The Command Prompt
The Windows operating systems, it tests a great deal of concepts that carry over from the Microsoft Disk Operating System (MS-DOS). MS-DOS was never meant to be extremely user friendly. Its roots are in CP/M, which in turn has its roots in UNIX. Both of these older OSs are command line based, and so is MS-DOS. In other words, they all use long strings of commands typed in at the computer keyboard to perform operations. Some people prefer this type of interaction with the computer, including many folks with technical backgrounds. Although Windows has left the full command-line interface behind, it still contains a bit of DOS, and you get to it through the command prompt.
Although you can't tell from looking at it, the Windows command prompt is actually a Windows program that is intentionally designed to have the look and feel of a DOS command line. Because it is, despite its appearance, a Windows program, the command prompt provides all the stability and configurability you expect from Windows. You can access a command prompt by running CMD.EXE.
A number of diagnostic utilities are often run at the command prompt, and they can be broken into two categories: networking and operating system. Because knowledge of each is required, they are discussed in the order in which they appear, starting with the networking command-line tools.
Networking Command-Line Tools
The networking command-line tools you are expected to know PING, TRACERT, NETSTAT, IPCONFIG, NET, NSLOOKUP, and NBTSTAT.
The PING command is one of the most useful commands in the TCP/IP protocol. It sends a series of packets to another system, which in turn sends back a response. This utility can be extremely useful for troubleshooting problems with remote hosts. Pings are also called ICMP echo requests/replies because they use the ICMP protocol.
The PING command indicates whether the host can be reached and how long it took for the host to send a return packet. Across wide area network links, the time value will be much larger than across healthy LAN links.
As you can see, by pinging with the hostname, we found the host's IP address thanks to DNS. The time is how long in milliseconds it took to receive the response. On a LAN, you want this to be 10 milliseconds (ms) or less, but 55ms for an Internet ping isn't too bad. There are several options for the PING command, and you can see them all by typing ping /? at the command prompt. Table-2 lists some of the more useful ones.
Table-2 PING options
Option Function -t Persistent ping. Will ping the remote host until stopped by the client (by using Ctrl+C). -n count Specifies the number of echo requests to send. -l size Specifies the packet size to send. ping -4 / Use either the IPv4 or IPv6 network explicitly. ping -6
Some webmasters have configured their routers to block pings in order to avoid problems such as someone trying to eat up bandwidth with a ping of death (sending a persistent ping with a huge buffer to overwhelm the recipient). For example, if you ping www.microsoft.com, you won't get a response, even though the site is functional.
Tracert (trace route) is a command-line utility that enables you to verify the route to a remote host. Execute the command TRACERT hostname, where hostname is the computer name or IP address of the computer whose route you want to trace. Tracert returns the different IP addresses the packet was routed through to reach the final destination. The results also include the number of hops needed to reach the destination. If you execute the TRACERT command without any options, you see a help file that describes all the TRACERT switches.
This utility determines the intermediary steps involved in communicating with another IP host. It provides a road map of all the routing an IP packet takes to get from host A to host B.
Timing information from TRACERT can be useful for detecting a malfunctioning or overloaded router.
The Netstat utility is used to check out the inbound and outbound TCP/IP connections on your machine. It can also be used to view packet statistics, such as how many packets have been sent and received and the number of errors.
When used without any options, the NETSTAT command produces output, which shows all the outbound TCP/IP connections.
There are several useful command-line options for NETSTAT, as shown in Table-3.
Table-3 NETSTAT options
Option Function -a Displays all connections and listening ports. -b Displays the executable involved in creating each connection or listening port. In some cases, well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case, the executable name is in brackets, [ ], at the bottom; at the top is the component it called; and so forth until TCP/IP was reached. Note that this option can be time consuming and will fail unless you have sufficient permissions. -e Displays Ethernet statistics. This may be combined with the -s option. -f Displays fully qualified domain names (FQDNs) for foreign addresses. -n Displays addresses and port numbers in numerical form. -o Displays the owning process ID associated with each connection. -p proto Shows connections for the protocol specified by proto; proto may be any of the following: TCP, UDP, TCPv6, or UDPv6. If used with the -s option to display per-protocol statistics, proto may be IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default.
With Windows-based operating systems, you can determine the network settings on the client's network interface cards, as well as any that a DHCP server has leased to your computer, by typing the following at a command prompt: ipconfig /all.
