15 CMD Commands Every Windows User Should Know

Microsoft has slowly but surely pushed the command line aside in the Windows interface. This is not without reason, as it’s an antiquated and mostly unnecessary tool from an era of text-based input that has long passed.

But there still are some commands that remain useful, and Windows 8 even added new features. Here are the commands every Windows user needs to know.

In case you’re not sure how to access the command prompt, forgot basic commands, or would like to know how to see a list of switches for each command, you can refer to our beginners guide to the Windows command line for instructions.

ASSOC

Most files in Windows are associated with a specific program that is assigned to open the file by default. At times, remembering these associations can become confusing. You can remind yourself by entering the command “assoc” to display a full list of file extensions and the programs they’re connected with.

You can also extend the command to change file associations. For example, “assoc .txt=” will change the file association for text files to whatever program you enter after the equal sign. The ASSOC command itself will reveal both the extension names and program names, which will help you properly use this command. You can probably do this more easily in the GUI, but the command line interface is a perfectly functional alternative.

Cipher

Deleting files on a mechanical hard drive doesn’t really delete them at all. Instead, it marks the files as no longer accessible and the space they took up as free. The files remain recoverable until they’re overwritten with new data, which can take some time.

The cipher command, however, can be used to wipe a directory by writing random data to it. To wipe your C drive, for example, you’d use the command “cipher /w:c”, which will wipe free space on the drive. The command does not overwrite undeleted data, so you will not wipe out files you need by running this command.

There’s also a host of other cipher commands, however, they are generally redundant with Bitlocker enabled versions of Windows.

Driverquery

Drivers remain among the most important software installed on a PC. Improperly configured or missing drivers can cause all sorts of trouble, so its good to have access to a list of what’s on your PC. That’s exactly what the “driverquery” command does. You can extend it to “driverquery -v” to obtain more information including the directory in which the driver is installed.

File Compare

This command can be used to identify differences in text between two files, and is particularly useful for writers and programmers trying to find small changes between two versions of a file. Simply type “fc” and then the directory path and file name of the two files you want to compare.

You can also extend the command in several ways. Typing “/b” compares only binary output, “/c” disregards the case of text in the comparison, and “/l” only compares ASCII text.

So, for example, you could use the following:

fc /l "C:\Program Files (x86)\example1.doc" "C:\Program Files (x86)\example2.doc"

to compare ASCII text in two word documents

Ipconfig

This command relays the IP address that your computer is currently using. However, if you’re behind a router (like most computers today), you’ll instead receive the local network address of the router.

Still, ipconfig is useful because of its extensions. “ipconfig /release” followed by “ipconfig /renew” can force your Windows PC into asking for a new IP address, which is useful if your computer claims one isn’t available. You can also use “ipconfig /flushdns” to refresh your DNS address. These commands are great if the Windows network troubleshooter chokes, which does happen on occasion.

Netstat

Entering the command “netstat -an” will provide you with a list of currently open ports and related IP addresses. You’ll also be told what state the port is in – listening, established or closed. This is a great command if you’re trying to troubleshoot the devices your PC is connected to or you’re afraid you’re infected with a Trojan and are trying to locate a malicious connection.

Ping

Sometimes, you need to know whether or not packets are making it to a specific networked device. That’s where ping comes in handy. Typing “ping” followed by an IP address or web domain will send a series of test packets to the specified address. If they arrive and are returned, you know the device is capable of communicating with your PC; if it fails, you know that there’s something blocking communication between the device and your computer. This can help you decide if an issue is caused by improper configuration or a failure of network hardware.

Pathping

This is a more advanced version of ping that’s useful if there are multiple routers between your PC and the device you’re testing. Like ping, you use this command by typing “pathping” followed by the IP address, but unlike ping, pathping also relays some information about the route the test packets take.

Tracert

The “tracert” command is similar to pathping. Once again, type “tracert” followed by the IP address or domain you’d like to trace. You’ll receive information about each step in the route between your PC and the target. Unlike pathping, however, tracert also tracks how much time (in milliseconds) each hop between servers or devices takes.

Powercfg

Powercfg is a very powerful command for managing and tracking how your computer uses energy. You can use the command “powercfg /hibernate on” and “powercfg /hibernate off” to manage hibernation, and you can also use the command “powercfg /a” to view the power-saving states currently available on your PC.

