alexandre borges - blog

Windows Commands and Tools – Part 1

http://alexandreborges.org

ALEXANDRE BORGES - BLOG


Author: Alexandre Borges Revision: A.1 Website: http://alexandreborges.org This document is the first part of a series of articles about useful Windows commands (graphical or not) which can help you in a daily administration. Most them are self-explanatory. All commands were tested in a Windows 7 environment. Enjoy it!

Command 1: How to verify the firewall status (WinXP and Win7 – deprecated command) C:\>netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 5800 TCP Any (null) 5900 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488

Command 2: How to verify the firewall status and configuration (Win7) C:\>netsh advfirewall show allprofiles Domain Profile Settings: ----------------------------------------------------------------------

http://go.microsoft.com/fwlink/?linkid=121488



State OFF Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall .log MaxFileSize 4096 Private Profile Settings: ---------------------------------------------------------------------- State OFF Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall .log MaxFileSize 4096 Public Profile Settings: ---------------------------------------------------------------------- State OFF Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall .log MaxFileSize 4096 Ok.



Command 3: How to verify the firewall configuration (WinXP and Win7 – deprecated command) C:\>netsh firewall show config Domain profile configuration: ------------------------------------------------------------------- Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Allowed programs configuration for Domain profile: Mode Traffic direction Name / Program ------------------------------------------------------------------- Port configuration for Domain profile: Port Protocol Mode Traffic direction Name ------------------------------------------------------------------- 1900 UDP Enable Inbound Windows Live Communications Platform (SSDP) 2869 TCP Enable Inbound Windows Live Communications Platform (UPnP) ICMP configuration for Domain profile: Mode Type Description ------------------------------------------------------------------- Enable 2 Allow outbound packet too big Standard profile configuration (current): ------------------------------------------------------------------- Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Service configuration for Standard profile: Mode Customized Name ------------------------------------------------------------------- Enable No File and Printer Sharing Enable No Network Discovery Allowed programs configuration for Standard profile: Mode Traffic direction Name / Program ------------------------------------------------------------------- Enable Inbound Apache HTTP Server / C:\program files (x86)\postgresql\enterprisedb-apachephp\apache\bin\httpd.exe Disable Inbound Free Download Manager / C:\program files (x86)\free download manager\fdm.exe Enable Inbound Dropbox / C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe Enable Inbound vncviewer.exe / C:\Program Files (x86)\UltraVNC\vncviewer.exe



Enable Inbound WinSCP: SFTP, FTP and SCP client / C:\program files (x86)\winscp\winscp.exe Enable Inbound Microsoft OneNote / C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE Port configuration for Standard profile: Port Protocol Mode Traffic direction Name ------------------------------------------------------------------- 5800 TCP Enable Inbound vnc5800 5900 TCP Enable Inbound vnc5900 1900 UDP Enable Inbound Windows Live Communications Platform (SSDP) 2869 TCP Enable Inbound Windows Live Communications Platform (UPnP) ICMP configuration for Standard profile: Mode Type Description ------------------------------------------------------------------- Enable 2 Allow outbound packet too big Log configuration: ------------------------------------------------------------------- File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log Max file size = 4096 KB Dropped packets = Disable Connections = Disable IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .

Command 4: How to list the running processes C:\>tasklist Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ System Idle Process 0 Services 0 24 K System 4 Services 0 56 K smss.exe 436 Services 0 656 K csrss.exe 628 Services 0 4.048 K wininit.exe 704 Services 0 328 K csrss.exe 728 Console 1 20.552 K services.exe 772 Services 0 9.912 K (truncated output)

Command 5: How to list the running services associated with processes



C:\>tasklist /SVC Image Name PID Services ========================= ======== ============================================ System Idle Process 0 N/A System 4 N/A smss.exe 436 N/A csrss.exe 628 N/A wininit.exe 704 N/A csrss.exe 728 N/A services.exe 772 N/A lsass.exe 784 KeyIso, ProtectedStorage, SamSs lsm.exe 792 N/A svchost.exe 900 DcomLaunch, PlugPlay, Power nvvsvc.exe 976 NVSvc svchost.exe 1016 RpcEptMapper, RpcSs (truncated output)

Command 6: How to list started services C:\>net start These Windows services are started: Adobe Acrobat Update Service Application Information avast! Antivirus Background Intelligent Transfer Service Base Filtering Engine Bitvise SSH Server Bluetooth Support Service Certificate Propagation CNG Key Isolation COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager (truncated output)

Command 7: How to list network connections C:\>netstat -oban Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 13232 [BvSshServer.exe]



TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1016 RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 4728 [wmpnetwk.exe] TCP 0.0.0.0:902 0.0.0.0:0 LISTENING 3136 [vmware-authd.exe] TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 3136 (truncated output)

Command 8: How to list local shares C:\>net view 127.0.0.1 Shared resources at 127.0.0.1 Share name Type Used as Comment ------------------------------------------------------------------------------- Home_Printer Print Home_Printer Users Disk WCProWIAInbox Disk The command completed successfully.

