TechTutorials - Free Computer Tutorials  







Windows 2003 Command Line Tools and Switches Hot Popular
 


Added: 07/29/2008, Hits: 34,250, Rating: 4, Comments: 1, Votes: 1
Add To Favorites | Comment on this article
This reference tool will list as many of the Windows command line utilities as we can come up with. We have tried to list a description, syntax and which operating systems each are compatible with. For the tools that are labeled as "Resource Kit", you can find a lot more documentation in the resource kit help files.

Adlb.exe: Active Directory Load Balancing Tool (Resource Kit)
Arp.exe: Address Resolution Protocol
Atmarp.exe: Windows ATM ARP Server Information Tool (Resource Kit)
Atmlane.exe: Windows ATM LAN Emulation Client Information (Resource Kit)
Cdburn.exe: ISO CD-ROM Burner Tool (Resource Kit)
Chknic.exe: NIC Compliance Tool for Network Load Balancing (Resource Kit)
Clearmem.exe: Clear Memory (Resource Kit)
Compress.exe: Compress Files (Resource Kit)
Confdisk.exe: Disk Configuration Tool (Resource Kit)
Consume.exe: Memory Consumers Tool (Resource Kit)
Creatfil.exe: Create File (Resource Kit)
Csccmd.exe: Client-Side Caching Command-Line Options (Resource Kit)
Custreasonedit.exe: Custom Reason Editor (Resource Kit)
Delprof.exe: User Profile Deletion Utility (Resource Kit)
Dh.exe: Display Heap (Resource Kit)
Diskraid.exe: RAID Configuration Tool (Resource Kit)
Diskuse.exe: User Disk Usage Tool (Resource Kit)
Dnsdiag.exe: SMTP DNS Diagnostic Tool (Resource Kit)
Dumpfsmos.cmd: Dump FSMO Roles (Resource Kit)
Dvdburn.exe: ISO DVD Burner Tool (Resource Kit)
Empty.exe: Free Working Set Tool (Resource Kit)
Fcopy.exe: File Copy Utility for Message Queuing (Resource Kit)
Frsflags.vbs: File Replication Service Flags (Resource Kit)
Getcm.exe: Connection Manager Profile Update (Resource Kit)
Gpotool.exe: Group Policy Objects (Resource Kit)
Hlscan.exe: Hard Link Display Tool (Resource Kit)
Ifilttst.exe: IFilter Test Suite (Resource Kit)
Ifmember.exe: User Membership Tool (Resource Kit)
Iniman.exe: Initialization Files Manipulation Tool (Resource Kit)
Instcm.exe: Install Connection Manager Profile (Resource Kit)
Instsrv.exe: Service Installer (Resource Kit)
Ipconfig: Displays IP configuration parameters
Kernrate.exe: Kernel Profiling Tool (Resource Kit)
Klist.exe: Kerberos List (Resource Kit)
Linkspeed.exe: Link Speed (Resource Kit)
List.exe: List Text File Tool (Resource Kit)
Logtime.exe: Logs start or finish of command-line programs (Resource Kit)
Lsreport.exe: Terminal Services Licensing Reporter (Resource Kit)
Mcast.exe: Multicast Packet Tool (Resource Kit)
Memmonitor.exe: Memory Monitor (Resource Kit)
Memtriage.exe: Resource Leak Triage Tool (Resource Kit)
Mibcc.exe: SNMP MIB Compiler (Resource Kit)
Moveuser.exe: Move Users (Resource Kit)
Nbtstat:
Net Helpmsg:
Net Logon:
Net Send:
Net Share:
Net Start:
Net Statistics:
Net Use:
Net View:
Netsh:
Netstat:
Nlsinfo.exe: Locale Information Tool (Resource Kit)
Now.exe: STDOUT Current Date and Time (Resource Kit)
Nslookup:
Ntimer.exe: Windows Program Timer (Resource Kit)
Ntrights.exe (Resource Kit)
Oh.exe: Open Handles (Resource Kit)
Pathman.exe: Path Manager (Resource Kit)
Pathping:
Permcopy.exe: Share Permissions Copy (Resource Kit)
Perms.exe: User File Permissions Tool (Resource Kit)
Pfmon.exe: Page Fault Monitor (Resource Kit)
Ping: ICMP echo requests
Pmon.exe: Process Resource Monitor (Resource Kit)
Printdriverinfo.exe: Drivers Source (Resource Kit)
Qgrep.exe (Resource Kit)
Qtcp.exe: QoS Time Stamp (Resource Kit)
Queryad.vbs: Query Active Directory (Resource Kit)
Regini.exe: Registry Change by Script (Resource Kit)
Regview.exe: (Resource Kit)
Robocopy.exe: Robust File Copy Utility (Resource Kit)
Route:
Rpccfg.exe: RPC Configuration Tool (Resource Kit)
Rpcdump.exe (Resource Kit)
Rpcping.exe (Resource Kit)
Rqc.exe: Remote Access Quarantine Client (Resource Kit)
Rqs.exe: Remote Access Quarantine Agent (Resource Kit)
Setprinter.exe: Spooler Configuration Tool (Resource Kit)
Showacls.exe (Resource Kit)
Showpriv.exe: Show Privilege (Resource Kit)
Sleep.exe: Batch File Wait (Resource Kit)
Sonar.exe: FRS Status Viewer (Resource Kit)
Splinfo.exe: Print Spooler Information (Resource Kit)
Srvany.exe: Applications as Services Utility (Resource Kit)
Srvcheck.exe: Server Share Check (Resource Kit)
Srvinfo.exe: Remote Server Information (Resource Kit)
Ssdformat.exe: System State Data Formatter (Resource Kit)
Subinacl.exe (Resource Kit)
Tail.exe (Resource Kit)
Timeit.exe: (Resource Kit)
Timezone.exe: Daylight Saving Time Update Utility (Resource Kit)
Tracert:
Tsctst.exe: Terminal Server Client License Dump Tool (Resource Kit)
Tsscalling.exe: Terminal Services Scalability Planning (Resource Kit)
Uddiconfig.exe: UDDI Services Command-line Configuration Utility (Resource Kit)
Vadump.exe: Virtual Address Dump (Resource Kit)
Volperf.exe: Shadow Copy Performance Counters (Resource Kit)
Volrest.exe: Shadow Copies for Shared Folders Restore Tool (Resource Kit)
Vrfydsk.exe: Verify Disk (Resource Kit)
Winhttpcertcfg.exe: WinHTTP Certificate Configuration Tool (Resource Kit)
Winhttptracecfg.exe: WinHTTP Tracing Facility Configuration Tool (Resource Kit)

