYFILENAME <job>        Gets the path of the file containing the server reply
/SETREPLYFILENAME <job> <path> Sets the path of the file containing the server reply
/GETREPLYPROGRESS <job>        Gets the size and progress of the server reply
/GETREPLYDATA     <job>        Dumps the server's reply data in hex format

The following options can be placed before the command:
/RAWRETURN                     Return data more suitable for parsing
/WRAP                          Wrap output around console (default)
/NOWRAP                        Don't wrap output around console

The /RAWRETURN option strips new line characters and formatting.
It is recognized by the /CREATE and /GET* commands.

Commands that take a <job> parameter will accept either a job name or a job ID
GUID inside braces.  BITSADMIN reports an error if a name is ambiguous.

 

BOOTCFG   (Version 6.1.7600.16385)

BOOTCFG /parameter [arguments]

Description:
    This command line tool can be used to configure, query, change or 
    delete the boot entry settings in the BOOT.INI file.

Parameter List:
    /Copy       Makes a copy of an existing boot entry.

    /Delete     Deletes an existing boot entry from the BOOT.INI file.

    /Query      Displays the current boot entries and their settings.

    /Raw        Allows the user to specify any switch to be added.

    /Timeout    Allows the user to change the Timeout value.

    /Default    Allows the user to change the Default boot entry.

    /EMS        Allows the user to configure the /redirect switch
                for headless support.

    /Debug      Allows the user to specify the port and baudrate for 
                remote debugging.

    /Addsw      Allows the user to add predefined switches.

    /Rmsw       Allows the user to remove predefined switches.

    /Dbg1394    Allows the user to configure 1394 port for debugging.

    /?          Displays this help message.

Examples:
    BOOTCFG /Copy /?
    BOOTCFG /Delete /?
    BOOTCFG /Query /?
    BOOTCFG /Raw /?
    BOOTCFG /Timeout /?
    BOOTCFG /EMS /?
    BOOTCFG /Debug /?
    BOOTCFG /Addsw /?
    BOOTCFG /Rmsw /?
    BOOTCFG /Dbg1394 /?
    BOOTCFG /Default /?
    BOOTCFG /?

WARNING: BOOT.INI is used for boot options on Windows XP and earlier
         operating systems.  Use the BCDEDIT command line tool to modify
         Windows Vista boot options.

 

BREAK   (internal command)

Sets or Clears Extended CTRL+C checking on DOS system

This is present for Compatibility with DOS systems. It has no effect
under Windows.

If Command Extensions are enabled, and running on the Windows
platform, then the BREAK command will enter a hard coded breakpoint
if being debugged by a debugger.

 

CACLS   (Version 6.1.7600.16385)

 NOTE: Cacls is now deprecated, please use Icacls.

 Displays or modifies access control lists (ACLs) of files

 CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]
        [/R user [...]] [/P user:perm [...]] [/D user [...]]
    filename      Displays ACLs.
    /T            Changes ACLs of specified files in
                  the current directory and all subdirectories.
    /L            Work on the Symbolic Link itself versus the target
    /M            Changes ACLs of volumes mounted to a directory
    /S            Displays the SDDL string for the DACL.
    /S:SDDL       Replaces the ACLs with those specified in the SDDL string
                  (not valid with /E, /G, /R, /P, or /D).
    /E            Edit ACL instead of replacing it.
    /C            Continue on access denied errors.
    /G user:perm  Grant specified user access rights.
                  Perm can be: R  Read
                               W  Write
                               C  Change (write)
                               F  Full control
    /R user       Revoke specified user's access rights (only valid with /E).
    /P user:perm  Replace specified user's access rights.
                  Perm can be: N  None
                               R  Read
                               W  Write
                               C  Change (write)
                               F  Full control
    /D user       Deny specified user access.
 Wildcards can be used to specify more than one file in a command.
 You can specify more than one user in a command.

 Abbreviations:
    CI - Container Inherit.
         The ACE will be inherited by directories.
    OI - Object Inherit.
         The ACE will be inherited by files.
    IO - Inherit Only.
         The ACE does not apply to the current file/directory.
    ID - Inherited.
         The ACE was inherited from the parent directory's ACL.

 

CALL   (internal command)

Calls one batch program from another.

CALL [drive:][path]filename [batch-parameters]

  batch-parameters   Specifies any command-line information required by the
                     batch program.

If Command Extensions are enabled CALL changes as follows:

CALL command now accepts labels as the target of the CALL.  The syntax
is:

    CALL :label arguments

A new batch file context is created with the specified arguments and
control is passed to the statement after the label specified.  You must
"exit" twice by reaching the end of the batch script file twice.  The
first time you read the end, control will return to just after the CALL
statement.  The second time will exit the batch script.  Type GOTO /?
for a description of the GOTO :EOF extension that will allow you to
"return" from a batch script.

In addition, expansion of batch script argument references (%0, %1,
etc.) have been changed as follows:


    %* in a batch script refers to all the arguments (e.g. %1 %2 %3
        %4 %5 ...)

    Substitution of batch parameters (%n) has been enhanced.  You can
    now use the following optional syntax:

        %~1         - expands %1 removing any surrounding quotes (")
        %~f1        - expands %1 to a fully qualified path name
        %~d1        - expands %1 to a drive letter only
        %~p1        - expands %1 to a path only
        %~n1        - expands %1 to a file name only
        %~x1        - expands %1 to a file extension only
        %~s1        - expanded path contains short names only
        %~a1        - expands %1 to file attributes
        %~t1        - expands %1 to date/time of file
        %~z1        - expands %1 to size of file
        %~$PATH:1   - searches the directories listed in the PATH
                       environment variable and expands %1 to the fully
                       qualified name of the first one found.  If the
                       environment variable name is not defined or the
                       file is not found by the search, then this
                       modifier expands to the empty string

    The modifiers can be combined to get compound results:

        %~dp1       - expands %1 to a drive letter and path only
        %~nx1       - expands %1 to a file name and extension only
        %~dp$PATH:1 - searches the directories listed in the PATH
                       environment variable for %1 and expands to the
                       drive letter and path of the first one found.
        %~ftza1     - expands %1 to a DIR like output line

    In the above examples %1 and PATH can be replaced by other
    valid values.  The %~ syntax is terminated by a valid argument
    number.  The %~ modifiers may not be used with %*

 

CD   (internal command)

Displays the name of or changes the current directory.

CHDIR [/D] [drive:][path]
CHDIR [..]
CD [/D] [drive:][path]
CD [..]

  ..   Specifies that you want to change to the parent directory.

Type CD drive: to display the current directory in the specified drive.
Type CD without parameters to display the current drive and directory.

Use the /D switch to change current drive in addition to changing current
directory for a drive.

If Command Extensions are enabled CHDIR changes as follows:

The current directory string is converted to use the same case as
the on disk names.  So CD C:\TEMP would actually set the current
directory to C:\Temp if that is the case on disk.

CHDIR command does not treat spaces as delimiters, so it is possible to
CD into a subdirectory name that contains a space without surrounding
the name with quotes.  For example:

    cd \winnt\profiles\username\programs\start menu

is the same as:

    cd "\winnt\profiles\username\programs\start menu"

which is what you would have to type if extensions were disabled.

 

CDBURN   (Version 5.2.3790.0)

Usage:
	cdburn <drive> -erase [image [options]]
	cdburn <drive> image [options]
Options:
	-erase            Erases the disk before burning (valid for R/W only)
	-sao              Writes the image out in "session at once", or cue
	                  sheet, mode (default is "track at once")
	-speed            Speed of burn, or 'max' for maximum speed
	-imagehaspostgap  Use if your image already contains a 150 sector postgap
	The [image] must be provided unless the -erase flag is set.
	If both an image and -erase are provided, the media will be
	erased prior to burning the image to the disc.

 

CERTREQ   (Version 6.1.7600.16385)

Usage:
  CertReq -?
  CertReq [-v] -?
  CertReq [-Command] -?

  CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]
    Submit a request to a Certification Authority.

  Options:
    -attrib AttributeString
    -binary
    -PolicyServer PolicyServer
    -config ConfigString
    -Anonymous
    -Kerberos
    -ClientCertificate ClientCertId
    -UserName UserName
    -p Password
    -crl
    -rpc
    -AdminForceMachine
    -RenewOnBehalfOf

  CertReq -Retrieve [Options] RequestId [CertFileOut [CertChainFileOut [FullResponseFileOut]]]
    Retrieve a response to a previous request from a Certification Authority.

  Options:
    -binary
    -PolicyServer PolicyServer
    -config ConfigString
    -Anonymous
    -Kerberos
    -ClientCertificate ClientCertId
    -UserName UserName
    -p Password
    -crl
    -rpc
    -AdminForceMachine

  CertReq -New [Options] [PolicyFileIn [RequestFileOut]]
    Create a new request as directed by PolicyFileIn

  Options:
    -attrib AttributeString
    -binary
    -cert CertId
    -PolicyServer PolicyServer
    -config ConfigString
    -Anonymous
    -Kerberos
    -ClientCertificate ClientCertId
    -UserName UserName
    -p Password
    -user
    -machine
    -xchg ExchangeCertFile

  CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn]
    Accept and install a response to a previous new request.

  Options:
    -user 
    -machine

  CertReq -Policy [Options] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]]
    Construct a cross certification or qualified subordination request
    from an existing CA certificate or from an existing request.

  Options:
    -attrib AttributeString
    -binary
    -cert CertId
    -PolicyServer PolicyServer
    -Anonymous
    -Kerberos
    -ClientCertificate ClientCertId
    -UserName UserName
    -p Password
    -noEKU
    -AlternateSignatureAlgorithm
    -HashAlgorithm HashAlgorithm

  CertReq -Sign [Options] [RequestFileIn [RequestFileOut]]
    Sign a certificate request with an enrollment agent or qualified
    subordination signing certificate.

  Options:
    -binary
    -cert CertId
    -PolicyServer PolicyServer
    -Anonymous
    -Kerberos
    -ClientCertificate ClientCertId
    -UserName UserName
    -p Password
    -crl
    -noEKU
    -HashAlgorithm HashAlgorithm

  CertReq -Enroll [Options] TemplateName
  CertReq -Enroll -cert CertId [Options] Renew [ReuseKeys]
    Enroll for or renew a certificate.

  Options:
    -PolicyServer PolicyServer
    -user 
    -machine

 

CERTUTIL   (Version 6.1.7601.18151)

Verbs:
  -dump             -- Dump configuration information or files
  -asn              -- Parse ASN.1 file

  -decodehex        -- Decode hexadecimal-encoded file
  -decode           -- Decode Base64-encoded file
  -encode           -- Encode file to Base64

  -deny             -- Deny pending request
  -resubmit         -- Resubmit pending request
  -setattributes    -- Set attributes for pending request
  -setextension     -- Set extension for pending request
  -revoke           -- Revoke Certificate
  -isvalid          -- Display current certificate disposition

  -getconfig        -- Get default configuration string
  -ping             -- Ping Active Directory Certificate Services Request interface
  -pingadmin        -- Ping Active Directory Certificate Services Admin interface
  -CAInfo           -- Display CA Information
  -ca.cert          -- Retrieve the CA's certificate
  -ca.chain         -- Retrieve the CA's certificate chain
  -GetCRL           -- Get CRL
  -CRL              -- Publish new CRLs [or delta CRLs only]
  -shutdown         -- Shutdown Active Directory Certificate Services

  -installCert      -- Install Certification Authority certificate
  -renewCert        -- Renew Certification Authority certificate

  -schema           -- Dump Certificate Schema
  -view             -- Dump Certificate View
  -db               -- Dump Raw Database
  -deleterow        -- Delete server database row

  -backup           -- Backup Active Directory Certificate Services
  -backupDB         -- Backup Active Directory Certificate Services database
  -backupKey        -- Backup Active Directory Certificate Services certificate and private key
  -restore          -- Restore Active Directory Certificate Services
  -restoreDB        -- Restore Active Directory Certificate Services database
  -restoreKey       -- Restore Active Directory Certificate Services certificate and private key
  -importPFX        -- Import certificate and private key
  -dynamicfilelist  -- Display dynamic file List
  -databaselocations -- Display database locations
  -hashfile         -- Generate and display cryptographic hash over a file

  -store            -- Dump certificate store
  -addstore         -- Add certificate to store
  -delstore         -- Delete certificate from store
  -verifystore      -- Verify certificate in store
  -repairstore      -- Repair key association or update certificate properties or key security descriptor
  -viewstore        -- Dump certificate store
  -viewdelstore     -- Delete certificate from store

  -dsPublish        -- Publish certificate or CRL to Active Directory

  -ADTemplate       -- Display AD templates
  -Template         -- Display Enrollment Policy templates
  -TemplateCAs      -- Display CAs for template
  -CATemplates      -- Display templates for CA
  -enrollmentServerURL -- Display, add or delete enrollment server URLs associated with a CA
  -ADCA             -- Display AD CAs
  -CA               -- Display Enrollment Policy CAs
  -Policy           -- Display Enrollment Policy
  -PolicyCache      -- Display or delete Enrollment Policy Cache entries
  -CredStore        -- Display, add or delete Credential Store entries
  -InstallDefaultTemplates -- Install default certificate templates
  -URLCache         -- Display or delete URL cache entries
  -pulse            -- Pulse autoenrollment events
  -MachineInfo      -- Display Active Directory machine object information
  -DCInfo           -- Display domain controller information
  -EntInfo          -- Display enterprise information
  -TCAInfo          -- Display CA information
  -SCInfo           -- Display smart card information

  -SCRoots          -- Manage smart card root certificates

  -verifykeys       -- Verify public/private key set
  -verify           -- Verify certificate, CRL or chain
  -syncWithWU       -- Sync with Windows Update
  -generateSSTFromWU -- Generate SST from Windows Update
  -sign             -- Re-sign CRL or certificate

  -vroot            -- Create/delete web virtual roots and file shares
  -vocsproot        -- Create/delete web virtual roots for OCSP web proxy
  -addEnrollmentServer -- Add an Enrollment Server application
  -deleteEnrollmentServer -- Delete an Enrollment Server application
  -oid              -- Display ObjectId or set display name
  -error            -- Display error code message text
  -getreg           -- Display registry value
  -setreg           -- Set registry value
  -delreg           -- Delete registry value

  -ImportKMS        -- Import user keys and certificates into server database for key archival
  -ImportCert       -- Import a certificate file into the database
  -GetKey           -- Retrieve archived private key recovery blob
  -RecoverKey       -- Recover archived private key
  -MergePFX         -- Merge PFX files
  -ConvertEPF       -- Convert PFX files to EPF file
  -?                -- Display this usage message


CertUtil -?              -- Display a verb list (command list)
CertUtil -dump -?        -- Display help text for the "dump" verb
CertUtil -v -?           -- Display all help text for all verbs

CertUtil: -? command completed successfully.

 

CHANGE   (Version 6.1.7601.17514)

CHANGE { LOGON | PORT | USER }

 

CHCP   (internal command)

Displays or sets the active code page number.

CHCP [nnn]

  nnn   Specifies a code page number.

Type CHCP without a parameter to display the active code page number.

 

CHDIR   (internal command)

Displays the name of or changes the current directory.

CHDIR [/D] [drive:][path]
CHDIR [..]
CD [/D] [drive:][path]
CD [..]

  ..   Specifies that you want to change to the parent directory.

Type CD drive: to display the current directory in the specified drive.
Type CD without parameters to display the current drive and directory.

Use the /D switch to change current drive in addition to changing current
directory for a drive.

If Command Extensions are enabled CHDIR changes as follows:

The current directory string is converted to use the same case as
the on disk names.  So CD C:\TEMP would actually set the current
directory to C:\Temp if that is the case on disk.

CHDIR command does not treat spaces as delimiters, so it is possible to
CD into a subdirectory name that contains a space without surrounding
the name with quotes.  For example:

    cd \winnt\profiles\username\programs\start menu

is the same as:

    cd "\winnt\profiles\username\programs\start menu"

which is what you would have to type if extensions were disabled.

 

CHGLOGON   (Version 6.1.7601.17514)

Enable, disable, or drain session logins.

CHANGE LOGON {/QUERY | /ENABLE | /DISABLE | /DRAIN | /DRAINUNTILRESTART}

  /QUERY    Query current session login mode.
  /ENABLE   Enable user login from sessions.
  /DISABLE  Disable user login from sessions.
  /DRAIN    Disable new user logons, but allow reconnections to existing sessions.
  /DRAINUNTILRESTART    Disable new user logons until the server is restarted, but allow reconnections to existing sessions.

 

CHGPORT   (Version 6.1.7601.17514)

List or change COM port mappings for DOS application compatibility.

CHANGE PORT [portx=porty | /D portx | /QUERY]

  portx=porty  Map port x to port y.
  /D portx    Delete mapping for port x.
  /QUERY      Display current mapping ports.

 

CHGUSR   (Version 6.1.7601.17514)

Change Install Mode.

CHANGE USER {/EXECUTE | /INSTALL | /QUERY}

  /EXECUTE  Enable execute mode (default).
  /INSTALL  Enable install mode.
  /QUERY    Display current settings.

 

CHKDSK   (Version 6.1.7600.16385)

Checks a disk and displays a status report.


CHKDSK [volume[[path]filename]]] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]] [/B]


  volume          Specifies the drive letter (followed by a colon),
                  mount point, or volume name.
  filename        FAT/FAT32 only: Specifies the files to check for fragmentation.
  /F              Fixes errors on the disk.
  /V              On FAT/FAT32: Displays the full path and name of every file
                  on the disk.
                  On NTFS: Displays cleanup messages if any.
  /R              Locates bad sectors and recovers readable information
                  (implies /F).
  /L:size         NTFS only:  Changes the log file size to the specified number
                  of kilobytes.  If size is not specified, displays current
                  size.
  /X              Forces the volume to dismount first if necessary.
                  All opened handles to the volume would then be invalid
                  (implies /F).
  /I              NTFS only: Performs a less vigorous check of index entries.
  /C              NTFS only: Skips checking of cycles within the folder
                  structure.
  /B              NTFS only: Re-evaluates bad clusters on the volume
                  (implies /R)

The /I or /C switch reduces the amount of time required to run Chkdsk by
skipping certain checks of the volume.

 

CHKNTFS   (Version 6.1.7600.16385)

Displays or modifies the checking of disk at boot time.

CHKNTFS volume [...]
CHKNTFS /D
CHKNTFS /T[:time]
CHKNTFS /X volume [...]
CHKNTFS /C volume [...]

  volume         Specifies the drive letter (followed by a colon),
                 mount point, or volume name.
  /D             Restores the machine to the default behavior; all drives are
                 checked at boot time and chkdsk is run on those that are
                 dirty.
  /T:time        Changes the AUTOCHK initiation countdown time to the
                 specified amount of time in seconds.  If time is not
                 specified, displays the current setting.
  /X             Excludes a drive from the default boot-time check.  Excluded
                 drives are not accumulated between command invocations.
  /C             Schedules a drive to be checked at boot time; chkdsk will run
                 if the drive is dirty.

If no switches are specified, CHKNTFS will display if the specified drive is
dirty or scheduled to be checked on next reboot.

 

CHOICE

CHOICE [/C choices] [/N] [/CS] [/T timeout /D choice] [/M text]

Description:
    This tool allows users to select one item from a list 
    of choices and returns the index of the selected choice.

Parameter List:
   /C    choices       Specifies the list of choices to be created.
                       Default list is "YN".

   /N                  Hides the list of choices in the prompt.
                       The message before the prompt is displayed
                       and the choices are still enabled.

   /CS                 Enables case-sensitive choices to be selected.
                       By default, the utility is case-insensitive.

   /T    timeout       The number of seconds to pause before a default 
                       choice is made. Acceptable values are from 0 to 
                       9999. If 0 is specified, there will be no pause 
                       and the default choice is selected.

   /D    choice        Specifies the default choice after nnnn seconds.
                       Character must be in the set of choices specified
                       by /C option and must also specify nnnn with /T.

   /M    text          Specifies the message to be displayed before 
                       the prompt. If not specified, the utility 
                       displays only a prompt.

   /?                  Displays this help message.

   NOTE:
   The ERRORLEVEL environment variable is set to the index of the
   key that was selected from the set of choices. The first choice
   listed returns a value of 1, the second a value of 2, and so on.
   If the user presses a key that is not a valid choice, the tool 
   sounds a warning beep. If tool detects an error condition,
   it returns an ERRORLEVEL value of 255. If the user presses 
   CTRL+BREAK or CTRL+C, the tool returns an ERRORLEVEL value
   of 0. When you use ERRORLEVEL parameters in a batch program, list
   them in decreasing order.

Examples:
   CHOICE /?
   CHOICE /C YNC /M "Press Y for Yes, N for No or C for Cancel."
   CHOICE /T 10 /C ync /CS /D y 
   CHOICE /C ab /M "Select a for option 1 and b for option 2."
   CHOICE /C ab /N /M "Select a for option 1 and b for option 2."

 

CIPHER   (Version 6.1.7600.16385)

This program is blocked by group policy. For more information, contact your system administrator.

 

CLIP   (Version 6.1.7600.16385)

CLIP

Description:
    Redirects output of command line tools to the Windows clipboard.
    This text output can then be pasted into other programs.

Parameter List:
    /?                  Displays this help message.

Examples:
    DIR | CLIP          Places a copy of the current directory
                        listing into the Windows clipboard.

    CLIP < README.TXT   Places a copy of the text from readme.txt
                        on to the Windows clipboard.

 

CLS   (internal command)

Clears the screen.

CLS

 

CMD   (Version 6.1.7601.17514)

Starts a new instance of the Windows command interpreter

CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF]
    [[/S] [/C | /K] string]

/C      Carries out the command specified by string and then terminates
/K      Carries out the command specified by string but remains
/S      Modifies the treatment of string after /C or /K (see below)
/Q      Turns echo off
/D      Disable execution of AutoRun commands from registry (see below)
/A      Causes the output of internal commands to a pipe or file to be ANSI
/U      Causes the output of internal commands to a pipe or file to be
        Unicode
/T:fg   Sets the foreground/background colors (see COLOR /? for more info)
/E:ON   Enable command extensions (see below)
/E:OFF  Disable command extensions (see below)
/F:ON   Enable file and directory name completion characters (see below)
/F:OFF  Disable file and directory name completion characters (see below)
/V:ON   Enable delayed environment variable expansion using ! as the
        delimiter. For example, /V:ON would allow !var! to expand the
        variable var at execution time.  The var syntax expands variables
        at input time, which is quite a different thing when inside of a FOR
        loop.
/V:OFF  Disable delayed environment expansion.

Note that multiple commands separated by the command separator '&&'
are accepted for string if surrounded by quotes.  Also, for compatibility
reasons, /X is the same as /E:ON, /Y is the same as /E:OFF and /R is the
same as /C.  Any other switches are ignored.

If /C or /K is specified, then the remainder of the command line after
the switch is processed as a command line, where the following logic is
used to process quote (") characters:

    1.  If all of the following conditions are met, then quote characters
        on the command line are preserved:

        - no /S switch
        - exactly two quote characters
        - no special characters between the two quote characters,
          where special is one of: &<>()@ˆ|
        - there are one or more whitespace characters between the
          two quote characters
        - the string between the two quote characters is the name
          of an executable file.

    2.  Otherwise, old behavior is to see if the first character is
        a quote character and if so, strip the leading character and
        remove the last quote character on the command line, preserving
        any text after the last quote character.

If /D was NOT specified on the command line, then when CMD.EXE starts, it
looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if
either or both are present, they are executed first.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun

        and/or

    HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

Command Extensions are enabled by default.  You may also disable
extensions for a particular invocation by using the /E:OFF switch.  You
can enable or disable extensions for all invocations of CMD.EXE on a
machine and/or user logon session by setting either or both of the
following REG_DWORD values in the registry using REGEDIT.EXE:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions

        and/or

    HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions

to either 0x1 or 0x0.  The user specific setting takes precedence over
the machine setting.  The command line switches take precedence over the
registry settings.

In a batch file, the SETLOCAL ENABLEEXTENSIONS or DISABLEEXTENSIONS arguments
takes precedence over the /E:ON or /E:OFF switch. See SETLOCAL /? for details.

The command extensions involve changes and/or additions to the following
commands:

    DEL or ERASE
    COLOR
    CD or CHDIR
    MD or MKDIR
    PROMPT
    PUSHD
    POPD
    SET
    SETLOCAL
    ENDLOCAL
    IF
    FOR
    CALL
    SHIFT
    GOTO
    START (also includes changes to external command invocation)
    ASSOC
    FTYPE

To get specific details, type commandname /? to view the specifics.

Delayed environment variable expansion is NOT enabled by default.  You
can enable or disable delayed environment variable expansion for a
particular invocation of CMD.EXE with the /V:ON or /V:OFF switch.  You
can enable or disable delayed expansion for all invocations of CMD.EXE on a
machine and/or user logon session by setting either or both of the
following REG_DWORD values in the registry using REGEDIT.EXE:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion

        and/or

    HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion

to either 0x1 or 0x0.  The user specific setting takes precedence over
the machine setting.  The command line switches take precedence over the
registry settings.

In a batch file the SETLOCAL ENABLEDELAYEDEXPANSION or DISABLEDELAYEDEXPANSION
arguments takes precedence over the /V:ON or /V:OFF switch. See SETLOCAL /?
for details.

If delayed environment variable expansion is enabled, then the exclamation
character can be used to substitute the value of an environment variable
at execution time.

You can enable or disable file name completion for a particular
invocation of CMD.EXE with the /F:ON or /F:OFF switch.  You can enable
or disable completion for all invocations of CMD.EXE on a machine and/or
user logon session by setting either or both of the following REG_DWORD
values in the registry using REGEDIT.EXE:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar

        and/or

    HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar

with the hex value of a control character to use for a particular
function (e.g.  0x4 is Ctrl-D and 0x6 is Ctrl-F).  The user specific
settings take precedence over the machine settings.  The command line
switches take precedence over the registry settings.

If completion is enabled with the /F:ON switch, the two control
characters used are Ctrl-D for directory name completion and Ctrl-F for
file name completion.  To disable a particular completion character in
the registry, use the value for space (0x20) as it is not a valid
control character.

Completion is invoked when you type either of the two control
characters.  The completion function takes the path string to the left
of the cursor appends a wild card character to it if none is already
present and builds up a list of paths that match.  It then displays the
first matching path.  If no paths match, it just beeps and leaves the
display alone.  Thereafter, repeated pressing of the same control
character will cycle through the list of matching paths.  Pressing the
Shift key with the control character will move through the list
backwards.  If you edit the line in any way and press the control
character again, the saved list of matching paths is discarded and a new
one generated.  The same occurs if you switch between file and directory
name completion.  The only difference between the two control characters
is the file completion character matches both file and directory names,
while the directory completion character only matches directory names.
If file completion is used on any of the built in directory commands
(CD, MD or RD) then directory completion is assumed.

The completion code deals correctly with file names that contain spaces
or other special characters by placing quotes around the matching path.
Also, if you back up, then invoke completion from within a line, the
text to the right of the cursor at the point completion was invoked is
discarded.

The special characters that require quotes are:
     <space>
     &()[]{}ˆ=;!'+,`~

 

CMDKEY   (Version 6.1.7600.16385)

Creates, displays, and deletes stored user names and passwords.

The syntax of this command is:

CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}]

Examples:

  To list available credentials:
     cmdkey /list
     cmdkey /list:targetname

  To create domain credentials:
     cmdkey /add:targetname /user:username /pass:password
     cmdkey /add:targetname /user:username /pass
     cmdkey /add:targetname /user:username
     cmdkey /add:targetname /smartcard
     
  To create generic credentials:
     The /add switch may be replaced by /generic to create generic credentials

  To delete existing credentials:
     cmdkey /delete:targetname

  To delete RAS credentials:
     cmdkey /delete /ras
     

 

COLOR   (internal command)

Sets the default console foreground and background colors.

COLOR [attr]

  attr        Specifies color attribute of console output

Color attributes are specified by TWO hex digits -- the first
corresponds to the background; the second the foreground.  Each digit
can be any of the following values:

    0 = Black       8 = Gray
    1 = Blue        9 = Light Blue
    2 = Green       A = Light Green
    3 = Aqua        B = Light Aqua
    4 = Red         C = Light Red
    5 = Purple      D = Light Purple
    6 = Yellow      E = Light Yellow
    7 = White       F = Bright White

If no argument is given, this command restores the color to what it was
when CMD.EXE started.  This value either comes from the current console
window, the /T command line switch or from the DefaultColor registry
value.

The COLOR command sets ERRORLEVEL to 1 if an attempt is made to execute
the COLOR command with a foreground and background color that are the
same.

Example: "COLOR fc" produces light red on bright white

 

COMP   (Version 6.1.7600.16385)

Compares the contents of two files or sets of files.

COMP [data1] [data2] [/D] [/A] [/L] [/N=number] [/C] [/OFF[LINE]]

  data1      Specifies location and name(s) of first file(s) to compare.
  data2      Specifies location and name(s) of second files to compare.
  /D         Displays differences in decimal format.
  /A         Displays differences in ASCII characters.
  /L         Displays line numbers for differences.
  /N=number  Compares only the first specified number of lines in each file.
  /C         Disregards case of ASCII letters when comparing files.
  /OFF[LINE] Do not skip files with offline attribute set.

To compare sets of files, use wildcards in data1 and data2 parameters.

 

COMPACT   (Version 6.1.7600.16385)

Displays or alters the compression of files on NTFS partitions.

COMPACT [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [filename [...]]

  /C        Compresses the specified files.  Directories will be marked
            so that files added afterward will be compressed.
  /U        Uncompresses the specified files.  Directories will be marked
            so that files added afterward will not be compressed.
  /S        Performs the specified operation on files in the given
            directory and all subdirectories.  Default "dir" is the
            current directory.
  /A        Displays files with the hidden or system attributes.  These
            files are omitted by default.
  /I        Continues performing the specified operation even after errors
            have occurred.  By default, COMPACT stops when an error is
            encountered.
  /F        Forces the compress operation on all specified files, even
            those which are already compressed.  Already-compressed files
            are skipped by default.
  /Q        Reports only the most essential information.
  filename  Specifies a pattern, file, or directory.

  Used without parameters, COMPACT displays the compression state of
  the current directory and any files it contains. You may use multiple
  filenames and wildcards.  You must put spaces between multiple
  parameters.

 

CONTIG   (Version 1.70.0.0)

Contig v1.7 - Makes files contiguous
Copyright (C) 1998-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

Contig is a utility that defragments a specified file or files.
Use it to optimize execution of your frequently used files.

Usage:
    CONTIG [-a] [-s] [-q] [-v] [existing file]
or  CONTIG [-f] [-q] [-v] [drive:]
or  CONTIG [-v] [-l] -n [new file] [new file length]

  -a: Analyze fragmentation
  -f: Analyze free space fragmentation
  -l: Set valid data length for quick file creation
      (requires administrator rights)
  -q: Quiet mode
  -s: Recurse subdirectories
  -v: Verbose

Contig can also analyze and defragment the following NTFS metadata files:
     $Mft
     $LogFile
     $Volume
     $AttrDef
     $Bitmap
     $Boot
     $BadClus
     $Secure
     $UpCase
     $Extend

 

CONVERT   (Version 6.1.7600.16385)

Converts a FAT volume to NTFS.

CONVERT volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X]


  volume      Specifies the drive letter (followed by a colon),
              mount point, or volume name.
  /FS:NTFS    Specifies that the volume will be converted to NTFS.
  /V          Specifies that Convert will be run in verbose mode.
  /CvtArea:filename
              Specifies a contiguous file in the root directory
              that will be the place holder for NTFS system files.
  /NoSecurity Specifies that the security settings on the converted
              files and directories allow access by all users.
  /X          Forces the volume to dismount first if necessary.
              All open handles to the volume will not be valid.

 

COPY   (internal command)

Copies one or more files to another location.

COPY [/D] [/V] [/N] [/Y | /-Y] [/Z] [/L] [/A | /B ] source [/A | /B]
     [+ source [/A | /B] [+ ...]] [destination [/A | /B]]

  source       Specifies the file or files to be copied.
  /A           Indicates an ASCII text file.
  /B           Indicates a binary file.
  /D           Allow the destination file to be created decrypted
  destination  Specifies the directory and/or filename for the new file(s).
  /V           Verifies that new files are written correctly.
  /N           Uses short filename, if available, when copying a file with a
               non-8dot3 name.
  /Y           Suppresses prompting to confirm you want to overwrite an
               existing destination file.
  /-Y          Causes prompting to confirm you want to overwrite an
               existing destination file.
  /Z           Copies networked files in restartable mode.
  /L           If the source is a symbolic link, copy the link to the target
               instead of the actual file the source link points to.

The switch /Y may be preset in the COPYCMD environment variable.
This may be overridden with /-Y on the command line.  Default is
to prompt on overwrites unless COPY command is being executed from
within a batch script.

To append files, specify a single file for destination, but multiple files
for source (using wildcards or file1+file2+file3 format).

 

COREINFO   (Version 3.31.0.0)

Coreinfo v3.31 - Dump information on system CPU and memory topology
Copyright (C) 2008-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

For each resource it shows a map of the OS-visible processors
that correspond to the specified resources, with '*' representing the 
applicable processors. For example, on a 4-core system, a line in the
cache output with a map of shared by cores 3 and 4.

Usage: coreinfo [-c][-f][-g][-l][-n][-s][-m][-v]
  -c       Dump information on cores.
  -f       Dump core feature information.
  -g       Dump information on groups.
  -l       Dump information on caches.
  -n       Dump information on NUMA nodes.
  -s       Dump information on sockets.
  -m       Dump NUMA access cost.
  -v       Dump only virtualization-related features including
           support for second level address translation
           (requires administrative rights on Intel systems).

All options except -v are selected by default.

 

CSCRIPT   (Version 5.8.7601.18283)

Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.

Usage: CScript scriptname.extension [option...] [arguments...]

Options:
 //B         Batch mode: Suppresses script errors and prompts from displaying
 //D         Enable Active Debugging
 //E:engine  Use engine for executing script
 //H:CScript Changes the default script host to CScript.exe
 //H:WScript Changes the default script host to WScript.exe (default)
 //I         Interactive mode (default, opposite of //B)
 //Job:xxxx  Execute a WSF job
 //Logo      Display logo (default)
 //Nologo    Prevent logo display: No banner will be shown at execution time
 //S         Save current command line options for this user
 //T:nn      Time out in seconds:  Maximum time a script is permitted to run
 //X         Execute script in debugger
 //U         Use Unicode for redirected I/O from the console

 

DATE   (internal command)

Displays or sets the date.

DATE [/T | date]

Type DATE without parameters to display the current date setting and
a prompt for a new one.  Press ENTER to keep the same date.

If Command Extensions are enabled the DATE command supports
the /T switch which tells the command to just output the
current date, without prompting for a new date.

 

DEFRAG   (Version 6.1.7600.16385)

Microsoft Disk Defragmenter
Copyright (c) 2007 Microsoft Corp.

Description:

	Locates and consolidates fragmented files on local volumes to
	improve system performance.

Syntax:

	defrag <volumes> | /C | /E <volumes>    [/H] [/M | [/U] [/V]]
	defrag <volumes> | /C | /E <volumes> /A [/H] [/M | [/U] [/V]]
	defrag <volumes> | /C | /E <volumes> /X [/H] [/M | [/U] [/V]]
	defrag <volume>                      /T [/H]       [/U] [/V]

Parameters:

	Value	Description

	/A	Perform analysis on the specified volumes.

	/C	Perform the operation on all volumes.

	/E	Perform the operation on all volumes except those specified.

	/H	Run the operation at normal priority (default is low).

	/M	Run the operation on each volume in parallel in the background.

	/T	Track an operation already in progress on the specified volume.

	/U	Print the progress of the operation on the screen.

	/V	Print verbose output containing the fragmentation statistics.

	/X	Perform free space consolidation on the specified volumes.

Examples:

	defrag C: /U /V
	defrag C: D: /M
	defrag C:\mountpoint /A /U
	defrag /C /H /V

 

DEL   (internal command)

Deletes one or more files.

DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

  names         Specifies a list of one or more files or directories.
                Wildcards may be used to delete multiple files. If a
                directory is specified, all files within the directory
                will be deleted.

  /P            Prompts for confirmation before deleting each file.
  /F            Force deleting of read-only files.
  /S            Delete specified files from all subdirectories.
  /Q            Quiet mode, do not ask if ok to delete on global wildcard
  /A            Selects files to delete based on attributes
  attributes    R  Read-only files            S  System files
                H  Hidden files               A  Files ready for archiving
                I  Not content indexed Files  L  Reparse Points
                -  Prefix meaning not

If Command Extensions are enabled DEL and ERASE change as follows:

The display semantics of the /S switch are reversed in that it shows
you only the files that are deleted, not the ones it could not find.

 

DEVCON   (Version 6.1.7600.16385)

Device Console Help:
DEVCON [-r] [-m:\\<machine>] <command> [<arg>...]
-r           Reboots the system only when a restart or reboot is required.
<machine>    Specifies a remote computer. 
<command>    Specifies a Devcon command (see command list below).
<arg>...     One or more arguments that modify a command.
For help with a specific command, type: DEVCON help <command>
classfilter          Add, delete, and reorder class filters.

classes              List all device setup classes.

disable              Disable devices.

driverfiles          List installed driver files for devices.

drivernodes          List driver nodes of devices.

enable               Enable devices.

find                 Find devices.

findall              Find devices, including those that are not currently attached.

help                 Display Devcon help.

hwids                List hardware IDs of devices.

install              Install a device manually.

listclass            List all devices in a setup class.

reboot               Reboot the local computer.

remove               Remove devices.

rescan               Scan for new hardware.

resources            List hardware resources for devices.

restart              Restart devices.

sethwid              Modify Hardware ID's of listed root-enumerated devices.

stack                List expected driver stack for devices.

status               List running status of devices.

update               Update a device manually.

updateni             Manually update a device (non interactive).

dp_add               Adds (installs) a third-party (OEM) driver package.

dp_delete            Deletes a third-party (OEM) driver package.

dp_enum              Lists the third-party (OEM) driver packages installed on this machine.

 

DHCPLOC   (Version 5.1.2600.0)

USAGE:

DHCPLOC [-p] [-a:"list-of-alertnames"] [-i:alertinterval] machine-ip-address [list of valid dhcp servers ip addresses]

 

DIANTZ   (Version 6.1.7600.16385)

Cabinet Maker - Lossless Data Compression Tool

MAKECAB [/V[n]] [/D var=value ...] [/L dir] source [destination]
MAKECAB [/V[n]] [/D var=value ...] /F directive_file [...]

  source         File to compress.
  destination    File name to give compressed file.  If omitted, the
                 last character of the source file name is replaced
                 with an underscore (_) and used as the destination.
  /F directives  A file with MakeCAB directives (may be repeated). Refer to
                 Microsoft Cabinet SDK for information on directive_file.
  /D var=value   Defines variable with specified value.
  /L dir         Location to place destination (default is current directory).
  /V[n]          Verbosity level (1..3).

 

DIR   (internal command)

Displays a list of files and subdirectories in a directory.

DIR [drive:][path][filename] [/A[[:]attributes]] [/B] [/C] [/D] [/L] [/N]
  [/O[[:]sortorder]] [/P] [/Q] [/R] [/S] [/T[[:]timefield]] [/W] [/X] [/4]

  [drive:][path][filename]
              Specifies drive, directory, and/or files to list.

  /A          Displays files with specified attributes.
  attributes   D  Directories                R  Read-only files
               H  Hidden files               A  Files ready for archiving
               S  System files               I  Not content indexed files
               L  Reparse Points             -  Prefix meaning not
  /B          Uses bare format (no heading information or summary).
  /C          Display the thousand separator in file sizes.  This is the
              default.  Use /-C to disable display of separator.
  /D          Same as wide but files are list sorted by column.
  /L          Uses lowercase.
  /N          New long list format where filenames are on the far right.
  /O          List by files in sorted order.
  sortorder    N  By name (alphabetic)       S  By size (smallest first)
               E  By extension (alphabetic)  D  By date/time (oldest first)
               G  Group directories first    -  Prefix to reverse order
  /P          Pauses after each screenful of information.
  /Q          Display the owner of the file.
  /R          Display alternate data streams of the file.
  /S          Displays files in specified directory and all subdirectories.
  /T          Controls which time field displayed or used for sorting
  timefield   C  Creation
              A  Last Access
              W  Last Written
  /W          Uses wide list format.
  /X          This displays the short names generated for non-8dot3 file
              names.  The format is that of /N with the short name inserted
              before the long name. If no short name is present, blanks are
              displayed in its place.
  /4          Displays four-digit years

Switches may be preset in the DIRCMD environment variable.  Override
preset switches by prefixing any switch with - (hyphen)--for example, /-W.

 

DISKCOMP   (Version 6.1.7600.16385)

Compares the contents of two floppy disks.

DISKCOMP [drive1: [drive2:]]

 

DISKCOPY   (Version 6.1.7600.16385)

Copies the contents of one floppy disk to another.

DISKCOPY [drive1: [drive2:]] [/V]

  /V   Verifies that the information is copied correctly.

The two floppy disks must be the same type.
You may specify the same drive for drive1 and drive2.

 

DISKPART   (Version 6.1.7601.17514)

Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: PCROB

Microsoft DiskPart syntax:
	diskpart [/s <script>] [/?]

	/s <script> - Use a DiskPart script.
	/?          - Show this help screen.

 

DISKPERF   (Version 6.1.7601.18869)

DISKPERF [-Y[D|V] | -N[D|V]] [\\computername]

  -Y  Sets the system to start all disk performance counters
      when the system is restarted.

  -YD Enables the disk performance counters for physical drives.
      when the system is restarted.
  -YV Enables the disk performance counters for logical drives
      or storage volumes when the system is restarted.
  -N  Sets the system to disable all disk performance counters
      when the system is restarted.

  -ND Disables the disk performance counters for physical drives.
  -NV Disables the disk performance counters for logical drives.
  \\computername        Is the name of the computer you want to
                        see or set disk performance counter use.
                        The computer must be a Windows 2000 system.
  NOTE: Disk performance counters are permanently enabled on
        systems beyond Windows 2000.

 

DISKRAID   (Version 6.1.7601.17514)

Microsoft DiskRAID version 6.1.7601
Copyright (C) 2003-2007 Microsoft Corporation.
On computer: PCROB

Usage:  DISKRAID [/? | [/s <script>] [/v]]

    Launches the DiskRAID application.

    /?          specifies that DiskRAID should display this usage text.

    /s <script> specifies that DiskRAID should execute commands from the script
                file at the location specified.

    /v          specifies that DiskRAID should run in verbose mode, printing
                out additional information about each command being executed.

Examples:

    DISKRAID
    DISKRAID /v

 

DISM   (Version 6.1.7600.16385)

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385


DISM.exe [dism_options] {WIM_command} [<WIM_arguments>]
DISM.exe {/Image:<path_to_offline_image> | /Online} [dism_options] 
         {servicing_command} [<servicing_arguments>]

DESCRIPTION:

  DISM enumerates, installs, uninstalls, configures, and updates features
  and packages in Windows images. The commands that are available depend 
  on the image being serviced and whether the image is offline or running.