Command 9: How to check logged users on C:\>net user User accounts for \\EXADATA ------------------------------------------------------------------------------- Administrator ALEXANDRE BORGES Guest The command completed successfully.

Command 10: How to open Local User and Group Administration GUI C:\>lusrmgr.msc



Command 11: How to open the Eventviewer C:\>eventvwr.msc

Command 12: How to get motherboard info (1) C:\>wmic baseboard list brief Manufacturer Model Name Product SerialNumber SKU Dell Inc. Base Board 08V9YG /D5965S1/CN7590022400A3/

Command 13: How to get motherboard info (2)



C:\>wmic baseboard get manufacturer Manufacturer Dell Inc.

Command 14: How to get cpu info (1) C:\>wmic cpu list brief Caption DeviceID Manufacturer MaxClockSpeed Name SocketDesignation Intel64 Family 6 Model 42 Stepping 7 CPU0 GenuineIntel 2501 Intel(R) Core(TM) i7-2920XM CPU @ 2.50GHz CPU 1

Command 15: How to get CPU info (2) C:\>wmic cpu list full AddressWidth=64 Architecture=9 Availability=3 Caption=Intel64 Family 6 Model 42 Stepping 7 ConfigManagerErrorCode= ConfigManagerUserConfig= CpuStatus=1 CreationClassName=Win32_Processor CurrentClockSpeed=1975 CurrentVoltage=0 DataWidth=64 Description=Intel64 Family 6 Model 42 Stepping 7 DeviceID=CPU0 ErrorCleared= ErrorDescription= ExtClock=100 Family=198 InstallDate= L2CacheSize=256 L2CacheSpeed= LastErrorCode= Level=6 LoadPercentage= Manufacturer=GenuineIntel MaxClockSpeed=2501 Name=Intel(R) Core(TM) i7-2920XM CPU @ 2.50GHz OtherFamilyDescription= PNPDeviceID= PowerManagementCapabilities= PowerManagementSupported=FALSE ProcessorId=BFEBFBFF000206A7 ProcessorType=3 Revision=10759



Role=CPU SocketDesignation=CPU 1 Status=OK StatusInfo=3 Stepping= SystemCreationClassName=Win32_ComputerSystem SystemName=EXADATA UniqueId= UpgradeMethod=1 Version= VoltageCaps=

Command 16: How to get CDROM info (1) C:\>wmic cdrom list status Availability Drive ErrorCleared MediaLoaded NeedsCleaning Status StatusInfo 3 D: FALSE OK 3 E: FALSE OK

Command 17: How to get CDROM info (2) C:\>wmic cdrom list brief Caption Drive Manufacturer VolumeName MATSHITA BD-RE UJ252 D: (Standard CD-ROM drives) ELBY CLONEDRIVE SCSI CdRom Device E: (Standard CD-ROM drives)

Command 18: How to get CDROM info (3)

C:\>wmic cdrom list full Availability=3 Capabilities={3,4,7} CapabilityDescriptions={"Random Access"," Supports writing"," Supports Removable Media"} CompressionMethod=Unknown ConfigManagerErrorCode=0 ConfigManagerUserConfig=FALSE DefaultBlockSize= Description=CD-ROM Drive DeviceID=IDE\CDROMMATSHITA_BD-RE_UJ252____________________1.01____\4&2A37E9BC&0&0.1.0 Drive=D: DriveIntegrity= ErrorCleared= ErrorDescription= ErrorMethodology= FileSystemFlags= FileSystemFlagsEx=



