April 12, 2009

What is the same in SCCM 2007?

Some things have remained the same or have changed very little in ConfigMgr compared to SMS 2003:

Discovery, Inventory, Queries and Reporting.

Key terminology such as Sites, Primary Sites, Secondary Sites remains the same.

Services, file names, share names and ConfigMgr-related groups retain the SMS prefix.

Many Status Messages still mention SMS as these could potentially refer to a Child SMS SMS 2003 Site.

Some programmatic elements have not been renamed such as the SMS Provider to avoid potential backwards compatibility issues for those people using WMI scripting.

What is changed in SCCM 2007?

There have been several changes from SMS 2003 to ConfigMgr including:

Feature Packs that used to be separate add-ons in SMS 2003 are now incorporated into the core ConfigMgr product (for example the Administration Feature Pack, Device Management Feature Pack, Operating System Deployment Feature Pack Update).

Improvements/ enhancements to Feature Packs include:

Operating System Deployment (OSD) - Images created in Windows IMage (WIM) format can be deployed (including any required applications), using bootable media such as CD/ DVD. One or more tasks can be created and combined to create a Task Sequence to control and customise the deployment of the image and Software Distribution actions.

Mobile Device Management - The ability to manage Windows CE and Windows Mobile devices in the same way as regular ConfigMgr Clients (such as Hardware and Software Inventory, Software Distribution, Software Updates, and of course Windows Mobile settings).

Transfer Site Settings Wizard - Allows the settings from one ConfigMgr Site to be transferred to another to save the admin having to reconfigure the settings on every Site. Settings covered by the wizard include Client Agent configuration, Discovery Method configuration, Package and Collection properties amongst others.

Manage Site Accounts Tool (MSAC.exe) - A command line tool used to create, list, verify, update and delete user-defined accounts for use by ConfigMgr.

All Site Servers and Site Systems must be a member of an AD Domain.

Primary Sites only support Windows Authentication for the Site Database.

Asset Intelligence introduced as an optional component in SMS 2003 SP3 is now included in the core product.

NOTE: As a result of the above two changes the core product requires a greater amount of server resources.
Major changes to the way Backup and Recovery works - Volume Shadow Copy Service (VSS), available with XP, Windows 2003 and later OSs allowing a capture of a ConfigMgr Site to be made and stored on other media.
Improved Remote Tools integration with Remote Desktop and Assistance - RDP is now used to communicate with XP, Vista and Windows 2003 (or later) Clients (Windows 2000 machines use a modified version of the SMS 2003 Remote Tools Client Agent). Remote Reboot, Chat, File Transfer, Remote Execute, Ping and Windows 98 diags are no longer available in ConfigMgr.

Minor improvements to Collections, Software Distribution and Software Metering compared to SMS 2003.
Senders can only now be installed on Primary or Secondary Site Servers.

Only one Client type (basically the SMS 2003 Advanced Client so no Legacy Clients).

Only a single Security mode (similar to SMS 2003 Advanced Security mode).

The Site Server's local boundary is no longer automatically configured as a Site Boundary - you need to define this post installation.

Site Boundaries are no longer supported - only Roaming Boundaries are with a choice of "Slow or unreliable" or "Fast (LAN)".

Client Push uses the Site Code of the Primary rather than being set to "Auto" as in SMS 2003.