IPCONFIG /ALL also gives you full details on the duration of your current lease. You can verify whether a DHCP client has connectivity to a DHCP server by releasing the client's IP address and then attempting to lease an IP address. You can conduct this test by typing the following sequence of commands from the DHCP client at a command prompt:
ipconfig /release ipconfig /renew
IPCONFIG is one of the first tools to use when experiencing problems accessing resources because it will show you whether an address has been issued to the machine. If the address displayed falls within the 169.254.x.x category, this means the client was unable to reach the DHCP server and has defaulted to Automatic Private IP Addressing (APIPA), which will prevent the network card from communicating outside its subnet, if not altogether. Table-4 lists useful switches for IPCONFIG.
Table-4 IPCONFIG switches
Switch Purpose /ALL Shows full configuration information /RELEASE Releases the IP address, if you are getting addresses from a Dynamic Host Configuration Protocol (DHCP) server /RELEASE6 Releases the IPv6 addresses /RENEW Obtains a new IP address from a DHCP server /RENEW6 Obtains a new IPv6 address from a DHCP server /FLUSHDNS Flushes the domain name server (DNS) name resolver cach
In the Linux world, a utility similar to ipconfig is ifconfig.
Renew an IP Address in Windows XP System
- Choose Start a Control Panel and then click the Network Connections icon. A list of the LAN or high-speed Internet connections presently known appears.
- Right-click your connection and choose Status. In the connection status box, the first tab that appears is General, and it displays information such as whether you are connected, the speed of the connection, and how long the connection has been there.
- Click the Support tab. Here, you can see whether the address is static or assigned by DHCP, the present address, the subnet mask, and the default gateway values.
- Click the Details button. This expands the information by also showing you the physical (MAC) address and lease information, among other things. Note the date and time of the Lease Obtained values. Click Close.
- Back at the Support tab, click the Repair button. This will attempt to establish or renew the connection. If the network (DHCP) is functioning properly, a notification that it finished will appear in a short time. Click the Details button again. The Lease Obtained values should reflect the current date and time.
The interface in Windows XP provides a convenient way to interact with the network components.
Renew an IP Address in Windows 7/Vista
- From the Start menu, right-click on Network to open the Network and select Properties and Sharing Center.
- In the left-hand pane, click Manage Network Connections (in Windows 7 this is Change Adapter Settings). This will open a new window displaying your network connections.
- Right-click your connection and choose Status. On the General tab of the network connection's status you will see information such as whether you are connected, the speed of the connection, and how long the connection has been active.
- Click the Details button. This expands the information by also showing you the physical (MAC) address and lease information, among other things.
- Back at the General tab, click the Diagnose button. This will diagnose any network problems and attempt to establish or renew the connection (in Windows Vista you need to click Reset the Network Adapter for Local Area Connection to release/renew the DHCP lease.) If the network (DHCP) is functioning properly, a notification that it finished will appear in a short time. If not, Windows will attempt to repair the connection.
While Windows provides this interface to troubleshoot connection problems, some administrators still prefer the reliability of a command-line interface.
Renew an IP Address from the Command Line
- Open a command prompt (choose Start a Run, and then type CMD).
- Type IPCONFIG and view the abbreviated list of information.
- Type IPCONFIG /ALL to see the full list. Notice the date and time on the lease for the IP address.
- Type IPCONFIG /RENEW followed by IPCONFIG /ALL. The date and time on the lease for the IP address should be the current date and time.
- Close the command-prompt window by typing EXIT.
Depending on the version of Windows you are using, NET can be one of the most powerful commands at your disposal. While all Windows versions include a NET command, the capabilities of it differ based on whether it is server or workstation based and the version of the operating system.
While always command line based, this tool allows you to do almost anything you want with the operating system.
Table-5 shows common NET switches
Switch Purpose NET ACCOUNTS Set account options (password age, length, etc.). NET COMPUTER Add and delete computer accounts. NET CONFIG See network-related configuration. NET CONTINUE, NET Control services. PAUSE, NET START, NET STATISTICS, and NET STOP NET FILE Close open files. NET GROUP and NET LOCALGROUP Create, delete, and change groups. NET HELP See general help. NET HELPMSG See specific message help. NET NAME See the name of the current machine and user. NET PRINT Interact with print queues and print jobs. NET SEND Send a message to user(s). NET SESSION See session statistics. NET SHARE Create a share. NET TIME Set the time to that of another computer. NET USE Connect to a share. NET USER Add, delete, and see information about a user. NET VIEW See available resources.