Id=D: InstallDate= LastErrorCode= Manufacturer=(Standard CD-ROM drives) MaxBlockSize= MaximumComponentLength= MaxMediaSize= MediaLoaded=FALSE MediaType=DVD Writer MfrAssignedRevisionLevel=1.01 MinBlockSize= Name=MATSHITA BD-RE UJ252 NeedsCleaning= NumberOfMediaSupported= PNPDeviceID=IDE\CDROMMATSHITA_BD-RE_UJ252____________________1.01____\4&2A37E9BC&0&0.1.0 PowerManagementCapabilities= PowerManagementSupported= RevisionLevel= SCSIBus=0 SCSILogicalUnit=0 SCSIPort=0 SCSITargetId=1 Size= Status=OK StatusInfo= SystemName=EXADATA TransferRate=-1 VolumeName= VolumeSerialNumber= (truncated output)

Command 19: How to get BootConfig Information (1) C:\>wmic bootconfig list brief BootDirectory Caption Name SettingID C:\Windows \Device\Harddisk0\Partition2 BootConfiguration

Command 20: How to get BootConfig Information (2)

C:\>wmic bootconfig list full BootDirectory=C:\Windows ConfigurationPath=C:\Windows Description=\Device\Harddisk0\Partition2 LastDrive=Q: Name=BootConfiguration ScratchDirectory=C:\Windows\system32\config\systemprofile\AppData\Local\Temp



SettingID= TempDirectory=C:\Windows\system32\config\systemprofile\AppData\Local\Temp

Command 21: How to get Device Memory information C:\>wmic devicememoryaddress list status

Command 22: How to get Drive list information (1) C:\>wmic diskdrive list brief Caption DeviceID Model Partitions Size ST9750420AS \\.\PHYSICALDRIVE0 ST9750420AS 3 750153761280

Command 23: How to get Drive list information (2) C:\>wmic diskdrive list full Availability= BytesPerSector=512 Capabilities={3,4,10}



CapabilityDescriptions={"Random Access","Supports Writing","SMART Notification"} CompressionMethod= ConfigManagerErrorCode=0 ConfigManagerUserConfig=FALSE DefaultBlockSize= Description=Disk drive DeviceID=\\.\PHYSICALDRIVE0 ErrorCleared= ErrorDescription= ErrorMethodology= Index=0 InstallDate= InterfaceType=SCSI LastErrorCode= Manufacturer=(Standard disk drives) MaxBlockSize= MaxMediaSize= MediaLoaded=TRUE MediaType=Fixed hard disk media MinBlockSize= Model=ST9750420AS Name=\\.\PHYSICALDRIVE0 NeedsCleaning= NumberOfMediaSupported= Partitions=3 PNPDeviceID=IDE\DISKST9750420AS_____________________________0002DEM1\4&2A37E9BC&0&0.0.0 PowerManagementCapabilities= PowerManagementSupported= SCSIBus=0 SCSILogicalUnit=0 SCSIPort=0 SCSITargetId=0 SectorsPerTrack=63 Signature=-1475602650 Size=750153761280 Status=OK StatusInfo= SystemName=EXADATA TotalCylinders=91201 TotalHeads=255 TotalSectors=1465144065 TotalTracks=23256255 TracksPerCylinder=255 (truncated output)

Command 24: How to get Windows Environment information C:\>wmic environment list full



Description=<SYSTEM>\ComSpec InstallDate= Name=ComSpec Status=OK SystemVariable=TRUE UserName=<SYSTEM> VariableValue=%SystemRoot%\system32\cmd.exe Description=<SYSTEM>\FP_NO_HOST_CHECK InstallDate= Name=FP_NO_HOST_CHECK Status=OK SystemVariable=TRUE UserName=<SYSTEM> VariableValue=NO Description=<SYSTEM>\OS InstallDate= Name=OS Status=OK SystemVariable=TRUE UserName=<SYSTEM> VariableValue=Windows_NT Description=<SYSTEM>\Path InstallDate= Name=Path Status=OK SystemVariable=TRUE UserName=<SYSTEM> VariableValue=C:\Python33\;%GTK_BASEPATH%\bin;C:\Ruby193\bin;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Commo n Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\ Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft Windows Performance Toolkit\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLS hared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\DLLShared\;C:\Program Fil es (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\;C:\Program Files (x86)\Roxio\OEM\AudioCore\;c:\Program Files (x86)\Microsoft SQL Server\100\To ols\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\GNU\GnuPG\ pub;C:\Program Files (x86)\Bitvise SSH Client (truncated output)



