Setup Persistent Aliases & Macros in Windows Command Prompt (cmd.exe) using DOSKey
Configuring the Command Prompt (aka the command line interface- CLI)
Quickedit mode mode is damn handy for cutting and pasting in the command prompt too...check this
Boost Your Productivity with QuickEdit Mode in the Windows Command Prompt and make sure insert mode is selected or ticked too!!
To configure the command prompt
Displaying Text to Screen
Technet-Echo Command
Wikipedia-Echo
Using the ECHO command you can display the value contained in a system variable...remember to use the % symbol at the beginning and end of the variable as in the the above screen shot
Command shell overview (Windows XP) still pertinent for Windows 7 and describes using environment variables with cmd.exe. The link also describes setting and deleting your own variables too...so follow that link..!!!
A-Z List of Commands
Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista..May change from system to system depending on what apps, Service Packs and Resource Kits are installed.
You will need Wildcards Nothing to do with Wild Bill Hickok or what Mafia Boss was taken out while holding an Ace of Spades...these guys are useful when trying to find....STUFF...
Command Prompt: frequently asked questions
How to Read Windows Command Line Syntax
The Command shell has a help file that will list all the ommands in the OS. Just type
help
and a crriage return and the commands will be listed, you can get help with a specific command by typing
command /?
so see what you get when you type
ipconfig /? so command = ipconfig
I've seen some literature that uses the
command -?
format, but I cannot ever remember using it!! Well, for calling on a command's help file I mean. You can also try the Win7 Help and Support util, just use the search option from the start bar and start typing Help and Support...the search results will start appearing as you type what you are searching on. In fact, it's pretty consistent in the books I have read on Win7, that it is actually easier and quicker to use search to find something than go through the menus so keep that in mind.
Folders V Directories
As the Windows environment developed directories were represented with folders.
Before windows when computers used command line shells Directories were Directories. Notice the <DIR> this is usually followed by the directory name and check out the "Directory of" section
The command prompt shows the current path when it's launched, this is effectively the first place it looks for a command when you type a command in. Such as Notepad...so if you want to launch a file in notepad type
notepad filename.txt
the system will look in the current directory for the notepad app and the file...Windows uses a special system variable called a PATH. Here you can add lists of directories/folders for windows to search for applications and files. Just type PATH in the command prompt to see what your PC path is set to.
Useful, notepad is in the C:\Windows folder, so the command prompt finds it on the path statement, configured as Windows and applications are installed.
A path can be added to the file name,
notepad C:\folder1\durecrory2filename.txt
PC will search the local directory for the notepad app, if it's not there search the PATH variable containing lists of searchable folders to use, finds notepad in C:\windows....launches the app....now goes to C:\folder1\durecrory2filename.txt so you can edit the file
Two ways of using PATH command, notice the different output
Here is a cool trick to save typing in long directories paths.
Open explorer and open a command prompt
Use explorer and browse to a folder
Click and hold the folder in the left pane of explorer
Drag the folder onto the command prompt window
Click in the command prompt window
Press Home key or use the left arrow button to go to the beginning of the line and type CD and a space (Ihit the space bar once)
Press enter
Creating and Deleting Folders
RMDIR old scFile extensions tell operating systems what app to launch to open a filehool
Command Line Redirection
You can manipulate the screen output and save the text to files, check this link...
And you can redirect output to the windows clipboard so you can cut n paste to windows apps
So, to finish a command prompt session use EXIT take note of the switches which will be useful for scripts.
File Extensions and Associations
File extensions tell operating systems what application to open when a file is double clicked.
So if you have a file with a . docx extension the OS knows to launch Microsoft Word and open the file you just double clicked.
Most files have extensions (.txt,.docx, just to give a couple of examples) there are some files that do not have extensions such as the HOSTS file which is used for name resolution for system human friendly names to IP Addresses.
The file extension is mapped to a file type. The extension is not directly mapped to the application, instead it is mapped to the file type.
The file type is mapped to an application. The application can open the file.
Stage 1 Stage 2
File Extension ->File Type->Application
Command line commands for file associations are...
Assoc view and edit file extension association
If you run an Administrator level Command Prompt, you can use the Assoc command. To get all file extension associations and a list that rolls off the screen just type
assoc
see the above link for the Technet manual on the Assoc command.
Ftype view and edit the association between file type and application path and application name that will launch to open a particular file type. The application is IDd with a command string that includes the full application path and application name. To modify these settings run an administrator level command prompt. Or to view just type
ftype
again the list scrolls off the screen, use output redirection to save output to text files and you can review the settings at your leisure.
see the above link for the Technet manual on the Ftype command.
An d from Windows7.....
If you look at the snip from my PC you will get the Win7 tool (Set Associations) from the breadcrumbs
And just so you see the Win7 friendly name...for Set Association, from the windows environment....again follow the bread crumbs...
and please excuse my poor touch pad mouse skills!!!
