You are not logged in.

#1 26 Mar 2012 20:45

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Pages in ss64.com/nt/ that need update

Here's a list of pages that I think shuld be updated.Hope Simon checks theese forums .

1.setx

In windows vista and above setx has more parameters.
Except  Vincent Fatica's setenv there's Jonathan Wilkes' utility with same name:
http://www.codeproject.com/Articles/12153/SetEnv   which I use.

2.psexec

Psexec has a bug that eats stdout and you can't see your output using it inside programs or scripts (vbscript,java...)
Here's an workaround that has never worked for me:
http://www.samy.com/2010/06/psexec-stdout.html
I don't know if this bug is available for the other tools from pssuite.As a workaround I output the result on the remote machine and then coping it to the local to see what happens.

Or I'm using this tool :
http://feldkir.ch/xcmd.htm
which do the same , but also has a bug - can't be used against localhost.It will be good if it will be included in the lonks bellow.And maybe plink.exe which allows to execute remote commands on unix machines :
http://www.chiark.greenend.org.uk/~sgta … nload.html

3.set
This crazy thing that allows you to set a new line as part of a variable:
http://stackoverflow.com/questions/6379 … hack-works

4.bitsadmin
Too useful command to be missed. May be tommorow  (if I have time) I'll post here an example text for the help page to be easier to be created.

Offline

#2 26 Mar 2012 21:42

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Thanks npocmaka, I'll try and get those pages updated over the next week.

Simon

Offline

#3 30 Mar 2012 00:13

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

BITSADMIN - BITSAdmin is a command-line tool that you can use to create download or upload jobs and monitor their progress.


USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command
The following commands are available:

/UTIL /?        Prints the list of utilities commands
/PEERCACHING /?   Prints the list of commands to manage Peercaching
/CACHE /?       Prints the list of cache management commands
/PEERS /?       Prints the list of peer management commands

/LIST    [/ALLUSERS] [/VERBOSE]     List the jobs
/MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager
/RESET   [/ALLUSERS]                Deletes all jobs in the manager

/TRANSFER <job name> [type] [/PRIORITY priority] [/ACLFLAGS flags]
          remote_url local_name
    Transfers one of more files.
    [type] may be /DOWNLOAD or /UPLOAD; default is download
    Multiple URL/file pairs may be specified.
    Unlike most commands, <job name> may only be a name and not a GUID.

/CREATE [type] <job name>               Creates a job
    [type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download
    Unlike most commands, <job name> may only be a name and not a GUID.

/INFO <job> [/VERBOSE]                   Displays information about the job
/ADDFILE <job> <remote_url> <local_name> Adds a file to the job
/ADDFILESET <job> <textfile>             Adds multiple files to the job
   Each line of <textfile> lists a file's remote name and local name, separated
   by spaces.  A line beginning with '#' is treated as a comment.
   Once the file set is read into memory, the contents are added to the job.

/ADDFILEWITHRANGES  <job> <remote_url> <local_name range_list>
   Like /ADDFILE, but BITS will read only selected byte ranges of the URL.
   range_list is a comma-delimited series of offset and length pairs.
   For example,

       0:100,2000:100,5000:eof

   instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting
   at offset 2000, and the remainder of the URL starting at offset 5000.

/REPLACEREMOTEPREFIX <job> <old_prefix> <new_prefix>
    All files whose URL begins with <old_prefix> are changed to use <new_prefix>

Note that BITS currently supports HTTP/HTTPS downloads and uploads.
It also supports UNC paths and file:// paths as URLS

/LISTFILES <job>                     Lists the files in the job
/SUSPEND <job>                       Suspends the job
/RESUME <job>                        Resumes the job
/CANCEL <job>                        Cancels the job
/COMPLETE <job>                      Completes the job

/GETTYPE <job>                       Retrieves the job type
/GETACLFLAGS <job>                   Retrieves the ACL propagation flags

/SETACLFLAGS <job> <ACL_flags>       Sets the ACL propagation flags for the job
  O - OWNER       G - GROUP
  D - DACL        S - SACL 

  Examples:
      bitsadmin /setaclflags MyJob OGDS
      bitsadmin /setaclflags MyJob OGD