WIM COMMANDS:

  /Get-MountedWimInfo     - Displays information about mounted WIM images.
  /Get-WimInfo            - Displays information about images in a WIM file.
  /Commit-Wim             - Saves changes to a mounted WIM image.
  /Unmount-Wim            - Unmounts a mounted WIM image.
  /Mount-Wim              - Mounts an image from a WIM file.
  /Remount-Wim            - Recovers an orphaned WIM mount directory.
  /Cleanup-Wim            - Deletes resources associated with mounted WIM
                            images that are corrupt.

IMAGE SPECIFICATIONS:

  /Online                 - Targets the running operating system.
  /Image                  - Specifies the path to the root directory of an
                            offline Windows image.

DISM OPTIONS:

  /English                - Displays command line output in English.
  /Format                 - Specifies the report output format.
  /WinDir                 - Specifies the path to the Windows directory.
  /SysDriveDir            - Specifies the path to the system-loader file named
                            BootMgr.
  /LogPath                - Specifies the logfile path.
  /LogLevel               - Specifies the output level shown in the log (1-4).
  /NoRestart              - Suppresses automatic reboots and reboot prompts.
  /Quiet                  - Suppresses all output except for error messages.
  /ScratchDir             - Specifies the path to a scratch directory.

For more information about these DISM options and their arguments, specify an
option immediately before /?.

  Examples:     
    DISM.exe /Mount-Wim /?
    DISM.exe /ScratchDir /?
    DISM.exe /Image:C:\test\offline /?
    DISM.exe /Online /?

 

DISPDIAG   (Version 6.1.7600.16385)

Logs display information to a file in the current directory.

Usage: dispdiag [-testacpi] [-d] [-delay <seconds>] [-out <FilePath>]
	-testacpi            runs hotkey diagnostics test
	-d                   generates a dmp file as well with additional data.
	-delay               delays the collection of data by specified time in seconds.
	-out <FilePath>      path where the dispdiag file should be saved, including filename. This must be the last parameter
Output:
	Name of the saved file.

 

DJOIN   (Version 6.1.7601.17514)

Usage: djoin.exe [/OPTIONS]

  /PROVISION  - Provision a computer account in the domain
      /DOMAIN <Name> - <Name> of the domain to join
      /MACHINE <Name> - <Name> of the computer joining the domain
      /MACHINEOU <OU> - Optional <OU> where the account is created
      /DCNAME <DC> - Optional <DC> to target for account creation
      /REUSE - Reuse any existing account (password will be reset)
      /SAVEFILE <FilePath> - Save provisioning data to a file at <FilePath>
      /NOSEARCH - Skip account conflict detection, requires DCNAME (faster)
      /DOWNLEVEL - Support using a Windows Server 2008 DC or earlier
      /PRINTBLOB - Return base64 encoded metadata blob for an answer file
      /DEFPWD - Use default machine account password (not recommended)
       
  /REQUESTODJ  - Request offline domain join at next boot
      /LOADFILE <FilePath> - <FilePath> specified previously via /SAVEFILE
      /WINDOWSPATH <Path> - <Path> to the Windows directory in an offline image
      /LOCALOS - Allows /WINDOWSPATH to specify the locally running OS.
                 This command must be run as a local Administrator.
                 This option requires a reboot for changes to be applied.
      
Examples:

To provision a computer account in the domain:
djoin.exe /PROVISION /DOMAIN <DomainName> /MACHINE <MachineName>
          /SAVEFILE <FilePath>
          Note: Other parameters are optional
          
To request the local machine to perform an offline domain join:
djoin.exe /REQUESTODJ /LOADFILE <FilePath> /WINDOWSPATH <Path>
          Note: Other parameters are optional

 

DOSKEY   (Version 6.1.7600.16385)

Edits command lines, recalls Windows commands, and creates macros.

DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL | :exename]]
  [/HISTORY] [/INSERT | /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename]
  [macroname=[text]]

  /REINSTALL          Installs a new copy of Doskey.
  /LISTSIZE=size      Sets size of command history buffer.
  /MACROS             Displays all Doskey macros.
  /MACROS:ALL         Displays all Doskey macros for all executables which have
                      Doskey macros.
  /MACROS:exename     Displays all Doskey macros for the given executable.
  /HISTORY            Displays all commands stored in memory.
  /INSERT             Specifies that new text you type is inserted in old text.
  /OVERSTRIKE         Specifies that new text overwrites old text.
  /EXENAME=exename    Specifies the executable.
  /MACROFILE=filename Specifies a file of macros to install.
  macroname           Specifies a name for a macro you create.
  text                Specifies commands you want to record.

UP and DOWN ARROWS recall commands; ESC clears command line; F7 displays
command history; ALT+F7 clears command history; F8 searches command
history; F9 selects a command by number; ALT+F10 clears macro definitions.

The following are some special codes in Doskey macro definitions:
$T     Command separator.  Allows multiple commands in a macro.
$1-$9  Batch parameters.  Equivalent to %1-%9 in batch programs.
$*     Symbol replaced by everything following macro name on command line.

 

DPATH   (internal command)

Allows programs to open data files in specified directories as if they were
in the current directory.

APPEND [[drive:]path[;...]] [/X[:ON | :OFF]] [/PATH:ON | /PATH:OFF] [/E]
APPEND ;

  [drive:]path Specifies a drive and directory to append.
  /X:ON        Applies appended directories to file searches and
               application execution.
  /X:OFF       Applies appended directories only to requests to open files.
               /X:OFF is the default setting.
  /PATH:ON     Applies the appended directories to file requests that already
               specify a path.  /PATH:ON is the default setting.
  /PATH:OFF    Turns off the effect of /PATH:ON.
  /E           Stores a copy of the appended directory list in an environment
               variable named APPEND.  /E may be used only the first time
               you use APPEND after starting up your system.

Type APPEND ; to clear the appended directory list.
Type APPEND without parameters to display the appended directory list.

 

DRIVERQUERY   (Version 6.1.7600.16385)

DRIVERQUERY [/S system [/U username [/P [password]]]]
              [/FO format] [/NH] [/SI] [/V] 
Description:
    Enables an administrator to display a list of 
    installed device drivers.

Parameter List:
      /S     system           Specifies the remote system to connect to.

      /U     [domain\]user    Specifies the user context 
                              under which the command should execute.

      /P     [password]       Specify the password for the given 
                              user context.

      /FO    format           Specifies the type of output to display.
                              Valid values to be passed with the
                              switch are "TABLE", "LIST", "CSV".

      /NH                     Specifies that the "Column Header" 
                              should not be displayed. Valid for  
                              "TABLE" and "CSV" format only.

      /SI                     Provides information about signed drivers.

      /V                      Displays verbose output. Not valid 
                              for signed drivers.

      /?                      Displays this help message.

Examples:
    DRIVERQUERY
    DRIVERQUERY /FO CSV /SI
    DRIVERQUERY /NH
    DRIVERQUERY /S ipaddress /U user /V 
    DRIVERQUERY /S system /U domain\user /P password /FO LIST

 

DSADD   (Version 5.2.3790.0)

Description:  This tool's commands add specific types of objects to the
directory. The dsadd commands:

dsadd computer - adds a computer to the directory.
dsadd contact - adds a contact to the directory.
dsadd group - adds a group to the directory.
dsadd ou - adds an organizational unit to the directory.
dsadd user - adds a user to the directory.
dsadd quota - adds a quota specification to a directory partition.

For help on a specific command, type "dsadd <ObjectType> /?" where
<ObjectType> is one of the supported object types shown above.
For example, dsadd ou /?.
Remarks:
Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").
Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

 

DSGET   (Version 5.2.3790.0)

Description:  This tool's commands display the selected properties
of a specific object in the directory. The dsget commands:

dsget computer - displays properties of computers in the directory.
dsget contact - displays properties of contacts in the directory.
dsget subnet - displays properties of subnets in the directory.
dsget group - displays properties of groups in the directory.
dsget ou - displays properties of ou's in the directory.
dsget server - displays properties of servers in the directory.
dsget site - displays properties of sites in the directory.
dsget user - displays properties of users in the directory.
dsget quota - displays properties of quotas in the directory.
dsget partition - displays properties of partitions in the directory.

To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command (see examples below).

For help on a specific command, type "dsget <ObjectType> /?" where
<ObjectType> is one of the supported object types shown above.
For example, dsget ou /?.
Remarks:
The dsget commands help you to view the properties of a specific object in
the directory: the input to dsget is an object and the output is a list of
properties for that object. To find all objects that meet a given search
criterion, use the dsquery commands (dsquery /?).

The dsget commands support piping of input to allow you to pipe results from
the dsquery commands as input to the dsget commands and display detailed
information on the objects found by the dsquery commands.

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash (for
example, "CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,
DC=com").
Examples:
To find all users with names starting with "John" and display their office
numbers:

	dsquery user -name John* | dsget user -office

To display the sAMAccountName, userPrincipalName and department attributes of
the object whose DN is ou=Test,dc=microsoft,dc=com:

	dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr
	sAMAccountName userPrincipalName department

To read all attributes of any object use the dsquery * command.
For example, to read all attributes of the object whose DN is
ou=Test,dc=microsoft,dc=com:

	dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
dsget succeeded

 

DSMOD   (Version 5.2.3790.0)

Description:  This dsmod command modifies existing objects in the directory.
The dsmod commands include:

dsmod computer - modifies an existing computer in the directory.
dsmod contact - modifies an existing contact in the directory.
dsmod group - modifies an existing group in the directory.
dsmod ou - modifies an existing organizational unit in the directory.
dsmod server - modifies an existing domain controller in the directory.
dsmod user - modifies an existing user in the directory.
dsmod quota - modifies an existing quota specification in the directory.
dsmod partition - modifies an existing quota specification in the directory.

For help on a specific command, type "dsmod <ObjectType> /?" where
<ObjectType> is one of the supported object types shown above.
For example, dsmod ou /?.

Remarks:
The dsmod commands support piping of input to allow you to pipe results from
the dsquery commands as input to the dsmod commands and modify the objects
found by the dsquery commands.

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash 
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
To find all users in the organizational unit (OU)
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:

dsquery user ûstartnode "ou=Marketing,dc=microsoft,dc=com" | 
dsmod group "cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

 

DSMOVE   (Version 5.2.3790.0)

Description:  This command moves or renames an object within the directory.

Syntax:     dsmove <ObjectDN>
                [-newparent <ParentDN>] 
                [-newname <NewName>]
                [{-s <Server> | -d <Domain>}] 
                [-u <UserName>] 
                [-p {<Password> | *}]
                [-q]
		[{-uc | -uco | -uci}]

Parameters:

Value                   Description
<ObjectDN>              Required/stdin. Distinguished name (DN) 
                        of object to move or rename.
                        If this parameter is omitted it
                        will be taken from standard input (stdin).
-newparent <ParentDN>   DN of the new parent location to which object
                        should be moved.
-newname <NewName>      New relative distinguished name (RDN) value
                        to which object should be renamed.
{-s <Server> | -d <Domain>}
                        -s <Server> connects to the domain controller (DC)
                        with name <Server>.
                        -d <Domain> connects to a DC in domain <Domain>.
                        Default: a DC in the logon domain.
-u <UserName>           Connect as <UserName>. Default: the logged in user.
                        User name can be: user name, domain\user name,
                        or user principal name (UPN).
-p <Password>           Password for the user <UserName>.
                        If * is used, then the command prompts for a
                        password.
-q                      Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci}	-uc Specifies that input from or output to pipe is
			formatted in Unicode. 
			-uco Specifies that output to pipe or file is 
			formatted in Unicode. 
			-uci Specifies that input from pipe or file is
			formatted in Unicode.

Remarks:
If a value that you supply contains spaces, use quotation marks 
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names). 

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
The user object for the user Jane Doe can be renamed to Jane Jones
with the following command:

    dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com" -newname "Jane Jones"

The same user can be moved from the Sales organization to the Marketing
organization with the following command:

    dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com"
    -newparent ou=Marketing,dc=microsoft,dc=com

The rename and move operations for the user can be combined with the
following command:

    dsmove "cn=Jane Doe,ou=sales,dc=microsoft,dc=com"
    -newparent ou=Marketing,dc=microsoft,dc=com -newname "Jane Jones"

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
dsmove failed:The parameter is incorrect.
type dsmove /? for help.

 

DSQUERY   (Version 5.2.3790.0)

Description: This tool's commands suite allow you to query the directory
according to specified criteria. Each of the following dsquery commands finds
objects of a specific object type, with the exception of dsquery *, which can
query for any type of object:

dsquery computer - finds computers in the directory.
dsquery contact - finds contacts in the directory.
dsquery subnet - finds subnets in the directory.
dsquery group - finds groups in the directory.
dsquery ou - finds organizational units in the directory.
dsquery site - finds sites in the directory.
dsquery server - finds domain controllers in the directory.
dsquery user - finds users in the directory.
dsquery quota - finds quota specifications in the directory.
dsquery partition - finds partitions in the directory.
dsquery * - finds any object in the directory by using a generic LDAP query.

For help on a specific command, type "dsquery <ObjectType> /?" where
<ObjectType> is one of the supported object types shown above.
For example, dsquery ou /?.

Remarks:
The dsquery commands help you find objects in the directory that match 
a specified search criterion: the input to dsquery is a search criterion 
and the output is a list of objects matching the search. To get the 
properties of a specific object, use the dsget commands (dsget /?).

The results from a dsquery command can be piped as input to one of the other
directory service command-line tools, such as dsmod, dsget, dsrm or dsmove.

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com"). Backslashes
used in distinguished names must be escaped with a backslash (for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").


Examples:
To find all computers that have been inactive for the last four weeks and
remove them from the directory:

	dsquery computer -inactive 4 | dsrm

To find all users in the organizational unit
"ou=Marketing,dc=microsoft,dc=com" and add them to the Marketing Staff group:

	dsquery user ou=Marketing,dc=microsoft,dc=com |	dsmod group
        "cn=Marketing Staff,ou=Marketing,dc=microsoft,dc=com" -addmbr

To find all users with names starting with "John" and display his office
number:

	dsquery user -name John* | dsget user -office

To display an arbitrary set of attributes of any given object in the
directory use the dsquery * command. For example, to display the
sAMAccountName, userPrincipalName and department attributes of the object
whose DN is ou=Test,dc=microsoft,dc=com:

	dsquery * ou=Test,dc=microsoft,dc=com -scope base
	-attr sAMAccountName userPrincipalName department

To read all attributes of the object whose DN is ou=Test,dc=microsoft,dc=com:

	dsquery * ou=Test,dc=microsoft,dc=com -scope base -attr *

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.

 

DSRM   (Version 5.2.3790.0)

Description: This command deletes objects from the directory.

Syntax:     dsrm <ObjectDN ...> [-noprompt] [-subtree [-exclude]]
            [{-s <Server> | -d <Domain>}] [-u <UserName>]
            [-p {<Password> | *}] [-c] [-q] [{-uc | -uco | -uci}]

Parameters:
Value               Description
<ObjectDN ...>      Required/stdin. List of one or more 
                    distinguished names (DNs) of objects to delete.
                    If this parameter is omitted it is
                    taken from standard input (stdin).
-noprompt           Silent mode: do not prompt for delete confirmation.
-subtree [-exclude] Delete object and all objects in the subtree under it.
                    -exclude excludes the object itself
                    when deleting its subtree.
{-s <Server> | -d <Domain>}
                    -s <Server> connects to the domain controller (DC) with
                    name <Server>.
                    -d <Domain> connects to a DC in domain <Domain>.
                    Default: a DC in the logon domain.
-u <UserName>       Connect as <UserName>. Default: the logged in user.
                    User name can be: user name, domain\user name,
                    or user principal name (UPN).
-p {<Password> | *}
                    Password for the user <UserName>. If * is used,
                    then the command prompts you for the password.
-c                  Continuous operation mode: report errors but continue
                    with next object in argument list when multiple
                    target objects are specified.
		    Without this option, command exits on first error.
-q                  Quiet mode: suppress all output to standard output.
{-uc | -uco | -uci} -uc Specifies that input from or output to pipe is
                    formatted in Unicode. 
                    -uco Specifies that output to pipe or file is 
                    formatted in Unicode. 
                    -uci Specifies that input from pipe or file is
                    formatted in Unicode.

Remarks:
If a value that you supply contains spaces, use quotation marks 
around the text (for example, "CN=John Smith,CN=Users,DC=microsoft,DC=com").
If you enter multiple values, the values must be separated by spaces
(for example, a list of distinguished names). 

Commas that are not used as separators in distinguished names must be
escaped with the backslash ("\") character
(for example, "CN=Company\, Inc.,CN=Users,DC=microsoft,DC=com").
Backslashes used in distinguished names must be escaped with a backslash
(for example,
"CN=Sales\\ Latin America,OU=Distribution Lists,DC=microsoft,DC=com").

Examples:
To remove an organizational unit (OU) called "Marketing" and all the objects
under that OU, use the following command:

dsrm -subtree -noprompt -c ou=Marketing,dc=microsoft,dc=com

To remove all objects under the OU called "Marketing" but leave
the OU intact, use the following command with the -exclude parameter:

dsrm -subtree -exclude -noprompt -c "ou=Marketing,dc=microsoft,dc=com"

Directory Service command-line tools help:
dsadd /? - help for adding objects.
dsget /? - help for displaying objects.
dsmod /? - help for modifying objects.
dsmove /? - help for moving objects.
dsquery /? - help for finding objects matching search criteria.
dsrm /? - help for deleting objects.
dsrm failed:The parameter is incorrect.
type dsrm /? for help.

 

DU   (Version 1.50.0.0)

Du v1.5 - report directory disk usage
Copyright (C) 2005-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: DU [-c[t]] [-l <levels> | -n | -v] [-u] [-q] <directory>
   -c     Print output as CSV. Use -ct for tab delimiting.
   -l     Specify subdirectory depth of information (default is one level).
   -n     Do not recurse.
   -q     Quiet (no banner).
   -u     Count each instance of a hardlinked file.
   -v     Show size (in KB) of all subdirectories.

CSV output is formatted as:
Path,CurrentFileCount,CurrentFileSize,FileCount,DirectoryCount,DirectorySize

 

DVDBURN   (Version 5.2.3790.0)

Usage: dvdburn <drive> <image> [/Erase]

 

ECHO   (internal command)

Displays messages, or turns command-echoing on or off.

  ECHO [ON | OFF]
  ECHO [message]

Type ECHO without parameters to display the current echo setting.

 

ENDLOCAL   (internal command)

Ends localization of environment changes in a batch file.
Environment changes made after ENDLOCAL has been issued are
not local to the batch file; the previous settings are not
restored on termination of the batch file.

ENDLOCAL

If Command Extensions are enabled ENDLOCAL changes as follows:

If the corresponding SETLOCAL enable or disabled command extensions
using the new ENABLEEXTENSIONS or DISABLEEXTENSIONS options, then
after the ENDLOCAL, the enabled/disabled state of command extensions
will be restored to what it was prior to the matching SETLOCAL
command execution.

 

EPAL   (Version 1.0.405.0)

Elevated Priviledge Application Launcher

USAGE:
   epal [<options>] program

   options
      /?             Display this help message.
      /v             Verbose logging.
      /s             Setup EPAL (configure registry for event logging).
      /r             Register a program (appropriate rights required).
      /p             Load the application user account profile.
      /c:<path>      Active Directory container for EPAL objects.
                     (default is CN=Users).

      program        Name of program to run or register.

 

ERASE   (internal command)

Deletes one or more files.

DEL [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names
ERASE [/P] [/F] [/S] [/Q] [/A[[:]attributes]] names

  names         Specifies a list of one or more files or directories.
                Wildcards may be used to delete multiple files. If a
                directory is specified, all files within the directory
                will be deleted.

  /P            Prompts for confirmation before deleting each file.
  /F            Force deleting of read-only files.
  /S            Delete specified files from all subdirectories.
  /Q            Quiet mode, do not ask if ok to delete on global wildcard
  /A            Selects files to delete based on attributes
  attributes    R  Read-only files            S  System files
                H  Hidden files               A  Files ready for archiving
                I  Not content indexed Files  L  Reparse Points
                -  Prefix meaning not

If Command Extensions are enabled DEL and ERASE change as follows:

The display semantics of the /S switch are reversed in that it shows
you only the files that are deleted, not the ones it could not find.

 

EVENTCREATE   (Version 6.1.7600.16385)

EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
            [/L logname] [/SO srcname] /T type /D description

Description:
    This command line tool enables an administrator to create
    a custom event ID and message in a specified event log.

Parameter List:
    /S    system           Specifies the remote system to connect to.

    /U    [domain\]user    Specifies the user context under which
                           the command should execute.

    /P    [password]       Specifies the password for the given
                           user context. Prompts for input if omitted.

    /L    logname          Specifies the event log to create
                           an event in.

    /T    type             Specifies the type of event to create.
                           Valid types: SUCCESS, ERROR, WARNING, INFORMATION.

    /SO   source           Specifies the source to use for the
                           event (if not specified, source will default
                           to 'eventcreate'). A valid source can be any
                           string and should represent the application
                           or component that is generating the event.

    /ID   id               Specifies the event ID for the event. A
                           valid custom message ID is in the range
                           of 1 - 1000.

    /D    description      Specifies the description text for the new event.

    /?                     Displays this help message.


Examples:
    EVENTCREATE /T ERROR /ID 1000
        /L APPLICATION /D "My custom error event for the application log"

    EVENTCREATE /T ERROR /ID 999 /L APPLICATION
        /SO WinWord /D "Winword event 999 happened due to low diskspace"

    EVENTCREATE /S system /T ERROR /ID 100
        /L APPLICATION /D "Custom job failed to install"

    EVENTCREATE /S system /U user /P password /ID 1 /T ERROR
        /L APPLICATION /D "User access failed due to invalid user credentials"

 

EXIT   (internal command)

Quits the CMD.EXE program (command interpreter) or the current batch
script.

EXIT [/B] [exitCode]

  /B          specifies to exit the current batch script instead of
              CMD.EXE.  If executed from outside a batch script, it
              will quit CMD.EXE

  exitCode    specifies a numeric number.  if /B is specified, sets
              ERRORLEVEL that number.  If quitting CMD.EXE, sets the process
              exit code with that number.

 

EXPAND   (Version 6.1.7600.16385)

Microsoft (R) File Expansion Utility  Version 6.1.7600.16385
Copyright (c) Microsoft Corporation. All rights reserved.

Expands one or more compressed files.

EXPAND [-R] Source Destination
EXPAND -R Source [Destination]
EXPAND -I Source [Destination]
EXPAND -D Source.cab [-F:Files]
EXPAND Source.cab -F:Files Destination

  -R		Rename expanded files.
  -I		Rename expanded files but ignore directory structure.
  -D		Display list of files in source.
  Source	Source file specification.  Wildcards may be used.
  -F:Files	Name of files to expand from a .CAB.
  Destination	Destination file | path specification.
		Destination may be a directory.
		If Source is multiple files and -r is not specified,
		Destination must be a directory.

 

FC   (Version 6.1.7600.16385)

Compares two files or sets of files and displays the differences between
them


FC [/A] [/C] [/L] [/LBn] [/N] [/OFF[LINE]] [/T] [/U] [/W] [/nnnn]
   [drive1:][path1]filename1 [drive2:][path2]filename2
FC /B [drive1:][path1]filename1 [drive2:][path2]filename2

  /A         Displays only first and last lines for each set of differences.
  /B         Performs a binary comparison.
  /C         Disregards the case of letters.
  /L         Compares files as ASCII text.
  /LBn       Sets the maximum consecutive mismatches to the specified
             number of lines.
  /N         Displays the line numbers on an ASCII comparison.
  /OFF[LINE] Do not skip files with offline attribute set.
  /T         Does not expand tabs to spaces.
  /U         Compare files as UNICODE text files.
  /W         Compresses white space (tabs and spaces) for comparison.
  /nnnn      Specifies the number of consecutive lines that must match
             after a mismatch.
  [drive1:][path1]filename1
             Specifies the first file or set of files to compare.
  [drive2:][path2]filename2
             Specifies the second file or set of files to compare.

 

FILEVER   (Version 5.1.2600.0)

Prints file version information.

FILEVER [/S] [/V] [/E] [/X] [/B] [/A] [/D] [[drive:][path][filename]]

/S	Displays files in specified directory and all subdirectories.
/V	List verbose version information if available.
/E	List executables only.
/X	Displays short names generated for non-8dot3 file names.
/B	Uses bare format (no dir listing).
/A	Don't display file attributes.
/D	Don't display file date and time.

 

FIND   (Version 6.1.7600.16385)

Searches for a text string in a file or files.

FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] "string" [[drive:][path]filename[ ...]]

  /V         Displays all lines NOT containing the specified string.
  /C         Displays only the count of lines containing the string.
  /N         Displays line numbers with the displayed lines.
  /I         Ignores the case of characters when searching for the string.
  /OFF[LINE] Do not skip files with offline attribute set.
  "string"   Specifies the text string to find.
  [drive:][path]filename
             Specifies a file or files to search.

If a path is not specified, FIND searches the text typed at the prompt
or piped from another command.

 

FindLinks v1.0 - Locate file hard links
Copyright (C) 2011 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: FINDLINKS <file>

 

FINDSTR   (Version 6.1.7601.17514)

Searches for strings in files.

FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file]
        [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]]
        strings [[drive:][path]filename[ ...]]

  /B         Matches pattern if at the beginning of a line.
  /E         Matches pattern if at the end of a line.
  /L         Uses search strings literally.
  /R         Uses search strings as regular expressions.
  /S         Searches for matching files in the current directory and all
             subdirectories.
  /I         Specifies that the search is not to be case-sensitive.
  /X         Prints lines that match exactly.
  /V         Prints only lines that do not contain a match.
  /N         Prints the line number before each line that matches.
  /M         Prints only the filename if a file contains a match.
  /O         Prints character offset before each matching line.
  /P         Skip files with non-printable characters.
  /OFF[LINE] Do not skip files with offline attribute set.
  /A:attr    Specifies color attribute with two hex digits. See "color /?"
  /F:file    Reads file list from the specified file(/ stands for console).
  /C:string  Uses specified string as a literal search string.
  /G:file    Gets search strings from the specified file(/ stands for console).
  /D:dir     Search a semicolon delimited list of directories
  strings    Text to be searched for.
  [drive:][path]filename
             Specifies a file or files to search.

Use spaces to separate multiple search strings unless the argument is prefixed
with /C.  For example, 'FINDSTR "hello there" x.y' searches for "hello" or
"there" in file x.y.  'FINDSTR /C:"hello there" x.y' searches for
"hello there" in file x.y.

Regular expression quick reference:
  .        Wildcard: any character
  *        Repeat: zero or more occurrences of previous character or class
  ˆ        Line position: beginning of line
  $        Line position: end of line
  [class]  Character class: any one character in set
  [ˆclass] Inverse class: any one character not in set
  [x-y]    Range: any characters within the specified range
  \x       Escape: literal use of metacharacter x
  \<xyz    Word position: beginning of word
  xyz\>    Word position: end of word

For full information on FINDSTR regular expressions refer to the online Command
Reference.

 

FINGER   (Version 6.1.7600.16385)

Displays information about a user on a specified system running the
Finger service. Output varies based on the remote system.

FINGER [-l] [user]@host [...]

  -l        Displays information in long list format.
  user      Specifies the user you want information about. Omit the user
            parameter to display information about all users on the
            specifed host.
  @host     Specifies the server on the remote system whose users you
            want information about.

 

FLTMC   (Version 6.1.7600.16385)

** Invalid command
Valid commands:
    load        Loads a Filter driver
    unload      Unloads a Filter driver
    filters     Lists the Filters currently registered in the system
    instances   Lists the Instances for a Filter or Volume currently
                registered in the system
    volumes     Lists all volumes/RDRs in the system
    attach      Creates a Filter Instance to a Volume
    detach      Removes a Filter Instance from a Volume

    Use fltmc help [ command ] for help on a specific command

 

FOR   (internal command)

Runs a specified command for each file in a set of files.

FOR %variable IN (set) DO command [command-parameters]

  %variable  Specifies a single letter replaceable parameter.
  (set)      Specifies a set of one or more files.  Wildcards may be used.
  command    Specifies the command to carry out for each file.
  command-parameters
             Specifies parameters or switches for the specified command.

To use the FOR command in a batch program, specify %%variable instead
of %variable.  Variable names are case sensitive, so %i is different
from %I.

If Command Extensions are enabled, the following additional
forms of the FOR command are supported:

FOR /D %variable IN (set) DO command [command-parameters]

    If set contains wildcards, then specifies to match against directory
    names instead of file names.

FOR /R [[drive:]path] %variable IN (set) DO command [command-parameters]

    Walks the directory tree rooted at [drive:]path, executing the FOR
    statement in each directory of the tree.  If no directory
    specification is specified after /R then the current directory is
    assumed.  If set is just a single period (.) character then it
    will just enumerate the directory tree.

FOR /L %variable IN (start,step,end) DO command [command-parameters]

    The set is a sequence of numbers from start to end, by step amount.
    So (1,1,5) would generate the sequence 1 2 3 4 5 and (5,-1,1) would
    generate the sequence (5 4 3 2 1)

FOR /F ["options"] %variable IN (file-set) DO command [command-parameters]
FOR /F ["options"] %variable IN ("string") DO command [command-parameters]
FOR /F ["options"] %variable IN ('command') DO command [command-parameters]

    or, if usebackq option present:

FOR /F ["options"] %variable IN (file-set) DO command [command-parameters]
FOR /F ["options"] %variable IN ('string') DO command [command-parameters]
FOR /F ["options"] %variable IN (`command`) DO command [command-parameters]

    file-set is one or more file names.  Each file is opened, read
    and processed before going on to the next file in file-set.
    Processing consists of reading in the file, breaking it up into
    individual lines of text and then parsing each line into zero or
    more tokens.  The body of the for loop is then called with the
    variable value(s) set to the found token string(s).  By default, /F
    passes the first blank separated token from each line of each file.
    Blank lines are skipped.  You can override the default parsing
    behavior by specifying the optional "options" parameter.  This
    is a quoted string which contains one or more keywords to specify
    different parsing options.  The keywords are:

        eol=c           - specifies an end of line comment character
                          (just one)
        skip=n          - specifies the number of lines to skip at the
                          beginning of the file.
        delims=xxx      - specifies a delimiter set.  This replaces the
                          default delimiter set of space and tab.
        tokens=x,y,m-n  - specifies which tokens from each line are to
                          be passed to the for body for each iteration.
                          This will cause additional variable names to
                          be allocated.  The m-n form is a range,
                          specifying the mth through the nth tokens.  If
                          the last character in the tokens= string is an
                          asterisk, then an additional variable is
                          allocated and receives the remaining text on
                          the line after the last token parsed.
        usebackq        - specifies that the new semantics are in force,
                          where a back quoted string is executed as a
                          command and a single quoted string is a
                          literal string command and allows the use of
                          double quotes to quote file names in
                          file-set.

    Some examples might help:

FOR /F "eol=; tokens=2,3* delims=, " %i in (myfile.txt) do @echo %i %j %k

    would parse each line in myfile.txt, ignoring lines that begin with
    a semicolon, passing the 2nd and 3rd token from each line to the for
    body, with tokens delimited by commas and/or spaces.  Notice the for
    body statements reference %i to get the 2nd token, %j to get the
    3rd token, and %k to get all remaining tokens after the 3rd.  For
    file names that contain spaces, you need to quote the filenames with
    double quotes.  In order to use double quotes in this manner, you also
    need to use the usebackq option, otherwise the double quotes will be
    interpreted as defining a literal string to parse.

    %i is explicitly declared in the for statement and the %j and %k
    are implicitly declared via the tokens= option.  You can specify up
    to 26 tokens via the tokens= line, provided it does not cause an
    attempt to declare a variable higher than the letter 'z' or 'Z'.
    Remember, FOR variables are single-letter, case sensitive, global,
    and you can't have more than 52 total active at any one time.

    You can also use the FOR /F parsing logic on an immediate string, by
    making the file-set between the parenthesis a quoted string,
    using single quote characters.  It will be treated as a single line
    of input from a file and parsed.

    Finally, you can use the FOR /F command to parse the output of a
    command.  You do this by making the file-set between the
    parenthesis a back quoted string.  It will be treated as a command
    line, which is passed to a child CMD.EXE and the output is captured
    into memory and parsed as if it was a file.  So the following
    example:

      FOR /F "usebackq delims==" %i IN (`set`) DO @echo %i

    would enumerate the environment variable names in the current
    environment.

In addition, substitution of FOR variable references has been enhanced.
You can now use the following optional syntax:

    %~I         - expands %I removing any surrounding quotes (")
    %~fI        - expands %I to a fully qualified path name
    %~dI        - expands %I to a drive letter only
    %~pI        - expands %I to a path only
    %~nI        - expands %I to a file name only
    %~xI        - expands %I to a file extension only
    %~sI        - expanded path contains short names only
    %~aI        - expands %I to file attributes of file
    %~tI        - expands %I to date/time of file
    %~zI        - expands %I to size of file
    %~$PATH:I   - searches the directories listed in the PATH
                   environment variable and expands %I to the
                   fully qualified name of the first one found.
                   If the environment variable name is not
                   defined or the file is not found by the
                   search, then this modifier expands to the
                   empty string

The modifiers can be combined to get compound results:

    %~dpI       - expands %I to a drive letter and path only
    %~nxI       - expands %I to a file name and extension only
    %~fsI       - expands %I to a full path name with short names only
    %~dp$PATH:I - searches the directories listed in the PATH
                   environment variable for %I and expands to the
                   drive letter and path of the first one found.
    %~ftzaI     - expands %I to a DIR like output line

In the above examples %I and PATH can be replaced by other valid
values.  The %~ syntax is terminated by a valid FOR variable name.
Picking upper case variable names like %I makes it more readable and
avoids confusion with the modifiers, which are not case sensitive.

 

FORFILES   (Version 6.1.7600.16385)

FORFILES [/P pathname] [/M searchmask] [/S]
         [/C command] [/D [+ | -] {dd-MM-yyyy | dd}]

Description:
    Selects a file (or set of files) and executes a 
    command on that file. This is helpful for batch jobs.

Parameter List:
    /P    pathname      Indicates the path to start searching.
                        The default folder is the current working
                        directory (.).

    /M    searchmask    Searches files according to a searchmask.
                        The default searchmask is '*' .

    /S                  Instructs forfiles to recurse into
                        subdirectories. Like "DIR /S".

    /C    command       Indicates the command to execute for each file.
                        Command strings should be wrapped in double
                        quotes. 

                        The default command is "cmd /c echo @file".

                        The following variables can be used in the
                        command string:
                        @file    - returns the name of the file.
                        @fname   - returns the file name without
                                   extension.
                        @ext     - returns only the extension of the
                                   file.
                        @path    - returns the full path of the file.
                        @relpath - returns the relative path of the
                                   file.
                        @isdir   - returns "TRUE" if a file type is
                                   a directory, and "FALSE" for files.
                        @fsize   - returns the size of the file in
                                   bytes.
                        @fdate   - returns the last modified date of the
                                   file.
                        @ftime   - returns the last modified time of the
                                   file.

                        To include special characters in the command 
                        line, use the hexadecimal code for the character
                        in 0xHH format (ex. 0x09 for tab). Internal
                        CMD.exe commands should be preceded with
                        "cmd /c".

    /D    date          Selects files with a last modified date greater
                        than or equal to (+), or less than or equal to
                        (-), the specified date using the
                        "dd-MM-yyyy" format; or selects files with a
                        last modified date greater than or equal to (+)
                        the current date plus "dd" days, or less than or
                        equal to (-) the current date minus "dd" days. A
                        valid "dd" number of days can be any number in
                        the range of 0 - 32768.
                        "+" is taken as default sign if not specified.

    /?                  Displays this help message.

Examples:
    FORFILES /?
    FORFILES  
    FORFILES /P C:\WINDOWS /S /M DNS*.* 
    FORFILES /S /M *.txt /C "cmd /c type @file | more"
    FORFILES /P C:\ /S /M *.bat
    FORFILES /D -30 /M *.exe
             /C "cmd /c echo @path 0x09 was changed 30 days ago"
    FORFILES /D 01-01-2001
             /C "cmd /c echo @fname is new since Jan 1st 2001"
    FORFILES /D +2-5-2017 /C "cmd /c echo @fname is new today"
    FORFILES /M *.exe /D +1
    FORFILES /S /M *.doc /C "cmd /c echo @fsize" 
    FORFILES /M *.txt /C "cmd /c if @isdir==FALSE notepad.exe @file"

 

FORMAT   (Version 6.1.7600.16385)

Formats a disk for use with Windows.

FORMAT volume [/FS:file-system] [/V:label] [/Q] [/A:size] [/C] [/X] [/P:passes] [/S:state]
FORMAT volume [/V:label] [/Q] [/F:size] [/P:passes]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors] [/P:passes]
FORMAT volume [/V:label] [/Q] [/P:passes]
FORMAT volume [/Q]

  volume          Specifies the drive letter (followed by a colon),
                  mount point, or volume name.
  /FS:filesystem  Specifies the type of the file system (FAT, FAT32, exFAT, NTFS,
                  or UDF).
  /V:label        Specifies the volume label.
  /Q              Performs a quick format. Note that this switch overrides /P.
  /C              NTFS only: Files created on the new volume will be compressed
                  by default.
  /X              Forces the volume to dismount first if necessary.  All opened
                  handles to the volume would no longer be valid.
  /R:revision     UDF only: Forces the format to a specific UDF version
                  (1.02, 1.50, 2.00, 2.01, 2.50).  The default
                  revision is 2.01.
  /D              UDF 2.50 only: Metadata will be duplicated.
  /A:size         Overrides the default allocation unit size. Default settings
                  are strongly recommended for general use.
                  NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
                  FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
                  (128K, 256K for sector size > 512 bytes).
                  FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
                  (128K, 256K for sector size > 512 bytes).
                  exFAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
                  128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M.

                  Note that the FAT and FAT32 files systems impose the
                  following restrictions on the number of clusters on a volume:

                  FAT: Number of clusters <= 65526
                  FAT32: 65526 < Number of clusters < 4177918

                  Format will immediately stop processing if it decides that
                  the above requirements cannot be met using the specified
                  cluster size.

                  NTFS compression is not supported for allocation unit sizes
                  above 4096.

  /F:size         Specifies the size of the floppy disk to format (1.44)
  /T:tracks       Specifies the number of tracks per disk side.
  /N:sectors      Specifies the number of sectors per track.
  /P:passes       Zero every sector on the volume passes times. This switch is
                  not valid with /Q
  /S:state        Where "state" is either "enable" or "disable"
                  Short names are enabled by default

 

FSUTIL   (Version 6.1.7601.17577)

/? is an invalid parameter.
---- Commands Supported ----

8dot3name       8dot3name managment
behavior        Control file system behavior
dirty           Manage volume dirty bit
file            File specific commands
fsinfo          File system information
hardlink        Hardlink management
objectid        Object ID management
quota           Quota management
repair          Self healing management
reparsepoint    Reparse point management
resource        Transactional Resource Manager management
sparse          Sparse file control
transaction     Transaction management
usn             USN management
volume          Volume management

 

FTP   (Version 6.1.7601.17514)

Transfers files to and from a computer running an FTP server service
(sometimes called a daemon). Ftp can be used interactively.

FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-A] [-x:sendbuffer] [-r:recvbuffer] [-b:asyncbuffers] [-w:windowsize] [host]

  -v              Suppresses display of remote server responses.
  -n              Suppresses auto-login upon initial connection.
  -i              Turns off interactive prompting during multiple file
                  transfers.
  -d              Enables debugging.
  -g              Disables filename globbing (see GLOB command).
  -s:filename     Specifies a text file containing FTP commands; the
                  commands will automatically run after FTP starts.
  -a              Use any local interface when binding data connection.
  -A              login as anonymous.
  -x:send sockbuf Overrides the default SO_SNDBUF size of 8192.
  -r:recv sockbuf Overrides the default SO_RCVBUF size of 8192.
  -b:async count  Overrides the default async count of 3
  -w:windowsize   Overrides the default transfer buffer size of 65535.
  host            Specifies the host name or IP address of the remote
                  host to connect to.

Notes:
  - mget and mput commands take y/n/q for yes/no/quit.
  - Use Control-C to abort commands.

 

FTYPE   (internal command)

Displays or modifies file types used in file extension associations

FTYPE [fileType[=[openCommandString]]]

  fileType  Specifies the file type to examine or change
  openCommandString Specifies the open command to use when launching files
                    of this type.

Type FTYPE without parameters to display the current file types that
have open command strings defined.  FTYPE is invoked with just a file
type, it displays the current open command string for that file type.
Specify nothing for the open command string and the FTYPE command will
delete the open command string for the file type.  Within an open
command string %0 or %1 are substituted with the file name being
launched through the assocation.  %* gets all the parameters and %2
gets the 1st parameter, %3 the second, etc.  %~n gets all the remaining
parameters starting with the nth parameter, where n may be between 2 and 9,
inclusive.  For example:

    ASSOC .pl=PerlScript
    FTYPE PerlScript=perl.exe %1 %*

would allow you to invoke a Perl script as follows:

    script.pl 1 2 3

If you want to eliminate the need to type the extensions, then do the
following:

    set PATHEXT=.pl;%PATHEXT%

and the script could be invoked as follows:

    script 1 2 3

 

GETMAC   (Version 6.1.7600.16385)

GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V]

Description:
    This tool enables an administrator to display the MAC address
    for network adapters on a system.

Parameter List: 
    /S     system            Specifies the remote system to connect to.

    /U     [domain\]user     Specifies the user context under 
                             which the command should execute.

    /P     [password]        Specifies the password for the given
                             user context. Prompts for input if omitted.

    /FO    format            Specifies the format in which the output
                             is to be displayed.
                             Valid values: "TABLE", "LIST", "CSV".

    /NH                      Specifies that the "Column Header" should
                             not be displayed in the output.
                             Valid only for TABLE and CSV formats.

    /V                       Specifies that verbose output is displayed.

    /?                       Displays this help message.

Examples: 
    GETMAC /? 
    GETMAC /FO csv 
    GETMAC /S system /NH /V
    GETMAC /S system /U user
    GETMAC /S system /U domain\user /P password /FO list /V
    GETMAC /S system /U domain\user /P password /FO table /NH

 

GOTO   (internal command)

Directs cmd.exe to a labeled line in a batch program.

GOTO label

  label   Specifies a text string used in the batch program as a label.

You type a label on a line by itself, beginning with a colon.

If Command Extensions are enabled GOTO changes as follows:

GOTO command now accepts a target label of :EOF which transfers control
to the end of the current batch script file.  This is an easy way to
exit a batch script file without defining a label.  Type CALL /?  for a
description of extensions to the CALL command that make this feature
useful.

 

GPRESULT   (Version 6.1.7600.16385)

GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope]
           [/USER targetusername] [/R | /V | /Z] [(/X | /H) <filename> [/F]]

Description:
    This command line tool displays the Resultant Set of Policy (RSoP)
    information for a target user and computer.