Keep in mind that the above tool does not allow the creation of new associations. It does allow you to set an association from a program to a file type. Use Assoc command to create new associations...better still don't tinker as these are usually well handled by the OS and application installer.
File Attributes
Attrib is the command used to view a list of settings that a file has configured....aka attributes.
These can also be seen in windows explorer, select any file right click and take properties from the secondary menu. I've added the window from the ADVANCED button too...
Compress and encrypt advanced attributes cannot be used with the ATTRIB command, these are configured by COMPACT & CIPHER.
Instead of me babbling on check the ATTRIB Technet manual for the use of this command and how attributes are represented in the command prompt shell.
Please note that there is a symbolic link attribute! So...check this from Technet Symbolic Linking
NOTE it only works on NTFS volumes so I don't think you can compress files and send them to someone using an Apple device...so looks like it's restricted to NTFS ONLY!!
The technet manual says it all really. Note compressed folders and files are displayed in windows explorer in Blue.
Again dependent on NTFS volumes. NTFS has an inbuilt File Encryption System aka EFS.
Anything that is encrypted is displayed in GREEN.
NOTE files/folders can only be compressed or encrypted they cannot be both. Compression and encryption are mutually exclusive!
Copying Files
Yes, it's not all about the drag and drop in a Windows 7 explorer session!
There are three commands available in the command prompt and there has been some evolution over the years too!
The most basic of the three format is
Copy sourcefilepath destinationfilepath
You can use this command to combine files, pay attention to the manual and do not mix file types as this may cause corruption.
The copy Technet manual says it all
NOTE when copying a file the permissions and compression attribute are inherited from the Directory/Folder it was copied to, the new parent Directory/Folder. The permissions and compression attribute never stay the same with the COPY command. The only time the attributes stay the same is when a file is MOVED.
NOTE the encryption attribute always wins. If it is already encrypted it stays encrypted. If the destination folder is encrypted then the data copied in to it gets encrypted.
Extends file and folder copying. Basic format is
Xcopy sourcefilepath destinationfilepath
and just look at all those options from the Xcopy Technet Manual.
First met this util years ago when NT40 needed a Resource Kit to get this command. Apparently part of the default Win7 build now. A contract I was on used robocopy when decommissioning a SAN. The managers did not like the hefty price tag that EMC had quoted for extra SAN migration utils...well...that is how it was explained to me...robocopy came to the rescue and millions of files were used to slowly migrate SANs via USB hard disks...yep you read that correctly!!
A true real life case....anyway...basic syntax should not be a surprise....
Robocopy sourcefilepath destinationfilepath
Check the /copy:<CopyFlags> section of the Robocopy technet manual.
Have a look at the logging capabilities and what to do in case there is a failure during copying. As you can see it's the Arnie schwarzenegger of copying utils.
Robocopy has output too. This can be redirected to a file and can be used for reporting on activity and failures. The type of data reported are; successful copies of files and folders and the amounts copied, how many files or folders were skipped, failures if any and copy speed. Check the Robocopy Technet Manual...a must see!!
Deleting Files
DEL is just shorthand for DELETE no surprise there eh?!
Basic syntax
Del filename
Pretty simple command really but still...check the Technet page for it, that is always a good habit to get in to..
Cabinet Files
Microsoft uses .CAB files to lump and compress files together. Used for OS and app distribution. Again I would say this is restricted to the Windows environment...not that I have tested cross platform access or anything.
expand /d <source>.cab [/f:* destinationfolder]
is the basic syntax to expand files from a source cab file to a destination folder. The /f
specifies the files to expand, the astrix * selects all files to expand. Make sure the destination folder exists before using expand and make sure you have the path correct so the util can find the correct directory.
File Ownership
This command is used so that Sys Admins can literally take ownership of a file and reset the file permissions as required by the customer or business unit. Used on NTFS volumes/drives, where file creators are set as owners, as an owner they can actually set their own permissions....when they get it wrong up steps the Sys Admin to save the day!!
Again, use an elevated Command Prompt session. General syntax is
Takeown /f filename
So if a system has been upgraded and there is a c:\windows.old folder lurking around taking up space unnecessarily then....use an elevated Command Prompt session and follow these steps
takeown /f c:\windows.old\* /r /a /d y
the files in the c:\windows.old will have permissions set to redundant security identifiers aka SID.
Those SIDs were generated by the previous windows install and installation process. The /r forces the takeown command to recurse through the directory and subdirectories hitting every folder and file. the /a the administrators group the required permissions and the /d y gives a default answer of yes to any promopts...and this can take a bit of time depending on the folder structure and size
So after waiting a day for perms to rest set to Admins full access....
to be rid of the unnecessary folder..
rd /s /q c:\windows.old\
The /s specifies all subdirectories and the /q is quiet mode so suppresses prompts.
Network Drives
So, you have a network with file servers and colleagues that have the correct access level to set network folder access....what can go wrong???
