Summary of Windows 7 system commands

Wmic OS assoc can be used to view patch information installed on win7.

WMIC commands are good at making it easier to open a window for managing Windows 7. WMIC commands are not powerful enough.

 

Run the command line "winver" to query Windows version information.
You can also enter the following command to query advanced information:
1. slmgr. vbs-DLI

Display: operating system version, some product keys, and license status

2. slmgr. vbs-DLV

Display: the most detailed activation information, including: Activation ID, installation ID, activation deadline

3. slmgr. vbs-xpr

Display: whether to activate it completely

4. slmgr. vbs-IPK

Change Windows 7 serial number

5. slmgr. vbs-ato

Activate Windows 7

Assoc displays or modifies file extension associations.
Attrib displays or modifies file attributes. Generally, files have attributes such as H, S, and R, indicating hiding, system, and read-only, respectively. + H indicates adding hidden attributes, and-h indicates removing hidden attributes.
Break sets or clears the extended Ctrl + C detection of the DOS system. This command is reserved for compatibility with the DOS system and does not work in windows.
Bcdboot * Copies key boot files to system partitions and creates a new system BCD storage.
Bcdedit is used to modify the startup configuration data storage.
Cacls displays or modifies the access control list (ACL) of a file ). Note: cacls is not recommended for Windows. Use icacls.
Call calls another batch processing program from the batch processing program.
CD displays the current directory name or changes the current directory.
Chcp displays or sets the active code page number. For example, the Chinese version is 936. In earlier versions, such as 98, an active code page was set for cmd to have multiple languages. You can input chcp 936 to convert the help information in cmd into Chinese.
Chdir displays the current directory name or changes the current directory. Is the full name of CD.
Chkdsk checks the disk and displays the status report.
When CHKNTFS is started, the disk check is displayed or modified.
Choice is complicated. For more information, see the tutorial on any batch processing file. This tool allows you to select a project from the selection list and return the index of the selected project.
Cipher displays or changes the encryption of the Directory [file] On the NTFS partition.
Clip redirects the output of the command line tool to the Windows clipboard. This text output can be pasted into other programs. For example, Dir | clip puts a copy of the current directory list to the Windows clipboard. Clip <readme. txt puts a copy of readme.txt text to the Windows clipboard. "|" Is called pipeline in DOS, and "<" or ">" is also called redirection in DOS. You don't need to say anything about it.
CLS command.
CMD starts a new instance of the Windows command interpreter.
Create a secret key, and display and delete the saved username and password. This small hacker has never been used. The small hacker uses the old-fashioned net user command. If you are interested, you can study it.
Color sets the default console foreground and background color.
Comp compares the content of two files or two file sets.
COMPACT Displays or changes the compression of files on NTFS partitions.
CONVERT Converts a fat volume to NTFS. 2000/XP is a popular command, because at that time, most of the disks were in the FAT32 format.
COPY Copies one or more files to another location. Enhancements are available in Vista. For more information, see the instructions.
Date: displays or sets the date.
Defrag Microsoft disk fragment program.
Del deletes one or more files. For more information, see the National Computer first-level examination (DOS) tutorial.
DIR Displays the list of files and subdirectories in the directory. Frequently Used commands. In the past, people often set a DIR/s, and then the screen starts to roll. People who do not understand it think they are experts.
Diskcomp compares the two floppy disks. It is basically obsolete.
Diskcopy copies the content of one floppy disk to another. The above two commands can be used in junbo.
Diskpart displays or configures disk properties. This command is directly executed without parameters. A new console will pop up for you to enter the command.
Doskey: edit the command line, call the Windows command again, and create a macro. An interesting command. For example, in the past, to prevent bad guys or viruses from formatting a computer, doskey was used as a format or fdisk to replace the real command.
Driverquery allows the Administrator to display a list of installed device drivers, which can be used by a remote computer.
ECHO to display information, or display or close the command.
Endlocal ends the localization of Environment Changes in the batch file. Environment Changes made after the execution of endlocal are no longer limited to batch files. After the batch file is completed, the original settings cannot be restored.
Erase deletes one or more files. It has been replaced by Del.
Exit to exit the cmd. exe program (command interpreter) or the current batch processing script.
Expand Microsoft File Extension utility version. Expand one or more compressed files.
FC compares two files or two file sets and displays the differences between them.
Find searches for strings in the file. If no path is specified, find searches for text typed at the prompt or text generated by another command. It is usually used with pipeline commands or redirection commands.
Findstr searches for strings in the file. The usage is complicated.
For executes a specific command on each file in a group of files. Note: This is not the loop in programming. This usage is also complicated. For details, refer to the batch processing tutorial.
Forfiles: select a file (or a group of files) and execute a command on that file. This facilitates batch processing of jobs ..