Parameter List:
    /S        system           Specifies the remote system to connect to.

    /U        [domain\]user    Specifies the user context under which the
                               command should execute.
                               Can not be used with /X, /H.

    /P        [password]       Specifies the password for the given user
                               context. Prompts for input if omitted.
                               Can not be used with /X, /H.

    /SCOPE    scope            Specifies whether the user or the
                               computer settings needs to be displayed.
                               Valid values: "USER", "COMPUTER".

    /USER     [domain\]user    Specifies the user name for which the
                               RSOP data is to be displayed.

    /X        <filename>       Saves the report in XML format at the
                               location and with the file name specified
                               by the <filename> parameter. (valid in Windows
                               Vista SP1 and above and Windows Server 2008 and above)

    /H        <filename>       Saves the report in HTML format at the
                               location and with the file name specified by
                               the <filename> parameter. (valid in Windows
                               Vista SP1 and above and Windows Server 2008 and above)

    /F                         Forces gpresult to overwrite the file name
                               specified in the /X or /H command.

    /R                         Displays RSoP summary data.

    /V                         Specifies that verbose information should
                               be displayed. Verbose information provides
                               additional detailed settings that have
                               been applied with a precedence of 1.

    /Z                         Specifies that the super-verbose
                               information should be displayed. Super-
                               verbose information provides additional
                               detailed settings that have been applied
                               with a precedence of 1 and higher. This
                               allows you to see if a setting was set in
                               multiple places. See the Group Policy
                               online help topic for more information.

    /?                         Displays this help message.


Examples:
    GPRESULT /R
    GPRESULT /H GPReport.html
    GPRESULT /USER targetusername /V
    GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z
    GPRESULT /S system /U username /P password /SCOPE USER /V

 

GPUPDATE   (Version 6.1.7600.16385)

Description:  Updates Group Policies settings.

Syntax:  GPUpdate [/Target:{Computer | User}] [/Force] [/Wait:<value>]
     [/Logoff] [/Boot] [/Sync] 

Parameters:

Value                      Description
/Target:{Computer | User}  Specifies that only User or only Computer
                            policy settings are updated. By default,
                            both User and Computer policy settings are
                            updated.

/Force                     Reapplies all policy settings. By default,
                            only policy settings that have changed are
                            applied.

/Wait:{value}              Sets the number of seconds to wait for policy
                            processing to finish. The default is 600
                            seconds. The value '0' means not to wait.
                            The value '-1' means to wait indefinitely.
                            When the time limit is exceeded, the command
                            prompt returns, but policy processing
                            continues.

/Logoff                    Causes a logoff after the Group Policy settings
                            have been updated. This is required for
                            those Group Policy client-side extensions
                            that do not process policy on a background
                            update cycle but do process policy when a
                            user logs on. Examples include user-targeted
                            Software Installation and Folder Redirection.
                            This option has no effect if there are no
                            extensions called that require a logoff.

/Boot                      Causes a computer restart after the Group Policy settings
                            are applied. This is required for those
                            Group Policy client-side extensions that do
                            not process policy on a background update cycle
                            but do process policy at computer startup.
                            Examples include computer-targeted Software
                            Installation. This option has no effect if
                            there are no extensions called that require
                            a restart.

/Sync                      Causes the next foreground policy application to
                            be done synchronously. Foreground policy
                            applications occur at computer boot and user
                            logon. You can specify this for the user,
                            computer or both using the /Target parameter.
                            The /Force and /Wait parameters will be ignored
                            if specified.

 

HANDLE   (Version 4.0.0.0)

Handle v4.0
Copyright (C) 1997-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: handle [[-a [-l]] [-u] | [-c <handle> [-y]] | [-s]] [-p <process>|<pid>] [name]
  -a      Dump all handle information.
  -l      Just show pagefile-backed section handles.
  -c      Closes the specified handle (interpreted as a hexadecimal number).
          You must specify the process by its PID.
          WARNING: Closing handles can cause application or system instability.
  -y      Don't prompt for close handle confirmation.
  -s      Print count of each type of handle open.
  -u      Show the owning user name when searching for handles.
  -p      Dump handles belonging to process (partial name accepted).
  name    Search for handles to objects with <name> (fragment accepted).

No arguments will dump all file references.

 

HELP   (Version 6.1.7600.16385)

Provides help information for Windows commands.

HELP [command]

    command - displays help information on that command.

 

HEX2DEC

Hex2dec - converts hex to decimal and vice versa
Copyright (C) 2004 Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: hex2dec [decimal|hex]
Include x or 0x as the prefix of the number to specify a hexadecimal value.
e.g. To translate 1233 deciminal to hexadecimal: hex2dec 1233
e.g. To translate 0x1233 hexadecimal to decimal: hex2dec 0x1233

 

HOSTNAME   (Version 6.1.7600.16385)

Prints the name of the current host.

hostname

 

ICACLS   (Version 6.1.7600.16385)

ICACLS name /save aclfile [/T] [/C] [/L] [/Q]
    stores the DACLs for the files and folders that match the name
    into aclfile for later use with /restore. Note that SACLs,
    owner, or integrity labels are not saved.

ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile
                 [/C] [/L] [/Q]
    applies the stored DACLs to files in directory.

ICACLS name /setowner user [/T] [/C] [/L] [/Q]
    changes the owner of all matching names. This option does not
    force a change of ownership; use the takeown.exe utility for
    that purpose.

ICACLS name /findsid Sid [/T] [/C] [/L] [/Q]
    finds all matching names that contain an ACL
    explicitly mentioning Sid.

ICACLS name /verify [/T] [/C] [/L] [/Q]
    finds all files whose ACL is not in canonical form or whose
    lengths are inconsistent with ACE counts.

ICACLS name /reset [/T] [/C] [/L] [/Q]
    replaces ACLs with default inherited ACLs for all matching files.

ICACLS name [/grant[:r] Sid:perm[...]]
       [/deny Sid:perm [...]]
       [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q]
       [/setintegritylevel Level:policy[...]]

    /grant[:r] Sid:perm grants the specified user access rights. With :r,
        the permissions replace any previouly granted explicit permissions.
        Without :r, the permissions are added to any previously granted
        explicit permissions.

    /deny Sid:perm explicitly denies the specified user access rights.
        An explicit deny ACE is added for the stated permissions and
        the same permissions in any explicit grant are removed.

    /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With
        :g, it removes all occurrences of granted rights to that Sid. With
        :d, it removes all occurrences of denied rights to that Sid.

    /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity
        ACE to all matching files.  The level is to be specified as one
        of:
            L[ow]
            M[edium]
            H[igh]
        Inheritance options for the integrity ACE may precede the level
        and are applied only to directories.

    /inheritance:e|d|r
        e - enables inheritance
        d - disables inheritance and copy the ACEs
        r - remove all inherited ACEs


Note:
    Sids may be in either numerical or friendly name form. If a numerical
    form is given, affix a * to the start of the SID.

    /T indicates that this operation is performed on all matching
        files/directories below the directories specified in the name.

    /C indicates that this operation will continue on all file errors.
        Error messages will still be displayed.

    /L indicates that this operation is performed on a symbolic link
       itself versus its target.

    /Q indicates that icacls should supress success messages.

    ICACLS preserves the canonical ordering of ACE entries:
            Explicit denials
            Explicit grants
            Inherited denials
            Inherited grants

    perm is a permission mask and can be specified in one of two forms:
        a sequence of simple rights:
                N - no access
                F - full access
                M - modify access
                RX - read and execute access
                R - read-only access
                W - write-only access
                D - delete access
        a comma-separated list in parentheses of specific rights:
                DE - delete
                RC - read control
                WDAC - write DAC
                WO - write owner
                S - synchronize
                AS - access system security
                MA - maximum allowed
                GR - generic read
                GW - generic write
                GE - generic execute
                GA - generic all
                RD - read data/list directory
                WD - write data/add file
                AD - append data/add subdirectory
                REA - read extended attributes
                WEA - write extended attributes
                X - execute/traverse
                DC - delete child
                RA - read attributes
                WA - write attributes
        inheritance rights may precede either form and are applied
        only to directories:
                (OI) - object inherit
                (CI) - container inherit
                (IO) - inherit only
                (NP) - don't propagate inherit
                (I) - permission inherited from parent container

Examples:

        icacls c:\windows\* /save AclFile /T
        - Will save the ACLs for all files under c:\windows
          and its subdirectories to AclFile.

        icacls c:\windows\ /restore AclFile
        - Will restore the Acls for every file within
          AclFile that exists in c:\windows and its subdirectories.

        icacls file /grant Administrator:(D,WDAC)
        - Will grant the user Administrator Delete and Write DAC
          permissions to file.

        icacls file /grant *S-1-1-0:(D,WDAC)
        - Will grant the user defined by sid S-1-1-0 Delete and
          Write DAC permissions to file.

 

IF   (internal command)

Performs conditional processing in batch programs.

IF [NOT] ERRORLEVEL number command
IF [NOT] string1==string2 command
IF [NOT] EXIST filename command

  NOT               Specifies that Windows should carry out
                    the command only if the condition is false.

  ERRORLEVEL number Specifies a true condition if the last program run
                    returned an exit code equal to or greater than the number
                    specified.

  string1==string2  Specifies a true condition if the specified text strings
                    match.

  EXIST filename    Specifies a true condition if the specified filename
                    exists.

  command           Specifies the command to carry out if the condition is
                    met.  Command can be followed by ELSE command which
                    will execute the command after the ELSE keyword if the
                    specified condition is FALSE

The ELSE clause must occur on the same line as the command after the IF.  For
example:

    IF EXIST filename. (
        del filename.
    ) ELSE (
        echo filename. missing.
    )

The following would NOT work because the del command needs to be terminated
by a newline:

    IF EXIST filename. del filename. ELSE echo filename. missing

Nor would the following work, since the ELSE command must be on the same line
as the end of the IF command:

    IF EXIST filename. del filename.
    ELSE echo filename. missing

The following would work if you want it all on one line:

    IF EXIST filename. (del filename.) ELSE echo filename. missing

If Command Extensions are enabled IF changes as follows:

    IF [/I] string1 compare-op string2 command
    IF CMDEXTVERSION number command
    IF DEFINED variable command

where compare-op may be one of:

    EQU - equal
    NEQ - not equal
    LSS - less than
    LEQ - less than or equal
    GTR - greater than
    GEQ - greater than or equal

and the /I switch, if specified, says to do case insensitive string
compares.  The /I switch can also be used on the string1==string2 form
of IF.  These comparisons are generic, in that if both string1 and
string2 are both comprised of all numeric digits, then the strings are
converted to numbers and a numeric comparison is performed.

The CMDEXTVERSION conditional works just like ERRORLEVEL, except it is
comparing against an internal version number associated with the Command
Extensions.  The first version is 1.  It will be incremented by one when
significant enhancements are added to the Command Extensions.
CMDEXTVERSION conditional is never true when Command Extensions are
disabled.

The DEFINED conditional works just like EXIST except it takes an
environment variable name and returns true if the environment variable
is defined.

%ERRORLEVEL% will expand into a string representation of
the current value of ERRORLEVEL, provided that there is not already
an environment variable with the name ERRORLEVEL, in which case you
will get its value instead.  After running a program, the following
illustrates ERRORLEVEL use:

    goto answer%ERRORLEVEL%
    :answer0
    echo Program had return code 0
    :answer1
    echo Program had return code 1

You can also use numerical comparisons above:

    IF %ERRORLEVEL% LEQ 1 goto okay

%CMDCMDLINE% will expand into the original command line passed to
CMD.EXE prior to any processing by CMD.EXE, provided that there is not
already an environment variable with the name CMDCMDLINE, in which case
you will get its value instead.

%CMDEXTVERSION% will expand into a string representation of the
current value of CMDEXTVERSION, provided that there is not already
an environment variable with the name CMDEXTVERSION, in which case you
will get its value instead.

 

IFMEMBER

usage: IFMEMBER [/verbose] [/list] groupname ...
	/verbose will print out all matches.
	/list will print out all groups user is a member of.
	Return Code shows number of groups this user is a member of.
	Example: IFMEMBER /v /l "MyDomain\Domain Users" Users Everyone

 

IPCONFIG   (Version 6.1.7600.16385)

USAGE:
    ipconfig [/allcompartments] [/? | /all | 
                                 /renew [adapter] | /release [adapter] |
                                 /renew6 [adapter] | /release6 [adapter] |
                                 /flushdns | /displaydns | /registerdns |
                                 /showclassid adapter |
                                 /setclassid adapter [classid] |
                                 /showclassid6 adapter |
                                 /setclassid6 adapter [classid] ]

where
    adapter             Connection name 
                       (wildcard characters * and ? allowed, see examples)

    Options:
       /?               Display this help message
       /all             Display full configuration information.
       /release         Release the IPv4 address for the specified adapter.
       /release6        Release the IPv6 address for the specified adapter.
       /renew           Renew the IPv4 address for the specified adapter.
       /renew6          Renew the IPv6 address for the specified adapter.
       /flushdns        Purges the DNS Resolver cache.
       /registerdns     Refreshes all DHCP leases and re-registers DNS names
       /displaydns      Display the contents of the DNS Resolver Cache.
       /showclassid     Displays all the dhcp class IDs allowed for adapter.
       /setclassid      Modifies the dhcp class id.  
       /showclassid6    Displays all the IPv6 DHCP class IDs allowed for adapter.
       /setclassid6     Modifies the IPv6 DHCP class id.


The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed.

Examples:
    > ipconfig                       ... Show information
    > ipconfig /all                  ... Show detailed information
    > ipconfig /renew                ... renew all adapters
    > ipconfig /renew EL*            ... renew any connection that has its 
                                         name starting with EL
    > ipconfig /release *Con*        ... release all matching connections,
                                         eg. "Local Area Connection 1" or
                                             "Local Area Connection 2"
    > ipconfig /allcompartments      ... Show information about all 
                                         compartments
    > ipconfig /allcompartments /all ... Show detailed information about all
                                         compartments

 

ISCSICLI   (Version 6.1.7601.17514)

Microsoft iSCSI Initiator Version 6.1 Build 7601

iscsicli

iscsicli AddTarget <TargetName> <TargetAlias> <TargetPortalAddress>
                           <TargetPortalSocket> <Target flags>
                           <Persist> <Login Flags> <Header Digest> <Data Digest> 
                           <Max Connections> <DefaultTime2Wait>
                           <DefaultTime2Retain> <Username> <Password> <AuthType>
                           <Mapping Count> <Target Lun> <OS Bus> <Os Target> 
                           <OS Lun> ...

iscsicli RemoveTarget <TargetName> 

iscsicli AddTargetPortal <TargetPortalAddress> <TargetPortalSocket> 
                         [HBA Name] [Port Number]
                         <Security Flags>
                         <Login Flags> <Header Digest> <Data Digest> 
                         <Max Connections> <DefaultTime2Wait>
                        <DefaultTime2Retain> <Username> <Password> <AuthType>

iscsicli RemoveTargetPortal <TargetPortalAddress> <TargetPortalSocket> [HBA Name] [Port Number]

iscsicli RefreshTargetPortal <TargetPortalAddress> <TargetPortalSocket> [HBA Name] [Port Number]

iscsicli ListTargets [ForceUpdate]

iscsicli ListTargetPortals

iscsicli TargetInfo <TargetName> [Discovery Mechanism]

iscsicli LoginTarget <TargetName> <ReportToPNP>
                     <TargetPortalAddress> <TargetPortalSocket>
                     <InitiatorInstance> <Port number> <Security Flags>
                    <Login Flags> <Header Digest> <Data Digest> 
                    <Max Connections> <DefaultTime2Wait>
                    <DefaultTime2Retain> <Username> <Password> <AuthType> <Key>
                    <Mapping Count> <Target Lun> <OS Bus> <Os Target> 
                    <OS Lun> ...

iscsicli LogoutTarget <SessionId>

iscsicli PersistentLoginTarget <TargetName> <ReportToPNP>
                     <TargetPortalAddress> <TargetPortalSocket>
                    <InitiatorInstance> <Port number> <Security Flags>
                    <Login Flags> <Header Digest> <Data Digest> 
                    <Max Connections> <DefaultTime2Wait>
                    <DefaultTime2Retain> <Username> <Password> <AuthType> <Key>
                    <Mapping Count> <Target Lun> <OS Bus> <Os Target> 
                    <OS Lun> ...

iscsicli ListPersistentTargets

iscsicli RemovePersistentTarget <Initiator Name> <TargetName> 
                               <Port Number> 
                               <Target Portal Address> 
                                <Target Portal Socket> 

iscsicli AddConnection <SessionId> <Initiator Instance>
                      <Port Number> <Target Portal Address>
                      <Target Portal Socket> <Security Flags>
                      <Login Flags> <Header Digest> <Data Digest> 
                      <Max Connections> <DefaultTime2Wait>
                      <DefaultTime2Retain> <Username> <Password> <AuthType> <Key>

iscsicli RemoveConnection <SessionId> <ConnectionId> 
iscsicli ScsiInquiry <SessionId> <LUN> <EvpdCmddt> <PageCode>

iscsicli ReadCapacity <SessionId> <LUN>

iscsicli ReportLUNs <SessionId>

iscsicli ReportTargetMappings

iscsicli ListInitiators

iscsicli AddiSNSServer <iSNS Server Address>

iscsicli RemoveiSNSServer <iSNS Server Address>

iscsicli RefreshiSNSServer <iSNS Server Address>

iscsicli ListiSNSServers

iscsicli FirewallExemptiSNSServer

iscsicli NodeName <node name>

iscsicli SessionList <Show Session Info>

iscsicli CHAPSecret <chap secret>

iscsicli TunnelAddr <Initiator Name> <InitiatorPort> <Destination Address> <Tunnel Address> <Persist>

iscsicli GroupKey <Key> <Persist>

iscsicli BindPersistentVolumes

iscsicli BindPersistentDevices

iscsicli ReportPersistentDevices

iscsicli AddPersistentDevice <Volume or Device Path>

iscsicli RemovePersistentDevice <Volume or Device Path>

iscsicli ClearPersistentDevices

iscsicli Ping <Initiator Name> <Address> [Request Count] [Request Size] [Request Timeout]

iscsicli GetPSKey <Initiator Name> <initiator Port> <Id Type> <Id>

iscsicli PSKey <Initiator Name> <initiator Port> <Security Flags> <Id Type> <Id> <Key> <persist>
Quick Commands

iscsicli QLoginTarget <TargetName>  [CHAP Username] [CHAP Password]

iscsicli QAddTarget <TargetName> <TargetPortalAddress>

iscsicli QAddTargetPortal <TargetPortalAddress>
                          [CHAP Username] [CHAP Password]

iscsicli QAddConnection <SessionId> <Initiator Instance>
                        <Target Portal Address>
                        [CHAP Username] [CHAP Password]

Target Mappings:
    <Target Lun> is the LUN value the target uses to expose the LUN.
                 It must be in the form 0x0123456789abcdef
    <OS Bus> is the bus number the OS should use to surface the LUN
    <OS Target> is the target number the OS should use to surface the LUN
    <OS LUN> is the LUN number the OS should use to surface the LUN

Payload Id Type:
    ID_IPV4_ADDR is      1 - Id format is 1.2.3.4
    ID_FQDN is           2 - Id format is ComputerName
    ID_IPV6_ADDR is      5 - Id form is IPv6 Address
Security Flags:
    TunnelMode is          0x00000040
    TransportMode is       0x00000020
    PFS Enabled is         0x00000010
    Aggressive Mode is     0x00000008
    Main mode is           0x00000004
    IPSEC/IKE Enabled is   0x00000002
    Valid Flags is         0x00000001

Login Flags:
    ISCSI_LOGIN_FLAG_REQUIRE_IPSEC                0x00000001
        IPsec is required for the operation

    ISCSI_LOGIN_FLAG_MULTIPATH_ENABLED            0x00000002
        Multipathing is enabled for the target on this initiator

AuthType:
    ISCSI_NO_AUTH_TYPE = 0,
        No iSCSI in-band authentication is used

    ISCSI_CHAP_AUTH_TYPE = 1,
        One way CHAP (Target authenticates initiator is used)

    ISCSI_MUTUAL_CHAP_AUTH_TYPE = 2
        Mutual CHAP (Target and Initiator authenticate each other is used)

Target Flags:
    ISCSI_TARGET_FLAG_HIDE_STATIC_TARGET            0x00000002
        If this flag is set then the target will never be reported unless it
        is also discovered dynamically.

    ISCSI_TARGET_FLAG_MERGE_TARGET_INFORMATION      0x00000004
        If this flag is set then the target information passed will be
        merged with any target information already statically configured for
        the target

CHAP secrets, CHAP passwords and IPSEC preshared keys can be specified as
a text string or as a sequence of hexadecimal values. The value specified on
the command line is always considered a string unless the first two characters
0x in which case it is considered a hexadecimal value.

For example 0x12345678 specifies a 4 byte secret

All numerical values are assumed decimal unless preceeded by 0x. If
preceeded by 0x then value is assumed to be hex

iscsicli can also be run in command line mode where iscsicli commands
can be entered directly from the console. To enter command line
mode, just run iscsicli without any parameters

The operation completed successfully. 

 

JT   (Version 5.0.1994.1)

Microsoft (R) Task Scheduler Command Line Utility
Copyright (C) Microsoft Corp 1995-1998. All rights reserved.
This executable compiled as a retail build for the Windows NT Resource Kit.

usage: JT {[options]|[@commandfile]}

options:

  @ <file>           - parse file
  /? [cmd]           - display help on [cmd], e.g. /? abj
  !<cmd>             - don't stop if command returns error
  /ABJ               - abort task
  /CSAGE             - convert SAGE tasks to tasks (Win9x only)
  /CTJ [<props>]     - create trigger in task
  /DTJ [<id>]        - delete trigger <id> (default 0) from task
  /EJ [<n> [T|F]]    - edit task page <n>, persist changes T/f
  /ENC <id1> <id2>   - enumerator clone <id1> from <id2> (see SCE command)
  /ENN <id> <n>      - enumerate next <n> items (see SCE command)
  /ENR <id>          - enumerator reset (see SCE command)
  /ENS <id> <n>      - enumerator skip forward by <n> (see SCE command)
  /GC                - get credential account name
  /GM                - get target machine
  /ISJQ <file>       - test <file> to see if it is a task
  /LJ <file>         - load task object from <file>
  /PJ                - print all properties of task
  /PRJ [<n>]         - print next <n> or today's remaining run times of task
  /PSJ [<id>]        - print trigger strings of <id> or all in task
  /PTJ [<id>]        - print trigger props of <id> or all in task
  /RJ                - run task
  /SAC <file>        - scheduler activate task (load tasks\<file>)
  /SAJ <file>        - scheduler add task (save as tasks\<file>)
  /SC <acct> <pwd>   - set task credentials
  /SCE <id>          - scheduler create enumerator in slot <id>=0..9
  /SD <file>         - scheduler delete task (delete tasks\<file>)
  /SE [<n>] [P]      - scheduler enum tasks <n> at a time, [P]rint
  /SJ <props>        - set task's properties
  /SM [<machine>]    - set machine (NULL = local machine if omitted)
  /SNJ <file>        - scheduler new task (replaces in-memory task object)
  /STJ [id] props    - set properties of task trigger <id> or 0
  /SVJ [<file>]      - save task to <file>

   For detailed help use: JT /? <command-name>, e.g. JT /? LJ.

 

JUNCTION   (Version 1.6.0.0)

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

The first usage is for displaying reparse point information, the
second usage is for creating a junction point, and the last for
deleting a junction point:
usage: JUNCTION [-s] [-q] <file or directory>
       -q     Don't print error messages (quiet)
       -s     Recurse subdirectories

usage: JUNCTION <junction directory> <junction target>
       example: junction d:\link c:\windows

usage: JUNCTION -d <junction directory>

 

LABEL   (Version 6.1.7600.16385)

Creates, changes, or deletes the volume label of a disk.

LABEL [drive:][label]
LABEL [/MP] [volume] [label]

  drive:          Specifies the drive letter of a drive.
  label           Specifies the label of the volume.
  /MP             Specifies that the volume should be treated as a
                  mount point or volume name.
  volume          Specifies the drive letter (followed by a colon),
                  mount point, or volume name.  If volume name is specified,
                  the /MP flag is unnecessary.

 

LDMDUMP

Logical Disk Manager Configuration Dump v1.03
Copyright (C) 2000-2002 Mark Russinovich

usage: LDMDUMP /d#
   /d#   Physical disk number

 

LISTDLLS   (Version 3.10.0.0)

ListDLLs v3.1 - List loaded DLLs
Copyright (C) 1997-2011 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: listdlls [-r] [-v | -u] [processname|pid]
usage: listdlls [-r] [-v] [-d dllname]
  processname   Dump DLLs loaded by process (partial name accepted)
  pid           Dump DLLs associated with the specified process id
  dllname       Show only processes that have loaded the specified DLL.
  -r            Flag DLLs that relocated because they are not loaded at
                their base address.
  -u            Only list unsigned DLLs.
  -v            Show DLL version information.

 

LODCTR   (Version 6.1.7600.16385)

LODCTR
    Updates registry values related to performance counters.

Usage:
    LODCTR <INI-FileName>
        INI-FileName is the name of the initialization file that contains
            the counter name definitions and explain text for an extensible
            counter DLL.

    LODCTR /S:<Backup-FileName>
        save the current perf registry strings and info to <Backup-FileName>

    LODCTR /R:<Backup-FileName>
        restore the perf registry strings and info using <Backup-FileName>

    LODCTR /R
        rebuild the perf registry strings and info from scratch based on the current
            registry settings and backup INI files.

    LODCTR /T:<Service-Name>
        set the performance counter service as trusted.

    LODCTR /E:<Service-Name>
        enable the performance counter service.

    LODCTR /D:<Service-Name>
        disable the performance counter service.

    LODCTR /Q

    LODCTR /Q:<Service-Name>
        query the performance counter service information, either query all or specified one.

    LODCTR /M:<Counter-Manifest>
        install Windows Vista performance counter provider definition XML file
            to system repository.

Note: any arguments with spaces in the names must be enclosed within
Double Quotation marks.

 

LOGEVENT

Function: Log an user event to EventLog registry.

Usage: logevent [-m \\MACHINENAME] [-s Severity] [-c CategoryNumber] 
	[-r Source] [-e EventID] [-t TimeOut] "Event Text"
	Severity is one of (S)uccess, (I)nformation, (W)arning,
			   (E)rror or (F)ailure.
	Source is a string (can be quoted) for the event's source.
	EventID is an integer for the event's Event ID (0-65535).
	TimeOut is the number of seconds the system waits before exit.

Default values:
	If -s isn't specified, default is "Information".
	If -c isn't specified, default is 0.
	If -r isn't specified, default is "User Event".
	If -e isn't specified, default is 1.
	If -t isn't specified, default is 60000.

Example:
	logevent -m \\server -s E -c 3 -r "User Event" -e 42 
	"My message."

Note:
	Names that include space characters must be enclosed 
	in double quotes.

 

LOGMAN   (Version 6.1.7601.18869)

Microsoft © Logman.exe (6.1.7601.18869)

Usage:
  LOGMAN [create|query|start|stop|delete|update|import|export] [options]

Verbs:
  create                        Create a new data collector.
  query                         Query data collector properties. If no name
                                is given all data collectors are listed.
  start                         Start an existing data collector and set the
                                begin time to manual.
  stop                          Stop an existing data collector and set the
                                end time to manual.
  delete                        Delete an existing data collector.
  update                        Update an existing data collector's properties.
  import                        Import a data collector set from an XML file.
  export                        Export a data collector set to an XML file.

Adverbs:
  counter                       Create a counter data collector.
  trace                         Create a trace data collector.
  alert                         Create an alert data collector.
  cfg                           Create a configuration data collector.
  providers                     Show registered providers.

Options (counter):
  -c <path [path [...]]>        Performance counters to collect.
  -cf <filename>                File listing performance counters to collect,
                                one per line.
  -f <bin|bincirc|csv|tsv|sql>  Specifies the log format for the data
                                collector. For SQL database format, you must
                                use the -o option in the command line with
                                the DNS!log option. The defaults is binary.
  -sc <value>                   Maximum number of samples to collect with a
                                performance counter data collector.
  -si <[[hh:]mm:]ss>            Sample interval for performance counter data
                                collectors.

Options (trace):
  -f <bin|bincirc|csv|tsv|sql>  Specifies the log format for the data
                                collector. For SQL database format, you must
                                use the -o option in the command line with
                                the DNS!log option. The defaults is binary.
  -mode <trace_mode>            Event Trace Session logger mode. For more
                                information visit -
                                http://go.microsoft.com/fwlink/?LinkID=136464
  -ct <perf|system|cycle>       Specifies the clock resolution to use when
                                logging the time stamp for each event. You
                                can use query performance counter, system
                                time, or CPU cycle.
  -ln <logger_name>             Logger name for Event Trace Sessions.
  -ft <[[hh:]mm:]ss>            Event Trace Session flush timer.
  -[-]p <provider [flags [level]]> A single Event Trace provider to enable.
                                The terms 'Flags' and 'Keywords' are
                                synonymous in this context.
  -pf <filename>                File listing multiple Event Trace providers
                                to enable.
  -[-]rt                        Run the Event Trace Session in real-time mode.
  -[-]ul                        Run the Event Trace Session in user mode.
  -bs <value>                   Event Trace Session buffer size in kb.
  -nb <min max>                 Number of Event Trace Session buffers.

Options (alert):
  -[-]el                        Enable/Disable event log reporting.
  -th <threshold [threshold [...]]> Specify counters and their threshold
                                values for and alert.
  -[-]rdcs <name>               Data collector set to start when alert fires.
  -[-]tn <task>                 Task to run when alert fires.
  -[-]targ <argument>           Task arguments.
  -si <[[hh:]mm:]ss>            Sample interval for performance counter data
                                collectors.

Options (cfg):
  -[-]ni                        Enable/Disable network interface query.
  -reg <path [path [...]]>      Registry values to collect.
  -mgt <query [query [...]]>    WMI objects to collect.
  -ftc <path [path [...]]>      Full path to the files to collect.

Options:
  -?                            Displays context sensitive help.
  -s <computer>                 Perform the command on specified remote system.
  -config <filename>            Settings file containing command options.
  [-n] <name>                   Name of the target object.
  -pid <pid>                    Process identifier.
  -xml <filename>               Name of the XML file to import or export.
  -as                           Perform the requested operation asynchronously.
  -[-]u <user [password]>       User to Run As. Entering a * for the password
                                produces a prompt for the password. The
                                password is not displayed when you type it at
                                the password prompt.
  -m <[start] [stop]>           Change to manual start or stop instead of a
                                scheduled begin or end time.
  -rf <[[hh:]mm:]ss>            Run the data collector for the specified
                                period of time.
  -b <d-M-yyyy HH:mm:ss>        Begin the data collector at specified time.
  -e <d-M-yyyy HH:mm:ss>        End the data collector at specified time.
  -o <path|dsn!log>             Path of the output log file or the DSN and
                                log set name in a SQL database. The default
                                path is '%systemdrive%\PerfLogs\Admin'.
  -[-]r                         Repeat the data collector daily at the
                                specified begin and end times.
  -[-]a                         Append to an existing log file.
  -[-]ow                        Overwrite an existing log file.
  -[-]v <nnnnnn|mmddhhmm>       Attach file versioning information to the end
                                of the log name.
  -[-]rc <task>                 Run the command specified each time the log
                                is closed.
  -[-]max <value>               Maximum log file size in MB or number of
                                records for SQL logs.
  -[-]cnf <[[hh:]mm:]ss>        Create a new file when the specified time has
                                elapsed or when the max size is exceeded.
  -y                            Answer yes to all questions without prompting.
  -fd                           Flushes all the active buffers of an existing
                                Event Trace Session to disk.
  -ets                          Send commands to Event Trace Sessions
                                directly without saving or scheduling.

Note:
  Where [-] is listed, an extra - negates the option.
  For example --u turns off the -u option.

More Information:
  Microsoft TechNet - http://go.microsoft.com/fwlink/?LinkID=136332

Examples:
  logman start perf_log
  logman update perf_log -si 10 -f csv -v mmddhhmm
  logman create counter perf_log -c "\Processor(_Total)\% Processor Time"
  logman create counter perf_log -c "\Processor(_Total)\% Processor Time" -max 10 -rf 01:00
  logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile
  logman create alert new_alert -th "\Processor(_Total)\% Processor Time>50"
  logman create cfg cfg_log -reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\\"
  logman create cfg cfg_log -mgt "root\cimv2:SELECT * FROM Win32_OperatingSystem"
  logman query providers
  logman query providers Microsoft-Windows-Diagnostics-Networking
  logman start process_trace -p Microsoft-Windows-Kernel-Process 0x10 win:Informational -ets
  logman start usermode_trace -p "Service Control Manager Trace" -ul -ets
  logman query usermode_trace -p "Service Control Manager Trace" -ul -ets
  logman stop usermode_trace -p "Service Control Manager Trace" -ul -ets
  logman start process_trace -p Microsoft-Windows-Kernel-Process -mode newfile -max 1 -o output%d.etl -ets
  logman start "NT Kernel Logger" -o log.etl -ets
  logman start "NT Kernel Logger" -p "Windows Kernel Trace" (process,thread) -ets

 

LOGOFF   (Version 6.1.7601.17514)

Terminates a session.

LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V] [/VM]

  sessionname         The name of the session.
  sessionid           The ID of the session.
  /SERVER:servername  Specifies the Remote Desktop server containing the user
                      session to log off (default is current).
  /V                  Displays information about the actions performed.
  /VM                 Logs off a session on server or within virtual machine. The unique ID of the session needs to be specified.

 

LOGONSESSIONS   (Version 1.30.0.0)

Usage: logonsessions [-c[t]] [-p]

  -c    Print output as CSV.
  -ct   Print output as tab-delimited values.
  -p    List processes running in logon session.

Logonsessions v1.3
Copyright (C) 2004-2015 Mark Russinovich
Sysinternals - wwww.sysinternals.com

 

LPR   (Version 6.1.7600.16385)

Sends a print job to a network printer

Usage: lpr -S server -P printer [-C class] [-J job] [-o option] [-x] [-d] filename

Options:
      -S server    Name or ipaddress of the host providing lpd service
      -P printer   Name of the print queue
      -C class     Job classification for use on the burst page
      -J job       Job name to print on the burst page
      -o option    Indicates type of the file (by default assumes a text file)
                   Use &quot;-o l&quot; for binary (e.g. postscript) files
      -x           Compatibility with SunOS 4.1.x and prior
      -d           Send data file first

 

MAKECAB   (Version 6.1.7600.16385)

Cabinet Maker - Lossless Data Compression Tool

MAKECAB [/V[n]] [/D var=value ...] [/L dir] source [destination]
MAKECAB [/V[n]] [/D var=value ...] /F directive_file [...]

  source         File to compress.
  destination    File name to give compressed file.  If omitted, the
                 last character of the source file name is replaced
                 with an underscore (_) and used as the destination.
  /F directives  A file with MakeCAB directives (may be repeated). Refer to
                 Microsoft Cabinet SDK for information on directive_file.
  /D var=value   Defines variable with specified value.
  /L dir         Location to place destination (default is current directory).
  /V[n]          Verbosity level (1..3).

 

MANAGE-BDE   (Version 6.1.7601.17514)

BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.

manage-bde[.exe] -parameter [arguments]

Description:
    Configures BitLocker Drive Encryption on disk volumes.

Parameter List:
    -status     Provides information about BitLocker-capable volumes.
    -on         Encrypts the volume and turns BitLocker protection on.
    -off        Decrypts the volume and turns BitLocker protection off.
    -pause      Pauses encryption or decryption.
    -resume     Resumes encryption or decryption.
    -lock       Prevents access to BitLocker-encrypted data.
    -unlock     Allows access to BitLocker-encrypted data.
    -autounlock Manages automatic unlocking of data volumes.
    -protectors Manages protection methods for the encryption key.
    -tpm        Configures the computer's Trusted Platform Module (TPM).
    -SetIdentifier or -si
                Configures the identification field for a volume.
    -ForceRecovery or -fr
                Forces a BitLocker-protected OS to recover on restarts.
    -changepassword
                Modifies password for a data volume.
    -changepin  Modifies PIN for a volume.
    -changekey  Modifies startup key for a volume.
    -upgrade    Upgrades the BitLocker version.
    -ComputerName or -cn
                Runs on another computer. Examples: "ComputerX", "127.0.0.1"
    -? or /?    Displays brief help. Example: "-ParameterSet -?"
    -Help or -h Displays complete help. Example: "-ParameterSet -h"

Examples:
    manage-bde -status
    manage-bde -on C: -RecoveryPassword -RecoveryKey F:\
    manage-bde -unlock E: -RecoveryKey F:\84E151C1...7A62067A512.bek

 

MD   (internal command)

Creates a directory.

MKDIR [drive:]path
MD [drive:]path

If Command Extensions are enabled MKDIR changes as follows:

MKDIR creates any intermediate directories in the path, if needed.
For example, assume \a does not exist then:

    mkdir \a\b\c\d

is the same as:

    mkdir \a
    chdir \a
    mkdir b
    chdir b
    mkdir c
    chdir c
    mkdir d

which is what you would have to type if extensions were disabled.

 

MKDIR   (internal command)

Creates a directory.

MKDIR [drive:]path
MD [drive:]path

If Command Extensions are enabled MKDIR changes as follows:

MKDIR creates any intermediate directories in the path, if needed.
For example, assume \a does not exist then:

    mkdir \a\b\c\d

is the same as:

    mkdir \a
    chdir \a
    mkdir b
    chdir b
    mkdir c
    chdir c
    mkdir d

which is what you would have to type if extensions were disabled.

 

Creates a symbolic link.

MKLINK [[/D] | [/H] | [/J]] Link Target

        /D      Creates a directory symbolic link.  Default is a file
                symbolic link.
        /H      Creates a hard link instead of a symbolic link.
        /J      Creates a Directory Junction.
        Link    specifies the new symbolic link name.
        Target  specifies the path (relative or absolute) that the new link
                refers to.

 

MODE   (Version 6.1.7600.16385)

Configures system devices.

Serial port:       MODE COMm[:] [BAUD=b] [PARITY=p] [DATA=d] [STOP=s]
                                [to=on|off] [xon=on|off] [odsr=on|off]
                                [octs=on|off] [dtr=on|off|hs]
                                [rts=on|off|hs|tg] [idsr=on|off]

Device Status:     MODE [device] [/STATUS]

Redirect printing: MODE LPTn[:]=COMm[:]

Select code page:  MODE CON[:] CP SELECT=yyy

Code page status:  MODE CON[:] CP [/STATUS]

Display mode:      MODE CON[:] [COLS=c] [LINES=n]

Typematic rate:    MODE CON[:] [RATE=r DELAY=d]

 

MORE   (Version 6.1.7600.16385)

Displays output one screen at a time.

MORE [/E [/C] [/P] [/S] [/Tn] [+n]] < [drive:][path]filename
command-name | MORE [/E [/C] [/P] [/S] [/Tn] [+n]]
MORE /E [/C] [/P] [/S] [/Tn] [+n] [files]

    [drive:][path]filename  Specifies a file to display one
                            screen at a time.

    command-name            Specifies a command whose output
                            will be displayed.

    /E      Enable extended features
    /C      Clear screen before displaying page
    /P      Expand FormFeed characters
    /S      Squeeze multiple blank lines into a single line
    /Tn     Expand tabs to n spaces (default 8)

            Switches can be present in the MORE environment
            variable.

    +n      Start displaying the first file at line n

    files   List of files to be displayed. Files in the list
            are separated by blanks.

    If extended features are enabled, the following commands
    are accepted at the -- More -- prompt:

    P n     Display next n lines
    S n     Skip next n lines
    F       Display next file
    Q       Quit
    =       Show line number
    ?       Show help line
    <space> Display next page
    <ret>   Display next line

 

MOUNTVOL   (Version 6.1.7600.16385)

Creates, deletes, or lists a volume mount point.

MOUNTVOL [drive:]path VolumeName
MOUNTVOL [drive:]path /D
MOUNTVOL [drive:]path /L
MOUNTVOL [drive:]path /P
MOUNTVOL /R
MOUNTVOL /N
MOUNTVOL /E

    path        Specifies the existing NTFS directory where the mount
                point will reside.
    VolumeName  Specifies the volume name that is the target of the mount
                point.
    /D          Removes the volume mount point from the specified directory.
    /L          Lists the mounted volume name for the specified directory.
    /P          Removes the volume mount point from the specified directory,
                dismounts the volume, and makes the volume not mountable.
                You can make the volume mountable again by creating a volume
                mount point.
    /R          Removes volume mount point directories and registry settings
                for volumes that are no longer in the system.
    /N          Disables automatic mounting of new volumes.
    /E          Re-enables automatic mounting of new volumes.

Possible values for VolumeName along with current mount points are:

    \\?\Volume{1449b545-dfe1-11e4-b634-806e6f6e6963}\
        *** NO MOUNT POINTS ***

    \\?\Volume{368f92e7-4b14-4947-804d-98727b88fe51}\
        D:\

    \\?\Volume{4c114673-e2c6-11e4-a4dc-20cf30f190ad}\
        E:\

    \\?\Volume{40bc5898-e2c7-11e4-ab30-20cf30f190ad}\
        F:\

    \\?\Volume{9a1c9e88-e2cf-11e4-9209-806e6f6e6963}\
        G:\

    \\?\Volume{1449b546-dfe1-11e4-b634-806e6f6e6963}\
        C:\

    \\?\Volume{1848d8b5-e32f-11e4-9f5c-20cf30f190ad}\
        L:\

    \\?\Volume{1848d8ad-e32f-11e4-9f5c-20cf30f190ad}\
        O:\

    \\?\Volume{1848d8b3-e32f-11e4-9f5c-20cf30f190ad}\
        P:\

    \\?\Volume{1848d8c3-e32f-11e4-9f5c-20cf30f190ad}\
        M:\

    \\?\Volume{f1b373ff-9b6e-11e6-9d71-20cf30f190ad}\
        H:\

    \\?\Volume{aed0a633-e20c-11e4-a53f-20cf30f190ad}\
        I:\

    \\?\Volume{19ff0e43-dfe5-11e4-ad81-20cf30f190ad}\
        K:\

 

MOVE   (internal command)

Moves files and renames files and directories.

To move one or more files:
MOVE [/Y | /-Y] [drive:][path]filename1[,...] destination

To rename a directory:
MOVE [/Y | /-Y] [drive:][path]dirname1 dirname2

  [drive:][path]filename1 Specifies the location and name of the file
                          or files you want to move.
  destination             Specifies the new location of the file. Destination
                          can consist of a drive letter and colon, a
                          directory name, or a combination. If you are moving
                          only one file, you can also include a filename if
                          you want to rename the file when you move it.
  [drive:][path]dirname1  Specifies the directory you want to rename.
  dirname2                Specifies the new name of the directory.

  /Y                      Suppresses prompting to confirm you want to
                          overwrite an existing destination file.
  /-Y                     Causes prompting to confirm you want to overwrite
                          an existing destination file.