Command 25: How to get Interrupt information C:\>wmic irq list full Availability CSName Description Hardware InstallDate IRQNumber Name Shareable Status TriggerLevel TriggerType Vector 2 EXADATA IRQ 17 TRUE 17 IRQ17 OK 2 2 17 2 EXADATA IRQ 19 TRUE 19 IRQ19 OK 2 2 19 2 EXADATA IRQ 4294967294 TRUE -2 IRQ4294967294 OK 2 2 -1 2 EXADATA IRQ 4294967293 TRUE -3 IRQ4294967293 OK 2 2 -1 2 EXADATA IRQ 4294967292 TRUE -4 IRQ4294967292 OK 2 2 -1 2 EXADATA IRQ 4294967291 TRUE -5 IRQ4294967291 OK 2 2 -1 2 EXADATA IRQ 4294967290 TRUE -6 IRQ4294967290 OK 2 2 -1 2 EXADATA IRQ 4294967289 TRUE -7 IRQ4294967289 OK 2 2 -1 2 EXADATA IRQ 4294967288 TRUE -8 IRQ4294967288 OK 2 2 -1 2 EXADATA IRQ 4294967287 TRUE -9 IRQ4294967287 OK 2 2 -1 2 EXADATA IRQ 0 TRUE 0 IRQ0 OK 2 2 -1

Command 26: How to get System Service Order information C:\>wmic loadorder list full DriverEnabled GroupOrder Name Status TRUE 1 System Reserved OK TRUE 2 EMS OK TRUE 3 WdfLoadGroup OK TRUE 4 Boot Bus Extender OK TRUE 5 System Bus Extender OK TRUE 6 SCSI miniport OK TRUE 7 Port OK TRUE 8 Primary Disk OK TRUE 9 SCSI Class OK TRUE 10 SCSI CDROM Class OK TRUE 11 FSFilter Infrastructure OK TRUE 12 FSFilter System OK

Command 27: How to get Computer System Product information C:\>wmic csproduct list full Description=Computer System Product IdentifyingNumber=D5965S1 Name=Precision M4600 SKUNumber= UUID=4C4C4544-0035-3910-8036-C4C04F355331 Vendor=Dell Inc. Version=01

Command 28: How to get Memory Chip information (1)



C:\>wmic memorychip list full BankLabel=BANK 0 Capacity=4294967296 DataWidth=64 Description=Physical Memory DeviceLocator=ChannelA-DIMM0 FormFactor=12 HotSwappable= InstallDate= InterleaveDataDepth=2 InterleavePosition=1 Manufacturer=830B MemoryType=0 Model= Name=Physical Memory OtherIdentifyingInfo= PartNumber=NT4GC64B8HG0NS-DI PositionInRow=1 PoweredOn= Removable= Replaceable= SerialNumber=F0F51611 SKU= Speed=1600 Status= Tag=Physical Memory 0 TotalWidth=64 TypeDetail=128 (truncated output)

Command 29: How to get Memory Chip information (2)

C:\>wmic memorychip list brief Capacity DeviceLocator MemoryType Name Tag TotalWidth 4294967296 ChannelA-DIMM0 0 Physical Memory Physical Memory 0 64 4294967296 ChannelA-DIMM1 0 Physical Memory Physical Memory 1 64 4294967296 ChannelB-DIMM0 0 Physical Memory Physical Memory 2 64 4294967296 ChannelB-DIMM1 0 Physical Memory Physical Memory 3 64

Command 30: How to get Network Interface Controller information C:\>wmic nic list status Availability DeviceID Name Status StatusInfo 3 0 WAN Miniport (SSTP) 3 1 WAN Miniport (IKEv2)



3 2 WAN Miniport (L2TP) 3 3 WAN Miniport (PPTP) 3 4 WAN Miniport (PPPOE) 3 5 WAN Miniport (IPv6) 3 6 WAN Miniport (Network Monitor) 3 8 WAN Miniport (IP) 3 9 Bluetooth Device (Personal Area Network) 3 10 RAS Async Adapter 3 11 Microsoft 6to4 Adapter 3 12 Intel(R) 82579LM Gigabit Network Connection 3 13 Intel(R) Centrino(R) Ultimate-N 6300 AGN 3 14 VMware Virtual Ethernet Adapter for VMnet1 3 15 Microsoft ISATAP Adapter 3 16 VMware Virtual Ethernet Adapter for VMnet8 3 17 Microsoft ISATAP Adapter #3 3 18 Microsoft ISATAP Adapter #4 3 19 Microsoft ISATAP Adapter #5 3 20 Microsoft ISATAP Adapter #6 3 21 Microsoft Virtual WiFi Miniport Adapter 3 22 Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter 3 23 Microsoft ISATAP Adapter #8 3 24 Microsoft ISATAP Adapter #9 3 26 VirtualBox Bridged Networking Driver Miniport 3 29 SAMSUNG Mobile USB Remote NDIS Network Device 3 30 VirtualBox Bridged Networking Driver Miniport 3 31 VirtualBox Bridged Networking Driver Miniport 3 32 VirtualBox Bridged Networking Driver Miniport 3 33 VirtualBox Bridged Networking Driver Miniport 3 34 VirtualBox Host-Only Ethernet Adapter 3 36 Teredo Tunneling Pseudo-Interface

