As a system administrator, having a solid grasp of Windows command line tools is essential for managing and troubleshooting infrastructure. While graphical interfaces like Task Manager provide visibility, nothing beats the flexibility and detail you get from tapping into native OS commands.
This guide will overview 11 indispensable Windows commands that every sysadmin should know. Whether you‘re monitoring performance, diagnosing issues, or administering systems, these commands should be part of your regular toolbox.
Tasklist: List Running Processes
The tasklist
command provides a quick snapshot of processes running on a Windows machine. Here‘s a basic example:
> tasklist
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 8 K
System 4 Services 0 3,740 K
smss.exe 384 Services 0 1,664 K
csrss.exe 528 Services 0 7,144 K
wininit.exe 612 Services 0 7,976 K
This gives you the process name, PID, session information and memory usage at a glance. Useful variations:
tasklist /v
– Verbose output, including full image pathstasklist /fo csv
– Output as CSV for easy importingtasklist /fi "imagename eq outlook.exe"
– Filter by process name
tasklist
reveals what‘s running under the hood and can help identify resource hogs or suspicious processes.
Taskkill: End Processes
Where tasklist
shows you what‘s running, taskkill
lets you terminate processes. The most basic syntax is:
> taskkill /pid 1234
This kills the process with PID 1234. Some other options:
taskkill /im outlook.exe
– Kill by process nametaskkill /f /fi "status eq not responding"
– Force kill unresponsive processes
taskkill
is useful when an application hangs or you need to terminate runaway processes. When normal shutdown fails, taskkill
often succeeds.
ipconfig: IP Address and Network Info
The ipconfig
command displays your machine‘s IP address configurations.
> ipconfig
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix: example.com
Link-local IPv6 Address . . . . . : fe80::2518:72c8:1296:3e2e%11
IPv4 Address. . . . . . . . . . . : 192.168.1.142
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
This quickly shows your network adapter settings. Useful options:
ipconfig /all
– More detailed output, including DHCP server and DNS suffixipconfig /flushdns
– Flush DNS cache to troubleshoot connectivity
No connectivity troubleshooting is complete without checking ipconfig
.
nslookup: DNS Lookup
DNS problems can manifest in strange, hard-to-diagnose ways. nslookup
queries DNS to verify name resolution and connectivity.
> nslookup gmail.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: gmail.com
Address: 142.250.184.206
This does a DNS lookup to find the IP address for gmail.com. Key options:
nslookup -type=NS domain.com
– Query nameserversnslookup -type=MX domain.com
– Find mail exchange records
Many connectivity issues start with DNS, making nslookup
invaluable.
netstat: Network Connections & Statistics
To see all TCP/UDP connections and network stats on a system, netstat
delivers.
> netstat
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.142:49729 151.101.130.217:https ESTABLISHED
TCP 192.168.1.142:50476 151.101.194.217:https ESTABLISHED
[output truncated]
This reveals active inbound and outbound connections on the machine. Useful extensions:
netstat -an
– Show connections and listening portsnetstat -nb
– Include application PID/process responsiblenetstat -s
– Print network statistics tcp/udp/icmp
When networks have issues, netstat
provides visibility not found elsewhere.
systeminfo: System Configuration & Uptime
The systeminfo
command dumps a machine‘s hardware/software configuration.
> systeminfo
Host Name: SERVER1
OS Name: Microsoft Windows Server 2012 R2 Standard
OS Version: 6.3.9600 N/A Build 9600
OS Manufacturer: Microsoft Corporation
[...]
System Up Time: 2 Days, 13 Hours, 32 Minutes, 26 Seconds
This provides everything from CPU, disks, hotfixes, boot time, architecture, and more. If you ever need to audit or document a system‘s spec, systeminfo
has all the details in one spot.
Netsh: Network Diagnostics
Microsoft‘s netsh
command provides a powerful network diagnostics and tracing toolkit ideal for connectivity issues. Some examples:
> netsh int ip reset c:\resetlog.txt
> netsh diag connect
> netsh trace start capture=yes
Whether flushing IPs, testing connectivity, or capturing packets – netsh
delivers built-in tools for network troubleshooting unavailable elsewhere.
Whoami: View Current User Identity
When managing permissions issues or keeping an audit trail, confirming the active user proves useful.
> whoami
contosobank\jsmith
This shows your account identity – the username and domain or machine you authenticated against.
Some options:
whoami /groups
– View group membershipswhoami /priv
– Enumerate assigned user rights and privilegeswhoami /all
– See all identity information
When users report permission issues, whoami
provides quick proof of their active identity.
gpupdate: Refresh Policies
Group policy determines so much of the user experience – from desktop settings to password policies to software installation. The gpupdate
command refreshes policies from Active Directory.
> gpupdate /force
Updating Policy...
User Policy Update has completed successfully.
Computer Policy Update has completed successfully.
The user policy update completed successfully
The computer policy update completed successfully
This applies freshly changed policies immediately instead of waiting hours for scheduled background refreshes. Indispensible in active directory environments.
chkdsk: Check Disks for Errors
Monitoring disk health becomes even more essential with modern large-capacity drives. The venerable chkdsk
scans volumes for filesystem errors.
> chkdsk C:
Windows has checked the file system and found no problems.
978464064 bytes total disk space.
383428608 bytes in 179 files.
18432 bytes in 17 indexes.
0 bytes in bad sectors.
57061120 bytes in use by the system.
65536 bytes occupied by the log file.
914528256 bytes available on disk.
4096 bytes in each allocation unit.
244611016 total allocation units on disk.
228632064 allocation units available on disk.
This checks drive C: for issues. Key arguments:
chkdsk X: /f
– Fix found errors on drive X:chkdsk X: /r
– Locate and recover bad sectors
With storage playing such a vital role, keeping your disks healthy with chkdsk
proves critical.
sfc: System File Checker
A common culprit behind Windows issues involves corrupted system files. SFC
scans and replaces these files from a known-good local cache.
> sfc /scannow
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
This performs an immediate integrity check of protected system files. Alternatives:
sfc /verifyonly
– Scan without attempting repairssfc /scanfile= filename
– Scan a specific filesfc /revert
– Return scan target to known-good if issues found
Many cryptic errors disappear once sfc
restores compromised system files.
Conclusion
Learning these 11 Windows troubleshooting commands can help diagnose tricky issues and empower you to better support systems and users. tasklist
, ipconfig
, nslookup
and friends should feature regularly in your administration.
I encourage you to practice these commands until they become second-nature. Consult Microsoft‘s command-line reference for even more tools. And please share your most-used commands below!