15 Windows Commands That Are Still Awesome

In this post, I’m going to show you 15 Windows commands that are still great for troubleshooting and gathering system configuration details.

In fact:

Most of these commands are far superior to any PowerShell command.

I’ll show you examples of each command and explain what they are used for.

Check it out.

1. ping

The ping command tests network connectivity between two devices by sending ICMP echo requests. For example, computer A tests if it has connectivity to computer B by sending some packets back and forth.

The ping command is still one of my favorite tools for testing basic network connectivity. It’s fast and very easy to use. In addition, I use it for the following:

  • Test for packet loss
  • Test latency
  • Test DNS queries
  • Test connectivity with configuring new connections (can my router talk to the next hop such as the ISPs router?)

Ping Example

To test the connectivity to another device by IP or hostname use the command below

ping 192.168.100.10

or by hostname

ping dc1.ad.activedirectorypro.com

For most windows commands you can type the command followed by /? to view the help info, it will display the full syntax and parameters. So to view the help for ping use this command:

ping /?

More Ping Examples

-l switch specifies a packet size

ping -l 2024 192.168.5.1

-a switch will do a reverse name resolution on the IP (PTR record lookup)

ping -a 142.250.177.46

-t switch will do a continuous ping. A very popular command for testing network connectivity.

ping -a 192.168.5.1

Send any command output to a text file

ping -t > c:\it\test-ping.txt

Here is the ping command ran from PowerShell. It’s the exact same syntax as using CMD.

For more details on the ping command see Microsoft’s ping documentation.

2. ipconfig

ipconfig is used to display system TCP/IP configuration. You can display the IP info for a single or all network cards installed on a computer.

But.. Wait there is more!

This command can also display the DNS cache on the local machine, flush DNS, release and renew the DHCP address on all network cards.

ipconfig command example

To view the IP configuration for all network cards on a computer type the command below and press enter

ipconfig /all

Here are some additional parameters that I find useful. Remember you can type ipconfig /? to view the entire command syntax and list of parameters.

More ipconfig examples

/all switch to display IP info for all network cards

ipconfig /all

/flushdns switch to clear the local DNS resolver cache

ipconfig /flushdns

/registerdns to trigger dynamic registration of the DNS names and IP addresses that are configured on the computer

ipconfig /registerdns

/release to release DHCP addresses. Will release DCHP address on the network cards that are configured for DHCP.

ipconfig /release

/renew switch will renew DHCP address for all network cards

ipconfig /renew

/displaydns switch will display the DNS client cache.

ipconfig /displaydns


3. nslookup

The nslookup command is used to check DNS records and troubleshoot DNS. This is a must-have command for any sysadmin or network engineer. You can do all kinds of tests to verify DNS is working correctly, you can check PTR, A, MX, SOA, and many other types of DNS records. It’s another one of my favorite windows commands for network troubleshooting.

Nslookup command example

To test that the A record of a hostname follow these two steps

Step 1: Type nslookup and press enter

Step 2: type in a domain name and press enter

More nslookup examples

I wrote a complete how to guide on nslookup with lots of examples check it out here -> How to use Nslookup to check DNS records.

4. tracert

The tracert command is used to track the pathway a packet takes from a source IP to the destination address. This simply means it’s going to display each hop (router) that the packet passes through to reach its destination.

This command I don’t use very often but still comes in handy when troubleshooting the network. For example, we had some speed issues with a website from our ISP, on a different ISP we had no issues. The ISP had us run a traceroute so they could see the path it took.

Tracert example

The syntax for this command is tracert followed by the hostname or IP.

tracert google.com

This command has very few options. The only command line switch on this one that I find useful is the -d which is used to not resolve the address to hostname.

5. shutdown

The shutdown command does exactly that, it shuts down a computer. This command is useful for shutting down or restarting local or remote computers. It also provides a quick way to see all the logs for why a computer restarted or was shut down.

shutdown examples

This command will restart computer pc2

shutdown /r /m \\pc2

This command will shut down the remote computer

shutdown /s /m \\pc2

View previous shutdown/restart logs

shutdown /d

Here is an example output for the shutdown /d command. This can be useful to quickly check why a computer restarted or shutdown.

More shutdown examples

Some of these use multiple switches, refer to the help file shutdown /? for an explanation of each command switch.

Log user off of a remote computer

shutdown /l /m \\pc2

Restart a remote computer with no countdown

shutdown /r /m \\pc2 /t 0

Shutdown local computer and specify time period before shutdown in seconds

shutdown /s /t 60

Shutdown a remote computer with a custom message

shutdown /m \\pc2 /c "Rebooting computer, have a nice day"

Abort a system shutdown

shutdown /a

Force applications to close without warning

shutdown /s /f


6. gpupdate

The gpupdate command is used to apply group policies on a computer in a windows domain. This is a very popular command, I see a lot of helpdesk techs that use it. Sometimes you can run this command to refresh the GPOs and avoid a reboot but that doesn’t always work.

gpupdate command examples

This command will pull down any GPO changes to the computer

gpupdate

Use this option to reapply all the GPOs on the computer.

gpupdate /force

7. netstat

This is such an awesome command.