Command 31: How to get Network Adpater Manager information C:\>wmic nicconfig list status Description DHCPLeaseExpires Index WAN Miniport (SSTP) 0 WAN Miniport (IKEv2) 1 WAN Miniport (L2TP) 2 WAN Miniport (PPTP) 3 WAN Miniport (PPPOE) 4 WAN Miniport (IPv6) 5 WAN Miniport (Network Monitor) 6 WAN Miniport (IP) 8 Bluetooth Device (Personal Area Network) 9 RAS Async Adapter 10 Microsoft 6to4 Adapter 11 Intel(R) 82579LM Gigabit Network Connection 12 Intel(R) Centrino(R) Ultimate-N 6300 AGN 20140308021400.000000-180 13 VMware Virtual Ethernet Adapter for VMnet1 14 Microsoft ISATAP Adapter 15 VMware Virtual Ethernet Adapter for VMnet8 16 Microsoft ISATAP Adapter 17 Microsoft ISATAP Adapter 18



Microsoft ISATAP Adapter 19 Microsoft ISATAP Adapter 20 Microsoft Virtual WiFi Miniport Adapter 21 Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter 22 Microsoft ISATAP Adapter 23 Microsoft ISATAP Adapter 24 VirtualBox Bridged Networking Driver Miniport 26 SAMSUNG Mobile USB Remote NDIS Network Device 29 VirtualBox Bridged Networking Driver Miniport 30 VirtualBox Bridged Networking Driver Miniport 31 VirtualBox Bridged Networking Driver Miniport 32 VirtualBox Bridged Networking Driver Miniport 33 VirtualBox Host-Only Ethernet Adapter 34 Microsoft Teredo Tunneling Adapter 36

Command 32: How to get Operating System information (1) C:\>wmic os list brief BuildNumber Organization RegisteredUser SerialNumber SystemDirectory Version 7601 xxxxxxxxxx xxxxxxxxxxxxxx xxxxxxxxxx C:\Windows\system32 6.1.7601

Command 33: How to get Operating System information (2) C:\>wmic os list status Name Status Microsoft Windows 7 Ultimate |C:\Windows|\Device\Harddisk0\Partition3 OK

Command 34: How to get Operating System information (3) C:\>wmic os list free

Command 35: How to get Pagefile information C:\>wmic pagefile list status CurrentUsage Name Status 870 C:\pagefile.sys

Command 36: How to get Partition information (1)



C:\>wmic partition list status Index Name Status StatusInfo 0 Disk #0, Partition #0 1 Disk #0, Partition #1 2 Disk #0, Partition #2

Command 37: How to get Partition information (2) C:\>wmic partition list brief BootPartition Index Name NumberOfBlocks PrimaryPartition Size FALSE 0 Disk #0, Partition #0 80262 TRUE 41094144 TRUE 1 Disk #0, Partition #1 1540096 TRUE 788529152 FALSE 2 Disk #0, Partition #2 1463517184 TRUE 749320798208

Command 38: How to get Printer information C:\>wmic printer list status Name Status Xerox WorkCentre 6015NI-00000FAX Unknown Xerox WorkCentre 6015NI-00000 Unknown Xerox WorkCentre 6015NI Fax Unknown Xerox WorkCentre 6015NI Unknown Microsoft XPS Document Writer Unknown hp psc 1310 series Unknown Home_Printer Unknown Fax Unknown Enviar para o OneNote 2010 Unknown CutePDF Writer Unknown

Command 39: How to get Processes information (1)

C:\>wmic process list status | more Name ProcessId Status System Idle Process 0 System 4 smss.exe 432 csrss.exe 624 wininit.exe 688 csrss.exe 712 services.exe 756 lsass.exe 776 lsm.exe 784 svchost.exe 880 nvvsvc.exe 956 GbpSv.exe 980



winlogon.exe 1004 (truncated output)