Adlb:
The Active Directory Load Balancing (ADLB) rebalances the load each time a change occurs in your site topology or in the number of domain controllers you have. ADLB can stagger schedules so that the outbound replication load for each domain controller is spread out evenly. Good for balancing replication traffic between the Windows 2003 domain controllers when they are replicating to more than 20 other sites hosting the same domain.

Switches
Unknown

ARP:
Arp stands for Address Resolution Protocol and is used to map IP address to physical machine addresses (MAC Address).

Switches
  • -a > Displays current ARP entries by interrogating the current
    protocol data. If inet_addr is specified, the IP and Physical
    addresses for only the specified computer are displayed. If
    more than one network interface uses ARP, entries for each ARP
    table are displayed.

  • -g > same as above

  • -N if_addr > Displays the ARP entries for the network interface specified
    by if_addr.

  • -d ip_addr > Deletes the host specified by inet_addr.

  • -s > Adds the host and associates the Internet address inet_addr
    with the Physical address eth_addr. The Physical address is
    given as 6 hexadecimal bytes separated by hyphens. The entry
    is permanent.

  • eth_addr > Specifies a physical address.

  • if_addr > If present, this specifies the Internet address of the
    interface whose address translation table should be modified.
    If not present, the first applicable interface will be used.


Examples
  • View the contents of the local ARP cache table
    ARP -a [ip_addr] [-N if_addr]


  • Add a static Arp entry for frequent accessed hosts
    ARP -s ip_addr eth_addr [if_addr]


  • Delete an entry
    ARP -d ip_addr [if_addr]


Atmarp:
Used to troubleshoot the status of the ATM ARP/MARS Service that ships with Windows 2000/2003 Server.

Switches
  • /s > Displays statistics for the ARP and MARS server

  • /c > Displays the ARP and MARS caches

  • /reset > Resets the ARP and MARS statistics


Atmlane:
Atmlane is a command-line tool used to troubleshoot the status of the Asynchronous Transfer Mode (ATM) LAN Emulation (LANE) client that ships with Windows 2000/2003.

Switches
None

Cdburn:
Cdburn allows users to burn image files containing any data, such as file systems like ISO9660 (Level 1, 2, or 3), Joliet, Universal Disk Format (UDF), or a combination of file systems. Works with Windows XP and 2003.

Switches:

  • -erase > Erases the disk before burning (valid for R/W only)

  • -sao > Writes the image out in "session at once", or cue sheet, mode (default is "track at once")
  • -speed > Speed of burn, or 'max' for maximum speed

  • -imagehaspostgap > Use if your image already contains a 150 sector postgap. The [image] must be provided unless the -erase flag is set. If both an image and -erase are provided, the media will be erased prior to burning the image to the disc.

  • /? > Help menu



Examples:

  • cdburn -erase [image [options]]

  • cdburn image [options]



Chknic:
Checks all network adapters on the local machine and makes sure they are compatible for network load balancing.

Switches:
None

Clearmem:
Clear Memory (ClearMem) is a command-line tool that determines the size of the computer's physical memory, allocates enough data to fill it, and references the data as quickly as possible. ClearMem also accesses files to clear the cache. This reduces, to a minimum, the memory available to other processes. Then, the Clear Memory tool releases the allocated memory to restore normal system functions. Works on all versions of Windows starting with Windows 95.

Switches:
None

Compress:
Compress is a command-line tool that can be used to create compressed copies of one or more files. Works in Windows XP/2000/2003.

Switches:
  • /r > Renames expanded files. Compressed files are renamed with the last character in the file name extension set to an underscore ("_") character. The underscore identifies the file as a compressed file.

  • /d > Only out of date files within the destination are updated.

  • /zx > Specifies LZX compression.

  • /z > Specifies MS-ZIP compression (AKA .cab file format).

  • /zq[n] > Specifies quantum compression. Valid values for n are in the range 1 to 7 (1 yields the fastest speed while 7 gives best compression). The default value for n is 4.

  • Source > Specifies the source file.

  • Destination > Specifies the destination file or path


Confdisk:
A command-line tool that helps to recover failed disks in a cluster. Works in Windows 2003 only.

Switches:

  • /save > SIF file to save configuration to

  • /restore > SIF file to restore configuration from



Example:

  • confdisk /save c:\asr.sif



Consume:
Used to simulate the consumption of machine resources such as physical memory, page file memory, disk space, CPU time and kernel pool for the purpose of stress tests. Works in Windows 2003 only.

Switches:
  • -physical-memory > Consumes physical memory so that applications are forced to operate on lowered amounts.

  • -page-file > Uses up the page file.

  • -disk-space > Uses up available disk space.

  • -cpu-time > Uses up processor time by created 128 threads.

  • -kernel-pool > Uses up as much of the kernel pool as possible.

  • -time Seconds > Used in conjunction with the above, this switch specifies the amount of time to consume the specified resource.


Creatfil:
Creates a blank file filled with space characters. Works in Windows XP/2000/2003.

Switches:
  • Path > Specifies the directory where the file will be created.

  • FileName > Specifies the name of the file that will be created.