/GETBYTESTOTAL <job>                 Retrieves the size of the job
/GETBYTESTRANSFERRED <job>           Retrieves the number of bytes transferred
/GETFILESTOTAL <job>                 Retrieves the number of files in the job
/GETFILESTRANSFERRED <job>           Retrieves the number of files transferred
/GETCREATIONTIME <job>               Retrieves the job creation time
/GETMODIFICATIONTIME <job>           Retrieves the job modification time
/GETCOMPLETIONTIME <job>             Retrieves the job completion time
/GETSTATE <job>                      Retrieves the job state
/GETERROR <job>                      Retrieves detailed error information
/GETOWNER <job>                      Retrieves the job owner
/GETDISPLAYNAME <job>                Retrieves the job display name
/SETDISPLAYNAME <job> <display_name> Sets the job display name
/GETDESCRIPTION <job>                Retrieves the job description
/SETDESCRIPTION <job> <description>  Sets the job description
/GETPRIORITY    <job>                Retrieves the job priority
/SETPRIORITY    <job> <priority>     Sets the job priority
   Priority usage choices:
      FOREGROUND
      HIGH
      NORMAL
      LOW
/GETNOTIFYFLAGS <job>                 Retrieves the notify flags
/SETNOTIFYFLAGS <job> <notify_flags>  Sets the notify flags
    For more help on this option, please refer to the MSDN help page for SetNotifyFlags/GETNOTIFYINTERFACE <job>             Determines if notify interface is registered
/GETMINRETRYDELAY <job>               Retrieves the retry delay in seconds
/SETMINRETRYDELAY <job> <retry_delay> Sets the retry delay in seconds
/GETNOPROGRESSTIMEOUT <job>           Retrieves the no progress timeout in seconds
/SETNOPROGRESSTIMEOUT <job> <timeout> Sets the no progress timeout in seconds
/GETMAXDOWNLOADTIME <job>             Retrieves the download timeout in seconds
/SETMAXDOWNLOADTIME <job> <timeout>   Sets the download timeout in seconds
/GETERRORCOUNT <job>                  Retrieves an error count for the job

/SETPROXYSETTINGS <job> <usage>      Sets the proxy usage
   usage choices:
    PRECONFIG   - Use the owner's IE defaults.
    AUTODETECT  - Force autodetection of proxy.
    NO_PROXY    - Do not use a proxy server.
    OVERRIDE    - Use an explicit proxy list and bypass list.
                  Must be followed by a proxy list and a proxy bypass list.
                  NULL or "" may be used for an empty proxy bypass list.
  Examples:
      bitsadmin /setproxysettings MyJob PRECONFIG
      bitsadmin /setproxysettings MyJob AUTODETECT
      bitsadmin /setproxysettings MyJob NO_PROXY
      bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "<local>"
      bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL

/GETPROXYUSAGE <job>                 Retrieves the proxy usage setting
/GETPROXYLIST <job>                  Retrieves the proxy list
/GETPROXYBYPASSLIST <job>            Retrieves the proxy bypass list

/TAKEOWNERSHIP <job>                 Take ownership of the job

/SETNOTIFYCMDLINE <job> <program_name> [program_parameters]
    Sets a program to execute for notification, and optionally parameters.
    The program name and parameters can be NULL.
    IMPORTANT: if parameters are non-NULL, then the program name should be the
               first parameter.

  Examples:
    bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe  NULL
    bitsadmin /SetNotifyCmdLine MyJob c:\foo.exe "c:\foo.exe parm1 parm2"
    bitsadmin /SetNotifyCmdLine MyJob NULL NULL

/GETNOTIFYCMDLINE <job>              Returns the job's notification command line

/SETCREDENTIALS <job> <target> <scheme> <username> <password>
  Adds credentials to a job.
  <target> may be either SERVER or PROXY
  <scheme> may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT.

/REMOVECREDENTIALS <job> <target> <scheme>
  Removes credentials from a job.
/GETCUSTOMHEADERS <job>                           Gets the Custom HTTP Headers
/SETCUSTOMHEADERS <job> <header1> <header2> <...> Sets the Custom HTTP Headers
/GETCLIENTCERTIFICATE <job>                       Gets the job's Client Certificate Information
/SETCLIENTCERTIFICATEBYID <job> <store_location> <store_name> <hexa-decimal_cert_id>
  Sets a client authentication certificate to a job.
  <store_location> may be
    1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),
    4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),
    7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/SETCLIENTCERTIFICATEBYNAME <job> <store_location> <store_name> <subject_name>
  Sets a client authentication certificate to a job.
  <store_location> may be
    1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE),
    4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY),
    7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE).

/REMOVECLIENTCERTIFICATE <job>                Removes the Client Certificate Information from the job

/SETSECURITYFLAGS <job> <value>   
   Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.
   The value is an unsigned integer with the following interpretation for the bits in the binary representation.
     Enable CRL Check                                 : Set the least significant bit
     Ignore invalid common name in server certificate : Set the 2nd bit from right
     Ignore invalid date in  server certificate       : Set the 3rd bit from right
     Ignore invalid certificate authority in server
       certificate                                    : Set the 4th bit from right
     Ignore invalid usage of certificate              : Set the 5th bit from right
     Redirection policy                               : Controlled by the 9th-11th bits from right
         0,0,0  - Redirects will be automatically allowed.
         0,0,1  - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs.
         0,1,0  - BITS will fail the job if a redirect occurs.

     Allow redirection from HTTPS to HTTP             : Set the 12th bit from right

/GETSECURITYFLAGS <job>   
   Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer.

/SETVALIDATIONSTATE  <job>  <file-index> <true|false>
      <file-index> starts from 0         
    Sets the content-validation state of the given file within the job.

/GETVALIDATIONSTATE  <job>  <file-index> 
      <file-index> starts from 0         
    Reports the content-validation state of the given file within the job.