Format the disk. Use it with caution.
You must have the permission to manage the properties of the fsutil display or configuration file system.
FTYPE Displays or modifies the file types used in the file extension Association. The built-in help provides detailed instructions for usage.
Goto directs cmd.exe to the rows with labels in the batch processing program.
Gpresult this command line tool displays information about the policy result set (rsop) of the target user and computer.
Graftabl enables Windows to display extended character sets in image mode. Not understand ~~
You can press enter to understand the help.
Icacls displays, modifies, or backs up ACL files or folders. This command is more profound and generally does not need to be used.
If executes the condition processing in the batch processing program.
IpconfigDisplays the configuration values of all current TCP/IP connections.
Label to create, change, or delete the volume label of a disk.
MD creates a directory. You can create a multi-level directory in Vista, for example, MD father/son. The father directory is created in the current directory, and the son directory is created under it.
Mkdir is the full name of MD.
Mklink creates a symbolic link and a hard connection. Ah ~~ This is simply a copy of the concept of Linux. Symbolic connections and hard connections are commonly used in Linux. They are similar to shortcuts, but they are not exactly the same. It is recommended that you use Google for learning.
Mode: configure the system device. Never used ~~
More display output on screen. Use with pipeline commands. For example, if you use DIR/s to browse files and directories, you can use DIR/s if the screen is not fully displayed. | more: pause when the screen is full.
Move the file and rename the file and directory. Cut command under DOS.
Openfiles allows administrators to list or interrupt files and folders opened on the system.
PATH is displayed as an executable file or a search path is set.
PAUSE Suspends the batch processing program and displays the following message: press any key to continue ....
Popd is changed to the directory where the pushd command is stored. If enabled, the popd command deletes the temporary drive letter created by pushd when the popd drive from the push directory stack is enabled. This small hacker is not very familiar ~~~
Print a text file.
Configure the characters or formats displayed by the command interpreter in prompt.
Pushd saves the current directory for the popd command and changes it to the specified directory. Use with popd.
RD: delete a folder. Note that the folder must be empty.
Recover restores readable information from the damaged disk. I have never used it. I don't know how it works.
Rem adds annotations or instructions to the batch file or config. sys.
Rename the file.
Rename the file. Is the full name of Ren.
Replace the file.
Rmdir: Delete the folder, which is the same as RD. However, all subdirectories and files under the specified directory can be deleted in addition to the directory. Used to delete a directory tree.
Robocopy supports reliable file replication in windows. It is powerful and supports directory tree replication.
Set: displays, sets, or deletes the cmd.exe environment variable.
Setlocal: Start the localization of Environment Changes in the batch file. The environment changes made after setlocal is executed are limited to batch files. To restore the original settings, you must execute endlocal. When the end of a batch file is reached, an implicit endlocal is executed for each unexecuted setlocal command of the batch file.
Setx creates or modifies environment variables in the user or system environment. You can set variables based on parameters, registry items, or files.
SC is a command line program used to communicate with the Service Control Manager and service. You can query, start, or terminate services. Win2000.
SchtasksAllows administrators to create, delete, query, modify, run, and abort scheduled tasks on a local or remote system. Very useful.
Shift changes the location of replaceable parameters in the batch file.
Shutdown. Some viruses call this program to shut down. Remember to enter shutdown-a to cancel when you see the shutdown prompt.
Output after sorting by sort. Use with MPs queue commands.
Start starts a separate window to run the specified program or command.
SUBST Associates the path with the drive letter. This command is also very interesting.
Systeminfo displays system information. Very powerful.
Takeown can re-allocate File Ownership, allowing administrators to regain access to previously denied files.
Tasklist this tool displays the list of processes currently running on local or remote machines. It is also very useful, especially remote.
Taskkill first obtains the PID using tasklist, and then uses the tool to terminate the task according to the process ID (PID) or image name.
Time: displays or sets the system time.
The timeout tool accepts the timeout parameter, waiting for a specified period of time (seconds) or pressing any key. It also accepts a parameter, ignoring the buttons.
Title specifies the title of the Command Prompt window.
Tree displays the folder structure of the drive or path in graphs.
Type: displays the content of a text file.
Server displays the current Windows version. It also has a graphical interface, which can be seen by entering winver.
Verify tells cmd.exe whether to verify that the file has been correctly written to the disk.
VOL Displays the volume label and serial number (if any) of the disk ).
Vssadmin Shadow Copy Service Management command line tool
Where is used for batch processing. Displays the location of the file that matches the search mode. By default, search is performed in the path specified by the current directory and PATH environment variable.
Copy files or folders. Now you can replace it with robocopy.
WMIC displays the WMI information in the command prompt.