April 10, 2009

ConfigMgr/SMS Query and Report for Spyware

RSYS.Name0 AS 'Computer',
RSYS.User_Name0 As 'Last User ID',
SF.FileName As 'File Name',
SF.FileDescription As 'File Description',
SF.FilePath As 'File Path',
SF.FileSize As 'File Size',
SF.FileVersion As 'File Version'
ON RSYS.ResourceID = SF.ResourceID
AND ( SF.FileDescription like '%doom%' OR /* DOOM Game */
SF.FileDescription like '%GNUTE%' OR /* MP3 Resources */
SF.FileDescription like '%l0pht%'OR /* Password cracker */
SF.FileDescription like 'Lime%' OR /* Peer-to-Peer file sharing */
SF.FileDescription like '%nuke%' OR /* DOOM Game */
SF.FileDescription like '%orafice%' OR /* Keystroke mapper */
SF.FileDescription like '%sniff%' OR /* Network sniffer */
SF.FileDescription like '%unreal%' OR /* Games */
SF.FileName like '%as-101%' OR
SF.FileName like '%babylon%' OR
SF.FileName like '%bearshare%' OR
SF.FileName like '%bindery%' OR
/* SF.FileName like '%bindin%' OR */
SF.FileName like '%bo2k%' OR
SF.FileName like '%chknull%' OR
SF.FileName like '%Cracker%' OR /* Password cracker */
SF.FileName like '%Craserv%' OR
SF.FileName like '%doom%' OR /* DOOM game */
SF.FileName like '%EbatesMoeMoney%' OR /* Spyware */
SF.FileName like '%expolit%' OR
SF.FileName like 'gator%' OR /* Gator Spyware/Adware */
SF.FileName like '%getadmin%' OR
SF.FileName like '%gnucleus%' OR
SF.FileName like '%GNUTE%' OR /* MP3 Resources */
SF.FileName like '%GROK%' OR
SF.FileName like '%hack%' OR /* Password cracker */
SF.FileName like '%hotbar%' OR /* IE Toolbar - Spyware/Adware */
SF.FileName like '%kazaa%' OR /* Peer-to-Peer file sharing */
SF.FileName like 'keygen%'OR /* Password cracker */
SF.FileName like '%l0phtcrack%' OR /* Password cracker */
SF.FileName like '%lc252install%' OR /* Password cracker */
SF.FileName like '%LIME%' OR /* Peer-to-Peer file sharing */
SF.FileName like '%morpheus%' OR
SF.FileName like '%Napster%' OR /* Peer-to-Peer file sharing - MP3 Resources */
SF.FileName like '%nbsvr%' OR
SF.FileName like '%nbtscan%' OR
SF.FileName like '%ndssnoop%' OR
SF.FileName like '%netbusr%' OR
SF.FileName like '%nmapNT%' OR
SF.FileName like '%nuke%' OR /* DOOM Game */
SF.FileName like '%nwpcrack%' OR
SF.FileName like '%orafice%' OR /* Keaystroke mapper */
SF.FileName like '%otglove%' OR
SF.FileName like '%precisiontime%' OR
SF.FileName like '%pwdump%' OR /* Password cracker */
SF.FileName like '%quake%' OR /* DOOM game */
SF.FileName like '%Retina%' OR
SF.FileName like '%RFPoison%' OR
SF.FileName like '%smbdie%' OR
SF.FileName like '%smurf%' OR
SF.FileName like '%unreal%' OR
SF.FileName like '%XUPITER%' OR
SF.FileName like 'POPSRV%' OR
SF.FileName IN ('_DLL.exe', /* Troj_Bagle.AC Trojan */
'ARR.exe', /* Dial-up Hijacker - high cost toll number */
'asart.exe', /* ? */
'av.exe', /* W32.Alphx.Word.A Virus */
'BackWeb.exe', /* Spyware - BackWeb Technologies */
'Bargains.exe', /* BargainBuddy - Adware/Spyware */
'BELT.exe', /* Spyware - SearchV.com */
'Bling.exe', /* W32.SDBot-OH.Worm */
'BLSS.exe', /* Spyware - CBlaster Trojan */
'Bootconf.exe', /* Sypware - Homepage Hijacker */
'BonziBdy.exe', /* Spyware */
'botzor.exe', /* W32.ZOTOB.Worm */
'BPC.exe', /* Spyware - Grokster */
'Bundle.exe', /* Adware.SAHAgent */
'businessbg0002.exe', /* Spyware - ? */
'cmesys.exe', /* Adware.W32.Claria */
'crafty.exe', /* ? */
'CFD.exe', /* Spyware - Motive Cleint Foudation */
'csm.exe', /* W32.ZOTOB.B Worm */
'Datemanager.exe', /* Pop-Ups via Gator */
'DIVX.exe', /* MASTAK Virus or NALDEM Trojan */
'DPPS2.exe', /* Don't Panic! Pop-up blocker - Spyware */
'DSSagent.exe', /* Adware - Broderbund - Spyware? */
'eanthology.exe', /* eAcceleration Software Station - Spyware? */
'EditSRV.exe', /* Spyware - Email_Update.exe */
'email_Update.exe', /* StopSign Email Scanner - eAcceleration Software - Spyware? */
'EMSW.exe', /* Spyware - Alset Inc. */
'Gator.exe', /* Adware.W32.Claria */
'gmt.exe', /* Adware.W32.Claria */
'haha.exe', /* Myet Trojan */
'Hbinst.exe', /* Spyware - HotBar */
'HBSRV.exe', /* Spyware - HotBar */
'Hotbar.exe', /* Spyware - HotBar */
'HXDL.exe', /* HXDL Spyware - Gator */
'HXIUL.exe', /* Adware - HelpExpress - Alset Inc. */
'IDHost.exe', /* Topicks Spyware */
'IEDll.exe', /* Homepage Hijacker */
'IEDriver.exe', /* Peer-To-Peer File Sharing */
'INFUS.exe', /* Dial-up Hijacker - high cost toll number */
'InfWin.exe', /* MSView Parasite */
'INTDEL.exe', /* Adware - Pop-ups */
'ISTSVC.exe', /* Spyware - Integrated Search Technologies */
'KeenValue.exe', /* Spyware - Gator */
'loader.exe', /* Backdoor.Prorat Virus */
'lol.exe', /* W32.HLLW.Rackus Virus */
'Lspmonitor.exe', /* Spyware - StopSign */
'mapisvc32.exe', /* KX Virus */
'MD.exe', /* System MD Virus */
'MDie.exe', /* Backdoor.Win32.Rbot.Gen Virus */
'MemoryMeter.exe', /* Grokster Peer-To-Peer File Sharing Suite */
'MFIN32.exe', /* Adware - MyFreeInternet Update */
'MMod.exe', /* Adware.W32.EarnBundleWare */
'MOStat.exe', /* Spyware - Wurld Media */
'mousebm.exe', /* W32.ESBot Virus */
'mousemm.exe', /* W32.ESBot.A Virus */
'MSBB.exe', /* Adware.W32.BargainBuddy - 180Solutions */
'MSCache.exe', /* Spyware - Integrated Search Technologies */
'MSCMan.exe', /* Spyware - Odysseus Marketing */
'msdefr.exe', /* Spybot Worm */
'MSMACROPROTXZ.exe', /* Spybot Worm */
'MSMGT.exe', /* Spyware - Total Velocity */
'MSSVR.exe', /* Spyware - 2020DownLoader - 2020 Internet Search Toolbar */
'MSUpdater.exe', /* TrojanDownLoader.Win32.WinShow Trojan */
'MWSOEMON.exe', /* MyWebSearch Toolbar */
'mwsvm.exe', /* Adware - Adw.ScanPortAL.A */
'Nail.exe', /* Trojan.Win32.Stervis.B Trojan */
'nb32ext2.exe', /* MyDoom.BV worm */
'nbmanager.exe', /* Spyware - eAnthology */
'netbutler.exe', /* ? */
'onsrvr.exe', /* Spyware - OnWebMedia */
'PC32.exe', /* Mastak Virus */
'per.exe', /* Worm.ZOTOB.C Virus */
'PGMonitr.exe', /* Adware.W32.DelFin */
'PowerScan.exe', /* Adware.W32.PowerScan */
'PRMVR.exe', /* Spyware - Adtomi.com */
'pnpsrv.exe', /* W32.SDBOT.Worm Virus */
'Precisiontime.exe', /* Adware.W32.ClariaPrecision */
'PrizeSurfer.exe',/* Spyware - PrizeSurfer */
'Prmt.exe', /* Spyware - OpiStat */
'RAY.exe', /* Homepage Hijacker */
'RB32.exe', /* Adware.W32.RapicBlaster */
'RCSync.exe', /* Spyware - PrizeSurfer */
'Run32DLL.exe', /* Key Recorder - Screen Capture - PAL PC Spy */
'SAHAgent.exe', /* Adware.W32.CyDoor - CyDoor Desktop Media */
'savenow.exe', /* Coupons - WhenU.com */
'SBHC.exe', /* IE Plugin - GIGATech Software */
'ShowBehind.exe', /* Adware - MicroSmarts Enterprise */
'SLMSS.exe', /* Spyware - 2nd Thourgh by CPM Media */
'SRNG.exe', /* Spyware - Search Hijacker */
'STCLoader.exe', /* Spyware - 2nd Thourgh by CPM Media */
'SUSP.exe', /* Spyware - ABetterInternet */
'SVCINIT.exe', /* Backdoor.Sinit Trojan */
'svnlitup32.exe', /* Worm.RBOT.CBJ */
'syscpy.exe', /* Backdoor.Hogle Trojan */
'Systesm32.exe', /* Spyware - Bling.exe */
'thefourthcoming.exe', /* ? */
'Trickler.exe', /* Spyware - Gator GAIN (Gator Advertising and Info Network) */
'TSADBot.exe', /* Adware */
'TVMD.exe', /* Spyware */
'TVTMD.exe', /* Spyware */
'UCMWESKU.exe', /* ? */
'Updates32.exe', /* Spyware - Bling.exe */
'uptodate.exe', /* Adware - BrowserPal */
'veloz.exe', /* StopSign Email Scanner - eAcceleration Software */
'velozsys.exe', /* StopSign Email Scanner - eAcceleration Software */
'Weather.exe', /* Adware */
'webcel.exe', /* eAcceleration Software - Spyware - ? */
'WebDev.exe', /* ? */
'Win32US.exe', /* Dial-up Hijacker - high cost toll number */
'WinActive.exe', /* Homepage Hijacker */
'windrg32.exe', /* W32.ZOTOB.D Worm */
'WinMain.exe', /* Trojan.KonDeli */
'WinNet.exe', /* Adware/Spyware - CommonName I.E. Search */
'winpnp.exe', /* W32.SDBOT.Worm */
'WinServN.exe', /* Adware.W32.PurityScan - ClickSpring LLC */
'WinStart.exe', /* Homepage Hijacker - iGetNet */
'WinStart001.exe', /* Adware */
'wintbp.exe', /* W32.ZOTOB.E Worm */
'wintbpx.exe', /* W32.BOZORI.Worm.B */
'WNAD.exe', /* Spyware - TwistedHumor.com */
'wpa.exe', /* ESBOT Worm */
'ygpmrgsb.exe', /* ? */
'zeus.exe', /* Zeus:Master of Olympus game */
'zmanager.exe' /* Spyware - eAcceleration */