/GETTEMPORARYNAME  <job>  <file-index> 
      <file-index> starts from 0         
    Reports the temporary filename of the given file within the job.

The following options control peercaching of a particular job:

/SETPEERCACHINGFLAGS  <job> <value>   
    Sets the flags for the job's peercaching behavior.
    The value is an unsigned integer with the following interpretation for the bits in the binary representation.
        Allow the job's data to be downloaded from a peer : Set the least significant bit
        Allow the job's data to be served to peers        : Set the 2nd bit from right

/GETPEERCACHINGFLAGS  <job>               
    Reports the flags for the job's peercaching behavior.

The following options are valid for UPLOAD-REPLY jobs only:

/GETREPLYFILENAME <job>        Gets the path of the file containing the server reply
/SETREPLYFILENAME <job> <path> Sets the path of the file containing the server reply
/GETREPLYPROGRESS <job>        Gets the size and progress of the server reply
/GETREPLYDATA     <job>        Dumps the server's reply data in hex format

The following options can be placed before the command:
/RAWRETURN                     Return data more suitable for parsing
/WRAP                          Wrap output around console (default)
/NOWRAP                        Don't wrap output around console

The /RAWRETURN option strips new line characters and formatting.
It is recognized by the /CREATE and /GET* commands.

Commands that take a <job> parameter will accept either a job name or a job ID
GUID inside braces.  BITSADMIN reports an error if a name is ambiguous.

A lot of commands work only over IIS servers (e.g. upload).
Bitsadmin is deprecated in windows 7 and 2008 R2 and bits cmd-lets in powershell are recommended.

Example usage for file download:

create job for download:
C:\>Bitsadmin /create /download SS64

set a file for download  to a certain job and location where file will be stored:
C:\>Bitsadmin /addfile SS64 http://download.sysinternals.com/files/PSTools.zip c:\PSTools.zip
C:\>Bitsadmin /resume SS64


Check if download of files is finished and if download is finished you can complete the job:
C:\>Bitsadmin /info SS64 /verbose | find "STATE: TRANSFERRED"
C:\>IF %ERRORLEVEL% EQU 0 bitsadmin /complete SS64

Some quote:
"I wouldnt steal a car, but i'd download one if i could" 


Related:


robocopy
ftp
BITS Troubleshooting
Powershell: Bits
Equivalent bash command (Linux): wget
Wget for windows is available in UnxUtils , but this version does not support SSL .
Wget for windows with OpenSSL .
cURL - command line tool for transferring data with URL syntax

Last edited by npocmaka (30 Mar 2012 09:51)

Offline

#4 30 Mar 2012 15:58

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Offline

#5 22 May 2012 13:56

jay_
Member
Registered: 22 May 2012
Posts: 1

Re: Pages in ss64.com/nt/ that need update

Maybe I have a useful update as well for the "start" command (http://ss64.com/nt/start.html) as I searched for quite a while for an "open with" function.

The answer is:
start "" "ProgramPath\program.exe" "FilePath\File.Extension" (start "" "C:\Program Files\Microsoft Office\Office14\Winword.exe" "D:\Desktop\qwerty iop.txt")
or with a short cut version:
start "" programshortname "FilePath\File.Extension" (start "" winword "D:\Desktop\qwerty iop.txt")

Offline

#6 22 May 2012 18:34

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

I've added an extra example to the START page

Thanks

Offline

#7 14 Aug 2012 16:00

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

Strange ,but hostname command is missing.Of course you can receive the same result with

 echo %computername% 

and computername variable does not require TCP/IP installed - which makes %computername% more powerful than hostname , but also makes hostname the easiest way to check if TCP/IP is installed.
..May be hostname is more used by unix users because they have the same command there.

Last edited by npocmaka (08 Oct 2012 17:45)

Offline

#8 08 Oct 2012 17:12

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

A new command line tool by Mark Russinovich (Sysinternals)
PsPing:
http://technet.microsoft.com/en-us/sysi … s/jj729731

Offline

#9 12 Oct 2012 10:43

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

http://ss64.com/nt/schtasks.html  - SCHTASKS does not accept seconds in the start time:

...
/ST starttime                   # HH:MM:SS (24 hour)
...
SCHTASKS /Create /SC weekly /D MON,TUE,WED,THU,FRI /TN MyDailyBackup /ST 23:00:00 /TR c:\backup.cmd /RU MyDomain\MyLogin /RP MyPassword

Last edited by npocmaka (12 Oct 2012 10:43)

Offline

#10 12 Oct 2012 13:14

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Those are updated now http://ss64.com/nt/psping.html

thanks npocmaka

Offline

#11 26 Oct 2012 08:11

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

1. The AT page's mysteriously disappeared from the reference list smile (btw. is it possible to edit a task created with AT with SCHTASKS ? i thought the changing credentials of AtServivce will help, but it does not)