Well you need two bits of info....the Server or remote PC and the network folder path
So you should be able to browse to a share by using the UNC path which includes both these bits of information...you can use the windows browser or internet explorer to do this
\\RemoteComputer\topfolder\secondfolder\thirdfolder
So the two
\\
define the remote computer it does not matter if it is a file server or someone's PC.
Each
\
Separates out the next directory level and effectively browses to the resource you have access to....now save it as a favourite and it's available anytime.
Now you can map that resource to a pretend drive by using
And the network resource will be treated like a local hard disk
You can use any drive letter you like except one that is use. That will cause a resource clash and the command will fail. Just check out your Computer from the start bar that should list the current drive letters used so you can pick a free one.
General syntax of the command
Net Use f: (f:= drive letter it will use) \\RemoteComputer\foldername
Remember as well that you can browse a server or PC by typing
\\RemoteCompter
In a Windows or internet browser, and you should see the shares that the computer is hosting. You'll need the right access level to get in there though.
Hard Disks
Again from the Command Prompt Shell, also needs elevated permissions for the shell session, command syntax
Diskpart
The command prompt will change to show
diskpart>
Checkout the DiskPart Commands Technet Manual to see all the things you can do with it.
Notice at the bottom of the Technet Manual page there is a link to some Powershell commands that are relevant to disk management.
Creating Bootable OS Install CD/DVD
Virtual Hard Disk (VHD)
VHDs allow you to run another instance of the Win7 OS.
They tend to be quite big as it is a full OS install.
They can be treated pretty much the same as any other file and can be copied to other locations and systems. Back it up if you want a baseline copy kept.
VHDs will dual boot your system, the system will see two installs so you need to know what boot option is your real install and which is your VHD.
VHDs kinda sorta give you a lab where you can test OS patches,check software comparability and generally play around...if it goes SNAFU & FUBAR overwrite it with the backup you took of the initial VHD baseline install and start from scratch.
Use an install CD and boot as if you were installing Win7
At the local settings screen press SHIFT+F10 to launch the command prompt
Launch diskpart and use the vdisk command to create and configure your virtual disk
Looks like the maximum size is 20GB, the disk will not be formatted but the install process should take care of that and the VHD will be formatted and converted to NTFS, up until that point it will be shown as unallocated space.
Anyway back to using the Win7 Boot CD to install an OS to a VHD. The process will automatically reconfigure the Boot Configuration Data Store. What is the BCD (SourceDaddy) this link explains it better tan me.
The automatic reconfiguration of the BCD will set the VHD as the first OS to boot to.
BCDEdit will need elevated privileges in a command prompt session.
bcdedit /v lets you view the current bcd store config. So goodbye boot.ini...Hello BCD Store...
Check the Windows Boot Loader section
Notice the line Device Partition = c:
path \Windows\system32\winload.exe
description Windows 7
You can see I dont have a VHD configured because I have nothing listed that points to any object that contains the string VHD such as a file extension (.vhd is used for a Virtual Hard Disk File) or device type.
Defragmenting Hard Disks
Defrag Technet Manual You probably wont have to run this command, well with a bit of luck anyway. How So? Win7 runs it automatically as a scheduled task. I've played around with my settings on the defrag scheduled task. Again the command prompt needs administrator privilege.
Excessive fragmentation can casue disk thrashing as the disk works it's kilt off trying to read files and the system performance is...well poor!!
Looks like you need to keep 15% free space per disk installed too! Microsoft recommends 20% to optimize defrag performance. The /f or force is no longer available and in previous defrag versions would force a defrag on disks with less than 15% free space.
New Technologies File System (NTFS)
Microsoft brief History just to give you an idea how long Microsoft have been developing file systems, this link provides a brief history of the company and it's product releases. So for each OS release things developed from File Allocation Table to File Allocation Table 32 and New Technologies File System (which has several versions).
Anyhow back in the day the OS install process used fat/fat32 as part of initial disk setup so it could copy over the install files. As you created partitions you could choose what file system to use. The most secure and efficient was always going to be NTFS. So how do you get a fat/fat32 partition or disk converted to NTFS? You use the CONVERT command.
basic syntax
Convert <driveletter>: /fs:ntfs
NTFS advantages/disadvantages another gotchya is that if you want to copy a 4GB file from NTFS drive to a FAT32 drive, it will fail, the only solution is to convert the FAT32 drive to NTFS.
FAT32 vs. NTFS I seem to have a vague memory that NTFS uses 4kb clusters on the disk to store data...so FAT/FAT32 will probably use different cluster sizes...I'll keep a mental note and see if I can find info on that for later updates. For now just remember that the NTFS is the most secure and disk efficient, there are also different versions of NTFS.
