Working with System Management Tools
System management
is one of those catch-all terms that encompasses a wide range of tasks,
from simple adjustments such as changing the system date and time to
more complex tweaks such as modifying the Registry. Windows 7’s
command-line system management tools also enable you to monitor system
performance, shut down or restart the computer, and even modify the
huge Windows Management Instrumentation (WMI) interface. Table 4 lists the system management command-line tools that apply to Windows 7.
Table 4. Windows 7’s Command-Line System Management Tools
Tool | Description |
---|
BCDEDIT | Displays or modifies the Boot Manager startup parameters |
CHCP | Displays or changes the number of active console code pages |
DATE | Displays or sets the system date |
EVENTCREATE | Creates a custom event in an event log |
REG | Adds, modifies, displays, and deletes Registry keys and settings |
REGSVR32 | Registers dynamic link library (DLL) files as command components in the Registry |
SHUTDOWN | Shuts down or restarts Windows 7 or a remote computer |
SYSTEMINFO | Displays a wide range of detailed configuration information about the computer |
TIME | Displays or sets the system time |
TYPEPERF | Monitors a performance counter |
WHOAMI | Displays
information about the current user, including the domain name (not
applicable to Windows 7), computer name, username, security group
membership, and security privileges |
WMIC | Operates the Windows Management Instrumentation command-line tool that provides command-line access to the WMI interface |
The next few sections take more detailed looks at five of these command-line tools: REG, SYSTEMINFO, TYPEPERF, and WHOAMI.
REG: Working with Registry Keys and Settings
That’s the
easiest and safest way to make Registry changes. However, there may be
some settings that you change quite often. In such cases, it can become
burdensome to be frequently launching the Registry Editor and changing
the settings. A better idea is to create a shortcut or batch file that
uses the REG command-line tool to make your Registry changes for you.
REG actually consists of 11 subcommands, each of which enables you to perform different Registry tasks:
REG ADD | Adds new keys or settings to the Registry. You can also use this command to modify existing settings. |
REG QUERY | Displays the current values of one or more settings in one or more keys. |
REG COMPARE | Compares the values of two Registry keys or settings. |
REG COPY | Copies Registry keys or settings to another part of the Registry. |
REG DELETE | Deletes a key or setting. |
REG EXPORT | Exports a key to a .reg file. |
REG IMPORT | Imports the contents of a .reg file. |
REG SAVE | Copies Registry keys or settings to a hive (.hiv) file. |
REG RESTORE | Writes a hive file into an existing Registry key. The hive file must be created using REG SAVE. |
REG LOAD | Loads a hive file into a new Registry key. The hive file must be created using REG SAVE. |
REG UNLOAD | Unloads a hive file that was loaded using REG LOAD. |
I
won’t go through all of these commands. Instead, I’ll focus on the
three most common Registry tasks: viewing, adding, and modifying
Registry data.
To view the current value of the Registry setting, you use the REG QUERY command:
REG QUERY KeyName [/V SettingName | /VE] [/C] [/D] [/E] [/F data] [/K | [/S] [/SE separator] [/T type] [/Z]
KeyName | The Registry key that contains the setting or settings that you want to view. The KeyName must include a root key value: HKCR, HKCU, HKLM, HKU, or HKCC. Place quotation marks around key names that include spaces. |
/V ValueName | The Registry setting in KeyName that you want to view. |
/VE | Tells REG to look for empty settings (that is, settings with a null value). |
/F
data | Specifies the data that REG should match in the KeyName settings. |
/C | Runs a case-sensitive query. |
/E | Returns only exact matches. |
/K | Queries only key names, not settings. |
/S | Tells REG to query the subkeys of KeyName. |
/SE
separator | Defines the separator to search for in REG_MULTI_SZ settings. |
/T
type | Specifies the setting type or types to search: REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, or REG_NONE. |
/Z | Tells REG to include the numeric equivalent of the setting type in the query results. |
For example, if you want to know the current value of the RegisteredOwner setting in HKLM\Software\Microsoft\Windows NT\CurrentVersion, run the following command:
reg query "hklm\software\microsoft\windows nt\currentversion" registeredowner
The
Registry Editor has a Find command that enables you to look for text
within the Registry. However, it would occasionally be useful to see a
list of the Registry keys and settings that contains a particular bit
of text. You can do this using the /F switch. For example, suppose you want to see a list of all the HKLM keys and settings that contain the text Windows Defender. Here’s a command that will do this:
reg query hklm /f "Windows Defender" /s
To add a key or setting to the Registry, use the REG ADD command:
REG ADD KeyName [/V SettingName | /VE] [/D data] [/F | [/S separator] [/T type]
KeyName | The Registry key that you want to add or to which you want to add a setting. The KeyName must include a root key value: HKCR, HKCU, HKLM, HKU, or HKCC. Place quotation marks around key names that include spaces. |
/V
ValueName | The setting that you want to add to KeyName. |
/VE | Tells REG to add an empty setting. |
/D
data | Specifies the data that REG should use as the value for the new setting. |
/F | Modifies an existing key or setting without prompting to confirm the change. |
/S
separator | Defines the separator to use between multiple instances of data in a new REG_MULTI_SZ setting. |
/T
type | Specifies the setting type: REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_DWORD_BIG_ENDIAN, REG_DWORD_LITTLE_ENDIAN, REG_BINARY, or REG_LINK. |
For example, the following command adds a key named MySettings to the HKCU root key:
Here’s another example that adds a setting named CurrentProject to the new MySettings key and sets the value of the new setting to Win7 Unleashed:
reg add hkcu\MySettings /v CurrentProject /d "Win7 Unleashed"
If you want to make changes to an existing setting, run REG ADD on the setting. For example, to change the HKCU\MySettings\CurrentProject setting to Windows 7 Unleashed, you run the following command:
reg add hkcu\MySettings /v CurrentProject /d "Windows 7 Unleashed"
Windows 7 responds with the following prompt:
Value CurrentProject exists, overwrite (Yes/No)?
To change the existing value, press Y and press Enter.
Tip
To avoid being prompted when changing existing settings, add the /F switch to the REG ADD command.
SYSTEMINFO: Returning System Configuration Data
If you want to get information about various aspects of your computer, a good place to start is the SYSTEMINFO command-line tool, which displays data about the following aspects of your system:
The operating system name, version, and configuration type
The registered owner and organization
The original install date
The system boot time
The computer manufacturer, make, and model
The system processors
The BIOS version
The total and available physical memory
The paging file’s maximum size, available size, in-use value, and location
The installed hotfixes
The network interface card data, such as the name, connection, DHCP status, and IP address (or addresses)
You can see all this data (and more), as well as control the output, by running SYSTEMINFO with the following syntax:
SYSTEMINFO [/S computer] [/U [domain]\username] [/P password] [/FO format] [/NH]
/S
computer | The name of the remote computer for which you want to view the system configuration. |
/U [domain]\username | The username and, optionally, the domain, of the account under which you want to run the SYSTEMINFO command. |
/P
password | The password of the account you specified with /U. |
/FO
format | The output format, where format is one of the following values: |
| table | The output is displayed in a row-and-column format, with headers in the first row and values in subsequent rows. |
| list | The output is displayed in a two-column list, with the headers in the first column and values in the second column. |
| csv | The output is displayed with headers and values separated by commas. The headers appear on the first line. |
/NH | Tells SYSTEMINFO not to include column headers when you use the /FO switch with either table or csv. |
The output of SYSTEMINFO is quite long, so pipe it through the MORE command to see the output one screen at a time:
If
you want to examine the output in another program or import the results
into Excel or Access, redirect the output to a file and use the
appropriate format. For example, Excel can read .csv files, so you can redirect the SYSTEMINFO output to a .csv file while using csv as the output format:
systeminfo /fo csv > systeminfo.csv
TYPEPERF: Monitoring Performance
You can get the same benefit without the Performance Monitor GUI by using the powerful TYPEPERF command-line tool. Here’s the syntax:
TYPEPERF [counter1 [counter2 ...]] [-CF file] [-O file] [-F format] [-SI interval] [-SC samples] [-Q [object]] [-QX [object]] [-CONFIG file] [-S computer]
counter1
[counter2
...] | Specifies
the path of the performance counter to monitor. If you want to track
multiple counters, separate each counter path with a space. If any path
includes spaces, surround the path with quotation marks. |
-CF
file | Loads the counters from file, where file is a text file that lists the counter paths on separate lines. |
-O
file | Specifies the path and name of the file that will store the performance data. |
-F
format | Specifies the format for the output file format given by the /O switch, where format is one of the following values: |
| csv | The
output is displayed with each counter separated by a comma and each
sample on its own line. This is the default output format. |
| tsv | The output is displayed with each counter separated by a tab and each sample on its own line. |
| bin | The output is displayed in binary format. |