2.As there are included almost all command line utilities form the different packages , tool kits and etc. provided by Microsoft may be the stuff from "Windows services for Unix" is a considerable enough for mentioning .With everything else included there are also a some commands ported from unix :

basename.exe
cat.exe
chgrp.exe
chmod.exe
chown.exe
cp.exe
cron.exe
crontab.exe
cut.exe
date.exe
diff.exe
dirname.exe
dos2unix.exe
du.exe
egrep.exe
fgrep.exe
find.exe
grep.exe
head.exe
iconv.exe
kill.exe
ln.exe
ls.exe
mkdir.exe
more.exe
mv.exe
nice.exe
od.exe
paste.exe
printenv.exe
printf.exe
ps.exe
pwd.exe

and also uniq and sed for the win 2008 version.minus dos2unix
(they are located in [install folder]\BaseUtils\common or just commong for the newer version) . The package has been here since win 2003. Download pages:
http://www.microsoft.com/en-us/download … spx?id=274   - for Windows XP pro and windows server 2003 (will not work for vista and above)
http://www.microsoft.com/en-us/download … Gwew%3d%3d  - for Vista, 7 and win server 2008.

Last edited by npocmaka (26 Oct 2012 08:12)

Offline

#12 26 Oct 2012 11:47

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Thanks for the feedback npocmaka, for some reason I was sure that AT was being deprecated, but it seems not so I've returned it to the list.

I've added those UNIX packages to the Windows downloads page, but I'm not going to document them all as most people won't have the UNIX package installed, and some people may prefer cygwin.

Offline

#13 05 Nov 2012 14:24

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

TIMEOUT and SLEEP are  enhanced in Vista and 7 :

cls & timeout /t -1 /nobreak >nul 2>&1

cool

(I don't want to push you just to help - feel no obligations for pages updates)

Last edited by npocmaka (09 Nov 2012 12:03)

Offline

#14 07 Nov 2012 19:42

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

^ the feedback is always useful

thanks

Offline

#15 04 Sep 2013 09:40

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

SCHTASKS has some additional switches from Vista and above.
I find event triggers (for /RI and /SC ) pretty useful...
->
http://msdn.microsoft.com/en-us/library … s.85).aspx
May be it's worth to be mentioned.

Offline

#16 06 Sep 2013 20:54

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

^ Thanks for the heads-up - I've added the extra options now

http://ss64.com/nt/schtasks.html

Offline

#17 10 Sep 2013 18:41

carlos
Member
From: Chile
Registered: 04 Nov 2008
Posts: 251
Website

Re: Pages in ss64.com/nt/ that need update

Microsoft Windows Services For Unix 3.5 in the bin folder have many utilities without .exe extension, but you can use and also rename it to .exe. Not all works outside the unix emulation console like Korn Shell and C Sheel, but many works. This is a list of all commands:

Works for example: cal, banner, nice, sed, grep.

C:\SFU\bin>findstr /B /M "MZ" *
addr
at
atq
atrm
awk
banner
basename
batch
bc
bp
cal
calendar
cat
cat32
cat32.exe
cd
chgpath
chgrp
chmod
chown
chsh
cksum
clear
cmp
col
column
comm
cp
cpio
crontab
csplit
ctags
cut
date
dc
dd
df
diff
diff3
dig
dircmp
dirname
dnsquery
du
echo
ed
egrep
env
expand
expr
false
fgrep
file
fileinfo
fileinfo.exe
find
finger
flip
fmt
fold
ftp
gencat
getconf
getopt
grep
head
hexdump
host
hostname
iconv
id
infocmp
ipcrm
ipcs
ispell
join
kill
ksh
last
less
lessecho
lesskey
line
ln
locale
localedef
logger
login
loginenv
logname
ls
m4
mailx
man
mkdir
mkfifo
more
mpack
mt
munpack
mv
mvwtmpx
newgrp
nice
nl
nohup
nslookup
nsupdate
ntpath2posix
od
passwd
paste
patch
pathchk
pax
pdomain
pg
ping
posixpath2nt
pr
printf
ps
pstat
psxoffset
pwd
rcp
rdist
rdistd
regpwd
renice
rlogin
rm
rmdir
rsh
script
sdiff
sed
service
size
sleep
sort
split
ssimda
strerror
strings
strsignal
stty
su
sum
tail
talk
tar
tcsh
tee
telnet
test
tftp
tic
time
tip
toe
touch
tput
tr
true
truss
tset
tsort
tty
umask
uname
unexpand
unifdef
uniq
unixpath2win
unvis
uudecode
uuencode
vi
vis
wc
who
winpath2unix
wvisible
xargs
[

Last edited by carlos (10 Sep 2013 18:43)

Offline

#18 11 Sep 2013 07:28

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

carlos wrote:

Microsoft Windows Services For Unix 3.5 in the bin folder have many utilities without .exe extension, but you can use and also rename it to .exe. Not all works outside the unix emulation console like Korn Shell and C Sheel, but many works.


Great! Haven't came to me test the content in bin.

Offline

#19 30 Oct 2013 15:01

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

One more time a big pile with suggestions for update.The main reason WEVTUTIL (reads the event logs) which has no doc page ,but is a quite useful tool rich on options
and available since XP .I've get the text form its help and tried to construnct the text for the eventual page (Win7 not sure if it's the same on XP and Vista) in attempt to spare you some work.
Also for HOSTNAME which I think also deserves a page :-).And few other smaller things bellow.