These commands are invaluable troubleshooting aids when you cannot get the graphical interface to display properly. You can also use them when interacting with hidden ($) and administrative shares that do not appear within the graphical interface.
The NET command used with the SHARE parameter enables you to create shares from the command prompt, using this syntax:
NET SHARE <share_name>=<drive_letter>:<path>
To share the C:\EVAN directory as SALES, you would use the following command:
NET SHARE SALES=C:\EVAN
You can use other parameters with NET SHARE to set other options. Table-6 summarizes the most commonly used parameters.
Table-6 NET SHARE parameters
Parameter Purpose /DELETE Stop sharing a folder. /REMARK Add a comment for browsers. /UNLIMITED Set the user limit to Maximum Allowed. /USERS Set a specific user limit.
The NET /? command is basically a catch-all help request. It will instruct you to use the NET command you are interested in for more information.
Nslookup is a command-line utility that enables you to verify entries on a DNS server. You can use the NSLOOKUP command in two modes: interactive and noninteractive. In interactive mode, you start a session with the DNS server in which you can make several requests. In noninteractive mode, you specify a command that makes a single query of the DNS server. If you want to make another query, you must type another noninteractive command.
One of the key things that must take place to effectively use TCP/IP is that a hostname must resolve to an IP address-an action usually performed by a DNS server.
Nbtstat is a command-line utility that shows NetBIOS over TCP/IP information. While not used as often as other entries in this category, it can be useful when trying to diagnose a problem with NetBIOS name resolution. The /? parameter can be used to see the available switches.
OS Command-Line Tools
The OS command-line tools you are expected to know TASKKILL, BOOTREC, SHUTDOWN, TASKLIST, MD, RD, CD, DEL, FDISK, FORMAT, COPY, XCOPY, ROBOCOPY, DISKPART, SFC, CHKDSK, and /?. They are discussed in the sections that follow.
The TASKKILL.EXE utility is used to terminate processes. Those processes can be identified by either name or process ID number (PID). The process can exist on the machine where the administrator is sitting (the default) or on another machine, in which case you signify the other system by using the /S switch.
The /IM name is used to specify an (image) name of a process to kill and can include the wildcard (*) characters. If the process ID number is used in place of the name, then the /PID switch is needed. The processes in question are the same which can be killed through the Task Manager. There are two signals that can be sent: the default is SIGTERM (a gentle kill, related to code 15) and the /F switch issues a SIGKILL (a terminate at all cost kill, related to code 9).
The BOOTREC.EXE utility can be run in Windows 7 or Windows Vista to interact with the Master Boot Record (MBR), boot sector, or Boot Configuration Data (BCD) store. It cannot be used with Windows XP because it uses a different boot structure.
To run the tool, you must boot from the installation disk, choose the Repair Your Computer option and enter the Recovery Console. Choose Command Prompt from System Recovery Options and then type bootrec.exe.
The options for BOOTREC are /Fixboot (to write a new boot sector), /Fixmbr (to write a new MBR), /RebuildBCD (to rebuild the BCD store), and /ScanOS (to scan all disks for installations the Boot Manager menu is not listing).
The SHUTDOWN.EXE utility can be used to schedule a shutdown (complete or a restart) locally or remotely. A variety of reasons can be specified and announced to users for the shutdown.
The TASKLIST.EXE utility is used at the command line to see a list of all the running processes (and their process ID number), similar to what you see in the GUI by using Task Manager. By default, it shows the processes on the current machine, but the /S switch can be used to see the processes on a remote machine. /SVC will show the services hosted in each process and you can use /U if you need to run the command as another user (/P allows you to specify a password associated with that user).
The CD, MD, and RD commands are used to change (or display), make, and remove directories, respectively. They're shorthand versions of the CHDIR, MKDIR, and RMDIR commands. Table-7 lists their usage and switches.
Table-7 CD/MD/RD usage and switches
Command Purpose CD [path] Changes to the specified directory. CD /D [drive:][path] Changes to the specified directory on the drive. CD .. Changes to the directory that is up one level. CD\ Changes to the root directory of the drive. MD [drive:][path] Makes a directory in the specified path. If you don't specify a path, the directory will be created in your current directory. RD [drive:][path] Removes (deletes) the specified directory. RD /S [drive:][path] Removes all directories and files in the specified directory, including the specified directory itself. RD /Q [drive:][path] Quiet mode. You won't be asked whether you're sure you want to delete the specified directory when you use /S.