Another useful command is “powercfg /devicequery s1_supported” which displays a list of devices on your computer that support connected standby. When enabled, these devices can be used to bring your computer out of standby – even remotely. You can enable this by selecting the device in Device Manager, opening its properties, going to the Power Management tab and then checking the “Allow this device to wake the computer” box.

“Powercfg /lastwake” will show you what device last woke your PC from a sleep state. You can use this command to troubleshoot your PC if it seems to wake from sleep at random.

The “powercfg /energy” command can be used to build a detailed power consumption report for your PC, which is output to a directory indicated after the command finishes. This report will let you know of any system faults that might increase power consumption, like devices that are blocking certain sleep modes, or which aren’t properly configured to respond to your power management settings.

Windows 8 added “powercfg /batteryreport”, which provides a detailed analysis of battery use, if applicable. Normally output to your Windows user directory, the report provides details about the time and length of charge and discharge cycles, lifetime average battery life, and estimated battery capacity.

Shutdown

As of Windows 8/8.1 there is now a shutdown command that – you guessed it! – shuts down your computer. This is of course redundant with the already easily accessed shutdown button, but what’s not redundant is the “shutdown /r /o” command, which restarts your PC and launches the Advanced Start Options menu, which is where you can access Safe Mode and Windows recovery utilities. This is useful if you want to restart your computer for troubleshooting purposes.

System File Checker

System File Checker is an automatic scan and repair tool that focuses on Windows system files. You will need to run the command prompt with administrator privileges and enter the command “sfc /scannow”. If any corrupt or missing files are found, they’ll be automatically replaced using cached copies kept by Windows for just that purpose. The command can require a half-hour to run on older notebooks.

Recovery Image

Virtually all Windows 8/8.1 computers ship from the factory with a recovery image, but the image may include bloatware you’d rather not have re-installed. Once you’ve un-installed the software you can create a new image using the “recimg” command. Entering this command presents a very detailed explanation of how to use it. You must have administrator privileges to use the recimg command, and you can only access the custom recovery image you create via the Windows 8 “refresh” feature.

Tasklist

The “tasklist” command can be used to provide a current list of all tasks running on your PC. Though somewhat redundant with Task Manager, the command may sometimes find tasks hidden from view in that utility.

There’s also a wide range of modifiers. “Tasklist -svc” shows services related to each task, “tasklist -v” can be used to obtain more detail on each task, and “tasklist -m” can be used to locate .dll files associated with active tasks. These commands are useful for advanced troubleshooting.

Taskkill

Tasks that appear in the “tasklist” command will have an executable and process ID (a four-digit number) associated with them. You can force stop a program using “taskkill -im” followed by the executable’s name, or “taskkill -pid” followed by the process ID. Again, this is a bit redundant with Task Manager, but may be used to kill otherwise unresponsive or hidden programs.

Conclusion

This article doesn’t cover every Windows command available. There are literally hundreds of them when all variables are included. Most, however, are no longer useful because they’ve been replaced by more convenient menus in the Windows GUI or simply aren’t commonly used (telnet, for example).

Administer Windows Server 2008 Server Core from the Command Prompt

To become an expert in administering Server Core from the command prompt, you need the following:
   . Familiarity with using the command-line tools included in Windows Server 2008
   . Knowledge of which tools can be used to administer a particular role or feature, as well as to perform a particular type of task

Here’s a quick guide to some of the more useful command-line tools you can use for performing specific types of administrative tasks in Server Core. The list is not meant to be complete and the task areas in it are not ordered in any particular way. Also, while most of the tools listed in this table are command-line tools, a few of them are scripts or GUI tools.

Task: View system information
  - Msinfo32
  - Set
  - Systeminfo

Task: View user information
  - Whoami

Task: Manage users and groups
- Net accounts
- Net group
- Net localgroup
- Net user

Task: View or change computer name
- Hostname
- Netdom renamecomputer

Task: Join or leave a domain
- Netdom join

Task: Log off or shut down
- Logoff
- Shutdown

Task: Configure networking
- Ipconfig
- Netsh interface
- Netsh routing
- Route

Task: Configure Windows Firewall
- Netsh advfirewall

Task: Configure Internet Protocol security (IPsec)
- Netsh ipsec
- Scregedit.wsf

Task: Activate Windows
- Slmgr.vbs

Task: Manage services
- Net continue
- Net pause
- Net start
- Net stop
- Sc
- Tasklist

Task: Manage processes
- Taskkill
- Tasklist
- Taskmgr

Task: Manage tasks
- At
- Schtasks

Task: Collect and analyze performance data
- Logman
- Relog
- Typeperf

Task: View events and manage event logs
- Wevtutil

Task: Manage disks and storage
- Compact
- Defrag
- Diskpart
- Diskraid
- Mountvol

Task: Manage Volume Shadow Copy Service (VSS)
- Vssadmin
- Cacl

Task: Manage file systems and file permissions
- Convert
- Fsutil
- Icacls
- Takeown

Task: Manage files
- Openfiles
- Sigverif

Task: Manage shares and share permissions
- Net share

Task: Manage the registry
- Reg
- Regedit

Task: Install and manage drivers
- Driverquery
- Pnputil
- Sc

Task: Install and manage updates
- Pkgmgr
- Scregedit.wsf
- Systeminfo
- Wuauclt
- Wusa

Task: Install roles and features
- Oclist
- Ocsetup

Task: Install applications
- Msiexec

Task: Manage Group Policy
- Gpresult
- Gpupdate
- Secedit

Task: Manage certificates
- Certreq
- Certutil

Task: Manage Terminal Services (Remote Desktop for Administration)
- Change
- Logoff
- Msg
- Mstsc
- Qappsrv
- Qprocess
- Query
- Qwinsta
- Reset session
- Rwinsta
- Shadow
- Tscon
- Tsdiscon
- Tskill

Source:technet.microsoft.com

Disabling an Unused Part of Group Policy Objects

Another way to disable a policy is to disable an unused part of the GPO. When you do this, you block the Computer Configuration or User Configuration settings, or both, and don’t allow them to be applied. By disabling part of a policy that isn’t used, the application of GPOs and security will be faster.

You can enable and disable policies partially or entirely by following these steps:

1. In the GPMC, select the container for the site, domain, or OU with which you want to work.

2. Select the policy object you want to work with, and then click the Details tab in the right pane.

3. Choose one of the following status settings from the GPO Status list and click OK when prompted to confirm that you want to change the status of this GPO:

- All Settings Disabled Disallows processing of the policy object and all its settings.

- Computer Configuration Settings Disabled Disables processing of Computer Configuration settings.   This means that only User Configuration settings are processed.

- Enabled Allows processing of the policy object and all its settings.

- User Configuration Settings Disabled Disables processing of User Configuration settings. This means that only Computer Configuration settings are processed.

Source:technet.microsoft.com

Quickly Map a Network Drive in Windows Vista and Windows Server 2008

In Windows Server 2008, you connect to a network drive by mapping to it using NET USE and the following syntax:

net use Device \\ComputerName\ShareName


In this example, “Device” is where you specify the drive letter. Or you can use * to specify that you want to use the next available drive letter. And \\ComputerName\ShareName is the UNC path to the share. So, in practice, it looks something like this:

net use g: \\ROMEO\DOCS

Or

net use * \\ROMEO\DOCS


Note that you should add the /Persistent:Yes option to ensure that the mapped drive is available each time the user logs on.

If the client computer is running Windows Vista, one way to map network drives is to follow these steps:

1. While the user is logged on, open any Windows Explorer view on the user’s computer.
2. From the Tools menu, select Map Network Drive. This opens the Map Network Drive page.
3. Using the Drive drop-down list, you can now create a network drive for a shared resource. Select a free drive letter to create a network drive that can be accessed in Windows Explorer.
4. In the Folder text box, type the UNC path to the desired share. For example, to access a share called DOCS on a server called ROMEO, you’d use the path \\ROMEO\DOCS. If you don’t know the share location, click Browse to search for available shares. After selecting the appropriate share, click OK to close the Browse For Folder dialog box.
5. If you want the network drive to be automatically connected in subsequent sessions, select the Reconnect At Logon check box. Otherwise, clear this check box to later establish a connection whenever you double-click the network drive.
6. To connect using a different user name from the logon name, click Different User Name, and then type a user name and password for the connection. Click OK to close the Connect As dialog box.
7. Click Finish to map the network drive.

Source: technet.microsoft.com

Create and Restore Shadow Copies on Windows Server 2008

Create Shadow Copies

To create a shadow copy on an NTFS volume with shared folders, follow these steps:

1. Start Computer Management. If necessary, connect to a remote computer.

2. In the console tree, expand Storage and then select Disk Management. The volumes configured on the selected computer are displayed in the details pane.

3. Right-click Disk Management, point to All Tasks, and then select Configure Shadow Copies.

4. On the Shadow Copies tab, select the volume you want to work within the “Select A Volume” list.

5. Click Settings to configure the maximum size of all shadow copies for this volume and to change the default schedule. When you’re finished, click OK twice.

6. If necessary, click Enable after you’ve configured the volume for shadow copying. When prompted to confirm this action, click Yes. This creates the first shadow copy and sets the schedule for later shadow copies.

Note that if you create a run schedule when configuring the shadow copy settings, shadow copying is enabled automatically for the volume when you click OK to close the Settings dialog box.

Restore Shadow Copies

Users on client computers access shadow copies of individual shared folders using the Previous Versions or Shadow Copy client. The best way to access shadow copies on a client computer is to follow these steps:

1. Right-click the share for which you want to access previous file versions, choose Properties and then click the Previous Versions tab.

2. Then select the folder version that you want to work with. Each folder has a date and time stamp.

3. Then click the button corresponding to the action you want to perform:

     - Click Open to open the shadow copy in Windows Explorer.

     - Click Copy to display the Copy Items dialog box, which lets you copy the snapshot image of the folder         to the location you specify.

     - Click Restore to roll back the shared folder to its state at the time of the snapshot image you selected.

Source:technet.microsoft.com

Update DHCP Statistics Automatically

The DHCP console provides statistics concerning IPv4 and IPv6 address availability and usage. By default, these statistics are updated only when you start the DHCP console or when you select the server and then click the Refresh button on the toolbar.

If you monitor DHCP routinely, you might want these statistics to be updated automatically.

To do that, follow these steps:
1. In the DHCP console, expand the node for the server you want to work with, right-click IPv4 or IPv6 as appropriate for the type of address you want to work with, and then click Properties.
2. On the General tab, select Automatically Update Statistics Every and enter an update interval in hours and minutes. Click OK.

Five Command Line Tools for Managing Group Policy

Here are five command line tools you should keep handy when managing Group Policy throughout your organization.

GPMC If you know anything about Group Policy, you probably know that GPMC is used to manage Active Directory-based Group Policy. GPMC provides a comprehensive set of Component Object Model (COM) interfaces that you can use to script many operations.

GPFIXUP This is used to resolve domain name dependencies in Group Policy objects and Group Policy links after a domain rename operation.

GPRESULT You can use this tool to see what policy is in effect and to troubleshoot policy problems.

GPUPDATE This lets you refresh Group Policy manually. Gpupdate replaces the SECEDIT /refreshpolicy tool that was available in Windows 2000. If you type gpupdate at a command prompt, both the Computer Configuration settings and the User Configuration settings in Group Policy will be refreshed on the local computer.

LDIFDE This tool is used to import and export directory information. You can use LDIFDE to help you perform advanced backup and recovery of policy settings that are stored outside of GPOs. Specifically, you can use this tool to back up and restore a large number of Windows Management Instrumentation (WMI) filters at one time.

Source:technet.microsoft.com

Use Built-In Tools to Create Partitions and Volumes in Windows Server

Windows Server 2008 simplifies the Disk Management user interface by using one set of dialog boxes and wizards for both partitions and volumes. The first three volumes on a basic drive are created automatically as primary partitions. If you try to create a fourth volume on a basic drive, the remaining free space on the drive is converted automatically to an extended partition with a logical drive of the size you designate by using the new volume feature it created in the extended partition. Any subsequent volumes are created in the extended partitions and logical drives automatically.

In Disk Management, you create partitions, logical drives, and simple volumes by following these steps:

1. In Disk Management’s Graphical View, right-click an unallocated or free area and then choose New Simple Volume. This starts the New Simple Volume Wizard. Read the Welcome page and then click Next.

2. The Specify Volume Size page specifies the minimum and maximum size for the volume in megabytes (MB) and lets you size the volume within these limits. Size the partition in MB in the Simple Volume Size field and then click Next.

3. On the Assign Drive Letter Or Path page, specify whether you want to assign a drive letter or path and then click Next. The following options are available:

Assign The Following Drive Letter Choose this option to assign a drive letter. Then select an available drive letter in the selection list provided. By default, Windows Server 2008 selects the lowest available drive letter and excludes reserved drive letters as well as those assigned to local disks or network drives.

Mount In The Following Empty NTFS Folder Choose this option to mount the partition in an empty NTFS folder. You must then type the path to an existing folder or click Browse to search for or create a folder to use.

Do Not Assign A Drive Letter Or Drive Path Choose this option if you want to create the partition without assigning a drive letter or path. If you later want the partition to be available for storage, you can assign a drive letter or path at that time.

Note You don’t have to assign volumes a drive letter or a path. A volume with no designators is considered to be unmounted and is for the most part unusable. An unmounted volume can be mounted by assigning a drive letter or a path at a later time.

4. On the Format Partition page, determine whether and how the volume should be formatted. If you want to format the volume, choose “Format This Volume With The Following Settings” and then configure the following options:

File System Sets the file system type as FAT, FAT32, or NTFS. NTFS is selected by default in most cases. If you create a file system as FAT or FAT32, you can later convert it to NTFS with the Convert utility. You can’t, however, convert NTFS partitions to FAT or FAT32.

Allocation Unit Size Sets the cluster size for the file system. This is the basic unit in which disk space is allocated. The default allocation unit size is based on the size of the volume and, by default, is set dynamically prior to formatting. To override this feature, you can set the allocation unit size to a specific value. If you use many small files, you might want to use a smaller cluster size, such as 512 or 1024 bytes. With these settings, small files use less disk space.

Volume Label Sets a text label for the partition. This label is the partition’s volume name and by default is set to New Volume. You can change the volume label at any time by right-clicking the volume in Windows Explorer, choosing Properties, and typing a new value in the Label field provided on the General tab.

Perform A Quick Format Tells Windows Server 2008 to format without checking the partition for errors. With large partitions, this option can save you a few minutes. However, it’s usually better to check for errors, which enables Disk Management to mark bad sectors on the disk and lock them out.

Enable File And Folder Compression Turns on compression for the disk. Built-in compression is available only for NTFS. Under NTFS, compression is transparent to users and compressed files can be accessed just like regular files. If you select this option, files and directories on this drive are compressed automatically.

5. Click Next, confirm your options, and click Finish.

Source:technet.microsoft.com

Understand Implicit Groups and Identities in Windows Server 2008

Windows Server 2008 defines a set of special identities that you can use to assign permissions in certain situations. You usually assign permissions implicitly to special identities. However, you can assign permissions to special identities when you modify Active Directory objects. The special identities include the following:

The Anonymous Logon identity Any user accessing the system through anonymous logon has the Anonymous Logon identity. This identity allows anonymous access to resources, such as a Web page published on the corporate presence servers.

The Authenticated Users identity Any user accessing the system through a logon process has the Authenticated Users identity. This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization.

The Batch identity Any user or process accessing the system as a batch job (or through the batch queue) has the Batch identity. This identity allows batch jobs to run scheduled tasks, such as a nightly cleanup job that deletes temporary files.


The Creator Group identity Windows Server 2008 uses this special identity group to automatically grant access permissions to users who are members of the same group(s) as the creator of a file or a directory.

The Creator Owner identity The person who created the file or the directory is a member of this special identity group. Windows Server 2008 uses this identity to automatically grant access permissions to the creator of a file or directory.

The Dial-Up identity Any user accessing the system through a dial-up connection has the Dial-Up identity. This identity distinguishes dial-up users from other types of authenticated users.

The Enterprise Domain Controllers identity Domain controllers with enterprise-wide roles and responsibilities have the Enterprise Domain Controllers identity. This identity allows them to perform certain tasks in the enterprise using transitive trusts.

The Everyone identity All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to a system resource.

The Interactive identity Any user logged on to the local system has the Interactive identity. This identity allows only local users to access a resource.

The Network identity Any user accessing the system through a network has the Network identity. This identity allows only remote users to access a resource.

The Proxy identity Users and computers accessing resources through a proxy have the Proxy identity. This identity is used when proxies are implemented on the network.

The Restricted identity Users and computers with restricted capabilities have the Restricted identity.

The Self identity The Self identity refers to the object itself and allows the object to modify itself.

The Service identity Any service accessing the system has the Service identity. This identity grants access to processes being run by Windows Server 2008 services.

The System identity The Windows Server 2008 operating system itself has the System identity. This identity is used when the operating system needs to perform a system-level function.

The Terminal Server User identity Any user accessing the system through Terminal Services has the Terminal Server User identity. This identity allows terminal server users to access terminal server applications and to perform other necessary tasks with Terminal Services.

Source:technet.microsoft.com

Control How Group Policy Is Applied At Logon

By default, the Fast Logon Optimization feature is set for both domain and workgroup members. This setting causes policy to be applied asynchronously when the computer starts and the user logs on. The result is similar to a background refresh. The advantage is that it can reduce the amount of time it takes for the logon dialog box to appear and the amount of time it takes for the desktop to become available to the user. Of course, it also means that the user may log on and start working before the absolute latest policy settings have been applied to the system.

Depending on your environment, you may want to disable Fast Logon Optimization. You can do this with Group Policy, using the Always wait for the network at computer startup and logon policy setting. To access this setting:

Open the Group Policy Object Editor.

Under Computer Configuration in the navigation tree on the left side, navigate to Administrative Templates\System\Logon. Here you can simply enable (or disable) the setting.

Source: technet.microsoft.com

Create System Startup / Shutdown and User Logon / Logoff Scripts

With Windows Server 2008 you can configure four types of scripts:

Computer Startup Executed during startup

Computer Shutdown Executed prior to shutdown

User Logon Executed when a user logs on

User Logoff Executed when a user logs off

You can write scripts as command-shell batch scripts ending with the .bat or .cmd extension or as scripts that use the Windows Script Host (WSH). WSH is a feature of Windows Server 2008 that lets you use scripts written in a scripting language, such as VBScript, without needing to insert the script into a Web page. To provide a multipurpose scripting environment, WSH relies on scripting engines. A scripting engine is the component that defines the core syntax and structure of a particular scripting language.

Assigning Computer Startup and Shutdown Scripts

Computer startup and shutdown scripts are assigned as part of a group policy. In this way, all computers that are members of the site, domain, or organizational unit—or all three—execute scripts automatically when they’re booted or shut down.

To assign a computer startup or shutdown script, follow these steps:

1. For easy management, copy the scripts you want to use to the Machine\Scripts\Startup or Machine\Scripts\Shutdown folder for the related policy. Policies are stored in the %SystemRoot%\Sysvol\Domain\Policies folder on domain controllers.

2. In the GPMC, right-click the GPO for the site, domain, or organizational unit you want to work with and then select Edit. This opens the policy editor for the GPO.

3. In the Computer Configuration node, double-click the Windows Settings folder and then click Scripts.

4. To work with startup scripts, right-click Startup and then select Properties. To work with shutdown scripts, right-click Shutdown and then select Properties.

5. Click Show Files. If you copied the computer script to the correct location in the Policies folder, you should see the script.

6. Click Add to assign a script. This opens the Add A Script dialog box. In the Script Name field, type the name of the script you copied to the Machine\Scripts\Startup or the Machine\Scripts\Shutdown folder for the related policy. In the Script Parameters field, enter any command-line arguments to pass to the command-line script or parameters to pass to the scripting host for a WSH script. Repeat this step to add other scripts.

7. During startup or shutdown, scripts are executed in the order in which they’re listed in the Properties dialog box. Use the Up and Down buttons to reposition scripts as necessary.

8. If you want to edit the script name or parameters later, select the script in the Script For list and then click Edit.

9. To delete a script, select the script in the Script For list, and then click Remove.

Assigning User Logon and Logoff Scripts

You can assign user scripts in one of three ways:

-  You can assign logon and logoff scripts as part of a group policy. In this way, all users who are members of the site, domain, or organizational unit—or all three—execute scripts automatically when they log on or log off.

-  You can also assign logon scripts individually through the Active Directory Users And Computers console. In this way, you can assign each user or group a separate logon script.

-  You can also assign individual logon scripts as scheduled tasks. You schedule tasks using the Scheduled Task Wizard.

To assign a logon or logoff script in a group policy, follow these steps:

1. For easy management, copy the scripts you want to use to the User\Scripts\Logon or the User\Scripts\Logoff folder for the related policy. Policies are stored in the %SystemRoot%\Sysvol\Domain\Policies folder on domain controllers.

2. In the GPMC, right-click the GPO for the site, domain, or organizational unit you want to work with and then select Edit. This opens the policy editor for the GPO.

3. Double-click the Windows Settings folder in the User Configuration node and then click Scripts.

4. To work with logon scripts, right-click Logon and then select Properties. To work with logoff scripts, right-click Logoff and then select Properties.

5. Click Show Files. If you copied the user script to the correct location in the Policies folder, you should see the script.

6. Click Add to assign a script. This opens the Add A Script dialog box. In the Script Name field, type the name of the script you copied to the User\Scripts\Logon or the User\Scripts\Logoff folder for the related policy. In the Script Parameter field, enter any command-line arguments to pass to the command-line script or parameters to pass to the scripting host for a WSH script. Repeat this step to add other scripts.

7. During logon or logoff, scripts are executed in the order in which they’re listed in the Properties dialog box. Use the Up and Down buttons to reposition scripts as necessary.

8. If you want to edit the script name or parameters later, select the script in the Script For list and then click Edit.

9. To delete a script, select the script in the Script For list, and then click Remove.

Source:technet.microsoft.com

Commands and Tools for Managing Windows Server 2008 Server Core

Full server and server core installations are different when it comes to local console administration. With a full server installation, you have a UI that includes a full desktop environment for local console management of the server. With a core server installation, you have a minimal UI that includes a limited desktop environment for local console management of the server. This minimal interface includes:

- Windows Logon screen for logging on and logging off
- Notepad for editing files
- Regedit for managing the registry
- Task Manager for managing tasks and starting new tasks
- Command Prompt for administration via the command line
After you log on to a core-server installation, you have a limited desktop environment with an Administrator command prompt. You can use this command prompt for administration of the server. If you accidentally close the command prompt, you can start a new command prompt by following these steps:
1. Press Ctrl+Shift+Esc to display Task Manager.
2. On the Applications tab, click New Task.
3. In the Create New Task dialog box, type cmd in the Open field and then click OK.

You can start Notepad and Regedit directly from a command prompt by entering notepad.exe or regedit.exe as appropriate. To open Control Panel, type intl.cpl.

At the command prompt, you’ll find that you have all the standard commands and command-line utilities available for managing the server. However, keep in mind that commands, utilities, and programs will only run if all of their dependencies are available in the core-server installation.

While core-server installations support a limited set of roles and role services, you can install most features. The key exceptions are those that depend on the .NET Framework. Because the Microsoft .NET Framework is not supported in the original implementation, you cannot add features such as Windows PowerShell. And you can use Terminal Services to manage a core-server installation remotely.

Here is an overview of key commands and utilities you’ll use for managing server core installations while logged on locally:
Control desk.cpl - View or set display settings.
Control intl.cpl - View or set regional and language options, including formats and the keyboard layout.
Control sysdm.cpl - View or set system properties.
Control timedate.cpl - View or set the date, time, and time zone.
Cscript slmgr.vbs –ato - Activate the operating system.
DiskRaid.exe - Configure software RAID.
ipconfig /all - List information about the computer’s IP address configuration.
NetDom RenameComputer - Set the server’s name and domain membership.
OCList.exe - List roles, role services, and features.
OCSetup.exe - Add or remove roles, role services, and features.
PNPUtil.exe - Install or update hardware device drivers.
Sc query type=driver - List installed device drivers.
Scregedit.wsf - Configure the operating system. Use the /cli parameter to list available configuration areas.
ServerWerOptin.exe - Configure Windows Error Reporting.
SystemInfo - List the system configuration details.
WEVUtil.exe - View and search event logs.
Wmic datafile where name=“FullFilePath” get version - List a file’s version.
Wmic nicconfig index=9 call enabledhcp - Set the computer to use dynamic IP addressing rather than static IP addressing.
Wmic nicconfig index=9 call enablestatic(“IPAddress”), (“SubnetMask”) - Set a computer’s static IP address and network mask.
Wmic nicconfig index=9 call setgateways(“GatewayIPAddress”) - Set or change the default gateway.
Wmic product get name /value “ - List installed MSI applications by name.
Wmic product where name=“Name” call uninstall - Uninstall an MSI application.
Wmic qfe list - List installed updates and hotfixes.
Wusa.exe PatchName.msu /quiet - Apply an update or hotfix to the operating system.

Source:microsoft.com