Windows Commands - Howsnip
Posted inWindows

50+ Essential Windows Commands for Cybersecurity Analysts

Windows commands are powerful tools that every cybersecurity analyst should know, as they provide direct access to the core of the operating system. With over 50 essential commands at your fingertips, you can gather information about users, monitor running processes, check network activity and verify security settings.

For example, commands like netstat -ano reveals open network connections, and tasklist shows active processes that might be suspicious.

Most importantly, these commands do not require additional software, making them invaluable for real-time incident response, forensics, troubleshooting, and system hardening. Below, you’ll find a curated list of 50+ must-know Windows CMD and PowerShell commands along with their primary uses.

  1. ipconfig
  2. systeminfo
  3. netstat
  4. whoami
  5. getmac
  6. hostname
  7. ver
  8. winver
  9. ping
  10. tracert
  11. nslookup
  12. tasklist
  13. taskkill
  14. sfc
  15. chkdsk
  16. diskpart
  17. dir
  18. cd
  19. md
  20. rd
  21. type
  22. find
  23. findstr
  24. sort
  25. comp
  26. fc
  27. tree
  28. attrib
  29. cipher
  30. compact
  31. powercfg
  32. shutdown
  33. gpupdate
  34. gpresult
  35. net localgroup
  36. net start
  37. net stop
  38. netsh
  39. sc
  40. reg
  41. runas
  42. wmic
  43. assoc
  44. driverquery
  45. msinfo32
  46. mmc
  47. eventvwr
  48. services.msc
  49. devmgmt.msc
  50. diskmgmt.msc
  51. taskmgr
  52. perfmon
  53. resmon
  54. msconfig
  55. control
  56. mstsc
  57. cleanmgr
  58. defrag
  59. fsutil
  60. path
  61. set
  62. echo
  63. cls
  64. query
  65. winget
  66. pathping

1. ipconfig 

This command shows details about your computer’s network connections, such as IP address, subnet mask, and default gateway.

Syntax: ipconfig

ipconfig command - howsnip

2. systeminfo

This command displays basic information about your computer’s OS, hardware, and network configuration.

Syntax: systeminfo

systeminfo command - howsnip

3. netstat

This command lists all active network connections with details like port numbers, protocols, State, Foreign Address and process IDs.

Syntax: netstat -ano

netstat command - howsnip

4. whoami

This command shows the current username logged into the system.

Syntax: whoami

whoami command - howsnip

5. getmac 

This command displays the MAC address of the computer’s network adapters along with more connection details such as Connection Name, Network Adapter etc.

Syntax: getmac /v

getmac command - howsnip

6. hostname

This command shows the name assigned to your computer on the network.

Syntax: hostname

hostname command - howsnip

7. ver

This command displays the Windows version that your system is running.

Syntax: ver

ver command - howsnip

8. winver

This command opens a small window showing detailed Windows version and build information.

Syntax: winver

winver command - howsnip

9. ping

This command sends packets to another computer or website to check if it is reachable and measure response time.

Syntax: ping ip/domain

ping command - howsnip

10. tracert

This command shows the route your data takes to reach a destination, listing each stop (server) along the way.

Syntax: tracert ip/domain

tracert command - howsnip

11. nslookup

This command helps you find information about domain names and IP addresses by asking DNS servers. It’s useful for troubleshooting internet and network name resolution problems.

Syntax: nslookup ip/domain

nslookup command - howsnip

12. tasklist

This command shows a list of all the programs and processes currently running on your machine. It helps you see what is active in your system.

Syntax: tasklist

tasklist command - howsnip

13. taskkill

This command forcefully ends a program or process by its name or process ID. It’s helpful when a program is frozen or not responding.

Syntax: taskkill /IM Notepad.exe /F

taskkill command - howsnip

14. sfc 

This command scans your Windows system files to check for corruption or damage and repairs them automatically to keep your system stable.

Syntax: sfc /scannow

sfc command - howsnip

15. chkdsk

This command checks your hard drive for errors and fixes them if possible. It helps maintain disk health by finding and repairing file system issues.