Command-Line Directory Management
- Open a command prompt. To do this, click Start a Run, type CMD in the Open field, and click OK.
- Change to the root of your C: drive by typing CD /D C:\ and pressing Enter. (Note: If you are already in C:, all you have to do is type CD\ and press Enter.)
- Create a directory called C14 by typing MD C14 and pressing Enter.
- Change to the C14 directory by typing CD C14 and pressing Enter.
- Create several layers of subdirectories at once. Type MD A1\B2\C3\D4 and press Enter.
Notice that these commands created each of the directories you specified. You now have a directory structure that looks like this: C:\C14\A1\B2\C3\D4.
- Change back to your root directory by typing CD\.
- Attempt to delete the C14 directory by typing RD C14 and pressing Enter.
Windows won't let you delete the directory because the directory is not empty. This is a safety measure. Now let's really delete it.
- Delete the C14 directory and all subdirectories by typing RD /S C14 and pressing Enter. You will be asked whether you're sure you want to delete the directory. If you are, type y and press Enter. To close the command prompt window, type EXIT.
Note that if you had used the /Q option in addition to /S, your system wouldn't have asked whether you were sure; it would have just deleted the directories.
The DEL command is used to delete files and directories at the command line. Wildcards can be used with it and ERASE performs the same operations.
The FDISK command used to be included with earlier operating systems to make disk partitioning possible. This command does not exist in Windows 7, Vista, or XP, having been replaced with DISKPART. CompTIA lists it as a command to know, and you should know that it is not included with the current versions of Windows.
The FORMAT command is used to wipe data off disks and prepare them for new use. Before a hard disk can be formatted, it must have partitions created on it. (Partitioning was done in the DOS days with the FDISK command, but that command does not exist in Windows 7, Vista, or XP, having been replaced with DISKPART.) The syntax for FORMAT is as follows:
FORMAT [volume] [switches]
The volume parameter describes the drive letter (for example, D:), mount point, or volume name. Table-8 lists some common FORMAT switches.
Table-8 FORMAT switches
Switch Purpose /FS:[filesystem] Specifies the type of file system to use (FAT, FAT32, or NTFS). /V:[label] Specifies the new volume label. /Q Executes a quick format.
There are other options as well to specify allocation sizes, the number of sectors per track, and the number of tracks per disk size. However, we don't recommend that you use these unless you have a very specific need. The defaults are just fine.
So, if you wanted to format your D: drive as NTFS, with a name of HDD2, you would type the following:
FORMAT D: /FS:NTFS /V:HDD2
Before you format any drive, be sure you have it backed up or are prepared to lose whatever is on it!
The COPY command does what it says: It makes a copy of a file in a second location. (To copy a file and then remove it from its original location, use the MOVE command.) Here's the syntax for COPY:
COPY [filename] [destination]
It's pretty straightforward. There are several switches for COPY, but in practice they are rarely used. The three most used ones are /A, which indicates an ASCII text file; /V, which verifies that the files are written correctly after the copy; and /Y, which suppresses the prompt asking whether you're sure you want to overwrite files if they exist in the destination directory.
The COPY command cannot be used to copy directories. Use XCOPY for that function.
One useful tip is to use wildcards. For example, in DOS (or at the command prompt), the asterisk (*) is a wildcard that means everything. So you could type COPY *.EXE to copy all files that have an .EXE filename extension, or you could type COPY *.* to copy all files in your current directory.
If you are comfortable with the COPY command, learning XCOPY shouldn't pose too many problems. It's basically an extension of COPY with one notable exception-it's designed to copy directories as well as files. The syntax is as follows:
XCOPY [source] [destination][switches]
There are 26 XCOPY switches; some of the more commonly used ones are listed in Table-9.
Table-9 XCOPY switches
Switch Purpose /A Copies only files that have the Archive attribute set and does not clear the attribute. (Useful for making a quick backup of files while not disrupting a normal backup routine.) /E Copies directories and subdirectories, including empty directories. /F Displays full source and destination filenames when copying. /G Allows copying of encrypted files to a destination that does not support encryption. /H Copies hidden and system files as well. /K Copies attributes. (By default, XCOPY resets the Read-Only attribute.) /O Copies file ownership and ACL information (NTFS permissions). /R Overwrites read-only files. /S Copies directories and subdirectories but not empty directories. /U Copies only files that already exist in the destination. /V Verifies the size of each new file.