FSUTIL Technet Manual FSUtil is for advanced disk management for FAT and NTFS. NTFS automatically performs maintenance and if problems are discovered fixes them behind the scenes. But you can still query drives, you may have to do this to resolve a fault or do general reporting! Again, run in a command prompt with elevated privileges.
fsutil fsinfo drives lists local drives
fsutil fsinfo ntfsinfo c: provides info about the NTFS being used and it tells me that the data is actuallu stored in a cluster 4096bytes which verifies my note earlier.
Batch FileScripting
The time has come for automation!
There are several shells available in Windows, for now I'll get the ball rolling with simple or not so simple batch file scripting which uses native commands and shells. I wont bother writing anything myself I'll list a few online resources and you can take it from there. Let me reassure you though, automation takes you in to being a great sysadmin. Why? Well you can deliver quickly on boring repetitive tasks, with high accuracy and confidence that the results are predictable and of a terrific high quality which both you, your colleagues and managers can take on with confidence. Once you have learned batch scripting VBScript and Powershell are just another few languages you can use to automate and leverage commands,results and output format from. You may meet resistance because the initial script takes some time to develop and test, also for you to learn...anyway ignore the negative feedback that you are given, it will be from people who are jealous and dont want you to be successful...trust me on that one...I have lots of experience on that!
The easiest way to create a batch file is to use a text editor like notepad. It is very basic, and an internet search will soon report on free text editors that you can install, hit them with a run of your AV first though, just in case the installer has nefarious stuff hidden in there that you dont want on your system.
Scheduling Batch File scripts
So you have taught yourself batch file scripting. What else can you do with them?
Well you can Schedule them to run at a certain day or time...maybe even after a certain event happened on the system. Use the Task Scheduler GUI or from the command line.....
If using the Task Scheduler GUI the task can be exported to XML format and used in Group Policy..more on that later.
Managing Power Settings for client PCs
Client PCs also includes laptops. Servers should be left alone.
The command you need here is Powercfg. The command prompt only needs admin privilege when changing a setting, you should be able to view the power settings in a normal command prompt shell session.
from the Powercfg Technet Manual you can query, modify and analyze the power configuration settings.
How good is your memory?
And I mean on your PC!!
The util to test your memory chips is....MDSCHED
Note the util cause a reboot to run the tests.
Services
Services that are installed as part of the OS or from an application install can be manipulated and queried with the Service Controller command aka SC. I would suggest that you get used to this powerful command. I also suggest you browse tinterweb finding examples so that you get used to using it too, or use examples for your own inspiration.
Event Logs
The Windows Event Collector manages events in Win7.
From a single system you can collect events from several remote ones.
The single system that collects events is called the collector
The systems whose events are harvested are called the source
Both collector and source have to be configured, and make sure the WECSVC service is running.
Rebooting and Shutting down local/remote systems
Quite easy this one....
Control Panel From the Command Line
It is do-able probably best I let you read this link about the CONTROL command. Again tinterweb searches can maybe provide inspiration too.
How to get Windows Info
One of the commands I most often use. Gives pretty much a detail picture of what the system is you are querying and a bit of it's history too. This can be redirected to text files so you can build up a history of the system you are querying. Note that I have really done that too much, but...gives you a quick way of getting OS installed and Service Pack and patch list as well as system uptime.
Gives pretty detailed info about who is logged on including the Security Identifier(SID) of the account that is logged on, the SID of the groups the account is a member of and the privileges given.
Security Management
CmdkeyTechnet Manual User names and passwords aka credentials are stored in the Credential Manager Vault. So if you are regularily logging on to web apps and site this is where the credentials are stored for auto logon. Credentials are stored in special folders called VAULTS. You have the Credential Manager GUI too to manage the vaults as well as CMDkey...up to you which one to use I guess.
Windows Update Standalone Installer
Application Installs
MSIexec Technet Manual Windows installer command line tool. Can be used to install, configure and manage apps.
Microsoft Baseline Security Adviser
A very valuable tool for auditing systems for security vulnerabilities and is a free download from Microsoft.
I think those two links will be enough to get you started with the MBSA util note that the MBSACLI is also included in the download and is ran from the CLI or command prompt.
Networking from the Command Line
I know it's all easier to do from the GUI but you may need to do some jiggery pokerry from
the command line for testing a script that reports or updates network settings on mass Could be a ton of reasons for doing this from the Command Line...so the thing you need to know is the NETSH...I used to think of this as a black art, looks like it's been revamped for Win7 and Server 2008...so where to start?...let me put a few links in...
.WindowsNetworking.com good place to search for articles specifically for networking, and check out their free tools in the tool section, just had a look and some pretty cool looking utils in there.
Trouble Shooting
Well the amount of times you try and do remote support and the first thing you need to know is a hostname...how do you go about getting it then?
Check System file integrity
Yep, sometimes you get your doubts that the OS installed is actually OK. Check these files with SFC
Needs an elevated prompt. You may need the Win7 install DVD if debugging malware, especially if the malware has rewritten core files and they need replaced.
Digital Signatures
This is an alternative from Sysinternals
Lets not forget that it could be handy to see what drivers are installed use...
