Now that I have Server Core at the base of my Domain Controllers, It’s useful to have a list of commands for reference.
I got these mostly from Microsoft TechNet
General commands
Hostname, domain membership:
Rename computer | netdom renamecomputer %computername% /newname:MyNewHostname |
Join machine to domain | netdom join %computername% /domain:corp.mycompany.com /userd:CORP\jsmith /passwordd:* |
Rename computer while joined to domain | netdom renamecomputer %computername% /newname:MyNewHostname /userd:CORP\jsmith /passwordd:* |
Remove machine from domain | netdom remove %computername% |
Interfaces and addresses:
View the current interface list | netsh interface show interface |
Set static IP, mask, gateway | netsh interface ipv4 set address "Local Area Connection" source=static 10.3.1.11 255.255.255.0 10.3.1.1 |
Set primary DNS server | netsh interface ipv4 add dnsserver "Local Area Connection" address=10.3.1.21 index=1 |
Set secondary DNS server | netsh interface ipv4 add dnsserver "Local Area Connection" address=10.3.1.22 index=2 |
Remove DNS server from interface | netsh interface ipv4 delete dnsservers "Local Area Connection" 10.3.1.21 (or all ) |
Set interface to DHCP | netsh interface ipv4 set address "Local Area Connection" source=dhcp |
Disable interface | netsh interface set interface "Local Area Connection" disabled (or enabled to re-enable) |
Drivers and services:
Query active drivers | sc query type= driver |
Install a driver | pnputil -i -a oemdriver.inf |
List running services | sc query |
Start / stop a service | sc start (service name) sc stop (service name) |
Disable a service | sc config (service name) start= disabled |
Windows Firewall, remote management:
Allow server to be managed by Remote Desktop | cscript C:\Windows\System32\SCregEdit.wsf /ar 0 |
Verify registry entry for above | cscript C:\Windows\System32\SCregEdit.wsf /ar v |
Allow Remote Desktop sessions from older RDP clients (lower security setting) | cscript C:\Windows\System32\SCregEdit.wsf /cs 0 |
Verify registry entry for above | cscript C:\Windows\System32\Scregedit.wsf /cs v |
Windows Firewall: allow ICMPv4 echo-request inbound | netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow |
Windows Firewall: allow Remote Desktop | netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes |
Windows Firewall: allow remote management of Windows Firewall | netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes |
Windows Firewall: allow remote management of OS via MMC snap-ins | netsh advfirewall firewall set rule group="Remote Administration" new enable=yes |
Enable Windows Remote Shell | WinRM quickconfig |
Power management:
List existing Power Schemes | powercfg -l |
Turn hibernation off | powercfg -hibernate OFF |
Set absentia power scheme (used when no one is logged in) | powercfg -setabsentia 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c |
Set Power Configuration for High Performance | powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c |
Other:
Install OS product key | slmgr.vbs -ipk 1234-5678-90ab-cdef-ghij |
Activate OS installation | slmgr.vbs -ato |
List processes | tasklist |
Kill process by process ID | taskkill /PID 3852 |
Invoke Task Manager | taskmgr |
List log names | wevtutil el |
Export log to file | wevtutil epl c:\mylog1.txt |
Query log for events | wevtutil qe /f:text System |
Clear log | wevtutil cl System |
Adjust paging file | wmic pagefileset where name="d:\pagefile.sys" set InitialSize=1024,MaximumSize=2048 |
Set proxy setting | netsh winhttp set proxy myproxy.corp.mycompany.com:8080 |
Add domain account to local Administrators group | net localgroup Administrators /add CORP\jsmith |
Delete domain account from local Administrators group | net localgroup Administrators /delete CORP\jsmith |
Reboot the machine immediately | shutdown /r /f /t 0 |
Log off current interactive session | logoff |