Command 40: How to get Processes information (2) C:\>wmic process list brief HandleCount Name Priority ProcessId ThreadCount WorkingSetSize 0 System Idle Process 0 0 8 24576 1158 System 8 4 203 49152 37 smss.exe 11 432 2 708608 1105 csrss.exe 13 624 10 2756608 87 wininit.exe 13 688 3 405504 1074 csrss.exe 13 712 13 54697984 315 services.exe 9 756 9 8773632 1109 lsass.exe 9 776 8 10244096 220 lsm.exe 8 784 11 3227648 441 svchost.exe 8 880 12 8175616 135 nvvsvc.exe 8 956 5 3563520 261 GbpSv.exe 8 980 10 5713920 122 winlogon.exe 13 1004 3 2789376 495 svchost.exe 8 568 11 13266944 748 svchost.exe 8 780 22 35950592 806 svchost.exe 8 1048 27 254738432 1381 svchost.exe 8 1092 21 72777728 1662 svchost.exe 8 1116 44 62246912 540 svchost.exe 8 1372 17 16363520 756 vsmon.exe 8 1536 29 56446976 (truncated output)

Command 41: How to get Patch information C:\>wmic qfe list brief Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB2849697 NT AUTHORITY\SYSTEM 12/2/2013 Update KB2849696 NT AUTHORITY\SYSTEM 12/2/2013 Update KB2841134 NT AUTHORITY\SYSTEM 12/2/2013 Update KB2670838 NT AUTHORITY\SYSTEM 2/28/2013 Update KB971033 EXADATA\Administrator 7/11/2012 Security Update KB2425227 NT AUTHORITY\SYSTEM 7/13/2012 Security Update KB2479943 NT AUTHORITY\SYSTEM 7/13/2012 Update KB2484033 NT AUTHORITY\SYSTEM 7/13/2012 Update KB2488113 NT AUTHORITY\SYSTEM 7/13/2012 Security Update KB2491683 NT AUTHORITY\SYSTEM 7/13/2012 Update KB2492386 NT AUTHORITY\SYSTEM 7/13/2012 Update KB2505438 NT AUTHORITY\SYSTEM 7/17/2012 Update KB2506014 NT AUTHORITY\SYSTEM 7/13/2012



Security Update KB2506212 NT AUTHORITY\SYSTEM 7/13/2012 (truncated output)

Command 42: How to get Driver information C:\>wmic sysdriver list brief

Command 43: How to get System Account information (1) C:\>wmic sysaccount list brief



Command 44: How to get System Account information (2) C:\>wmic sysaccount list status

Command 45: How to get Recovery OS information (1) C:\>wmic recoveros list brief DebugFilePath Name SettingID %SystemRoot%\MEMORY.DMP Microsoft Windows 7 Ultimate |C:\Windows|\Device\Harddisk0\Partition3

Command 46: How to get Recovery OS information (2) C:\>wmic recoveros list full AutoReboot=TRUE DebugFilePath=%SystemRoot%\MEMORY.DMP



Description= KernelDumpOnly=FALSE Name=Microsoft Windows 7 Ultimate |C:\Windows|\Device\Harddisk0\Partition3 OverwriteExistingDebugFile=TRUE SendAdminAlert=FALSE SettingID= WriteDebugInfo=TRUE WriteToSystemLog=TRUE

Command 47: How to get Command Startup information C:\>wmic startup list brief

Command 48: How to get Physical Enclosure information C:\>wmic systemenclosure list brief LockPresent Manufacturer Model SecurityStatus SerialNumber SMBIOSAssetTag FALSE Dell Inc. 3 D5965S1

Command 49: How to get Volume information C:\>wmic volume list brief C:\>wmic volume list status



Command 50: How to get Share information C:\>wmic share list status C:\>wmic share list brief



Command 51: How to get Computer System Registry information C:\>wmic registry list status C:\>wmic registry list brief C:\>wmic registry list full

Command 52: How to get Remote Desktop Account information C:\>wmic rdaccount list brief

Command 53: How to get SCSI Controller information C:\>wmic scsicontroller list status



Command 54: How to get Windows Group information C:\>wmic group list brief

Command 55: How to get Eventlog information C:\>wmic nteventlog list brief C:\>wmic nteventlog list status

Command 56: How to get System Driver information (usual way)



C:\>driverquery

Alexandre Borges.

alexandre borges - blog

Documents