View and kill processes
Used this a lot, the /m switch is damn handy and can provide useful info on DLLs.
just using the tasklist without any switches to get an idea of what is running..notice the headings. Image Name = Running application, PID = Process ID, Mem Usage = Memory used, probably the first three I look at before using Session Name and Session# = Session Number.
|Just a little example of the /m switch to list the modules used by a process
check out the Tasklist Technet Manual for some deep filtering to create specific queries using tasklist, and search tinterweb for examples that may inspire too.
Taskkill Technet Manual used to end processes by PID or Image name. If using PID only that PID is ended, if using Image Name and the application is open several times, then all sessions are ended. Can be used on remote systems too. Test this with several open Notepad sessions and use the image name and then the PID to see what I mean.
Networking
IPConfig should be one of your default network utils, if it's not the get using it.
IPconfig brings back a MAC Address as part of it's output but there is the getmac command too..
GETMAC Technet Manual each Network Interface Card has a unique ID provided by the Media Access Control address, aka physical address aka ethernet address. Note this can be run on remote systems and has a verbose output too see below for verbose output and notice how it gives specific info for specific installed NIC devices..
To check connectivity of devices we use the ping command
PING Technet Manual helps you quickly tell if systems are up, including networked printers and remote maintenance cards...anything with an IP can be pinged!
Basic syntax = PING hostname or PING ipaddress and if you PING 127.0.0.1 you van test the loopback on your local computer. Don't be surprised if sometimes you don't get a PING reply. Sometimes firewalls are configured to block ICMP packets which ping uses for security reasons. The util resolves IP Address to Hostnames with DNS but if a local LMHOSTS file is configured it could resolve an IP from there too.
To trace the path taken through a network tracert is the util of choice.
Basic syntax is just like ping hostname or IP can be used
Tracert hostname or Tracert ipaddress
If you are wondering why a network is slow you can use Pathping
Does a similar job to Tracert but hits each router with 100 echo requests, for testing. It can take a wee bit of time to run. Check out the Pathping manual for expansion of it's uses with switches.
Basic syntax is just like ping hostname or IP can be used
Pathping hostname or Pathping ipaddress
Name Resolution
For now the util you will need is
NSLookup Technet Manual Name Service Lookup..again keep in mind that tinternet searches can really expand your understanding of the util, keep in mind that this is also a Nix command so Unix and Linux have their own implementation of the util.
Basic syntax is again similar to ping,tracert and pathping
nslookup hostname or enter the IPaddress
So you can check if the forward lookup (nslookup hostname) matches a reverse lookup (nslookup ipaddress) if they don't match there is a potential issue!
System Recovery Tools
Boot Configuration Data Store lets the computer know how to boot up.
Keep in mind that the BOOT.INI which was used in Windows XP and older Windows OSs is not used in Win7. All of the boot configuration data is stored in...You guesed it...The BCD Store. So the boot process has changed from older OSs so to understand how it all works in Win7 check this out...The Windows 7 Boot Process (sbsl)
So..the very basics are
BIOS (Basic Input Output System)
Launches a
Power On Self Test (POST)
when the system is turned on.
The BIOS now needs to know after passing POST the Active System Partition.
The Master Boot Record IDs the Active System Partition and starts the NTFS boot code on the MBR.
The NTFS boot code accesses the Windows Boot Manager from the BCD Store.
The Windows Boot Manager IDs which Windows Boot Loader to load.
The Windows Boot Loader can be on a different partition or on the same partition.
BCDedit can be used, without switches, to display both Windows Boot Manager and Windows Boot Loader details.
If you only have one OS installed you will only see one Windows Boot Loader section, if you have a multi boot system then you will see a Windows Boot Loader for each OS install.
As you can see from the BCDedit Technet Manual there is an extensive listing of BCDedit Commands. When working with the commands a GUID is commonly used to ID things like the Windows Boot Loader. You have to remember tyhat the CMD shell does provide cut and pasting and you may have to check the properties of the CMD shell currently in use to ensure that cut and paste and Insert are all selected or ticked. Another thing to remember is the curly brackets...the GUID includes the curly brackets...
{EveryAlphaNumericCharacterHereIsPartOfTheGUID}
If trouble shooting a system that will not boot you can use the install DVD.
Break out of the install process by pressing SHIFT+F10 where you are prompted for Language,Time,Currency Format and Keyboard info. This should launch the command prompt and you can see the BCD Store with BCDedit.
Always take a backup first, that way if things go FUBAR you can recover the original.
Use the /export switch to back up and the /import switch to restore the original. The
/Copy and /Delete switches may be of use as you can copy Windows Boot Loader entries, tinker and if happy with results copy the new entries to other systems or...just get rid of the evidence by deleting the garbaged entries. To select and configure a particular entry you will have to use the /Set switch. Keep in mind what I've said about the curly brackets coz a GUID number will not work with out them.
