How to create a command-line toolkit for Windows
If you are a system administrator, IT professional, or a power user it is common to find yourself using the command promptto perform administrative tasks in Windows. Whether it be copying files, accessing the Registry, searching for files, or modifying disk partitions, command-line tools can be faster and more powerful than their graphical alternatives. This tutorial will walk you through creating a command-line toolkit that contains useful programs and utilities that can make administering and using your computer easier and more efficient. The tutorial will also walk you through configuring your PATH environment variable so that these tools are available whenever you need them without having to specify the complete path to your toolkit folder. At the end of the tutorial we have listed a variety of command-line programs that are included with Windows or are by 3rd party developers that you can use as part of your command-line toolkit.
The first step is to create a folder that you will use to store your command-line programs. This folder can be located anywhere, but should have a name that describes what it is being used for. Some example folder names that you can use are bin, cl, or command-line. For the purpose of this tutorial, we will use the folder C:\command-line to store the command-line tools that we would like to use. Once the folder has been created, we now want to add it to the Windows PATH so that we do not have to type the full path to the command-line tool every time we wish to use one.
To do this, click on the Start button and type System. If you are using Windows 8, you can just type System from the Start Screen. When the search results appear, click on the System control panel in the search results to open the control panel as shown below.
Now click on the Advanced system settings option as indicated by the red arrow in the image above. This will open theAdvanced tab for the System Properties screen.
Now click on the Environment Variables button to open a screen that lists the various environment variables that are configured in Windows.
Under the System variables box scroll down till you see the Path variable. Once you see that variable, double-click on it to open a screen where you can edit it.
The Path variable is a list of folders separated by a semi-colon (;) that Windows will use to search for programs to execute when you type them in. When you try to launch a program from the command-line, Windows will search through all the folders in its path and execute the program if it is found. As we do not want to have to type the full path to a command-line program (C:\command-line\program.exe) every time we use it, we can add the C:\Command-line folder to our path so we only have to type the program name (program.exe) to launch it.
As our command-line tools in this tutorial are located in C:\command-line we want to add this folder to the end of the list of folders that are already present in the Variable value field. To do this, go to the very end of the text in the Variable value field and type ;C:\command-line. When you do this you will need to substitute C:\command-line with the path to your folder. When you are done, you should now see the field that looks similar to the image above.
To save your changes, click on the OK button and then close the System Control Panel. Now whenever you type in a program name that is stored in your command-line program folder, Windows will be able to find it and execute it.
This section will list a variety of command-line programs that can you use to start your toolkit. When using the list below, if the program is not bundled with Windows, then the name of the program will also be a link to the site that you can use to download the program and save it to your command-line folder. If the program name does not contain a link, then it is bundled with Windows and can already be used from your command prompt. If there are any other tools that you recommend we add to this list, please let us know.
Administration and Troubleshooting Programs
| Command | Description |
| AccessChk | AccessChk lists the kind of permissions specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services |
| at | The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command. |
| CoreInfo | Coreinfo is a command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor. |
| driverquery | Displays a list of installed device drivers. |
| MpCmdRun.exe | A command-line interface for Windows Defender. To execute this program you must use the full path: %ProgramFiles%\Windows Defender\MpCmdRun.exe |
| net | Various Windows management commands. More information can be foundhere. |
| netsh | Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. More information can be found here. |
| powershell | Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration. More information can be found here. |
| PsLogList | Allows you to list the contents of local or remote computer's Windows Event Log. |
| PsPasswd | PsPasswd is a tool that lets you change an account password on the local or remote systems. |
| PsService | Allows you to list and configure Windows services. |
| runas | Run a program as another user. |
| rundll32 | Execute functions exported in a DLL file. |
| sc | Manage Windows Services. |
| shutdown | Shutdown a local or remote computer. |
| SigCheck | Verify that images are digitally signed and dumps version information contained within the file. |
| UnixUtils | A collection of Unix utilities that have been ported to Windows. These utilities are very useful and include programs like grep, split, tar, dir, etc. |
| wmic | A program that allows command-line and batch file access to Windows Management Instrumentation. More information can be found here. |
| WUInstall | A command-line Windows Update installer and management program. |
Boot and Windows Startup Programs
| Command | Description |
| bcdboot | The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store. More information can be found here. |
| bcdedit | The Bcdedit.exe command-line tool modifies the boot configuration data store. The boot configuration data store contains boot configuration parameters and controls how the operating system is booted. This tool is for Windows Vista and later. More information can be found here. |
| bootcfg | More information can be found here. |
| repair-bde | The bootcfg command is a Microsoft Windows Server 2003 utility that modifies the Boot.ini file. This command has a function that can scan your computer's hard disks for Microsoft Windows NT, Microsoft Windows 2000, Microsoft Windows XP, and Windows Server 2003 installations, and then add them to an existing Boot.ini file or rebuild a new Boot.ini file if one does not exist. You can use the bootcfg command to add additional Boot.ini file parameters to existing or new entries. More information can be found here. |
File Comparison, Search, and Viewing Programs
| Command | Description |
