Hat tip to Bruce Schneier for pointing me to a couple of tip articles by Ed Skoudis on Windows command line tools, the first group to tell if your system has been hacked, and the second for more general system analysis.

I've written about this stuff myself before, but it's always good to have a refresher. If you use Windows every day, especially if you administer Windows systems, you do yourself a big favor by becoming expert in these tools.

Some examples:

wmic: The Windows Management Instrumentation Console is a command line way to do lots of system management you might normally do with a GUI, such as Device Manager stuff. You can also list all running processes and all startup processes.

net: Network configuration and information commands, like seeing who is connected to what, creating shares, and what groups people belong to.

find: Been around since DOS 2.0 I think, but it's still underutilized. A filter program that you can pass content through to find the interesting stuff.

Consider:
wmic process list brief | find "OUTLOOK"
which shows detail on the Outlook process.


What Skoudis doesn't get into is the fine collection of free tools from Sysinternals, now part of Microsoft. These tools are mostly GUI tools for deep system analysis and performance enhancement, and most of them are available as command line versions too.

My favorites:

Process Explorer: Extensive details on running processes, including constituent processes of services.

Filemon, Regmon: Monitor and report on file and registry activity in the system. These are famous and indispensable tools.

BGInfo: Show system information as part of your desktop background.

And the ultimate place you want to be to be a true wiz is to become proficient in scripting these command line tools with Windows Script Host. True there are other scripting products, but wscript is included in all versions of Windows. In this way you can quickly build programs to do powerful system functions.