Top 10 command-line commands for managing Windows 7 desktops

Admins don't always need fancy software to manage Windows 7 desktops. Here are 10 command-line utilities that can help you handle scripting tasks.

While graphical user interfaces are great for many tasks, command-line functions can be just as powerful and vastly...

more efficient -- especially for scripting tasks.

Here are my top 10 favorite command-line commands for Windows 7. Each command is native on the operating system so you don't need special software. Administrative access may be required for some of them.

1. Checking the IP addresses on the local system

One of the most frequently used command by IT professionals is ipconfig /all, which displays the active Internet Protocol (IP) addresses, Media Access Control (MAC) address, default gateway, Dynamic Host Configuration Protocol (DHCP) status and more for each network interface on the computer.

ipconfig /all

Related commands:

  • ipconfig /release -- releases currently assigned IP addresses
  • ipconfig /renew -- acquires IP addresses from a DHCP server

2. Clearing the DNS cache on the local computer

The ipconfig /flushdns command clears the domain name server (DNS) cache stored on the local computer. It's often used when the internal network or external resources can't be accessed because of corrupted DNS data.

ipconfig /flushdns

Related commands:

  • ipconfig /displaydns -- displays the current DNS cache
  • net start (or stop) dnscache -- turns on (or off) the local DNS cache client, flushing the DNS cache. Turning off the cache allows the system to resolve addresses: Each address will be resolved each time a request is made, rather than saving the IP address for that host.

3. Querying group policy settings

Group policy settings determine how the computer is configured for system and user settings. Because these settings can be configured centrally from a domain controller -- as well as locally from the computer itself -- determining the actual "in-use" policy can be tricky. The gpresult /r command displays the "resultant set of policy," including when the policies were last processed and the actual settings for computer and user policies.

gpresult /R

For remote computers:
gpresult /S computername /U username /P password /R

Related commands:

  • gpresult /H filename.html -- creates an HTML-formatted view of the group policy settings

4. Refreshing group policy settings

Changing group policy settings on the domain controller allows endpoint systems to receive the updates the next time they refresh their policy -- anywhere from 20 to 90 minutes later. To speed up this process and obtain the new settings immediately, force the update with this command

gpupdate /force

5. Shutting down a computer

When performing systems management routines such as installing patches, it may be necessary to shut down and/or restart the system in a scripted manner. The shutdown command will turn off a local or remote computer -- giving one minute's notice to the logged on user.

shutdown /s

For remote computers:
shutdown /m \\computername /s

Related commands:

  • shutdown /r -- performs shutdown and restart
  • shutdown /a -- aborts a shutdown
  • shutdown /r /t 120 /c "Shutting Down for maintenance" /f /d p:4:1 -- performs a shutdown in 120 seconds, gives a message to the user, forces applications closed and notes the shutdown reason in the event log

6. Query the audit settings

The auditpol command can query and set audit settings on the local computer. For security auditing, it can be very useful to run this command on each machine and review the results.

auditpol /get /category:*

Related commands:

  • auditpol /get /category:* /r -- outputs results to CSV format

7. Perform a Windows Update check in

The Windows Update/Automatic Update client typically checks in with Microsoft (or a local Windows Server Update Services server) every 22 hours. If you want to force a check-in sooner, run the following command.

Note: This command-line script does not give any user feedback to the screen.

wuauclt /detectnow

8. Query the status of services

Use the SC command to see the services installed on a computer and if they are currently active.

sc query state= all

For remote computers:
sc \\computername query state= all

Related commands:

  • sc query service_name -- queries a specific service
  • sc qc service_name -- obtains configuration information for a specific service
  • sc \\computername stop service_name -- stops a service on a remote computer
  • sc \\computername start service_name -- starts a services on a remote computer

9. Query the status of the Windows Firewall

Windows Firewall has different settings for different connection types -- a public profile for when you're connected to the Internet, a private profile for when you're connected to an internal network, and a domain profile when you're connected to the corporate network. It's important to understand which firewall settings are in use for each profile.

netsh advfirewall show allprofiles

For remote computers:
netsh -r computername advfirewall show allprofiles (Note: Remote registry access must be available on the remote computer for this command to work.)

Related commands:

  • netsh advfirewall set allprofiles state off -- turns off the firewall for all states
  • netsh -r computername advfirewall set publicprofile state on -- turns on the remote computer's firewall for the public profile.
  • netsh -r computername advfirewall set privateprofile state off -- turns off the remote computer's firewall for the private profile.

10. Execute a command against a group of computers

With the FOR command, you can execute commands against a series of computers or IP addresses. This can be a useful way to perform scripted actions against remote computers in a large network space.

To query the firewall state for all computers in a Class C network and save results to individual filenames, enter the following:
FOR /L %i IN (1,1,254) DO netsh -r 192.168.1.%i advfirewall show allprofiles >192.168.1.%i.firewallstate.txt

Substitute your favorite remote command-line commands in place of the netsh command above.

FOR /L %i IN (1,1,254) DO gpresult /S 192.168.1.%i /F /H 192.168.1.%i.gpresult.html

For more information about any of the above commands, type the command at the command-line followed by /?.

About the author:
Eric Schultze is a principal product manager at Amazon Web Services. Prior to Amazon, Schultze worked at Microsoft, where he helped manage the security bulletin and patch-release process. Schultze likes to forget that he used to work as an internal auditor on Wall Street.

Dig Deeper on Microsoft Windows 7 operating system