  • FileSize > Specifies the size of the file in 1KB increments.


Csccmd:
Used to enable and disable offline files, move files within the CSC database from one server to another, or re-stamp the SID on offline files. Works in Windows XP/2000/2003.

Switches:
  • /enable > Enables offline files. You must be logged in as administrator on the local computer.

  • /disable > Disables offline files. You must be logged in as administrator on the local computer and close all files in the cache for this to work.

  • /resid > Re-stamps all the entries in the Client Side Caching (CSC) database with a new user Security Identifier (SID). Use this parameter after your user account is migrated from one type of domain, such as Windows NT 4.0, to another domain, such as Windows 2000.

  • /disconnect:\\server\share > Disconnects the client from the server when network connectivity has been degraded. Windows 2000 clients must be running SP3 or have installed QFE Q293426.

  • /moveshare: \\server\share1 \\server\share2 > Remaps the files in the CSC cache for the purpose of migrating to a new namespace.


Custreasonedit:
Removes the reasons listed in the event shutdown tracker dialog box.

Switches:
  • /i > To use interactive dialog (GUI)

  • /l > To list existing shutdown reasons

  • /e fn > To export the custom reason key to file fn

  • /r fn > To import key file fn

  • /m host > Set initial target machine

  • /s > Specify to use system locale for custom reasons


Delprof:
Deletes user profiles on local and remote computers. You must be logged in as an administrator. Works in Windows NT/XP/2000/2003.

Switches:
  • /q > Quiet mode which offers no confirmation for each profile to be deleted

  • /i > Ignore errors

  • /p > Prompts for confirmation before deleting a profile.

  • /r > Only delete cached roaming profiles

  • /c:\\ComputerName > Specifies a remote computer name

  • /d:days > Specifies the number of days of inactivity that must exist for a profile to be deleted


Dh.exe:
Displays information about heap allocation for user-mode processes or pool usage in kernel-mode memory. It also enables you to lock heaps, tags, stacks, and objects. Works with Windows 2000, XP Professional and Windows Server 2003.

Switches:
  • /p n > Displays information about process with client ID of n in dh_n.dmp. Default flags for -p n are -s -g.

  • /p /1 > Displays information about Win32 subsystem process in dh_win32.dmp.

  • /p 0 > Displays information about kernel memory and objects in dh_sys.dmp. Default flags for -p 0 are -m -s -g -t -k -o.

  • /k > Displays information about processes and threads (valid only with -p 0).

  • /o > Displays information about object handles (valid only with -p 0).

  • /l > Displays information about locks.

  • /m > Displays information about module table.

  • /s > Displays summary information about heaps.

  • /g > Displays information about memory hogs. This option displays a sorted list of call sites that have allocated the most memory. Each call site is identified by a symbolic stack back trace of up to 16 levels that must uniquely identify the code path that resulted in the memory allocations.

  • /h > Displays information about heap entries for each heap.

  • /t > Displays information about heap tags for each heap.

  • /b > Displays information about stack back trace database.

  • /i > Ignores information about stack back trace database.

  • /f filename > Specifies the file to write the dump to.

  • /# n > Sets the buffer size to n Megs.

  • /- > Specifies that the dump output should be written to STDOUT.

  • /r n > Generates a log every n minutes with _# appended to the filename.

  • /UMDH > The UMDH parameter can be used in two modes. Use the first mode to dump the heap information into a log file. Use the second mode to compare the two log files generated by UMDH in mode one.


Diskraid.exe:
Used to configure and manage RAID. Requires Windows Server 2003, at least one Virtual Disk Service Hardware Provider must be registered and you must be a member of the Administrators group.

Switches:

  • no switches > Runs the program in interactive mode.

  • /s path > Specifies that DiskRaid execute commands from the script file at the designated location.

  • /v > Specifies that DiskRaid run in verbose mode, printing out additional information about each command being executed.



Diskuse.exe:
Scans a single directory, a directory tree, or an entire drive and reports the amount of space used by each user or all users. Works in Windows 2000/XP/2003

Switches:
  • Path > Specifies the path to list directory space used by each user. Path can be a full path, relative path, or Universal Naming Convention (UNC) path. If you do not specify a path, the default is the current directory.
  • /f:OutputFile > Directs the output to OutputFile instead of displaying it in the command window. The name of the OutputFile can be a full name, relative name, or UNC path. When the /e parameter is used with the /f parameter, errors and warning messages are not displayed. When the /t parameter is added, the file is comma-delimited. If you specify the /t parameter and end the file name with the .csv extension (the extension for comma-delimited files), OutputFile can be loaded directly into a Microsoft Excel spreadsheet.
  • /e:ErrorFile > Directs all error and warning messages to ErrorFile instead of displaying them in the command window or in OutputFile. The name of ErrorFile can be a full name, relative name, or UNC path.
  • /u:User > Specifies that DiskUse only scan for and report information about User. User should be in the format Domain\UserName. If you do not specify a domain, DiskUse scans the first instance of a user it finds.
  • /s > Scans all subdirectories of the specified path.
  • /t > Specifies that output be displayed in a table format. If the output is written to a file, the table is comma-delimited. If the output is displayed in the command window, the table is space-delimited.
  • /w > Specifies that output is displayed in Unicode (wide characters). By default, all output is in ANSI characters. Use this parameter if you have Unicode file names on your server and wish to have them reported in Unicode format. Unicode is still read, even if this parameter is not used. This parameter only affects the output.
  • /q > Specifies that DiskUse run in quiet mode (that is, no information is displayed in the command window).
  • /r:RestrictionFile > Specifies that DiskUse read use restrictions from RestrictionFile.
  • /o > Specifies that DiskUser display only the names of users who are over the limit specified in the RestrictionFile. This parameter can only be used in conjunction with the /r parameter.
  • /v > Specifies that DiskUse display file name, size, and date for the files of each user. If you do not specify the type of date by using the /d parameter, the date displayed is the date when the file was last updated.
  • /d:{a|c|w} > Specifies which date to display in verbose output. This parameter must be used in conjunction with the /v parameter.The following values are valid for the /d parameter: Value Description

    • a - Date when the file was last accessed.