Another way of viewing the BCD Store is with The System Configuration Tool, check this link
Less options but could prove handy?!
Recdisc
Creates a system recovery disc, just type
recdisc
in a command prompt and you get
Insert a blank CD/DVD and create the disk. You may have to tell the app what drive to use though. This will create a bootable CD/DVD with recovery tools that can be used to try and recover the OS install.
If the OS is 64-bit and recdisc is used to create a recovery disc then this will only work on 64-bit OSs. If a 32-bit OS is used to create the recovery disc then this should be ok for use on both 32/64-bit OS installs.
Follow the on screen prompts, if you get lucky the disc will fix faults automatically.
You can start an auto-repair manually.
If trouble shooting a system that will not boot you can use the install DVD.
Break out of the install process by pressing SHIFT+F10 where you are prompted for Language,Time,Currency Format and Keyboard info. This should launch the command prompt and you can the
StartRep.exe
Located in the folder of the CD/DVD drive....\Sources\Recovery
Chkdsk
has been around for ever.
Still a good util and can be run from the command line. Check the Technet link, it's faitly straight forward. It can be run from explorer too, but I'm old school. I always use it from the command prompt and I always check the switches with the /? switch to get the manual for the current OS installed just so I limit the potential for error.
Repair-BDE
Used to repair damaged bitlocker encrypted drives. Just make sure you have the correct recovery key and password.
Repair-BDE is unable to repair a drive that failed to complete the encryption process. It assumes anything presented to it is completely encrypted. So if bitlocker failed the encryption process then the data can only be restored from a non-encrypted backup of the original data.
So, only encrypt a drive after you have backed the data up....and if you are working in a domain environment you should be able to store recovery keys and passwords for Bitlocker encryption within the Active Directory Domain you are on. The Bitlocker Recovery Password Viewer for Active Directory can be used to view the passwords and keys.
Here is an old article which outlines the Bitlocker Viewer for Windows Vista.
Keep in mind it changes the Active Directory Database Schema...
Win7 Remote Management/Admin
Well, back in the day of working on a large industrial Campus a fella could get lost looking for a colleague/customer who says they are there but are not...or you just get lost in buildings...happens all the time!!!
Remote Desktop Connection
Enables you to connect a session to a remote system over a network.
It is not enabled by default but check this, oh and remember you may have to set a firewall rule too.
Microsoft Terminal Services Connection (MSTSC)
Below is a link to the technet manual for mstsc. Entered via the command prompt or from the RUN shortcut. Basically just launches a RDC terminal. Terminal Services have been rename to Remote Desktop Services in Win2k8R2. MSTSC is still the fella to use from the command line though and has not been renamed at all.
Microsoft Management Console
The MMC can manage the local and remote system as necessary using snap-ins.
Different snap-ins will have different firewall rules and the inbound rules may need configured. So if any errors like
The Remote RPC Server is unavailable.
then check the firewall on the remote system. Well you might have to go to it too!
check the below pic
Some rules that may need changed are
Snap-in Firewall Exception
Event Viewer Remote Event Log Management
Task Scheduler Remote Schedule Tasks Management
Services Remote Service Management
Disks Remote Volume Management
Other MMCs File and Print Sharing
Remoting with command shells
Winrm Quickconfig
is the command we are interested in here. Check out the above link for details of the process. You will get different messages if you are not on a domain
So you need to make sure you have taken steps to make sure all of this will work if you are on a workgroup standalone system.
Keep in mind that if you are on a domain a local admin account will fail to configure the winrm quickconfig.
Basic syntax
winrm -r:hostname command
so once the remote hostname is entered any command from the native command line can be executed on the remote system.
winrm -r:hostname ipconfig /all
could be run for example...
And the same thing from Powershell...
An alternative to standard Win7 remote management and utils is the Sysinternals Suite and its PSEXEC util.
The WMI Console
I suppose you could argue with Powershell that this is a bit old school. But it has been around for years so lets just hook up to the technet site.
Windows 7 Imaging
In Windows 7 the use of the Windows Imaging File Format (WIM) is used for OS deployment. It is a file based disk image format designed for deployment of Win7. A WIM file contains all the files needed for an OS install. The WIM file can include multiple images of OS installs. The best example of this could actually be the standard Win7 Installation disc itself. This include;
Windows 7 Starter
Windows 7 Home
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Ultimate
So, IT Pro's can now make their own discs using the deployment tools.
Deployment Image Servicing and Management uses a command line tool called DISM.EXE What is DISM?
But First you have to to cleans the system you have installed and remove all fingerprints,SIDs security keys etc etc...and the util you need here is Sysprep. Again a util that has been around for ages way way back to Winnt3.51.
The Security Identifier that gets created when Windows 7 is installed needs to be unique especially so when using an AD domain environment. Check the link Security Identifiers and this article by the magazine Windows IT Pro...What is a SID (Security ID)?