Syntax: chkdsk c: /f

chkdsk command - howsnip

16. diskpart

This command opens an interactive tool for managing disks, partitions, and volumes. You can list drives, create or delete partitions, and assign drive letters.

Syntax: diskpart
Syntax: list disk

diskpart command - howsnip

17. dir

This command lists all files and folders in the specified directory, along with details like size and modification date.

Syntax: dir c:\directory

dir command - howsnip

18. cd

This command changes your current folder to the one you specify, helping you navigate the file system.

Syntax: cd c:\directory

cd command - howsnip

19. md

This command creates a new folder with the specified name in the current or given location.

Syntax: md directory

md command - howsnip

20. rd

This command deletes an empty folder from the specified location.

Syntax: rd directory

rd command - howsnip

21. type

This command displays the contents of a text file directly in the Command Prompt window without opening any text editor.

Syntax: type file

type command - howsnip

22. find 

This command searches for a specific word or phrase inside a file and shows the lines where it appears.

Syntax: find "HELLO" file

find command - howsnip

23. findstr

This command searches for a specific string of text, but is more advanced than find, allowing it to use patterns and multiple search terms.

Syntax: ipconfig /all | findstr DNS

findstr command - howsnip

24. sort

This command sorts the lines of a file or text input in alphabetical order.

Syntax: sort < file

sort command - howsnip

25. comp

This command compares the contents of two files and shows any differences between them.

Syntax: comp file1 file2

comp command - howsnip

26. fc

This command compares two files line by line (for text files) or byte by byte (for binary files) and shows detailed differences.

Syntax: fc file1 file2

fc command - howsnip

27. tree

This command displays the folder structure of a drive or directory in a tree-like view.

Syntax: tree c:\directory

tree command - howsnip

28. attrib

This command changes a file’s attributes, such as making it read-only or hidden.

Syntax: attrib +r c:\file

attrib command - howsnip

29. cipher

This command encrypts files or folders on NTFS drives, making their contents readable only by authorized users.

Syntax: cipher /e c:\file

cipher command - howsnip

30. compact

This command compresses files and folders on an NTFS drive to save disk space.

Syntax: compact /c C:\directory

compact command - howsnip

31. powercfg

This command analyzes your computer’s power settings and creates a detailed report, showing ways to improve battery life and energy efficiency.

Syntax: powercfg /energy

powercfg command - howsnip

32. shutdown

This command shuts down or restarts your computer. In below example, it restarts the PC immediately (/r) with a timer of zero seconds.

Syntax: shutdown /r /t 0

shutdown command - howsnip

33. gpupdate

This command refreshes your system’s Group Policy settings without needing to restart, applying any changes made to policies instantly.

Syntax: gpupdate /force

gpupdate command - howsnip

34. gpresult

This command displays the Group Policy settings that are currently applied to your system and user account.

Syntax: gpresult /r

gpresult command - howsnip

35. net localgroup

This command shows all members of a specific local group (in this case, the Administrators group) on your computer.

Syntax: net localgroup Administrators

net localgroup command - howsnip

36. net start

This command starts a Windows service by name. For example, starting the “Print Spooler” service so printers work.

Syntax: net start "Print Spooler"

net start command - howsnip

37. net stop

This command stops a Windows service by name. For example, stopping the “Print Spooler” service will disable printing.

Syntax: net stop "Print Spooler"

net stop command - howsnip

38. netsh

This command manages and displays network settings. In this example, it lists all saved Wi-Fi network profiles on your PC.

Syntax: netsh wlan show profiles

netsh show wlan command - howsnip

39. sc 

This command shows the status of Windows services. It can be used to check whether a service is running or stopped.

Syntax: sc query

sc query command - howsnip

40. reg

This command looks inside the Windows Registry to view specific keys and their values. It’s useful for system configuration and troubleshooting.

Syntax: reg query HKLM/Software

reg query command - howsnip

41. runas

This command lets you run a program as another user. It’s useful for opening apps with administrator privileges without logging out.

