Legend

Windows Key = (generally located at the bottom of the keyboard)
R = lowercase “r”
+ = hold down keys/buttons at the same time
cmd = Command Line
NIC = Network Interface Card (where the Ethernet cable plugs into)

Opening Command Line in Windows (XP/Vista/7/8/8.1/10)

Press + R to open “Run”
Type “cmd” into the Run box. Press enter.
To run administratively press ctrl + shift + enter (not valid on Win8-10)

RUN COMMANDS

Resource Monitor (useful for Win 8/8.1/10 to check cpu/memory/disk/network usage)
+ R to open “Run” Type “perfmon /res”

Task Manager (skip ctrl + alt + delete)(useful for shutting down and avoiding MS updates)(also disable/enable start up program, in Win 8-10 see cpu/memory/disk/network usage, shutdown processes)
+ R to open “Run” Type “taskmgr”

Force a Shutdown, Restart, or Log off. Also how to Abort a timed shutdown.
+ R to open “Run”
Type “shutdown -s -f -t 0” to force a shut down.
Type “shutdown -r -f -t 0” to force a restart.
Type “shutdown -l -f” to force a log off.
Type “shutdown -a” to abort a timed shutdown.
As a side note you can also use this in CMD or in batch scripting. Keep in mind that –t 0 represents –t = time and 0 = zero seconds. Time is counted in seconds which can be used for a controlled shutdown event.

Open Computer Management (groups permissions, event viewer logs, disk health, device drivers)
+ R to open “Run” Type “compmgmt.msc” This is the most useful command as it opens a plethora of options immediately. Know like the back of billy bobs hand.

Open Certificate Management
+ R to open “Run” Type “certmgr.msc” (occassoinal use)

Open Programs for modification, listing, deletion
+ R to open “Run” Type “appwiz.cpl” (prominent use)

Open Control Panel (useful on Win 8/8.1/10)
+ R to open “Run” Type “control” (prominent use)

Open Printers and Devices (useful on Win 8/8.1/10)
+ R to open “Run” Type “control printers” (prominent use)

Open System Information (add computer to domain, check stats, check Windows license, name chng)
+ R to open “Run” Type “control system” (prominent use)

Open DX Controls to verify Video Card/Drivers
+ R to open “Run” Type “dxdiag” To run 64bit type “dxdiag64”

Open System Info to see cpu/memory/check for X86 or X64 system/etc
+ R to open “Run” Type “msinfo32” (occassional use)

Open Registry Edit
+ R to open “Run” Type “regedit” (advanced prominent use)

CMD Line

How to stop a command while it’s being run because it’s taking too long
If a command below runs too long. To have it stop press CRTL + C at the same time.

How to update the GPO’s on a computer
Open cmd line and type “gpupdate /force”. Best practice is to logoff or restart.
Bonus -> Useful with PSEXEC
Bonus -> What happens if you type gpupdate /all? Are there other ways to accomplish things automatically like restart/logoff?

How to see what GPO’s are applied on a computer
Open cmd line and type “gpresult /r”. This shows the users GPO’s and the computers GPO’s.

How to use Ping command in Windows CMD line
Once cmd is open type out ping and the IP Address you are trying to reach.
Ex: ping 127.0.0.1 (this would ping your computer to check if your NIC was good)
Ex: ping 192.168.1.52 (ping a printers IP Address to determine if the network path is good)
Ex: ping google.com (this is using Domain Name Service [DNS] instead of the IP address which will also give you the IP address of whatever server Google.com is using to host it’s website)

How to use Path Ping in Windows CMD line
This command is used in command line. In cmd box type “pathping” and an IP address or domain name. This combines ping and trace route with statistics given at the end like you would get from ping. Word of warning though. The more hops there is to get to a site, like google.com, the longer it takes to get the statistics. In some case 7-9 minutes.
Ex: pathping 192.168.1.1 (to determine if there is a break in the network path to a printer for instance)
Ex: pathping google.com (to determine breaks in network path where routers and servers are concerned)

How to use Trace Route command in Windows CMD line
Used to determine if there is a break in the network at the Router/Server level. Trace Route uses “hops” with each hop being a router or server. This command is used in command line.
Ex: tracert 192.168.1.52 (to determine if there is a break in the network path to a printer for instance)
Ex: tracert google.com (to determine breaks in network path where routers and servers are concerned)

How to use NSLOOKUP command in Windows CMD line Useful to determine if DNS is having issues or for reverse lookups (gives Name or IP address depending on what you typed in. Try your computers name)
Once cmd is open type out ‘nslookup’ press enter
Type in the name of the pc OR IP addy you are looking for information on
Useful to determine if there are duplicate IP’s on the network amongst other uses
To exit nslookup type ‘exit’ and press enter

How to use Ipconfig and it’s switches in Windows CMD line
This command is used in command line. In cmd box type “ipconfig /all”. You will get a listing of all available network adapters, mac addresses, ip addresses, network gate way addresses, and subnet settings available for your machine and virtual machines.