WEVTUTIL

Windows Events Command Line Utility.

Enables you to retrieve information about event logs and publishers, install
and uninstall event manifests, run queries, and export, archive, and clear logs.

Usage:

You can use either the short (for example, ep /uni) or long (for example,
enum-publishers /unicode) version of the command and option names. Commands,
options and option values are not case-sensitive.

Variables are noted in all upper-case.

wevtutil COMMAND [ARGUMENT [ARGUMENT] ...] [/OPTION:VALUE [/OPTION:VALUE] ...]

Commands:

el | enum-logs          List log names.
gl | get-log            Get log configuration information.
sl | set-log            Modify configuration of a log.
ep | enum-publishers    List event publishers.
gp | get-publisher      Get publisher configuration information.
im | install-manifest   Install event publishers and logs from manifest.
um | uninstall-manifest Uninstall event publishers and logs from manifest.
qe | query-events       Query events from a log or log file.
gli | get-log-info      Get log status information.
epl | export-log        Export a log.
al | archive-log        Archive an exported log.
cl | clear-log          Clear a log.

Common options:

/{r | remote}:VALUE
If specified, run the command on a remote computer. VALUE is the remote computer
name. Options /im and /um do not support remote operations.

/{u | username}:VALUE
Specify a different user to log on to the remote computer. VALUE is a user name
in the form domain\user or user. Only applicable when option /r is specified.

/{p | password}:VALUE
Password for the specified user. If not specified, or if VALUE is "*", the user
will be prompted to enter a password. Only applicable when the /u option is
specified.

/{a | authentication}:[Default|Negotiate|Kerberos|NTLM]
Authentication type for connecting to remote computer. The default is Negotiate.

/{uni | unicode}:[true|false]
Display output in Unicode. If true, then output is in Unicode.

To learn more about a specific command, type the following:

wevtutil COMMAND /?

wevtutil el

List the names of all logs.

Usage:

wevtutil { el | enum-logs }

Example:

The following example lists the names of all logs.

wevtutil el
wevtutil gl

Displays event log configuration information, including whether the log is
enabled, the current maximum size limit of the log and the path to the file
where the log is stored.

Usage:

wevtutil { gl | get-log } <LOG_NAME> [/OPTION:VALUE [/OPTION:VALUE] ...]

<LOG_NAME>
String that uniquely identifies a log. You can display a list of all the log
names by running wevtutil el.

Options:

You can use either the short (for example, /f) or long (for example, /format)
version of the option names. Options and their values are not case-sensitive.

/{f | format}:[XML|Text]
Specify the log file format. The default is Text. If XML is specified, output is
stored in XML format. If Text is specified, output is stored without XML tags.

Example:

The following example displays configuration information about the local System
log in XML format.

wevtutil gl System /f:xml

wevtutil sl

Modify the configuration of a log.

Usage:

wevtutil { sl | set-log } <LOG_NAME> [/OPTION:VALUE [/OPTION:VALUE] ...]

<LOG_NAME>
String that uniquely identifies a log. If option /c is specified, <LOG_NAME>
should not be specified since it is read from the config file.

Options:

You can use either the short (for example, /e) or long (for example, /enable)
version of the option names. Options and their values are not case-sensitive.

/{e | enabled}:[true|false]
Enable or disable a log.

/{q | quiet}:[true|false]
Quiet display option. No prompts or messages are displayed to the user. If not
specified, the default is true.

/{fm | filemax}:<n>
Set Maximum number of enablements across which to preserve events, where <n> is
an integer between 1 and 16. One file is created for each enablement, so if this
value is 2, events will be produced from the last two enablements. A reboot
counts as disabling and then re-enabling the channel.
 
/{i | isolation}:[system|application|custom]
Log isolation mode. The isolation mode of a log determines whether a log shares
a session with other logs in the same isolation class. If you specify system
isolation, the target log will share at least write permissions with the System
log. If you specify application isolation, the target log will share at least
write permissions with the Application log. If you specify custom isolation, you
must also provide a security descriptor by using the /ca option.

/{lfn | logfilename}:VALUE
Log file name. VALUE is the full path to the file where the Event Log service
stores events for this log.

/{rt | retention}:[true|false]
Log retention mode. The log retention mode determines the behavior of the Event
Log service when a log reaches its maximum size. If an event log reaches its
maximum size and the log retention mode is true, existing events are retained and
incoming events are discarded. If the log retention mode is false, incoming
events overwrite the oldest events in the log.

/{ab | autobackup}:[true|false]
Log autobackup policy. If autobackup is true, the log will be backed up
automatically when it reaches the maximum size. In addition, if autobackup is
true, retention (specified with the /rt option) must be set to true.

/{ms | maxsize}:<n>
Maximum size of log, where <n> is the number of bytes. Note that the minimum
value for <n> is 1048576 (1024KB) and log files are always multiples of 64KB, so
the specified value will be rounded accordingly.