    • c - Date when the file was created.

    • w - Date when the file was last updated.


  • /n:NumberFiles > Specifies the number of the largest files to be displayed, per user. This parameter must be used in conjunction with the /v parameter.
  • /x:Size > Displays files that are Size bytes or larger. This parameter must be used in conjunction with the /v parameter.


Dnsdiag.exe:
This tool is used to troubleshoot e-mail delivery problems caused by DNS issues. DNSDiag needs to be run on the computer where the DNS problems are happening. Requires Windows 2003 and a local administrator account.

Switches:
  • HostName > Specifies the host name that you want to resolve. HostName is the fully-qualified domain name of the target for the queue where errors are occurring. This name might be different from the name displayed in the SMTP queue in Exchange System Manager.

  • /d > Runs DNSDiag in debug mode. If this switch is specified, DNSDiag generates verbose output. Debug mode creates generates a great deal of output, and the most critical messages are highlighted in a different color. When this switch is not specified, only the critical messages are generated. the tool generates verbose output.

  • /v # > Identifies a specific virtual server instance that DNSDiag simulates. For example, if you want DNSDiag to simulate the first virtual server on an Exchange server, type /v 1. You must close all files in the cache before using this parameter. Otherwise, you will get an error message stating that the requested resource is in use. You must be an Administrator on the local computer to use this parameter.

  • /s ServerList > Lists the DNS servers' IP addresses in dotted decimal notation. Use this switch if you want to specify a specific set of servers. If this switch is not specified, the default DNS servers on the local computer are used as specified by the /v switch. Separate server IP addresses with a space or a tab character. Note: You cannot use this switch with the /v switch.

  • /p Protocol > Allows you to use a protocol different from the one configured in the metabase. If this switch is not specified, the protocol configured in the metabase for smtpsvc/SmtpUseTcpDns is used. You can use the following values:

    • TCP - generates a TCP-only query.

    • UDP - generates a UDP-only query.

    • DEF - generates a default query that will initially query a server with UDP, and then—if that query results in a truncated reply—it will be retried with TCP.



  • /a > Runs DNSDiag in a mode where all the DNS servers obtained (either through the registry, Active Directory, or the /s switch) are queried in sequence and all query results are displayed.


Dumpfsmos.cmd:
Using this utility you can find the names of the domain controllers that are performing operations master roles. Works in Windows 2000/XP/2003.

Switches:
  • DomainController > Specifies the name of a domain controller in any domain in the forest.


Dvdburn.exe:
DVDBurn allows a user to burn DVD images from image files on a hard disk to DVD media. The data image can be created by any program capable of producing DVD image files. Works on Windows 2000/XP/2003.

Switches:
  • Image > Specifies the name and location of the image to burn to the DVD.

  • /erase > Erases the DVD.



Empty.exe:
Free Working Set Tool frees the working set of a specified task or process, making those page frames available for other processes. Works on Windows 2003.

Switches:
  • PID > Specifies a currently-running process ID. Use TaskList to list process IDs.

  • ProgramName > Specifies the name of a currently-running program.


Fcopy.exe:
Fcopy compresses files and folders to facilitate copying across networks. Because it uses Message Queuing, FCopy continues to copy files even if there are network problems. FCopy includes update options, which copy files only if they have been changed. Works on Windows 2000/XP/2003. You must have Message Queuing installed on your computer.

Switches:
  • source > Specifies the file(s) to copy (e.g. \\srvname\sharename\foopath\foobar).

  • destination > Specifies the destination of the copied files.

  • [servername] > Specifies the Fcopy server if it is not the host where the file(s) are located. Enclose the name in square brackets, i.e. [my_computer].

  • /A > Copies files with the archive attribute set, keeps the attribute.

  • /B > Performs a safe copy by using an intermediate .tmp file during copy operation.

  • /D[:[m[-d[-y]]][:h[:m[:s]]] [[AM] [PM]]] > Copies files changed on or after the specified date and time. If no date is given, copies only those files whose source time is newer than the destination time. Cannot be used in conjunction with /G option.

  • /E > Copies directories also, including empty ones.

  • /F > Displays full source and destination file names.

  • /G > Gets only files that have been changed; checks date,size, and CRC. Cannot be used in conjunction with /D option.

  • /H > Copies hidden and system files also.

  • /K > Copies attributes. Normally, Fcopy resets read-only attributes.

  • /L > Lists files that would be copied or removed, but does nothing.

  • /M > Copies files with the archive attribute set and turns it off.

  • /O > Optimizes network traffic using compression.

  • /P[:password] > Logs on as a remote service to gain access to network files. The /P option is required only when using source or destination servers. See Technical Notes below.

  • /Q > Does not display file names while copying.

  • /R > Overwrites read-only files.

  • /S > Recursively copies directories and sub-directories.

  • /T > Creates directory structure only, but does not copy files.

  • /U > Copies only files that already exist on the destination computer.

  • /W > Prompts you to press a key before copying.

  • /Y > Encrypts file data when sending.

  • /Z > Deletes files on the destination computer that don't have a matching source file.


Frsflags.vbs:
Enables and disables the Install Override feature of File Replication Service and it sets and clears the FrsFlags attribute of replica objects in Active Directory. Works in Windows 2003.

Switches:
  • -s > Sets the flag for a given replica.

  • -u > Unsets the flag for a given replica.

  • -d > Displays current value of the flag.

  • ReplicaName > Specifies the name of the replica set. It can be either a domain based DFS replica or SYSVOL replica.

  • DomainName > Specifies the full domain name in dotted format.


Getcm.exe:
The Get Connection Manager is a customized remote access client to allow customers to connect to your service by using features that you define. Works in Windows 2003.

