100 Essential Windows Command-Line Tricks Every Sysadmin Should Know

System Management & Maintenance (30 commands)

systeminfo

: Displays detailed OS information, including installation date, installed updates, memory, and hardware configuration. sfc /scannow [Admin] : Scans all protected system files and replaces corrupted files with cached copies. chkdsk /f [Admin] : Checks the file system for errors and fixes them; a reboot may be required to complete the operation. cleanmgr: Launches the Disk Cleanup wizard to free space by removing temporary files, system caches, and previous Windows installations. defrag C: /O: Optimizes fragmentation on mechanical drives (skip for SSDs). The /O switch performs a full optimization. msinfo32: Opens the System Information panel, providing a graphical overview of hardware resources and software environment. winver: Shows the exact Windows version and build number. services.msc: Opens the Services management console for starting, stopping, and configuring service startup types. compmgmt.msc: Opens Computer Management, which aggregates Device Manager, Disk Management, and other administrative tools. diskmgmt.msc: Opens Disk Management for partitioning, formatting, and volume configuration. devmgmt.msc: Opens Device Manager to view and manage hardware drivers. eventvwr: Launches Event Viewer for inspecting system, security, and application logs. perfmon: Opens Performance Monitor to create custom counters and generate performance reports. taskschd.msc: Opens Task Scheduler for creating, editing, and troubleshooting scheduled tasks. lusrmgr.msc: Opens Local Users and Groups for managing local accounts and group memberships. control: Opens the classic Control Panel. appwiz.cpl: Opens Programs and Features to uninstall or modify installed applications. sysdm.cpl: Opens System Properties (computer name, hardware tab, advanced system settings). secpol.msc: Opens Local Security Policy for configuring security options and audit settings. rsop.msc: Displays Resultant Set of Policy (RSoP) to see effective group policy settings. slmgr.vbs -xpr: Checks Windows activation status (permanent or expiration date). wmic qfe list: Lists all installed Windows updates and hotfixes. wmic bios get serialnumber: Retrieves the BIOS serial number for hardware inventory. powercfg /energy: Generates a detailed power efficiency report (HTML) in the current directory. ver: Prints the OS version string. hostname: Shows the computer's network name. time: Displays or sets the system time (requires admin rights to change). date: Displays or sets the system date. shutdown /r /t 0: Restarts the machine immediately. shutdown /s /t 0: Powers off the machine immediately.

Network Diagnosis & Configuration (25 commands)

ipconfig /all

: Shows full network adapter configuration, including MAC address, DNS servers, and DHCP lease details. ping 8.8.8.8 -t: Sends continuous ICMP echo requests to Google DNS to monitor connectivity. tracert www.baidu.com: Traces the route to the specified host, displaying each hop. netstat -ano: Lists all active connections with owning process IDs, useful for identifying rogue processes. nslookup www.qq.com: Performs a DNS lookup to verify name resolution. arp -a: Displays the ARP cache table mapping IP addresses to MAC addresses. netsh interface ip show config: Shows IP configuration for each network interface. netsh interface ip set dns "以太网" static 8.8.8.8: Assigns a static DNS server (Google DNS) to the "Ethernet" adapter. netsh winsock reset: Resets the Winsock catalog to fix network stack corruption. netsh advfirewall set allprofiles state off: Temporarily disables the Windows Firewall for all profiles (use with caution). route print: Displays the routing table, useful for troubleshooting network paths. net use K: \\192.168.1.100\share: Maps a network share to drive K:. netsh wlan show profiles: Lists all saved Wi‑Fi profiles on the machine. netsh wlan show profile name="Home" key=clear: Reveals the clear‑text Wi‑Fi password for the "Home" profile. netsh wlan connect ssid="Office": Connects to a Wi‑Fi network with the SSID "Office". pathping www.taobao.com: Combines traceroute and packet loss statistics for the target host. getmac /v: Shows detailed MAC address information for each network adapter. net view: Lists shared resources on the local network. net share: Displays or modifies shared folder definitions. ftp: Starts the built‑in FTP client for manual file transfers. telnet: Starts the Telnet client for testing TCP connectivity on port 23. netsh trace start capture=yes: Begins a network packet capture (saved as .etl). netsh trace stop: Stops the packet capture and finalizes the trace file. ipconfig /flushdns: Clears the DNS resolver cache. ipconfig /registerdns: Forces dynamic registration of the host name with DNS.

