The Windows command line provides a powerful interface for monitoring and troubleshooting. In this video, you’ll learn about navigating the command line prompt, copying files, viewing host and version information, managing Group Policy, and keeping your system secure.
If you’re performing any type of administration of an operating system, whether it’s Windows, Linux, Mac OS, or anything else, you’ll probably be spending a lot of time at the command line. In this video, we’ll focus on the Windows command line, and you’ll probably find some utilities that might make your troubleshooting process that much faster.
Although there is a single command line inside of Windows, you can find that command prompt by going to the search and typing in cmd, and you’ll see all the options for the Windows command prompt. One of the things you’ll notice in this list is you can simply open the command prompt, but you could also run this prompt as an administrator. That’s because there are some utilities that will not run if you have normal rights on the system. You will only be able to run these utilities if you are an administrator on that system.
The standard privileges will work for almost all utilities that you’ll use, but if you’re going to be making changes to the configuration of the operating system, or modifying the way an application is working, then you’ll probably need to run as administrator or with elevated privileges. This gives you the additional permissions that allow you to make some of these critical system changes.
To be able to run in an elevated prompt, you’ll need to be a member of the Administrators group. To be able to start this, you can simply type in cmd and choose the option to Run as Administrator. You can also right-mouse click on the command prompt and choose Run as Administrator, or you can use the shortcut Control-Shift-Enter and it will start the command prompt in this elevated mode.
Let’s try this on my Windows 11 system. We’ll go down to the search menu, we’ll type in cmd, and you can see that the command prompt was the best match that Windows found. For this command prompt, we can open it, run as administrator, open a file location, pin it to our start menu, or pin it to the taskbar. In this example, we’ll choose Open to run it with normal rights and permissions. And the window pops open that shows our command prompt. Since I’m logged in as Professor, it shows us at the menu C, colon, backslash, users, backslash, professor.
When you first start the command prompt, it’s simply an empty window. It’s waiting for you to put in the commands that you’ll need to perform the functions on that operating system. But there are some prompts you can use to determine what options might be available to you. For example, you can simply type in the word “help,” and it will list out all of the commands available at that particular prompt. If you’re looking for help with a specific utility, you can put that utility name in the Help prompt. So you can type in help dir or help chkdsk, and you’ll get a set of information that is specific to that utility. Another shortcut is to type in the name of the command that you’d help with, and then use a forward slash and a question mark. And that will also present the same help information.
Let’s try the Help option with our command prompt. We’ll just type in help and hit Enter. And you can see a lot of information scrolls down the screen. We’ll move back up. And you can see all of these individual utilities that you could run at the command prompt. Let’s try a help that might have something to do with looking at a directory of files. So we’ll type in help dir and hit Enter. And now, we get the help that’s specific to the dir command.
I’m going to press Control-C to exit out of that list. And let’s try looking at the same information, but querying it in a different way. We’ll type dir/? And you’ll notice that it displays exactly the same information. We’re just pulling that up by using different methods at the command line.
The dir command is probably one of the most common commands that you’ll use. This displays a list of the files and directories in a specific folder. If you use the dir command by itself, it shows you all of that information in your current folder. But you can also specify a drive letter and folder names to view information that may be in a different folder.
All of the commands you type in at the command prompt are based on your current working directory. If you’re listing out files by typing in dir, it shows you all the files in your current working directory. If you need to change the directory that you’re in, you could use the cd command or the chdir command to change that working directory. We often will change this directory by using a backslash to specify a deliminator between the different folder names, or between a volume and a folder name.
And there may be times where we need to simply move back one directory in the tree that we’re using. And to be able to move back one working directory, all we would need to type in is a cd.. The two dots together, or two periods together, refer to the folder that’s just above or just backwards from the folder that we’re working in.
Three more useful navigation commands that we’ll use are the make directory, change directory, and remove directory commands. These are the mkdir, chdir, and rmdir commands. We’ll be able to use those to be able to create directories, move into that directory, and then remove the directory once we’re done.
Let’s try using some of these commands at my prompt of C, colon, backslash, users, backslash, professor. That is the current working directory that I’m using on this computer. If we perform a dir command and hit Enter, you can see that there are a number of directories. These are all listed on the right side– things like contacts, desktop documents, downloads, and others. You can see they are marked as directories. They have the dir next to them. And there’s a single file that’s in this directory. It’s 95 bytes in length and its name is .accessibility.properties.