Switches:
  • /n ServiceName > Specifies the name of the Connection Manager service profile to update. If the variable %ServiceName% is used, Connection Manager will use the name of the current profile.

  • /d ServiceDirectory > Specifies the directory containing the Connection Manager service profile. If the variable %ServiceDir% is used, Connection Manager will use the directory in which the current profile is installed.

  • /l [Path]LocalVersionFileName > Specifies the name of a local file that contains the version number of the installed profiles (for example, a simple text file containing a version string formatted like this: 1.0.0.0).

  • /serververfile {URL | UNC}ServerVersionFile > Specifies the Hypertext Transfer Protocol (HTTP) Uniform Resource Locator (URL) or Universal Naming Convention (UNC) location of the new profiles version text file.

  • /serverinstall [Path]ProfileFileName > Specifies the HTTP URL or UNC location of the new Connection Manager profile to download.

  • /fileshare {0 | 1} > Specifies whether to use a file share or a URL. The default value is 0, use an HTTP URL. Set this value to 1 to use UNC.

  • /sleep Seconds > Specifies the number of seconds to sleep before beginning to download the new profile.

  • /mbtype {0 | 1 | 2} > Specifies the type of message box, if any, for GetCM to display at the time of download. The following table lists the message box type values. Code Description:

    • 0 - This is the default value. Will not display any message boxes to the user.

    • 1 - This value displays an OK message box.

    • 2 - This value displays a Yes/No message box that gives the user a choice of whether or not to download the update.



  • /text "UserTextMessage" > Specifies a message to display to the user if a message box is displayed. The quotation marks are required.

  • /maxbytes "UserTextMessage" > Specifies the maximum number of bytes to download. The default is 1 megabyte. This parameter only applies when you are using an HTTP URL to download files; it does not apply when UNC names are used.


Gpotool.exe:
This utility displays information about GPOs, checks GPO stability and monitors policy replication. GPOTool can browse GPOs and check for GPO consistency within and across domains. Works in Windows 2003 and requires administrative access in the domain local group.

Switches:
  • /gpo:GPO[,GPO…] > Specifies which GPOs should be processed. Partial GUID and friendly name matches are accepted for GPO. If this parameter is not used, GPOTool processes all GPOs in the domain.

  • /domain:DNSname > Specifies the Domain Name System (DNS) name for the domain that hosts the GPOs. If this parameter is not used, the domain to which the user account belongs is used.

  • /dc:DC[,DC…] > Specifies which domain controllers should be contacted. If not specified, GPOTool contacts all available domain controllers.

  • /checkacl > Verifies the SYSVOL access control list (ACL). For faster processing, this step is skipped by default.

  • /verbose > Adds extra information to the display. This includes an individual listing of each GPO and information about any errors found.


Hlscan.exe:
The Hard Link Display utility is a security tool that displays hard links (alternate logical names for a physical file) on an NTFS volume or in specified files or directories of the volume. Works in Windows 2003. You must have at least read permissions on Active Directory objects.

Switches:
  • /all > Scans all NTFS volumes on the local system.

  • /dir > Scans recursively from .

  • /file > Scans only files specified by (non recursively).

  • /log [location] > Specifies that the output is logged to a file, in addition to printing them on the screen. The location defaults to Hlscan.log in the current directory.



Ifilttst.exe:
Validates IFilter implementations for compliance with the IFilter specification and creates document filters for the Indexing Service in Microsoft products. It performs the following test: Validation test, consistency test and invalid input test. Works on Windows 2000/2003 with the Indexing service running. This utility must be run on the local computer.

Switches:
  • /ini IniFilename > Specifies the name of the initialization file used. If none is specified, the default is Ifilttst.ini.

  • /i InputFilename > Names the input file or directory to be filtered. The file name can contain the wildcard characters * and ?. You can list multiple files, separated by spaces.

  • /l [LogName] > Directs log messages to a file instead of to the screen. These messages describe the individual tests performed and the pass/fail result of the test. By default, the log file name is the same as the input file name, but with a .log extension. Only one log file is created, even if you specify multiple input files.

  • /d > Directs dump messages to a file and describes the contents of the chunks. The chunk structure is dumped when the verbosity level is 3. The dump file name is the same as the input file name, but with a .dmp extension.

  • /-l > Disables logging. This flag overrides /l.

  • /-d > Disables dumping. This flag overrides /d.

  • /legit > Forces the tool to run only the Validation Test. The Consistency Test and Invalid Input Tests are skipped.

  • /stress > Runs the test in stress mode. This is the same as specifying /-l /-d /v 0 /c 0 /legit.

  • /v VerbosityLevel > Sets the verbosity level. The default level is 3. VerbosityLevel has the following values:

    • 0 - Logs only messages concerning specific IFilter failures and displays the chunk contents.

    • 1 - Logs warning messages.

    • 2 - Logs messages concerning tests that passed.

    • 3 - Logs informational messages and displays the structure of the chunks.



  • /t Threads > Determines the number of threads to launch. The default is 1.

  • /r [Depth] > Sets the depth for recursively filtering subdirectories. If no integer is specified, or if the integer is 0, full recursion is assumed. The default is 1.

  • /c Loops > Sets the number of times to loop. If the integer is 0, the test loops infinitely. By default, the test loops only once.


Ifmember.exe:
IfMember checks to see whether or not the current user is a member of a specified group. For use in Windows logon scripts and other batch files. Works in Windows XP/2003.

Switches:
  • /v GroupName1 [GroupName2] ...] > Verbose mode. Prints all group matches.

  • /l > Lists all groups of which the user is a member.

  • GroupName > Specifies one or more group names (separated by a spaces).


Iniman.exe:
The Initialization Files Manipulation Tool allows you to add, delete, modify, or search sections or keys in an .ini file. It also allows you to create new answer files that contain only your chosen values. Works in Windows 2000/XP/2003. Requires the .net Framework and r/w permissions on the .ini file.