April 9, 2009

Understanding Software Updates in SCCM 2007

Configmgr 2007 comes with a totally new way of deploying software updates. The new method offers some great advantages over the old one(s) available in Sms 2003. It didn't take me too long to see the benefits the new architecture brings, but it did take me quite some effort in understanding how I could create a working operational process to maximize these benefits, it actually took a fellow mvp (Thanks Pannu) and Wally to set things straight in my head (Thanks Wally). This 2 -series post will try to give you some insight in how the Configmgr 2007 solution stacks up with the sms 2003 implementation. The second portion will explain the objects involved and will guide you through a potential implementation of Software updates in Sccm 2007.

Let's start by briefly explaining how the sms 2003 infrastructure operates, followed by the currently known issues. Later in this post we'll review what the Sccm 2007 architecture looks like, and how this new architecture deals with the known issues of the past.

In sms 2003 the backend infrastructure relied on software distribution packages and advertisements to initiate the sofware catalog download, the software update scan and patch installation processes. The scan process itself, using the final scan engine itmu, was based on the Windows automatic update agent. The scan engines prior to that were sms specific engines like the software update inventory scan tool, the office update inventory scan tool or the extended software update inventory tool. Clients have always reported their software update compliance state based on hardware inventory regardless of the scan engine used.

One of the downsides of the sms 2003 infrastructure was the fact that multiple scan engines were necessary, which complicated the software update management quite a bit. And no matter what engine you used, all engines first downloaded the catalog locally and cached it in a specific folder prior to starting the scan. This caching of the catalog files didn't always work flawlessly resulting in clients scanning with an old catalog which obviously didn't report the expected information. Another issue was the fact that the reporting process relied on hardware inventory to do its reporting, this resulted in a slower and not very flexible reporting process.

Now let's look at how this all works in sccm 2007. Sofware updates now integrates/relies on a Wsus 3.0 server. The Wsus server is used to download the catalog and to serve as the "scan point" for the Configmgr2007 clients. This eliminates the problem that the sms 2003 engines had with caching the catalog, because the clients now scan directly from a wsus server. Another benefit of this integration is the increased content that can be deployed. The sms 2003 engines only supported security updates whereas wsus 3.0 supports a wide variety of updates ranging from security updates over critical updates, feature pack, service packs, drivers and more. All these benefits come at a fairly low cost, yes you now need to install a wsus server but all management of this wsus server is done from the Sccm 2007 admin console. (This is why you need to install the wsus admin console on the site server if you want to use a remote wsus server).

Another major change afaic is that clients now report their software update compliance state based on state messages. This allows for faster more flexible and more detailed status reporting from the clients to flow up to the server.

The above view is presented by Kim oppalfenss (My one of the favourite SMS Expert).

Sccm 2007 client agent deployment using Software updates

Sccm 2007 has a new client deployment method called Software update point based client installation. The idea behind Software update point based client installation is to publish the Sccm 2007 client as a critical update, and hence its name is installed from the Software update point. Most of you will probably now that Software Update management in Sccm 2007 integrates with Wsus 3.0 Sccm 2007 relies on Wsus to synchronize the catalog and to scan clients, but that's food for another post.


Why does sccm 2007 require a new installation method? What was wrong with the previous installation methods we had in sms 2003? To be honest, not much, but they all had their drawbacks. Let's just have a look at each of the installation methods and their drawbacks before we continue and see what Software update point based installation has in store for us.

Manual installation: This installation method lacks automation and requires the end-user to be a local administrator on the machine which is obviously a big NONO security wise.

Login script installation: Lacks from the same security issue as manual installation and is by consequence a NOGO.

Software Distribution based installation: Good installation method but this is often a chicken or egg kinda problem, you already need to have a software distribution mechanism out there for this to work.

Client Push Installation (Wizard): Great installation method but it has some requirements that could prove to be problematic in a real secure environment. It requires remote local admin privileges which is usually fine. But it also requires remote registry and access to the admin$ share. A secure environment should have file and print sharing disabled on desktops or laptops, or at the very least have them blocked by a personal firewall.