So Sysprep cleans away all uniqueness from an OS installed on a PC. Next use either WDS or ImageX to capture the image and ultimately deploy the image. Sysprep can only be run on a fresh installed Win7 PC, it will fail on an upgraded OS from say Vista->Win7...so just go for the pain and do a format and rebuild of a PC to get the image you want to deploy...back anything up that you need first.
Sysprep is GUI-fied and the GUI can be launched from...
C:\ windows\ system32\ sysprep\ sysprep
The Windows® Automated Installation Kit (AIK) for Windows® 7 ensures that you have access to the deployment tools you need. You will need to launch the Deployment Tools Command Prompt as this prompt has the path statement configured so that you can access the deployment tools without changing the system environment variables. Make sure you are using an elevated administrator level in the Deployment Tools Command Prompt.
What you get using the Deployment Tools Command Prompt...a pre-configured shell with paths set automatically launch
Imagex
DISM
There is a lot in the WAIK, stuff for developers, whitepapers, help documentation and extra tools.
There appears to be two versions of DSIM. One is in the C:\Windows\System32 folder by default but the one installed by the Deployment Tools Command Prompt is larger and makes me think there are more features (not explored that yet)
The USMT can be launched from C:\ Program Files\ Windows aik\ Docs\ chms. There are sample answer files that you can use for a baseline to start your own deployments. Check the links above for Windows System Image Manager.
Using ImageX
Choose a reference computer
Build it and configure it
Sysprep the reference computer to remove all uniqueness
Now we need to boot the reference computer without launching the OS. To do this we need the Windows Pre installation Environment so check this Walkthrough: Create a Bootable Windows PE RAM Disk on UFD check the menus on the left of this page and you'll see there is a section for making bootable CD/DVD too.
Copy over all the recommended utils to the USB drive, ImageX is one of them and this is what you are going to use to copy the sysprepped image from the reference system.
Deployment Image Service Management Tool
DISM.exe is basically used for offline image maintenance.
Offline Image maintenance just means the image is extracted from a WIM file, updated and compressed back to a WIM file aka MOUNTING a WIM file.
Online servicing is the OS is booted,maintenance carried out and then sysprepped and a new image captured.
Images can be mounted ysing the syntax
dism /mount-wim /wimfile:path /index:number /mountdir:path
Mounting an image can take a few minutes, but dism provides a dynamic status bar showing progress as it mounts the image. Figure 21-2 Mounting an Image with dism
The mounted folder can be used in windows explorer and for all intent and purposes acts just like a normal windows folder. check the mounted folder in windows explorer by selecting
c:\mountdir
folder, assuming you have used the C: drive as a mount point but any drive letter can be used. If you want to use a network share you need to have a drive mapped to that network share.
should get you through everything that is needed.
There are switches that you need to know to save the modified WIM. Checkout
DISM /?
Dism /online /Get-Drivers /?
/Get-Drivers can be used to view and manipulate drivers in an image.
Stands to reason that ther will be a /remove-driver option too
dism /online /remove-driver /?
and working with packages dism /online /get-packages /?
dism /online /get-packageinfo /?
dism /online /get-apppatchinfo /?
dism /online /get-apppatches /?
dism /online /add-package /?
dism /online /remove-package /?
Feature names must be entered using the exact case.
If the exact case is not used, the commands will fail.
In other words if you’re trying to disable all games and you use
inboxgames instead of InboxGames, the command will fail
Keep in mind that you are going to use these to query offline WIM files so have a good look at the text in the helpfiles as these will show you how to enter the WIM offline file and path.
Since we are dealing with images, apps and the patches that they need you will need to use Microsoft Internet Explorer and browse to Microsoft®Update Catalog so you can get what you need.
To get a featute....dism /online /get-features /?
dism /online /get-featureinfo /?
dism /online /enable-feature /?
dism /online /disable-feature /?
So you may have to modify an image
dism /online /get-currentedition /?
dism /online /get-targeteditions /?
dism /online /set-edition /?
dism /online /set-productkey /?
And at some point you have to save or discard changes and unmount the WIM file.....
dism /commit-wim /?
dism /unmount-wim /?
Notice the commit and discard switches for the unmount commaThethnd, so use commit to save and discard to throw changes away, it's as you see fit!!!
Windows PE
The commands used in the Windows 7 Pre-Install Environment are not part of a regular Win7 OS build.
Wpeutil Command-Line Options use this to run commands within WinPE. Check the link for further details. Remember this is ONLY available in WinPE!!!!
Drvload Command-Line Options loads drivers when booted in WinPE you can specify multiple INF files, but check this link first. If you are loading particular hard drive drivers you may need to rescan the drives before the new driver engages the new drive. So check diskpart rescan and the command line options.
Win7 Command Line Install
Setup.exe is in the root folder of the Win7 OS CD/DVD and if the disk does not automatically run then if the CD/DVD can be browsed, just type
setup.exe (remember the /?)
and that should launch the install GUI. Keep this in mind, could be useful if the media has been copied to a network share or USB drive.