Switches:
  • /s > Displays all section names of a specified .ini file.

  • Section [Section] > Specifies the section in a file to parse, modify, or create.

  • [.Key [=[Value]]] > Sets the value of the key in Section to a specified value.


Instcm.exe:
Install Connection Manager installs the Connection Manager profile that you downloaded by using GetCM. InstCM is used in conjunction with the Connection Manager Administration Kit (CMAK). Works in Windows 2003.

Switches:
  • /n ServiceName > Specifies the name of the Connection Manager service profile to update. If the variable %ServiceName% is used, Connection Manager will use the name of the current profile.

  • /d ServiceDirectory > Specifies the directory containing the Connection Manager service profile. If the variable %ServiceDir% is used, Connection Manager will use the directory in which the current profile is installed.

  • /e NewProfileName

  • /sleep Seconds > Specifies the number of seconds to sleep before beginning to install the new profile.

  • /mbtype {0 | 1 | 2} > Specifies the type of message box, if any, for InstCM to display at the time of installation. The following table lists the message box type values.

    • 0 - This is the default value. Will not display any message boxes to the user.

    • 1 - This value displays an OK message box.

    • 2 - This value displays a Yes/No message box that gives the user a choice of whether or not to install the update.



  • /text "UserTextMessage" > Specifies a message to display to the user if a message box is displayed. The quotation marks are required.

  • /o OptionalParameters > Specifies optional parameters. The /o parameter must be the last parameter specified.


Instsrv.exe:
Service Installer is a tool that installs and uninstalls executable services and assigns names to them. Works in Windows XP/2003.

Switches:
  • ServiceName > Specifies the name you want to assign to the service. This name will appear in listings such as those in the Services snap-in or in NetSvc/WinNetSvc.

  • PathToExecuteable > Specifies the fully qualified path, including drive letter, of the executable file for the service. The drive must be fixed and local.

  • ServiceName Remove > Specifies the service you want to remove.

  • -a AccountName > Specifies the account the service will run under.

  • -p AccountPassword > Specifies the type of message box, if any, for InstCM to display at the time of installation. The following table lists the message box type values.


Ipconfig.exe:
IPconfig is used to display and configure the network settings of the local computer. Works in Windows NT/ME/2000/XP/2003.

Switches:
  • /all > Display full configuration information.

  • /release > Release the IP address for the specified adapter.

  • /renew > Renew the IP address for the specified adapter.

  • /flushdns > Purges the DNS Resolver cache.

  • /registerdns > Refreshes all DHCP leases and re-registers DNS names

  • /displaydns > Display the contents of the DNS Resolver Cache.

  • /showclassid > Displays all the dhcp class IDs allowed for adapter.

  • /setclassid > Modifies the dhcp class id.


Kernrate.exe:
The Kernel Profiling Tool is a CPU sample profiler that reports on kernel and user-mode processes to provide information about CPU activity. It is used to determine which processes are causing a CPU bottleneck. Works in Windows 2000/XP/2003.

Switches:
There are a ton of switches and notes that need to be read for this application. Read the Kernrate.doc file that comes with the Windows Resource Kit for more information.

Klist.exe:
The Kerberos List utility is used to view and delete Kerberos tickets granted to the current logon session. To use KList to view tickets, you must run the tool on a computer that is a member of a Kerberos realm. When run from a client, it shows Ticket-granting ticket (TGT) to a Windows Kerberos key distribution center (KDC) and Ticket-granting ticket (TGT) to Ksserver on UNIX. Works in Windows 2000/2003.

Switches:
  • tickets > Lists the current cached tickets of services to which you have authenticated since logging on. Displays the following attributes of all cached tickets:
    • End Time - Time at which that the ticket becomes invalid. After a ticket is past this time, it cannot be used to authenticate to a service.

    • KerbTicket - Encryption Type Encryption type used to encrypt the Kerberos ticket.

    • Renew Time - Maximum lifetime of a renewable ticket (see TicketFlags). To continue using this ticket, you must renew it before reaching the established End Time and before the expiration date established in RenewUntil.

    • Server - Server and domain for the ticket.

  • tgt > Lists the initial Kerberos ticket-granting-ticket (TGT). Displays the following attributes of the currently cached ticket:

    • AltTargetDomainName - Name supplied to InitializeSecurityContext that generated this ticket, typically a service principal name (SPN).

    • DomainName - Domain name of the service.

    • End Time - Time when the ticket becomes invalid. When a ticket is past the end time, it cannot be used to authenticate to a service.

    • FullServiceName - Canonical name of the account principal for the service.

    • KeyExpirationTime - Expiration time from the KDC reply.

    • RenewUntil - Maximum lifetime of a renewable ticket (see TicketFlags). To continue using a ticket, you must renew it. Tickets must be renewed before the expiration time set in End Time and in RenewUntil.

    • ServiceName - A TGT is a ticket for the key distribution center (KDC) service. The service name for a TGT is "krbtgt."

    • Start time - Time when the ticket becomes valid.

    • TargetDomainName - For a cross-realm ticket, this is the realm, rather than the issuing realm, in which the ticket is good.

    • TargetName - Service name for which the ticket was requested. This is the name of a servicePrincipalName property on an account in the directory.

    • TicketFlags - Kerberos ticket flags set on the current ticket in hexadecimal. The KerbTray tool displays these flags on the Flags tab.

    • TimeSkew - The reported time difference between the client computer and the server computer for a ticket.

  • purge > Allows you to delete a specific ticket. Purge tickets destroy all tickets that you have cached, so use this with caution. It might stop you from being able to authenticate to resources. If this happens you must log off, and then log on again.


Linkspeed.exe:
This utility shows the connection speed between computers on a network. Works in Windows XP Professional/2003.

