Generic Microsoft Server + Desktop CLI Troubleshooting Cheatsheet

Microsoft-CLI-Notes.md

Microsoft Troubleshooting -- CLI Notes

(for Windows Workstations & Servers)

1. General

2. Networking

3. Task Management

4. Hard Drive Diagnosis / Repair

5. Windows Corruption Diagnosis / Repair

6. Control Panel Applet & MMC Shortcuts

!!! IMPORTANT !!!

YOU MUST RUN THE COMMAND PROMPT WITH ELEVATED PRIVLEGES:

start >> type cmd >> ctrl+shift+enter

If you aren't running commands with elevated privileges, some commands below WILL NOT WORK

General

systeminfo | more - determine if this machine is joined to a domain

• find out when the last time was they restarted (ask the client first -- it’s a good way to quickly judge the honesty / margin-of-error of the person and set an expectation within yourself if their future testimony will be reliable)
  • find out if windows is oooooold, and likely needing a reload

systeminfo | findstr /i model

• determine if this is a virtual machine
• a VMware Guest will return “VMware Virtual Platform”, whereas, a Microsoft Hyper-V Guest will return “Virtual Machine”

change user /query

• determine if remote desktop services is configured for multiple users (handy for file lock issues)
• prostatus:
• use qwinsta to list all current remote desktop connections to the local machine

shutdown /r /t 10 - restart the computer in 10 seconds - prostatus: abort the current shutdown! shutdown /a

winver

• show the windows version (also seen in systeminfo, but this command runs faster if the windows version is all you want)

echo %username% echo %computername% - show computername or username

cls - clear all the mess off your terminal

Networking

netsh firewall show state - show the open ports in windows firewall

netsh firewall show config - show the allowed programs in windows firewall

ipconfig /all - show all the network interface info

netsh winsock reset - reset Winsock Catalog to a clean state / default configuration - (use this to fix weird networking errors)

• warning: could be destructive (may require reinstallation of 3rd party software, especially antivirus / firewall)
• requires restart

netsh int ip reset

• reset TCP/IP settings to default (note: this will remove any static IPs, which will need to be reconfigured afterwards)
  • (use this to fix weird networking errors)
• warning: could be destructive (may require reconfiguration of network interface)
  • requires restart

ipconfig /dnsflush - get rid of those nasty outdated dns entries (like, did you just update the hosts file?)

ping <target> -t - ping it, and don’t stop. like ever.

tracert <target>

• sorta like ping, but shows you every network hop on the way to the destination (which exposes any delays / bottlenecks)

nslookup <target> - tests if DNS is working for a servername on the local network or internet

arp -a - shows arp cache (where MAC address to IP address mappings live) - prostatus: arp -d Delete a specific IP address entry (arp -d 192.168.100.10) arp -d -a Delete all entries in the ARP table arp -s Add a static entry to the ARP table (arp -s <ip_address> <mac_address> or arp -s 192.168.1.50 00.b0.d0.fe10.5f)

netsh interface ip delete arpcache

• flush the ARP cache (not sure the difference between this and arp -d -a, so, better do both)

netstat -a - show all open network ports and listening processes - prostatus: netstat -a | findstr 5555

• run netstat and show lines that include ‘5555’ (think port number)
• fun fact: findstr is the windows equivalent of linux’s grep

notepad %SYSTEMDRIVE%/windows/system32/drivers/etc/hosts

• set some static DNS entries in the local hosts file, because you’re the boss
• prostatus:
  • this only works from within a command prompt with admin privileges
  • alternatively, you can open notepad as administrator this way: start >> type notepad >> ctrl+shift+enter open hosts file manually: %SYSTEMDRIVE%/windows/system32//drivers/etc/hosts

openfiles - lists any open files on any shares hosted on the local machine

Task Management

tasklist - it’s like task manager, but cooler because CLI - prostatus: tasklist /SVC to link running processes to windows service names

taskkill /f /im <processname> - force-end the process by filename

• ex: taskkill /f /im notepad.exe
• prostatus:
• alternate command that does the same thing using wmic: wmic process where name='notepad.exe' delete

Hard Drive Diagnosis / Repair

chkdsk - checks for indicators of a bad hard drive (one of the most common hardware failures) - prostatus:

• use chkdsk /f to try and automatically fix bad things

defrag <driveletter>: -a

• shows fragmentation on the hard drive
• fragmentation can affect performance if fragmentation is above 15% on the system drive or data drive containing your database files
• make sure you are using the correct drive letter and you check all drives on the system
  • attempt defrag: defrag c: or defrag d:, etc.

Windows Corruption Diagnosis / Repair

sfc /scannow - system file checker -- checks missing or corrupted windows files and fixes them

Control Panel Applet & MMC Shortcuts

appwiz.cpl - Programs & Features (Add/Remove Programs)

control - Control Panel

control netconnections - show Network Connections - prostatus: - shorten the command and do the same thing: ncpa.cpl

control schedtasks - Scheduled Tasks mmc

compmgmt.msc - Computer Management mmc - quick way to get to ‘local users and groups’ and ‘disk management’ - prostatus: - Local Users and Groups mmc: lusrmgr.msc - Disk Management mmc: diskmgmt.msc

dfrgui

• Disk Defragmenter GUI

eventvwr.msc - Windows Event Viewer

fsmgmt.msc - File Share Management mmc

• shows connection information for any computer on the network connected to a share on the local pc
• allows you to manually disconnect users and open files

firewall.cpl - Windows Firewall (enable / disable)

services.msc - Windows Services mmc

sysdm.cpl

• System Properties

wf.msc

• Windows Firewall w/ Advanced Security
• (this is where you create rules to allow ports through the firewall)