The netstat command displays TCP/IP connection information, ethernet stats, and the computer’s routing table. As a sysadmin I use this command on Windows servers and clients when troubleshooting connection issues. I can verify application servers are working correctly by checking that the service is running and listening for connections on the port.

netstat command examples

Display all active and listening ports

netstat -a

Display all connections in numerical order

netstat -a -n

Here is the output of the above command. You can see how you can verify server and client connectivity. It shows that my domain controller with IP 192.168.100.10 has established these four connections with IP 192.168.100.11.

More netstat examples

Displays the executable that is used to create the connection

netstat -ab

Displays ethernet statistics. This is a quick way to check for network card errors and discards

netstat -e

Displays the exe and the process ID (PID) associated with the connection.

netstat -abo

Displays the computers local routing table

netstat -r

Displays FQDN with the connection info.

netstat -af


8. dcdiag

If you are the administrator of Active Directory then you must know this command. This command will analyze the state of your domain controllers, it has over 30 built in tests. You should be running this command at regular intervals to ensure your domain environment is healthy.

dcdiag examples

To run dcdiag on a specific domain controller use this command


dcdiag /s:DC1

This command is so great I had to write a separate article on it. Check out the article below.

Dcdiag: How to Check Domain Controller Health

9. net stop and net start

Simple command to start and stop windows services

Examples

In this example, I will stop and start the printer spooler service

net stop spooler

and now start the spooler service

net start spooler

That is it for this command, there are no additional parameters.

10. systeminfo

The systeminfo command displays configuration details on a computer such as OS name and version, hardware information, boot time, logon server, and more.

There are a lot of details this command displays, I typically use it to check last boot time, logon server, and OS version.

You can run this command on remote computers with the /s parameter

system info /s pc1

11. getmac

This command returns the MAC address from all the network cards on a system. When troubleshooting a client connection issue I will often need the computer’s MAC address so I can verify I see it connected on the switch. This command is the best way to quickly grab a computer’s MAC address.

To run it on a local computer just type getmac.

To run on a remote computer use the /s parameter

getmac /s pc1

12. gpresult

The gpresult command reports on what group policies and settings are applied to a user or computer.

This is another must know command if you work with Active Directory servers.

To display all applied GPOs run this command. Note: You need to run the command prompt in administrator mode or it will not generate a full report.

gpresult /r

The above command will give a report for both user and computer applied GPOs.

and the computer settings

More GPResult examples

Display GPOs applied to the user

gpresult /r /scope:user

Display GPOs applied to the computer

gpresult /r /scope:computer

Display GPOs for a remote computer

gpresult /s pcname

Generate an HTML report

gpresult /h c:\report.html

Send command output to a text file

gpresult /r > c:\result.txt


13. whoami

This command displays who is currently logged on to the local system. It also can display what groups a user belongs to. Use this command to display the logged on users group membership.

whoami /groups

Pretty cool right?

More whoami commands

Display the user name in UPN format

whoami /upn

Displays current domain, username and users SID

whoami /user

Displays all information for the current user

whoami /all


14. telnet client

I use the windows telnet client to test if a remote host is allowing connection on a specific port. I typically use this when someone says your firewall is blocking a program from working.

If you know the port number the application runs on you can use the command below. In this example, I installed filezilla server so port 21 should be open.

The syntax is telnet + hostname or IP + port number

telnet srv01 21

You may or may not get a response back from the remote server. In this case with filezilla I do. You could also just get a blank screen on a successful connection.

If it doesn’t get a connection you should get a message like below.

That is all I use the telnet client for. For complete command syntax view Microsoft’s telnet documentation.

15. set

The set command displays environment variable information.

I don’t use this command that often but still is useful to check a user’s logon server or quickly look at the environment variables.

One little trick with this command is you can type the command followed by string and it will only display those results. For example, if I want to find everything that starts with path I would use this command

set path

Now it just displays everything that starts with “path”.

Summary

There you go the top 15 windows commands that I still use on a regular basis. All of these commands can be used in PowerShell or the old (and dead) Windows CMD. These commands are great no matter where you are at in your IT career. I’ve used some of these commands since I started as a helpdesk tech and still use them as a sysadmin/network engineer.

Got any commands you still use? Please share them in the comment section below.

Recommended Tool: SolarWinds Server & Application Monitor

This utility was designed to Monitor Active Directory and other critical services like Azure, DNS, and DHCP. It will quickly spot domain controller issues, replication, performance issues with cloud services, failed logon attempts, and much more.

What I like best about this tool is its easy to use interface and instant alerting features.

Leave a Comment