Examples
Setup /unattend:FileNameAndPath
Tells the setup process to use an answer file for autoconfiguration, just specify the file name or path to a share or drive.
Setup /installfrom:PathToInstallSource
Specify a WIM file to use as the install source. The default is the SOURCES folder on the media, but you may have a specific image for a system or you may want to change the install between 32-bit and 64-bit install files?
Setup /wdsdiscover
Faitly obvious, this discovers WDS servers and reports them back.
Setup /wdsdiscover /wdsserver:wdsservername
Selects the server that the previous command reported back, when selecting a WDS server the /wdsdiscover switch is still needed.
Setup /tempdrive:driveletter
No need for the : after you have entered the drive letter. Just changes where the OS install process puts temp install files while install is being ran. Maybe important for a small capacity netbook which cannot handle the file expansion.
As previously mentioned the setup can be automated somewhat...instead of me rabbitting on about that read this Microsoft link
The Software Licensing Manager is a VBScript that helps you manage licsening. Again Microsoft has a comprehensive manual on their website, see the link below for the correct use of SLMGR.exe
Migrating User Data.
There is a database that contains computer user files and settings. This is called a Migration Store. This link should help understand the Migration Store Database.
Migration Store does not include application deployments. It does include apploication settings. So if the same apps exist on the new OS install the settings will be maintained. If the apps do not exist...well it just wont deploy them.
What you can do is...
Migrate user accounts, either by selecting accounts or taking the lot. This includes the profile for each user account.
Email files like Outlook PST files can be migrated.
Multimedia, pics,music and videos can be migrated in bulk or by individual file selection.
Then you can chose sundry folders to analyze for data to migrate.
Migration Methods
Windows Easy Transfer you can use an easy transfer cable,USB drive, any other type of external drive,or a network connection. It's quite time consuming so probably best used for homers and the odd individual task. Not really an enterprise solution is the point. Basically it's a transfer wizard. Make sure you run the same versions on the target and source systems. You'll see the download options off the link too.
Next util is the User State Migration Tool. Probably best I dont say too much but instead post the
And here is an article I had a quick look at too and thought it was quite good.
Windows XP has no upgrade path to Win7. Makes the understanding of the migration utils more important. Both in the home and enterprise environments where fresh Win7 OS installs are now enforced, due to a lack of an upgrade path from XP, so that data and settings can be retained.
The two scenarios where the migration utils will be used is a PC Refresh where the same PC that a user has will be formatted and rebuilt with a fresh Win7 OS install. The second is a PC Replacement where the users PC is swapped out for a brand new PC with a freshly built Win7 OS Install.
I think the links provide enough info to get user migration sorted....I'll leave it there as Microsoft say it better than I can.
Powershell
Powershell is the new object oriented command shell that MIcrosoft supplies as default from Win2k8. Initially it was released as part of Exchange 2007. I've been teaching myself it for ages and I dont think you can become an expert on it. The reasons for this is that anyone or any enterprise can create commands for the shell. The name Microsoft gave the commands in Powershell is Commandlets or CMDLETs....
Vendors can produce their own cmdlets from anything from server remote access cards to VMWare and other virtualization products.
My previous blog post Powershell 2.0 gives a few pointers on where to get started. Any search on the Tinterweb will provide electronic and physical media that you can buy as well as online tutorials...so go on...man up...or woman up...get out there and start learning it. Command Shells are where the real admins live for sure.
Group Policy
Group Policy is part of the native OS in a standalone Win7 build. It is also part of the Windows Server OS builds and is expanded even further with Windows Active Directory.
It is there to provide central management of client/server,user accounts, and application environments, just to name a few things that it can do.
Microsoft can say it better than I can
Command line commands you will be using pretty often in Win7 are
GPresult and GPupdate.
GPresult
any text that appears to scroll to fast on screen can be redirected to a text file so always redirect the output if you need to sit and go through the results for a while. So gpresult lets you see what has been applied to the PC.
GPupdate
You may need to manually update the Group Policy set on a PC, especially if there has been an update and it has not found it's way to the PC you are working on. So check out the GPupdate command.
And that is probably about it really from a client OS point of view...I'll update as I find things out.....Good Luck!!!
Under Construction.................
Problem Steps Recorder
Cracking util that can help in recording faults from the customer side of things and from a Support point of view be used to record a procedure that can be sent to the customer base.
Doing Labs and Exam Prep
So...you need a ton of equipment to do labs? Well I went this route....
And I bought a mini server too, to install it on
I also bought a 1TB hdd and a 16GB memory kit. The reason for this purchase is that these servers can be stacked, they have a 4 disk bay, they have iLO cards(you may need licenses, I have not looked in to that yet) and have a small footprint. I thought about the Intel Next Unit of Computing product range but I heard these may over heat or atleast get hot enough to cause some concern...but you can check them out yourself.
9 Things You Should Know About Windows 7