The switch /Y may be present in the COPYCMD environment variable.
This may be overridden with /-Y on the command line.  Default is
to prompt on overwrites unless MOVE command is being executed from
within a batch script.

 

MOVEFILE   (Version 1.1.0.0)

Movefile v1.01 - copies over an in-use file at boot time
usage: movefile [source] [dest]

Specifying an empty destination ("") deletes the source at boot.

 

MRINFO   (Version 6.1.7600.16385)

Usage: mrinfo [-n?] [-i address] [-t secs] [-r retries] destination
       
 -n           Display IP addresses in numeric format
 -i address   Address of local interface to send query out
 -t seconds   Timeout in seconds for IGMP queries (default = 3 seconds) 
 -r retries   Number of extra times to send the SNMP queries (default = 0)         
 -?           Print Usage
 destination  Address or name of destination

 

MSG   (Version 6.1.7600.16385)

Send a message to a user.

MSG {username | sessionname | sessionid | @filename | *}
    [/SERVER:servername] [/TIME:seconds] [/V] [/W] [message]

  username            Identifies the specified username.
  sessionname         The name of the session.
  sessionid           The ID of the session.
  @filename           Identifies a file containing a list of usernames,
                      sessionnames, and sessionids to send the message to.
  *                   Send message to all sessions on specified server.
  /SERVER:servername  server to contact (default is current).
  /TIME:seconds       Time delay to wait for receiver to acknowledge msg.
  /V                  Display information about actions being performed.
  /W                  Wait for response from user, useful with /V.
  message             Message to send.  If none specified, prompts for it
                      or reads from stdin.

 

NBTSTAT   (Version 6.1.7600.16385)

Displays protocol statistics and current TCP/IP connections using NBT
(NetBIOS over TCP/IP).

NBTSTAT [ [-a RemoteName] [-A IP address] [-c] [-n]
        [-r] [-R] [-RR] [-s] [-S] [interval] ]

  -a   (adapter status) Lists the remote machine's name table given its name
  -A   (Adapter status) Lists the remote machine's name table given its
                        IP address.
  -c   (cache)          Lists NBT's cache of remote [machine] names and their IP addresses
  -n   (names)          Lists local NetBIOS names.
  -r   (resolved)       Lists names resolved by broadcast and via WINS
  -R   (Reload)         Purges and reloads the remote cache name table
  -S   (Sessions)       Lists sessions table with the destination IP addresses
  -s   (sessions)       Lists sessions table converting destination IP
                        addresses to computer NETBIOS names.
  -RR  (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refresh

  RemoteName   Remote host machine name.
  IP address   Dotted decimal representation of the IP address.
  interval     Redisplays selected statistics, pausing interval seconds
               between each display. Press Ctrl+C to stop redisplaying
               statistics.

 

NET   (Version 6.1.7600.16385)

The syntax of this command is:

NET
    [ ACCOUNTS | COMPUTER | CONFIG | CONTINUE | FILE | GROUP | HELP |
      HELPMSG | LOCALGROUP | PAUSE | SESSION | SHARE | START |
      STATISTICS | STOP | TIME | USE | USER | VIEW ]

 

NETCFG   (Version 6.1.7600.16385)

netcfg [-v] [-e] [-winpe] [-l <full-path-to-component-INF>] -c <p|s|c> -i <comp-id>
    
   -winpe installs TCP/IP, NetBIOS and Microsoft Client for Windows preinstallation envrionment
    -l	provides the location of INF
    -c	provides the class of the component to be installed (p == Protocol, s == Service, c == Client)
    -i	provides the component ID

    The arguments must be passed in the order shown.

    Examples:
    netcfg -l c:\oemdir\foo.inf -c p -i foo
     ...installs protocol 'foo' using c:\\oemdir\\foo.inf

    netcfg -c s -i MS_Server
     ...installs service 'MS_Server'
 
OR

netcfg [-v] -winpe
    Examples:
    netcfg -v -winpe
    ...Installs TCP/IP, NetBIOS and Microsoft Client for Windows preinstallation environment

OR

netcfg [-v] -q <comp-id>
    Example:
    netcfg -q MS_IPX
    ...displays if component 'MS_IPX' is installed

OR

netcfg [-v] [-e] -u <comp-id>
    Example:
    netcfg -u MS_IPX
    ...uninstalls component 'MS_IPX'

OR

netcfg [-v] -s <a|n>
    where,
    -s\tprovides the type of components to show
      \ta == adapters, n == net components
    Examples:
    netcfg -s n
    ...shows all installed net components

OR

netcfg [-v] -b <comp-id>
    Examples:
    netcfg -b ms_tcpip
    ...shows binding paths containing 'MS_TCPIP'


General Notes:\n"
  -v	Run in verbose (detailed) mode
  -e	Use servicing environment variables during install and uninstall
  -?	Displays this help information

 

NETSH   (Version 6.1.7600.16385)

Usage: NETSH [-a AliasFile] [-c Context] [-r RemoteMachine] [-u [DomainName\]UserName] [-p Password | *]
             [Command | -f ScriptFile]

The following commands are available:

Commands in this context:
?              - Displays a list of commands.
add            - Adds a configuration entry to a list of entries.
advfirewall    - Changes to the `netsh advfirewall' context.
branchcache    - Changes to the `netsh branchcache' context.
bridge         - Changes to the `netsh bridge' context.
delete         - Deletes a configuration entry from a list of entries.
dhcpclient     - Changes to the `netsh dhcpclient' context.
dnsclient      - Changes to the `netsh dnsclient' context.
dump           - Displays a configuration script.
exec           - Runs a script file.
firewall       - Changes to the `netsh firewall' context.
help           - Displays a list of commands.
http           - Changes to the `netsh http' context.
interface      - Changes to the `netsh interface' context.
ipsec          - Changes to the `netsh ipsec' context.
lan            - Changes to the `netsh lan' context.
mbn            - Changes to the `netsh mbn' context.
namespace      - Changes to the `netsh namespace' context.
nap            - Changes to the `netsh nap' context.
netio          - Changes to the `netsh netio' context.
p2p            - Changes to the `netsh p2p' context.
ras            - Changes to the `netsh ras' context.
rpc            - Changes to the `netsh rpc' context.
set            - Updates configuration settings.
show           - Displays information.
trace          - Changes to the `netsh trace' context.
wcn            - Changes to the `netsh wcn' context.
wfp            - Changes to the `netsh wfp' context.
winhttp        - Changes to the `netsh winhttp' context.
winsock        - Changes to the `netsh winsock' context.
wlan           - Changes to the `netsh wlan' context.

The following sub-contexts are available:
 advfirewall branchcache bridge dhcpclient dnsclient firewall http interface ipsec lan mbn namespace nap netio p2p ras rpc trace wcn wfp winhttp winsock wlan

To view help for a command, type the command, followed by a space, and then
 type ?.

 

NETSTAT   (Version 6.1.7600.16385)

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

  -a            Displays all connections and listening ports.
  -b            Displays the executable involved in creating each connection or
                listening port. In some cases well-known executables host
                multiple independent components, and in these cases the
                sequence of components involved in creating the connection
                or listening port is displayed. In this case the executable
                name is in [] at the bottom, on top is the component it called,
                and so forth until TCP/IP was reached. Note that this option
                can be time-consuming and will fail unless you have sufficient
                permissions.
  -e            Displays Ethernet statistics. This may be combined with the -s
                option.
  -f            Displays Fully Qualified Domain Names (FQDN) for foreign
                addresses.
  -n            Displays addresses and port numbers in numerical form.
  -o            Displays the owning process ID associated with each connection.
  -p proto      Shows connections for the protocol specified by proto; proto
                may be any of: TCP, UDP, TCPv6, or UDPv6.  If used with the -s
                option to display per-protocol statistics, proto may be any of:
                IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
  -r            Displays the routing table.
  -s            Displays per-protocol statistics.  By default, statistics are
                shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
                the -p option may be used to specify a subset of the default.
  -t            Displays the current connection offload state.
  interval      Redisplays selected statistics, pausing interval seconds
                between each display.  Press CTRL+C to stop redisplaying
                statistics.  If omitted, netstat will print the current
                configuration information once.

 

NLTEST   (Version 6.1.7601.17514)

Usage: nltest [/OPTIONS]


    /SERVER:<ServerName> - Specify <ServerName>

    /QUERY - Query <ServerName> netlogon service
    /REPL - Force partial sync on <ServerName> BDC
    /SYNC - Force full sync on <ServerName> BDC
    /PDC_REPL - Force UAS change message from <ServerName> PDC

    /SC_QUERY:<DomainName> - Query secure channel for <Domain> on <ServerName>
    /SC_RESET:<DomainName>[\<DcName>] - Reset secure channel for <Domain> on <ServerName> to <DcName>
    /SC_VERIFY:<DomainName> - Verify secure channel for <Domain> on <ServerName>
    /SC_CHANGE_PWD:<DomainName> - Change a secure channel  password for <Domain> on <ServerName>
    /DCLIST:<DomainName> - Get list of DC's for <DomainName>
    /DCNAME:<DomainName> - Get the PDC name for <DomainName>
    /DSGETDC:<DomainName> - Call DsGetDcName /PDC /DS /DSP /GC /KDC
        /TIMESERV /GTIMESERV /WS /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG /DS_6
        /TRY_NEXT_CLOSEST_SITE /SITE:<SiteName> /ACCOUNT:<AccountName> /RET_DNS /RET_NETBIOS
    /DNSGETDC:<DomainName> - Call DsGetDcOpen/Next/Close /PDC /GC
        /KDC /WRITABLE /LDAPONLY /FORCE /SITESPEC
    /DSGETFTI:<DomainName> - Call DsGetForestTrustInformation
        /UPDATE_TDO
    /DSGETSITE - Call DsGetSiteName
    /DSGETSITECOV - Call DsGetDcSiteCoverage
    /DSADDRESSTOSITE:[MachineName] - Call DsAddressToSiteNamesEx
        /ADDRESSES:<Address1,Address2,...>
    /PARENTDOMAIN - Get the name of the parent domain of this machine
    /WHOWILL:<Domain>* <User> [<Iteration>] - See if <Domain> will log on <User>
    /FINDUSER:<User> - See which trusted domain will log on <User>
    /TRANSPORT_NOTIFY - Notify netlogon of new transport

    /DBFLAG:<HexFlags> - New debug flag

    /USER:<UserName> - Query User info on <ServerName>

    /TIME:<Hex LSL> <Hex MSL> - Convert NT GMT time to ascii
    /LOGON_QUERY - Query number of cumulative logon attempts
    /DOMAIN_TRUSTS - Query domain trusts on <ServerName>
        /PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V
    /DSREGDNS - Force registration of all DC-specific DNS records
    /DSDEREGDNS:<DnsHostName> - Deregister DC-specific DNS records for specified DC
        /DOM:<DnsDomainName> /DOMGUID:<DomainGuid> /DSAGUID:<DsaGuid>
    /DSQUERYDNS - Query the status of the last update for all DC-specific DNS records

    /BDC_QUERY:<DomainName> - Query replication status of BDCs for <DomainName>

    /LIST_DELTAS:<FileName> - display the content of given change log file 

    /CDIGEST:<Message> /DOMAIN:<DomainName> - Get client digest
    /SDIGEST:<Message> /RID:<RID in hex> - Get server digest

    /SHUTDOWN:<Reason> [<Seconds>] - Shutdown <ServerName> for <Reason>
    /SHUTDOWN_ABORT - Abort a system shutdown

 

NSLOOKUP   (Version 6.1.7601.17514)

Usage:
   nslookup [-opt ...]             # interactive mode using default server
   nslookup [-opt ...] - server    # interactive mode using 'server'
   nslookup [-opt ...] host        # just look up 'host' using default server
   nslookup [-opt ...] host server # just look up 'host' using 'server'

 

OPENFILES   (Version 6.1.7600.16385)

OPENFILES /parameter [arguments]

Description:
    Enables an administrator to list or disconnect files and folders
    that have been opened on a system.

Parameter List:
    /Disconnect      Disconnects one or more open files.

    /Query           Displays files opened locally or from shared
                     folders.

    /Local           Enables / Disables the display of local open files.

    /?               Displays this help message.

Examples:
    OPENFILES /Disconnect /?
    OPENFILES /Query /?
    OPENFILES /Local /?

 

PATH   (internal command)

Displays or sets a search path for executable files.

PATH [[drive:]path[;...][;%PATH%]
PATH ;

Type PATH ; to clear all search-path settings and direct cmd.exe to search
only in the current directory.
Type PATH without parameters to display the current path.
Including %PATH% in the new path setting causes the old path to be
appended to the new setting.

 

PATHPING   (Version 6.1.7600.16385)

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] 
                [-p period] [-q num_queries] [-w timeout] 
                [-4] [-6] target_name

Options:
    -g host-list     Loose source route along host-list.
    -h maximum_hops  Maximum number of hops to search for target.
    -i address       Use the specified source address. 
    -n               Do not resolve addresses to hostnames.
    -p period        Wait period milliseconds between pings.
    -q num_queries   Number of queries per hop.
    -w timeout       Wait timeout milliseconds for each reply.
    -4               Force using IPv4.
    -6               Force using IPv6.

 

PAUSE   (internal command)

Suspends processing of a batch program and displays the message
    Press any key to continue . . . 

 

PING   (Version 6.1.7600.16385)

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
            [-r count] [-s count] [[-j host-list] | [-k host-list]]
            [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name

Options:
    -t             Ping the specified host until stopped.
                   To see statistics and continue - type Control-Break;
                   To stop - type Control-C.
    -a             Resolve addresses to hostnames.
    -n count       Number of echo requests to send.
    -l size        Send buffer size.
    -f             Set Don't Fragment flag in packet (IPv4-only).
    -i TTL         Time To Live.
    -v TOS         Type Of Service (IPv4-only. This setting has been deprecated
                   and has no effect on the type of service field in the IP Header).
    -r count       Record route for count hops (IPv4-only).
    -s count       Timestamp for count hops (IPv4-only).
    -j host-list   Loose source route along host-list (IPv4-only).
    -k host-list   Strict source route along host-list (IPv4-only).
    -w timeout     Timeout in milliseconds to wait for each reply.
    -R             Use routing header to test reverse route also (IPv6-only). 
    -S srcaddr     Source address to use.
    -4             Force using IPv4.
    -6             Force using IPv6.

 

PNPUNATTEND   (Version 6.1.7601.17514)

DESCRIPTION:
AuditSystem, Unattend online driver install 

USAGE:
   PnPUnattend.exe [auditSystem | /help /? /h] [/s] [/L]
       auditSystem   Online driver install.
       /help /? /h    This help.
       /s             Search without installing.
       /L             Print Logging information to the command line.

 

PNPUTIL   (Version 6.1.7600.16385)

Microsoft PnP Utility
Usage:
------
pnputil.exe [-f | -i] [ -? | -a | -d | -e ] <INF name> 
Examples:
pnputil.exe -a a:\usbcam\USBCAM.INF      -> Add package specified by USBCAM.INF
pnputil.exe -a c:\drivers\*.inf          -> Add all packages in c:\drivers\
pnputil.exe -i -a a:\usbcam\USBCAM.INF   -> Add and install driver package
pnputil.exe -e                           -> Enumerate all 3rd party packages
pnputil.exe -d oem0.inf                  -> Delete package oem0.inf
pnputil.exe -f -d oem0.inf               -> Force delete package oem0.inf
pnputil.exe -?                           -> This usage screen

 

POPD   (internal command)

Changes to the directory stored by the PUSHD command.

POPD


If Command Extensions are enabled the POPD command will delete
any temporary drive letter created by PUSHD when you POPD that
drive off the pushed directory stack.

 

PORTQRY

Displays the state of TCP and UDP ports.

PortQry Usage:
PORTQRY -n server [-p protocol] [-e || -r || -o endpoint(s)] 
        [-l logfile] [-s] [-i] [-q]

Where:
	-n [server] IP address or name of server to query
	-p [protocol] TCP or UDP or BOTH (default is TCP)
	-e [endpoint] single port to query (valid range: 1-65535)
	-r [end point range] range of ports to query (start:end)
	-o [end point order] range of ports to query in an order (x,y,z)
	-l [logfile] name of log file to create
	-s 'slow link delay' waits longer for UDP replies from remote systems
	-i by-passes default IP address-to-name lookup
           ignored unless an IP address is specified after -n
	-q 'quiet' operation runs with no output
           returns 0 if port is listening 		
           returns 1 if port is not listening
           returns 2 if port is listening or filtered

Notes:
        PortQry runs on Windows 2000 and later
        Defaults: TCP, port 80, no log file, slow link delay off
        Hit Ctrl-c to terminate prematurely

examples:
portqry -n myserver.com -e 25
portqry -n 10.0.0.1 -e 53 -p UDP -i
portqry -n host1.dev.reskit.com -r 21:445
portqry -n 10.0.0.1 -o 25,445,1024 -p both

 

POWERCFG   (Version 6.1.7600.16385)

POWERCFG <command line options>
Description:
  This command line tool enables users to control the power settings
  on a system.

Parameter List:
  -LIST, -L   Lists all power schemes in the current user's environment.

              Usage: POWERCFG -LIST

  -QUERY, -Q  Displays the contents of the specified power scheme.

              Usage: POWERCFG -QUERY <SCHEME_GUID> <SUB_GUID>

              <SCHEME_GUID>  (optional) Specifies the GUID of the power scheme
                             to display, can be obtained by using powercfg -l.
              <SUB_GUID>     (optional) Specifies the GUID of the subgroup
                             to display.  Requires a SCHEME_GUID to be provided.

              If neither SCHEME_GUID or SUB_GUID are provided, the settings
              of the current user's active power scheme are displayed.
              If SUB_GUID is not specified, all settings in the specified 
              power scheme are displayed.

  -CHANGE, -X Modifies a setting value in the current power scheme.

              Usage: POWERCFG -X <SETTING> <VALUE>

              <SETTING>   Specifies one of the following options:
                          -monitor-timeout-ac <minutes>
                          -monitor-timeout-dc <minutes>
                          -disk-timeout-ac <minutes>
                          -disk-timeout-dc <minutes>
                          -standby-timeout-ac <minutes>
                          -standby-timeout-dc <minutes>
                          -hibernate-timeout-ac <minutes>
                          -hibernate-timeout-dc <minutes>

              Example:
                  POWERCFG -Change -monitor-timeout-ac 5

              This would set the monitor idle timeout value to 5 minutes
              when on AC power.

  -CHANGENAME Modifies the name of a power scheme and optionally it's 
              description.

              Usage: POWERCFG -CHANGENAME <GUID> <name> <scheme description> 

              If the description is omitted only the name will be changed.

  -DUPLICATESCHEME 
              Duplicates the specified power scheme.  The resulting 
              GUID which represents the new scheme will be displayed.

              Usage: POWERCFG -DUPLICATESCHEME <GUID> <destination GUID>

              <GUID>  Specifies a scheme GUID obtained by using the powercfg -l.

              If <destination GUID> is omitted, a new GUID will be
              created for the duplicated scheme.

  -DELETE, -D Deletes the power scheme with the specified GUID.

              Usage: POWERCFG -DELETE <GUID>

              <GUID>  obtained by using the LIST parameter.

  -DELETESETTING 
              Deletes a power setting.

              Usage: POWERCFG -DELETESETTING <SUB_GUID> <SETTING_GUID> 

              <SUB_GUID>      Specifies the subgroup GUID.
              <SETTING_GUID>  Specifies the power setting guid.

  -SETACTIVE, -S 
              Makes the specified power scheme active on the system.

              Usage: POWERCFG -SETACTIVE <SCHEME_GUID>

              <SCHEME_GUID>  Specifies the scheme guid.

  -GETACTIVESCHEME 
              Retrieve the currently active power scheme.

              Usage: POWERCFG -GETACTIVESCHEME 

  -SETACVALUEINDEX
              Sets a value associated with a specified power setting
              while the system is powered by AC power.

              Usage: POWERCFG -SETACVALUEINDEX <SCHEME_GUID> <SUB_GUID>
                                               <SETTING_GUID> <SettingIndex>

              <SCHEME_GUID>   Specifies a power scheme GUID and may be
                              obtained by using PowerCfg /L.
              <SUB_GUID>      Specifies a subgroup of power setting GUID and may
                              be obtained by using "PowerCfg /Q."
              <SETTING_GUID>  Specifies an individual power setting GUID and may
                              be obtained by using "PowerCfg /Q".
              <SettingIndex>  Specifies which of the list of of possible values
                              this power setting will be set to.

              Example:
                  POWERCFG -SetAcValueIndex <GUID> <GUID> <GUID> 5
                  This would set the power setting's AC value to the 5th entry
                  in the list of possible values for this power setting.

  -SETDCVALUEINDEX 
              Sets a value associated with a specified power setting
              while the system is powered by DC power.

              Usage: POWERCFG -SETDCVALUEINDEX <SCHEME_GUID> <SUB_GUID>
                                               <SETTING_GUID> <SettingIndex>
              <SCHEME_GUID>   Specifies a power scheme GUID and may be
                              obtained by using PowerCfg /L.
              <SUB_GUID>      Specifies a subgroup of power setting GUID and may
                              be obtained by using "PowerCfg /Q."
              <SETTING_GUID>  Specifies an individual power setting GUID and may
                              be obtained by using "PowerCfg /Q".
              <SettingIndex>  Specifies which of the list of possible values
                              this setting will be set to.

              Example:
                  POWERCFG -SetDcValueIndex <GUID> <GUID> <GUID> 5
                  This would set the power setting's DC value to the 5th entry
                  in the list of possible values for this power setting.

  -HIBERNATE, -H
              Enables-Disables the hibernate feature.  Hibernate timeout is not
              supported on all systems.

              Usage: POWERCFG -H <ON|OFF>
                     POWERCFG -H -Size <PercentSize>
              -Size  Specifies the desired hiberfile size in percentage of the
                     total memory. The default size cannot be smaller than 50.
                     This switch will also enable the hiberfile automatically.

  -AVAILABLESLEEPSTATES, -A  
              Reports the sleep states available on the system
              Attempts to report reasons why sleep states are unavailable.

  -DEVICEQUERY
              Return a list of devices that meet the specified criteria.

              Usage: POWERCFG -DEVICEQUERY <queryflags>

              <queryflags>  Secifies one of the following criteria:

              wake_from_S1_supported  Return all devices that support waking the
                                      system from a light sleep state.
              wake_from_S2_supported  Return all devices that support waking the
                                      system from a deeper sleep state.
              wake_from_S3_supported  Return all devices that support waking the 
                                      system from the deepest sleep state.
              wake_from_any           Return all devices that support waking the 
                                      system from any sleep state.
              S1_supported            List devices supporting light sleep.
              S2_supported            List devices supporting deeper sleep.
              S3_supported            List devices supporting deepest sleep.
              S4_supported            List devices supporting hibernation.
              wake_programmable       List devices that are user-configurable
                                      to wake the system from a sleep state.
              wake_armed              List devices that are currently configured
                                      to wake the system from any sleep state.
              all_devices             Return all devices present in the system.
              all_devices_verbose     Return verbose list of devices.
              Example:
                  POWERCFG -DEVICEQUERY wake_armed

  -DEVICEENABLEWAKE
              Enable the device to wake the system from a sleep state.

              Usage: POWERCFG -DEVICEENABLEWAKE <devicename>

              <devicename>  Specifies a device retrieved using
                            "PowerCfg -DEVICEQUERY wake_programmable".

              Example:
                  POWERCFG -DEVICEENABLEWAKE
                                       "Microsoft USB IntelliMouse Explorer"

  -DEVICEDISABLEWAKE <devicename> disable the device from waking the system
              Disable the device from waking the system from a sleep state

              Usage: POWERCFG -DEVICEDISABLEWAKE 

              <devicename>  Specifies a device retrieved using
                            "PowerCfg -DEVICEQUERY wake_armed".

  -IMPORT     Imports all power settings from the specified file.

              Usage: POWERCFG -IMPORT <filename> <GUID> 

              <filename>  Specify a fully-qualified path to a file generated by
                          using "PowerCfg -EXPORT parameter".
              <GUID>      (optional) The settings are loaded into a power scheme
                          represented by this GUID. If not supplied, powercfg
                          will generate and use a new GUID

              Example:
                  POWERCFG -IMPORT c:\scheme.pow

  -EXPORT     Exports power scheme, represented by the specified GUID, to the 
              specified file.

              Usage: POWERCFG -EXPORT <filename> <GUID> 

              <filename>  Specify a fully-qualified path to a destination file.
              <GUID>      specifies a power scheme GUID and may be obtained by
                          using "PowerCfg /L"

              Example:
                  POWERCFG -EXPORT c:\scheme.pow
                                   381b4222-f694-41f0-9685-ff5bb260df2e

  -LASTWAKE   Reports information about what woke the system from the last
              sleep transition

  -HELP, -?   Displays information on command-line parameters.

  -ALIASES    Displays all aliases and their corresponding GUIDs.
              The user may use these aliases in place of any GUID on
              the commandline.

  -SETSECURITYDESCRIPTOR
              Sets a security descriptor associated with a specified
              power setting, power scheme, or action.

              Usage: POWERCFG -SETSECURITYDESCRIPTOR <GUID|ACTION> <SDDL>

              <GUID>       Specifies a power scheme or a power setting GUID.
              <ACTION>     Can be one of the following strings:
                           ActionSetActive, ActionCreate, ActionDefault
              <SDDL>       Specifies a valid security descriptor string in SDDL
                           format. Call POWERCFG -GETSECURITYDESCRIPTOR to see
                           an example SDDL STRING.

  -GETSECURITYDESCRIPTOR
              Gets a security descriptor associated with a specified 
              power setting, power scheme, or action.

              Usage: POWERCFG -GETSECURITYDESCRIPTOR <GUID|ACTION> 
              <GUID>       Specifies a power scheme or a power setting GUID.
              <ACTION>     Can be one of the following strings:
                           ActionSetActive, ActionCreate, ActionDefault

  -REQUESTS
              Enumerate application and driver Power Requests. Power 
              Requests prevent the computer from automatically powering off 
              the display or entering a low-power sleep mode. 

  -REQUESTSOVERRIDE
              Sets a Power Request override for a particular Process, Service,
              or Driver. If no parameters are specified, this command displays
              the current list of Power Request Overrides. 

              Usage: POWERCFG -REQUESTSOVERRIDE <CALLER_TYPE> <NAME> <REQUEST> 
              <CALLER_TYPE>    Specifies one of the following caller type:
                               PROCESS, SERVICE, DRIVER. This is obtained by 
                               calling the POWERCFG -REQUESTS command. 
              <NAME>           Specifies the caller name. This is the name 
                               returned from calling POWERCFG -REQUESTS command.
              <REQUEST>        Specifies one or more of the following Power
                               Request Types: Display, System, Awaymode.
              Example:
                  POWERCFG -REQUESTSOVERRIDE PROCESS wmplayer.exe Display System

  -ENERGY
              Analyze the system for common energy-efficiency and battery life
              problems. The ENERGY command should be used when the computer is
              idle and with no open programs or documents. The ENERGY command
              will generate an HTML report file in the current path. The ENERGY
              command supports the following optional parameters:

              Usage: POWERCFG -ENERGY [-OUTPUT <FILENAME>] [-XML]
                                      [-DURATION <SECONDS>]
                     POWERCFG -ENERGY -TRACE [-D <FILEPATH>]
                                             [-DURATION <SECONDS>]
              -OUTPUT <FILENAME>   - Specify the path and filename to store the
                                     energy report HTML file.
              -XML                 - Format the report file as XML.
              -TRACE               - Record system behavior and do not perform
                                     analysis. Trace files will be generated in
                                     the current path unless the -D parameter
                                     is specified.
              -D <FILEPATH>        - Specify the directory to store trace data.
                                     May only be used with the -TRACE parameter.
              -DURATION <SECONDS>  - Specify the number of seconds to observe
                                     system behavior.  Default is 60 seconds.
  -WAKETIMERS
              Enumerate the active wake timers. If enabled, the expiration of a
              wake timer wakes the system from sleep and hibernate states.

 

POWERSHELL   (Version 6.3.9600.16406)

PowerShell[.exe] [-PSConsoleFile <file> | -Version <version>]
    [-NoLogo] [-NoExit] [-Sta] [-Mta] [-NoProfile] [-NonInteractive]
    [-InputFormat {Text | XML}] [-OutputFormat {Text | XML}] 
    [-WindowStyle <style>] [-EncodedCommand <Base64EncodedCommand>] 
    [-File <filePath> <args>] [-ExecutionPolicy <ExecutionPolicy>]
    [-Command { - | <script-block> [-args <arg-array>]
                  | <string> [<CommandParameters>] } ]

PowerShell[.exe] -Help | -? | /?

-PSConsoleFile
    Loads the specified Windows PowerShell console file. To create a console
    file, use Export-Console in Windows PowerShell.

-Version
    Starts the specified version of Windows PowerShell. 
    Enter a version number with the parameter, such as "-version 2.0".

-NoLogo
    Hides the copyright banner at startup.

-NoExit
    Does not exit after running startup commands.

-Sta
    Starts the shell using a single-threaded apartment.
    Single-threaded apartment (STA) is the default.

-Mta
    Start the shell using a multithreaded apartment.

-NoProfile
    Does not load the Windows PowerShell profile.

-NonInteractive
    Does not present an interactive prompt to the user.

-InputFormat
    Describes the format of data sent to Windows PowerShell. Valid values are
    "Text" (text strings) or "XML" (serialized CLIXML format).

-OutputFormat
    Determines how output from Windows PowerShell is formatted. Valid values
    are "Text" (text strings) or "XML" (serialized CLIXML format).

-WindowStyle
    Sets the window style to Normal, Minimized, Maximized or Hidden.

-EncodedCommand
    Accepts a base-64-encoded string version of a command. Use this parameter 
    to submit commands to Windows PowerShell that require complex quotation 
    marks or curly braces.
    
-File
    Runs the specified script in the local scope ("dot-sourced"), so that the 
    functions and variables that the script creates are available in the 
    current session. Enter the script file path and any parameters. 
    File must be the last parameter in the command, because all characters 
    typed after the File parameter name are interpreted 
    as the script file path followed by the script parameters.

-ExecutionPolicy
    Sets the default execution policy for the current session and saves it 
    in the $env:PSExecutionPolicyPreference environment variable. 
    This parameter does not change the Windows PowerShell execution policy 
    that is set in the registry.

-Command
    Executes the specified commands (and any parameters) as though they were
    typed at the Windows PowerShell command prompt, and then exits, unless 
    NoExit is specified. The value of Command can be "-", a string. or a
    script block.

    If the value of Command is "-", the command text is read from standard
    input.

    If the value of Command is a script block, the script block must be enclosed
    in braces ({}). You can specify a script block only when running PowerShell.exe
    in Windows PowerShell. The results of the script block are returned to the
    parent shell as deserialized XML objects, not live objects.

    If the value of Command is a string, Command must be the last parameter
    in the command , because any characters typed after the command are 
    interpreted as the command arguments.

    To write a string that runs a Windows PowerShell command, use the format:
	"& {<command>}"
    where the quotation marks indicate a string and the invoke operator (&)
    causes the command to be executed.

-Help, -?, /?
    Shows this message. If you are typing a PowerShell.exe command in Windows
    PowerShell, prepend the command parameters with a hyphen (-), not a forward
    slash (/). You can use either a hyphen or forward slash in Cmd.exe.

EXAMPLES
    PowerShell -PSConsoleFile SqlSnapIn.Psc1
    PowerShell -version 2.0 -NoLogo -InputFormat text -OutputFormat XML
    PowerShell -Command {Get-EventLog -LogName security}
    PowerShell -Command "& {Get-EventLog -LogName security}"

    # To use the -EncodedCommand parameter:
    $command = 'dir "c:\program files" '
    $bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
    $encodedCommand = [Convert]::ToBase64String($bytes)
    powershell.exe -encodedCommand $encodedCommand

 

PRINT   (Version 6.1.7600.16385)

Prints a text file.

PRINT [/D:device] [[drive:][path]filename[...]]

   /D:device   Specifies a print device.

 

PRINTBRM   (Version 6.1.7600.16385)

Access the Backup Recovery Migration tool through a command line interface.

PrintBrm -B|R|Q [-S <server>] -F <file> [-D <directory>] [-O FORCE] [-P ALL|ORIG] [-NOBIN] [-LPR2TCP] [-C <config file>] [-NOACL] [-?]
-B               Backup the server to the specified file
-R               Restore the configuration in the file to the server
-Q               Query the server or the backup file
-S <server name> Target server
-F <file name>   Target backup File
-D <directory>   Unpack the backup file to (with -R) or repack a backup file from (with -B) the given directory
-O FORCE         Force overwriting of existing objects
-P ALL|ORIG      Publish all printers in directory, or publish printers that were published originally
-NOBIN           Omit the binaries from the backup
-LPR2TCP         Convert LPR ports to Standard TCP/IP ports on restore
-C <file name>   Use the specified configuration file for BRM
-NOACL           Remove ACLs from print queues on restore
-?               Display this help

 

PRNCNFG.VBS

 Copyright (c) Microsoft Corporation. All rights reserved.

 Abstract:

 prncnfg.vbs - printer configuration script for WMI on Windows used to get
     and set printer configuration also used to rename a printer

 Usage:
 prncnfg [-gtx?] [-s server] [-p printer] [-u user name] [-w password]
                 [-z new printer name] [-r port name] [-l location] [-m comment]
                 [-h share name] [-f sep-file] [-y data-type] [-st start time]
                 [-ut until time] [-o priority] [-i default priority]
                 [<+|->rawonly][<+|->keepprintedjobs][<+|->queued][<+|->workoffline]
                 [<+|->enabledevq][<+|->docompletefirst][<+|->enablebidi]

 Examples:
 prncnfg -g -s server -p printer
 prncnfg -x -p printer -w "new Printer"
 prncnfg -t -s server -p Printer -l "Building A/Floor 100/Office 1" -m "Color Printer"
 prncnfg -t -p printer -h "Share" +shared -direct
 prncnfg -t -p printer +rawonly +keepprintedjobs
 prncnfg -t -p printer -st 2300 -ut 0215 -o 10 -i 5

 

PRNDRVR.VBS

 Copyright (c) Microsoft Corporation. All rights reserved.

 Abstract:
 prndrvr.vbs - driver script for WMI on Windows 
     used to add, delete, and list drivers.

 Usage:
 prndrvr [-adlx?] [-m model][-v version][-e environment][-s server]
         [-u user name][-w password][-h file path][-i inf file]

 Example:
 prndrvr -a -m "driver" -v 3 -e "Windows NT x86"
 prndrvr -d -m "driver" -v 3 -e "Windows x64"
 prndrvr -d -m "driver" -v 3 -e "Windows IA64"
 prndrvr -x -s server
 prndrvr -l -s server

 

PRNJOBS.VBS

 Copyright (c) Microsoft Corporation. All rights reserved.

 Abstract:
 prnjobs.vbs - job control script for WMI on Windows 
     used to pause, resume, cancel and list jobs

 Usage:
 prnjobs [-zmxl?] [-s server] [-p printer] [-j jobid] [-u user name] [-w password]

 Examples:
 prnjobs -z -j jobid -p printer
 prnjobs -l -p printer

 

PRNMNGR.VBS

 Copyright (c) Microsoft Corporation. All rights reserved.

 Abstract:
 prnmngr.vbs - printer script for WMI on Windows 
     used to add, delete, and list printers and connections
     also for getting and setting the default printer

 Usage:
 prnmngr [-adxgtl?][co] [-s server][-p printer][-m driver model][-r port]
                       [-u user name][-w password]

 Examples:
 prnmngr -a -p "printer" -m "driver" -r "lpt1:"
 prnmngr -d -p "printer" -s server
 prnmngr -ac -p "\\server\printer"
 prnmngr -d -p "\\server\printer"
 prnmngr -x -s server
 prnmngr -l -s server
 prnmngr -g
 prnmngr -t -p "printer"

 

PRNPORT.VBS

 Copyright (c) Microsoft Corporation. All rights reserved.

 Abstract:
 prnport.vbs - Port script for WMI on Windows 
     used to add, delete and list ports
     also for getting and setting the port configuration

 Usage:
 prnport [-adlgt?] [-r port] [-s server] [-u user name] [-w password]
                   [-o raw|lpr] [-h host address] [-q queue] [-n number]
                   [-me | -md ] [-i SNMP index] [-y community] [-2e | -2d]"

 Examples
 prnport -a -s server -r IP_1.2.3.4 -e 1.2.3.4 -o raw -n 9100
 prnport -d -s server -r c:\temp\foo.prn
 prnport -l -s server
 prnport -g -s server -r IP_1.2.3.4
 prnport -t -s server -r IP_1.2.3.4 -me -y public -i 1 -n 9100

 

PRNQCTL.VBS

 Copyright (c) Microsoft Corporation. All rights reserved.

 Abstract:
 prnqctl.vbs - printer control script for WMI on Windows 
    used to pause, resume and purge a printer
    also used to print a test page on a printer

 Usage:
 prnqctl [-zmex?] [-s server] [-p printer] [-u user name] [-w password]

 Examples:
 prnqctl -m -s server -p printer
 prnqctl -x -s server -p printer
 prnqctl -e -b printer

 

PROCDUMP   (Version 7.0.1.0)

ProcDump v7.1 - Writes process dump files
Copyright (C) 2009-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
With contributions from Andrew Richards

Monitors a process and writes a dump file when the process exceeds the
specified criteria or has an exception.

usage: procdump [-a] [[-c|-cl CPU usage] [-u] [-s seconds]] [-n exceeds] [-e [1] [-b]] [-f <filter,...>] [-g] [-h] [-l] [-m|-ml commit usage] [-ma | -mp] [-o] [-p|-pl counter threshold] [-r [1..5]] [-t] [-d <callback DLL>] [-64] <[-w] <process name or service name or PID> [dump file] | -i [dump folder] | -u | -x <dump file> <image file> [arguments] >

   -a      Avoid outage. Requires -r. If the trigger will cause the target
           to suspend for a prolonged time due to an exceeded concurrent
           dump limit, the trigger will be skipped.
   -b      Treat debug breakpoints as exceptions (otherwise ignore them).
   -c      CPU threshold above which to create a dump of the process.
   -cl     CPU threshold below which to create a dump of the process.
   -d      Invoke the minidump callback routine named MiniDumpCallbackRoutine
           of the specified DLL.
   -e      Write a dump when the process encounters an unhandled exception.
           Include the 1 to create dump on first chance exceptions.
   -f      Filter on the content of exceptions and debug logging.
           Wildcards (*) are supported.
   -g      Run as a native debugger in a managed process (no interop).
   -h      Write dump if process has a hung window (does not respond to
           window messages for at least 5 seconds).
   -i      Install ProcDump as the AeDebug postmortem debugger.
           Only -ma, -mp, -d and -r are supported as additional options.
           Uninstall (-u only) restores the previous configuration.
   -l      Display the debug logging of the process.
   -m      Memory commit threshold in MB at which to create a dump.
   -ml     Trigger when memory commit drops below specified MB value.
   -ma     Write a dump file with all process memory. The default
           dump format only includes thread and handle information.
   -mp     Write a dump file with thread and handle information, and all
           read/write process memory. To minimize dump size, memory areas
           larger than 512MB are searched for, and if found, the largest
           area is excluded. A memory area is the collection of same
           sized memory allocation areas. The removal of this (cache)
           memory reduces Exchange and SQL Server dumps by over 90%.
   -n      Number of dumps to write before exiting.
   -o      Overwrite an existing dump file.
   -p      Trigger on the specified performance counter when the threshold
           is exceeded. Note: to specify a process counter when there are
           multiple instances of the process running, use the process ID
           with the following syntax: "\Process(<name>_<pid>)\counter"
   -pl     Trigger when performance counter falls below the specified value.
   -r      Dump using a clone. Concurrent limit is optional (default 1, max 5).
           CAUTION: a high concurrency value may impact system performance.
           - Windows 7   : Uses Reflection. OS doesn't support -e.
           - Windows 8.0 : Uses Reflection. OS doesn't support -e.
           - Windows 8.1+: Uses PSS. All trigger types are supported.
   -s      Consecutive seconds before dump is written (default is 10).
   -t      Write a dump when the process terminates.
   -u      Treat CPU usage relative to a single core (used with -c).
           As the only option, Uninstalls ProcDump as the postmortem debugger.
   -w      Wait for the specified process to launch if it's not running.
   -x      Launch the specified image with optional arguments. 
           If it is a Store Application or Package, ProcDump will start
           on the next activation (only).
   -64     By default ProcDump will capture a 32-bit dump of a 32-bit process
           when running on 64-bit Windows. This option overrides to create a
           64-bit dump. Only use for WOW64 subsystem debugging.

Use the -accepteula command line option to automatically accept the
Sysinternals license agreement.

Use -? -e to see example command lines.

If you omit the dump file name, it defaults to <processname>_<datetime>.dmp.

 

PROMPT   (internal command)

Changes the cmd.exe command prompt.

PROMPT [text]

  text    Specifies a new command prompt.

Prompt can be made up of normal characters and the following special codes:

  $A   & (Ampersand)
  $B   | (pipe)
  $C   ( (Left parenthesis)
  $D   Current date
  $E   Escape code (ASCII code 27)
  $F   ) (Right parenthesis)
  $G   > (greater-than sign)
  $H   Backspace (erases previous character)
  $L   < (less-than sign)
  $N   Current drive
  $P   Current drive and path
  $Q   = (equal sign)
  $S     (space)
  $T   Current time
  $V   Windows version number
  $_   Carriage return and linefeed
  $$   $ (dollar sign)

If Command Extensions are enabled the PROMPT command supports
the following additional formatting characters:

  $+   zero or more plus sign (+) characters depending upon the
       depth of the PUSHD directory stack, one character for each
       level pushed.

  $M   Displays the remote name associated with the current drive
       letter or the empty string if current drive is not a network
       drive.

 

PSEXEC   (Version 2.20.0.0)

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

PsExec executes a program on a remote system, where remotely executed console
applications execute interactively.

Usage: psexec [\\computer[,computer2[,...] | @file]][-u user [-p psswd][-n s][-r servicename][-h][-l][-s|-e][-x][-i [session]][-c [-f|-v]][-w directory][-d][-<priority>][-a n,n,...] cmd [arguments]
     -a         Separate processors on which the application can run with
                commas where 1 is the lowest numbered CPU. For example,
                to run the application on CPU 2 and CPU 4, enter:
                "-a 2,4"
     -c         Copy the specified program to the remote system for
                execution. If you omit this option the application
                must be in the system path on the remote system.
     -d         Don't wait for process to terminate (non-interactive).
     -e         Does not load the specified account's profile.
     -f         Copy the specified program even if the file already
                exists on the remote system.
     -i         Run the program so that it interacts with the desktop of the
                specified session on the remote system. If no session is
                specified the process runs in the console session.
     -h         If the target system is Vista or higher, has the process
                run with the account's elevated token, if available.
     -l         Run process as limited user (strips the Administrators group
                and allows only privileges assigned to the Users group).
                On Windows Vista the process runs with Low Integrity.
     -n         Specifies timeout in seconds connecting to remote computers.
     -p         Specifies optional password for user name. If you omit this
                you will be prompted to enter a hidden password.
     -r         Specifies the name of the remote service to create or interact.
                with.
     -s         Run the remote process in the System account.
     -u         Specifies optional user name for login to remote
                computer.
     -v         Copy the specified file only if it has a higher version number
                or is newer on than the one on the remote system.
     -w         Set the working directory of the process (relative to
                remote computer).
     -x         Display the UI on the Winlogon secure desktop (local system
                only).
     -arm       Specifies the remote computer is of ARM architecture.
     -priority	Specifies -low, -belownormal, -abovenormal, -high or
                -realtime to run the process at a different priority. Use
                -background to run at low memory and I/O priority on Vista.
     computer   Direct PsExec to run the application on the remote
                computer or computers specified. If you omit the computer
                name PsExec runs the application on the local system, 
                and if you specify a wildcard (\\*), PsExec runs the
                command on all computers in the current domain.
     @file      PsExec will execute the command on each of the computers listed
                in the file.
     cmd	    Name of application to execute.
     arguments  Arguments to pass (note that file paths must be
                absolute paths on the target system).
     -accepteula This flag suppresses the display of the license dialog.
     -nobanner   Do not display the startup banner and copyright message.