GPO based installation: Nice installation method with very modest requirements on the machine to be installed, but it suffers from its own drawbacks. The main problem with GPO based installation is that it is end-user driven. GPO's software installation only happens at logon or after a restart. Both events normally only happen after the end-user gave their user name and password or powered on the machine. If you have pesky users that just close their laptop lid in the evening and open it back up the next morning then your out of luck with gpo's. With todays more stable os's like Windows XP and Windows Vista It could take a pretty long time before the machine actually needs to be rebooted on the lan.

Software update based client installation: Superb installation method that mixes the benefits of GPO based installation with those of software distribution based installation. In other words it has pretty low requirements on the target machine, even lower as software distribution based installation as it does not require a software distribution solution in place and doesn't require the target machine to be in active directory. (You'll need a different way than adm templates to set the registry keys though). On top of that it offers a Schedule based installation which eliminates the end-user initiated drawback of gpo's. By the way if you install a newer version of the SCCM 2007 beta or install a Service pack after RTM you will be able to update your publication so that you can use this method to easily upgrade your existed install base to the new version.


How do you get this to work? Remarkably easy actually.

STEP 1 Configure the Windows Update agent GPO:

Open a GPO
Go to Computer configuration\Windows Components\Windows Update
Configure the Configure automatic updates option, Set it to auto download and shedule the install
Choose your own schedule
Configure the Specify intranet microsoft update service location
Configure both options with the value

STEP 2 Import the SCCM-2007 adm template:

Download the adm template to configure SCCM 2007 client installation command line parameters http://www.blogcastrepository.com/files/folders/documents/entry15469.aspx

Open a GPO
In Computer Configuration Right-click on Administrative templates

Browse to the SCCM-2007 and add the template.

Go to Computer configuration\Windows Components\SCCM 2007\Software Update point client installation

Configure the command line with the parameters you want.

STEP 3 Publish the SCCM 2007 client (As documented in the SCCM 2007 help file)

To publish the Configuration Manager 2007 client to the WSUS server:
In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / / Site Settings / Client Installation Methods.
Right-click Software Update Point Client Installation, and click Properties.

To enable client installation, select the Enable Software Update Point Client Installation check box.
If the client software on the Configuration Manager 2007 site server is newer than that stored on the software update point, the Upgrade Client Package Version dialog box will open. You should click Yes in this dialog box to publish the most recent version of the client software to he software update point.

To finish configuring the software update point client installation, click OK.

http verification .sms_aut () failed with status code 503, service unavailable

If MPControl.log file throwing error “http verification .sms_aut () failed with status code 503, service unavailable” then check for your IIS application pool. SMS management point pool and CCM server framework pool might have stopped.

For resolution please check site server’s for Netlogon service is stopped or not.

Starting of Netlogon service solved our problem.

SMS Client on X64 bit systems

Last few days, I was working closely to find out the way to manage the x64 bit servers in my infrastructure and here's the findings-

1) Go to control panel. Click on view x86 control panel Icons
2) It will open in new window and there you will find System management Icon

You will find C:\WINDOWS\sysWOW64. In the same folder you will find VPcache folder.

April 7, 2009

List of updates in Windows Server 2003 Service Pack 2

This article lists problems that are fixed in Microsoft Windows Server 2003 Service Pack 2 (SP2). Service packs are cumulative. This means that the problems that are fixed in a service pack are also fixed in later service packs.


Step-by-Step Guide to Getting Started with Microsoft Windows Server Update Services 3.0 SP1

This guide provides instructions for getting started with Microsoft Windows Server Update Services 3.0 Service Pack 1 (WSUS 3.0 SP1)


How to Allow remote administration (VBScript)

' This code enables the remote administration exception
Set Firewall = CreateObject("HNetCfg.FwMgr")
Set Policy = Firewall.LocalPolicy.CurrentProfile
Set AdminSettings = Policy.RemoteAdminSettings
AdminSettings.Enabled = TRUE
WScript.Echo "Setting enabled"

