In this post, I’m going to show you 15 Windows commands that are still great for troubleshooting and gathering system configuration details.
Most of these commands are far superior to any PowerShell command.
I’ll show you examples of each command and explain what they are used for.
Check it out.
The ping command tests network connectivity between two devices by sending ICMP echo requests. For example, computer A tests if it has connectivity to computer B by sending some packets back and forth.
The ping command is still one of my favorite tools for testing basic network connectivity. It’s fast and very easy to use. In addition, I use it for the following:
- Test for packet loss
- Test latency
- Test DNS queries
- Test connectivity with configuring new connections (can my router talk to the next hop such as the ISPs router?)
To test the connectivity to another device by IP or hostname use the command below
or by hostname
For most windows commands you can type the command followed by /? to view the help info, it will display the full syntax and parameters. So to view the help for ping use this command:
More Ping Examples
-l switch specifies a packet size
ping -l 2024 192.168.5.1
-a switch will do a reverse name resolution on the IP (PTR record lookup)
ping -a 18.104.22.168
-t switch will do a continuous ping. A very popular command for testing network connectivity.
ping -a 192.168.5.1
Send any command output to a text file
ping -t > c:\it\test-ping.txt
Here is the ping command ran from PowerShell. It’s the exact same syntax as using CMD.
For more details on the ping command see Microsoft’s ping documentation.
ipconfig is used to display system TCP/IP configuration. You can display the IP info for a single or all network cards installed on a computer.
But.. Wait there is more!
This command can also display the DNS cache on the local machine, flush DNS, release and renew the DHCP address on all network cards.
ipconfig command example
To view the IP configuration for all network cards on a computer type the command below and press enter
Here are some additional parameters that I find useful. Remember you can type ipconfig /? to view the entire command syntax and list of parameters.
More ipconfig examples
/all switch to display IP info for all network cards
/flushdns switch to clear the local DNS resolver cache
/registerdns to trigger dynamic registration of the DNS names and IP addresses that are configured on the computer
/release to release DHCP addresses. Will release DCHP address on the network cards that are configured for DHCP.
/renew switch will renew DHCP address for all network cards
/displaydns switch will display the DNS client cache.
The nslookup command is used to check DNS records and troubleshoot DNS. This is a must-have command for any sysadmin or network engineer. You can do all kinds of tests to verify DNS is working correctly, you can check PTR, A, MX, SOA, and many other types of DNS records. It’s another one of my favorite windows commands for network troubleshooting.
Nslookup command example
To test that the A record of a hostname follow these two steps
Step 1: Type nslookup and press enter
Step 2: type in a domain name and press enter
More nslookup examples
I wrote a complete how to guide on nslookup with lots of examples check it out here -> How to use Nslookup to check DNS records.
The tracert command is used to track the pathway a packet takes from a source IP to the destination address. This simply means it’s going to display each hop (router) that the packet passes through to reach its destination.
This command I don’t use very often but still comes in handy when troubleshooting the network. For example, we had some speed issues with a website from our ISP, on a different ISP we had no issues. The ISP had us run a traceroute so they could see the path it took.
The syntax for this command is tracert followed by the hostname or IP.
This command has very few options. The only command line switch on this one that I find useful is the -d which is used to not resolve the address to hostname.
The shutdown command does exactly that, it shuts down a computer. This command is useful for shutting down or restarting local or remote computers. It also provides a quick way to see all the logs for why a computer restarted or was shut down.
This command will restart computer pc2
shutdown /r /m \\pc2
This command will shut down the remote computer
shutdown /s /m \\pc2
View previous shutdown/restart logs
Here is an example output for the shutdown /d command. This can be useful to quickly check why a computer restarted or shutdown.
More shutdown examples
Some of these use multiple switches, refer to the help file shutdown /? for an explanation of each command switch.
Log user off of a remote computer
shutdown /l /m \\pc2
Restart a remote computer with no countdown
shutdown /r /m \\pc2 /t 0
Shutdown local computer and specify time period before shutdown in seconds
shutdown /s /t 60
Shutdown a remote computer with a custom message
shutdown /m \\pc2 /c "Rebooting computer, have a nice day"
Abort a system shutdown
Force applications to close without warning
shutdown /s /f
The gpupdate command is used to apply group policies on a computer in a windows domain. This is a very popular command, I see a lot of helpdesk techs that use it. Sometimes you can run this command to refresh the GPOs and avoid a reboot but that doesn’t always work.
gpupdate command examples
This command will pull down any GPO changes to the computer
Use this option to reapply all the GPOs on the computer.
