Useful commands

Useful commands

• How many users are logged on/connected to a server (and who are they)?
• Who is logged on to a computer?
• What is this collegue's login name?
• What is the full name for this login name?
• What groups is this user a member of?
• What permissions does a user have on this directory?
• When did someone last change his password?
• How do I reset someone's password?
• Is someone's account locked?
• How to unlock a locked account
• Make sure a local user's password never expires
• Make sure a local user's password will expire
• List all domains and workgroups in the network
• List all computers in the network
• List all domain controllers
• Find the primary domain controller
• List all member servers
• List all workstations
• Delete a computer account
• "I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"
• List all drivers on any PC
• List all printers on any PC
• List all local administrators
• Locate rogue DHCP servers
• Disable Windows Firewall for domain only
• Completely disable Windows Firewall (not recommended)
• Is IP v4 supported on this computer?
• Is IP v6 supported on this computer?

How many users are logged on/connected to a server?

Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:

    NET SESSION | FIND /C "\\"

Remotely, with the help of SysInternals' PSTools:

    PSEXEC \\servername NET SESSION | FIND /C "\\"

By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.  

Who is logged on to a computer?

We often need to know who is currently logged on to a remote computer.
With native Windows (up to and including XP) commands only:

    NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"

The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT won't always return a user name, even when a user is logged on.

Note:

Unfortunately, NBTSTAT is no longer available in Windows 7 (not sure about Vista)

Using WMIC (Windows XP Professional and later):

    WMIC /Node:remotecomputer ComputerSystem Get UserName

What is this collegue's login name?

My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:

    DSQUERY USER -name *lastname* | DSGET USER -samid -display

What is the full name for this login name?

With the native NET command:

    NET USER loginname /DOMAIN | FIND /I " name "

With (native) Windows Server 2003 commands:

    DSQUERY USER -samid *loginname* | DSGET USER -samid -display

What groups is this user a member of?

In Windows NT 4 and later, users usually are members of global groups. These global groups in turn are members of (domain) local groups. Access permissions are given to (domain) local groups.
To check if a user has access to a resource, we need to check group membership recursively.
With (native) Windows Server 2003 commands:

    DSQUERY USER -samid loginname | DSGET USER -memberof -expand

 What permissions does a user have on this directory?

One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Windows Server 2003 Resource Kit Tools is a better alternative:

    CD /D d:\directory2check

        SHOWACLS /U:domain\userid

 When did someone last change his password?

With the native NET command:

    NET USER loginname /DOMAIN | FIND /I "Password last set"

 How do I reset someone's password?

With the native NET command:

    NET USER loginname newpassword /DOMAIN

With (native) Windows Server 2003 commands:

    DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword

Is someone's account locked?

With the native NET command:

    NET USER loginname /DOMAIN | FIND /I "Account active"

The account is either locked ("Locked") or active ("Yes").

 How to unlock a locked account

With the native NET command:

    NET USER loginname /DOMAIN /ACTIVE:YES

or, if the password needs to be reset as well:

    NET USER loginname newpassword /DOMAIN /ACTIVE:YES

 Make sure a local user's password never expires

With WMIC (Windows XP Professional or later):

    WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="FALSE"

 Make sure a local user's password will expire

With WMIC (Windows XP Professional or later):

    WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="TRUE"

 List all domains and workgroups in the network

With the native NET command:

    NET VIEW /DOMAIN

 List all computers in the network

With the native NET command:

    NET VIEW

or, to list the names only:

    FOR /F "skip=3 delims=\    " %%A IN ('NET VIEW') DO ECHO.%%A

delims is a backslash, followed by a tab and a space.

 List all domain controllers

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain DC

With (native) Windows Server 2003 commands (Active Directory only):

    DSQUERY Server

or, if you prefer host names only (tip by Jim Christian Flatin):

    DSQUERY Server -o rdn 

Find the primary domain controller

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain PDC

or, to find the FSMO with (native) Windows Server 2003 commands (Active Directory only):

    NETDOM QUERY /D:mydomain.com FSMO

List all member servers

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain SERVER 

List all workstations

With native Windows 2000 commands:

    NETDOM QUERY /D:MyDomain WORKSTATION

Delete a computer account

With native Windows 2000 commands:

    NETDOM /DOMAIN:MyDomain MEMBER \\computer2Bdeleted /DELETE

"I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"

Sounds familiar?

With (native) Windows XP Professional or Windows Server 2003 commands:

    FOR /F %%A IN (servers.txt) DO (

               WMIC /Node:%%A LogicalDisk Where DriveType="3" Get

Disable Windows Firewall for domain only

Disable the firewall only when the computer (e.g. a laptop) is connected to the domain:

    NETSH Firewall Set OpMode Mode = DISABLE Profile = DOMAIN

  

Completely disable Windows Firewall (not recommended)

Disable the firewall comletely (not recommended unless an alternative enterprise firewall is used that requires you to do so):

    SC [ \\Remote_computer ] Stop SharedAccess

        SC [ \\Remote_computer ] Config SharedAccess start= disabled

 Is IP v4 supported on this computer?

Check if IP v4 is supported on the local computer:

    PING 127.0.0.1 | FIND "TTL=" >NUL 2>&1

        IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)

or:

    WMIC Path Win32_PingStatus WHERE "Address='127.0.0.1'" Get StatusCode /Format:Value | FINDSTR /X "StatusCode=0" >NUL 2>&1

        IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)

The WMIC command is faster, but requires Windows XP Professional or later.

Is IP v6 supported on this computer?

Check if IP v6 is supported on the local computer:

    PING ::1 | FINDSTR /R /C:"::1:[ˆ$]" >NUL 2>&1

        IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)

or:

    WMIC Path Win32_PingStatus WHERE "Address='::1'" Get StatusCode >NUL 2>&1

        IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)

The WMIC command is faster, but requires Windows XP Professional or later.