Batch Scripting - Commands

Commands A-M
@ (Batch) Used before a batch command so that the command will not be displayed before it is executed
ACCDATE (Config) Enables/disables recording file last access date
ACLCONV (Command) Converts OS/2 HPFS386 file/directory permissions to NTFS volumes
ADPREP (Command) Prepares Windows 2000 domains and forests for an upgrade to Windows Server 2003
ANSI.SYS (Config) Defines functions that change display graphics, control cursor movement, and reassign keys
APPEND (Command) Enables programs to open data files in specified directories as if the files were in the current directory
ARP (Command) Changes the IP-to-Ethernet or token ring physical address translation tables used by the Address Resolution Protocol
ASSIGN (Command) Redirects requests for disk read/write operations on one drive to a different drive
ASSOC (Command) Change file extension associations
ASSOCIATE (Command) One step file association
AT (Command) Schedule a command to run at a later time
ATMADM (Command) Monitors connections and addresses registered by the ATM Call Manager on an ATM network
ATTRIB (Command) Change file attributes
BACKUP (Command) Backs up one or more files from one disk to another
BASIC (Command) BASIC programming language interpreter
BASICA (Command) Advanced BASIC programming language interpreter
BLAT (Command) Public Domain utility that sends the contents of a file in an e-mail message using SMTP
BOOTCFG Configures, queries, or changes Boot.ini file settings
BOOTCFG /ADDSW (Command) Adds BOOT.INI load options
BOOTCFG /COPY (Command) Makes another operating system instance copy
BOOTCFG /DBG1394 (Command) Configures 1394 port debugging
BOOTCFG /DEBUG (Command) Adds or changes the debug settings
BOOTCFG /DEFAULT (Command) Designate the default operating system entry
BOOTCFG /DELETE (Command) Deletes an operating system entry
BOOTCFG /EMS (Command) Adds or changes the EMS console redirection
BOOTCFG /QUERY (Command) Displays the [boot loader] and [operating systems] sections
BOOTCFG /RAW (Command) Adds load options to an [operating systems] entry
BOOTCFG /RMSW (Command) Removes BOOT.INI load options
BOOTCFG /TIMEOUT (Command) Changes the operating system time-out value
BREAK (Command) Sets or clears extended CTRL+C (^C) checking
BREAK.SYS (Configuration) Sets or clears extended CTRL+C (^C) checking
BUFFERS (Configuration) Set number of disk buffers
CACLS (Command) Change file permissions
CALL (Batch) Call one batch program from another
CERTREQ (Command) Requests certificate from a certification authority (CA)
CERTUTIL (Command) Certification Authority (CA) utility
CERTUTIL archival/recovery (Command) Key archival and recovery.
CERTUTIL backup/restore (Command) Backing up and restoring certificates.
CERTUTIL certificates (Command) Managing certificates.
CERTUTIL configure (Command) Configuring a Certification Authority (CA).
CERTUTIL CRLs (Command) Managing certificate revocation lists (CRL).
CERTUTIL decode/encode (Command) Encoding and decoding certificates.
CERTUTIL manage (Command) Managing a Certification Authority.
CERTUTIL troubleshooting (Command) Troubleshooting certificates.
CHANGE LOGON (Terminal Services Command) Enables/disables logons from client sessions
CHANGE PORT (Terminal Services Command) Change the COM port mappings
CHANGE USER (Terminal Services Command) Changes .INI file mapping
CD (Command) Change Directory - move to a specific Folder
CHCP (Command) Display or change the active character set for all devices that support character set switching
CHDIR (Command) Change Directory - move to a specific Folder
CHKDSK (Command) Check Disk - check and repair disk problems
CHKNTFS (Command) Check the NTFS file system
CHKSTATE.SYS (Configuration) Used exclusively by MEMMAKER
CHOICE (Batch) Accept keyboard input to a batch file
CIPHER (Command) Changes the encryption of directories [files] on NTFS partitions
CLEARMEM (Command) Forces pages out of RAM
CLIP (Command) Copy STDIN to the Windows clipboard
CLS (Command) Clear the screen
CLUADMIN (Command) Connect to a server cluster
CLUSTER (Command) Administer server clusters
CMD (Command) Start a new CMD shell
CMDKEY (Command) Creates, lists and deletes stored user names and passwords or credentials.
CMSTP (Command) Installs/removes a Connection Manager service profile
CODEPAGE (Command) Selects the code pages that the system will use
COLOR (Command) Change colours of the CMD window
COMMAND (Command) Starts a new instance of the operating system command interpreter
COMMANDMAIL (Command) Commercial command-line SMTP Mailer
COMP (Command) Compare the contents of two files or sets of files
COMPACT (Command) Compress files on an NTFS partition
CON2PRT (Command) Connect or disconnect a Printer
CONVERT (Command) Convert a FAT/FAT32 drive to NTFS
CONLOG (Command) Convert Web server log files to NCSA Common file format
COPY (Command) Copy one or more files to another location
BREAK.SYS (Configuration) Set country-dependent information
CPROFILE (Terminal Services Command) Cleans specified profiles
CSCRIPT (Command) Command-line-based script host
CSVDE (Command) Imports/exports Active Directory data to CSV format file
CTTY (Command) Changes the terminal device used to control your computer
DATE (Command) Display or set the date
DBLSPACE (Command) Enables the loading of the real-mode driver (DblSpace.bin) into upper memory
DBLSPACE.SYS (Config) Real-mode driver
DCGPOFIX (Command) Restores default Group Policy objects to original state
DEBUG (Command) A program testing and editing tool
DEFPRINT (Command) Set default printer
DEFRAG (Command) Reorganizes the files on a disk to optimize disk performance
DEL (Command) Delete one or more files
DELOLDOS (Command) Delete files from previous versions of DOS after a 5.0 or 6.0 installation.
DELSRV (Command) Unregisters service
DELTREE (Command) Delete a folder and all subfolders
DEVICE (Config) Set device driver
DEVICEHIGH (Config) Load device driver into upper memory
DEVINFO (Config) Prepares a device to use code pages
DFSCMD (Command) Command-line distributed file system management
DIR (Command) Display a list of files and folders
DIRUSE (Command) Display disk usage
DISKCOMP (Command) Compare the contents of two floppy disks
DISKCOPY (Command) Copy the contents of one floppy disk to another
DISKPART (Command) Manage objects (disks, partitions, or volumes) by using scripts or direct input
DISKPERF (Command) Controls the types of counters viewed by System Monitor
DISPLAY.SYS (Config) Display international character sets on EGA, VGA, and LCD monitors
DOS (Config) Load DOS into high memory
DOSHELP (Command) Starts operating system command Help
DOSKEY (Command) Edit command-line, recall commands, and create macros
DOSONLY (Config) Prevents starting non-MS-DOS-based applications from the COMMAND.COM prompt
DOSSHELL (Command) A graphical interface to the operating system
DRIVER.SYS (Config) Phantom floppy support
DRIVERQUERY (Command) List of all installed device drivers
DRIVPARM (Config) Define block device
DRVSPACE (Command) Enables the loading of the real-mode driver (DrvSpace.bin) into upper memory
DRVSPACE.SYS (Config) Real-mode driver
DSADD (Command) Adds specific types of objects to the directory
DSGET (Command) Displays specific objects selected properties in the directory
DSMOD (Command) Modifies specific types of objects in the directory
DSMOVE (Command) Moves/renames single object within a domain/tree
DSQUERY (Command) Queries Active Directory according to specified criteria
DSRM (Command) Deletes an specific/general object from the directory
DYNALOAD (Command) Dynamically load device drivers from the command line
E editor (Command) OS/2 editor
ECHO (Batch) Display message on screen
ECHOCONFIG (Config) Displays messages during the processing of the MS-DOS subsystem CONFIG.NT and AUTOEXEC.NT when the MS-DOS subsystem is invoked
EDIT (Command) A text editor you can use to create and edit ASCII text files
EDLIN (Command) A line editor to create or modify text files