Windows Server 2008
View installed roles: Oclist
Active Directory Lightweight Directory Services | start /w ocsetup DirectoryServices-ADAM-ServerCore Uninstall: start /w ocsetup DirectoryServices-ADAM-ServerCore /uninstall |
Active Directory Domain Services | dcpromo /unattend:myunattend.txt (file example)Additional DC: dcpromo /unattend /InstallDns:yes /confirmGC:yes /replicaOrNewDomain:replica /safeModeAdminPassword:My@Pass912$1! /rebootOnCompletion:yes /UserName=myadmin01 /UserDomain=CORP /Password=* /SiteName=Default-First-Site-Name /ReplicaDomainDNSName:corp.mycompany.com Demote: dcpromo |
DNS Server | start /w ocsetup DNS-Server-Core-Role Manage: dnscmd Uninstall: start /w ocsetup DNS-Server-Core-Role /uninstall |
DHCP Server | start /w ocsetup DHCPServerCore Manage: netsh sc config dhcpserver start= auto
Uninstall: |
File Services | start /w ocsetup FRS-Infrastructure start /w ocsetup DFSN-Server start /w ocsetup DFSR-Infrastructure-ServerEdition
Uninstall: |
Hyper-V | start /w ocsetup Microsoft-Hyper-V |
Print Services | start /w ocsetup Printing-ServerCore-Role start /w ocsetup Printing-LPDPrintService (manage by using Print Management console from another machine) |
Streaming Media Services | start /w ocsetup MediaServerv |
Web Server (IIS) | Default: start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel All options: start /w pkgmgr /iu:IIS-WebServerRole;IIS-WebServer;IIS-CommonHttpFeatures;IIS-StaticContent;IIS-DefaultDocument;IIS-DirectoryBrowsing;IIS-HttpErrors;IIS-HttpRedirect;IIS-ApplicationDevelopment;IIS-ASP;IIS-CGI;IIS-ISAPIExtensions;IIS-ISAPIFilter;IIS-ServerSideIncludes;IIS-HealthAndDiagnostics;IIS-HttpLogging;IIS-LoggingLibraries;IIS-RequestMonitor;IIS-HttpTracing;IIS-CustomLogging;IIS-ODBCLogging;IIS-Security;IIS-BasicAuthentication;IIS-WindowsAuthentication;IIS-DigestAuthentication;IIS-ClientCertificateMappingAuthentication;IIS-IISCertificateMappingAuthentication;IIS-URLAuthorization;IIS-RequestFiltering;IIS-IPSecurity;IIS-Performance;IIS-HttpCompressionStatic;IIS-HttpCompressionDynamic;IIS-WebServerManagementTools;IIS-ManagementScriptingTools;IIS-IIS6ManagementCompatibility;IIS-Metabase;IIS-WMICompatibility;IIS-LegacyScripts;IIS-FTPPublishingService;IIS-FTPServer;WAS-WindowsActivationService;WAS-ProcessModel Uninstall: start /w pkgmgr /uu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel |
View installed features: Oclist
Simple Network Management Protocol (SNMP) | start /w ocsetup SNMP-SC |
Telnet client | start /w ocsetup TelnetClient |
QWAVE | start /w ocsetup QWAVE |
Windows Internet Name Service (WINS) | start /w ocsetup WINS-SC |
Windows Server Backup | start /w ocsetup WindowsServerBackup |
The following may require additional hardware:
BitLocker Drive Encryption | start /w ocsetup BitLocker BitLocker Remote Administration Tool: start /w ocsetup BitLocker-RemoteAdminTool |
Failover Clustering | start /w ocsetup FailoverCluster-Core (not supported in Standard Edition) |
Multipath IO | start /w ocsetup MultipathIo |
Network Load Balancing | start /w ocsetup NetworkLoadBalancingHeadlessServer |
Removable Storage | start /w ocsetup Microsoft-Windows-RemovableStorageManagementCore |
Subsystem for UNIX-based applications | start /w ocsetup SUACore |
Uninstall: start /w ocsetup (specify feature name) /uninstall
Windows Server 2008 R2
View installed roles: Dism /online /get-features /format:table
Active Directory Certificate Services | Dism /online /enable-feature /featurename:CertificateServices Uninstall: Dism /online /disable-feature /featurename:CertificateServices |
Active Directory Lightweight Directory Services | Dism /online /enable-feature /featurename:DirectoryServices-ADAM-ServerCore Uninstall: Dism /online /disable-feature /featurename:DirectoryServices-ADAM-ServerCore |
Active Directory Domain Services | dcpromo /unattend:myunattend.txt (file example)Demote: dcpromo |