Syntax: ipconfig

runas command - howsnip

42. wmic

This command retrieves detailed information from Windows Management Instrumentation (WMI). In this example, it shows the OS name, version and build number.

Syntax: wmic os get name, version, buildnumber

wmic command - howsnip

43. assoc

This command displays or changes the file type association for a given extension. For example, .txt files might be linked to Notepad.

Syntax: assoc .txt

assoc command - howsnip

44. driverquery

This command lists all drivers installed on your system along with their status and file location.

Syntax: driverquery

driverquery command - howsnip

45. msinfo32

This command opens the System Information tool, showing detailed hardware resources, components, and software environment.

Syntax: msinfo32

msinfo32 command - howsnip

46. mmc

This command opens the Microsoft Management Console, which is used to manage administrative snap-ins such as Device Manager or Event Viewer.

Syntax: mmc

mmc command - howsnip

47. eventvwr

This command opens the Event Viewer, where you can check system, security, and application logs for errors and warnings.

Syntax: eventvwr

eventvwr command - howsnip

48. services.msc

This command opens the Services management panel, where you can start, stop, and configure Windows services.

Syntax: services.msc

services command - howsnip

49. devmgmt.msc

This command opens Device Manager, allowing you to view and manage connected hardware devices.

Syntax: devmgmt.msc

devmgmt command - howsnip

50. diskmgmt.msc

This command opens the Disk Management tool, used for creating, deleting, formatting, and resizing disk partitions.

Syntax: diskmgmt.msc

diskmgmt command - howsnip

51. taskmgr

This command opens Task Manager, where you can view running programs, end tasks, monitor CPU and memory usage, and manage startup apps.

Syntax: taskmgr

taskmgr command - howsnip

52. perfmon

This command opens Performance Monitor, a tool that tracks detailed performance data such as CPU usage, memory load, and disk activity.

Syntax: perfmon

perfmon command - howsnip

53. resmon

This command opens Resource Monitor, showing real-time information on CPU, disk, network, and memory usage by each process.

Syntax: resmon

resmon command - howsnip

54. msconfig

This command opens System Configuration, allowing you to change boot options, manage startup items, and enable or disable services.

Syntax: msconfig

msconfig command - howsnip

55. control

This command opens the Windows Control Panel, giving access to system settings and configuration tools.

Syntax: control

control command - howsnip

56. mstsc

This command launches the Remote Desktop Connection tool, allowing you to connect to another computer over the network.

Syntax: mstsc

mstsc command - howsnip

57. cleanmgr

This command opens Disk Cleanup, a utility for removing unnecessary files like temporary files and recycle bin items to free up space.

Syntax: cleanmgr

cleanmgr command - howsnip

58. defrag

This command defragments the specified disk, rearranging stored data for faster file access and better performance.

Syntax: defrag c:

defrag command - howsnip

59. fsutil

This command provides information about drives and file system features. It’s often used for advanced disk management tasks.

Syntax: fsutil fsinfo drives

fsutil command - howsnip

60. path

This command displays or sets the directories Windows searches for executable files. It’s important for running programs from the command line.

Syntax: path

path command - howsnip

61. set

This command displays all environment variables currently set in Windows, or lets you create/change them for the current session.

Syntax: set

set command - howsnip

62. echo

This command displays the specified text in the Command Prompt. It’s often used in scripts to show messages.

Syntax: echo Hello World

echo command - howsnip

63. cls

This command clears all text from the Command Prompt screen, giving you a clean workspace.

Syntax: cls

cls command - howsnip

64. query

This command shows information about currently running processes or sessions on the system, especially useful on remote or terminal servers.

Syntax: query process *

query command - howsnip

65. winget

This command uses the Windows Package Manager to list installed applications and their versions.

Syntax: winget list

winget list command - howsnip

66. pathping

This command combines the functions of ping and tracert, checking both the route to a destination and packet loss statistics for each step.

Syntax: pathping -q 10 -n -p 100 example.com

pathping command - howsnip

Tags: