marskarthik.com

EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid
[/L logname] [/SO srcname] /T type /D description

Description:
This command line tool enables an administrator to create
a custom event ID and message in a specified event log.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/L logname Specifies the event log to create
an event in.

/T type Specifies the type of event to create.
Valid types: ERROR, WARNING, INFORMATION.

/SO source Specifies the source to use for the
event. A valid source can be any string
and should represent the application or
component that is generating the event.

/ID id Specifies the event ID for the event. A
valid custom message ID is in the range
of 1 - 1000.

/D description Specifies the description to be set for
the newly creating event.

/? Displays this help/usage.

Examples:
EVENTCREATE /T ERROR /ID 100
/L APPLICATION /D “Create an event in application log”

EVENTCREATE /T ERROR /ID 999 /L APPLICATION
/SO WinWord /D “new source Winword in application log”

EVENTCREATE /S system /T ERROR /ID 100
/L APPLICATION /D “Remote system without user credentials”

EVENTCREATE /S system /U user /P password /ID 100 /T ERROR
/L APPLICATION /D “Remote machine with user credentials”

EVENTCREATE /S system /U domain\user /ID 100 /T WARNING
/SO MyBatchFile.cmd /D “Maintenance script user logon failed”

DRIVERQUERY [/S system [/U username [/P [password]]]]
[/FO format] [/NH] [/SI] [/V]
Description:
Enables an administrator to enumerate and display the list of
installed device drivers as well as their properties.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context
under which the command should execute.

/P [password] Specify the Password for the given
user context. Prompts for input if omitted.

/FO format Specifies the type of output to display.
Valid values to be passed with the
switch are “TABLE”, “LIST”, “CSV”.

/NH Specifies that the “Column Header”
should not be displayed in the
screen output. Valid for “TABLE”
and “CSV” format only.

/V Displays detailed information. Not valid
for signed drivers.

/SI Provides information about signed drivers.

/? Displays this Help/Usage.

Examples:
DRIVERQUERY
DRIVERQUERY /FO CSV /SI
DRIVERQUERY /NH
DRIVERQUERY /S ipaddress /U user /V
DRIVERQUERY /S system /U domain\user /P password /FO LIST

OPENFILES /Disconnect [/S system [/U username [/P [password]]]]
{[/ID id] [/A accessedby] [/O openmode]}
[/OP openfile]

Description:
Enables an administrator to disconnect files and folders that have
been opened remotely through a shared folder.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which the
command should execute.

/P [password] Specifies the password for the given user
context. Prompts for input if omitted.

/ID open file ID Specifies to disconnect open files by file ID.
The “*” wildcard may be used.

/A username Specifies to disconnect all open files by
“accessed by” value. The “*” wildcard
may be used.

/O open mode Specifies to disconnect all open files by
“openmode” value. Valid values are Read,
Write or Read/Write. The “*” wildcard
may be used.

/OP open file Specifies to disconnect all open file
connections created by a specific “open
file” name. The “*” wildcard may be used.

/? Displays this help/usage.

Examples:
OPENFILES /Disconnect /?
OPENFILES /Disconnect /ID 1
OPENFILES /Disconnect /A username
OPENFILES /Disconnect /O Read/Write
OPENFILES /Disconnect /OP “c:\My Documents\somedoc.doc” /ID 234
OPENFILES /Disconnect /S system /U username /ID 5
OPENFILES /Disconnect /S system /U username /P password /ID *

OPENFILES /Query [/S system [/U username [/P [password]]]]
[/FO format] [/NH] [/V]

Description:
Enables an administrator to display a list of files and folders that
have been opened on a system.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given user
context. Prompts for input if omitted.

/FO format Specifies the format in which the output is
to be displayed.
Valid values: “TABLE”,”LIST”,”CSV”.

/NH Specifies that the “Column Header” should
not be displayed in the output.
Valid only for “TABLE” and “CSV” formats.

/V Specifies that the detailed information
should be displayed in the output.

/? Displays this help/usage.

Examples:
OPENFILES /?
OPENFILES /Query
OPENFILES /Query /FO csv /NH
OPENFILES /Query /FO LIST /V
OPENFILES /Query /S system /U username /P password /NH

SYSTEMINFO [/S system [/U username [/P [password]]]] [/FO format] [/NH]

Description:
This command line tool enables an administrator to query for basic
system configuration information.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/FO format Specifies the format in which the output
is to be displayed.
Valid values: “TABLE”, “LIST”, “CSV”.

/NH Specifies that the “Column Header” should
not be displayed in the output.
Valid only for “TABLE” and “CSV” formats.

/? Displays this help/usage.

Examples:
SYSTEMINFO
SYSTEMINFO /?
SYSTEMINFO /S system
SYSTEMINFO /S system /U user
SYSTEMINFO /S system /U domain\user /P password /FO TABLE
SYSTEMINFO /S system /FO LIST
SYSTEMINFO /S system /FO CSV /NH

TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

Description:
This command line tool displays a list of application(s) and
associated task(s)/process(es) currently running on either a local or
remote system.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/M [module] Lists all tasks that have DLL modules loaded
in them that match the given pattern name.
If the module name is not specified,
displays all modules loaded by each task.

/SVC Displays services in each process.

/V Specifies that the verbose information
is to be displayed.

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/FO format Specifies the output format.
Valid values: “TABLE”, “LIST”, “CSV”.

/NH Specifies that the “Column Header” should
not be displayed in the output.
Valid only for “TABLE” and “CSV” formats.

/? Displays this help/usage.

Filters:
Filter Name Valid Operators Valid Value(s)
———– ————— ————–
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number
SESSIONNAME eq, ne Session name
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
MODULES eq, ne DLL name

Examples:
TASKLIST
TASKLIST /M
TASKLIST /V
TASKLIST /SVC
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”

TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]

Description:
This command line tool can be used to end one or more processes.
Processes can be killed by the process id or image name.

Parameter List:
/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/F Specifies to forcefully terminate
process(es).

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/PID process id Specifies the PID of the process that
has to be terminated.

/IM image name Specifies the image name of the process
that has to be terminated. Wildcard ‘*’
can be used to specify all image names.

/T Tree kill: terminates the specified process
and any child processes which were started by it.

/? Displays this help/usage.

Filters:
Filter Name Valid Operators Valid Value(s)
———– ————— ————–
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title

NOTE: Wildcard ‘*’ for the /IM switch is accepted only with filters.

NOTE: Termination of remote processes will always be done forcefully
irrespective of whether /F option is specified or not.

Examples:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI “PID ge 1000″ /FI “WINDOWTITLE ne untitle*”
TASKKILL /F /FI “USERNAME eq NT AUTHORITY\SYSTEM” /IM notepad.exe
TASKKILL /S system /U domain\username /FI “USERNAME ne NT*” /IM *
TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”
TASKKILL /S 192.168.1.52 /U administrator /P password /F /IM “notepad.exe”

To enable File and Print Sharing in Firewall
netsh firewall set service type = FILEANDPRINT mode = ENABLE

To disable File and Print Sharing in Firewall
netsh firewall set service type = FILEANDPRINT mode = DISABLE

To enable Remote Desktop in Firewall
netsh firewall set service type = REMOTEDESKTOP mode = ENABLE

To disable Remote Desktop in Firewall
netsh firewall set service type = REMOTEDESKTOP mode = DISABLE

To enable Remote Admin in Firewall
netsh firewall set service type = REMOTEADMIN mode = ENABLE

To disable Remote Admin in Firewall
netsh firewall set service type = REMOTEADMIN mode = DISABLE