DNS Server | Dism /online /enable-feature /featurename:DNS-Server-Core-Role Manage: dnscmd Uninstall: Dism /online /disable-feature /featurename:DNS-Server-Core-Role |
DHCP Server | Dism /online /enable-feature /featurename:DHCPServerCore Manage: netsh sc config dhcpserver start= auto
Uninstall: |
File Services | Dism /online /enable-feature /featurename:FRS-infrastructure Dism /online /enable-feature /featurename:DFSN-Server Dism /online /enable-feature /featurename:DFSN-Server
Uninstall: |
Hyper-V | Dism /online /enable-feature /featurename:Microsoft-Hyper-V |
Print Services | Dism /online /enable-feature /featurename:Printing-ServerCore-Role 32-bit support: Dism /online /enable-feature /featurename:Printing-ServerCore-Role-WOW64 Dism /online /enable-feature /featurename:Printing-LPDPrint-Service
(manage by using Print Management console from another machine) |
View installed features: Dism /online /get-features /format:table
BranchCache | Dism /online /enable-feature /featurename:PeerDist Dism /online /enable-feature /featurename:PeerDistHashP Dism /online /enable-feature /featurename:SMBHashGeneration |
IIS Management Service | Dism /online /enable-feature /featurename:IIS-ManagementService Enable remote management: HKLM\Software\Microsoft\WebManagement\Server – change EnableRemoteManagement to 1; net start wmsvc |
Input Method Editor 32-bit support | Dism /online /enable-feature /featurename:ServerCore-EA-IME-WOW64 |
.NET Framework 2.0 | Dism /online /enable-feature /featurename:NetFx2-ServerCore 32-bit support: Dism /online /enable-feature /featurename:NetFx2-ServerCore-WOW64 |
.NET Framework 3.0 and 3.5 | Dism /online /enable-feature /featurename:NetFx3-ServerCore 32-bit support: Dism /online /enable-feature /featurename:NetFx2-ServerCore-WOW64 32-bit support: Dism /online /enable-feature /featurename:NetFx3-ServerCore-WOW64 |
QWAVE | Dism /online /enable-feature /featurename:QWAVE |
Removable Storage | Dism /online /enable-feature /featurename:Microsoft-Windows-RemovableStorageManagementCore |
Simple Network Management Protocol (SNMP) | Dism /online /enable-feature /featurename:SNMP-SC |
Subsystem for UNIX-based applications | Dism /online /enable-feature /featurename:SUACore 32-bit support: Dism /online /enable-feature /featurename:SUACore-WOW64 |
Telnet client | Dism /online /enable-feature /featurename:TelnetClient |
Windows Internet Name Service (WINS) | Dism /online /enable-feature /featurename:WINS-SC |
Windows PowerShell | Dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell 32-bit support: Dism /online/enable-feature /featurename:MicrosoftWindowsPowerShell-WOW64 |
Windows PowerShell Best Practices Analyzer cmdlets | Dism /online /enable-feature /featurename:BestPractices-PSH-Cmdlets |
Windows PowerShell Server Manager cmdlets | Dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets |
Windows Server Backup | Dism /online /enable-feature /featurename:WindowsServerBackup |
Windows Server Backup Windows PowerShell cmdlets | Dism /online /enable-feature /featurename:WindowsServerBackupCommandlet |
Windows Server Migration Tools | Dism /online /enable-feature /featurename:ServerMigration |
WoW64 | Dism /online /enable-feature /featurename:ServerCore-WOW64 (installed by default) |
The following may require additional hardware:
BitLocker Drive Encryption | Dism /online /enable-feature /featurename:BitLocker Remote administration tool: Dism /online /enable-feature /featurename: BitLocker-RemoteAdminTool |
Failover Clustering | Dism /online /enable-feature /featurename:FailoverCluster-Core (not supported in Standard Edition) |
Multipath IO | Dism /online /enable-feature /featurename:MultipathIo |
Network Load Balancing | Dism /online /enable-feature /featurename:NetworkLoadBalancingHeadlessServer |
Uninstall: Dism /online /disable-feature /featurename:(specify feature name)