Appearance
系统管理
系统信息
systeminfo - 系统信息
cmd
systeminfo # 显示系统信息
systeminfo /s computer # 远程计算机信息
systeminfo /fo list # 列表格式
systeminfo /fo table # 表格格式
systeminfo /fo csv # CSV 格式
systeminfo /fo csv > systeminfo.csvwmic 系统信息
cmd
wmic os get caption,version
wmic os get serialnumber
wmic computersystem get model,manufacturer
wmic bios get serialnumber
wmic cpu get name,numberofcores
wmic memorychip get capacity,speed
wmic baseboard get product,manufacturerPowerShell 系统信息
powershell
Get-ComputerInfo
Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion, OsHardwareAbstractionLayer
Get-CimInstance Win32_OperatingSystem
Get-CimInstance Win32_ComputerSystem
Get-CimInstance Win32_BIOS
Get-CimInstance Win32_Processor用户管理
net user - 用户管理
cmd
net user # 列出用户
net user username # 查看用户信息
net user username password /add # 创建用户
net user username /delete # 删除用户
net user username newpassword # 修改密码
net user username /passwordreq:yes # 要求密码
net user username /passwordchg:yes # 允许改密码
net user username /expires:never # 密码永不过期
net user username /active:yes # 启用账户
net user username /active:no # 禁用账户
net user username /times:M-F,9-17 # 限制登录时间net localgroup - 组管理
cmd
net localgroup # 列出组
net localgroup groupname # 查看组成员
net localgroup groupname /add # 创建组
net localgroup groupname /delete # 删除组
net localgroup groupname username /add # 添加用户到组
net localgroup groupname username /delete # 从组移除用户
net localgroup administrators username /add # 添加管理员wmic 用户管理
cmd
wmic useraccount list brief
wmic useraccount where "name='username'" get sid
wmic useraccount where "name='username'" call rename name="newname"
wmic useraccount where "name='username'" set disabled=truePowerShell 用户管理
powershell
Get-LocalUser # 列出用户
New-LocalUser -Name "username" -Password (ConvertTo-SecureString "password" -AsPlainText -Force)
Remove-LocalUser -Name "username"
Set-LocalUser -Name "username" -Description "Description"
Enable-LocalUser -Name "username"
Disable-LocalUser -Name "username"
Get-LocalGroup # 列出组
New-LocalGroup -Name "groupname"
Remove-LocalGroup -Name "groupname"
Add-LocalGroupMember -Group "groupname" -Member "username"
Remove-LocalGroupMember -Group "groupname" -Member "username"组策略
gpupdate - 更新组策略
cmd
gpupdate # 更新组策略
gpupdate /force # 强制更新
gpupdate /target:computer # 只更新计算机策略
gpupdate /target:user # 只更新用户策略
gpupdate /wait:60 # 等待完成
gpupdate /logoff # 更新后注销
gpupdate /boot # 更新后重启gpresult - 组策略结果
cmd
gpresult # 显示组策略结果
gpresult /r # 简要结果
gpresult /h report.html # 生成 HTML 报告
gpresult /z # 详细结果
gpresult /scope computer # 只显示计算机策略
gpresult /scope user # 只显示用户策略
gpresult /s computer # 远程计算机secpol.msc - 本地安全策略
cmd
secpol.msc # 打开本地安全策略注册表管理
reg - 注册表操作
cmd
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion"
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion" /v ProgramFilesDir
reg add "HKLM\SOFTWARE\MyApp" /v Version /t REG_SZ /d "1.0" /f
reg add "HKCU\Environment" /v MYVAR /t REG_EXPAND_SZ /d "C:\Path" /f
reg delete "HKLM\SOFTWARE\MyApp" /f
reg delete "HKLM\SOFTWARE\MyApp" /v Version /f
reg copy "HKLM\SOFTWARE\MyApp" "HKLM\SOFTWARE\MyApp2" /s /f
reg export "HKLM\SOFTWARE\MyApp" backup.reg