EGA.SYS (Config) Save/restore EGA monitor for Shell Task Swapper
EMM386 (Command) Enables or disables EMM386 expanded-memory support on a computer with an 80386 or higher processor
EMM386.EXE (Config) 80386+ Expanded-memory device driver
ENDLOCAL (Batch) End localisation of environment changes in a batch file
ERASE (Command) Delete one or more files
Errorlevel, IF (Batch) Conditionally executes command if the previous program run returned an exit code
EVENTCREATE (Command) Create a custom event in specified log
EVENTQUERY[.vbs] (Command) Lists the events and properties from event logs
EVENTTRIGGERS Displays/configures event triggers on local or remote machines
EVNTCMD (Command) Displays SNMP events
EXE2BIN (Command) Converts files from .EXE format to binary format
Exist, IF (Batch) Conditionally executes command if filename exists
EXIT (Batch) Quit the CMD shell
EXPAND (Command) Uncompress files
EXTRACT (Command) Uncompress CAB files
FASTHELP (Command) Displays a list of all commands and gives a brief explanation of each
FASTOPEN (Command) Tracks the location of files on a hard disk and stores the information in memory for fast access
FC (Command) Compare two files
FCBS (Config) Set control blocks
FDISK (Command) Configure/partitition a hard disk for use
FILES (Config) Set maximum open files
FIND (Command) Search for a text string in a file
FINDGRP (Command) Finds all direct and indirect group memberships for a specified user in a domain
FINDSTR (Command) Search for strings in files
FINGER (Command) Displays information about a user on a specified system
FLATTEMP (Terminal Services Command) Enables or disables flat temporary folders
FOR Conditionally perform a command several times
FOR (Batch) Loop through a set of files in one folder
FOR /D (Batch) Loop through several folders
FOR /F (Batch) Loop through items in a text file, Loop through the output of a command
FOR /L (Batch) Loop through a range of numbers
FOR /R (Batch) Loop through files (recurse subfolders)
FORCEDOS (Command) Starts the specified program in the MS-DOS subsystem
FORFILES (Batch) Batch process multiple files
FORMAT (Command) Format a disk
FREEDISK (Batch) Checks available disk space
FSUTIL Perform many FAT and NTFS file system related tasks, such as managing reparse points, managing sparse files, dismounting a volume, or extending a volume
FSUTIL USN (Command)
FTP (Command) File Transfer Protocol
FTYPE (Command) Display or modify file types used in file extension associations
GDISK (Command) Ghost disk
GETDC (Command) Get server name for a give domain
GETMAC (Command) Returns the MAC address
GETTYPE (Batch) Sets %ERRORLEVEL% to Windows value
GLOBAL (Command) Display membership of global groups
GOTO (Batch) Direct a batch program to jump to a labelled line
GPRESULT (Command) Displays Group Policy settings and RSOP for a user/computer
GPUPDATE (Command) Refreshes local and Active Directory-based Group Policy settings
GRAFTABL (Command) Loads a table of character data into memory
GRAPHICS (Command) Loads a program into memory that allows MS-DOS to print the information displayed on your screen
GWBASIC (Command) Basic language command interpreter.
HELP (Command) Starts operating system command Help
HELPCTR (Command) Starts Help and Support Center
HIMEM.SYS (Config) Extended memory manager
HOSTNAME (Command) Prints the name of the current computer
IF (Batch) Conditionally perform a command
IFMEMBER (Command) Checks whether current user is a member of a specified group
IISAPP[.VBS] (Command) IIS application query
IISBACK[.VBS] (Command) IIS backup management
IISCNFG[.VBS] (Command) IIS configuration
IISEXT[.VBS] (Command) IIS Web service extension
IISFTP[.VBS] (Command) IIS FTP site management
IISFTPDR[.VBS] (Command) IIS FTP directory
IISREPL[.VBS] (Command)
IISRESET (Command) IIS restart Web services
IISSYNC[.VBS] (Command)
IISWEB (Command) IIS virtual directory
IISVDIR (Command) IIS Web site management
INCLUDE (Config) Include one config-block within another
INSTALL (Config) Load TSR into memory
INTERLNK (Config) (Command) Connects two computers via parallel or serial ports and enables the computers to share disks and printer ports
INTERSVR (Config) (Command) Starts the Interlnk server
INUSE (Command) On-the-fly replacement of files currently in use by the operating system
IPCONFIG (Command) Configure IP
IPSECCMD (Command) Configures Internet Protocol Security policies in a directory service or in a local/remote registry
IPXROUTE (Command) Changes information about the IPX protocol routing tables
IRFTP (Command) Sends files over an infrared link
JOIN (Config) (Command) Allows access to the directory structure and files of a drive through a directory on a different drive
KEYB (Config) (Command) Configures a keyboard for a specific language
KILL (Command) Remove a program from memory
:LABEL (Batch) Used as the target of GOTO command(s)
LABEL (Command) Edit a disk label
LASTDRIVE (Config) Specify last system drive
LDIFDE (Command) Creates/modifies/deletes directory objects
LFNFOR (Batch) Enables/Disables Long file names when processing FOR commands
LH (Command) Loads a program into the upper memory area
LIBPATH (Config) Specifies the directories to search for dynamic-link libraries
LINK (Command) 16-bit link system libraries to object program
LOADFIX (Command) Ensures that a program is loaded above the first 64K of conventional memory, and runs the program
LOADHIGH (Command) Loads a program into the upper memory area
LOCAL (Command) Display membership of local groups
LOCK (Command) Locks a drive, enabling direct disk access for an application
LODCTR (Command) Registers new Performance counter names
LOGEVENT (Command) Write text to the NT event viewer
LOGMAN (Command) Manages/schedules performance counter/event trace log collections
LOGOFF (Terminal Services Command) Terminates a session
LOGTIME (Command) Log the date and time in a file
LPQ (Command) Diagnostic utility obtains status of a print queue on a LPD server computer
LPR (Command) Connectivity utility to print a file to a LPD server computer
MACFILE (Command) Manage File Server for Macintosh servers, volumes, directories, and files
MAKECAB (Command) Cabinet (.CAB) archive file maker
MAPISEND (Command) Send email from the command-line
MD (Command) Create new folders
MEM (Command) Display memory usage
MEMMAKER (Command) Optimizes your computer's memory by moving device drivers and memory-resident programs to upper memory
MENUCOLOR (Config) Set text and background color
MENUDEFAULT (Config) Specify default menu item
MENUITEM (Config) Define an item on the startup menu
MIRROR (Command) Used to store information about a disk's file allocation table, boot record, and root directory
MKDIR (Command) Create new folders
MMC (Command) Microsoft Management Console
MODE Configure a system device (Command)
MODE (Command) Configure Printer
MODE (Command) Configure Serial Port
MODE (Command) Display Device Status
MODE (Command) Redirect Printing
MODE (Command) Set Device Code Pages
MODE (Command) Set Display Mode
MODE (Command) Set Typematic Rate
MORE (Command) Display output, one screen at a time
MOUSE.SYS (Config) Mouse pointer driver
MOUNTVOL (Command) Manage a volume mount point
MOVE (Command) Move files from one folder to another
MRINFO (Command) Queries specified multicast router
MSAV (Command) Scans your computer for known viruses
MSBACKUP (Command) Backs up or restores one or more files from one disk onto another
MSCDEX (Command) Provides access to CD-ROM drives
MSD (Command) Provides detailed technical information about your computer
MSG (Terminal Services Command) Send a message to a user
MSIEXEC (Command) Install, modify, and perform operations on Windows Installer
MSINFO32 (Command) Windows NT diagnostics
MSTSC (Terminal Services Command) Creates/edits/migrates connections to terminal servers or other remote computers
MUNGE (Command) Find and Replace text within file(s)
MV (Command) Copy in-use files