What I’d like to do is look at what files may be in my Documents folder. One way that we can move into that folder as our current working directory is to use the cd command. And since this directory is one ahead of where I am right now, which is under the C, colon, backslash, users, backslash, professor directory, all I have to type in is a space and the word “documents.”
I typed in capital Doc, and I hit the Tab key to autocomplete that word. And you can see it says cd Documents. When I hit Enter, you’ll notice, now, the prompt changes to users, backslash, professor, backslash, documents. And if I use the dir command now, you can see there is a completely different set of directories inside the Documents folder.
Let’s say you’re starting a brand-new project associated with computer security and you would like to store all of the files associated with that project into its own folder. To be able to do that, we need to make that folder for the security project. So inside of my Documents folder, I’m going to use the md command to make a directory. And we’re going to call that directory Security.
Notice, I don’t get any response back when I hit Enter. It simply puts me at another prompt. But if I type dir again and look at the directories, you can see that I have a new directory called Security. If you wanted to type in the entire path to be able to create that directory, you could do that at this command prompt as well.
For example, if you wanted another one of these folders, but you wanted to call it Security 2, you could type in md to make that directory and then specify the entire path. For example, this would be users, professor, documents, and then we would call this Security 2. Notice, again, we don’t get any type of response to that command. We are simply put back at the command prompt. But if we use the dir command, you can see that there is a new folder called Security 2.
Just as we can make a directory, we can also remove a directory. And as we used md to make a directory, we would use rd to remove a directory. Let’s say we would like to remove that brand-new directory we created called Security 2. We will type in rd, space, Security 2. And if we type dir, you can see the Security 2 folder is no longer on our drive.
At the beginning of that long set of folder names was a drive letter. We saw a C colon right next to our Users Professor folder, for example. Each one of the partitions on our computer is assigned a drive letter so that we can access it from our Windows Explorer and from the command line. The primary drive of your Windows system is usually assigned the drive letter of C.
If you look at your Windows Explorer or you look at the command line, you’ll see that we put that with the C reference and then the colon to specify that we are referring to the name of a drive. To then specify the entire path, we would use the drive letter and all of the folder names up to our current working directory. For example, we would use C, colon, backslash, users, backslash, professor to specify that is the C colon drive. We are working in the Users folder, and inside of the Users folder is the Professor folder.
You can see this visually if you look at the File Explorer inside of Windows. It’s this folder that we have right down at the bottom. And you can see that I have a number of options for quick access at the top. We also have one for This PC and a list of a number of folders.
And right in the middle is a folder called Local Disk. And if I highlight that and expand it, you can see all of the different folders that are contained on my C colon drive. And you’ll notice there is a Users folder on that drive. If I expand that folder, you’ll see there is Professors and Public inside of that folder.
If I expand the Professors folder, then you will see that there are a number of files, including my Documents folder, my Downloads folder, and others. Let’s expand out the Documents folder. And inside, you’ll see our Backup folder, our Drive 102 folder, and our Security folder. And if we look at the command prompt, that is exactly the same folder names that we have under C, colon, backslash, users, backslash, professor, backslash, documents.
In a previous video, we talked about file systems that could be used to create the storage areas on a particular partition. For example, inside of Windows, it’s very common to see the NTFS file system. There may be times when that file system becomes corrupted. There might be inconsistencies in what we have in the file system index compared to the actual files that are stored on that drive. This occasionally will occur because of an interruption in power and the system turns off. Or there could be a problem with the drive itself.
To be able to check our file system and make sure that it matches the files on the drive, we need to run the utility Check Disk. Check Disk will search through our logical file system. It’ll look through the index and compare that index to the files on our system, and make sure that everything matches up properly from the file system perspective.
To be able to run Check Disk, you simply use the chkdsk utility, and if you want Check Disk to be able to fix any problems, you use the /f option along with that command. Because Check Disk could make changes to the underlying file system, it requires administrative access to be able to do this. So when you run the Check Disk command, make sure you’re running it at an administrator prompt inside of Windows.
If you’re not only concerned about the index of your file system, but also the ability of that drive to properly store data, you may want to perform a sector-by-sector diagnostic of the entire drive. One way to do that in Check Disk is to use the chkdsk command again. But instead of the /f, we’re going to use /r.