You can enclose applications that have spaces in their name with
quotation marks e.g. psexec \\marklap "c:\long name app.exe".
Input is only passed to the remote system when you press the enter
key, and typing Ctrl-C terminates the remote process.

If you omit a user name the process will run in the context of your
account on the remote system, but will not have access to network
resources (because it is impersonating). Specify a valid user name
in the Domain\User syntax if the remote process requires access
to network resources or to run in a different account. Note that
the password and command is encrypted in transit to the remote system.

Error codes returned by PsExec are specific to the applications you
execute, not PsExec.

 

PSFILE   (Version 1.3.0.0)

PsFile v1.03 - Lists files and directories opened remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals

PsFile lists or closes files opened remotely.

Usage: PSFILE [\\RemoteComputer [-u Username [-p Password]]] [[Id | path] [-c]]
     -u        Specifies optional user name for login to
               remote computer.
     -p        Specifies password for user name.
     Id        Id of file to print information for or close.
     Path      Full or partial path of files to match.
     -c        Closes file identified by file Id.
     -nobanner Do not display the startup banner and copyright message.
Omitting a file identifier has PsFile list all files opened remotely.

 

PSGETSID   (Version 1.45.0.0)

PsGetSid v1.45 - Translates SIDs to names and vice versa
Copyright (C) 1999-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


Usage: PSGETSID [\\computer[,computer2[,...] | @file] [-u Username [-p Password]]] [account | SID]
     -u         Specifies optional user name for login to
                remote computer.
     -p         Specifies optional password for user name. If you omit this
                you will be prompted to enter a hidden password.
     account    PsGetSid will report the SID for the specified user account
                rather than the computer.
     SID        PsGetSid will report the account for the specified SID.
     computer   Direct PsGetSid to perform the command on the remote
                computer or computers specified. If you omit the computer
                name PsGetSid runs the command on the local system, 
                and if you specify a wildcard (\\*), PsGetSid runs the
                command on all computers in the current domain.
     @file      PsGetSid will execute the command on each of the computers listed
                in the file.
     -nobanner  Do not display the startup banner and copyright message.

 

PSINFO   (Version 1.78.0.0)

PsInfo v1.78 - Local and remote system information viewer
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

PsInfo returns information about a local or remote Windows NT/2000/XP system.

Usage: psinfo [-h] [-s] [-d] [-c [-t delimiter]] [filter] [\\computer[,computer[,..]]|@file [-u Username [-p Password]]]
     -u        Specifies optional user name for login to
               remote computer.
     -p        Specifies password for user name.
     -h        Show installed hotfixes.
     -s        Show installed software.
     -d        Show disk volume information.
     -c        Print in CSV format
     -t        The default delimiter for the -c option is a comma,
               but can be overriden with the specified character. Use
               "\t" to specify tab.
     filter    Psinfo will only show data for the field matching the filter.
               e.g. "psinfo service" lists only the service pack field.
     computer  Direct PsInfo to perform the command on the remote
               computer or computers specified. If you omit the computer
               name PsInfo runs the command on the local system, 
               and if you specify a wildcard (\\*), PsInfo runs the
               command on all computers in the current domain.
     @file     PsInfo will run against the computers listed in the file
               specified.
     -nobanner Do not display the startup banner and copyright message.

 

PSKILL   (Version 1.16.0.0)

PsKill v1.16 - Terminates processes on local or remote systems
Copyright (C) 1999-2016  Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: pskill [-t] [\\computer [-u username [-p password]]] <process ID | name>
     -t    Kill the process and its descendants.
     -u    Specifies optional user name for login to
           remote computer.
     -p    Specifies optional password for user name. If you omit this
           you will be prompted to enter a hidden password.
     -nobanner Do not display the startup banner and copyright message.

 

PSLIST   (Version 1.4.0.0)

PsList v1.4 - Process information lister
Copyright (C) 2000-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: PSLIST [-d][-m][-x][-t][-s [n] [-r n] [\\computer [-u username][-p password][name|pid]
   -d          Show thread detail.
   -m          Show memory detail.
   -x          Show processes, memory information and threads.
   -t          Show process tree.
   -s [n]      Run in task-manager mode, for optional seconds specified.
               Press Escape to abort.
   -r n        Task-manager mode refresh rate in seconds (default is 1).
   \\computer  Specifies remote computer.
   -u          Optional user name for remote login.
   -p          Optional password for remote login. If you don't present
               on the command line pslist will prompt you for it if necessary.
   name        Show information about processes that begin with the name
               specified.
   -e          Exact match the process name.
   -nobanner   Do not display the startup banner and copyright message.
   pid         Show information about specified process.

All memory values are displayed in KB.
Abbreviation key:
   Pri         Priority
   Thd         Number of Threads
   Hnd         Number of Handles
   VM          Virtual Memory
   WS          Working Set
   Priv        Private Virtual Memory
   Priv Pk     Private Virtual Memory Peak
   Faults      Page Faults
   NonP        Non-Paged Pool
   Page        Paged Pool
   Cswtch      Context Switches

 

PSLOGGEDON   (Version 1.35.0.0)

PsLoggedon v1.35 - See who's logged on
Copyright (C) 2000-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: PSLOGGEDON [-l] [-x] [\\computername]
    or PSLOGGEDON [username]
-l     Show only local logons
-x     Don't show logon times
-nobanner Do not display the startup banner and copyright message.

 

PSLOGLIST   (Version 2.71.0.0)

PsLoglist v2.71 - local and remote event log viewer
Copyright (C) 2000-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

PsLogList dumps event logs on a local or remote NT system.

Usage: psloglist [\\computer[,computer2[,...] | @file] [-u username [-p password]]] [-s [-t delimiter]] [-m #|-n #|-d #|-h #|-w][-c][-x][-r][-a mm/dd/yy][-b mm/dd/yy] [-f filter] [-i ID,[ID,...]] | -e ID,[ID,...]] [-o event source[,event source[,...]]] [-q event source[,event source[,...]]] [[-g|-l] event log file] <event log>
     @file     Psloglist will execute the command on each of the computers
               listed in the file.
     -a        Dump records timestamped after specified date.
     -b        Dump records timestamped before specified date.
     -c        Clear event log after displaying.
     -d        Only display records from previous n days.
     -e        Exclude events with the specified ID or IDs (up to 10).
     -f        Filter event types, using starting letter
               (e.g. "-f we" to filter warnings and errors).
     -g        Export an event log as an evt file.
     -h        Only display records from previous n hours.
     -i        Show only events with the specified ID or IDs (up to 10).
     -l        Dump the contents of the specified saved event log file.
     -m        Only display records from previous n minutes.
     -n        Only display n most recent records.
     -o        Show only records from the specified event source or sources
               (e.g. "-o cdrom"). Append '*' to specify substring match.
     -p        Specifies password for user name.
     -q        Omit records from the specified event source or sources
               (e.g. "-q cdrom").
               Append '*' to specify substring match.
     -r        Dump log from least recent to most recent.
     -s        Records are listed on one line each with delimited
               fields, which is convenient for string searches.
     -t        The default delimiter for the -s option is a comma,
               but can be overriden with the specified character. Use "\t"
               to specify tab.
     -u        Specifies optional user name for login to
               remote computer.
     -w        Wait for new events, dumping them as they generate (local system
               only.)
     -x        Dump extended data.
     -z        List event logs registered on specified system.
     eventlog  Specifies event log to dump. Default is system. If the
               -l switch is present then the event log name specifies
               how to interpret the event log file.

 

PSPASSWD   (Version 1.24.0.0)

PsPasswd v1.24 - Local and remote password changer
Copyright (C) 2003-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

PsPasswd changes passwords on a local or remote system.

Usage for local accounts:
  pspasswd [\\[computer[,computer,[,...]]|@file] [-u Username [-p Password]]] <Account> [NewPassword]
Usage for domain accounts:
  pspasswd <Domain\Account> [NewPassword]

     computer    Computer or computers on which the local account exists. If
                 you omit the computer name, the local computer is assumed.
                 If you specify a wildcard (\\*), PsPasswd runs the
                 command on all computers in the current domain or workgroup.
     @file       PsPasswd will change the password on the computers listed
                 in the file.
     -u          Specifies optional user name for login to remote computer.
     -p          Specifies optional password for user name. If you omit this
                 you will be prompted to enter a hidden password.
     -nobanner   Do not display the startup banner and copyright message.
     Domain      Specifies name of the domain of the target account.
     Account     Specifies name of the account for password change.
     NewPassword New password. If omitted a NULL password is applied.

 

PSPING   (Version 2.10.0.0)

PsPing v2.10 - PsPing - ping, latency, bandwidth measurement utility
Copyright (C) 2012-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

PsPing implements Ping functionality, TCP ping, UDP/TCP latency, and UDP / TCP
bandwidth measurement.

Help usage: psping -? [i|t|l|b]
   -? i   Usage for ICMP ping.
   -? t   Usage for TCP ping.
   -? l   Usage for latency test.
   -? b   Usage for bandwidth test.
  -nobanner   Do not display the startup banner and copyright message.

 

PSSERVICE   (Version 2.25.0.0)

PsService v2.25 - Service information and configuration utility
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

PsService lists or controls services on a local or remote system.

Usage: PSSERVICE [\\Computer [-u Username [-p Password]]] <cmd> <optns>
Cmd is one of the following:
   query      Queries the status of a service
   config     Queries the configuration
   setconfig  Sets the configuration
   start      Starts a service
   stop       Stops a service
   restart    Stops and then restarts a service
   pause      Pauses a service
   cont       Continues a paused service
   depend     Enumerates the services that depend on the one specified
   find       Searches for an instance of a service on the network
   security   Reports the security permissions assigned to a service
Use the username and password to log into the remote computer in cases where
your account does not have permissions to perform the action you specify.

Omitting a command queries the active services on the specified computer.
Enter -? for help on a particular command.
Use option -nobanner to supress the startup banner and copyright message.

 

PSSHUTDOWN   (Version 2.52.0.0)

PsShutdown v2.52 - Shutdown, logoff and power manage local and remote systems
Copyright (C) 1999-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

usage:
psshutdown -s|-r|-h|-d|-k|-a|-l|-o [-f] [-c] [-t [nn|h:m]] [-v nn] [-e [u|p]:xx:yy] [-m "message"] [-u Username [-p password]] [-n s] [\\computer[,computer[,...]|@file]
   -a          Abort a shutdown (only possible while countdown is in progress)
   -c          Allow the shutdown to be aborted by the interactive user
   -d          Suspend the computer
   -e          Shutdown reason code (available on Windows XP and higher).
               Specify 'u' for unplanned and 'p' for planned
               shutdown reason codes.
               xx is the major reason code (must be less than 256)
               yy is the minor reason code (must be less than 65536)
   -f          Forces running applications to close
   -h          Hibernate the computer
   -k          Poweroff the computer (reboot if poweroff is not supported)
   -l          Lock the computer
   -m          Message to display to logged on users
   -n          Specifies timeout in seconds connecting to remote computers
   -o          Logoff the console user
   -p          Specifies optional password for user name. If you omit this
               you will be prompted to enter a hidden password.
   -r          Reboot after shutdown
   -s          Shutdown without poweroff
   -t          Specifies countdown in seconds until shutdown (default is 20) or
               the time of shutdown (in 24 hour notation)
   -u          Specifies optional user name for login to remote
               computer.
   -v          Display message for the specified number of seconds before
               the shutdown. If you omit this parameter the shutdown
               notification dialog displays and specifying a value of 0
               omits the dialog.
   computer    Shutdown the computer or computers specified
   @file       Shutdown the computers listed in the file specified


Reasons defined on this computer (U = unplanned, P = planned):
Type   Major   Minor   Title
  U      0       0     Other (Unplanned)
  P      0       0     Other (Planned)
  U      1       1     Hardware: Maintenance (Unplanned)
  P      1       1     Hardware: Maintenance (Planned)
  U      1       2     Hardware: Installation (Unplanned)
  P      1       2     Hardware: Installation (Planned)
  U      2       2     Operating System: Recovery (Planned)
  P      2       2     Operating System: Recovery (Planned)
  P      2       3     Operating System: Upgrade (Planned)
  U      2       4     Operating System: Reconfiguration (Unplanned)
  P      2       4     Operating System: Reconfiguration (Planned)
  P      2      16     Operating System: Service pack (Planned)
  U      2      17     Operating System: Hot fix (Unplanned)
  P      2      17     Operating System: Hot fix (Planned)
  U      2      18     Operating System: Security fix (Unplanned)
  P      2      18     Operating System: Security fix (Planned)
  U      4       1     Application: Maintenance (Unplanned)
  P      4       1     Application: Maintenance (Planned)
  P      4       2     Application: Installation (Planned)
  U      4       5     Application: Unresponsive
  U      4       6     Application: Unstable
  U      5      19     Security issue
  P      5      19     Security issue
  U      5      20     Loss of network connectivity (Unplanned)
  P      7       0     Legacy API shutdown

 

PSSUSPEND   (Version 1.7.0.0)

PsSuspend v1.07 - Process Suspender
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals

PsSuspend suspends or resumes processes on a local or remote NT system.

Usage: pssuspend [-r] [\\RemoteComputer [-u Username [-p Password]]] <process Id or name>
     -r    Resume.
     -u    Specifies optional user name for login to
           remote computer.
     -p    Specifies optional password for user name. If you omit this
           you will be prompted to enter a hidden password.
     -nobanner Do not display the startup banner and copyright message.

 

PUBPRN.VBS

    pubprn.vbs - publish printers from a non Windows 2000 server into Windows 2000 DS
    

     Arguments are:-
        server - format server
        DS container - format "LDAP:\\CN=...,DC=...."


    Copyright (c) Microsoft Corporation 1997
   All Rights Reserved

 

PUSHD   (internal command)

Stores the current directory for use by the POPD command, then
changes to the specified directory.

PUSHD [path | ..]

  path        Specifies the directory to make the current directory.

If Command Extensions are enabled the PUSHD command accepts
network paths in addition to the normal drive letter and path.
If a network path is specified, PUSHD will create a temporary
drive letter that points to that specified network resource and
then change the current drive and directory, using the newly
defined drive letter.  Temporary drive letters are allocated from
Z: on down, using the first unused drive letter found.

 

QAPPSRV   (Version 6.1.7601.17514)

Displays the available Remote Desktop Session Host servers on the network.

QUERY TERMSERVER [servername] [/DOMAIN:domain] [/ADDRESS] [/CONTINUE]

  servername      Identifies a Remote Desktop Session Host server.
  /DOMAIN:domain  Displays information for the specified domain (defaults 
                  to the current domain).
  /ADDRESS        Displays network and node addresses.
  /CONTINUE       Does not pause after each screen of information.

 

QPROCESS   (Version 6.1.7601.17514)

Displays information about processes.

QUERY PROCESS [* | processid | username | sessionname | /ID:nn | programname]
  [/SERVER:servername]

  *                  Display all visible processes.
  processid          Display process specified by processid.
  username           Display all processes belonging to username.
  sessionname        Display all processes running at sessionname.
  /ID:nn             Display all processes running at session nn.
  programname        Display all processes associated with programname.
  /SERVER:servername The Remote Desktop Session Host server to be queried.

 

QUERY   (Version 6.1.7601.17514)

QUERY { PROCESS | SESSION | TERMSERVER | USER }

 

QUSER   (Version 6.1.7600.16385)

Display information about users logged on to the system.

QUERY USER [username | sessionname | sessionid] [/SERVER:servername]

  username            Identifies the username.
  sessionname         Identifies the session named sessionname.
  sessionid           Identifies the session with ID sessionid.
  /SERVER:servername  The server to be queried (default is current).

 

QWINSTA   (Version 6.1.7600.16385)

Display information about Remote Desktop Sessions.

QUERY SESSION [sessionname | username | sessionid]
              [/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER] [/VM]

  sessionname         Identifies the session named sessionname.
  username            Identifies the session with user username.
  sessionid           Identifies the session with ID sessionid.
  /SERVER:servername  The server to be queried (default is current).
  /MODE               Display current line settings.
  /FLOW               Display current flow control settings.
  /CONNECT            Display current connect settings.
  /COUNTER            Display current Remote Desktop Services counters information.
  /VM                 Display information about sessions within virtual machines.

 

RASDIAL   (Version 6.1.7600.16385)

USAGE:
	RASDIAL entryname [username [password|*]] [/DOMAIN:domain]
		[/PHONE:phonenumber] [/CALLBACK:callbacknumber]
		[/PHONEBOOK:phonebookfile] [/PREFIXSUFFIX]

	RASDIAL [entryname] /DISCONNECT

	RASDIAL

	For Online Privacy Information please refer to
	'http://go.microsoft.com/fwlink/?LinkId=104288'

 

RD   (internal command)

Removes (deletes) a directory.

RMDIR [/S] [/Q] [drive:]path
RD [/S] [/Q] [drive:]path

    /S      Removes all directories and files in the specified directory
            in addition to the directory itself.  Used to remove a directory
            tree.

    /Q      Quiet mode, do not ask if ok to remove a directory tree with /S

 

RDPSIGN   (Version 6.1.7601.17514)

All rdp file(s) have been succesfully signed.
NAME

rdpsign [options] [items to sign]

OPTIONS

  /sha1 HASH
       Specified the SHA1 hash of the signing certificate.
  /q
       Quiet mode:  No output when success, minimal output when failed.
  /v
       Verbose mode:  Display all warnings, messages, and status.
  /l
       Test signing and output results without actually replacing any of the inputs.  Ignores when input files are on stdin.

 

REAGENTC   (Version 6.1.7600.16385)

Configures the Windows Recovery Environment (RE).

REAGENTC.EXE [options]

  where the following operations can be specified:

  /setreimage /path <dir_name> [/target <dir_name>] [/bootkey <scan_code>]
             Sets the location of the user-provided Windows RE image.
             The optional /target switch specifies the path to the location
             that contains the Windows installation.
             The optional /bootkey switch specifies the scan code for an
             OEM-specific launch button.

  /setosimage [/path <dir_name> [/target <dir_name>]] [/customtool]
             /path sets the location of the user-provided OS Setup files.
             Alternatively /customtool specifies that a an imaging tool
             was specified inside Windows RE.

  /info [/target <dir_name>]
             Displays Windows RE configuration information.
             The optional /target switch specifies the path to the location
             that contains the Windows installation.

  /enable
             Enable Windows RE for auto-failover and recovery.

  /disable
             Disable Windows RE auto-failover and recovery.

  /boottore
             Configure the BCD to launch Windows Recovery next time the system
             starts up.

REAGENTC.EXE: Operation successful

 

RECIMG   (Version 1.0.0.0)

Configures the recovery image Windows uses to refresh your PC.

RECIMG.EXE <command> <arguments>

The recimg.exe command line tool lets you configure a custom recovery image 
for Windows to use when you refresh your PC. When you create a custom 
recovery image, it will contain the desktop apps you've installed, and the 
Windows system files in their current state. Recovery images do not contain 
your documents, personal settings, user profiles, or apps from Windows Store,
because that information is preserved at the time you refresh your PC.

When you create a custom recovery image, recimg will store it in the 
specified directory, and set it as the active recovery image. If a custom 
recovery image is set as the active recovery image, Windows will use it when
you refresh your PC. You can use the /setcurrent and /deregister options to
select which recovery image Windows will use. All recovery images have the 
filename CustomRefresh.wim. If no CustomRefresh.wim file is found in the 
active recovery image directory, Windows will fall back to the default image 
(or to installation media) when you refresh your PC.

Note that you cannot reset your PC using a custom recovery image. Custom
recovery images can only be used to refresh your PC.

The following commands can be specified:


	/createimage <directory>
	Captures a new custom recovery image in the location specified by
	<directory>, and sets it as the active recovery image.


	/setcurrent <directory>
	Sets the active recovery image to the CustomRefresh.wim file in the 
	location specified by <directory>. Windows will use this image when you
	refresh your PC, even if a recovery image provided by your PC's 
	manufacturer is present.


	/deregister
	Deregisters the current custom recovery image. If a recovery image
	provided by your PC's manufacturer is present, Windows will use that
	image when you refresh your PC. Otherwise, Windows will use your
	installation media when you refresh your PC.


	/showcurrent
 	Displays the path to the directory in which the current active recovery
	image is stored.


	/help, /?
	Displays this help text.

 

RECOVER   (Version 6.1.7600.16385)

Recovers readable information from a bad or defective disk.

RECOVER [drive:][path]filename
Consult the online Command Reference in Windows Help
before using the RECOVER command.

 

REG   (Version 6.1.7600.16385)

REG Operation [Parameter List]

  Operation  [ QUERY   | ADD    | DELETE  | COPY    |
               SAVE    | LOAD   | UNLOAD  | RESTORE |
               COMPARE | EXPORT | IMPORT  | FLAGS ]

Return Code: (Except for REG COMPARE)

  0 - Successful
  1 - Failed

For help on a specific operation type:

  REG Operation /?

Examples:

  REG QUERY /?
  REG ADD /?
  REG DELETE /?
  REG COPY /?
  REG SAVE /?
  REG RESTORE /?
  REG LOAD /?
  REG UNLOAD /?
  REG COMPARE /?
  REG EXPORT /?
  REG IMPORT /?
  REG FLAGS /?

 

REGDELNULL   (Version 1.10.0.0)

RegDelNull v1.10 - Delete Registry keys with embedded Nulls
Copyright (C) 2005-2006 Mark Russinovich
Sysinternals - www.sysinternals.com

Usage: regdelnull <path> [-s] [-r]
  path    Registry path e.g. hklm\software
  -s      Recurse into subkeys

Example: regdelnull -s hklm
This command scans all keys under HKLM.

 

REGINI   (Version 6.1.7600.16385)

usage: REGINI [-m \\machinename | -h hivefile hiveroot]
              [-i n] [-o outputWidth]
              [-b] textFiles...

where: -m specifies a remote Windows NT machine whose registry is to be manipulated.
       -h specifies a specify local hive to manipulate.
       -i n specifies the display indentation multiple.  Default is 4
       -o outputWidth specifies how wide the output is to be.  By default the
          outputWidth is set to the width of the console window if standard
          output has not been redirected to a file.  In the latter case, an
          outputWidth of 240 is used.

       -b specifies that REGINI should be backward compatible with older
           versions of REGINI that did not strictly enforce line continuations
           and quoted strings Specifically, REG_BINARY, REG_RESOURCE_LIST and
           REG_RESOURCE_REQUIREMENTS_LIST data types did not need line
           continuations after the first number that gave the size of the data.
           It just kept looking on following lines until it found enough data
           values to equal the data length or hit invalid input.  Quoted
           strings were only allowed in REG_MULTI_SZ.  They could not be
           specified around key or value names, or around values for REG_SZ or
           REG_EXPAND_SZ  Finally, the old REGINI did not support the semicolon
           as an end of line comment character.
       
       textFiles is one or more ANSI or Unicode text files with registry data.
       
       Some general rules are:
           Semicolon character is an end-of-line comment character, provided it
           is the first non-blank character on a line
       
           Backslash character is a line continuation character.  All
           characters from the backslash up to but not including the first
           non-blank character of the next line are ignored.  If there is more
           than one space before the line continuation character, it is
           replaced by a single space.
       
           Indentation is used to indicate the tree structure of registry keys
           The REGDMP program uses indentation in multiples of 4.  You may use
           hard tab characters for indentation, but embedded hard tab
           characters are converted to a single space regardless of their
           position
           
           Values should come before child keys, as they are associated with
           the previous key at or above the value's indentation level.
       
           For key names, leading and trailing space characters are ignored and
           not included in the key name, unless the key name is surrounded by
           quotes.  Imbedded spaces are part of a key name.
       
           Key names can be followed by an Access Control List (ACL) which is a
           series of decimal numbers, separated by spaces, bracketed by a
           square brackets (e.g.  [8 4 17]).  The valid numbers and their
           meanings are:
       
              1  - Administrators Full Access
              2  - Administrators Read Access
              3  - Administrators Read and Write Access
              4  - Administrators Read, Write and Delete Access
              5  - Creator Full Access
              6  - Creator Read and Write Access
              7  - World Full Access
              8  - World Read Access
              9  - World Read and Write Access
              10 - World Read, Write and Delete Access
              11 - Power Users Full Access
              12 - Power Users Read and Write Access
              13 - Power Users Read, Write and Delete Access
              14 - System Operators Full Access
              15 - System Operators Read and Write Access
              16 - System Operators Read, Write and Delete Access
              17 - System Full Access
              18 - System Read and Write Access
              19 - System Read Access
              20 - Administrators Read, Write and Execute Access
              21 - Interactive User Full Access
              22 - Interactive User Read and Write Access
              23 - Interactive User Read, Write and Delete Access
       
           If there is an equal sign on the same line as a left square bracket
           then the equal sign takes precedence, and the line is treated as a
           registry value.  If the text between the square brackets is the
           string DELETE with no spaces, then REGINI will delete the key and
           any values and keys under it.
       
           For registry values, the syntax is:
       
              value Name = type data
       
           Leading spaces, spaces on either side of the equal sign and spaces
           between the type keyword and data are ignored, unless the value name
           is surrounded by quotes.  If the text to the right of the equal sign
           is the string DELETE, then REGINI will delete the value.
       
           The value name may be left off or be specified by an at-sign
           character which is the same thing, namely the empty value name.  So
           the following two lines are identical:
       
              = type data
              @ = type data
       
           This syntax means that you can't create a value with leading or
           trailing spaces, an equal sign or an at-sign in the value name,
           unless you put the name in quotes.
       
           Valid value types and format of data that follows are:
       
              REG_SZ text
              REG_EXPAND_SZ text
              REG_MULTI_SZ "string1" "str""ing2" ...
              REG_DATE mm/dd/yyyy HH:MM DayOfWeek
              REG_DWORD numberDWORD
              REG_BINARY numberOfBytes numberDWORD(s)...
              REG_NONE (same format as REG_BINARY)
              REG_RESOURCE_LIST (same format as REG_BINARY)
              REG_RESOURCE_REQUIREMENTS (same format as REG_BINARY)
              REG_RESOURCE_REQUIREMENTS_LIST (same format as REG_BINARY)
              REG_FULL_RESOURCE_DESCRIPTOR (same format as REG_BINARY)
              REG_QWORD numberQWORD
              REG_MULTISZ_FILE fileName
              REG_BINARYFILE fileName
       
           If no value type is specified, default is REG_SZ
       
           For REG_SZ and REG_EXPAND_SZ, if you want leading or trailing spaces
           in the value text, surround the text with quotes.  The value text
           can contain any number of imbedded quotes, and REGINI will ignore
           them, as it only looks at the first and last character for quote
           characters.
       
           For REG_MULTI_SZ, each component string is surrounded by quotes.  If
           you want an imbedded quote character, then double quote it, as in
           string2 above.
       
           For REG_BINARY, the value data consists of one or more numbers The
           default base for numbers is decimal.  Hexidecimal may be specified
           by using 0x prefix.  The first number is the number of data bytes,
           excluding the first number.  After the first number must come enough
           numbers to fill the value.  Each number represents one DWORD or 4
           bytes.  So if the first number was 0x5 you would need two more
           numbers after that to fill the 5 bytes.  The high order 3 bytes
           of the second DWORD would be ignored.
       
       Whenever specifying a registry path, either on the command line
       or in an input file, the following prefix strings can be used:
       
            HKEY_LOCAL_MACHINE
            HKEY_USERS
            HKEY_CURRENT_USER
            USER:
       
          Each of these strings can stand alone as the key name or be followed
          a backslash and a subkey path.

 

REGISTER-CIMPROVIDER   (Version 6.3.9600.16406)

Registers CIM Provider into system

Usage:  Register-CimProvider.exe
		-Namespace <NamespaceName>
		-ProviderName <ProviderName>
		-Path <ProviderDllPath>
		[-Impersonation <True or False>]
		[-Decoupled <SDDL>]
		[-HostingModel <HostingModel>]
		[-Localize <locale>]
		[-NoAutorecover]
		[-SupportWQL]
		[-GenerateUnregistration]
		[-ForceUpdate]
		[-Verbose]

-Namespace <NamespaceName>
	Specifies the target namespace of the provider.

-ProviderName <ProviderName>
	Specifies the provider name.

-Path <ProviderDllPath>
	Specifies the provider binary path.

-Impersonation <True or False>
	Specifies foldidentity of decoupled provider, by default is True.

-Decoupled <SDDL>
	Registers provider as decoupled and specifies the security descriptor
	that determines the set of users that can successfully register
	the provider.

-HostingModel <HostingModel>
	Specifies the HostingModel of coupled provider.

-Localize <locale>
	Localizes the provider with resource of specified locale.

-NoAutorecover
	Doesn't autorecover the provider.

-SupportWQL
	Passes the query expression to the filter.

-GenerateUnregistration
	Generate the uninstall mof for the registration,
	which is disabled by default.

-ForceUpdate
	Force update the class if it exists in the system.

-Verbose
	Outputs registration log.

 

RELOG   (Version 6.1.7601.18869)

Microsoft © Relog.exe (6.1.7601.18869)

Relog creates new performance logs from data in existing performance logs by
changing the sampling rate and/or converting the file format. Supports all
performance log formats, including Windows NT 4.0 compressed logs.

Usage:
RELOG <filename [filename ...]> 
                                [options]

Parameters:
  <filename [filename ...]>     Performance file to relog.

Options:
  -?                            Displays context sensitive help.
  -a                            Append output to the existing binary file.
  -c <path [path ...]>          Counters to filter from the input log.
  -cf <filename>                File listing performance counters to filter
                                from the input log. Default is all counters
                                in the original log file.
  -f <CSV|TSV|BIN|SQL>          Output file format.
  -t <value>                    Only write every nth record into the output
                                file. Default is to write every record.
  -o                            Output file path or SQL database.
  -b <d-M-yyyy HH:mm:ss>        Begin time for the first record to write into
                                the output file.
  -e <d-M-yyyy HH:mm:ss>        End time for the last record to write into
                                the output file.
  -config <filename>            Settings file containing command options.
  -q                            List performance counters in the input file.
  -y                            Answer yes to all questions without prompting.

Examples:
  relog logfile.csv -c "\Processor(_Total)\% Processor Time" -o logfile.blg
  relog logfile.blg -cf counters.txt -f bin
  relog logfile.blg -f csv -o logfile.csv -t 2
  relog logfile.blg -q -o counters.txt

 

REM   (internal command)

Records comments (remarks) in a batch file or CONFIG.SYS.

REM [comment]

 

REN   (internal command)

Renames a file or files.

RENAME [drive:][path]filename1 filename2.
REN [drive:][path]filename1 filename2.

Note that you cannot specify a new drive or path for your destination file.

 

RENAME   (internal command)

Renames a file or files.

RENAME [drive:][path]filename1 filename2.
REN [drive:][path]filename1 filename2.

Note that you cannot specify a new drive or path for your destination file.

 

REPAIR-BDE   (Version 6.1.7601.17514)

BitLocker Drive Encryption: Repair Tool version 6.1.7601
Copyright (C) Microsoft Corporation.

Usage:

repair-bde[.exe] InputVolume
                  { OutputVolumeOrImage | {-NoOutputVolume|-nov} }
                  { {-RecoveryPassword|-rp} NumericalPassword |
                    {-RecoveryKey|-rk} PathToExternalKeyFile }
                  [{-KeyPackage|-kp} PathToKeyPackage]
                  [{-LogFile|-lf} PathToLogFile]
                  [{-?|/?}]

Description:
  Attempts to repair or decrypt a damaged BitLocker-encrypted volume using the
  supplied recovery information. 

  WARNING! To avoid additional data loss, you should have a spare hard drive
  available. Use this spare drive to store decrypted output or to back up the
  contents of the damaged volume.  

Parameters:
  InputVolume
                The BitLocker-encrypted volume to repair. Example: "C:".

  OutputVolumeOrImage
                Optional. The volume to store decrypted contents, or the file
                location to create an image file of the contents.
                Examples: "D:", "D:\imagefile.img".
                
                WARNING! All information on this output volume will be
                overwritten.

  -nov or -NoOutputVolume
                Attempt to repair a BitLocker-encrypted volume by modifying the
                boot sector to point to a valid copy of BitLocker metadata. 
                
                WARNING! To avoid additional data loss, use a sector backup
                utility to back up the input volume before using this option.
                If you do not have such a utility available, specify an output
                volume or image instead.

  -rk  or -RecoveryKey
                Provide an external key to unlock the volume. 
                Example: "F:\RecoveryKey.bek".

  -rp  or -RecoveryPassword
                Provide a numerical password to unlock the volume.
                Example: "111111-222222-333333-...".

  -kp  or -KeyPackage
                Optional. Provide a key package to unlock the volume.
                Example: "F:\ExportedKeyPackage"
                
            If this option is blank, the tool will look for the key package
            automatically. This option is needed only if required by the tool.
	
  -lf  or -LogFile
                Optional. Provide a path to a file that will store progress
                information. Example: "F:\log.txt".

  -f   or -Force
                Optional. When used, forces a volume to be dismounted even if
                it cannot be locked. This option is needed only if required by
                the tool.

  -?   or /?    
                Shows this screen.

Examples:
  repair-bde C: -NoOutputVolume -rk F:\RecoveryKey.bek -Force
  repair-bde C: D: -rp 111111-222222-[...] -lf F:\log.txt
  repair-bde C: D: -kp F:\KeyPackage -rp 111111-222222-[...]
  repair-bde C: D:\imagefile.img -kp F:\KeyPackage -rk F:\RecoveryKey.bek

 

REPLACE   (Version 6.1.7600.16385)

Replaces files.

REPLACE [drive1:][path1]filename [drive2:][path2] [/A] [/P] [/R] [/W]
REPLACE [drive1:][path1]filename [drive2:][path2] [/P] [/R] [/S] [/W] [/U]

  [drive1:][path1]filename Specifies the source file or files.
  [drive2:][path2]         Specifies the directory where files are to be
                           replaced.
  /A                       Adds new files to destination directory. Cannot
                           use with /S or /U switches.
  /P                       Prompts for confirmation before replacing a file or
                           adding a source file.
  /R                       Replaces read-only files as well as unprotected
                           files.
  /S                       Replaces files in all subdirectories of the
                           destination directory. Cannot use with the /A
                           switch.
  /W                       Waits for you to insert a disk before beginning.
  /U                       Replaces (updates) only files that are older than
                           source files. Cannot use with the /A switch.

 

RESET   (Version 6.1.7601.17514)

RESET { SESSION }

 

RMDIR   (internal command)

Removes (deletes) a directory.

RMDIR [/S] [/Q] [drive:]path
RD [/S] [/Q] [drive:]path

    /S      Removes all directories and files in the specified directory
            in addition to the directory itself.  Used to remove a directory
            tree.

    /Q      Quiet mode, do not ask if ok to remove a directory tree with /S

 

ROBOCOPY   (Version 5.1.10.1027)

-------------------------------------------------------------------------------
   ROBOCOPY     ::     Robust File Copy for Windows                              
-------------------------------------------------------------------------------

  Started : Tue May 02 14:10:01 2017

              Usage :: ROBOCOPY source destination [file [file]...] [options]

             source :: Source Directory (drive:\path or \\server\share\path).
        destination :: Destination Dir  (drive:\path or \\server\share\path).
               file :: File(s) to copy  (names/wildcards: default is "*.*").

::
:: Copy options :
::
                 /S :: copy Subdirectories, but not empty ones.
                 /E :: copy subdirectories, including Empty ones.
             /LEV:n :: only copy the top n LEVels of the source directory tree.

                 /Z :: copy files in restartable mode.
                 /B :: copy files in Backup mode.
                /ZB :: use restartable mode; if access denied use Backup mode.
            /EFSRAW :: copy all encrypted files in EFS RAW mode.

  /COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                       (copyflags : D=Data, A=Attributes, T=Timestamps).
                       (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

           /DCOPY:T :: COPY Directory Timestamps.

               /SEC :: copy files with SECurity (equivalent to /COPY:DATS).
           /COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU).
            /NOCOPY :: COPY NO file info (useful with /PURGE).

            /SECFIX :: FIX file SECurity on all files, even skipped files.
            /TIMFIX :: FIX file TIMes on all files, even skipped files.

             /PURGE :: delete dest files/dirs that no longer exist in source.
               /MIR :: MIRror a directory tree (equivalent to /E plus /PURGE).

               /MOV :: MOVe files (delete from source after copying).
              /MOVE :: MOVE files AND dirs (delete from source after copying).

     /A+:[RASHCNET] :: add the given Attributes to copied files.
     /A-:[RASHCNET] :: remove the given Attributes from copied files.

            /CREATE :: CREATE directory tree and zero-length files only.
               /FAT :: create destination files using 8.3 FAT file names only.
               /256 :: turn off very long path (> 256 characters) support.

             /MON:n :: MONitor source; run again when more than n changes seen.
             /MOT:m :: MOnitor source; run again in m minutes Time, if changed.

      /RH:hhmm-hhmm :: Run Hours - times when new copies may be started.
                /PF :: check run hours on a Per File (not per pass) basis.

             /IPG:n :: Inter-Packet Gap (ms), to free bandwidth on slow lines.

                /SL :: copy symbolic links versus the target.

            /MT[:n] :: Do multi-threaded copies with n threads (default 8).
                       n must be at least 1 and not greater than 128.
                       This option is incompatible with the /IPG and /EFSRAW options.
                       Redirect output using /LOG option for better performance.

::
:: File Selection Options :
::
                 /A :: copy only files with the Archive attribute set.
                 /M :: copy only files with the Archive attribute and reset it.
    /IA:[RASHCNETO] :: Include only files with any of the given Attributes set.
    /XA:[RASHCNETO] :: eXclude files with any of the given Attributes set.

 /XF file [file]... :: eXclude Files matching given names/paths/wildcards.
 /XD dirs [dirs]... :: eXclude Directories matching given names/paths.

                /XC :: eXclude Changed files.
                /XN :: eXclude Newer files.
                /XO :: eXclude Older files.
                /XX :: eXclude eXtra files and directories.
                /XL :: eXclude Lonely files and directories.
                /IS :: Include Same files.
                /IT :: Include Tweaked files.

             /MAX:n :: MAXimum file size - exclude files bigger than n bytes.
             /MIN:n :: MINimum file size - exclude files smaller than n bytes.

          /MAXAGE:n :: MAXimum file AGE - exclude files older than n days/date.
          /MINAGE:n :: MINimum file AGE - exclude files newer than n days/date.
          /MAXLAD:n :: MAXimum Last Access Date - exclude files unused since n.
          /MINLAD:n :: MINimum Last Access Date - exclude files used since n.
                       (If n < 1900 then n = n days, else n = YYYYMMDD date).

                /XJ :: eXclude Junction points. (normally included by default).

               /FFT :: assume FAT File Times (2-second granularity).
               /DST :: compensate for one-hour DST time differences.

               /XJD :: eXclude Junction points for Directories.
               /XJF :: eXclude Junction points for Files.

::
:: Retry Options :
::
               /R:n :: number of Retries on failed copies: default 1 million.
               /W:n :: Wait time between retries: default is 30 seconds.

               /REG :: Save /R:n and /W:n in the Registry as default settings.

               /TBD :: wait for sharenames To Be Defined (retry error 67).

::
:: Logging Options :
::
                 /L :: List only - don't copy, timestamp or delete any files.
                 /X :: report all eXtra files, not just those selected.
                 /V :: produce Verbose output, showing skipped files.
                /TS :: include source file Time Stamps in the output.
                /FP :: include Full Pathname of files in the output.
             /BYTES :: Print sizes as bytes.

                /NS :: No Size - don't log file sizes.
                /NC :: No Class - don't log file classes.
               /NFL :: No File List - don't log file names.
               /NDL :: No Directory List - don't log directory names.

                /NP :: No Progress - don't display percentage copied.
               /ETA :: show Estimated Time of Arrival of copied files.

          /LOG:file :: output status to LOG file (overwrite existing log).
         /LOG+:file :: output status to LOG file (append to existing log).

       /UNILOG:file :: output status to LOG file as UNICODE (overwrite existing log).
      /UNILOG+:file :: output status to LOG file as UNICODE (append to existing log).

               /TEE :: output to console window, as well as the log file.

               /NJH :: No Job Header.
               /NJS :: No Job Summary.

           /UNICODE :: output status as UNICODE.

::
:: Job Options :
::
       /JOB:jobname :: take parameters from the named JOB file.
      /SAVE:jobname :: SAVE parameters to the named job file
              /QUIT :: QUIT after processing command line (to view parameters). 
              /NOSD :: NO Source Directory is specified.
              /NODD :: NO Destination Directory is specified.
                /IF :: Include the following Files.

 

ROUTE   (Version 6.1.7600.16385)

Manipulates network routing tables.

ROUTE [-f] [-p] [-4|-6] command [destination]
                  [MASK netmask]  [gateway] [METRIC metric]  [IF interface]

  -f           Clears the routing tables of all gateway entries.  If this is
               used in conjunction with one of the commands, the tables are
               cleared prior to running the command.
               
  -p           When used with the ADD command, makes a route persistent across
               boots of the system. By default, routes are not preserved
               when the system is restarted. Ignored for all other commands, 
               which always affect the appropriate persistent routes. This 
               option is not supported in Windows 95.
               
  -4	       Force using IPv4.

  -6           Force using IPv6. 
  
  command      One of these:
                 PRINT     Prints  a route
                 ADD       Adds    a route
                 DELETE    Deletes a route
                 CHANGE    Modifies an existing route	
  destination  Specifies the host.
  MASK         Specifies that the next parameter is the 'netmask' value.
  netmask      Specifies a subnet mask value for this route entry.
               If not specified, it defaults to 255.255.255.255.
  gateway      Specifies gateway.
  interface    the interface number for the specified route.
  METRIC       specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

Pattern match is only allowed in PRINT command.
Diagnostic Notes:
    Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
    Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
             The route addition failed: The specified mask parameter is invalid. (Destination & Mask) != Destination.

