Windows One Liners cmdline

Jump to: navigation, search

Random collection of one liners!

Quick backup drive with xcopy

Backup all of c: drive to external drive e: (skipping any problems, copying and creating empty and non empty dirs, dont print everything)

xcopy /e /c /i /q /h c:\ e:\

Quickly find a file

Microsoft's half arsed attempt at find.

Case insensitive find any file on entire c: drive, will find ALL files (read only, system, hidden etc.) and give location.

attrib /s /d c:\* | findstr /i "mystring"

Find a string in files

Microsoft's half arsed attempt at grep.

Find string in text file only (/p), print matching text

findstr /s /i /p "mystring" c:\*

Find string in any file print matching filename only (/m) (otherwise you will end up with pages of binary stuff it matches, if you WANT this then omit /m)

findstr /s /i /m "mystring" c:\*
  • Note, If "mystring" contains a space use /c:"my string" otherwise it uses OR on each word, bizarre!
  • Note, findstr will fail to find anything in certain file encodings, e.g. Little Endian UTF-16 Unicode files, like .inf files. (Although in all fairness, so does grep)


Just some notes...

Enable it

manage-bde -tpm -turnon
manage-bde -tpm -Takeownership test_password
manage-bde -protectors -add c: -TPMAndPIN
<enter PIN>
manage-bde -on c:

Check progress

manage-bde.exe -status


Z:\>psexec \\xx-xxxx manage-bde.exe -status

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals -

BitLocker Drive Encryption: Configuration Tool version 6.1.7601
Copyright (C) Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows OS]
[OS Volume]

    Size:                 297.80 GB
    BitLocker Version:    Windows 7
    Conversion Status:    Fully Encrypted
    Percentage Encrypted: 100%
    Encryption Method:    AES 128 with Diffuser
    Protection Status:    Protection On
    Lock Status:          Unlocked
    Identification Field: None
    Key Protectors:
        Numerical Password
        TPM And PIN

manage-bde.exe exited on pu-0103 with error code 0.

net add Administrators

net user /add xxxxxxxxx password

net localgroup /add Administrators xxxxxxxxx


disable password expirey

wmic path Win32_UserAccount where Name='xxxxxxxxx' set PasswordExpires=false

query remote pc's serial number

get SMBIOS info

wmic /node:"" csproduct

office 2010 temp outlook folder

C:\Users\USERNAME_HERE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\RANDOM_FOLDER\

get rid of pending reboots

Get rid of "computer needs to be rebooted" !

reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations"

This also this needs to be 0 if it exists , [not sure if in Win7 (may be under Wow6432Node if x64?)]

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates" /V UpdateExeVolatile /t REG_DWORD /D 0 /f

change (VLK/MAK/KMS) product key (license code) Win 7

//B = silent, remove if you want a response. xxxx is the product key to change to.

cscript //B "%windir%\system32\slmgr.vbs" /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
cscript //B "%windir%\system32\slmgr.vbs" /ato
  • Note Switches /dli and /dlv will dump info about current license to screen.

Silent office 2010 language pack

You need to extract, copy a config.xml over and then install - "pt-br" needs changing to the correct language (in this example config.xml is in the same folder as setup.exe which is why you dont need to specify the location)

<Configuration Product="">
<Display Level="none" CompletionNotice="no" SuppressModal="yes" AcceptEula="yes" />

"X16-37687.exe" /extract:"c:\temp\X16-37687" /quiet /passive

copy /y "Config_pt-br.xml" "c:\temp\X16-37687\Config.xml"


Windows 7 MUI language pack

Win 7

Win 7 SP1

no silent install but will run in background with psexec ok

start /wait windows6.1-kb2483139-x64-pt-br_f8035731c55d774c95c7c673aedfd42d52479294


netsh interface ipv4 show config


sc config "Bonjour Service" start= disabled sc stop "Bonjour Service"

delete files on reboot

Run as user logging in. This will delete only jobs the user has permission to delete (which a normal user probably wont have)

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\940" /v "1" /d "cmd /c del /f /q /s \\Windows\\System32\\spool\\PRINTERS\\*.*"

Run as System (~Administrator). This will only remove one file per entry so rather useless if say wanting to clear print spooler.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d "\??\%systemroot%\System32\spool\PRINTERS\FP00001.SPL"

delete stuck print spool files

Run as System (~Administrator). This should delete any jobs and then the service will delete. (e.g. add this on a (remote) machine, reboot it, all jobs gone including and locked print jobs) . * I like this little trick I came up with :) This can also run a .bat file or .exe or do anything else!