reg import backup.reg
reg save "HKLM\SOFTWARE\MyApp" backup.hiv
reg restore "HKLM\SOFTWARE\MyApp" backup.hiv注册表根键
| 缩写 | 说明 |
|---|---|
| HKLM | HKEY_LOCAL_MACHINE |
| HKCU | HKEY_CURRENT_USER |
| HKCR | HKEY_CLASSES_ROOT |
| HKU | HKEY_USERS |
| HKCC | HKEY_CURRENT_CONFIG |
PowerShell 注册表操作
powershell
Get-Item "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion"
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion" -Name ProgramFilesDir
New-Item "HKLM:\SOFTWARE\MyApp"
New-ItemProperty "HKLM:\SOFTWARE\MyApp" -Name "Version" -Value "1.0" -PropertyType String
Set-ItemProperty "HKLM:\SOFTWARE\MyApp" -Name "Version" -Value "2.0"
Remove-Item "HKLM:\SOFTWARE\MyApp" -Recurse
Remove-ItemProperty "HKLM:\SOFTWARE\MyApp" -Name "Version"事件日志
wevtutil - 事件日志工具
cmd
wevtutil el # 列出日志
wevtutil gl Application # 日志信息
wevtutil qe Application /c:10 # 查询最近10条
wevtutil qe Application /q:"*[System[(Level=2)]]" /c:10 # 错误日志
wevtutil cl Application # 清除日志
wevtutil export-log Application app.evtx
wevtutil archive-log app.evtxPowerShell 事件日志
powershell
Get-EventLog -LogName Application -Newest 10
Get-EventLog -LogName Application -EntryType Error -Newest 10
Get-EventLog -LogName System -Source "Service Control Manager"
Get-WinEvent -LogName Application -MaxEvents 10
Get-WinEvent -FilterHashtable @{LogName='Application'; Level=2}
Write-EventLog -LogName Application -Source "MyApp" -EventId 100 -Message "Test"
Clear-EventLog -LogName Application事件级别
| 级别 | 说明 |
|---|---|
| 1 | Critical |
| 2 | Error |
| 3 | Warning |
| 4 | Information |
| 5 | Verbose |
系统服务
sc 服务管理
cmd
sc query # 查询所有服务
sc query type= service # 只查询服务
sc query servicename # 查询指定服务
sc query state= all # 查询所有状态
sc start servicename # 启动服务
sc stop servicename # 停止服务
sc pause servicename # 暂停服务
sc continue servicename # 继续服务
sc config servicename start= auto # 自动启动
sc config servicename start= demand # 手动启动
sc config servicename start= disabled # 禁用
sc delete servicename # 删除服务
sc create newservice binPath= "C:\app\service.exe"PowerShell 服务管理
powershell
Get-Service # 所有服务
Get-Service -Name *sql* # 按名称筛选
Get-Service | Where-Object {$_.Status -eq 'Running'}
Start-Service -Name servicename
Stop-Service -Name servicename
Restart-Service -Name servicename
Set-Service -Name servicename -StartupType Automatic
New-Service -Name "MyService" -BinaryPathName "C:\app\service.exe"
Remove-Service -Name servicename系统更新
wusa - Windows 更新
cmd
wusa /uninstall /kb:123456 # 卸载更新
wusa /quiet /norestart update.msu # 静默安装PowerShell Windows 更新
powershell
Get-WindowsUpdate
Install-WindowsUpdate
Get-HotFix # 已安装更新
Get-HotFix -Id KB123456dism - 系统映像管理
cmd
dism /online /get-packages # 列出已安装包
dism /online /get-packageinfo /packagename:PackageName
dism /online /remove-package /packagename:PackageName
dism /online /cleanup-image /checkhealth
dism /online /cleanup-image /scanhealth
dism /online /cleanup-image /restorehealth
dism /online /cleanup-image /startcomponentcleanup
dism /online /cleanup-image /startcomponentcleanup /resetbase系统备份与恢复
wbadmin - Windows 备份
cmd
wbadmin enable backup -addtarget:\\server\share -schedule:09:00 -include:C: -allCritical -quiet