Switches:
  • /s Server > Specifies the name or IP address of a computer. Fully qualified domain names (FQDNs), host names, and NetBIOS names in the Universal Naming Convention (UNC) (for example, \\Servername) are all accepted.

  • /dc > Checks the speed of the connection to a domain controller from the local computer.

  • /t Value > Specifies a threshold, in bytes, that adds information to the output of the tool. Output Descriptions:

    • 4 - Threshold specified is less than the actual value.

    • 5 - Threshold specified is equal to the actual value.

    • 6 - Threshold specified is greater than the actual value.

    • 9 - The threshold comparison errored.


List.exe:
The List Text File Tool displays and searches one or more text files. Unlike other text display tools, List does not read the whole file into memory when you open it. It allows a user to edit a text file in a hexadecimal format. This tool works in Windows 2003.

Switches:
  • /s:SearchString > Specifies the string to search for after opening the file.

  • /g:LineNumber > Specifies the line to go to after opening the file.

  • FileName > Specifies the name of the file or files to open and display. Use Ctrl+PageUp and Ctrl+PageDown to toggle between open files.


Logtime.exe:
The LogTime utility logs the start or finish of command-line programs from a batch file. This is useful for timing and tracking batch jobs such as mail-address imports. LogTime creates a log file called Logtime.log, with a date-and-time stamp next to the specified parameter (text_string in LogTime syntax). When called from within a batch file, the date-and-time stamp records when LogTime (with the given parameter) was run by the batch file. For example, if LogTime is run before and after a command-line program in a batch file, Logtime.log records the start and stop time of that program. This tool works in Windows 2000/XP/2003.

Switches:
  • TextString > Specifies the message to display.


Lsreport.exe:
Terminal Services Licensing Reporter creates a report on licenses granted by Terminal Services license servers. It connects to Terminal Services license servers to obtain information about the client access license packages installed on the available servers. LsReport then, by default, writes information about licenses to a tab-delimited file called Lsreport.txt, a file in the current directory. Works in Windows XP/2003.

Switches:
  • /f [Path]FileName > Allows an alternate file name (and optional path) to be specified for the log file. If an output file by the same name exists, it is overwritten. By default, LsReport writes all data to Lsreport.txt, a file in the working directory.

  • /d Start [End] > Writes, to the output file, only licenses considered to be valid between the start and end dates. If the end date is not specified, it defaults to the current date. Use the following format for specifying a date: mm/dd/yyyy.

  • /t > Restricts the report to temporary licenses. By default, LsReport reports on all licenses, temporary or otherwise.

  • /w > Writes, to the output file, the hardware identification of a licensed client if the license server is running Windows Server 2003. If the license server is running Windows 2000, LsReport does not write hardware information to the output file and does not display an error message.

  • ServerList > Lists Terminal Services license servers to be queried, separating the entries with spaces. If no list is specified, a list is obtained from the domain controller and all discoverable domain and enterprise Terminal Services license servers are queried. Use this option only to query specific servers.


Mcast.exe:
The Multicast Packet Tool can be used to send multicast packets or to listen for packets being sent to a multicast group address. Mcast is used to test multicast connectivity between computers on your network. Works in Windows XP/2003.

Switches:
  • /send > Sends packets out on the network.

  • /srcs:SourceAddress > Specifies the address(es) that are listed as the source in the sent multicast packets; this is a mandatory argument for the /send operation. Separate multiple source IP addresses with a comma.

  • /grps:GroupAddress > Specifies the multicast group address to which packets should be sent or from which packets should be received; this is a mandatory argument for both the /send and /recv operations.

  • /intvl:[PacketInterval] > Specifies the interval between sent packets, in milliseconds. If omitted, the default setting is 10.

  • /numpkts:[NumberPackets] > Specifies the number of packets to be sent from each source address provided to each group address provided. If omitted, the default setting is 100.

  • /ttl:[TimeToLive] > Specifies the time-to-live value of sent packets. If omitted, the default setting is 5.

  • /pktsize:[PacketSize] > Specifies the size of sent packets in bytes. If omitted, the default setting is 256.

  • /intf:[IPAddress] > Specifies the local interface to use for the Mcast tests. By default, Mcast uses the local adapter that is assigned the IP address specified in the Mcast packets.

  • /recv > Listens for multicast packets.

  • /dump:[packettype] > Displays the contents of received packets. Packettype specifies which packet types to display. If /dump: is omitted, the contents of the packet do not display. Valid packet types are:

    • 1 - bad packets

    • 2 - good packets

    • 3 - all packets

  • /runtime:[Duration] > Specifies, in minutes, the duration for which Mcast should run. If omitted, Mcast continues to run until manually stopped.


Memmonitor.exe:
Memory Monitor monitors the memory a process uses, and runs the process through a debugger when a given threshold is reached. Works in Windows 2000/XP/2003.

Switches:
  • /p ProcessID > Monitors the process specified by a ProcessID, a numerical ID assigned by the operating system to the process while it runs.

  • /pn Name > Monitors a process by using a specified Name. To find the name of a process, look in Task Manager or use the TaskList tool.

  • /ps Service > Monitors a process by using a specified Service name. To find the name of a service, look in the Services snap-in.

  • /wait > Notifies MemMonitor to wait for the specified process, if the process has not yet started.

  • /nodbg > Notifies Memmonitor that no debugger is present on the local computer. If no debugger is present on the local computer and the /nodbg parameter is not used, the following error message is displayed: "MemMon: Selected process does not have a debugger attached!".

  • /assumedbg > Instructs MemMonitor not to check for a debugger on the local computer. MemMonitor does this check by default. Use the /assumedbg parameter if a debugger is present on the local computer, but MemMonitor has displayed an error message stating that a debugger is not attached.

  • /int Seconds > Sets the interval, in seconds, between checks by MemMonitor. If omitted, the interval is 60 seconds.

  • /ws Value > Sets a threshold for the amount of memory, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.

