Driverquery
Displays a list of all installed device drivers and their properties.
Commonly used parameters of Driverquery are as follows:
• /Computer—Specifies the name (or IP address) of the target computer (without backslashes). The default is the local computer.
• /UDomain \ User—Runs the command with the account permissions of the user entered. The default is the currently logged-on user.
• /P Password—Specifies the password of the user account that is specified in the /u parameter.
• /FO { TABLE | LIST | CSV }—Specifies output format.
• /NH—Doesn’t include column headers in the output.
• /V—Displays verbose driver information.
• /SI—Displays digital signature information for device drivers.
Eventcreate
Enables an administrator to create a custom event in a specified event log.
Commonly used parameters of Eventcreate are as follows:
• /S Computer—Specifies the name (or IP address) of the target computer (without backslashes). The default is the local computer.
• /U Domain \ User—Runs the command with the account permissions of the user entered. The default is the currently logged-on user.
• /P Password—Specifies the password of the user account that is specified in the /u parameter.
• /L { APPLICATION | SYSTEM }—Specifies the event log where the event will be created. Valid values are APPLICATION and SYSTEM.
• /SO Source—Specifies the event source.
• /T { ERROR | WARNING | INFORMATION | SUCCESSAUDIT | FAILUREAUDIT }—Specifies the type of event. Valid values are ERROR, WARNING, INFORMATION, SUCCESSAUDIT, and FAILUREAUDIT.
• /ID EventID—Specifies the event ID for the event.
• /D Description—Specifies the description for the event.
Fc
Compares two files and displays the differences between them.
Commonly used parameters of Fc are as follows:
• /A—Abbreviated output for a text file comparison. Only ranges of lines that are different are displayed.
• /B—Binary mode. The
two files are compared byte by byte. This is the default mode for
comparing files that have the following file extensions .exe, .com,
.sys, .obj, .lib, or .bin.
• /C—Non-case-sensitive (ignores the case of letters).
• /L—ASCII
(text) mode. Fc compares the files line by line and attempts to
resynchronize the files after finding a mismatch. This is the default
mode for all files except files with the following file extensions
.exe, .com, .sys, .obj, .lib, or .bin.
• /LBn—Sets the limit of number of consecutive different lines. If the files have more than n consecutive differing lines, Fc cancels the comparison.
• /N—Displays the line numbers during an ASCII comparison.
• /U—Unicode mode.
• [ drive1 : ][ path1 ] filename1—Specifies the first file you want to compare. This parameter is required.
• [ drive2 : ][ path2 ] filename2—Specifies the second file you want to compare. This parameter is required.
Getmac
Returns the Media Access Control (MAC)
address and list of network protocols associated with each address for
all network cards in each computer, either locally or across a network.
This command is especially useful to capture the MAC address of a
remote computer.
Commonly used parameters of Getmac are as follows:
• /S System—Specifies the name (or IP address) of the target computer (without backslashes). The default is the local computer.
• /U Domain\User—Runs the command with the account permissions of the user entered. The default is the currently logged-on user.
• /P Password—Specifies the password of the user account that is specified in the /u parameter.
• /FO { TABLE | LIST | CSV }—Specifies output format.
• /NH—Doesn’t include column headers in the output.
• /V—Displays verbose information.
Taskkill
Ends one or more tasks or processes. Processes can be killed by process ID or image name.
Commonly used parameters of Taskkill are as follows:
• /S System—Specifies the name (or IP address) of the target computer (without backslashes). The default is the local computer.
• /U Domain\User—Runs the command with the account permissions of the user entered. The default is the currently logged-on user.
• /P Password—Specifies the password of the user account that is specified in the /u parameter.
• /FI FilterName—Creates a filter for the query based on a variety of fields. All processes that meet the filter are terminated
• /PID ProcessID—Specifies the process ID of the process to be terminated.
• /IM ImageName—Specifies the image name of the process to be terminated. Use the wildcard (*) to specify all image names.
• /F—Forces the processes to be terminated. When specifying a remote computer, processes are always forcefully terminated.
• /T—Specifies to terminate all child processes along with the parent process (known as a tree kill).
Tasklist
Displays a list of applications and services with their PID for all tasks running on either a local or a remote computer.
Commonly used parameters of Tasklist are as follows:
• /S System—Specifies the name (or IP address) of the target computer (without backslashes). The default is the local computer.
• /U Domain\User—Runs the command with the account permissions of the user entered. The default is the currently logged-on user.
• /P Password—Specifies the password of the user account that is specified in the /u parameter.
• /FO { TABLE | LIST | CSV }—Specifies output format.
• /NH—Doesn’t include column headers in the output.
• /FI FilterName—Creates a filter for the query based on a variety of fields.
• /V—Displays verbose task information in the output.