Use the net/netstat command in win7/Vista to become a security expert

Some basic commands often play a major role in protecting network security. The following commands play a very prominent role.
Detect Network Connections
If you suspect that someone else has installed a Trojan on your computer or is infected with a virus, but you do not have a complete tool in your hand to check whether such a thing has actually happened, you can use the network commands that come with windows to check who is connecting to your computer. The specific command format is: netstat-An. This command can be used to view all the IP addresses that are connected to the local computer. It contains four parts: PROTO and local address), foreign address (the address that establishes a connection with the local device), State (the current port status ). With the detailed information of this command, we can fully monitor the connection on the computer to control the computer.

Enter the following in the command prompt: netstat-A displays all the ports currently open to your computer. netstat-s-e displays your network information in detail, this includes statistics on TCP, UDP, ICMP, and IP addresses. Have you ever thought of a better understanding of Vista and windows7 display protocol statistics and current TCP/IP network connections?

The Vista Home (www.vista123.com) and the windows7 home (www.win7china.com) team specially sorted out the netstat command usage as follows (Note: The command is arranged in the order of a-B )--

Netstat: displays protocol statistics and current TCP/IP network connections under Vista/Windows 7. You can directly run netstat without adding parameters,

Netstat [-A] [-B] [-E] [-F] [-N] [-O] [-P proto] [-R] [-S] [- t] [interval]

-A displays all connection and listening ports.

-B shows the executable programs involved in creating each connection or listening port. In some cases, it is known that the executable program carries multiple independent components, in which case the display

The component sequence involved in creating a connection or listening port. In this case, the name of the executable program is located in [] at the bottom, and the component it calls is located at the top until it reaches TCP/IP. Note:

Items may be time-consuming and may fail if you do not have sufficient permissions.

-E displays Ethernet statistics. This option can be used with the-s option.

-F displays the Fully Qualified Domain Name (FQDN) of the external address ).

-N: the address and port number are displayed in numbers.

-O displays the IDs of processes associated with each connection.

-P proto indicates the connection of the Protocol specified by Proto. proto can be any of the following: TCP, UDP, tcpv6, or udpv6. If it is used together with the-s option to display each association

For Statistics, proto can be any of the following: IP, IPv6, ICMP, ICMPv6, TCP, tcpv6, UDP or udpv6.

-R shows the route table.

-S displays statistics for each protocol. By default, statistics of IP, IPv6, ICMP, ICMPv6, TCP, tcpv6, UDP, and udpv6 are displayed. The-P option can be used to specify

The specified subnet.

-T: The current connection uninstallation status is displayed.

Interval re-displays the selected statistics. The interval (in seconds) between display pauses. Press Ctrl + C to stop resending statistics.
Disable unknown services
Many friends may find that the computer speed slows down after the system is restarted one day. This may be because someone else opens a special service to you after intruding into your computer, for example, IIS Information Service. You can use "Net start" to check whether any service is enabled in the system. If you find that it is not a self-opened service, we can disable it in a targeted manner. You can directly enter "Net start" to view the service, and then use "net stop server" to disable the service.
Easily Check Accounts
For a long time, malicious attackers like to use the clone account method to control your computer. The method they use is to activate a default account in the system, but this account is not commonly used, and then use tools to escalate this account to administrator permissions. On the surface, this account is still the same as the original one, however, this cloned account is the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. To avoid this situation, you can use a simple method to detect the account.
First, enter the net user in the command line to view some users on the computer, and then use "Net user + User Name" to view the permissions of this user, generally, administrators are in the Administrators group, but not administrators! If you find that a system-built user belongs to the Administrators group, you are almost certainly intruded, and someone else cloned your account on your computer. Use "Net user username/del" to delete this user!