  • /ppool Value > Sets a threshold for the amount of memory in the paged pool, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.

  • /nppool Value > Sets a threshold for the amount of memory in the nonpaged pool, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.

  • /vm Value > Sets a threshold for the amount of virtual memory, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.


Memmonitor.exe:
Memory Monitor monitors the memory a process uses, and runs the process through a debugger when a given threshold is reached. Works in Windows 2000/XP/2003.

Switches:
  • /p ProcessID > Monitors the process specified by a ProcessID, a numerical ID assigned by the operating system to the process while it runs.

  • /pn Name > Monitors a process by using a specified Name. To find the name of a process, look in Task Manager or use the TaskList tool.

  • /ps Service > Monitors a process by using a specified Service name. To find the name of a service, look in the Services snap-in.

  • /wait > Notifies MemMonitor to wait for the specified process, if the process has not yet started.

  • /nodbg > Notifies Memmonitor that no debugger is present on the local computer. If no debugger is present on the local computer and the /nodbg parameter is not used, the following error message is displayed: "MemMon: Selected process does not have a debugger attached!".

  • /assumedbg > Instructs MemMonitor not to check for a debugger on the local computer. MemMonitor does this check by default. Use the /assumedbg parameter if a debugger is present on the local computer, but MemMonitor has displayed an error message stating that a debugger is not attached.

  • /int Seconds > Sets the interval, in seconds, between checks by MemMonitor. If omitted, the interval is 60 seconds.

  • /ws Value > Sets a threshold for the amount of memory, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.

  • /ppool Value > Sets a threshold for the amount of memory in the paged pool, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.

  • /nppool Value > Sets a threshold for the amount of memory in the nonpaged pool, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.

  • /vm Value > Sets a threshold for the amount of virtual memory, in KB, that the monitored process can use. If the threshold is met or exceeded, MemMonitor stops the currently monitored process and begins debugging it.


Memtriage.exe:
This tool detects a possible resource leak on your system and records process information or current kernel pool information and saves it to a log file. Then you use MemTriage to analyze the log file and diagnose issues with any system resource, including memory, handles, Graphics Device Interface, user resources, and the kernel. After issues are identified, MemTriage generates a report and instructions about what to do next. Works in Windows 2003. Must be a member of the administrators group.

Switches:
  • /m > Takes a snapshot of the current system and process information and saves it to a log file.

  • /p > Takes a snapshot of the current kernel pool information and saves it to a log file.

  • /mp > Takes a snapshot of the current system, process, and kernel pool information and saves it to a log file.

  • /h ProcID > Takes a snapshot of the current heap information for the specified process and saves it to a log file. ProcID identifies the process for which you are recording or analyzing heap information. This parameter is required by the /h and /pid parameters.

  • /t > Takes a snapshot of the current requested type of information, adds information about when the snapshot was taken, and saves the information to a log file. The information about the snapshot includes:
    • Date - MemTriage uses the format YYYY/MM/DD.

    • Time - MemTriage uses Coordinated Universal Time (Greenwich Mean Time).

  • /w Length > Specifies that there will be a specific number of minutes (Length) between multiple snapshots.

  • /a [/pid ProcID] > Analyzes the log file containing several snapshots of the same type (process or pool information) and displays resources for which there was an increase every time a snapshot was taken. If you are analyzing heap information, you must use the /pid parameter and specify the process ID.

  • /s [/r RuleFile.ini /pid ProcID] > Analyzes a log file containing a single snapshot and displays resources for which there was an increase every time a snapshot was taken. If you are analyzing heap information, you must specify that it be analyzed according to a rule file and specify the process ID.

  • LogFile.log > Records resource usage. This is a required parameter.


Mibcc.exe:
SNMP MIB Compiler compiles SNMP Management Information Base files. Use this tool when you want SNMP Management API to use a new or updated MIB. Works in Windows XP/2003. Must be a member of the administrators group on the target computer. The SNMP service must be running on the target computer.

Switches:
  • -ex > Stops after x number of errors. (Default = 10)

  • -l > Supresses the MIBCC logo display. By default this logo displays before any output.

  • -n > Displays information on each node as it is added.

  • -oFileName > Displays the updated MIB tree when the MIBCC command is complete.

  • -wx > Sets warning level of x as follows:

    • 0 - Silent (default value)

    • 1 - Errors Only

    • 2 - Warnings

    • 3 - Errors and Warnings

  • File File > Specifies the name(s)of the .mib file(s) to be compiled. You must include, in this list, all MIBs that you want SNMP to use. If the files are not in the current directory, include the full path of the file in quotation marks.


Moveuser.exe:
Move User changes the security of a user profile so that it can be associated with a different user account. Use MoveUser after moving a user to a different domain so that the user can keep the user profile associated with the original user account. Works in Windows 2000/XP Professional/2003. Must have administrative rights on the old and new domain.

Switches:

  • OldUserAccount > Specifies a user who has a local profile. Specify domain and user names in the Domain/User or the user principal name (UPN) format. If Domain is omitted, OldUserAccount is assumed to belong to the domain of the current user.

  • NewUserAccount > Specifies the user who will own the OldUserAccount profile. This account must already exist. Specify domain and user names in the Domain/User or the user principal name (UPN) format. If Domain is omitted, NewUserAccount is assumed to belong to the domain of the current user.

  • /c:Computer > Specifies a remote computer on which to make the changes. If omitted, the local computer is assumed. Use this parameter to move the user profile to a new computer.

  • /k > Specifies that OldUserAccount resides in the local database of the computer and should not be deleted after the profile is moved.

  • /y > Directs MoveUser to overwrite any existing profiles.



Under Construction
The rest are coming soon!





Comments (1)

Review By: jsprague [01/17/2010]
Review Text: Very helpful. Wish it were finished

Items Per Page:



Related Items








7 Seconds Resources, Inc.




IT Showcase