Examples:

    > route PRINT
    > route PRINT -4
    > route PRINT -6
    > route PRINT 157*          .... Only prints those matching 157*
	
    > route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 3 IF 2
             destinationˆ      ˆmask      ˆgateway     metricˆ    ˆ
                                                         Interfaceˆ
      If IF is not given, it tries to find the best interface for a given 
      gateway.
    > route ADD 3ffe::/32 3ffe::1
    
    > route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2
    
      CHANGE is used to modify gateway and/or metric only.
    
    > route DELETE 157.0.0.0
    > route DELETE 3ffe::/32

 

RPCPING   (Version 6.1.7600.16385)

Usage: 
rpcping [-t <protseq>] [-s <server_addr>] [-e <endpoint>            
        |-f <interface UUID>[,MajorVer]] [-O <Interface Object UUID]
        [-i <#_iterations>] [-u <security_package_id>] [-a <authn_level>]                             
        [-N <server_princ_name>] [-I <auth_identity>] [-C <capabilities>]
        [-T <identity_tracking>] [-M <impersonation_type>]
        [-S <server_sid>] [-P <proxy_auth_identity>] [-F <RPCHTTP_flags>]
        [-H <RPC/HTTP_authn_schemes>] [-o <binding_options>]
        [-B <server_certificate_subject>] [-b] [-E] [-q] [-c]
        [-A <http_proxy_auth_identity>] [-U <HTTP_proxy_authn_schemes>]
        [-r <report_results_interval>] [-v <verbose_level>] [-d]


Pings a server using RPC. Options are:

-t <protseq> - protocol sequence to use. Can be one of the standard
    RPC protocol sequences - ncacn_ip_tcp, ncacn_np, ncacn_http, etc.
    If not specified, default is ncacn_ip_tcp.
    
-s <server_addr> - the server address. If not specified, the local
    machine will be pinged. E.g. server, server.com, 157.59.244.141
        
-e <endpoint> - the endpoint to ping. If none is specified, the endpoint
    mapper on the target machine will be pinged. This option is mutually
    exclusive with the interface (-f) option.

-o <binding_options> - the binding options for the RPC ping. See the
    MSDN for more details (RpcStringBindingCompose and RPC over HTTP).
    
-f <interface UUID>[,MajorVer] - the interface to ping. This option is
    mutually exclusive with the endpoint option. The interface is specified
    as a UUID. If the MajorVer is not specified, version 1 of the interface
    will be sought. When interface is specified, rpcping will query the
    endpoint mapper on the target machine to retrieve the endpoint for the
    specified interface. The endpoint mapper will be queried using the
    options specified in the command line.
    
-O <Object UUID> - Object Uuid if the interface registerd one.

-i <#_iterations> - number of calls to make. The default is 1. This
    option is useful for measuring connection latency if multiple
    iterations are specified.
    
-u <security_package_id> - the security package (security provider) RPC
    will use to make the call. The security package is identified as a
    number or a name. If a number is used it is the same number as in the
    RpcBindingSetAuthInfoEx API. The table below gives the names and
    numbers. Names are not case sensitive:
        Negotiate - 9 or one of nego, snego or negotiate
        NTLM - 10 or NTLM
        SChannel - 14 or SChannel
        Kerberos - 16 or Kerberos
        Kernel - 20 or Kernel
    If you specify this option you must specify authentication level other
    than none. There is no default for this option. If it is not specified,
    RPC will not use security for the ping.
    
-a <authn_level> - the authentication level to use. Possible values are
    connect, call, pkt, integrity and privacy. If this option is
    specified, the security package id (-u) must also be specified. There
    is no default for this option. If this option is not specified, RPC
    will not use security for the ping.


-N <server_princ_name> - specifies a server principal name. Same semantics
    as the ServerPrincName argument to RpcBindingSetAuthInfoEx. See the
    MSDN for more information on RpcBidningSetAuthInfoEx. This field can be
    used only when authentication level and security package are selected.
    
-I <auth_identity> - allows you to specify alternative identity to connect
    to the server. The identity is in the form user,domain,password where
    the three fields have the obvious meaning. If the user name, domain or
    password have special characters that can be interpreted by the shell
    be sure to enclose the identity in double quotes. You can specify *
    instead of the password and RPC will prompt you to enter the password
    without echoing it on the screen. If this field is not specified, the
    identity of the logged on user will be used. This field can be used
    only when authentication level and security package are selected.
  
-C <capabilities> - a hex bitmask of flags. It has the same meaning as
    the Capabilities field in the RPC_SECURITY_QOS structure described
    in the MSDN. This field can be used only when authentication level and
    security package are selected.
    
-T <identity_tracking> - can be static or dynamic. If not specified,
    dynamic is the default. This field can be used only when authentication
    level and security package are selected.

-M <impersonation_type> - can be anonymous, identify, impersonate or
    delegate. Default is impersonate. This field can be used only when
    authentication level and security package are selected.  


-S <server_sid> - the expected SID of the server. For more information
    see the Sid field in the RPC_SECURITY_QOS structure in the MSDN. Using      
    this option requires Windows .NET Server 2003 or higher. This field can
    be used only when authentication level and security package are
    selected.
    
-P <proxy_auth_identity> - specifies the identity to authenticate with to
    the RPC/HTTP proxy. Has the same format as for the -I option. 
    Also, you must specify security package (-u), authentication level 
    (-a), and authentication schemes (-H) in order to use this option.
    
-F <RPCHTTP_flags> - the flags to pass for RPC/HTTP front end
    authentication. The flags may be specified as numbers or names
    The currently recognized flags are:
        Use SSL - 1 or ssl or use_ssl
        Use first auth scheme - 2 or first or use_first
    See the Flags field in RPC_HTTP_TRANSPORT_CREDENTIALS for more 
    information. Also, you must specify security package (-u) and 
    authentication level (-a) in order to use this option.
    
-H <RPC/HTTP_authn_schemes> - the authentication schemes to use for
    RPC/HTTP front end authentication. This option is a list of numerical
    values or names separated by comma. E.g. Basic,NTLM. Recognized values
    are (names are not case sensitive:
        Basic - 1 or Basic
        NTLM - 2 or NTLM
        Certificate - 65536 or Cert
    Also, you must specify security package (-u) and authentication level 
    (-a) in order to use this option.
    
-B <server_certificate_subject> - the server certificate subject. For
    more information, see the ServerCertificateSubject field in the
    RPC_HTTP_TRANSPORT_CREDENTIALS structure in the MSDN. You must use
    SSL for this option to work. Also, you must specify security package 
    (-u) and authentication level (-a) in order to use this option.
    
-b - retrieves the server certificate subject from the certificate sent
    by the server and prints it to a screen or a log file. Valid only when
    the Proxy Echo only option (-E) and the use SSL options are specified.
    Also, you must specify security package (-u) and authentication level 
    (-a) in order to use this option.
    
-R - specifies the HTTP proxy. if it's 'none', we will not use HTTP proxy but
    directly attempt the RPC proxy. the value 'default' means to use the IE
    settings in your client machine. any other value will be treated as the
    explicit HTTP proxy. if you don't specify this flag, the default value
    is assumed, that is, the IE settings are checked. this flag is valid
    only when the -E (Echo Only) flag is enabled.


-E - restricts the ping to the RPC/HTTP proxy only. The ping does not
    reach the server. Useful when trying to establish whether the RPC/HTTP
    proxy is reachable. Also, you must specify security package (-u) and 
    authentication level (-a) in order to use this option. To specify an 
    HTTP proxy, use the -R flag. If an HTTP proxy is specified in the -o 
    flag, this option will be ignored.
 
-q - quiet mode. Does not issue any prompts except for passwords. Assumes
    'Y' response to all queries. Use this option with care.
    
-c - use smart card certificate. RPCPing will prompt user to choose
    smart card.
    
-A <http_proxy_auth_identity> - specifies the identity to authenticate
    with to the HTTP proxy. Has the same format as for the -I option. 
    Also, you must specify authentication schemes (-U), security package 
    (-u) and authentication level (-a) in order to use this option.
    
-U <HTTP_proxy_authn_schemes> - the authentication schemes to use for
    HTTP proxy authentication. This option is a list of numerical
    values or names separated by comma. E.g. Basic,NTLM. Recognized values 
    are (names are not case sensitive:
        Basic - 1 or Basic
        NTLM - 2 or NTLM
    You must specify security package (-u) and authentication level (-a) 
    in order to use this option.

-r <report_results_interval> - if multiple iterations are specified, this
    option will make rpcping display current execution statistics
    periodically instead after the last call. The report interval is given
    in seconds. Default is 15.
    
-v <verbose_level> - tells rpcping how verbose to make the output. Default
    value is 1. 2 and 3 provide more output from rpcping.

-d - launch RPC network diagnostic UI
        
Example: Find out if your Exchange server that you connect through
RPC/HTTP is accessible:
    rpcping -t ncacn_http -s exchange_server -o RpcProxy=front_end_proxy
        -P "username,domain,*" -H Basic -u NTLM -a connect -F 3
When prompted for the password, enter it. exchange_server is the name of
your exchange server, front_end_proxy is the name of your proxy, username
and domain are your user name and domain as you would enter them in the
Outlook prompt. The other parameters will ask rpcping to ping your
Exchange server in exactly the same way as Outlook will connect to it for
the typical profile.

-p - Prompt for credentials if authentication fails.

 

RU   (Version 1.10.0.0)

Ru v1.1 - report registry key usage
Copyright (C) 2013-2015 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: ru [-c[t]] [-l <levels> | -n | -v] [-q] <absolute path>
usage: ru [-c[t]] [-l <levels> | -n | -v] [-q] -h <hive file> [relative path]
   -c     Print output as CSV. Specify -ct for tab delimiting.
   -h     Load the specified hive file, perform the size calculation, then
          unload it and compress it.
   -l     Specify subkey depth of information (default is one level).
   -n     Do not recurse.
   -q     Quiet (no banner).
   -v     Show size of all subkeys.

CSV output is formatted as:
Path,CurrentValueCount,CurrentValueSize,ValueCount,KeyCount,KeySize,WriteTime

 

RWINSTA   (Version 6.1.7601.17514)

Reset the session subsytem hardware and software to known initial values.

RESET SESSION {sessionname | sessionid} [/SERVER:servername] [/V]

  sessionname         Identifies the session with name sessionname.
  sessionid           Identifies the session with ID sessionid.
  /SERVER:servername  The server containing the session (default is current).
  /V                  Display additional information.

 

SC   (Version 6.1.7600.16385)

ERROR:  Unrecognized command

DESCRIPTION:
        SC is a command line program used for communicating with the
        Service Control Manager and services.
USAGE:
        sc <server> [command] [service name] <option1> <option2>...


        The option <server> has the form "\\ServerName"
        Further help on commands can be obtained by typing: "sc [command]"
        Commands:
          query-----------Queries the status for a service, or
                          enumerates the status for types of services.
          queryex---------Queries the extended status for a service, or
                          enumerates the status for types of services.
          start-----------Starts a service.
          pause-----------Sends a PAUSE control request to a service.
          interrogate-----Sends an INTERROGATE control request to a service.
          continue--------Sends a CONTINUE control request to a service.
          stop------------Sends a STOP request to a service.
          config----------Changes the configuration of a service (persistent).
          description-----Changes the description of a service.
          failure---------Changes the actions taken by a service upon failure.
          failureflag-----Changes the failure actions flag of a service.
          sidtype---------Changes the service SID type of a service.
          privs-----------Changes the required privileges of a service.
          qc--------------Queries the configuration information for a service.
          qdescription----Queries the description for a service.
          qfailure--------Queries the actions taken by a service upon failure.
          qfailureflag----Queries the failure actions flag of a service.
          qsidtype--------Queries the service SID type of a service.
          qprivs----------Queries the required privileges of a service.
          qtriggerinfo----Queries the trigger parameters of a service.
          qpreferrednode--Queries the preferred NUMA node of a service.
          delete----------Deletes a service (from the registry).
          create----------Creates a service. (adds it to the registry).
          control---------Sends a control to a service.
          sdshow----------Displays a service's security descriptor.
          sdset-----------Sets a service's security descriptor.
          showsid---------Displays the service SID string corresponding to an arbitrary name.
          triggerinfo-----Configures the trigger parameters of a service.
          preferrednode---Sets the preferred NUMA node of a service.
          GetDisplayName--Gets the DisplayName for a service.
          GetKeyName------Gets the ServiceKeyName for a service.
          EnumDepend------Enumerates Service Dependencies.

        The following commands don't require a service name:
        sc <server> <command> <option>
          boot------------(ok | bad) Indicates whether the last boot should
                          be saved as the last-known-good boot configuration
          Lock------------Locks the Service Database
          QueryLock-------Queries the LockStatus for the SCManager Database
EXAMPLE:
        sc start MyService

Would you like to see help for the QUERY and QUERYEX commands? [ y | n ]: 

 

SCHTASKS   (Version 6.1.7601.17514)

SCHTASKS /parameter [arguments] 

Description:
    Enables an administrator to create, delete, query, change, run and
    end scheduled tasks on a local or remote system. 

Parameter List:
    /Create         Creates a new scheduled task.

    /Delete         Deletes the scheduled task(s).

    /Query          Displays all scheduled tasks.

    /Change         Changes the properties of scheduled task.

    /Run            Runs the scheduled task on demand.

    /End            Stops the currently running scheduled task.

    /ShowSid        Shows the security identifier corresponding to a scheduled task name.

    /?              Displays this help message.

Examples:
    SCHTASKS 
    SCHTASKS /?
    SCHTASKS /Run /?
    SCHTASKS /End /?
    SCHTASKS /Create /?
    SCHTASKS /Delete /?
    SCHTASKS /Query  /?
    SCHTASKS /Change /?
    SCHTASKS /ShowSid /?

 

SDBINST   (Version 6.0.7601.19050)

Usage: SDBINST [-?] [-q] [-u] [-g] [-p] [-n[:WIN32|WIN64]] myfile.sdb | {guid} | "name"

    -? - print this help text.
    -p - Allow SDBs containing patches.
    -q - Quiet mode: prompts are auto-accepted.
    -u - Uninstall.
    -g {guid} - GUID of file (uninstall only).
    -n "name" - Internal name of file (uninstall only).

 

SDELETE   (Version 1.61.0.0)

SDelete - Secure Delete v1.61
Copyright (C) 1999-2012 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: SDELETE [-p passes] [-s] [-q] <file or directory> ...
       SDELETE [-p passes] [-z|-c] [drive letter] ...
   -a         Remove Read-Only attribute
   -c         Clean free space
   -p passes  Specifies number of overwrite passes (default is 1)
   -q         Don't print errors (Quiet)
   -s or -r   Recurse subdirectories
   -z         Zero free space (good for virtual disk optimization)

 

SECEDIT   (Version 6.1.7600.16385)

The syntax of this command is:

secedit [/configure | /analyze | /import | /export | /validate | /generaterollback]

 

SET   (internal command)

Displays, sets, or removes cmd.exe environment variables.

SET [variable=[string]]

  variable  Specifies the environment-variable name.
  string    Specifies a series of characters to assign to the variable.

Type SET without parameters to display the current environment variables.

If Command Extensions are enabled SET changes as follows:

SET command invoked with just a variable name, no equal sign or value
will display the value of all variables whose prefix matches the name
given to the SET command.  For example:

    SET P

would display all variables that begin with the letter 'P'

SET command will set the ERRORLEVEL to 1 if the variable name is not
found in the current environment.

SET command will not allow an equal sign to be part of the name of
a variable.

Two new switches have been added to the SET command:

    SET /A expression
    SET /P variable=[promptString]

The /A switch specifies that the string to the right of the equal sign
is a numerical expression that is evaluated.  The expression evaluator
is pretty simple and supports the following operations, in decreasing
order of precedence:

    ()                  - grouping
    ! ~ -               - unary operators
    * / %               - arithmetic operators
    + -                 - arithmetic operators
    << >>               - logical shift
    &                   - bitwise and
    ˆ                   - bitwise exclusive or
    |                   - bitwise or
    = *= /= %= += -=    - assignment
      &= ˆ= |= <<= >>=
    ,                   - expression separator

If you use any of the logical or modulus operators, you will need to
enclose the expression string in quotes.  Any non-numeric strings in the
expression are treated as environment variable names whose values are
converted to numbers before using them.  If an environment variable name
is specified but is not defined in the current environment, then a value
of zero is used.  This allows you to do arithmetic with environment
variable values without having to type all those % signs to get their
values.  If SET /A is executed from the command line outside of a
command script, then it displays the final value of the expression.  The
assignment operator requires an environment variable name to the left of
the assignment operator.  Numeric values are decimal numbers, unless
prefixed by 0x for hexadecimal numbers, and 0 for octal numbers.
So 0x12 is the same as 18 is the same as 022. Please note that the octal
notation can be confusing: 08 and 09 are not valid numbers because 8 and
9 are not valid octal digits.

The /P switch allows you to set the value of a variable to a line of input
entered by the user.  Displays the specified promptString before reading
the line of input.  The promptString can be empty.

Environment variable substitution has been enhanced as follows:

    %PATH:str1=str2%

would expand the PATH environment variable, substituting each occurrence
of "str1" in the expanded result with "str2".  "str2" can be the empty
string to effectively delete all occurrences of "str1" from the expanded
output.  "str1" can begin with an asterisk, in which case it will match
everything from the beginning of the expanded output to the first
occurrence of the remaining portion of str1.

May also specify substrings for an expansion.

    %PATH:~10,5%

would expand the PATH environment variable, and then use only the 5
characters that begin at the 11th (offset 10) character of the expanded
result.  If the length is not specified, then it defaults to the
remainder of the variable value.  If either number (offset or length) is
negative, then the number used is the length of the environment variable
value added to the offset or length specified.

    %PATH:~-10%

would extract the last 10 characters of the PATH variable.

    %PATH:~0,-2%

would extract all but the last 2 characters of the PATH variable.

Finally, support for delayed environment variable expansion has been
added.  This support is always disabled by default, but may be
enabled/disabled via the /V command line switch to CMD.EXE.  See CMD /?

Delayed environment variable expansion is useful for getting around
the limitations of the current expansion which happens when a line
of text is read, not when it is executed.  The following example
demonstrates the problem with immediate variable expansion:

    set VAR=before
    if "%VAR%" == "before" (
        set VAR=after
        if "%VAR%" == "after" @echo If you see this, it worked
    )

would never display the message, since the %VAR% in BOTH IF statements
is substituted when the first IF statement is read, since it logically
includes the body of the IF, which is a compound statement.  So the
IF inside the compound statement is really comparing "before" with
"after" which will never be equal.  Similarly, the following example
will not work as expected:

    set LIST=
    for %i in (*) do set LIST=%LIST% %i
    echo %LIST%

in that it will NOT build up a list of files in the current directory,
but instead will just set the LIST variable to the last file found.
Again, this is because the %LIST% is expanded just once when the
FOR statement is read, and at that time the LIST variable is empty.
So the actual FOR loop we are executing is:

    for %i in (*) do set LIST= %i

which just keeps setting LIST to the last file found.

Delayed environment variable expansion allows you to use a different
character (the exclamation mark) to expand environment variables at
execution time.  If delayed variable expansion is enabled, the above
examples could be written as follows to work as intended:

    set VAR=before
    if "%VAR%" == "before" (
        set VAR=after
        if "!VAR!" == "after" @echo If you see this, it worked
    )

    set LIST=
    for %i in (*) do set LIST=!LIST! %i
    echo %LIST%

If Command Extensions are enabled, then there are several dynamic
environment variables that can be expanded but which don't show up in
the list of variables displayed by SET.  These variable values are
computed dynamically each time the value of the variable is expanded.
If the user explicitly defines a variable with one of these names, then
that definition will override the dynamic one described below:

%CD% - expands to the current directory string.

%DATE% - expands to current date using same format as DATE command.

%TIME% - expands to current time using same format as TIME command.

%RANDOM% - expands to a random decimal number between 0 and 32767.

%ERRORLEVEL% - expands to the current ERRORLEVEL value

%CMDEXTVERSION% - expands to the current Command Processor Extensions
    version number.

%CMDCMDLINE% - expands to the original command line that invoked the
    Command Processor.

%HIGHESTNUMANODENUMBER% - expands to the highest NUMA node number
    on this machine.

 

SETLOCAL   (internal command)

Begins localization of environment changes in a batch file.  Environment
changes made after SETLOCAL has been issued are local to the batch file.
ENDLOCAL must be issued to restore the previous settings.  When the end
of a batch script is reached, an implied ENDLOCAL is executed for any
outstanding SETLOCAL commands issued by that batch script.

SETLOCAL

If Command Extensions are enabled SETLOCAL changes as follows:

SETLOCAL batch command now accepts optional arguments:
        ENABLEEXTENSIONS / DISABLEEXTENSIONS
            enable or disable command processor extensions. These 
            arguments takes precedence over the CMD /E:ON or /E:OFF
            switches. See CMD /? for details.
        ENABLEDELAYEDEXPANSION / DISABLEDELAYEDEXPANSION
            enable or disable delayed environment variable
            expansion. These arguments takes precedence over the CMD
            /V:ON or /V:OFF switches. See CMD /? for details.
These modifications last until the matching ENDLOCAL command,
regardless of their setting prior to the SETLOCAL command.

The SETLOCAL command will set the ERRORLEVEL value if given
an argument.  It will be zero if one of the two valid arguments
is given and one otherwise.  You can use this in batch scripts
to determine if the extensions are available, using the following
technique:

    VERIFY OTHER 2>nul
    SETLOCAL ENABLEEXTENSIONS
    IF ERRORLEVEL 1 echo Unable to enable extensions

This works because on old versions of CMD.EXE, SETLOCAL does NOT
set the ERRORLEVEL value. The VERIFY command with a bad argument
initializes the ERRORLEVEL value to a non-zero value.

 

SETSPN   (Version 6.1.7600.16385)

Usage: SETSPN [modifiers switch] [accountname] 
  Where "accountname" can be the name or domain\name
  of the target computer or user account

  Edit Mode Switches:
   -R = reset HOST ServicePrincipalName
    Usage:   setspn -R accountname
   -A = add arbitrary SPN  
    Usage:   setspn -A SPN accountname
   -S = add arbitrary SPN after verifying no duplicates exist
    Usage:   setspn -S SPN accountname
   -D = delete arbitrary SPN
    Usage:   setspn -D SPN accountname
   -L = list SPNs registered to target account
    Usage:   setspn [-L] accountname   

  Edit Mode Modifiers:
   -C = specify that accountname is a computer account
   -U = specify that accountname is a user account
   
    Note: -C and -U are exclusive.  If neither is specified, the tool
     will interpret accountname as a computer name if such a computer
     exists, and a user name if it does not.

  Query Mode Switches:
   -Q = query for existence of SPN
    Usage:   setspn -Q SPN 
   -X = search for duplicate SPNs
    Usage:   setspn -X 

    Note: searching for duplicates, especially forestwide, can take
     a long period of time and a large amount of memory.  -Q will execute
     on each target domain/forest.  -X will return duplicates that exist
     across all targets. SPNs are not required to be unique across forests,
     but duplicates can cause authentication issues when authenticating
     cross-forest.

  Query Mode Modifiers:
   -P = suppresses progress to the console and can be used when redirecting
    output to a file or when used in an unattended script.  There will be no
    output until the command is complete.
   -F = perform queries at the forest, rather than domain level
   -T = perform query on the speicified domain or forest (when -F is also used)
    Usage:   setspn -T domain (switches and other parameters)
     "" or * can be used to indicate the current domain or forest.

    Note: these modifiers can be used with the -S switch in order to specify
     where the check for duplicates should be performed before adding the SPN.
    Note: -T can be specified multiple times.

Examples: 
setspn -R daserver1 
   It will register SPN "HOST/daserver1" and "HOST/{DNS of daserver1}" 
setspn -A http/daserver daserver1 
   It will register SPN "http/daserver" for computer "daserver1" 
setspn -D http/daserver daserver1 
   It will delete SPN "http/daserver" for computer "daserver1" 
setspn -F -S http/daserver daserver1 
   It will register SPN "http/daserver" for computer "daserver1"
    if no such SPN exists in the forest
setspn -U -A http/daserver dauser 
   It will register SPN "http/daserver" for user account "dauser" 
setspn -T * -T foo -X
   It will report all duplicate registration of SPNs in this domain and foo
setspn -T foo -F -Q */daserver
   It will find all SPNs of the form */daserver registered in the forest to
    which foo belongs

 

SETX   (Version 6.1.7600.16385)

SetX has three ways of working: 

Syntax 1:
    SETX [/S system [/U [domain\]user [/P [password]]]] var value [/M]

Syntax 2:
    SETX [/S system [/U [domain\]user [/P [password]]]] var /K regpath [/M]

Syntax 3:
    SETX [/S system [/U [domain\]user [/P [password]]]]
         /F file {var {/A x,y | /R x,y string}[/M] | /X} [/D delimiters]

Description:
    Creates or modifies environment variables in the user or system
    environment. Can set variables based on arguments, regkeys or
    file input.

Parameter List:
    /S     system          Specifies the remote system to connect to.

    /U     [domain\]user   Specifies the user context under which
                           the command should execute.

    /P     [password]      Specifies the password for the given
                           user context. Prompts for input if omitted.

    var                    Specifies the environment variable to set.

    value                  Specifies a value to be assigned to the 
                           environment variable.

    /K     regpath         Specifies that the variable is set based
                           on information from a registry key.
                           Path should be specified in the format of
                           hive\key\...\value. For example,
                           HKEY_LOCAL_MACHINE\System\CurrentControlSet\
                           Control\TimeZoneInformation\StandardName.

    /F     file            Specifies the filename of the text file
                           to use.

    /A     x,y             Specifies absolute file coordinates
                           (line X, item Y) as parameters to search 
                           within the file.

    /R     x,y string      Specifies relative file coordinates with
                           respect to "string" as the search parameters.

    /M                     Specifies that the variable should be set in
                           the system wide (HKEY_LOCAL_MACHINE)
                           environment. The default is to set the
                           variable under the HKEY_CURRENT_USER 
                           environment.

    /X                     Displays file contents with x,y coordinates.

    /D     delimiters      Specifies additional delimiters such as ","
                           or "\". The built-in delimiters are space,
                           tab, carriage return, and linefeed. Any 
                           ASCII character can be used as an additional
                           delimiter. The maximum number of delimiters,
                           including the built-in delimiters, is 15.

    /?                     Displays this help message.

NOTE: 1) SETX writes variables to the master environment in the registry.

      2) On a local system, variables created or modified by this tool
         will be available in future command windows but not in the
         current CMD.exe command window.

      3) On a remote system, variables created or modified by this tool
         will be available at the next logon session.

      4) The valid Registry Key data types are REG_DWORD, REG_EXPAND_SZ,
         REG_SZ, REG_MULTI_SZ.

      5) Supported hives:  HKEY_LOCAL_MACHINE (HKLM),
         HKEY_CURRENT_USER (HKCU).

      6) Delimiters are case sensitive.

      7) REG_DWORD values are extracted from the registry in decimal 
         format.

Examples:
    SETX MACHINE COMPAQ 
    SETX MACHINE "COMPAQ COMPUTER" /M
    SETX MYPATH "%PATH%"
    SETX MYPATH ~PATH~
    SETX /S system /U user /P password  MACHINE COMPAQ 
    SETX /S system /U user /P password MYPATH ˆ%PATHˆ% 
    SETX TZONE /K HKEY_LOCAL_MACHINE\System\CurrentControlSet\
         Control\TimeZoneInformation\StandardName
    SETX BUILD /K "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
         NT\CurrentVersion\CurrentBuildNumber" /M
    SETX /S system /U user /P password TZONE /K HKEY_LOCAL_MACHINE\
         System\CurrentControlSet\Control\TimeZoneInformation\
         StandardName
    SETX /S system /U user /P password  BUILD /K 
         "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\
         CurrentVersion\CurrentBuildNumber" /M
    SETX /F ipconfig.out /X 
    SETX IPADDR /F ipconfig.out /A 5,11 
    SETX OCTET1 /F ipconfig.out /A 5,3 /D "#$*." 
    SETX IPGATEWAY /F ipconfig.out /R 0,7 Gateway
    SETX /S system /U user /P password  /F c:\ipconfig.out /X

 

SFC   (Version 6.1.7600.16385)

Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

Scans the integrity of all protected system files and replaces incorrect versions with 
correct Microsoft versions.

SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
    [/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>]

/SCANNOW        Scans integrity of all protected system files and repairs files with
                problems when possible.
/VERIFYONLY     Scans integrity of all protected system files. No repair operation is
                performed.
/SCANFILE       Scans integrity of the referenced file, repairs file if problems are
                identified. Specify full path <file>
/VERIFYFILE     Verifies the integrity of the file with full path <file>.  No repair
                operation is performed.
/OFFBOOTDIR     For offline repair specify the location of the offline boot directory
/OFFWINDIR      For offline repair specify the location of the offline windows directory

e.g.

        sfc /SCANNOW
        sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
        sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows
        sfc /VERIFYONLY

 

SHADOW   (Version 6.1.7601.17514)

Monitor another Remote Desktop Services session.

SHADOW {sessionname | sessionid} [/SERVER:servername] [/V]

  sessionname         Identifies the session with name sessionname.
  sessionid           Identifies the session with ID sessionid.
  /SERVER:servername  The server containing the session (default is current).
  /V                  Display information about actions being performed.

 

SHIFT   (internal command)

Changes the position of replaceable parameters in a batch file.

SHIFT [/n]

If Command Extensions are enabled the SHIFT command supports
the /n switch which tells the command to start shifting at the
nth argument, where n may be between zero and eight.  For example:

    SHIFT /2

would shift %3 to %2, %4 to %3, etc. and leave %0 and %1 unaffected.

 

SHORTCUT   (Version 4.0.0.951)

shortcut: [-? -h -f -c -r -s] [[-t] target [[-n] name]] [-d working directory]
	[-a Arguments] [-i Iconfile] [-x Icon index] [-u {all|[natdix]}] 
	[-l logfile]

  -? -h        This help
  -f           Force overwrite of an existing short cut
  -c           Change existing shortcut
  -s           Make shortcut non tracking (Stupid)
  -r           Resolve broken shortcut
  -t target    Specifies the target of the shortcut
  -n name      Specifies the file name of the shortcut file
  -d directory Specifies the directory name to start the application in
  -a arguments Specifies the arguments passed when the shortcut is used
  -i iconfile  Specifiles the file the icon is in
  -x index     Specifies the index into the icon file
  -u [spec]    Dumps the contents of a shortcut. 'all' is the same as 'natdix'
               but the letters of 'natdix' can be specified to display specific
               fields in the shortcut (repeats allowed, and order followed)
  -l logfile   record error messages in specified file

 

SHUTDOWN   (Version 6.1.7600.16385)

Usage: SHUTDOWN [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]
    [/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

    No args    Display help. This is the same as typing /?.
    /?         Display help. This is the same as not typing any options.
    /i         Display the graphical user interface (GUI).
               This must be the first option.
    /l         Log off. This cannot be used with /m or /d options.
    /s         Shutdown the computer.
    /r         Shutdown and restart the computer.
    /g         Shutdown and restart the computer. After the system is
               rebooted, restart any registered applications.
    /a         Abort a system shutdown.
               This can only be used during the time-out period.
    /p         Turn off the local computer with no time-out or warning.
               Can be used with /d and /f options.
    /h         Hibernate the local computer.
               Can be used with the /f option.
    /e         Document the reason for an unexpected shutdown of a computer.
    /m \\computer Specify the target computer.
    /t xxx     Set the time-out period before shutdown to xxx seconds.
               The valid range is 0-315360000 (10 years), with a default of 30.
               If the timeout period is greater than 0, the /f parameter is
               implied.
    /c "comment" Comment on the reason for the restart or shutdown.
               Maximum of 512 characters allowed.
    /f         Force running applications to close without forewarning users.
               The /f parameter is implied when a value greater than 0 is
               specified for the /t parameter.
    /d [p|u:]xx:yy  Provide the reason for the restart or shutdown.
               p indicates that the restart or shutdown is planned.
               u indicates that the reason is user defined.
               If neither p nor u is specified the restart or shutdown is
               unplanned.
               xx is the major reason number (positive integer less than 256).
               yy is the minor reason number (positive integer less than 65536).

Reasons on this computer:
(E = Expected U = Unexpected P = planned, C = customer defined)
Type	Major	Minor	Title

 U  	0	0	Other (Unplanned)
E   	0	0	Other (Unplanned)
E P 	0	0	Other (Planned)
 U  	0	5	Other Failure: System Unresponsive
E   	1	1	Hardware: Maintenance (Unplanned)
E P 	1	1	Hardware: Maintenance (Planned)
E   	1	2	Hardware: Installation (Unplanned)
E P 	1	2	Hardware: Installation (Planned)
E   	2	2	Operating System: Recovery (Planned)
E P 	2	2	Operating System: Recovery (Planned)
  P 	2	3	Operating System: Upgrade (Planned)
E   	2	4	Operating System: Reconfiguration (Unplanned)
E P 	2	4	Operating System: Reconfiguration (Planned)
  P 	2	16	Operating System: Service pack (Planned)
    	2	17	Operating System: Hot fix (Unplanned)
  P 	2	17	Operating System: Hot fix (Planned)
    	2	18	Operating System: Security fix (Unplanned)
  P 	2	18	Operating System: Security fix (Planned)
E   	4	1	Application: Maintenance (Unplanned)
E P 	4	1	Application: Maintenance (Planned)
E P 	4	2	Application: Installation (Planned)
E   	4	5	Application: Unresponsive
E   	4	6	Application: Unstable
 U  	5	15	System Failure: Stop error
 U  	5	19	Security issue
E   	5	19	Security issue
E P 	5	19	Security issue
E   	5	20	Loss of network connectivity (Unplanned)
 U  	6	11	Power Failure: Cord Unplugged
 U  	6	12	Power Failure: Environment
  P 	7	0	Legacy API shutdown

 

SIGCHECK   (Version 2.42.0.0)

Sigcheck v2.42 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: SIGCHECK [-a][-h][-i][-e][-l][-n][[-s]|[-c|-ct]|[-m]][-q][-r][-u][-vt][-v[r][s]][-f catalog file] <file or directory>
usage: SIGCHECK -d [-c|-ct] <file or directory>
usage: SIGCHECK -o [-vt][-v[r]] <SIGCHECK csv file>
usage: SIGCHECK -t[u][v] [-i] [-c|-ct] <certificate store name|*>
  -a      Show extended version information. The entropy measure reported
          is the bits per byte of information of the file's contents.
  -c      CSV output with comma delimiter
  -ct     CSV output with tab delimiter
  -d      Dump contents of a catalog file
  -e      Scan executable images only (regardless of their extension)
  -f      Look for signature in the specified catalog file
  -h      Show file hashes
  -i      Show catalog name and signing chain
  -l      Traverse symbolic links and directory junctions
  -m      Dump manifest
  -n      Only show file version number
  -o      Performs Virus Total lookups of hashes captured in a CSV
          file previously captured by Sighcheck when using the -h option.
          This usage is intended for scans of offline systems.
  -q      Quiet (no banner)
  -r      Disable check for certificate revocation
  -s      Recurse subdirectories
  -t[u][v] Dump contents of specified certificate store ('*' for all stores).
          Specify -tu to query the user store (machine store is the default).
          Append '-v' to have Sigcheck download the trusted Microsoft
          root certificate list and only output valid certificates not rooted to
          a certificate on that list. If the site is not accessible,
          authrootstl.cab or authroot.stl in the current directory are
          used instead, if present.
  -u      If VirusTotal check is enabled, show files that are unknown
          by VirusTotal or have non-zero detection, otherwise show only
          unsigned files.
  -v[rs]  Query VirusTotal (www.virustotal.com) for malware based on file hash.
          Add 'r' to open reports for files with non-zero detection. Files
          reported as not previously scanned will be uploaded to VirusTotal
          if the 's' option is specified. Note scan results may not be
          available for five or more minutes.
  -vt     Before using VirusTotal features, you must accept
          VirusTotal terms of service. See:

          https://www.virustotal.com/en/about/terms-of-service/

          If you haven't accepted the terms and you omit this
          option, you will be interactively prompted.

 

SOON

---------------------------------------------------------------
SOON  :  Command Scheduling Utility  :  by kevina@microsoft.com
---------------------------------------------------------------

Usage : SOON [\\computername] [delay] [/INTERACTIVE] "command"
   or : SOON /D [/L:n] [/R:n] [/I:{ON|OFF}]

delay : the number of seconds from now when the scheduled job should start.

   /D : modify Default settings and/or display their current values.
   /L : set LocalDelay - default delay for Local jobs - initially 5 seconds.
   /R : set RemoteDelay - default delay for Remote jobs - initially 15 seconds.
   /I : set InteractiveAlways option - initially OFF.

SOON schedules a job to run in the near future, a number of seconds from now.
SOON closely resembles the AT command because SOON simply runs a suitable AT
command. For a details of the other arguments run "AT /?" without the quotes.

Examples : SOON CMD /C C:\JOBS\BATCH.CMD
           SOON 10 CMD /C C:\JOBS\BATCH.CMD
           SOON \\SERVER 60 /C \JOBS\BATCH.CMD
           SOON \\SERVER /INTERACTIVE CMD /C C:\JOBS\BATCH.CMD
           SOON /d /l:2 /r:30 /i:on

Current Settings :     InteractiveAlways = OFF
                    LocalDelay (seconds) = 5
                   RemoteDelay (seconds) = 15

 

SORT   (Version 6.1.7600.16385)

SORT [/R] [/+n] [/M kilobytes] [/L locale] [/REC recordbytes]
  [[drive1:][path1]filename1] [/T [drive2:][path2]]
  [/O [drive3:][path3]filename3]
  /+n                         Specifies the character number, n, to
                              begin each comparison.  /+3 indicates that
                              each comparison should begin at the 3rd
                              character in each line.  Lines with fewer
                              than n characters collate before other lines.
                              By default comparisons start at the first
                              character in each line.
  /L[OCALE] locale            Overrides the system default locale with
                              the specified one.  The ""C"" locale yields
                              the fastest collating sequence and is
                              currently the only alternative.  The sort
                              is always case insensitive.
  /M[EMORY] kilobytes         Specifies amount of main memory to use for
                              the sort, in kilobytes.  The memory size is
                              always constrained to be a minimum of 160
                              kilobytes.  If the memory size is specified
                              the exact amount will be used for the sort,
                              regardless of how much main memory is
                              available.

                              The best performance is usually achieved by
                              not specifying a memory size.  By default the
                              sort will be done with one pass (no temporary
                              file) if it fits in the default maximum
                              memory size, otherwise the sort will be done
                              in two passes (with the partially sorted data
                              being stored in a temporary file) such that
                              the amounts of memory used for both the sort
                              and merge passes are equal.  The default
                              maximum memory size is 90% of available main
                              memory if both the input and output are
                              files, and 45% of main memory otherwise.
  /REC[ORD_MAXIMUM] characters Specifies the maximum number of characters
                              in a record (default 4096, maximum 65535).
  /R[EVERSE]                  Reverses the sort order; that is,
                              sorts Z to A, then 9 to 0.
  [drive1:][path1]filename1   Specifies the file to be sorted.  If not
                              specified, the standard input is sorted.
                              Specifying the input file is faster than
                              redirecting the same file as standard input.
  /T[EMPORARY]
    [drive2:][path2]          Specifies the path of the directory to hold
                              the sort's working storage, in case the data
                              does not fit in main memory.  The default is
                              to use the system temporary directory.
  /O[UTPUT]
    [drive3:][path3]filename3 Specifies the file where the sorted input is
                              to be stored.  If not specified, the data is
                              written to the standard output.   Specifying
                              the output file is faster than redirecting
                              standard output to the same file.

 

START   (internal command)

Starts a separate window to run a specified program or command.

START ["title"] [/D path] [/I] [/MIN] [/MAX] [/SEPARATE | /SHARED]
      [/LOW | /NORMAL | /HIGH | /REALTIME | /ABOVENORMAL | /BELOWNORMAL]
      [/NODE <NUMA node>] [/AFFINITY <hex affinity mask>] [/WAIT] [/B]
      [command/program] [parameters]

    "title"     Title to display in window title bar.
    path        Starting directory.
    B           Start application without creating a new window. The
                application has ˆC handling ignored. Unless the application
                enables ˆC processing, ˆBreak is the only way to interrupt
                the application.
    I           The new environment will be the original environment passed
                to the cmd.exe and not the current environment.
    MIN         Start window minimized.
    MAX         Start window maximized.
    SEPARATE    Start 16-bit Windows program in separate memory space.
    SHARED      Start 16-bit Windows program in shared memory space.
    LOW         Start application in the IDLE priority class.
    NORMAL      Start application in the NORMAL priority class.
    HIGH        Start application in the HIGH priority class.
    REALTIME    Start application in the REALTIME priority class.
    ABOVENORMAL Start application in the ABOVENORMAL priority class.
    BELOWNORMAL Start application in the BELOWNORMAL priority class.
    NODE        Specifies the preferred Non-Uniform Memory Architecture (NUMA)
                node as a decimal integer.
    AFFINITY    Specifies the processor affinity mask as a hexadecimal number.
                The process is restricted to running on these processors.

                The affinity mask is interpreted differently when /AFFINITY and
                /NODE are combined.  Specify the affinity mask as if the NUMA
                node's processor mask is right shifted to begin at bit zero.
                The process is restricted to running on those processors in
                common between the specified affinity mask and the NUMA node.
                If no processors are in common, the process is restricted to
                running on the specified NUMA node.  
    WAIT        Start application and wait for it to terminate.
    command/program
                If it is an internal cmd command or a batch file then
                the command processor is run with the /K switch to cmd.exe.
                This means that the window will remain after the command
                has been run.

                If it is not an internal cmd command or batch file then
                it is a program and will run as either a windowed application
                or a console application.

    parameters  These are the parameters passed to the command/program.

NOTE: The SEPARATE and SHARED options are not supported on 64-bit platforms.

Specifying /NODE allows processes to be created in a way that leverages memory
locality on NUMA systems.  For example, two processes that communicate with
each other heavily through shared memory can be created to share the same
preferred NUMA node in order to minimize memory latencies.  They allocate
memory from the same NUMA node when possible, and they are free to run on
processors outside the specified node.

    start /NODE 1 application1.exe
    start /NODE 1 application2.exe

These two processes can be further constrained to run on specific processors
within the same NUMA node.  In the following example, application1 runs on the
low-order two processors of the node, while application2 runs on the next two
processors of the node.  This example assumes the specified node has at least
four logical processors.  Note that the node number can be changed to any valid
node number for that computer without having to change the affinity mask.

    start /NODE 1 /AFFINITY 0x3 application1.exe
    start /NODE 1 /AFFINITY 0xc application2.exe

If Command Extensions are enabled, external command invocation
through the command line or the START command changes as follows:

non-executable files may be invoked through their file association just
    by typing the name of the file as a command.  (e.g.  WORD.DOC would
    launch the application associated with the .DOC file extension).
    See the ASSOC and FTYPE commands for how to create these
    associations from within a command script.

When executing an application that is a 32-bit GUI application, CMD.EXE
    does not wait for the application to terminate before returning to
    the command prompt.  This new behavior does NOT occur if executing
    within a command script.