The Windows IP Configuration section will give you some helpful information about your machine and your network. It will tell you the machines name via the Host Name section. It will tell you if you’re connected to a DNS Server, WINS Proxy server, etc.

The most important section of ipconfig /all is the Ethernet Adapter Local Area Connection. This will tell you what your PC address is (good way to see if you are connected. If you see 169.254.X.X that means you’re not on the network, a cable is unplugged, or the cable is bad), what the DHCP Server Default Gateway is (do you have one or is it not available?), do you have a DNS Server address?

How to use the Netsh command for seeing route tables
This is a really powerful command with lots of features. Two that I like to use are in the “show” options. Open CMD to use this function.

Type “netsh” press enter. For our purposes we’ll use it here to check the routing table of IPv4 addresses. Type “int ipv4” press enter. Type “show route”. This will allow you to see a variety of things including if an address has been published, IP with CIDR for subnetting and more.

Still in the nets int ipv4, type “show neighbors”. This will give you the router list and is good for checking whats active on the network, what addresses are in the vlan, etc.

To exit netsh type “bye”.

What does a 169.254.X.X Address mean?
A 169.254.X.X address is known as an APIPA address or private address. If the machine does not have an IP address provided to it, it will provide it’s own in the form of 169.254.X.X – Now, the first two octets or segments are all that is important in identifying an APIPA address. Those will never change. For instance 169.254.12.69 is an APIPA address. 192.168.1.1 or 10.10.12.60 are not. What does this all mean? It means that when you see this your machine/electronic device is not connected to the network and therefore is considered offline.

Turning on Builtin Administrator using CMD Line
Press + R to open “Run”.
Type “cmd” and press ctrl + shift + enter to run as administrator. CMD must be run as administrator for this to work.
Type “net user Administrator (put password after Administrator if you wish to have one) /active: yes” press enter.
If successful there will be a message informing you as such. Gold star!

Example: “net user Administrator P@$sw0rd! /active:yes” press enter

You can also add new users this way and set passwords for them this way. If you don’t want a password on the account then don’t put one after the account name.
Example: “net user Pokeman $Qu!rtL3 /add /active:yes” press enter

Show users (good way to see if the Builtin acct is active)
Example: “net user” press enter

Delete users
Example: “net user Pokeman /delete” press enter

How to check if a user is a local administrator on their PC and also how to add
Check on user status as administrator (MUST USE PSEXEC FOR REMOTE ADMIN ADDS, see below)
Example: “net localgroup administrators”

Elevate user to local administrator through cmd line
Example: “net localgroup administrators domainname\keyaccount /ADD”

How to check folder names on network share
Check folder names for all available shares on a server (command is net view then the server name with a folder. Could just use server name)
Example: “net view \\cetus\software”

How to use PSEXEC to gain access to a clients cmd and install instructions
To gain access to PSEXEC download the zipped folder (https://docs.microsoft.com/en-us/sysinternals/downloads/psexec). Next unzip the folder and copy it’s contents to C:\Windows\System32. Just dump them right in there do NOT copy the folder, just the contents. Now you can access them from the cmd line.
KNOWN Error: unless a certain registry key is set, PSEXEC will not work with WIN10 (tested: v1703-v1809). Consider Enter-PSSESSION in Powershell instead.

Example: “psexec \\computername cmd”

OR OR OR

Example: “psexec \\ipaddress cmd”

From PSEXEC you can run useful things like ipconfig, you can check folders, users, and even see system processes. If you are batch scripting it is possible to even cause an install to happen (depends on the program being installed). This is where you would add them as administrator to their PC.

Bonus
So what happens if the screen loses all of its icons but you have the taskmgr open? Did you know that run is available in there as well? No need for a restart, simply open the run box in taskmgr and type “explorer.exe” to reload your desktop GUI and continue on trucking. You can try this by having taskmgr open and killing the explorer.exe process. I would recommend in a virtual machine (VM) in case you have trouble. (you can always reboot if you absolutely have to or you could try remoting in from another PC using psexec and turning the explorer process back on right?…)