This article hasn't been updated for over 5 years. The information below could be outdated.
Windows cheat sheet
Updated Read time 4 min(s) 27 sec(s) (3277 views).
Windows
This cheat sheet provides new and experienced users with a number of miscellaneous references and commands for the Windows operating system.
Windows Versions
Version
Product Name
NT 3.1
Windows NT 3.1
NT 3.5
Windows NT 3.5
NT 3.51
Windows NT 3.51
NT 4.0
Windows NT 4.0
NT 5.0
Windows 2000
NT 5.1
Windows XP (Home, Pro, MC, Tablet PC, Starter, Embedded)
NT 5.2
Windows XP (64-bit, Pro 64-bit),
Windows Server 2003 & R2 (Standard, Enterprise),
Windows Home Server
NT 6.0
Windows Vista (Starter, Home, Basic, Home Premium, Business, Enterprise, Ultimate)
NT 6.1
Windows 7 (Starter, Home, Pro, Enterprise, Ultimate),
Windows Server 2008 (Foundation, Standard, Enterprise),
Windows Server 2008 R2 (Foundation, Standard, Enterprise)
NT 6.2
Windows 8 (x86/64, Pro, Enterprise),
Windows RT (ARM),
Windows Phone 8,
Windows Server 2012 (Foundation, Essentials, Standard)
%SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup
NT 6.0
NT 6.1
All Users
%SystemDrive%\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Specific Users
%SystemDrive%\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
System Info Commands
Command
Description
ver
Show OS version
sc query state=all
Show services
tasklist /svc
Show processes & services
tasklist /m
Show all process & DLLs
tasklist /S <ip> /v
Remote process listing
taskkill /PID <pid> /F
Force process to terminate
systeminfo /S <ip> /U domain\user /P passwd
Remote system info
reg query \\<ip>\<RegDomain>\<Key> /v
Query remote registry, /s = all values
reg query HKLM /f password /t REG_SZ /s
Search registry for password
fsutil fsinfo drives
List drives
dir /a /s /b c:\*.pdf
Search drive C: for all PDFs
dir /a /b c:\windows\kb*
Search for patches
findstr /si password *.txt
Search files for password
tree /F /A c:\
Directory listing of C:
reg save HKLM\Security > security.hive
Save sercurity hive to file
echo %USERNAME%
Current user
NET/Domain Commands
Command
Description
net view /domain
Hosts in current domain
net view /domain:[MYDOMAIN]
Hosts in [MYDOMAIN]
net user /domain
All users in current domain
net user <user> <passwd> /add
Add user
net localgroup "Administrators" <user> /add
Add user to Administrators
net accounts /domain
Domain password policy
net localgroup "Administrators"
List local Admins
net group /domain
List domain groups
net group "Domain Admins" /domain
List users in Domain Admins
net group "Domain Controllers" /domain
List DCs for current domain
net share
Current SMB shares
net session | find / "\\"
Active SMB sessions
net user <user> /ACTIVE:yes /domain
Unlock domain user account
net user <user> <passwd> /domain
Change domain user passwd
net share <share> c:\share /GRANT:Everyone,FULL
Share folder
Remote Commands
Command
Description
tasklist /S <ip> /v
Remote process listing
systeminfo /S <ip> /U domain\user /P passwd
Remote systeminfo
net share \\<ip>
Shares of remote computer
net use \\<ip>
Remote filesystem (IPC$)
net use z: \\<ip>\share <passwd> /user:DOMAIN\<user>
Map drive with specified credentials
reg add \\<ip>\<regkey>\<value>
Add registry key remotely
sc \\<ip> create <service> binpath=C:\Windows\Systems32\x.exe start= auto
Create a remote service (space after start=)
xcopy /s \\<ip>\dir C:\local
Copy remote folder
shutdown /m \\<ip> /r /t 0 /f
Remotely reboot machine
Network Commands
Command
Description
ipconfig /all
IP configuration
ipconfig /displaydns
Local DNS cache
netstat -ano
Open connections
netstat -anop tcp 1
netstat loop
netstat -an | findstr LISTENING
LISTENING ports
route print
Routing table
arp -a
Known MACs (ARP table)
nslookup
set type=any
ls -d domain > results.txt
exit
DNS zone xfer
nslookup -type=SVR _www._tcp.url.com
Domain SRV lookup (_ldap, _kerebos, _sip)
tftp -I <ip> GET <remote-file>
TFTP file transfer
netsh wlan show profiles
Saved wireless profiles
netsh firewall set opmode disable
Disable firewall
netsh wlan export profile folder=. key=clear
Export wifi plaintext passwd
netsh interface ip show interfaces
List interface IDs/MTUs
netsh interface ip set address local static <ip> <nmask> <gway> <ID>
Set IP
net interface ip set dns local static <ip>
Set DNS server
netsh interface ip set address local dhcp
Set interface to use DHCP
Utility Commands
Command
Description
type <file>
Display file contents
del <path>\. /a /s /q /f
Forceably delete all files in <path>
find /I "str" <filename>
Find "str"
<command> | find /c /v ""
Line count of <command> output
at HH:MM <file> [args]
Schedule <file> to run
runas /user:<user> "<file> [args]"
Run <file> as <user>
restart /r /t 0
Restart now
makecab <file>
Native compression
wusa.exe /uninstall /kb:###
Uninstall patch
cmd.exe "wevtuntil qe Application /c:40 /f:text /rd:true"