This command usually takes much longer than the /f, because it will go sector by sector through the entire drive, making sure that every sector is able to be read or to be written to. This is going to also recover anything that might be readable on your drive that doesn’t currently exist in your file system. The /r option is also going to perform the same checks that we performed with the /f option. So if you’re running a /r, it’s effectively performing a /f and also looking at every sector on the drive.
One common thing you may find when running a Check Disk on your local drive is that the volume will be locked. It will only be able to perform this Check Disk function when the system is starting up. This is exactly what happened when I tried to run the Check Disk command with the /f. It said the type of the file system is NTFS, but Check Disk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?
And I said yes, and it confirmed that this volume will be checked the next time the system restarts. When I reboot my computer, it will go through a scanning and repairing process. You’ll see the percentages slowly increment as it’s performing its test, and once it’s done with the test, it will continue through with the rest of the boot process.
When you perform the installation of an operating system, one of the first things it asks for is, what drive do you want to install this operating system on? And once you select the drive, it asks what file system you would like to use on that drive. Then it performs a format of the drive, which initializes the entire file system and makes it ready to begin writing files to that storage device.
If you wanted to perform that initialization process yourself, you would use the Format command. This will format that particular partition with a file system that you specify. If you don’t specify any file system, like I did here, it will default to the FAT32 file system. You can see that I used the format k colon option here, because the disk that I wanted to format had the drive letter assigned to it of K. The format process will verify the size of the partition, format it with the file system that you’ve specified, and at the end, it will tell you all of the information associated with that format process.
This format command will only run if you are an administrator on that system. That’s because format completely erases everything that’s on a partition. So you want to be very sure you’re choosing the right drive whenever you use this format command. And if you aren’t quite sure that you’re choosing the right drive, make sure you have a backup of the system before running any format commands.
We talked about formatting a partition, but what about the process of creating the partition from the very beginning? Fortunately, there’s a utility that combines all of these functions together and more. This command is the diskpart command for disk partitioning.
You again have to run this as an administrator command prompt. You run the diskpart utility, and it simply starts up and puts you at a command prompt that says diskpart. From here, you can list the volumes that are on your system. You can format a partition and run other commands to perform diagnostics of those storage drives.
Let’s run diskpart. But notice that we are running in a normal command prompt. I’m going to run diskpart anyway, and since we’re running as a regular user, user account control asks us if we’d like to allow this app to make changes to the device. It specifies that this is the diskpart utility. And we say, yes, we do want to run diskpart.
Notice that the diskpart utility now starts in a separate command prompt that is set up already as an administrator command prompt. Inside of here, we can run things like the help command, and it will show us all the options available when running the diskpart utility. For example, there is a command to list different items. We can perform the list command and hit Enter. We can list disk list, list partition, list volume, or list a virtual disk.
In this case, we’ll choose the list command. And let’s look at the volumes available. And it will show us all the individual volumes configured on the system. We have a volume 0, which is assigned a drive letter of D, that is specified as a CD-ROM or optical drive in the system. We also have Volume 1. It’s given the letter C, it’s an NTFS partition, and it’s 255 gigabytes in size. It’s also a healthy partition.
And this is the partition we use when we’re booting our system. There’s also a hidden partition– this is volume 2– that is probably our recovery partition. And then we have a separate system partition. This is a relatively small partition that’s probably used by our bios. We can use the additional tools inside of diskpart to be able to gain more information about what’s inside of those partitions or to format a partition and clear everything out to start new.
There may be times when you need to take a file that you’ve created and create a separate copy of that file. Not surprisingly, the command to do that is the copy command. Two of the more common copy command options are the -v that verifies that new files have been written correctly, and -y, which suppresses any prompts when you want to overwrite a destination file.
Let’s copy some files around on our computer. I’m going to start in the directory users, backslash, professor, backslash, documents, backslash, missions, backslash, pkx-447. And if we perform a dir in that directory, you’ll see there is a single file named report.txt. I have a number of other drives on my system, and I’d like to copy this report to one of those drives. We will use the copy command.
And in this case, we’re just simply going to use copy without any extra options. We will choose the report.txt command because I need to specify the source of what I’m copying. Now, I need to specify the destination of where this file may be going, and in this case, I’m sending it to a drive X. So I will specify X, colon. And when I hit Enter, it says that one file has been copied.
Now, I’d like to perform the same copy command, but I would like to verify the contents of that file after I copy it. Normally, this would not be done unless we’re copying across a wide area network or to a location where we’re not quite sure that the file is going to get there in one piece. This confirms that we were able to not only copy the file, but that everything in the file was able to be copied exactly as the original. To do this, we’ll use the copy command. I will use the /v option in this case. And again, we’ll choose the report.txt as our source and the X, colon as our destination.
Now, since we’ve already copied this file to that drive, it’s going to give us a prompt when we hit Enter that says “This report.txt file already exists. Do you want to overwrite this file?” You, of course, have to be very careful when answering this question, because if you choose Yes, it will overwrite that document. If you choose No, it will not overwrite the contents of that destination.
And if you choose All, it will overwrite anything else that you’ve specified to copy in that single command. We could be copying multiple files simultaneously, for example. In this case, we would like to overwrite that file. So we’ll choose Y for Yes and hit Enter. And one file has been copied.
But what if we were running this copy command as part of an automated batch file that runs at 3:00 in the morning? We’re not going to be here to press the Y button to confirm that we want to overwrite that destination. So to be able to bypass that prompt, we will use the copy command with the /v. But we’ll also specify /y. And then we’ll use the same parameters. Our source is still the report.txt file and the destination is still the X drive.
This time, when I hit Enter, notice that we don’t get a prompt asking us if we’d like to overwrite the file since we specified /y, it knows that we automatically want to choose Yes, and it copies the file and tells us that one file has been copied. If you’re running a relatively new version of Windows, you may decide not to use the copy command, but instead use the robocopy command. robocopy stands for robust copy, and there are many more options available in the robust copy command than are available with a simple copy.
To give you an idea of just how many options might be available in robocopy, we’re going to simply type in robocopy and hit Enter. Notice that it says that “For more usage information, run robocopy/?” Let’s perform a robocopy with a /? and you’ll see that pages of information will go by. I’m going to scroll all the way back up so that we can see all of these different options. Most of this is what we would expect. We are copying from a source to a destination and specifying a particular file. And we can copy subdirectories or not copy subdirectories.
But if you scroll down a bit, you’ll see some very interesting options. For example, you can throttle the information as it’s being sent so that you’re only using a portion of the bandwidth. This might be especially helpful if you’re sending a large file to a remote site over a very constrained bandwidth. There’s also options to send the file, and if there is an interruption, it will begin to retry to send that. So if you have an outage of that network connection in the middle of a copy, it will simply retry and retry until it’s able to restore that connection and continue the copy.
When you start performing a lot of diagnostics and troubleshooting and dealing with multiple tickets simultaneously, you might have a number of different command prompts on your screen, each one that’s connected to a completely different system. And if you’re ready to make a change to one of those systems, how can you confirm that you’re really in the right window? You don’t want to shut down a computer thinking it’s one machine, and instead, it’s a completely different production server.
One way to tell what the name of that device is by using the hostname command. This provides us with the Windows device name of that computer. That way, when you type in anything else in that window, you know you’re typing it in on the right device.
So here’s our computer. We have a number of windows on our screen. But there’s a problem that we’re trying to solve back on this computer. And I need to restart that system. But before I send the command to reboot that computer, I need to make sure that I’m using the correct hostname. So we’re going to type in hostname and hit Enter. And it comes back with the name Daedalus. And that is the name of the host that I would like to restart. So now, when I perform any other functions inside of that window, I really do know that I am performing them on the Daedalus machine.
When you’re troubleshooting a Windows computer, you might be using Windows 10, you might be using Windows 11, and there may be different versions of Windows within either Windows 10 or Windows 11. So what version of Windows are we using? One way that we could tell is by typing in the winver command, and it will bring up a dialog box that shows us all of the information about this version of Windows.
So here we are on our Daedalus computer, or what I think is our Daedalus computer. We’ll use the hostname command again just to confirm we’re on the right computer and it is the Daedalus system. Now, let’s determine what version of Windows is running on Daedalus by typing in the winver command.
And it brings up a box that tells us, this is Windows 11, gives us information about the version number, and any other details that we need regarding the licensing of this version of Windows. Now, we know, if we’re installing a new application and that application is expecting a certain version of Windows, we can confirm that before we even begin the process.