When executing a command line whose first token is the string "CMD "
    without an extension or path qualifier, then "CMD" is replaced with
    the value of the COMSPEC variable.  This prevents picking up CMD.EXE
    from the current directory.

When executing a command line whose first token does NOT contain an
    extension, then CMD.EXE uses the value of the PATHEXT
    environment variable to determine which extensions to look for
    and in what order.  The default value for the PATHEXT variable
    is:

        .COM;.EXE;.BAT;.CMD

    Notice the syntax is the same as the PATH variable, with
    semicolons separating the different elements.

When searching for an executable, if there is no match on any extension,
then looks to see if the name matches a directory name.  If it does, the
START command launches the Explorer on that path.  If done from the
command line, it is the equivalent to doing a CD /D to that path.

 

STREAMS   (Version 1.56.0.0)

Streams v1.56 - Enumerate alternate NTFS data streams
Copyright (C) 1999-2007 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: STREAMS [-s] [-d] <file or directory>
-s     Recurse subdirectories
-d     Delete streams

 

STRINGS   (Version 2.52.0.0)

Strings v2.51
Copyright (C) 1999-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: STRINGS [-a] [-f offset] [-b bytes] [-n length] [-o] [-q] [-s] [-u] <file or directory>
-a     Ascii-only search (Unicode and Ascii is default)
-b     Bytes of file to scan
-f     File offset at which to start scanning.
-o     Print offset in file string was located
-n     Minimum string length (default is 3)
-q     Quiet (no banner)
-s     Recurse subdirectories
-u     Unicode-only search (Unicode and Ascii is default)

 

SUBINACL   (Version 5.2.3790.1180)

SubInAcl version 5.2.3790.1180

USAGE
-----

Usage :
     SubInAcl [/option...] /object_type object_name [[/action[=parameter]...]



 /options    :
    /outputlog=FileName                 /errorlog=FileName
    /noverbose                          /verbose (default)
    /notestmode (default)               /testmode
    /alternatesamserver=SamServer       /offlinesam=FileName
    /stringreplaceonoutput=string1=string2
    /expandenvironmentsymbols (default) /noexpandenvironmentsymbols
    /statistic (default)                /nostatistic
    /dumpcachedsids=FileName            /separator=character
    /applyonly=[dacl,sacl,owner,group]
    /nocrossreparsepoint (default)      /crossreparsepoint

 /object_type :
    /service            /keyreg             /subkeyreg
    /file               /subdirectories[=directoriesonly|filesonly]
    /clustershare       /kernelobject       /metabase
    /printer            /onlyfile           /process
    /share              /samobject

 /action      :
    /display[=dacl|sacl|owner|primarygroup|sdsize|sddl] (default)
    /setowner=owner
    /replace=[DomainName\]OldAccount=[DomainName\]New_Account
    /accountmigration=[DomainName\]OldAccount=[DomainName\]New_Account
    /changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]]
    /migratetodomain=SourceDomain=DestDomain=[MappingFile[=Both]]
    /findsid=[DomainName\]Account[=stop|continue]
    /suppresssid=[DomainName\]Account
    /confirm
    /ifchangecontinue
    /cleandeletedsidsfrom=DomainName[=dacl|sacl|owner|primarygroup|all]
    /testmode
    /accesscheck=[DomainName\]Username
    /setprimarygroup=[DomainName\]Group
    /grant=[DomainName\]Username[=Access]
    /deny=[DomainName\]Username[=Access]
    /sgrant=[DomainName\]Username[=Access]
    /sdeny=[DomainName\]Username[=Access]
    /sallowdeny==[DomainName\]Username[=Access]
    /revoke=[DomainName\]Username
    /perm
    /audit
    /compactsecuritydescriptor
    /pathexclude=pattern
    /objectexclude=pattern
    /sddl=sddl_string
    /objectcopysecurity=object_path
    /pathcopysecurity=path_container

Usage  : SubInAcl   [/option...] /playfile file_name

Usage  : SubInAcl   /help [keyword]
         SubInAcl   /help /full
    keyword can be :
    features  usage syntax sids  view_mode test_mode object_type
    domain_migration server_migration substitution_features editing_features
	 - or -
    any [/option] [/action] [/object_type]


SYNTAX
------

describe SubInAcl syntax

The SubInAcl syntax is analog to the UNIX find tool.
For each object, SubInAcl :
    1. retrieves the security descriptor of the object
    2. applies the /action(s). The /actions are executed in the order of
       the command line
    3. If :
       - the security descriptor has been modified and
       - the /testmode switch has not been specified
       the changes are applied to the object
    For instance :
       - SubInAcl /outputlog=result.txt /subdirectories \\Server\c$\temp\*.*
                  /grant=Dom\John=F /noverbose /display
         For each file below \\Server\c$\temp, SubInAcl will
         - open the file
		  - grant full control for dom\john
         - display the security setting in noverbose mode
         - save the security descriptor.
         All outputs will be saved in result.txt

You can specify as many /actions as you wish. You must specify at least 3
characters for each action.
The command line is not case-sensitive

Ex: SubInAcl /file c:\temp\*.txt /replace=John=Smith /display
    for each *.txt file will - replace John with Smith
                             - display the whole security descriptor
                             - apply the changes if any

SubInAcl error messages are sent to the Standard error.
You can use the /output switch to save both outputs
and errors in the same file.


FEATURES
--------

describes SubInAcl main features
SubInAcl was designed to help administrators to manage security on
various objects.
It provides :
   - a unified way to manipulate security for different kinds of objects
     (files, registry keys, services, printer,...)
   - a console tool that allows to write scripts to automate
     security tasks
   - some features that help administrators to modify security if some
     changes occur in their organization:
         - user, group deletions (/suppresssid, /cleandeletedsidsfrom )
         - user, group migrations (/replace , /accountmigration) 
         - domain, server  migration (/changedomain, /migratetodomain) 
         ...
   - security descriptor editing features :
         - owner ( /setowner )
         - primary group ( /setprimarygroup )
         - permissions ( /grant , /deny , /revoke )
         - audit ( /sgrant, /sdeny, /sallowdeny)
   - access to remote objects
   - save and restore permissions (/playfile , /outputlog , /display )

You need SeBackupPrivilege SeRestorePrivilege
SeSecurityPrivilege SeTakeOwnershipPrivilege 
SeChangeNotifyPrivilege privileges (locally or remotely) to run this tool

Type SubInAcl /help to get extended help




SIDS
----

sids : explain how SubInAcl retrieves and translates SIDs

The security descriptor references users and groupswith a SID (Security
Identifier). A SID can be expressed in one of the following form:
         + DomainName\Account (ex: DOM\Administrators )
         + StandaloneServer\Group
         + Account ( see LookupAccount API )
         + s-1-x-x-x-x . x is expressed in decimal
           (ex: S-1-5-21-56248481-1302087933-1644394174-1001)
           Warning : In that case, no check is done to verify the existence
           of this SID.

SubInAcl maintains a local cache of SIDs to minimize SID to "Human Name"
translation network cost.

SubInAcl queries the server where the ressource object is located to
translate or retrieve SIDs. If needed, you can specify another SAM
server to translate SIDs (see /alternatesamserver).
If you try to replace SIDs and the originated domain or server is not online,
you can provide a file containing the needed SIDs (see /offlinesam).
You can dump the local cache of SIDs in a file (see /dumpcachedsids).


VIEW_MODE
---------

/noverbose /verbose

SubInAcl can be used in a quiet mode (/noverbose) or a in verbose mode
(/verbose , /Noverbose )
You can specify these switches either :
  - for the entire comand line :
       SubInAcl /noverbose /file *.dat /display
  - after a specific action    :
        SubInacl /file *.dat /display /noverbose /display



TEST_MODE
---------

/testmode /notestmode (default)

If /testmode is specified, the changes will not be reflected to the object
security descriptor. This option is useful to test the validity of a comand.
Ex : SubInacl /subdirec \\server\share\*.* /changedomain=DOMA=DOMB
              /ifchangecontinue /noverbose /display /testmode
     For each file modified this comand displays the modified security
     descriptor. But these changes will not physically apply to the files



OBJECT_TYPE
-----------

/file /subdirectories /onlyfile /keyreg /subkeyreg /service /share /clustershare /printer
/kernelobject /metabase /process /samobject

SubInAcl can work with various objects:
 - Files         :
      /file
      /subdirectories
      /onlyfile
 - Registry keys :
      /keyreg
      /subkeyreg
 - Services      :
      /service
 - Shares        :
      /share
      /clustershare
 - Printer       :
      /printer
 - Kernel named objects :
      /kernelobject
 - IIS adminidstration rights :
      /metabase
// - Process       :
      /process
 - Sam       :
      /SamObject

The actions are valid for all objects
Most of them support the enumeration with the * character


DOMAIN_MIGRATION
----------------

explain how to migrate security between domain SIDs

The main purpose of SubInAcl is to help administrators to migrate user(s)
if the domain architecture has changed.
For instance, the user John has moved and is now member of the DOMB domain.
You can reflect this change with :
SubInAcl /subdirec \\server\share\*.* /replace=OldDomain\John=DOMB\John
N.B: A trust relationship must be enabled between the domain of server and
OldDomain and NEWDOMAIN
N.B: If a trust relationship cannot be enabled, you can use the
/alternatesamserver=Server. Server should be the name of Domain Controller
Server

Sample :
  You have worked with a unique domain.
  You want to migrate a BDC named MIGRCONTROL with all the files and the
  users utilized on a new domain
  1. Reinstall the BDC as PDC to the NEWDOMAIN (without erasing the files)
  2. Create the users on NEWDOMAIN
  3. Create a "trusted relationship" with OLDDOMAIN
  4. Run SubInAcl /noverbose /subdirectories x:\*.*
                             /changedomain=OLDDOMAIN=NEWDOMAIN
  5. Verify the changes with SubInAcl /noverbose /subdirectories x:\*.*

Sample :
  You have worked with a standalone server named SERVER in a workgroup
  environment. You want to move this server (including users) to a domain DOM.
  1. Move SERVER to the domain DOM
  2. Create the users in the DOM domain
  3. SubInAcl /noverbose /subdirectories \\server\share
              /changedomain=SERVER=DOM

 See /changedomain /migratedomain /replace actions


SERVER_MIGRATION
----------------

explain how to migrate SIDs when objects are moved from one server to another one

Migrating file system from one local server to another local server is not
a trivial task. SubInAcl Version 2.2 has been enhanced to help this migration
process.
To migrate file system files from one local server and to preserve security,
you can perform the following steps:
 1. use scopy to copy files and ACLs on destination server
 2. create local groups on the destination server
 3. Use /changedomain or /changedomain with the /alternatesamserver option :
    By default SubInAcl queries the server where the objects are located to
    retrieve SIDS. This server is not aware of the SIDs valid on another
    standalone server
    To address this issue, you can use the /alternatesamserver option to ask
    SubInAcl to to use the alternamesamserver server if a SID resolution is
    not successfull on the initial server.
Sample :
    SubInAcl /alternatesamserver=SourceServer /subdirect
    \\DestServer\Share\*.*
             /migratedomain=SourceServer=DestServer

 See /alternatesamserver /migratedomain /offlinesam


EDITING_FEATURES
----------------

how to edit parts of the security descriptor

SubInAcl allows to modify each part of a a security descriptor :
- owner
       see /owner=SID or /setowner=SID
- primary group
       see /setprimarygroup=GroupSID
- system ACL (SubInAcl name = Audit ACL) with Access Control Entries
   (SubInAcl name= AAce = Audit ACE)
	see /audit /sgrant /sdeny /sallowdeny
- discretionnary ACL (SubInAcl name = Perm ACL ) with Access Control Entries
   (SubInAcl name= PAce = Perm ACE)
  see /perm   /pace=xxx  /revoke=SID /grant=SID=Access /deny=SID=access
       /sgrant=SID=Access /sdeny=SID=access
 /sallowdeny=SID=access- or the full security descriptor
  see /sddl=sddl_string



/SERVICE
--------

/service service_name

manipulate service
- \\ServerName\Messenger
- \\ServerName\M*
- Messenger
N.B: /driver can be used also.
      /driver  * will display all driversm
      /service * will display all services


/KEYREG
-------

/keyreg registry_key

manipulate registry keys
- HKEY_CURRENT_USER\Software
- HKEY_CURRENT_USER\Software\*Version
- \\Srv\HKEY_LOCAL_MACHINE\KeyPath


/SUBKEYREG
----------

/subkeyreg registry_key

manipulate registry keys and subkeys
- HKEY_CURRENT_USER\Software
- HKEY_CURRENT_USER\Software\*Version
- \\Srv\HKEY_LOCAL_MACHINE\KeyPath


/FILE
-----

/file filename

manipulate files
N.B: SubInAcl is not supported on DFS volumes
- *.obj
- c:\temp\*.obj
- \\servername\share\*.exe
- c:\
 /file=directoriesonly will apply parameters on directories only
 /file=filesonly will apply parameters on files only


/SUBDIRECTORIES
---------------

/subdirectories file_path

manipulate files in specified directory and all subdirectories
- c:\temp\*.obj     : work with all obj files
- c:\temp\test      : work with all test files below the c:\temp directory
- c:\temp\test\*.* : work with all files below temp\test
- c:\temp\test\    : work with all files below temp\test
 /subdirectories=directoriesonly will apply parameters on directories only
 /subdirectories=filesonly will apply parameters on files only


/ONLYFILE
---------

/onlyfile file_name

open a file without using the FindFilexxx mechanism.
Can be used to access named pipes or mailslot
- \\.\pipe\pipename


/SAMOBJECT
----------

/samobject samobject

allow to access ACL associated to SAM objects(users,localgroup,globalgroup).
Can be used to allow a localgroup(alias) created by a power users on a member
to be updated by another power users member
- \\samserver\localgroup
- \\samserver\*users*
- *group*
- Subinacl /samobject \\sams\testgroup /grant=poweruser1=f


/SHARE
------

/share file_share_name

access a network file share.
- \\server\share
- \\server\test*


/CLUSTERSHARE
-------------

/clustershare \\clustername\fileshareresource

access a cluster file share resource.
- \\clustername\FileShare_Resource_Name
- \\clustername\s*


/KERNELOBJECT
-------------

/kernelobject kernel_object_name

access a named kernel object.
Can be used to view mutex, sections, events objects


/PROCESS
--------

/process pid_or_executable_pattern

access a process object.
- notepad.* or pid_in_decimal


/METABASE 
----------

/metabase metabase_path

access to IIS metabase AdminACL metabase property
Note that this property can only be used with these Metabase paths
/LM/MSFTPSVC , /LM/MSFTPSVC/n , /LM/W3SVC , /LM/W3SVC/
This object doesn't support enumeration.
 - SubInAcl /metabase \\ServerName\LM\W3SVC /grant=administrator=F



/PRINTER 
---------

/printer printername

access to printer
- \\server\printer1
- \\server\*



/DISPLAY
--------

/display[=dacl|sacl|owner|primarygroup|sdsize|sddl]

display the security descriptor
You can also view part of the security descriptor. /display=dacl will
display the discretionary acl. /display=sddl will display the security
using the Win32 SDDL security descriptor string format (see Platform SDK)
The /noverbose display can be used to reapply the security descriptor
(see /playfile)


/PLAYFILE
---------

/playfile playfile

The /playfile feature allows SubInacl to run in a batch mode.
The format of the playfile command file is : 
   + object_type object_name
   /action[=parameter]...
   /action[=parameter]...
   +object_type object_name
   /action[=parameter]...

 SubInacl /playfile=playfile.txt with
 With playfile :
+subdirec *.txt
/grant=everyone=R
+service RkillSrv
/display
will give the same result than
SubInAcl /subdirectories *.txt  /grant=everyone=R
SubInAcl /service RkillSrv /display

One typical usage of the playfile feature is to allow to reapply security settings
saved previously because the output format of the noverbose /display is a playfile 
compatible format:
1.a)	SubInAcl  /noverbose /outputlog=d:\SubInaclSave.txt /subdirectories c:\*.* /display
This command saves all security settings for the files on C: drive.
Sids will be saved in the Domain\user string format
The /display option in a noverbose mode uses an output playfile compatible format
or
1.b)  SubInAcl /error=d:\Err.txt /outputlog=d:\SubInaclSave.txt /subdirectories c:\*.* /display=sddl
This command saves all security settings using the Win32 SDDL format.
Sids will be saved in the S-1-x-x form. This will not require SubInacl to translate Sids
This may minimize the elapsed time and resource usage
2)	SubInAcl /playfile d:\SubInaclSave.txt
This command will reapply the previously saved settings.

One other advantage of using a playfile is to improve performance and save network
bandwidth because SubInacl maintains a local cache of SIDs.
For instance if you issue :
SubInacl /subdirectories c:\*.* /migrate=domain1=domain2
And
SubInacl /subdirectories d:\*.* /migrate=domain1=domain2

Batching  these commands will reduce the network usage bandwidth and improve
performance because SID TO HUMAN NAME resolution process will be reduced.


/OUTPUTLOG
----------

/outputlog=filename

all outputs will be send in filename. You need to use /errlog switch to
redirect all errors in a different file


/ERRORLOG
---------

/errorlog=filename.txt

all errors will be send in the filename.txt


/ALTERNATESAMSERVER
-------------------

/alternatesamserver=Server

SubInAcl queries the Server where the object is located to lookup Sids.
Under some circumstances , you may need ( see server_migration or
domain_migration) to retrieve Sids from another server. If a Sid resolution is
unsuccessful, this option allows SubInAcl to query the alternamesamserver.


/OFFLINESAM
-----------

/offlinesam=FileName

By default, SubInAcl queries the Server where the object is located to lookup
Sids.Under some circumstances (migration where the source server is offline
or if a domain is no longer available, want to avoid network round trip
for SIDs retrievals), you may allow SubInAcl.exe to retrieve SIDs from 
the FileName file.
File format is :
__cachefileonly__=s-1-9-cacheonly
domain\simon=S-1-5-21-1190502449-1716722630-1654032285-1105
nat\julien=S-1-5-21-1060284298-436374069-1708537768-1005

where domain\simon and nat\julien can be a domain account or server account.
With the __cachefileonly__ line in the file, SubInAcl.exe will not query
SAM Server(s) anymore. All needed SIDs should be found in the SAM
cache file


/DUMPCACHEDSIDS
---------------

/dumpcachedsids=FileName

At the end of the subinacl execution,
you can dump the contents of the local cache Sids in a file.
This file can later be used for future SubInacl execution (see .
/offlinesam) to speed up the Sids resolution process)


/SETOWNER
---------

/setowner=SID

will change the owner of the object
/owner=SID or /setowner=SID
owner = DomainName\Administrators will retrieve the Administrators Sid on
the server where the object is (see Win32 SDK LookupAccountName function).


/REPLACE
--------

/replace=DomainName\OldAccount=DomainName\New_Account

    replace all ACEs (Audit and Permissions) in the object
    Ex: /replace=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will replace
        all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID
        retrieves from NEWDOM domain
    Warning: if DomainName\New_Account has already an ACE, ACE replacement is
    skipped


/ACCOUNTMIGRATION
-----------------

/accountmigration=DomainName\OldAccount=DomainName\New_Account

    (see /replace)
    will :
    - replace owner or primary group if one of them is DomainName\OldAccount.
    - duplicate ACE(s) with reference to DomainName\OldAccount for New_Account
    Ex: /accountmigration=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will
    duplicate all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID
    retrieves from NEWDOM domain
    Warning : if DomainName\New_Account has already an ACE, ACE replacement is
    skipped


/CLEANDELETEDSIDSFROM
---------------------

/cleandeletedsidsfrom=domain[=dacl|sacl|owner|primarygroup|all]

    delete all ACEs containing deleted (no valid) Sids from DomainName
    You can specify which part of the security descriptor will be scanned
    (default=all)
    If the owner is deleted, new owner will be the Administrators group.
    If the primary group is deleted, new primary group will be the Users group.


/CHANGEDOMAIN
-------------

/changedomain=OldDomainName=NewDomainName[=MappingFile[=Both]]

     replace all ACEs with a Sid from OldDomainName
     with the equivalent Sid found in NewSamServer
     Ex: /changedomain=DOM_MARKETING=NEWDOMAIN
     replace all ACEs containing DOM_MARKETING\ChairMan SID
     with the ChairMan's SID retrieved on NEWDOMAIN computer
     The NEWDOMAIN must have a trusted relationship with the server
     containing the object

     If you want to explicitly specify the users affected , you can specify a
     mapping file. The MappingFile file will allow you to specify the list of
     users affected and the name of the replacing user in the NewDomain

     Below a sample of a MappingFile

     simon=julien
     administrator=administrator 

     OldDomainName\Simon will be replaced by NewDomainName\Julien and
     OldDomainName\Administrator will be replaced with
     NewDomainName\Administrator

     If you use /changedomain=OldDomainName=NewDomainName=MappingFile notation
     ,only users defined in this file will be migrated.
     If you use /changedomain=OldDomainName=NewDomainName=MappingFile=Both,
     the mapping file will be examined first to determine if a mapping user
     exist. If not, SubInacl will try to find the equivalent user in the
     NewDomainName


/MIGRATETODOMAIN
----------------

/migratetodomain=FromDomainName=ToDomainName[=MappingFile[=Both]]

     same behavior than /changedomain except that news ACEs will added instead
     of replacing
     Ex: /migratetodomain=DOM1=DOM2
     each ace with DOM1\User will be duplicated with DOM2\User
     (If DOM2\User exists)
     If during the migration there was a serious oversight
     you can instruct the user to log back onto DOM1.
     N.B: Owner and Primary Group are migrated to DOM2


/FINDSID
--------

/findsid=DomainName\Account[=stop|continue]

     display the object name containing a reference to DomainName\Account
     in the security descriptor
     stop     - if Account is found, next parameters will be skipped
                and changes will not be applied
              - if Account is not found, next parameter will be executed
     continue - if Account found, next parameters will be executed
              - if Account not found, next parameters will be skipped
                and changes will not be applied


/SUPPRESSSID
------------

/suppresssid=DomainName\Account

     suppress all ACES containing the DomainName\Account SID.
     If the object's owner is DomainName\Account, the owner is set to
     Everyone's SID.


/PERM
-----

/perm

     suppress all existing permissions aces (PACEs)


/AUDIT
------

/audit

     suppress all existing auditing aces (AACEs)


/IFCHANGECONTINUE
-----------------

/ifchangecontinue

     continue to process the next actions only if some changes have been
     made in the previous actions


/TESTMODE
---------

/testmode

     changes will not be applied to the object. This allows to test the
     modifications


/ACCESSCHECK
------------

/accesscheck=Domain\Username

     display the access granted to the Domain\Username. The password will
     be asked. This option requires the SeTcbName privilege (Act as Part
     of the Operating System). This option cannot be used with remote object.
     Note : the access is checked with the NETWORK security identified
     granted to the Domain\UserName


/SETPRIMARYGROUP
----------------

/setprimarygroup=[DomainName\]Group

     change the primary group


/DENY
-----

/deny=[DomainName\]User[=Access]

     add a  denied Permission Ace for the specified User (or group)
	  If Access is not specified, all accesses will be denied.

     File:
       F : Full Control
       C : Change
       R : Read
       P : Change Permissions
       O : Take Ownership
       X : eXecute
       E : Read eXecute
       W : Write
       D : Delete

     ClusterShare:
       F : Full Control
       R : Read
       C : Change

     Printer:
       F : Full Control
       M : Manage Documents
       P : Print

-- Press Return To Continue ----     KeyReg:
       F : Full Control
       R : Read
       A : ReAd Control
       Q : Query Value
       S : Set Value
       C : Create SubKey
       E : Enumerate Subkeys
       Y : NotifY
       L : Create Link
       D : Delete
       W : Write DAC
       O : Write Owner

     Service:
       F : Full Control
       R : Generic Read
       W : Generic Write
       X : Generic eXecute
       L : Read controL
       Q : Query Service Configuration
       S : Query Service Status
       E : Enumerate Dependent Services
       C : Service Change Configuration
       T : Start Service
       O : Stop Service
       P : Pause/Continue Service
       I : Interrogate Service 
       U : Service User-Defined Control Commands

     Share:
       F : Full Control
       R : Read
       C : Change

     Metabase:
       F : Full Control
       R : Read - MD_ACR_READ
       W : Write - MD_ACR_WRITE
       I : Restricted Write - MD_ACR_RESTRICTED_WRITE
       U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ
       E : Enum keys- MD_ACR_ENUM_KEYS
       D : write Dac- MD_ACR_WRITE_DAC

     Process:
       F : Full Control
       R : Read
       W : Write
       X : eXecute

     SamObject:
       F : Full Control
       W : Write
       R : Read
       X : Execute


/REVOKE
-------

/revoke=[DomainName\]User

     suppress all Permission Ace(s) for the specified User (or group)


/GRANT
------

/grant=[DomainName\]User[=Access]

     will add a Permission Ace for the user.
     if Access is not specified, the Full Control access will be granted.

     File:
       F : Full Control
       C : Change
       R : Read
       P : Change Permissions
       O : Take Ownership
       X : eXecute
       E : Read eXecute
       W : Write
       D : Delete

     ClusterShare:
       F : Full Control
       R : Read
       C : Change

     Printer:
       F : Full Control
       M : Manage Documents
       P : Print

     KeyReg:
       F : Full Control
       R : Read
       A : ReAd Control
       Q : Query Value
       S : Set Value
       C : Create SubKey
       E : Enumerate Subkeys
       Y : NotifY
       L : Create Link
       D : Delete
       W : Write DAC
       O : Write Owner

     Service:
       F : Full Control
       R : Generic Read
       W : Generic Write
       X : Generic eXecute
       L : Read controL
       Q : Query Service Configuration
       S : Query Service Status
       E : Enumerate Dependent Services
       C : Service Change Configuration
       T : Start Service
       O : Stop Service
       P : Pause/Continue Service
       I : Interrogate Service 
       U : Service User-Defined Control Commands

     Share:
       F : Full Control
       R : Read
       C : Change

     Metabase:
       F : Full Control
       R : Read - MD_ACR_READ
       W : Write - MD_ACR_WRITE
       I : Restricted Write - MD_ACR_RESTRICTED_WRITE
       U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ
       E : Enum keys- MD_ACR_ENUM_KEYS
       D : write Dac- MD_ACR_WRITE_DAC

     Process:
       F : Full Control
       R : Read
       W : Write
       X : eXecute

     SamObject:
       F : Full Control
       W : Write
       R : Read
       X : Execute


/SALLOWDENY
-----------

/sallowdeny=[DomainName\]User[=Access]

     will add an Allow/Failed Audit Ace for the user and remove all existing
     Audit Ace for this user(or group).
     if Access is not specified, the Full Control access mask will be used.
     Ex: SubInacl /file c:\windows\explorer.exe /sallowdeny=everyone=R
         will set the audit for everyone's successful and failed access


/SGRANT
-------

/sgrant=[DomainName\]User[=Access]

     will add a Successfull (Allow) Audit Ace for the user and remove all existing
     Audit Ace for this user(or group).
     if Access is not specified, the Full Control access mask will be used.
     Ex: SubInacl /file c:\windows\explorer.exe /sgrant=everyone=R
         will set the audit for everyone's successful access

     File:
       F : Full Control
       C : Change
       R : Read
       P : Change Permissions
       O : Take Ownership
       X : eXecute
       E : Read eXecute
       W : Write
       D : Delete

     ClusterShare:
       F : Full Control
       R : Read
       C : Change

     Printer:
       F : Full Control
       M : Manage Documents
       P : Print

     KeyReg:
       F : Full Control
       R : Read
       A : ReAd Control
       Q : Query Value
       S : Set Value
       C : Create SubKey
       E : Enumerate Subkeys
       Y : NotifY
       L : Create Link
       D : Delete
       W : Write DAC
       O : Write Owner

     Service:
       F : Full Control
       R : Generic Read
       W : Generic Write
       X : Generic eXecute
       L : Read controL
       Q : Query Service Configuration
       S : Query Service Status
       E : Enumerate Dependent Services
       C : Service Change Configuration
       T : Start Service
       O : Stop Service
       P : Pause/Continue Service
       I : Interrogate Service 
       U : Service User-Defined Control Commands

     Share:
       F : Full Control
       R : Read
       C : Change

     Metabase:
       F : Full Control
       R : Read - MD_ACR_READ
       W : Write - MD_ACR_WRITE
       I : Restricted Write - MD_ACR_RESTRICTED_WRITE
       U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ
       E : Enum keys- MD_ACR_ENUM_KEYS
       D : write Dac- MD_ACR_WRITE_DAC

     Process:
       F : Full Control
       R : Read
       W : Write
       X : eXecute

     SamObject:
       F : Full Control
       W : Write
       R : Read
       X : Execute


/SDENY
------

/sdeny=[DomainName\]User[=Access]

     will add a Failed Audit Ace for the user and remove all existing
     Audit Ace for this user(or group).
     if Access is not specified, the Full Control access mask will be used.

     File:
       F : Full Control
       C : Change
       R : Read
       P : Change Permissions
       O : Take Ownership
       X : eXecute
       E : Read eXecute
       W : Write
       D : Delete

     ClusterShare:
       F : Full Control
       R : Read
       C : Change

     Printer:
       F : Full Control
       M : Manage Documents
       P : Print

     KeyReg:
       F : Full Control
       R : Read
       A : ReAd Control
       Q : Query Value
       S : Set Value
       C : Create SubKey
       E : Enumerate Subkeys
       Y : NotifY
       L : Create Link
       D : Delete
       W : Write DAC
       O : Write Owner

     Service:
       F : Full Control
       R : Generic Read
       W : Generic Write
       X : Generic eXecute
       L : Read controL
       Q : Query Service Configuration
       S : Query Service Status
       E : Enumerate Dependent Services
       C : Service Change Configuration
       T : Start Service
       O : Stop Service
       P : Pause/Continue Service
       I : Interrogate Service 
       U : Service User-Defined Control Commands

     Share:
       F : Full Control
       R : Read
       C : Change

     Metabase:
       F : Full Control
       R : Read - MD_ACR_READ
       W : Write - MD_ACR_WRITE
       I : Restricted Write - MD_ACR_RESTRICTED_WRITE
       U : Unsecure props read - MD_ACR_UNSECURE_PROPS_READ
       E : Enum keys- MD_ACR_ENUM_KEYS
       D : write Dac- MD_ACR_WRITE_DAC

     Process:
       F : Full Control
       R : Read
       W : Write
       X : eXecute

     SamObject:
       F : Full Control
       W : Write
       R : Read
       X : Execute


/OBJECTEXCLUDE
--------------

/objectexclude=pattern

      all objects matching the pattern string will be skipped (eXcluded).
	   The only wildcard valid is *. It can be used everywhere in the string.
      Pattern may be a name ( *Name.exe ) or a path ( *dir\subdir\*ToExclude* ).


/PATHEXCLUDE
------------

/pathexclude=pattern

      all containers matching the pattern string will not be enumerated.
      See /objectexclude
      N.B: the Actions specified will not be applied to the container too.


/STATISTIC
----------

/statistic

      will display statistics when processing is finished.


/CROSSREPARSEPOINT
------------------

/crossreparsepoint

      When processing a file system path, SubInacl will enumerate
      file and directories below a reparsepoint except if /nocrossreparsepoint.
      is specified.


/STRINGREPLACEONOUTPUT
----------------------

/stringreplaceonoutput=string1=string2

      All occurrences of string1 will be replaced by string2 in subinacl output.


/SDDL
-----

/sddl=sddl_string

      specify the Security descriptor for the object using the Win32 security
      descriptor definition language (SDDL)


/APPLYONLY
----------

/applyonly=dacl,sacl,owner,group

      Some subinacl options may change parts (owner,group,dacl,sacl) of the security descriptor.
      You may restrict the change to some parts of the security descriptor only .
      For instance /applyonly=dacl,sacl,owner will not modify the primary group field


/PATHCOPYSECURITY
-----------------

/pathcopysecurity=path_container

      SubInacl will reset the security descriptor for the object with the same named object
      in the container path.
      Ex: - SubInacl /file c:\temp\*.txt /pathcopysecurity=d:\test
          will replace the security (acls,owner,primarygroup) for c:\temp\1.txt with the security
          retrieved from d:\test\1.txt (if this file exists)
          -SubInacl /service Messenger /pathcopysecurity=\\Server
          will update the security on the service Messenger with the security existing on the remote
          messenger service


/OBJECTCOPYSECURITY
-------------------

/objectcopysecurity=object_path

      SubInacl will reset the security descriptor with the object object_path
      in the container path.
      Ex: - SubInacl /file c:\temp\*.txt /objectcopysecurity=d:\test\mask.txt
          will replace the security (acls,owner,primarygroup) for all txt files
          in c:	emp with the security retrieved on d:\test\amsk.txt
          will update the security on the service Messenger with the security existing on the remote
          messenger service

 

SUBST   (Version 6.1.7600.16385)

Associates a path with a drive letter.

SUBST [drive1: [drive2:]path]
SUBST drive1: /D

  drive1:        Specifies a virtual drive to which you want to assign a path.
  [drive2:]path  Specifies a physical drive and path you want to assign to
                 a virtual drive.
  /D             Deletes a substituted (virtual) drive.

Type SUBST with no parameters to display a list of current virtual drives.

 

SXSTRACE   (Version 6.1.7600.16385)

WinSxs Tracing Utility.
Usage: SxsTrace [Options]
Options:
   Trace -logfile:FileName [-nostop]
       Enabling tracing for sxs.
       Tracing log is saved to FileName.
       If -nostop is specified, will not prompt to stop tracing.
   Parse -logfile:FileName -outfile:ParsedFile  [-filter:AppName]
       Translate the raw trace file into a human readable format and save the result to ParsedFile.
       Use -filter option to filter the output.
   Stoptrace
       Stop the trace if it is not stopped before.
Example:  SxsTrace Trace -logfile:SxsTrace.etl
          SxsTrace Parse -logfile:SxsTrace.etl -outfile:SxsTrace.txt

 

SYNC   (Version 2.2.0.0)

Sync 2.2: Disk Flusher for Windows 9x/Me/NT/2K/XP
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: sync [-r | drive letters]
   -r   flush removeable media
   -e   eject removeable media
 
Specifying explicit drive letters will flush only those drives.

 

SYSTEMINFO   (Version 6.1.7600.16385)

SYSTEMINFO [/S system [/U username [/P [password]]]] [/FO format] [/NH]

Description:
    This tool displays operating system configuration information for
    a local or remote machine, including service pack levels.

Parameter List:
    /S      system           Specifies the remote system to connect to.

    /U      [domain\]user    Specifies the user context under which
                             the command should execute.

    /P      [password]       Specifies the password for the given
                             user context. Prompts for input if omitted.

    /FO     format           Specifies the format in which the output
                             is to be displayed.
                             Valid values: "TABLE", "LIST", "CSV".

    /NH                      Specifies that the "Column Header" should
                             not be displayed in the output.
                             Valid only for "TABLE" and "CSV" formats.

    /?                       Displays this help message.

Examples:
    SYSTEMINFO
    SYSTEMINFO /?
    SYSTEMINFO /S system
    SYSTEMINFO /S system /U user
    SYSTEMINFO /S system /U domain\user /P password /FO TABLE
    SYSTEMINFO /S system /FO LIST
    SYSTEMINFO /S system /FO CSV /NH

 

TAKEOWN   (Version 6.1.7601.17514)

TAKEOWN [/S system [/U username [/P [password]]]]
        /F filename [/A] [/R [/D prompt]]

Description:
    This tool allows an administrator to recover access to a file that
    was denied by re-assigning file ownership.

Parameter List: 
    /S           system          Specifies the remote system to
                                 connect to.

    /U           [domain\]user   Specifies the user context under
                                 which the command should execute.

    /P           [password]      Specifies the password for the
                                 given user context.
                                 Prompts for input if omitted.

    /F           filename        Specifies the filename or directory
                                 name pattern. Wildcard "*" can be used
                                 to specify the pattern. Allows
                                 sharename\filename.

    /A                           Gives ownership to the administrators
                                 group instead of the current user.

    /R                           Recurse: instructs tool to operate on
                                 files in specified directory and all 
                                 subdirectories.

    /D           prompt          Default answer used when the current user
                                 does not have the "list folder" permission
                                 on a directory.  This occurs while operating
                                 recursively (/R) on sub-directories. Valid 
                                 values "Y" to take ownership or "N" to skip.

    /?                           Displays this help message.

    NOTE: 1) If /A is not specified, file ownership will be given to the
             current logged on user.

          2) Mixed patterns using "?" and "*" are not supported.

          3) /D is used to suppress the confirmation prompt.

Examples: 
    TAKEOWN /?
    TAKEOWN /F lostfile
    TAKEOWN /F \\system\share\lostfile /A
    TAKEOWN /F directory /R /D N
    TAKEOWN /F directory /R /A
    TAKEOWN /F *
    TAKEOWN /F C:\Windows\System32\acme.exe
    TAKEOWN /F %windir%\*.txt
    TAKEOWN /S system /F MyShare\Acme*.doc
    TAKEOWN /S system /U user /F MyShare\foo.dll
    TAKEOWN /S system /U domain\user /P password /F share\filename
    TAKEOWN /S system /U user /P password /F Doc\Report.doc /A
    TAKEOWN /S system /U user /P password /F Myshare\* 
    TAKEOWN /S system /U user /P password /F Home\Logon /R
    TAKEOWN /S system /U user /P password /F Myshare\directory /R /A

 

TASKKILL   (Version 6.1.7600.16385)

TASKKILL [/S system [/U username [/P [password]]]]
         { [/FI filter] [/PID processid | /IM imagename] } [/T] [/F]

Description:
    This tool is used to terminate tasks by process id (PID) or image name.

Parameter List:
    /S    system           Specifies the remote system to connect to.

    /U    [domain\]user    Specifies the user context under which the
                           command should execute.

    /P    [password]       Specifies the password for the given user
                           context. Prompts for input if omitted.

    /FI   filter           Applies a filter to select a set of tasks.
                           Allows "*" to be used. ex. imagename eq acme*

    /PID  processid        Specifies the PID of the process to be terminated.
                           Use TaskList to get the PID.

    /IM   imagename        Specifies the image name of the process
                           to be terminated. Wildcard '*' can be used
                           to specify all tasks or image names.

    /T                     Terminates the specified process and any
                           child processes which were started by it.

    /F                     Specifies to forcefully terminate the process(es).

    /?                     Displays this help message.

Filters:
    Filter Name   Valid Operators           Valid Value(s)
    -----------   ---------------           -------------------------
    STATUS        eq, ne                    RUNNING |
                                            NOT RESPONDING | UNKNOWN
    IMAGENAME     eq, ne                    Image name
    PID           eq, ne, gt, lt, ge, le    PID value
    SESSION       eq, ne, gt, lt, ge, le    Session number.
    CPUTIME       eq, ne, gt, lt, ge, le    CPU time in the format
                                            of hh:mm:ss.
                                            hh - hours,
                                            mm - minutes, ss - seconds
    MEMUSAGE      eq, ne, gt, lt, ge, le    Memory usage in KB
    USERNAME      eq, ne                    User name in [domain\]user
                                            format
    MODULES       eq, ne                    DLL name
    SERVICES      eq, ne                    Service name
    WINDOWTITLE   eq, ne                    Window title

    NOTE
    ----
    1) Wildcard '*' for /IM switch is accepted only when a filter is applied.
    2) Termination of remote processes will always be done forcefully (/F).
    3) "WINDOWTITLE" and "STATUS" filters are not considered when a remote
       machine is specified.

Examples:
    TASKKILL /IM notepad.exe
    TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
    TASKKILL /F /IM cmd.exe /T 
    TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
    TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
    TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
    TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"

 

TASKLIST   (Version 6.1.7600.16385)

TASKLIST [/S system [/U username [/P [password]]]]
         [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

Description:
    This tool displays a list of currently running processes on
    either a local or remote machine.

Parameter List:
   /S     system           Specifies the remote system to connect to.

   /U     [domain\]user    Specifies the user context under which
                           the command should execute.

   /P     [password]       Specifies the password for the given
                           user context. Prompts for input if omitted.

   /M     [module]         Lists all tasks currently using the given
                           exe/dll name. If the module name is not
                           specified all loaded modules are displayed.

   /SVC                    Displays services hosted in each process.

   /V                      Displays verbose task information.

   /FI    filter           Displays a set of tasks that match a
                           given criteria specified by the filter.

   /FO    format           Specifies the output format.
                           Valid values: "TABLE", "LIST", "CSV".

   /NH                     Specifies that the "Column Header" should
                           not be displayed in the output.
                           Valid only for "TABLE" and "CSV" formats.

   /?                      Displays this help message.

Filters:
    Filter Name     Valid Operators           Valid Value(s)
    -----------     ---------------           --------------------------
    STATUS          eq, ne                    RUNNING | 
                                              NOT RESPONDING | UNKNOWN
    IMAGENAME       eq, ne                    Image name
    PID             eq, ne, gt, lt, ge, le    PID value
    SESSION         eq, ne, gt, lt, ge, le    Session number
    SESSIONNAME     eq, ne                    Session name
    CPUTIME         eq, ne, gt, lt, ge, le    CPU time in the format
                                              of hh:mm:ss.
                                              hh - hours,
                                              mm - minutes, ss - seconds
    MEMUSAGE        eq, ne, gt, lt, ge, le    Memory usage in KB
    USERNAME        eq, ne                    User name in [domain\]user
                                              format
    SERVICES        eq, ne                    Service name
    WINDOWTITLE     eq, ne                    Window title
    MODULES         eq, ne                    DLL name

NOTE: "WINDOWTITLE" and "STATUS" filters are not supported when querying
      a remote machine.

Examples:
    TASKLIST
    TASKLIST /M
    TASKLIST /V /FO CSV
    TASKLIST /SVC /FO LIST
    TASKLIST /M wbem*
    TASKLIST /S system /FO LIST
    TASKLIST /S system /U domain\username /FO CSV /NH
    TASKLIST /S system /U username /P password /FO TABLE /NH
    TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"

 

TIME   (internal command)

Displays or sets the system time.

TIME [/T | time]

Type TIME with no parameters to display the current time setting and a prompt
for a new one.  Press ENTER to keep the same time.

If Command Extensions are enabled the TIME command supports
the /T switch which tells the command to just output the
current time, without prompting for a new time.

 

TIMEOUT   (Version 6.1.7600.16385)

TIMEOUT [/T] timeout [/NOBREAK] 

Description:
    This utility accepts a timeout parameter to wait for the specified
    time period (in seconds) or until any key is pressed. It also 
    accepts a parameter to ignore the key press. 

Parameter List:
    /T        timeout       Specifies the number of seconds to wait.
                            Valid range is -1 to 99999 seconds.

    /NOBREAK                Ignore key presses and wait specified time.

    /?                      Displays this help message.

NOTE: A timeout value of -1 means to wait indefinitely for a key press.

Examples:
    TIMEOUT /?
    TIMEOUT /T 10
    TIMEOUT /T 300 /NOBREAK
    TIMEOUT /T -1

 

TITLE   (internal command)

Sets the window title for the command prompt window.

TITLE [string]

  string       Specifies the title for the command prompt window.