SC create cleanup binpath= "cmd /c cmd /c del /f /q /s \Windows\System32\spool\PRINTERS\*.* & sc delete cleanup" type= own type= interact start= auto

On a remote machine...

SC \\remotepc create cleanup binpath= "cmd /c cmd /c del /f /q /s \Windows\System32\spool\PRINTERS\*.* & sc delete cleanup" type= own type= interact start= auto

rename files on reboot

This will rename multiple files. Again this is rather rubbish and if you need to do lots of things you are better using sc (above) and a batch file (note files are simply null separated "\0")

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d "\??\%systemroot%\System32\spool\PRINTERS\FP00001.SPL\0\??\%systemroot%\System32\spool\PRINTERS\\0\??\%systemroot%\System32\spool\PRINTERS\FP00001.SHD\0\??\%systemroot%\System32\spool\PRINTERS\FP00001.bbb" /f
  • Note specific paths in UNC file format would be \??\c:\Program Files (x86)\somethingelse\myfile.exe

get uptime


net stats srv

remote (assuming on LAN)

wmic /node:"" os get lastbootuptime

Formatted datetime yyyymmddhhmmss.nnn

So the machine below was booted 15 August 2014 at 08.34am

Z:\>wmic /node:"xx-xxxxx" os get lastbootuptime

Removing undeletable files/folders

This is just for my notes, taken from

Basically copies nothing over the thing you cant delete -it worked when nothing else would.

c:\TEMP>mkdir empty
c:\TEMP>robocopy /mir /e c:\Temp\Empty c:\Temp\D

   ROBOCOPY     ::     Robust File Copy for Windows

  Started : Tue Sep 10 11:16:07 2013

   Source : c:\Temp\Empty\
     Dest : c:\Temp\D\

    Files : *.*

  Options : *.* /S /E /COPY:DAT /PURGE /MIR /R:1000000 /W:30


                           0    c:\Temp\Empty\
        *EXTRA Dir        -1    c:\Temp\D\Install\
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\{02798c9c-63c0-ec48-9b31-49653e262282}\
          *EXTRA File             174080        GoogleUpdate.exe
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\{02798c9c-63c0-ec48-9b31-49653e262282}\L\
        *EXTRA Dir        -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\{02798c9c-63c0-ec48-9b31-49653e262282}\U\


               Total    Copied   Skipped  Mismatch    FAILED    Extras
    Dirs :         1         0         1         0         0         8
   Files :         0         0         0         0         0         1
   Bytes :         0         0         0         0         0   170.0 k
   Times :   0:00:00   0:00:00                       0:00:00   0:00:00

   Ended : Tue Sep 10 11:16:07 2013

c:\TEMP>cd D

 Volume in drive C is Windows OS
 Volume Serial Number is EE40-2DEB

 Directory of c:\TEMP\D

10/09/2013  11:16    <DIR>          .
10/09/2013  11:16    <DIR>          ..
               0 File(s)              0 bytes
               2 Dir(s)  407,021,625,344 bytes free


robocopy simple folder backup

robocopy source destination - (this needs target folder to be the same as source , i.e. c:\users\bob d:\ would dump contents of c:\users\bob into root of d:\, not create d:\bob)

robocopy /mir /e /xj /r:0 /w:0 /nfl /ndl c:\users\bob123 d:\bob123
  • Using /mir will nuke anything in d:\bob123 if no in source.

Network Adapter Interface IP Info

Where {505D11BF-6f50-4B62-AA01-923BBrF60042} is a GUID for an interface found form /Interfaces


Fix Win2000 Boot error

Maybe the power went out when it was on and you are left with boot screen saying;

Error Message: Windows Could Not Start Because the Following File Is Missing or Corrupt: \Winnt\System32\Config\Systemced

Firstly fish the drive out of Win2000 machine and in another windows machine run chkdsk on it, like chkdsk /f c: otherwise you could make it worse. Then on the working windows machine open regedit, Go to HKEY_LOCAL_MACHINE > Load hive, point to c:\Winnt\System32\Config\System (on drive from the failed Win2000 machine), call it anything , say 'test'. Assuming it opens ok , then click on new key 'test', go to File > 'Export' , change save type from Registration Files (*.reg) to Registry Hive Files (*.*) and save as say c:\Winnt\System32\Config\System_ Unload hive and exit, then rename system to system.old and system_ to system. Stick Win2000 drive back in old machine and it should boot.


blog comments powered by Disqus