NBTSTAT (Command) Display networking statistics (NetBIOS over TCP/IP)
NET Manage network resources (Command)
NET ACCOUNTS (Command) Updates the user accounts database and modifies password and logon requirements for all accounts
NET COMPUTER (Command) Adds or deletes computers from a domain database
NET CONFIG (Command) Displays your current workgroup settings
NET CONFIG SERVER (Command) Displays or changes settings for the Server service
NET CONFIG WORKSTATION (Command) Displays or changes settings for the Workstation service
NET CONTINUE (Command) Reactivates a Windows service suspended by NET PAUSE
NET DIAG[NOSTICS] (Command) Microsoft Network Diagnostics
NET FILE (Command) Closes a shared file and removes file locks
NET GROUP (Command) Adds, displays, or modifies global groups on servers
NET HELP (Command) Displays information about NET commands and error messages
NET HELPMSG (Command) Displays information about Windows network messages
NET INIT[IALIZE] (Command) protocol and network-adapter drivers without binding them to Protocol Manager
NET LOCALGROUP (Command) Modifies local groups on computers
NET LOGOFF (Command) Breaks the connections between your computer and the shared resources to which it is connected
NET LOGON (Command) Identifies you as a member of a workgroup
NET NAME (Command) Adds or deletes a messaging name (alias) at a computer
NET PASSWORD (Command) Changes your logon password
NET PAUSE (Command) Suspends a Windows service or resource. Pausing a service puts it on hold
NET PRINT (Command) Displays print jobs and shared queues
NET SEND (Command) Sends messages to other users, computers, or messaging names on the network
NET SESSION (Command) Lists or disconnects sessions between the computer and other computers on the network
NET SHARE (Command) Makes server's resources available to network users
NET START (Command) Starts services
NET STATISTICS (Command) Displays the statistics log for the local Workstation or Server service
NET STOP (Command) Stops services
NET TIME (Command) Synchronizes or displays the computer's clock with another computer or domain
NET USE (Command) Connects or disconnects your computer from a shared resource or displays information about your connections
NET USER (Command) Creates and modifies user accounts on computers
NET VER (Command) Displays the type and version number of the workgroup redirector
NET VIEW (Command) Displays a list of resources being shared on a computer
NETSH (Command) Command-line, scripting interface for configuring and monitoring Windows
NETSTAT (Command) Display networking statistics (TCP/IP)
NLB (Command) Network Load Balancing
NLBMGR (Command) Network Load Balancing Manager
NLSFUNC (Config) (Command) Loads country-specific information for national language support
Not, IF (Batch) Conditionally executes command if the previous program run returned an exit code
NOW (Command) Display the current Date and Time
NSLOOKUP (Command) Name server lookup
NTBACKUP (Command) Backup folders to tape
NTBOOKS (Command) Accesses online Windows NT manuals
NTCMDPROMPT (Config) Runs CMD.EXE command interpreter, rather than COMMAND.COM
NTDSUTIL (Command) Active Directory management
NTSD (Command) NT System Debugger
NUMLOCK (Config) Turn on/off numlock key
OPENFILES (Command) Queries, displays, or disconnects files opened
PAGEFILECONFIG (Command) Display/configure Virtual Memory settings
PATH (Command) Display or set a search path for executable files
PATHMAN (Command) Adds/removes components from system/user paths
PATHPING (Command) IP trace utility
PAUSE (Batch) Suspend processing of a batch file and display a message
PAX (Command) Portable Archive Interchange utility
PBADMIN (Command) Administers phone books
PENTNT (Command) Corrects floating point hardware error with emulation
PERFMON (Command) XP Performance console configured with NT 4.0 Performance Monitor settings files
PERMS (Command) Show permissions for a user
PING (Command) Test a network connection
PIPE (<) () (>), MOVE (Command) Redirection
POPD (Command) Restore the previous value of the current directory saved by PUSHD
PORTUAS (Command) Merges LAN Manager 2.x users into Windows 2000 accounts database
POWER (Config) (Command) Turns power management on and off
POWERCFG (Command) Control system power settings
PRINT (Command) Print a text file
PRNCNFG (Command) Configures printer information
PRNDRVR (Command) Adds, deletes, and lists printer drivers
PRNJOBS (Command) Pauses, resumes, cancels, and lists print jobs
PRNMNGR (Command) Adds, deletes, and lists printers
PRNPORT (Command) Creates, deletes, and lists standard TCP/IP printer ports
PRNQCTL (Command) Prints a test, pauses or resumes a printer
PROMPT (Command) Change the command prompt
PROTSHELL (Config) Protected Shell?
PSTAT (Command) Various system tables contents
PUSHD (Command) Save and then change the current directory
QBASIC (Command) Runs Basic computer language programs
QUERY PROCESS (Terminal Services Command) Displays terminal server running processes information
QUERY SESSION (Terminal Services Command) Displays terminal server sessions information
QUERY TERMSERVER (Terminal Services Command) Displays a list of all network terminal servers
QUERY USER (Terminal Services Command) Displays terminal server user session information
RAMBOOST (Command) Aggressive memory optimization
RAMDRIVE (Config) Emulate disk drive in RAM
RAMSETUP (Command) Installs RAMBOOST
RASDIAL (Command) Automates the connection process
RASPHONE (Command) Manage RAS/DUN connections
RCP (Command) Copies files between Window computer and system running remote shell daemon
RD (Command) Delete folder(s)
RDISK (Command) Create Recovery Diskette(s)
RECOVER (Command) Recover a damaged file from a defective disk.
REDIRECTION (<) () (>), MOVE (Command) redirection
REG (Command) Read, Set or Delete registry keys and values
REG ADD (Command)
REG BACKUP (Command)
REG COPY (Command)
REG DELETE (Command)
REG DUMP (Command)
REG FIND (Command)
REG LOAD (Command)
REG QUERY (Command)
REG SAVE (Command)
REG UNLOAD (Command)
REG UPDATE (Command)
REGEDIT (Command) Import or export registry settings
REGEDT32 (Command) Read, Set or Delete registry keys and values
REGISTER (Terminal Services Command) Registers a program so that it has special execution characteristics
REGSVR32 (Command) Registers .dll files as command components in registry
