Windows Command Line

Today I need to run some special commands in windows 2008 server, I think it would be useful to keep the TechNet link and some of them here, just in case I need them again.

1: System File Checker

Malicious software will often attempt to replace core system files with modified versions in an effort to take control of the system. The System File Checker can be used to verify the integrity of the Windows system files. If any of the files are found to be missing or corrupt, they will be replaced. You can run the System File Checker by using this command:

sfc /scannow

2: File Signature Verification

One way to verify the integrity of a system is to make sure that all the system files are digitally signed. You can accomplish this with the File Signature Verification tool. This tool is launched from the command line but uses a GUI interface. It will tell you which system files are signed and which aren’t. As a rule, all the system files should be digitally signed, although some hardware vendors don’t sign driver files. The command used to launch the File Signature Verification tool is:


3: Driverquery

Incorrect device drivers can lead to any number of system problems. If you want to see which drivers are installed on a Windows 7 system, you can do so by running the driverquery tool. This simple command-line tool provides information about each driver that is being used. The command is:


If you need a bit more information, you can append the -v switch. Another option is to append the -si switch, which causes the tool to display signature information for the drivers. Here’s how they look:

driverquery -v
driverquery -si

4: Nslookup

The nslookup tool can help you to verify that DNS name resolution is working correctly. When you run nslookup against a host name, the tool will show you how the name was resolved, as well as which DNS server was used during the lookup. This tool can be extremely helpful when troubleshooting problems related to legacy DNS records that still exist but that are no longer correct.

To use this tool, just enter the nslookup command, followed by the name of the host you want to resolve. For example:


5: Ping

Ping is probably the simplest of all diagnostic commands. It’s used to verify basic TCP/IP connectivity to a network host. To use it, simply enter the command, followed by the name or IP address of the host you want to test. For example:


Keep in mind that this command will work only if Internet Control Message Protocol (ICMP) traffic is allowed to pass between the two machines. If at any point a firewall is blocking ICMP traffic, the ping will fail.

6: Pathping

Ping does a good job of telling you whether two machines can communicate with one another over TCP/IP, but if a ping does fail, you won’t receive any information regarding the nature of the failure. This is where the pathping utility comes in.

Pathping is designed for environments in which one or more routers exist between hosts. It sends a series of packets to each router that’s in the path to the destination host in an effort to determine whether the router is performing slowly or dropping packets. At its simplest, the syntax for pathping is identical to that of the ping command (although there are some optional switches you can use). The command looks like this:


7: Ipconfig

The ipconfig command is used to view or modify a computer’s IP addresses. For example, if you wanted to view a Windows 7 system’s full IP configuration, you could use the following command:

ipconfig /all

Assuming that the system has acquired its IP address from a DHCP server, you can use the ipconfig command to release and then renew the IP address. Doing so involves using the following commands:

ipconfig /release
ipconfig /renew

Another handy thing you can do with ipconfig is flush the DNS resolver cache. This can be helpful when a system is resolving DNS addresses incorrectly. You can flush the DNS cache by using this command:

ipconfig /flushdns

8: Repair-bde

If a drive that is encrypted with BitLocker has problems, you can sometimes recover the data using a utility called repair-bde. To use this command, you will need a destination drive to which the recovered data can be written, as well as your BitLocker recovery key or recovery password. The basic syntax for this command is:

repair-bde <source> <destination> -rk | rp <source>

You must specify the source drive, the destination drive, and either the rk (recovery key) or the rp (recovery password) switch, along with the path to the recovery key or the recovery password. Here are two examples of how to use this utility:

repair-bde c: d: -rk e:recovery.bek
repair-bde c: d: -rp 111111-111111-111111-111111-111111-111111

9: Tasklist

The tasklist command is designed to provide information about the tasks that are running on a Windows 7 system. At its most basic, you can enter the following command:


The tasklist command has numerous optional switches, but there are a couple I want to mention. One is the -m switch, which causes tasklist to display all the DLL modules associated with a task. The other is the -svc switch, which lists the services that support each task. Here’s how they look:

tasklist -m
tasklist -svc

10: Taskkill

The taskkill command terminates a task, either by name (which is referred to as the image name) or by process ID. The syntax for this command is simple. You must follow the taskkill command with -pid (process ID) or -im (image name) and the name or process ID of the task that you want to terminate. Here are two examples of how this command works:

taskkill -pid 4104
taskkill -im iexplore.exe


What is the Primary SMTP email address

Testing a software recently, however still can’t get it up and running properly.  I have been dealing with the support guys but not having much luck, and they keeps on complaining about our Exchange.  He wants me to generate a list of the primary smtp email address for each mailbox user, so I find this post from on Google –

Thanks Xaegr and Karl’s scriptblock!!  This is only applicable to Exchange 2007 and 2010 powershell.

