Remote Command Line - Example Commands
|
File System |
||
|---|---|---|
|
Move or rename file |
move myfile.txt myfilemoved.txt |
|
|
Copy file |
copy myfile.txt |
|
|
Delete file |
del myfile.txt |
|
|
View contents of file |
type myfile.txt |
|
|
List Directory Contents |
dir |
/p (pause after each screen of data) and /w or /d (column formats) not currently supported |
|
List Directory Tree |
tree /a |
Must use "/A", ascii option, for tree to be displayed correctly |
|
Find file |
dir /s /b iexplore.exe |
|
|
Map network drive |
net use S: \\fileshare01\shares |
This will only map the drive for the session and user context under which the Agent is running (by default Local System Account). The "/PERSISTENT" switch will make the mapping permanent (but again only for Local System Account). Running commands as a different user is being investigated. |
|
Process |
||
|---|---|---|
|
List running processes |
tasklist |
|
|
Kill process by ID |
taskkill /PID 4064 |
|
|
Kill process by Name |
taskkill /IM notepad.exe |
|
|
Service |
||
|---|---|---|
|
List running services |
net start |
|
|
List status of particular service |
sc query "Spooler" |
Note that the "sc" query command requires the service "key" name not the display name this can be retrieved from the display name using the "sc GetKeyName" command for example: sc GetKeyName "Print Spooler" |
|
List installed but stopped services |
sc query type= service state= inactive |
|
|
Start a service |
net start "Print Spooler" |
|
|
Stop a service |
net stop "Print Spooler" |
|
|
Shutdown |
||
|---|---|---|
|
Shutdown device |
shutdown /s /t 600 /c "Maintenance" |
/i and /l flags are not supported |
|
Restart device |
shutdown /r /f /c "Maintenance" |
|
|
Cancel shutdown |
shutdown /a |
During timeout period only |
|
Registry |
||
|---|---|---|
|
Find Registry Key |
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Themes |
|
|
Find particular Registry Key value |
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Themes /v InstallTheme |
|
|
Update value of Key |
reg add HKEY_LOCAL_MACHINE\SOFTWARE\SomeApp /f /v Path /t REG_SZ /d "c:\someApp" |
/f is optional without it you will be prompted for confirmation when editing an existing value |
|
Delete Key |
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\SomeApp /f /v Path |
/f optional as above |
|
Delete particular value |
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\SomeApp |
|
|
Running Installers |
||
|---|---|---|
|
Install via MSI |
msiexec /i c:\path\installer.msi /quiet /qn /norestart /log c:\msi.log |
Note that in some cases the msiexec command may return immediately, but the install continues in the background. Programs that install using .exe files may be supported if they provide suitable silent installation flags/ |
What do you want to do?
- Use remote terminal - Standard (CMD)
- Administer processes and services (Process and Service control)
- Consider Advanced Edition features