Now that we know the name of the device that we’re using, and we know what version of Windows is associated with that device, it might be useful to also know who we’re logged in as on that computer. One of the ways we can determine that is using the whoami command.
The whoami command can tell you what computer you’re on, who you’re logged in as, what groups you may be a part of, and other security permissions associated with your login. This might help you if you have a lot of windows open and you’re trying to run a command and it’s not running as you expected, it may just be that you’re not logged in as the correct user.
And one of the more useful options of the whoami command is whoami/all, where it’s showing you more than just the name of the device and the user who’s logged in. It shows you information about the user, their SID, group information, any attributes associated with those groups, and privilege information, all in one single screen.
This is a command you can run relatively quickly. If we use the whoami by itself, it simply gives us the name of the device and the user we’re logged in as. In this case, I’m on the Daedalus server and I’m running as Professor. To get more information about this username, I’m going to use the up arrow to put whoami back into the list and choose the /all option. And you can see that it provides us with a lot more information about not only the username and the name of the device– we get SID information, group names, and all of the privilege details.
If you’re working in an organization of any size, then you’re probably going to have all of your systems administered from one single point. You’re able to do this through the use of Active Directory. This is a way to have one central, consolidated database of all of your users, your devices, and anything else that’s important on your network.
One of the ways that you’re able to administer hundreds or even thousands of systems from this Active Directory domain is by using a feature known as Group Policy. This allows you to set different features, functions, permissions, and other settings on individual users workstations.
For example, you may have a new Group Policy that you want to set on somebody’s machine that changes the background of their system. Normally, this is updated each time the user logs in, but you may want to push this out to the user in the middle of the day. To be able to do that, you can use the gpupdate command to force a group policy update on a specific computer or a specific user account. And if you want to get more information about what group policies are active on a device or a user, you can use the gpresult command to provide information about what’s currently running.
Here’s a Windows computer that is part of an Active Directory domain, and we’re logged in as one of the domain users, rmckay. If we wanted to see what policies were currently active as part of the Active Directory group policies, we could run the gpresult with a /r. The /r is a shortcut for resultant set of policies, RSOP, and that’s a Windows term that is simply describing what policies are currently running on the system.
When we hit Enter, it will query the system. And if we scroll back up, this shows us the RSOP data that is for the SGC domain. It’s user rmckay who’s logged in to that domain on the device with the name Daedalus. And you can see it’s a member workstation. We can see the version of Windows that’s running.
We can look at information about the local profile. And it’s specific to users rmckay. And it gives us information about the user settings so we can see everything about the way this user is configured in Active Directory, and we know exactly the last time group policy was applied to this device.
If we scroll down a little bit, we can see that the applied group policy objects are the local group policy– so we haven’t pushed down any group policies from the central domain controllers– and the user is part of the following security groups. That’s a nice summary of information. If we’re trying to determine if this user has had a certain policy applied to this machine or this user, you’d be able to see it in the gpresult command.
Administrators at this system may have configured a new group policy that changes aspects of the desktop. To be able to push that policy down, we could have this user log out and log back in, or we can use the gpupdate command, and we’ll use the option to force that change on this local computer. We’ll hit Enter, it will update the policy, and we’ll see what changes occur by running another gpresult after the update is complete.
It says the “Computer Policy update has completed successfully.” We’re going to get a prompt back, and now, let’s use our up arrow a couple of times and run a gpresult /r. And you’ll notice that a new applied Group Policy object has been applied to desktop background that might allow or restrict access to changing anything related to the desktop background.
When using Windows, there may be times when certain core Windows files are overwritten. This might be overwritten by a third-party application, it could be overwritten by an operating system update, or malware could have infected this machine and made changes to the base configuration of this operating system.
One way that you could tell if any of these important Windows files have been changed is by using SFC, or System File Checker. This utility will go through all of the important Windows files on your system, and it will check to see if any of them have been changed. If there are modifications to the core operating system files, SFC will inform you that that change has occurred, and you have the option to tell SFC to correct those files to remove any of those changes or corruptions that might have occurred.
This can take a bit of time to run, but if you run sfc/scannow, it will begin a system scan, look through all of those important Windows files. When it’s done, it will give you an update on what might have changed, and in this case, it says that Windows Resource Protection found corrupt files and successfully repaired them.
Details are included in the cbs.log file, and it gives you the location on where you can find the log file to give you the details on what may have been updated or changed in your Windows operating system.