File & Disk Operations (20 commands)

dir /s /ah

: Recursively lists all hidden files and directories. cd /d D:\logs: Changes drive and directory in a single command. robocopy C:\src D:\backup /MIR /MT:8: Mirrors source to destination using multithreading (8 threads) for faster copy. del /F /Q *.tmp: Force‑deletes all temporary files without prompting. rd /S /Q "D:\old": Removes a non‑empty directory tree silently. fsutil file createnew test.txt 1048576: Creates a 1 MiB test file named test.txt. type filename.txt: Outputs the contents of a text file to the console. copy file1.txt+file2.txt merged.txt: Concatenates two files into a new file. find "error" log.txt: Searches for the string "error" inside log.txt. tree /F: Displays a graphical directory tree including files. md newfolder: Creates a new directory called newfolder. cipher /W:D:: Securely overwrites free space on drive D: to prevent data recovery. compact /c /s: Enables NTFS compression on all files in the current directory and subfolders. diskpart: Launches the Disk Partition utility for advanced disk layout tasks. format E: /FS:NTFS /Q: Performs a quick format of drive E: with the NTFS file system.

Process & User Management (15 commands)

tasklist /svc

: Lists running processes together with the services they host. taskkill /F /IM chrome.exe: Forcefully terminates all instances of chrome.exe. taskkill /PID 1234 /T: Kills the process with PID 1234 and all child processes. start notepad: Launches Notepad (or any executable) in a new window. net user Tech P@ssw0rd /add: Creates a local user named Tech with the specified password. net localgroup administrators Tech /add: Adds the user Tech to the local Administrators group. net user Tech /delete: Deletes the local user Tech. query session: Shows active Remote Desktop (RDP) sessions. whoami: Displays the current user name and domain. runas /user:admin cmd: Opens a new command prompt under the admin account. qwinsta: Alias for query session, lists terminal services sessions. sc query: Queries the status of all services. sc stop WinDefend: Stops the Windows Defender service. sc config DiagTrack start= disabled: Disables the Diagnostic Tracking service. wmic process get name,processid: Retrieves a list of running processes with their PIDs.

Operations Practical Commands (10 commands)

for /L %i in (1,1,100) do ping -n 1 192.168.1.%i

: Performs a ping sweep across the 192.168.1.0/24 subnet.

forfiles /p "C:\logs" /s /m *.log /d -7 /c "cmd /c del @path"

: Recursively deletes log files older than 7 days. auditpol /set /category:"Account Logon" /success:enable: Enables success auditing for account logon events. wmic product get name,version > software.csv: Exports a list of installed products and their versions to software.csv. wmic memorychip get capacity,speed: Retrieves memory module capacity (bytes) and speed (MHz). wmic diskdrive get model,size: Shows disk model identifiers and sizes.

reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Run"

: Lists programs configured to run at startup. schtasks /query /fo LIST /v: Provides a verbose list of all scheduled tasks. vssadmin list shadows: Lists existing Volume Shadow Copy snapshots. powercfg /batteryreport: Generates an HTML battery health report in the current directory.

High‑Risk Operation Warning

:: Permanent deletion (cannot be recovered)
format C: /FS:NTFS
diskpart → clean

:: Commands that require extreme caution
 del /F /S /Q *.*
 rd /S /Q C:\Windows

Operations Golden Rules

Test in a safe environment : Execute destructive commands on a non‑production machine first.

Principle of least privilege : Avoid running routine tasks with administrator rights.

Double‑check before deletion or formatting : Verify the target path and parameters.

Log critical actions : Redirect output to a log file, e.g., > log.txt, to retain an audit trail.