RELOG (Command) Extracts performance counters from logs into other formats
REM (Config) (Batch) Record comments (remarks) in a batch file
REN (RENAME) (Command) Rename a file or files.
REPLACE (Command) Replace or update one file with another
RESET SESSION (Terminal Services Command) Reset (delete) a session from the terminal server
RESTORE (Command) Restores files that were backed up by using any version of BACKUP
REXEC (Command) Runs commands on remote computers
REXX (Command) REXX language command interpreter
RKILL (Command) List/terminate remote system processes
RISETUP (Command) Remote Installation Services management
RM (Command) Remove file
RMDIR (Command) Delete folder(s)
RMTSHARE (Command) Share a folder or a printer
ROBOCOPY (Command) Robust File and Folder Copy
ROUTE (Command) Manipulates network routing tables
RSH (Command) Runs commands on remote computers
RSM (Command) Manages media resources using Removable Storage
RSS (Command) Enables Remote Storage, used to extend server disk space
RUNAS (Command) Execute a program under a different user account
SC (Command) Service Control
SCANDISK (Command) Disk analysis and repair tool
SCANDSKW (Command) Disk analysis and repair tool
SCHTASKS (Command) Schedules commands and programs to run
SCLIST (Command) Display NT Services
SCOPY (Command) File Copy with Security
SCRIPT-IT (Command) Automate interactive software installations and system configuration tasks
SECEDIT (Command) Configures and analyzes system security
SELECT (Command) Formats a disk and installs country-specific information
SET (Command) Display, set, or remove environment variables
SETLOCAL (Batch) Begin localisation of environment changes in a batch file
SETVER (Command) Reports a earlier version number to programs or device drivers
SETX (Command) Set environment variables permanently
SFC (Command) Scans and verifies the versions of all protected system files Connects to another session
SHADOW (Terminal Services Command) Enables you to remotely control an active session of another user
SHARE (Config) (Command) Installs file-sharing and disk locking capabilities
SHARE.VBS (Command) List, create, and delete shares on a remote system
SHELL (Config) Specify command processor
SHIFT (Batch) Shift the position of replaceable parameters in a batch file
SHORTCUT (Command) Create a windows shortcut (.LNK file)
SHOWACL (Command) Show file Access Control Lists
SHUTDOWN (Command) Shutdown the computer
SHUTGUI (Command) GUI version of SHUTDOWN
SIZER (Command) Determine the size in memory of device drivers and memory-resident programs
SLEEP (Batch) Wait for x seconds
SMARTDRV (Config) (Command) Creates a disk cache in extended memory
SOON (Command) Schedule a command to run in the near future
SORT (Command) Sort input
STACKS (Config) Allocate interrupt storage
START (Command) Start a separate window to run a specified program or command
SU (Command) Switch User
SUBINACL (Command) Modify Access Control Lists
SUBMENU (Config) Define a submenu on the startup menu
SUBST (Command) Associate a path with a drive letter
SWITCHES (Config) Specifies special options in MS-DOS
SYS (Command) Creates a startup disk
SYSCOMGR (Command) Installs a limited set of optional components
SYSTEMINFO (Command) Displays detailed configuration information
TAKEOWN (Command) Change file ownership
TAPICFG (Command) TAPI application directory partition configuration
TASKKILL (Command) Ends one or more tasks or processes
TASKLIST (Command) Displays a list of applications and services
TCMSETUP (Command) Sets up the telephony client
TELNET (Command) TCP/IP terminal emulation
TFTP (Command) Transfers files to and from a remote computer
TIME (Command) Display or set the system time
TIMEOUT (Batch) Delay processing of a batch file
TIMESERV (Command) NT service that automatically synchronizes local system time
TITLE (Command) Set the window title for a CMD.EXE session
TLIST (Command) Task List
TOUCH (Command) Change file date/timestamp
TRACERPT (Command) Processes event trace logs or real-time data
TRACERT (Command) Trace route to a remote host
TREE (Command) Graphical display of folder structure
TRUENAME (Command) Displays the actual path corresponding to virtual drives
TSCON (Terminal Services Command) Connects to another session
TSDISCON (Terminal Services Command) Disconnects a session from a terminal server
TSECIMP (Command) Imports assignment information from XML file into tsec.ini
TSKILL (Terminal Services Command) Ends a process
TSPROF (Terminal Services Command) Copies the user configuration information, which is displayed in the Terminal Services extensions to Local Users and Groups and Active Directory Users and Computers, from one user to another
TSSHUTDN (Terminal Services Command) Enables an administrator to remotely shut down or reboot a terminal server
TYPE (Command) Display the contents of a text file
TYPEPERF (Command) Writes performance counter data
UNDELETE (Command) Restores files that were previously deleted using DEL
UNFORMAT (Command) Restores only local hard and floppy disk drives
UNLOCK (Command) Unlocks a drive, disabling direct disk access for an application
UNLODCTR (Command) Removes Performance counter names and Explain text
USRSTAT (Command) List domain usernames and last login
VER (Command) Display version information
VERIFY (Command) Verify that files have been saved
VOL (Command) Display a disk label
VSAFE (Command) Continuously monitors your computer for viruses
VSSADMIN (Command) Displays current volume shadow copy backups
W32TIME (Command) NT time service
W32TM (Command) Diagnose problems occuring with Windows Time
WAIT (Command) Pause for given amount of time
WHERE (Command) Locates and displays all matching files
WHOAMI (Command) Output the current UserName and domain
WIN (Command) Starts the Windows Graphical User Interface (GUI)
WIN386 (Command) Starts the Windows Graphical User Interface (GUI)
WINDISK (Command) Disk administration
WINMSD (Command) Windows NT Diagnostics
WINMSDP (Command) Windows NT Diagnostics II
WINNT (Command) Performs an installation of or upgrade to Windows NT
WINNT32 (Command) Sets up or upgrades Windows 2000 Server or Professional
WINPOP (Command) POP3 service administration
WMIC (Command) Windows Management Instrumentation interface
XCACLS (Command) Change file permissions
XCOPY (Command) Copy files and folders