 

TRACERPT   (Version 6.1.7601.18869)

Microsoft © TraceRpt.Exe (6.1.7601.18869)

Usage:
  TRACERPT <[-l] <value [value [...]]>|-rt <session_name [session_name [...]]>> [options]

Options:
  -?                            Displays context sensitive help.
  -config <filename>            Settings file containing command options.
  -y                            Answer yes to all questions without prompting.
  -f <XML|HTML>                 Report format.
  -of <CSV|EVTX|XML>            Dump format, the default is XML.
  -en <ANSI|Unicode>            Output file encoding. Only allowed with CSV
                                output format.
  -df <filename>                Microsoft specific counting/reporting schema
                                file.
  -import <filename [filename [...]]> Event Schema import file.
  -int <filename>               Dump interpreted event structure into
                                specified file.
  -rts                          Report raw timestamp in event trace header. 
                                Can only be used with -o, not -report or
                                -summary.
  -tmf <filename>               Trace Message Format definition file
  -tp <value>                   TMF file search path.  Multiple paths can be
                                used, separated with ';'.
  -i <value>                    Specifies the provider image path.  The
                                matching PDB will be located in the Symbol
                                Server. Multiple paths can be used, separated
                                with ';'.
  -pdb <value>                  Specifies the symbol server path.  Multiple
                                paths can be used, separated with ';'.
  -gmt                          Convert WPP payload timestamps to GMT time
  -rl <value>                   System Report Level from 1 to 5, the default
                                value is 1.
  -summary [filename]           Summary report text file. Default is
                                summary.txt.
  -o [filename]                 Text output file. Default is dumpfile.xml.
  -report [filename]            Text output report file. Default is
                                workload.xml.
  -lr                           Less restrictive; use best effort for events
                                not matching event schema.
  -export [filename]            Event Schema export file. Default is
                                schema.man.
  [-l] <value [value [...]]>    Event Trace log file to process.
  -rt <session_name [session_name [...]]> Real-time Event Trace Session data
                                source.

Examples:
  tracerpt logfile1.etl logfile2.etl -o logdump.xml -of XML
  tracerpt logfile.etl -o logdmp.xml -of XML -lr -summary logdmp.txt -report logrpt.xml
  tracerpt logfile1.etl logfile2.etl -o -report
  tracerpt logfile.etl counterfile.blg -report logrpt.xml -df schema.xml
  tracerpt -rt "NT Kernel Logger" -o logfile.csv -of CSV

 

TRACERT   (Version 6.1.7600.16385)

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] 
               [-R] [-S srcaddr] [-4] [-6] target_name

Options:
    -d                 Do not resolve addresses to hostnames.
    -h maximum_hops    Maximum number of hops to search for target.
    -j host-list       Loose source route along host-list (IPv4-only).
    -w timeout         Wait timeout milliseconds for each reply.
    -R                 Trace round-trip path (IPv6-only).
    -S srcaddr         Source address to use (IPv6-only).
    -4                 Force using IPv4.
    -6                 Force using IPv6.

 

TREE   (Version 6.1.7600.16385)

Graphically displays the folder structure of a drive or path.

TREE [drive:][path] [/F] [/A]

   /F   Display the names of the files in each folder.
   /A   Use ASCII instead of extended characters.

 

TSCON   (Version 6.1.7601.17514)

Attaches a user session to a remote desktop session.

TSCON {sessionid | sessionname} [/DEST:sessionname]
        [/PASSWORD:pw | /PASSWORD:*] [/V]

  sessionid          The ID of the session.
  sessionname        The name of the session.
  /DEST:sessionname  Connect the session to destination sessionname.
  /PASSWORD:pw       Password of user owning identified session.
  /V                 Displays information about the actions performed.

 

TSDISCON   (Version 6.1.7601.17514)

Disconnects a remote desktop session.

TSDISCON [sessionid | sessionname] [/SERVER:servername] [/V] [/VM]

  sessionid           The ID of the session.
  sessionname         The name of the session.
  /SERVER:servername  Specifies the Remote Desktop Session Host server (default is current).
  /V                  Displays information about the actions performed.
  /VM                 Disconnects session on server or within virtual machine. The unique ID of the session needs to be specified.

 

TSKILL   (Version 6.1.7601.17514)

Ends a process.

TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]

  processid           Process ID for the process to be terminated.
  processname         Process name to be terminated.
  /SERVER:servername  Server containing processID (default is current).
                         /ID or /A must be specified when using processname
                         and /SERVER
  /ID:sessionid       End process running under the specified session.
  /A                  End process running under ALL sessions.
  /V                  Display information about actions being performed.

 

TYPE   (internal command)

Displays the contents of a text file or files.

TYPE [drive:][path]filename

 

TYPEPERF   (Version 6.1.7601.18869)

Microsoft © TypePerf.exe (6.1.7601.18869)

Typeperf writes performance data to the command window or to a log file. To
stop Typeperf, press CTRL+C.

Usage:
TYPEPERF { <counter [counter ...]> 
                                | -cf <filename> 
                                | -q [object] 
                                | -qx [object] 
                                } [options]

Parameters:
  <counter [counter ...]>       Performance counters to monitor.

Options:
  -?                            Displays context sensitive help.
  -f <CSV|TSV|BIN|SQL>          Output file format. Default is CSV.
  -cf <filename>                File containing performance counters to
                                monitor, one per line.
  -si <[[hh:]mm:]ss>            Time between samples. Default is 1 second.
  -o <filename>                 Path of output file or SQL database. Default
                                is STDOUT.
  -q [object]                   List installed counters (no instances). To
                                list counters for one object, include the
                                object name, such as Processor.
  -qx [object]                  List installed counters with instances. To
                                list counters for one object, include the
                                object name, such as Processor.
  -sc <samples>                 Number of samples to collect. Default is to
                                sample until CTRL+C.
  -config <filename>            Settings file containing command options.
  -s <computer_name>            Server to monitor if no server is specified
                                in the counter path.
  -y                            Answer yes to all questions without prompting.

Note:
  Counter is the full name of a performance counter in
  "\\<Computer>\<Object>(<Instance>)\<Counter>" format,
  such as "\\Server1\Processor(0)\% User Time".

Examples:
  typeperf "\Processor(_Total)\% Processor Time"
  typeperf -cf counters.txt -si 5 -sc 50 -f TSV -o domain2.tsv
  typeperf -qx PhysicalDisk -o counters.txt

 

TZUTIL   (Version 6.1.7601.17514)

Windows Time Zone Utility

Usage:
TZUTIL </? | /g | /s TimeZoneID[_dstoff] | /l>

Parameters:
    /? Displays usage information.

    /g Displays the current time zone ID.

    /s TimeZoneID[_dstoff]
       Sets the current time zone using the specified time zone ID.
       The _dstoff suffix disables Daylight Saving Time adjustments
       for the time zone (where applicable).

    /l Lists all valid time zone IDs and display names. The output will
       be: 
           <display name>
           <time zone ID>

Examples:
    TZUTIL /g
    TZUTIL /s "Pacific Standard Time"
    TZUTIL /s "Pacific Standard Time_dstoff"

Remarks:
    An exit code of 0 indicates the command completed successfully.

 

UNLODCTR   (Version 6.1.7600.16385)

UNLODCTR
    Removes counter names and explain text for the specified extensible counter.

Usage:

    UNLODCTR <driver>
        driver is the name of the device driver which is to have its
            counter name definitions and explain text removed from the system's
            registry.

    UNLODCTR /m:<manifest>
        manifest is the name of the manifest file that contains performance
            counter definitions. These counters will be removed from local system.

    UNLODCTR /g:{ProviderGuid}
        ProviderGuid identifies the performance counter provider being unloaded.

    UNLODCTR /p:<ProviderName>
        ProviderName identifies the performance counter provider being unloaded.

Note: any arguments with spaces in the names must be enclosed within
Double Quotation marks.

 

VAULTCMD   (Version 6.1.7600.16385)

Creates, displays and deletes stored credentials.
Following commands are supported.Use VaultCmd /<command> /? for further help 
VaultCmd /create
VaultCmd /lock
VaultCmd /unlock
VaultCmd /load
VaultCmd /unload
VaultCmd /list
VaultCmd /listschema
VaultCmd /listcreds
VaultCmd /addcreds
VaultCmd /deletecreds
VaultCmd /listproperties
VaultCmd /setproperties

 

VER   (internal command)

Displays the Windows version.

VER

 

VERIFIER   (Version 6.1.7600.16385)

Driver Verifier Manager - version 6.1.7600.16385

Copyright (c) Microsoft Corporation. All rights reserved.
 
verifier /standard /driver NAME [NAME ...]
verifier /standard /all
verifier [/flags FLAGS] [/faults [PROBABILITY [TAGS [APPLICATIONS [MINUTES]]]] /driver NAME [NAME ...]
verifier [/flags FLAGS] [/faults [PROBABILITY [TAGS [APPLICATIONS [MINUTES]]]] /all
verifier /querysettings
verifier /volatile /flags FLAGS
verifier /volatile /adddriver NAME [NAME ...]
verifier /volatile /removedriver NAME [NAME ...]
verifier /volatile /faults [PROBABILITY [TAGS [APPLICATIONS]]
verifier /reset
verifier /query
verifier /log LOG_FILE_NAME [/interval SECONDS]
 
FLAGS must be a number in decimal or hex, combination of bits:
 
    bit 0  - special pool checking
    bit 1  - force irql checking
    bit 2  - low resources simulation
    bit 3  - pool tracking
    bit 4  - I/O verification
    bit 5  - deadlock detection
    bit 6  - unused
    bit 7  - DMA verification
    bit 8  - security checks
    bit 9  - force pending I/O requests
    bit 10 - IRP logging
    bit 11 - miscellaneous checks
 
For example, /flags 27 is equivalent with /flags 0x1B
 
The /volatile option can be used to change the verifier settings
dynamically without restarting the system. Any new settings will be lost
when the system is restarted.
 
Optional fault injection parameters:
 
PROBABILITY  - number between 1 and 10,000 specifying the fault injection
               probability. For example, specifying 100 means a fault injection
               probability of 1% (100/10,000). If this parameter is not
               specified then the default probability of 6% will be used.
 
TAGS         - specifies the pool tags that will be injected with faults,
               separated by space characters. If this parameter is not
               specified then any pool allocation can be injected with faults.
 
APPLICATIONS - specifies the image file name of the applications that
               will be injected with faults, separated by space characters.
               If this parameter is not specified then low resources simulation
               can take place in any application.
 
MINUTES      - positive number specifying the length of the period after
               rebooting, in minutes, during which no fault injection will
               occur. If this parameter is not specified then the default
               length of 8 minutes will be used.

 

VERIFY   (internal command)

Tells cmd.exe whether to verify that your files are written correctly to a
disk.

VERIFY [ON | OFF]

Type VERIFY without a parameter to display the current VERIFY setting.

 

VOL   (internal command)

Displays the disk volume label and serial number, if they exist.

VOL [drive:]

 

VOLUMEID

VolumeID V2.01 - Set disk volume id
Copyright (C) 1997-1999 Mark Russinovich
Sysinternals - www.sysinternals.com

usage: volumeid [drive:] [Id]

Id must be in the following hexadecimal format: xxxx-xxxx

Note: new NTFS volume ids will not appear in directory listings until after the
next reboot.

 

VSSADMIN   (Version 6.1.7600.16385)

This program is blocked by group policy. For more information, contact your system administrator.

 

W32TM   (Version 6.1.7600.16385)

w32tm [/? | /register | /unregister ]
  ? - this help screen.
  register - register to run as a service and add default
    configuration to the registry.
  unregister - unregister service and remove all configuration
    information from the registry.

w32tm /monitor [/domain:<domain name>]
               [/computers:<name>[,<name>[,<name>...]]]
               [/threads:<num>] [/ipprotocol:<4|6>] [/nowarn]
  domain - specifies which domain to monitor. If no domain name
    is given, or neither the domain nor computers option is
    specified, the default domain is used. This option may be
    used more than once.
  computers - monitors the given list of computers. Computer
   names are separated by commas, with no spaces. If a name is
    prefixed with a '*', it is treated as an AD PDC. This option
    may be used more than once.
  threads - how many computers to analyze simultaneously. The
    default value is 3. Allowed range is 1-50.
  ipprotocol - specify the IP protocol to use. The default is
    to use whatever is available.
  nowarn - skip warning message.

w32tm /ntte <NT time epoch>
  Convert a NT system time, in (10ˆ-7)s intervals from 0h 1-Jan 1601,
  into a readable format.

w32tm /ntpte <NTP time epoch>
  Convert an NTP time, in (2ˆ-32)s intervals from 0h 1-Jan 1900, into
  a readable format.

w32tm /resync [/computer:<computer>] [/nowait] [/rediscover] [/soft]
  Tell a computer that it should resynchronize its clock as soon
  as possible, throwing out all accumulated error statistics.
  computer:<computer> - computer that should resync. If not
    specified, the local computer will resync.
  nowait - do not wait for the resync to occur;
    return immediately. Otherwise, wait for the resync to
    complete before returning.
  rediscover - redetect the network configuration and rediscover
    network sources, then resynchronize.
  soft - resync utilizing existing error statistics. Not useful,
    provided for compatibility.

w32tm /stripchart /computer:<target> [/period:<refresh>]
    [/dataonly] [/samples:<count>] [/packetinfo] [/ipprotocol:<4|6>]
  Display a strip chart of the offset between this computer and
  another computer.
  computer:<target> - the computer to measure the offset against.
  period:<refresh> - the time between samples, in seconds. The
    default is 2s
  dataonly - display only the data, no graphics.
  samples:<count> - collect <count> samples, then stop. If not
    specified, samples will be collected until Ctrl-C is pressed.
  packetinfo - print out NTP packet response message.
  ipprotocol - specify the IP protocol to use. The default is 
    to use whatever is available.

w32tm /config [/computer:<target>] [/update]
    [/manualpeerlist:<peers>] [/syncfromflags:<source>]
    [/LocalClockDispersion:<seconds>]
    [/reliable:(YES|NO)]
    [/largephaseoffset:<milliseconds>]
  computer:<target> - adjusts the configuration of <target>. If not
    specified, the default is the local computer.
  update - notifies the time service that the configuration has
    changed, causing the changes to take effect.
  manualpeerlist:<peers> - sets the manual peer list to <peers>,
    which is a space-delimited list of DNS and/or IP addresses.
    When specifying multiple peers, this switch must be enclosed in
    quotes.
  syncfromflags:<source> - sets what sources the NTP client should
    sync from. <source> should be a comma separated list of
    these keywords (not case sensitive):
      MANUAL - sync from peers in the manual peer list
      DOMHIER - sync from an AD DC in the domain hierarchy
      NO - sync from none
      ALL - sync from both manual and domain peers 
  LocalClockDispersion:<seconds> - configures the accuracy of the
    internal clock that w32time will assume when it can't acquire 
    time from its configured sources.  
  reliable:(YES|NO) - set whether this machine is a reliable time source.
    This setting is only meaningful on domain controllers.  
      YES - this machine is a reliable time service
      NO - this machine is not a reliable time service
  largephaseoffset:<milliseconds> - sets the time difference between 
    local and network time which w32time will consider a spike.  

w32tm /tz
  Display the current time zone settings.

w32tm /dumpreg [/subkey:<key>] [/computer:<target>]
  Display the values associated with a given registry key.
  The default key is HKLM\System\CurrentControlSet\Services\W32Time
    (the root key for the time service).
  subkey:<key> - displays the values associated with subkey <key> 
    of the default key.
  computer:<target> - queries registry settings for computer <target>.

w32tm /query [/computer:<target>] 
    {/source | /configuration | /peers | /status} 
    [/verbose]
  Display a computer's windows time service information.
  computer:<target> - query the information of <target>. If not
    specified, the default is the local computer.
  source: display the time source.
  configuration: display the configuration of run-time and where 
    the setting comes from. In verbose mode, display the undefined 
    or unused setting too.
  peers: display a list of peers and their status.
  status: display windows time service status.
  verbose: set the verbose mode to display more information.

w32tm /debug {/disable | {/enable /file:<name> /size:<bytes> /entries:<value>
    [/truncate]}}  
  Enable or disable local computer windows time service private log.
  disable: disable the private log.
  enable: enable the private log.
    file:<name> - specify the absolute filename.
    size:<bytes> - specify the maximum size for circular logging.
    entries:<value> - contains a list of flags, specified by number and
      seperated by commas, that specify the types of information that 
      should be logged. Valid numbers are 0 to 300. A range of numbers 
      is valid, in addition to single numbers, such as 0-100,103,106. 
      Value 0-300 is for logging all information.
  truncate: truncate the file if it exists.

 

WAITFOR   (Version 6.1.7600.16385)

WaitFor has two ways of working: 

Syntax 1: to send a signal
    WAITFOR [/S system [/U user [/P [password]]]] /SI signal

Syntax 2: to wait for a signal
    WAITFOR [/T timeout] signal 

Description:
    This tool sends, or waits for, a signal on a system. When /S is not
    specified, the signal will be broadcasted to all the systems in a
    domain. If /S is specified, then the signal will be sent only
    to the specified system.

Parameter List:
    /S     system         Specifies remote system to send signal to.

    /U     [domain\]user  Specifies the user context under which
                          the command should execute.

    /P     [password]     Specifies the password for the given user context.

    /SI                   Sends the signal across the net to waiting machines

    /T     timeout        Number of seconds to wait for signal. Valid range
                          is 1 - 99999. Default is to wait forever for signal.

    signal                The name of the signal to wait for or to send.

    /?                    Displays this help message.

    NOTE: A system can wait for multiple unique signal names.
    The signal name cannot exceed 225 characters and cannot
    contain characters other than a-z, A-Z, 0-9 and ASCII 
    characters in the range 128-255.

Examples:
    WAITFOR /?
    WAITFOR SetupReady 
    WAITFOR CopyDone /T 100 
    WAITFOR /SI SetupReady 
    WAITFOR /S system  /U user /P password /SI CopyDone

 

WBADMIN   (Version 6.1.7600.16385)

wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

---- Commands Supported ----

START BACKUP              -- Runs a one-time backup.
STOP JOB                  -- Stops the currently running backup or recovery 
                              operation.
GET VERSIONS              -- List details of backups recoverable from a 
                              specified location.
GET ITEMS                 -- Lists items contained in a backup.
GET STATUS                -- Reports the status of the currently running 
                              operation.

 

WECUTIL   (Version 6.3.9600.16406)

Windows Event Collector Utility

Enables you to create and manage subscriptions to events forwarded from remote
event sources that support WS-Management protocol.

Usage:

You can use either the short (i.e. es, /f) or long (i.e. enum-subscription, /format)
version of the command and option names. Commands, options and option values are
case-insensitive.

(ALL UPPER-CASE = VARIABLE)

wecutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]

Commands:

es (enum-subscription)               List existent subscriptions.
gs (get-subscription)                Get subscription configuration.
gr (get-subscriptionruntimestatus)   Get subscription runtime status.
ss (set-subscription)                Set subscription configuration.
cs (create-subscription)             Create new subscription.
ds (delete-subscription)             Delete subscription.
rs (retry-subscription)              Retry subscription.
qc (quick-config)                    Configure Windows Event Collector service.

Common options:

/h|? (help)
Get general help for the wecutil program.

wecutil { -help | -h | -? }

For arguments and options, see usage of specific commands:

wecutil COMMAND -?

 

WEVTUTIL   (Version 6.1.7600.16385)

Windows Events Command Line Utility.

Enables you to retrieve information about event logs and publishers, install
and uninstall event manifests, run queries, and export, archive, and clear logs.

Usage:

You can use either the short (for example, ep /uni) or long (for example, 
enum-publishers /unicode) version of the command and option names. Commands, 
options and option values are not case-sensitive.

Variables are noted in all upper-case.

wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]

Commands:

el | enum-logs          List log names.
gl | get-log            Get log configuration information.
sl | set-log            Modify configuration of a log.
ep | enum-publishers    List event publishers.
gp | get-publisher      Get publisher configuration information.
im | install-manifest   Install event publishers and logs from manifest.
um | uninstall-manifest Uninstall event publishers and logs from manifest.
qe | query-events       Query events from a log or log file.
gli | get-log-info      Get log status information.
epl | export-log        Export a log.
al | archive-log        Archive an exported log.
cl | clear-log          Clear a log.

Common options:

/{r | remote}:VALUE
If specified, run the command on a remote computer. VALUE is the remote computer 
name. Options /im and /um do not support remote operations.

/{u | username}:VALUE
Specify a different user to log on to the remote computer. VALUE is a user name
in the form domain\user or user. Only applicable when option /r is specified.

/{p | password}:VALUE
Password for the specified user. If not specified, or if VALUE is "*", the user 
will be prompted to enter a password. Only applicable when the /u option is
specified.

/{a | authentication}:[Default|Negotiate|Kerberos|NTLM]
Authentication type for connecting to remote computer. The default is Negotiate.

/{uni | unicode}:[true|false]
Display output in Unicode. If true, then output is in Unicode. 

To learn more about a specific command, type the following:

wevtutil COMMAND /?

 

WHERE   (Version 6.1.7600.16385)

WHERE [/R dir] [/Q] [/F] [/T] pattern...

Description:
    Displays the location of files that match the search pattern.
    By default, the search is done along the current directory and
    in the paths specified by the PATH environment variable.

Parameter List:
    /R       Recursively searches and displays the files that match the
             given pattern starting from the specified directory.

    /Q       Returns only the exit code, without displaying the list
             of matched files. (Quiet mode)

    /F       Displays the matched filename in double quotes.

    /T       Displays the file size, last modified date and time for all
             matched files.

    pattern  Specifies the search pattern for the files to match.
             Wildcards * and ? can be used in the pattern. The
             "$env:pattern" and "path:pattern" formats can also be
             specified, where "env" is an environment variable and
             the search is done in the specified paths of the "env"
             environment variable. These formats should not be used
             with /R. The search is also done by appending the
             extensions of the PATHEXT variable to the pattern.

     /?      Displays this help message.

  NOTE: The tool returns an error level of 0 if the search is
        successful, of 1 if the search is unsuccessful and
        of 2 for failures or errors.

Examples:
    WHERE /?
    WHERE myfilename1 myfile????.*
    WHERE $windir:*.* 
    WHERE /R c:\windows *.exe *.dll *.bat  
    WHERE /Q ??.??? 
    WHERE "c:\windows;c:\windows\system32:*.dll"
    WHERE /F /T *.dll 

 

WHOAMI   (Version 6.1.7600.16385)

WhoAmI has three ways of working: 

Syntax 1:
    WHOAMI [/UPN | /FQDN | /LOGONID]

Syntax 2:
    WHOAMI { [/USER] [/GROUPS] [/PRIV] } [/FO format] [/NH]

Syntax 3:
    WHOAMI /ALL [/FO format] [/NH]

Description:
    This utility can be used to get user name and group information
    along with the respective security identifiers (SID), privileges,
    logon identifier (logon ID) for the current user (access token)
    on the local system. i.e. who is the current logged on user?
    If no switch is specified, tool displays the user name in NTLM
    format (domain\username).

Parameter List:
    /UPN                    Displays the user name in User Principal 
                            Name (UPN) format.

    /FQDN                   Displays the user name in Fully Qualified 
                            Distinguished Name (FQDN) format.

    /USER                   Displays information on the current user
                            along with the security identifier (SID).

    /GROUPS                 Displays group membership for current user,
                            type of account, security identifiers (SID)
                            and attributes.

    /PRIV                   Displays security privileges of the current
                            user.

    /LOGONID                Displays the logon ID of the current user.

    /ALL                    Displays the current user name, groups 
                            belonged to along with the security 
                            identifiers (SID) and privileges for the 
                            current user access token.

    /FO       format        Specifies the output format to be displayed.
                            Valid values are TABLE, LIST, CSV.
                            Column headings are not displayed with CSV
                            format. Default format is TABLE.

    /NH                     Specifies that the column header should not
                            be displayed in the output. This is
                            valid only for TABLE and CSV formats.

    /?                      Displays this help message.

Examples:
    WHOAMI
    WHOAMI /UPN
    WHOAMI /FQDN 
    WHOAMI /LOGONID
    WHOAMI /USER
    WHOAMI /USER /FO LIST
    WHOAMI /USER /FO CSV
    WHOAMI /GROUPS
    WHOAMI /GROUPS /FO CSV /NH
    WHOAMI /PRIV
    WHOAMI /PRIV /FO TABLE
    WHOAMI /USER /GROUPS
    WHOAMI /USER /GROUPS /PRIV
    WHOAMI /ALL
    WHOAMI /ALL /FO LIST
    WHOAMI /ALL /FO CSV /NH
    WHOAMI /?

 

WHOIS   (Version 1.12.0.0)

Whois v1.12 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2014 Mark Russinovich


Usage: whois [-v] domainname [whois.server]
 -v   Print whois information for referrals

 

WINRM

Windows Remote Management Command Line Tool

Windows Remote Management (WinRM) is the Microsoft implementation of 
the WS-Management protocol which provides a secure way to communicate 
with local and remote computers using web services.  

Usage:
  winrm OPERATION RESOURCE_URI [-SWITCH:VALUE [-SWITCH:VALUE] ...]
        [@{KEY=VALUE[;KEY=VALUE]...}]

For help on a specific operation:
  winrm g[et] -?        Retrieving management information.
  winrm s[et] -?        Modifying management information.
  winrm c[reate] -?     Creating new instances of management resources.
  winrm d[elete] -?     Remove an instance of a management resource.
  winrm e[numerate] -?  List all instances of a management resource.
  winrm i[nvoke] -?     Executes a method on a management resource.
  winrm id[entify] -?   Determines if a WS-Management implementation is
                        running on the remote machine.
  winrm quickconfig -?  Configures this machine to accept WS-Management
                        requests from other machines.
  winrm configSDDL -?   Modify an existing security descriptor for a URI.
  winrm helpmsg -?      Displays error message for the error code.

For help on related topics:
  winrm help uris       How to construct resource URIs.
  winrm help aliases    Abbreviations for URIs.
  winrm help config     Configuring WinRM client and service settings.
  winrm help certmapping Configuring client certificate access.
  winrm help remoting   How to access remote machines.
  winrm help auth       Providing credentials for remote access.
  winrm help input      Providing input to create, set, and invoke.
  winrm help switches   Other switches such as formatting, options, etc.
  winrm help proxy      Providing proxy information.

 

WINRS   (Version 6.3.9600.16406)

USAGE
=====
(ALL UPPER-CASE = value that must be supplied by user.)

winrs [-/SWITCH[:VALUE]] COMMAND

COMMAND - Any string that can be executed as a command in the cmd.exe shell.

SWITCHES
========
(All switches accept both short form or long form. For example both -r and 
-remote are valid.)

-r[emote]:ENDPOINT      - The target endpoint using a NetBIOS name or the standard connection URL: [TRANSPORT://]TARGET[:PORT]. If not specified 
-r:localhost is used.

-un[encrypted]          - Specify that the messages to the remote shell will not be encrypted. This is useful for troubleshooting, or when the network traffic is already encrypted using ipsec, or when physical security is enforced. By default the messages are encrypted using Kerberos or NTLM keys. This switch is ignored when HTTPS transport is selected. 

-u[sername]:USERNAME    - Specify username on command line. If not specified the tool will use Negotiate authentication or prompt for the name. 
If -username is specified, -password must be as well.

-p[assword]:PASSWORD    - Specify password on command line. If -password is not specified but -username is the tool will prompt for the password. If -password is specified, -user must be specified as well.

-t[imeout]:SECONDS      - This option is deprecated. 

-d[irectory]:PATH       - Specifies starting directory for remote shell. If not specified the remote shell will start in the user's home directory defined by the environment variable %USERPROFILE%.

-env[ironment]:STRING=VALUE   - Specifies a single environment variable to be set when shell starts, which allows changing default environment for shell. Multiple occurrences of this switch must be used to specify multiple environment variables.

-noe[cho]               - Specifies that echo should be disabled. This may be necessary to ensure that user's answers to remote prompts are not displayed locally. By default echo is "on".

-nop[rofile]            - Specifies that the user's profile should not be loaded. By default the server will attempt to load the user profile. If the remote user is not a local administrator on the target system then this option will be required (the default will result in error).

-a[llow]d[elegate]      - Specifies that the user's credentials can be used to access a remote share, for example, found on a different machine than the target endpoint.

-comp[ression]          - Turn on compression.  Older installations on remote machines may not support compression so it is off by default.

-[use]ssl               - Use an SSL connection when using a remote endpoint.  Specifying this instead of the transport "https:" will use the default WinRM default port. 

-?                      - Help

To terminate the remote command the user can type Ctrl-C or Ctrl-Break, which will be sent to the remote shell. The second Ctrl-C will force termination of winrs.exe.

To manage active remote shells or WinRS configuration, use the WinRM tool.  The URI alias to manage active shells is shell/cmd.  The URI alias for WinRS configuration is winrm/config/winrs.  Example usage can be found in the WinRM tool by typing "WinRM -?".

Examples:
winrs -r:https://myserver.com command
winrs -r:myserver.com -usessl command
winrs -r:myserver command
winrs -r:http://127.0.0.1 command
winrs -r:http://169.51.2.101:80 -unencrypted command
winrs -r:https://[::FFFF:129.144.52.38] command
winrs -r:http://[1080:0:0:0:8:800:200C:417A]:80 command
winrs -r:https://myserver.com -t:600 -u:administrator -p:$%fgh7 ipconfig
winrs -r:myserver -env:PATH=ˆ%PATHˆ%;c:\tools -env:TEMP=d:\temp config.cmd
winrs -r:myserver netdom join myserver /domain:testdomain /userd:johns /passwordd:$%fgh789
winrs -r:myserver -ad -u:administrator -p:$%fgh7 dir \\anotherserver\share

 

WINSAT   (Version 6.1.7601.17514)

Windows System Assessment Tool

	
COMMAND LINE USAGE :   		
	WINSAT <assessment_name> [switches]

It's necessary to supply an assessment name.  In contrast, switches are optional. 
Valid assessment names already seen in Vista include: 

	formal		run the full set of assessments 

	dwm		Run the Desktop Windows Manager assessment
			- Re-assess the systems graphics capabilities and 
			  restart the Desktop Window Manager.

	cpu		Run the CPU assessment.  
	mem		Run the system memory assessment.  
	d3d		Run the d3d assessment
	disk		Run the storage assessment
	media		Run the media assessment 			
	mfmedia		Run the Media Foundation based assessment	
	features	Run just the features assessment      		
			- Enumerates the system's features. 
			- It's best used with the -xml <filename> switch 
			to save the data.  
			- The 'eef'switch can be used to enumerate extra 
			features such as optical disks,	memory modules, 
			and other items.
	
PRE-POPULATION: 
The new command-line  options for pre-populating WinSAT assessment results are :  
	
	Winsat prepop [-datastore <directory>] [ -graphics | -cpu | -mem | -disk | -dwm ]


This generates WinSAT xml files whose filenames contain "prepop".  For example :
	0008-09-26 14.48.28.542 Cpu.Assessment (Prepop).WinSAT.xml

The filename pattern is :	
	%IdentifierDerivedFromDate% %Component%.Assessment(Prepop).WinSAT.xml

The datastore directory option specifies an alternative target location for generated xml files. 
If no location is specified, everything is pre-populated to 
	%WINDIR%\performance\winsat\datastore.  

To generate a full set of result xml files, use "winsat prepop".  

It is also possible to pre-populate results for a subsystem, such as CPU, 
subject to the following dependencies:

	The CPU assessment has a secondary dependency on the Memory assessment
	The Memory assessment has a secondary depenency on the CPU assessment
	The Graphics assessment has a secondary dependency on both CPU and Memory assessments
	The DWM assessment can run standalone
	The Disk assessment can run standalone 

If the assessment for a secondary dependency is not present, WinSAT will run the 
secondary assessment along with the requested primary assessment.  

For example,  "winsat prepop -cpu"  will run both the CPU and the Memory test, 
if the xml file for the Memory test is not present.	



OTHER NEW Win7 ASSESSMENT OPTIONS :

	dwmformal	Run Desktop Windows Manager assessment to generate the WinSAT Graphics score
	cpuformal	Run CPU assessment to generate the WinSAT Processor score
	memformal	Run Memory assessment to generate the WinSAT Memory (RAM) score
	graphicsformal	Run Graphics assessment to generate the WinSAT Gaming Graphics score
	diskformal	Run Disk assessment to generate the WinSAT Primary Hard Disk score
			
All formal assessments will save the data (xml files) in 
		%WINDIR%\performance\winsat\datastore.  

If a system has been prepopulated (using files generated by the "winsat prepop" option), 
it is not necessary to run formal assessments.


SUB-ASSESSMENTS:
While investigating results, it may be convenient to look at individual assessments.  
Options for running Gaming Graphics sub-assessments include:

	Winsat graphicsformal3d
	Winsat graphicsformalmedia

	DX9 Variations:  
		Winsat d3d -dx9
		winsat d3d -batch
		winsat d3d -alpha
		winsat d3d -tex
		winsat d3d -alu

	DWM/DX10 variations:  
		Winsat d3d -dx10
		winsat d3d -dx10 -alpha
		winsat d3d -dx10 -tex
		winsat d3d -dx10 -alu
		winsat d3d -dx10 -batch
		winsat d3d -dx10 -geomf4
		winsat d3d -dx10 -geomf27
		winsat d3d -dx10 -geomv8
		winsat d3d -dx10 -gemov32
		winsat d3d -dx10 -cbuffer



OPTIONS FOR FORMAL ASSESSMENTS FOR SUBSEQUENT RUNS ON THE SAME MACHINE:

The default behavior for "WinSAT formal" when a complete set of winsat formal files is present 
and a second "winsat formal" run is requested is to 
	1) Run incrementally if component change implies that an assessment needs to be re-run, 
		e.g. if a video card were updated  
	2) If no component updates were detected, re-run all assessments.

	The restart option enables behaviour other than the default.  The syntax is :   	
		Winast formal -restart [clean|never]
	
		Winsat formal -restart	 	Reruns all assessments. 
		Winsat formal -restart never 	Attempts to run incrementally.
		Winsat formal -restart clean 	Reruns all assessments and provides the same functionality as “forgethistory”. 
 		Winsat forgethistory		Choosing to forgethistory will rate a machine as if for the first time.


OTHER COMMAND LINE OPTIONS :
	-v			Enables verbose output
	-xml			Saves the XML output to 'filename'

	<command> -log <fn>	Generates a log file associated with the specified command, such as disk
				The -log switch can be used with any WinSAT command.

	viewlog -i <filename> 	Dumps the results of a log file .  
	viewevents 		Used to view relevant winsat events in the event log. 
				(This launches the event log)
	query 			Can be used to query the current datastore.

 

WMIC   (Version 6.1.7600.16385)

[global switches] <command>

The following global switches are available:
/NAMESPACE           Path for the namespace the alias operate against.
/ROLE                Path for the role containing the alias definitions.
/NODE                Servers the alias will operate against.
/IMPLEVEL            Client impersonation level.
/AUTHLEVEL           Client authentication level.
/LOCALE              Language id the client should use.
/PRIVILEGES          Enable or disable all privileges.
/TRACE               Outputs debugging information to stderr.
/RECORD              Logs all input commands and output.
/INTERACTIVE         Sets or resets the interactive mode.
/FAILFAST            Sets or resets the FailFast mode.
/USER                User to be used during the session.
/PASSWORD            Password to be used for session login.
/OUTPUT              Specifies the mode for output redirection.
/APPEND              Specifies the mode for output redirection.
/AGGREGATE           Sets or resets aggregate mode.
/AUTHORITY           Specifies the <authority type> for the connection.
/?[:<BRIEF|FULL>]    Usage information.

For more information on a specific global switch, type: switch-name /?


The following alias/es are available in the current role:
ALIAS                    - Access to the aliases available on the local system
BASEBOARD                - Base board (also known as a motherboard or system board) management.
BIOS                     - Basic input/output services (BIOS) management.
BOOTCONFIG               - Boot configuration management.
CDROM                    - CD-ROM management.
COMPUTERSYSTEM           - Computer system management.
CPU                      - CPU management.
CSPRODUCT                - Computer system product information from SMBIOS. 
DATAFILE                 - DataFile Management.  
DCOMAPP                  - DCOM Application management.
DESKTOP                  - User's Desktop management.
DESKTOPMONITOR           - Desktop Monitor management.
DEVICEMEMORYADDRESS      - Device memory addresses management.
DISKDRIVE                - Physical disk drive management. 
DISKQUOTA                - Disk space usage for NTFS volumes.
DMACHANNEL               - Direct memory access (DMA) channel management.
ENVIRONMENT              - System environment settings management.
FSDIR                    - Filesystem directory entry management. 
GROUP                    - Group account management. 
IDECONTROLLER            - IDE Controller management.  
IRQ                      - Interrupt request line (IRQ) management. 
JOB                      - Provides  access to the jobs scheduled using the schedule service. 
LOADORDER                - Management of system services that define execution dependencies. 
LOGICALDISK              - Local storage device management.
LOGON                    - LOGON Sessions.  
MEMCACHE                 - Cache memory management.
MEMORYCHIP               - Memory chip information.
MEMPHYSICAL              - Computer system's physical memory management. 
NETCLIENT                - Network Client management.
NETLOGIN                 - Network login information (of a particular user) management. 
NETPROTOCOL              - Protocols (and their network characteristics) management.
NETUSE                   - Active network connection management.
NIC                      - Network Interface Controller (NIC) management.
NICCONFIG                - Network adapter management. 
NTDOMAIN                 - NT Domain management.  
NTEVENT                  - Entries in the NT Event Log.  
NTEVENTLOG               - NT eventlog file management. 
ONBOARDDEVICE            - Management of common adapter devices built into the motherboard (system board).
OS                       - Installed Operating System/s management. 
PAGEFILE                 - Virtual memory file swapping management. 
PAGEFILESET              - Page file settings management. 
PARTITION                - Management of partitioned areas of a physical disk.
PORT                     - I/O port management.
PORTCONNECTOR            - Physical connection ports management.
PRINTER                  - Printer device management. 
PRINTERCONFIG            - Printer device configuration management.  
PRINTJOB                 - Print job management. 
PROCESS                  - Process management. 
PRODUCT                  - Installation package task management. 
QFE                      - Quick Fix Engineering.  
QUOTASETTING             - Setting information for disk quotas on a volume. 
RDACCOUNT                - Remote Desktop connection permission management.
RDNIC                    - Remote Desktop connection management on a specific network adapter.
RDPERMISSIONS            - Permissions to a specific Remote Desktop connection.
RDTOGGLE                 - Turning Remote Desktop listener on or off remotely.
RECOVEROS                - Information that will be gathered from memory when the operating system fails. 
REGISTRY                 - Computer system registry management.
SCSICONTROLLER           - SCSI Controller management.  
SERVER                   - Server information management. 
SERVICE                  - Service application management. 
SHADOWCOPY               - Shadow copy management.
SHADOWSTORAGE            - Shadow copy storage area management.
SHARE                    - Shared resource management. 
SOFTWAREELEMENT          - Management of the  elements of a software product installed on a system.
SOFTWAREFEATURE          - Management of software product subsets of SoftwareElement. 
SOUNDDEV                 - Sound Device management.
STARTUP                  - Management of commands that run automatically when users log onto the computer system.
SYSACCOUNT               - System account management.  
SYSDRIVER                - Management of the system driver for a base service.
SYSTEMENCLOSURE          - Physical system enclosure management.
SYSTEMSLOT               - Management of physical connection points including ports,  slots and peripherals, and proprietary connections points.
TAPEDRIVE                - Tape drive management.  
TEMPERATURE              - Data management of a temperature sensor (electronic thermometer).
TIMEZONE                 - Time zone data management. 
UPS                      - Uninterruptible power supply (UPS) management. 
USERACCOUNT              - User account management.
VOLTAGE                  - Voltage sensor (electronic voltmeter) data management.
VOLUME                   - Local storage volume management.
VOLUMEQUOTASETTING       - Associates the disk quota setting with a specific disk volume. 
VOLUMEUSERQUOTA          - Per user storage volume quota management.
WMISET                   - WMI service operational parameters management. 

For more information on a specific alias, type: alias /?

CLASS     - Escapes to full WMI schema.
PATH      - Escapes to full WMI object paths.
CONTEXT   - Displays the state of all the global switches.
QUIT/EXIT - Exits the program.

For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /?

 

XCOPY   (Version 6.1.7600.16385)

Copies files and directory trees.

XCOPY source [destination] [/A | /M] [/D[:date]] [/P] [/S [/E]] [/V] [/W]
                           [/C] [/I] [/Q] [/F] [/L] [/G] [/H] [/R] [/T] [/U]
                           [/K] [/N] [/O] [/X] [/Y] [/-Y] [/Z] [/B]
                           [/EXCLUDE:file1[+file2][+file3]...]

  source       Specifies the file(s) to copy.
  destination  Specifies the location and/or name of new files.
  /A           Copies only files with the archive attribute set,
               doesn't change the attribute.
  /M           Copies only files with the archive attribute set,
               turns off the archive attribute.
  /D:m-d-y     Copies files changed on or after the specified date.
               If no date is given, copies only those files whose
               source time is newer than the destination time.
  /EXCLUDE:file1[+file2][+file3]...
               Specifies a list of files containing strings.  Each string
               should be in a separate line in the files.  When any of the
               strings match any part of the absolute path of the file to be
               copied, that file will be excluded from being copied.  For
               example, specifying a string like \obj\ or .obj will exclude
               all files underneath the directory obj or all files with the
               .obj extension respectively.
  /P           Prompts you before creating each destination file.
  /S           Copies directories and subdirectories except empty ones.
  /E           Copies directories and subdirectories, including empty ones.
               Same as /S /E. May be used to modify /T.
  /V           Verifies the size of each new file.
  /W           Prompts you to press a key before copying.
  /C           Continues copying even if errors occur.
  /I           If destination does not exist and copying more than one file,
               assumes that destination must be a directory.
  /Q           Does not display file names while copying.
  /F           Displays full source and destination file names while copying.
  /L           Displays files that would be copied.
  /G           Allows the copying of encrypted files to destination that does
               not support encryption.
  /H           Copies hidden and system files also.
  /R           Overwrites read-only files.
  /T           Creates directory structure, but does not copy files. Does not
               include empty directories or subdirectories. /T /E includes
               empty directories and subdirectories.
  /U           Copies only files that already exist in destination.
  /K           Copies attributes. Normal Xcopy will reset read-only attributes.
  /N           Copies using the generated short names.
  /O           Copies file ownership and ACL information.
  /X           Copies file audit settings (implies /O).
  /Y           Suppresses prompting to confirm you want to overwrite an
               existing destination file.
  /-Y          Causes prompting to confirm you want to overwrite an
               existing destination file.
  /Z           Copies networked files in restartable mode.
  /B           Copies the Symbolic Link itself versus the target of the link.
  /J           Copies using unbuffered I/O. Recommended for very large files.

The switch /Y may be preset in the COPYCMD environment variable.
This may be overridden with /-Y on the command line.

 

This HTML help file was generated by AllHelp.vbs, Version 3.29
Written by Rob van der Woude
http://www.robvanderwoude.com


page last modified: 2017-05-02; loaded in 0.0371 seconds