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,ServerName,PrimarySmtpAddress, @{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq “smtp”} | ForEach-Object {$_.SmtpAddress}}} | Export-Csv <csv file> –NoTypeInformation

With the above powershell script, you will be able to extract all Mailbox name, primary server, primary smtp and if any secondary smtp addresses.  Especially with the “Export” at the end to output it into a CSV file, I can read properly with Excel, but don’t forget to change the file name and path before running this script.



New gigabit switch not gigabit???

You see, as an IT person, we do learn new things every day.

We recently replaced some old 100Mbps switches to 1000Mbps smart switches, guess what!  it runs slower than before.  We didn’t realize that initially, and then the users can felt a little slower but still acceptable, or sometime it become very slow, but it comes back after a while.  We reported as a fault to the network management company, they reckon both gigabit switches are faulty, they can only ping at 510 bytes but not the normal 1500 bytes to the end device.

I don’t even know you can ping at different rate, so I found out this comment

ping -l [size in bytes] ip

Ping -l 2000 will ping the IP with 2000 bytes

Type ping /? for more options

(note: l = a small L)

if you have a slower network with good equipment, may be you should give this a try.

Outgoing SMTP on the go

I have been working with outlook for quite sometime now (well over 10 years actually), I only found out this solution to fix our mobile user problem today.   What they want to do is send/receive email on their laptop while they are on the road, it is now very easy with their USB wifi dongle.  however they can’t send email, the outgoing server didn’t authenticate properly.

I tried with the setting “POP before SMTP”  but very interesting, it still doesn’t want to work.  I ended up finding a simple answer, change the SMTP port from 25 to 587.  Apparently some ISP doesn’t let you route with their port 25, so we can only use port 587, which this port doesn’t have the encryption.  Most importantly it fixed the problem and works for the users.

Shrinking file in MSSQL 2008

If you have worked with previous version of SQL server, you know there is always an issue – the log file growing very fast and big.  If you have plenty of storage, then this might not be a problem for you.  Anyway, this has no exception in the latest version of SQL, we still have to do something to truncate and shrink these files, however they have changed the script command a little bit, so I would like to share with everyone as usual.

Here is the link to the official Technet page, it gives good examples and explanations.

For example if we need to shrink the size of log file to 100MB, the code will look like

USE databaseName;
-- Truncate the log by changing the database recovery model to SIMPLE.
-- Shrink the truncated log file to 100 MB.
DBCC SHRINKFILE (database_Logfile, 100);
-- Reset the database recovery model.


Run this script in the query screen, you will notice the file size changes in seconds.


“Ping” Command doesn’t work

Quite often that some of the command doesn’t work in the command prompt, showing some errors like

‘ping’ is not recognized as an internal or external command
‘defrag’ is not recognized as an internal or external command
‘ipconfig’ is not recognized as an internal or external command

but every time I forget about the fix, so let me put it here this time.

For Windows XP:

Right click “My Computer” and click “Properties”. Click the “Advanced” tab up top followed by the “Environment Variables” button at the bottom. In the 2nd list box, scroll down to the 5th or 6th entry “Path”, select it and click “Edit”. Add “%SystemRoot%system32;%SystemRoot%;” (minus the quotes) to the beginning of the line. Okay the changes and try out your commands now.

Cannot open outlook attachment

Today a user reported that she can’t open up an attachment in one of the email, then I went to try a few different things – one typical approach  “REBOOT COMPUTER”.  No!  not this time, it’s still can’t open.  The user is actually saying this is not the first time, the previous times were able to fix by close and open up Outlook, but this time don’t work.

Went on Google search, I found the problem very interesting.  It’s saying about permission problem with the “Temporary Internet Files” folder, and it’s suggesting to do a registry hack.  But this folder is not on network, it’s on local C drive, and this user is in a local administrators group.  Anyway, it doesn’t work!  So before I want to do this hacking, let me go to clean up the “Temporary Internet Files” folder under Internet Options.  Again, it still doesn’t work.

Then I followed the instruction from M$ Support, rebooted the computer, problem solved.

As you would imagine that local administrators group has full permission, how can it lose its permission to this folder?  To me, it’s a mystery~~

Recover single mailbox/file/folder from Exchange 2007

I have been backing up Exchange store many years, but to be honest, I have never ever used it to restore any mailbox or data.  The time finally comes, one of the director has a missing folder in his Exchange mailbox, we looked everywhere but still can’t find it, thus I have no other option but to do a recovery.

Surprisingly, it is not too difficult with the new Exchange console.  I found this article from Petri by Daniel Petri, he did a brilliant job of demonstrating steps.  I want to share with everyone.  By using this method, not only can restore the mailbox, it can also restore specific folder or even specific file or subject line, it’s a very useful and powerful tool.

Just 2 little things I would like to add, you need to make sure that the user mailbox has enough storage to merge/copy the backup, temporary increase it if necessary, and also make sure that you follow the exact steps, don’t skip steps because you are too smart 😛