-SI
interval | Specifies the time interval between samples. The interval parameter uses the form [mm:] ss. The default interval is 1 second. |
-SC
samples | Specifies the number of samples to collect. If you omit this switch, TYPEPERF samples continuously until you press Ctrl+C to cancel. |
-Q [object] | Lists the available counters for object without instances. |
-QX [object] | Lists the available counters for object with instances. |
-CONFIG
file | Specifies the pathname of the settings file that contains the TYPEPERF parameters you want to run. |
-S
computer | Specifies that the performance counters should be monitored on the PC named computer if no computer name is specified in the counter path. |
-Y | Answers yes to any prompts generated by TYPEPERF. |
The official syntax of a counter path looks like this:
[\\Computer]\Object([Parent/][Instance][#Index])\Counter
Computer | The computer on which the counter is to be monitored. If you omit a computer name, TYPEPERF monitors the counter on the local computer. |
Object | The performance object—such as Processor, Memory, or PhysicalDisk—that contains the counter. |
Parent | The container instance of the specified Instance. |
Instance | The instance of the Object, if it has multiple instances. For example, in a two- (or dual-core) processor system, the instances are 0 (for the first processor), 1 (for the second processor), or Total (for both processors combined). You can also using an asterisk (*) to represent all the instances in Object. |
Index | The index number of the specified Instance. |
Counter | The name of the performance counter. You can also use an asterisk (*) to represent all the counter in Object(Instance). |
In practice, however, you rarely use the Computer, Parent, and Index parts of the path, so most counter paths use one of the following two formats:
\Object\Counter
\Object(Instance)\Counter
For example, here’s the path for the Memory object’s Available MBytes counter:
Here’s a TYPEPERF command that displays five samples of this counter:
typeperf "\Memory\Available Mbytes" -sc 5
Similarly, here’s the path for the Processor object’s % Processor Time counter, using the first processor instance:
\Processor(0)\% Processor Time
Here’s a TYPEPERF command that displays 10 samples of this counter every 3 seconds, and saves the results to a file named ProcessorTime.txt:
typeperf "\Processor(0)\% Processor Time" -sc 10 -si 3 -o ProcessorTime.txt
To use the -CONFIG parameter with TYPEPERF,
you need to create a text file that stores the command line parameters
you want to use. This configuration file consists of a series of
parameter/value pairs that use the following general format:
Here, Parameter is text that specifies a TYPEPERF parameter—such as F for the -F parameter and S for the -S parameter. Use C to specify one or more counter paths—and Value is the value you want to assign to the parameter.
For example, consider the following command:
typeperf "\PhysicalDisk(_Total)\% Idle Time" -si 5 -sc 10 -o idletime.txt
To run the same command using the -CONFIG parameter, you first need to create a file with the following text:
[c]
\PhysicalDisk(_Total)\% Idle Time
[si]
5
[sc]
10
[o]
idletime.txt
If this file is named IdleTimeCounter.txt, you can run it at any time with the following command (assuming IdleTimeCounter.txt resides in the current folder):
typeperf -config IdleTimeCounter.txt
WHOAMI: Getting Information About the Current User
The WHOAMI command gives you information about the user who is currently logged on to the computer:
WHOAMI [/UPN | /FQDN | LOGONID] [/USER | /GROUPS | /PRIV] [/ALL] [/FO Format]
/UPN | (Domains only) Returns the current user’s name using the user principal name (UPN) format. |
/FQDN | (Domains only) Returns the current user’s name using the fully qualified domain name (FQDN) format. |
/LOGONID | Returns the current user’s security identifier (SID). |
/USER | Returns the current username using the computer\user format. |
/GROUPS | Returns the groups of which the current user is a member. |
/PRIV | Returns the current user’s privileges. |
/ALL | Returns the current user’s SID, username, groups, and privileges. |
/FO
format | The output format, where format is one of the following values: |
| table | The output is displayed in a row-and-column format, with headers in the first row and values in subsequent rows. |
| list | The output is displayed in a two-column list, with the headers in the first column and values in the second column. |
| csv | The output is displayed with headers and values separated by commas. The headers appear on the first line. |
You
probably won’t use this command often on the Windows 7 computer because
you’ll almost always be logged on as administrator. However, WHOAMI is useful when you’re working on a client computer and you’re not sure who is currently logged on.
For example, the following command redirects the current user’s SID, username, groups, and privileges to a file named whoami.txt using the list format:
whoami /all /fo list > whoami.txt