Very useful commands for windows administrator

1.systeminfo
Gives you full information about the system

You can also filter it with findstr string as show in below examples.

To show information related to Network :
C:\Users\Rafi>systeminfo | findstr “Network”
Network Card(s): 4 NIC(s) Installed.
[02]: Intel(R) 82579LM Gigabit Network Connection

To show information related to Memory :
C:\Users\Rafi>systeminfo | findstr “Memory”
Total Physical Memory: 8,102 MB
Available Physical Memory: 3,973 MB
Virtual Memory: Max Size: 9,382 MB
Virtual Memory: Available: 3,657 MB
Virtual Memory: In Use: 5,725 MB

To show information related to OS and Bios:
C:\Users\Rafi>systeminfo | findstr “OS”
OS Name: Microsoft Windows 10 Enterprise
OS Version: 10.0.10240 N/A Build 10240
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
BIOS Version: Hewlett-Packard 68SCF Ver. F.01, 3/11/2011

To show information related to System last boot time or Time Zone :
C:\Users\Rafi>systeminfo | findstr “Time”
System Boot Time: 5/8/2020, 2:37:40 PM
Time Zone: (UTC+03:00) Kuwait, Riyadh

2.netstat
Netstat is useful when troubleshooting network or flows

Command exampls :
netstat -an : To list all listening ports over against the IP address
netstat -s : To list the statistics for the Network addresses

You can also filter this with findstr string as show in the below examples.
Just to see any errors in the network statistics :
C:\Users\Rafi>netstat -s | findstr “Error”

Received Header Errors = 0
Received Address Errors = 11
Received Header Errors = 0
Received Address Errors = 15
Errors 0 0
Errors 0 0
Receive Errors = 42662
Receive Errors = 393

Just to see if a particular port is listening :
C:\Users\Rafi>netstat -an | findstr “65355”
TCP 127.0.0.1:49449 127.0.0.1:65355 ESTABLISHED
TCP 127.0.0.1:65355 127.0.0.1:49449 ESTABLISHED

3. tasklist
This command is used to check all running processes

C:\Users\Rafi>tasklist
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 20 K
System 4 Services 0 1,264 K
smss.exe 304 Services 0 928 K
csrss.exe 408 Services 0 3,548 K
wininit.exe 480 Services 0 3,368 K
services.exe 568 Services 0 6,876 K

If you need to check particular process running or not, you can use findstr string as below.

C:\Users\Rafi>tasklist | findstr “cmd”
cmd.exe 6012 Console 1 2,348 K
cmd.exe 4280 Console 1 3,084 K

4. taskkill
This is useful to kill/terminate a particular process. Similar to End Task from the Task Manager in GUI.

let us find a process called notepad.

C:\Users\Rafi>tasklist | findstr “notepad”
notepad.exe 2028 Console 1 8,212 K

Now we know the pid of the process norepad – 2028.

Kill the notepad process :
C:\Users\Rafi>taskkill -pid 2028
SUCCESS: Sent termination signal to the process with PID 2028.

5. netsh
This command is used to capture the network trace if you don’t have Wireshark or other captureing tools available.

C:\Windows\system32>netsh trace start capture=yes
Trace configuration:
——————————————————————-
Status: Running
Trace File: C:\Users\Rafi\AppData\Local\Temp\NetTraces\NetTrace.etl
Append: Off
Circular: On
Max Size: 250 MB
Report: Off
C:\Windows\system32>

The trace is running in the background.

To stop the trace :
C:\Windows\system32>netsh trace stop
Correlating traces … done
Merging traces … done
Generating data collection … done
The trace file and additional troubleshooting information have been compiled as “C:\Users\Rafi\AppData\Local\Temp\NetTraces\NetTrace.etl”
File location = C:\Users\Rafi\AppData\Local\Temp\NetTraces\NetTrace.etl
Tracing session was successfully stopped.