/{l | level}:<n>
Level filter of log, where <n> is any valid level value. Only applicable to logs
with a dedicated session. You can remove a level filter by setting <n> to 0.

/{k | keywords}:VALUE
Keywords filter of log. VALUE can be any valid 64 bit keyword mask. Only
applicable to logs with a dedicated session.

/{ca | channelaccess}:VALUE
Access permission for an event log. VALUE is a security descriptor specified
using the Security Descriptor Definition Language (SDDL). Search MSDN
(http://msdn.microsoft.com) for information about SDDL format.

/{c | config}:VALUE
Path to the config file, where VALUE is the full file path. If specified, log
properties will be read from this config file. If this option is specified, you
must not specify the <LOG_NAME> command line parameter. The log name will be read
from the config file.

Example:

The following example sets retention, autobackup and maximum log size on the
Application log by using a config file. Note that the config file is an XML file
with the same format as the output of wevtutil gl <LOG_NAME> /f:xml.

C:\config.xml
<?xml version="1.0" encoding="UTF-8"?>
<channel name="Application" isolation="Application"
         xmlns="http://schemas.microsoft.com/win/2004/08/events">
  <logging>
    <retention>true</retention>
    <autoBackup>true</autoBackup>
    <maxSize>9000000</maxSize>
  </logging>
  <publishing>
  </publishing>
</channel>

wevtutil sl /c:config.xml

wevtutil ep

List event publishers.

Usage:

wevtutil { ep | enum-publishers }

Example:

The following example lists the event publishers on the current computer.

wevtutil ep

wevtutil im

Install event publishers and logs from manifest.

Usage:

wevtutil { im | install-manifest  } <MANIFEST> [/OPTION:VALUE [/OPTION:VALUE] ...]

<MANIFEST>
File path to an event manifest. All publishers and logs defined in the manifest
will be installed. To learn more about event manifests and using this option,
consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) at
http://msdn.microsoft.com.

Options:

You can use either the short (for example, /rf) or long (for example,
/resourceFilePath) version of the option names. Options and their values are not
case-sensitive.

/{rf | resourceFilePath}:VALUE
ResourceFileName attribute of the Provider Element in the manifest to be
replaced.
The VALUE should be the full path to the resource file.

/{mf | messageFilePath}:VALUE
MessageFileName attribute of the Provider Element in the manifest to be replaced.
The VALUE should be the full path to the message file.

/{pf | parameterFilePath}:VALUE
ParameterFileName attribute of the Provider Element in the manifest to be replaced.
The VALUE should be the full path to the parameter file.

Example:

The following example installs publishers and logs from the myManifest.man
manifest file.

wevtutil im myManifest.man /rf:^%systemroot^%/System32/wevtutil.exe

wevtutil um

Uninstall event publishers and logs from manifest.

Usage:

wevtutil { um | uninstall-manifest } <MANIFEST>

<MANIFEST>
File path to an event manifest. All publishers and logs defined in the manifest
will be uninstalled. To learn more about event manifests and using this option,
consult the Windows Eventing SDK on Microsoft Developers Network (MSDN) at
http://msdn.microsoft.com.

Example:

The following example uninstalls publishers and logs from the myManifest.man
manifest file.

wevtutil um myManifest.man

wevtutil qe

Read events from an event log, log file or using structured query.

Usage:

wevtutil { qe | query-events } <PATH> [/OPTION:VALUE [/OPTION:VALUE] ...]

<PATH>
By default, you provide a log name for the <PATH> parameter. However, if you use
the /lf option, you must provide the path to a log file for the <PATH> parameter.
If you use the /sq parameter, you must provide the path to a file containing a
structured query.

Options:

You can use either the short (for example, /f) or long (for example, /format)
version of the option names. Options and their values are not case-sensitive.

/{lf | logfile}:[true|false]
If true, <PATH> is the full path to a log file.

/{sq | structuredquery}:[true|false]
If true, <PATH> is the full path to a file that contains a structured query.

/{q | query}:VALUE
VALUE is an XPath query to filter events read. If not specified, all events will
be returned. This option is not available when /sq is true.

/{bm | bookmark}:VALUE
VALUE is the full path to a file that contains a bookmark from a previous query.

/{sbm | savebookmark}:VALUE
VALUE is the full path to a file in which to save a bookmark of this query. The
file extension should be .xml.

/{rd | reversedirection}:[true|false]
Event read direction. If true, the most recent events are returned first.

/{f | format}:[XML|Text|RenderedXml]
The default value is XML. If Text is specified, prints events in an
easy to read text format, rather than in XML format. If RenderedXml, prints
events in XML format with rendering information. Note that printing events in
Text or RenderedXml formats is slower than printing in XML format.

/{l | locale}:VALUE
VALUE is a locale string to print event text in a specific locale. Only available
when printing events in text format using the /f option.

/{c | count}:<n>
Maximum number of events to read.

/{e | element}:VALUE
When outputting event XML, include a root element to produce well-formed XML.
VALUE is the string you want within the root element. For example, specifying
/e:root would result in output XML with the root element pair <root></root>.