wbadmin start backup -backupTarget:D: -include:C: -allCritical -quiet
wbadmin get versions # 列出备份版本
wbadmin get status # 备份状态
wbadmin start recovery -version:version -items:C: -itemtype:Volume
wbadmin delete backup -keepVersions:5
wbadmin stop job # 停止备份系统还原
cmd
rstrui # 打开系统还原
vssadmin list shadows # 列出卷影副本
vssadmin create shadow /for=C: # 创建卷影副本
vssadmin delete shadows /for=C: /all系统性能
性能监视器
cmd
perfmon # 打开性能监视器
perfmon /rel # 可靠性监视器typeperf - 性能计数器
cmd
typeperf "\Processor(_Total)\% Processor Time"
typeperf "\Memory\Available MBytes"
typeperf "\PhysicalDisk(_Total)\Disk Reads/sec"
typeperf "\Network Interface(*)\Bytes Total/sec"
typeperf -cf counters.txt -sc 10 # 从文件读取计数器
typeperf -o output.csv "\Processor(_Total)\% Processor Time"PowerShell 性能监控
powershell
Get-Counter "\Processor(_Total)\% Processor Time"
Get-Counter "\Memory\Available MBytes"
Get-Counter -ListSet * | Select-Object CounterSetName
Get-Counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 5 -MaxSamples 10计划任务
schtasks - 任务计划
cmd
schtasks /query # 查询所有任务
schtasks /query /tn "TaskName" # 查询指定任务
schtasks /query /fo list /v # 详细列表
schtasks /create /tn "MyTask" /tr "C:\app\script.bat" /sc daily /st 09:00
schtasks /create /tn "MyTask" /tr "C:\app\script.bat" /sc weekly /d MON /st 09:00
schtasks /create /tn "MyTask" /tr "C:\app\script.bat" /sc monthly /d 1 /st 09:00
schtasks /create /tn "MyTask" /tr "C:\app\script.bat" /sc onstart
schtasks /create /tn "MyTask" /tr "C:\app\script.bat" /sc onlogon
schtasks /run /tn "MyTask"
schtasks /end /tn "MyTask"
schtasks /delete /tn "MyTask" /f
schtasks /change /tn "MyTask" /tr "C:\app\newscript.bat"PowerShell 计划任务
powershell
Get-ScheduledTask
Get-ScheduledTask -TaskName "MyTask"
New-ScheduledTask -Action (New-ScheduledTaskAction -Execute "C:\app\script.bat") -Trigger (New-ScheduledTaskTrigger -Daily -At 9am)
Register-ScheduledTask -TaskName "MyTask" -Action $action -Trigger $trigger
Start-ScheduledTask -TaskName "MyTask"
Stop-ScheduledTask -TaskName "MyTask"
Unregister-ScheduledTask -TaskName "MyTask"
Disable-ScheduledTask -TaskName "MyTask"
Enable-ScheduledTask -TaskName "MyTask"系统配置
msconfig - 系统配置
cmd
msconfig # 打开系统配置bcdedit - 启动配置
cmd
bcdedit /enum # 列出启动项
bcdedit /set {default} device partition=C:
bcdedit /set {default} osdevice partition=C:
bcdedit /set {default} path \Windows\system32\winload.exe
bcdedit /delete {id} # 删除启动项
bcdedit /export backup.bcd # 导出配置
bcdedit /import backup.bcd # 导入配置
bcdedit /set {default} bootmenupolicy legacy # 启用传统启动菜单
bcdedit /set {bootmgr} displaybootmenu yes
bcdedit /timeout 30 # 启动菜单超时msinfo32 - 系统信息
cmd
msinfo32 # 打开系统信息
msinfo32 /report report.txt # 生成报告
msinfo32 /computer server01 # 远程计算机远程管理
远程桌面
cmd
mstsc /v:192.168.1.1 # 连接远程桌面
mstsc /v:192.168.1.1 /admin # 管理会话
mstsc /v:192.168.1.1 /f # 全屏模式远程关机
cmd
shutdown /s /m \\computer # 远程关机
shutdown /r /m \\computer # 远程重启
shutdown /a /m \\computer # 取消关机远程命令
cmd
psexec \\computer cmd # 远程命令行
psexec \\computer -u user -p pass cmd
psexec \\computer ipconfig /all下一步学习
- 基础命令 - 巩固基础命令
- PowerShell - 学习 PowerShell
- 进程管理 - 掌握进程管理