| comp | Compares the contents of two files or sets of files. |
| findstr | Searches for strings in files. This is a powerful tool, but contains a limited Regular Expression functionality. If you want a string searching tool with greater RegExp functionality, you may want to use grep that is part of theUnixUtils package. |
| fc | Compares two files or sets of files and displays the differences between them. |
| more | Displays a file one page at a time. |
| sort | Reads input, sorts data, and writes the results to the screen, to a file, or to another device. More information about sort can be found here. |
| type | Displays the entire file to the screen. |
File Permission and Management Programs
| Command | Description |
| 7Zip | Full featured archive program that can work with almost any archive type. When adding this to your command-line folder, be sure to copy both 7z.exe & 7z.dll for it to work properly. |
| attrib | Displays, sets, or removes the read-only, archive, system, and hidden attributes assigned to files or directories. Used without parameters, attrib displays attributes of all files in the current directory. More information can be foundhere. |
| cd | Changes the current working directory. |
| copy | Copy a file to another name or to a different folder. |
| dir | List the files in a folder. |
| File Checksum Integrity Verifier | The File Checksum Integrity Verifier (FCIV) utility can generate MD5 or SHA-1 hash values for files to compare the values against a known good value. FCIV can compare hash values to make sure that the files have not been changed. |
| forfiles | Selects a file (or set of files) and executes a command on that file. |
| Handle | Handle is a utility that displays information about open handles for any process in the system. You can use it to see the programs that have a file open, or to see the object types and names of all the handles of a program. |
| icacls | Displays or modifies discretionary access control lists (DACLs) on specified files, and applies stored DACLs to files in specified directories. More information about icacls can be found here. |
| Junction | Allows you to create, list, or delete Junctions in Windows. |
| LADS | LADS will display a list of all alternate data streams found in a particular folder. |
| md5sum | Lists the md5 has for a particular file or numerous files in a folder. |
| move | Move a file or folder to another location. |
| ren | Rename a file or folder. |
| Sdelete | You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever. |
| sfc | Scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions. |
| Strings | Displays strings found within a file. |
| xcopy | Copies files and directories, including subdirectories. |
Filesystem Management Programs
| Command | Description |
| chkdsk | Checks a disk and displays a status report. |
| defrag | Locates and consolidates fragmented files on local volumes to improve system performance. |
| diskpart | Diskpart allows you to manage and modify disk partitions. More information about diskpart can be found here. |
| FixMBR | Repairs the master boot record of the boot disk. The fixmbr command is only available when you are using the Recovery Console. |
| recover | Recovers readable information from a bad or defective disk. |
| takeown | This tool allows an administrator to recover access to a file that was denied by re-assigning file ownership. |
Network Diagnostics & Administration Programs
| Command | Description |
| arp | Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). Useful for finding mac addresses of other networked devices on your network. |
| cURL | cURL is a command line tool for downloading web pages, entire sites, ftp files, etc. |
| ipconfig | Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters. More information can be found here. |
| Netcat | Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. This is a very useful tool for diagnosing network connections, open firewall ports, or for sending the output of a local command to a remote computer. |
| netstat | Displays protocol statistics and current TCP/IP network connections. |
| Nmap | Nmap ("Network Mapper") is a utility for network discovery and security auditing. This program can quickly perform a TCP/IP audit of your network. |
| nslookup | Nslookup allows you to perform DNS (Domain Name Service) resolution. |
| pathping | The PathPing tool is a route tracing tool that combines features of Ping and Tracert with additional information that neither of those tools provides. PathPing sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since PathPing shows the degree of packet loss at any given router or link, you can pinpoint which routers or links might be causing network problems. More information can be found here. |
| ping | Ping is a computer network administration utility used to test if you can reach a host on an Internet Protocol (IP) network and to measure the round-trip time for messages sent from the originating host to a destination computer. |
| PsFile | PsFile is a command-line utility that shows a list of files on a system that are opened remotely, and it also allows you to close opened files either by name or by a file identifier. |
| PsExec | PsExec is a program that lets you execute processes on other systems, complete with full interactive use for console applications, without having to manually install client software. Please note that some anti-virus vendors may detect this as "Remote Admin", but it is a legitimate tool from Microsoft. |
| PsLoggedOn | PsLoggedOn is an program that displays both the locally logged on users and users logged on via resources for either the local computer, or a remote one. If you specify a user name instead of a computer, PsLoggedOn searches the computers in the network neighborhood and tells you if the user is currently logged on. |
| route | Displays and modifies the entries in the local IP routing table. Used without parameters, route displays help. More information can be found here. |
| tracert | Displays the path taken from TCP/IP packets as they traverse from your local computer to a remote target. More information can be found here. |
| Wget | GNU Wget is a program for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols. |
Process Management Programs
| Command | Description |
| ListDlls | ListDLLs is a utility that reports the DLLs loaded into processes. You can use it to list all DLLs loaded into all processes, into a specific process, or to list the processes that have a particular DLL loaded. |
| PsKill | Allows you to terminate processes. |
| PsList | Lists all running processes. |
| tasklist | Lists all running running processes and services. This program can also be used to list what services are running under a particular svchost process. Seehere for more information regarding how to do that. |
| taskkill | This tool is used to terminate tasks by process id (PID) or image name. |
) in the lower left corner of
your screen that has a Windows flag on it.