Example:

The following example displays the three most recent events from the Application
log in text format.

wevtutil qe Application /c:3 /rd:true /f:text
gli::

Get status information about an event log or log file.

Usage:

wevtutil { gli | get-loginfo } <LOG_NAME>

<LOG_NAME>
Log name or log file path. If option /lf is true, it is a log file path, and the
path to the log file is required. If /lf is false, it is the log name. You can
view a list of log names by typing wevtutil el.

Options:

You can use either the short (for example, /lf) or long (for example, /logfile)
version of the option names. Options and their values are not case-sensitive.

/{lf | logfile}:[true|false]
Specify whether to create a log file. If true, <LOG_NAME> is the log file path.

Example:

wevtutil gli Application

wevtutil epl

Export events from a log, log file, or using structured query to a file.

Usage:

wevtutil { epl | export-log } <PATH> <TARGETFILE>
  [/OPTION:VALUE [/OPTION:VALUE] ...]

<PATH>
By default, you provide a log name for <PATH>. However, if you
use the /lf option, then you provide the path to a log file for the <PATH>
value. If you use the /sq parameter, then you provide the path to a file
containing a structured query.

<TARGETFILE>
Path to the file where the exported events are to be stored.

Options:

You can use either the short (for example, /l) or long (for example, /locale)
version of the option names. Options and their values are not case-sensitive.

/{lf | logfile}:[true|false]
If true, <PATH> is the path to a log file.

/{sq | structuredquery}:[true|false]
If true, <PATH> is the path to a file that contains a structured query. The
command might take a long time if selecting many, but not all, events.

/{q | query}:VALUE
VALUE is an XPath query to filter the events you want to export. If not
specified, all events will be returned. This option is not available when /sq is
true. The command might take a long time if selecting many, but not all, events.

/{ow | overwrite}:[true|false]
If true, and the destination file specified in <TARGETFILE> already exists, it
will be overwritten without confirmation.

Example:

The following example exports events from System log to
C:\backup\system0506.evtx.

wevtutil epl System C:\backup\system0506.evtx

wevtutil al

Archive log file in a self-contained format. A subdirectory with the name
of the locale is created and all locale-specific information is saved in
that subdirectory. When the directory created by the archive-log command is
present along with the log file, events in the file can be read whether or
not the publisher is installed.

Usage:

wevtutil { al | archive-log } <LOG_FILE> [/OPTION:VALUE [/OPTION:VALUE] ...]

<LOG_FILE>
The log file to be archived. A log file can be generated using export-log or
clear-log command.

Options:

You can use either the short (for example, /l) or long (for example, /locale)
version of the option names. Options and their values are not case-sensitive.

/{l | locale}:VALUE
VALUE is a locale string to archive a log in a specific locale. If not specified,
the locale of the current console will be used. For a list of all supported
locale strings, please refer to the Microsoft Developer Network (MSDN)
documentation for the LocaleNameToLCID API.

wevtutil cl

Clear events from an event log and, optionally, back up cleared events.

Usage:

wevtutil { cl | clear-log } <LOG_NAME> [/OPTION:VALUE]

<LOG_NAME>
Name of log to clear. You can retrieve a list of log names by typing
wevtutil el.

Options:

You can use either the short (for example, /bu) or long (for example, /backup)
version of the option names. Options and their values are not case-sensitive.

/{bu | backup}:VALUE
Backup file for cleared events. If specified, the cleared events will be saved
to the backup file. Include the .evtx extension in the backup file name.

Example:

The following example clears all the events from the Application log after saving
them to C:\admin\backups\al0306.evtx.

wevtutil.exe cl Application /bu:C:\admin\backups\al0306.evtx

Related:
EVENTCREATE - Adds a message to the Windows event log
Powershell: Get-Eventlog - Get / write eventlog data
WMIC NTEVENTLOG - WMI access to the event log


HOSTNAME

Displays the host name portion of the full computer name of the computer.

Syntax
hostname

Parameters
/?   : Displays help at the command prompt.

This command is available only if the Internet Protocol (TCP/IP)
protocol is installed as a component in the properties of a network adapter in Network Connections

When is called with an arguments other than "/?" sets errorlevel to 1 and prints following message:

sethostname: Use the Network Control Panel Applet to set hostname.
hostname -s is not supported.

Can be used when %COMPUTERNAME% variable is overwritten.
Related :

ECHO %COMPUTERNAME%
Equivalent Powershell command: powershell $env:COMPUTERNAME
Equivalent bash command: hostname

CALL

from the doc page:  

CALL can also be used to run any internal command (SET, ECHO etc)

 - not entirely true .FOR,IF and REM cannot be CALL-ed
 .IF and FOR produce an error and redirection/conditional/brackets symbols are not REMarked.