Perhaps the most important switch is /O. If you use XCOPY to copy files from one location to another, the file system creates a new version of the file in the new location without changing the old file. In NTFS, when a new file is created, it inherits permissions from its new parent directory. This could cause problems if you copy files. (Users who didn't have access to the file before might have access now.) If you want to retain the original permissions, use XCOPY /O.
The ROBOCOPY utility (Robust File Copy for Windows) is included with Windows 7 and has the big advantage of being able to accept a plethora of specifications and keep NTFS permissions intact in its operations. The /MIR switch, for example, can be used to mirror a complete directory tree.
An excellent TechNet article on how to use Robocopy can be found at the following location:
The DISKPART utility shows the partitions and lets you manage them on the computer's hard drives.
The System File Checker (SFC) is a command-line-based utility that checks and verifies the versions of system files on your computer. If system files are corrupted, the SFC will replace the corrupted files with correct versions.
The syntax for the SFC command is as follows:
Table-10 lists the switches available for SFC.
Table-10 SFC switches
Switch Purpose /CACHESIZE=X Sets the Windows File Protection cache size, in megabytes. /PURGECACHE Purges the Windows File Protection cache and scans all protected system files immediately. /REVERT Reverts SFC to its default operation. /SCANFILE Scans a file that you specify and fixes problems if they are (Windows 7 found. and Vista only) /SCANNOW Immediately scans all protected system files. /SCANONCE Scans all protected system files once. /SCANBOOT Scans all protected system files every time the computer is rebooted. /VERIFYONLY Scans protected system files and does not make any repairs or changes. /VERIFYFILE Identifies the integrity of the file specified, and does make any repairs or changes. /OFFBOOTDIR Does a repair of an offline boot directory. /OFFFWINDIR Does a repair of an offline windows directory.
To run the SFC, you must be logged in as an administrator or have administrative privileges. If the System File Checker in Windows XP discovers a corrupted system file, it will automatically overwrite the file by using a copy held in the %systemroot%\system32\ dllcache directory. If you believe that the dllcache directory is corrupted, you can use SFC /SCANNOW, SFC /SCANONCE, SFC /SCANBOOT, or SFC /PURGECACHE to repair its contents. Both Windows Vista and Windows 7 store the files in c:\windows\winsxs\Backup (where they are now protected by the system and only TrustedInstaller is allowed direct access to them-the cache is not rebuildable).
The C:\WINDOWS\SYSTEM32 directory is where many of the Windows system files reside.
If you attempt to run SFC from a standard command prompt in Windows Vista, for example, you will be told that you must be an administrator running a console session in order to continue. Rather than opening a standard command prompt, choose Start a All Programs a Accessories, then right-click Command Prompt and choose Run as administrator. The UAC will prompt you to continue, and then you can run SFC without a problem.
You can use the Windows Chkdsk utility to create and display status reports for the hard disk. Chkdsk can also correct file system problems (such as cross-linked files) and scan for and attempt to repair disk errors. You can manually start Chkdsk by right-clicking the problem disk and selecting Properties. This will bring up the Properties dialog box for that disk, which shows the current status of the selected disk drive.
By clicking the Tools tab at the top of the dialog box and then clicking the Check Now button in the Error-Checking section, you can start Chkdsk.
Running Chkdsk within Windows
- Open Windows Explorer by holding down the Windows key and pressing E.
- Right-click C: and choose Properties.
- Click the Tools tab and then click the Check Now button.
- Choose your options: You can automatically fix file system errors and/or scan for and attempt recovery of bad sectors.
- After you have selected your options, click Start.
Running Chkdsk at the Command Line
- Open a command prompt by clicking the Start button and typing CMD in the Start Search box of 7/Vista or in the Run box on XP.
- Type CHKDSK /f and press Enter. The system will now scan for, and fix, file system errors.
The HELP command does what it says: it gives you help. Actually, if you just type HELP and press Enter, your computer gives you a list of system commands you can type. To get more information, type the name of a command you want to know about after typing HELP. For example, type HELP RD and press Enter and you will get information about the RD command. You can also get the same help information by typing /? after the command.
The /? switch is slightly faster and provides more information than the HELP command. The HELP command provides information for only system commands (it does not include network commands). For example, if you type HELP IPCONFIG at a command prompt, you get no useful information (except to try /?); however, typing IPCONFIG /? provides the help file for the IPCONFIG command.