This is such an awesome command.
The netstat command displays TCP/IP connection information, ethernet stats, and the computer’s routing table. As a sysadmin I use this command on Windows servers and clients when troubleshooting connection issues. I can verify application servers are working correctly by checking that the service is running and listening for connections on the port.
netstat command examples
Display all active and listening ports
Display all connections in numerical order
netstat -a -n
Here is the output of the above command. You can see how you can verify server and client connectivity. It shows that my domain controller with IP 192.168.100.10 has established these four connections with IP 192.168.100.11.
More netstat examples
Displays the executable that is used to create the connection
Displays ethernet statistics. This is a quick way to check for network card errors and discards
Displays the exe and the process ID (PID) associated with the connection.
Displays the computers local routing table
Displays FQDN with the connection info.
If you are the administrator of Active Directory then you must know this command. This command will analyze the state of your domain controllers, it has over 30 built in tests. You should be running this command at regular intervals to ensure your domain environment is healthy.
To run dcdiag on a specific domain controller use this command
This command is so great I had to write a separate article on it. Check out the article below.
9. net stop and net start
Simple command to start and stop windows services
In this example, I will stop and start the printer spooler service
net stop spooler
and now start the spooler service
net start spooler
That is it for this command, there are no additional parameters.
The systeminfo command displays configuration details on a computer such as OS name and version, hardware information, boot time, logon server, and more.
There are a lot of details this command displays, I typically use it to check last boot time, logon server, and OS version.
You can run this command on remote computers with the /s parameter
system info /s pc1
This command returns the MAC address from all the network cards on a system. When troubleshooting a client connection issue I will often need the computer’s MAC address so I can verify I see it connected on the switch. This command is the best way to quickly grab a computer’s MAC address.
To run it on a local computer just type getmac.
To run on a remote computer use the /s parameter
getmac /s pc1
The gpresult command reports on what group policies and settings are applied to a user or computer.
This is another must know command if you work with Active Directory servers.
To display all applied GPOs run this command. Note: You need to run the command prompt in administrator mode or it will not generate a full report.
The above command will give a report for both user and computer applied GPOs.
and the computer settings
More GPResult examples
Display GPOs applied to the user
gpresult /r /scope:user
Display GPOs applied to the computer
gpresult /r /scope:computer
Display GPOs for a remote computer
gpresult /s pcname
Generate an HTML report
gpresult /h c:\report.html
Send command output to a text file
gpresult /r > c:\result.txt
This command displays who is currently logged on to the local system. It also can display what groups a user belongs to. Use this command to display the logged on users group membership.
Pretty cool right?
More whoami commands
Display the user name in UPN format
Displays current domain, username and users SID
Displays all information for the current user
14. telnet client
I use the windows telnet client to test if a remote host is allowing connection on a specific port. I typically use this when someone says your firewall is blocking a program from working.
If you know the port number the application runs on you can use the command below. In this example, I installed filezilla server so port 21 should be open.
The syntax is telnet + hostname or IP + port number
telnet srv01 21
You may or may not get a response back from the remote server. In this case with filezilla I do. You could also just get a blank screen on a successful connection.
If it doesn’t get a connection you should get a message like below.
That is all I use the telnet client for. For complete command syntax view Microsoft’s telnet documentation.
The set command displays environment variable information.
I don’t use this command that often but still is useful to check a user’s logon server or quickly look at the environment variables.
One little trick with this command is you can type the command followed by string and it will only display those results. For example, if I want to find everything that starts with path I would use this command
Now it just displays everything that starts with “path”.
There you go the top 15 windows commands that I still use on a regular basis. All of these commands can be used in PowerShell or the old (and dead) Windows CMD. These commands are great no matter where you are at in your IT career. I’ve used some of these commands since I started as a helpdesk tech and still use them as a sysadmin/network engineer.
Got any commands you still use? Please share them in the comment section below.