SUBSTRING/REPLACE PARAMETRIZATION , ADVANCED USAGE OF SET

Using call here is may be id not the best option
It's better to be done with delayedExpansion:

 SET start=10
 SET length=9
 SET string=The quick brown fox jumps over the lazy dog
 setlocal enableDelayedExpansion
 SET substring=!string:~%start%,%length%!
 endlocal & set substring=%substring%
 ECHO (%substring%)
 

one more technique that allows the whole parametrization logic to be put in brackets:

setlocal enabledelayedexpansion

(
  set begin=2
  set end=2
  set string=12345

  for /f "tokens=1,2" %%A in ("!begin! !end!") do set "string2=!string:~%%A,%%B!"
  echo !string2!
)

endlocal

SHIFT  ,but there is no such alternative to access command line arguments while shifting in brackets:

(
shift
call echo %%1
)


ASSOC "assoc .="  can be used for files with no extension 

SETLOCAL level limit is 32 

Offline

#20 30 Oct 2013 21:50

dbenham
Member
From: U.S. east coast
Registered: 15 Apr 2012
Posts: 111

Re: Pages in ss64.com/nt/ that need update

npocmaka wrote:

SETLOCAL level limit is 32

Just in case Simon does not read the entire linked thread:

SETLOCAL is limited to 32 active instantiations per CALL level

For example, the root script level can have up to 32 active SETLOCAL, and then CALL a subroutine that gets its own allocation of up to 32 SETLOCAL, etc.


Dave Benham

Offline

#21 03 Nov 2013 10:45

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Thanks for all the feedback npocmaka, I have now added pages for wevtutil, hostname and a few other changes to Setlocal, assoc etc

Offline

#22 05 Nov 2013 19:16

npocmaka
Member
From: Bulgaria
Registered: 03 Dec 2009
Posts: 446

Re: Pages in ss64.com/nt/ that need update

10x!
I hope I'm not becoming a tedious but I've just thrown an eye on the updated SHIFT page:

The SHIFT command will not work within brackets, so place all your command line arguments in variables before running any FOR commands or other bracketed expressions.

Probably you hadn't enough time to check the whole referenced thread , but shift works in brackets context.Just accessing the updated arguments needs a CALL and double %:

@echo off
set /a count = 0
call :function 1 2 3 4
rem the result will be 
rem 2
rem 4

goto :eof


:function
(
 shift
 call echo %%1
 shift
 call echo %%2
)

the result of the above script will be

2
4

Offline

#23 05 Nov 2013 20:58

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

OK I've added a link to the forum thread from the SHIFT page now.

Thanks again npocmaka

Offline

#24 12 Nov 2013 17:04

dbenham
Member
From: U.S. east coast
Registered: 15 Apr 2012
Posts: 111

Re: Pages in ss64.com/nt/ that need update

Hi Simon.

I just discovered that Microsoft's built in HELP documentation for SETLOCAL is wrong, which of course leads to your SETLOCAL page also being wrong.

Microsoft claims that SETLOCAL only sets the ERRORLEVEL if it is passed an argument. (0 if valid argument, 1 if invalid argument)

But I tested on Win 7 and found that SETLOCAL always sets the ERRORLEVEL. The returned errorlevel will be 1 if passed an invalid argument, or 0 if no arguments, or if all arguments are valid.


Dave Benham

Offline

#25 13 Nov 2013 19:23

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

I've done some testing with SETLOCAL on a few different systems and I can't get it to affect the %errorlevel% at all:

setlocal enableextensions
setlocal err
echo %errorlevel%
0

Offline

#26 13 Nov 2013 20:02

dbenham
Member
From: U.S. east coast
Registered: 15 Apr 2012
Posts: 111

Re: Pages in ss64.com/nt/ that need update

That is because SETLCOCAL is effectively a no-op from the command line. Put those commands into a batch file, and then see what happens.

Better yet, run the following batch script, and you can see that SETLOCAL always sets the ERRORLEVEL from within a batch script.

setlocal err
echo %errorlevel%
setlocal
echo %errorlevel%
setlocal err
echo %errorlevel%
setlocal enableDelayedExpansion
echo %errorlevel%

Dave Benham

Offline

#27 13 Nov 2013 20:37

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Ahh of course.

I've updated the setlocal page now http://ss64.com/nt/setlocal.html

also worth noting that ENDLOCAL does not reset %errorlevel%

Thanks Dave

Offline

#28 14 Nov 2013 07:33

carlos
Member
From: Chile
Registered: 04 Nov 2008
Posts: 251
Website

Re: Pages in ss64.com/nt/ that need update

Simon, the page not mentions DisableDelayedExpansion

Offline

#29 14 Nov 2013 07:49

carlos
Member
From: Chile
Registered: 04 Nov 2008
Posts: 251
Website

Re: Pages in ss64.com/nt/ that need update

Simon also, this page http://ss64.com/nt/syntax-args.html can show the letters mean in attribute expansion. I posted the info time ago here:

http://www.robvanderwoude.com/ntforfileattributes.php

but you can add the same.

Offline

#30 14 Nov 2013 21:55

Simon Sheppard
Admin
Registered: 27 Aug 2005
Posts: 1,130
Website

Re: Pages in ss64.com/nt/ that need update

Offline

Board footer

Powered by