11 Useful Windows Stuff to Know as System Administrator

If you are into the Production Support/Middleware Administrator then most probably you will have to work on Linux and Windows OS.

Supporting production applications will be challenging if not familiar with administration commands. So here are things you should be familiar with windows, which will help you as an administrator to troubleshoot, support applications in daily life.

CPU Information

CPU information is often needed for troubleshooting performance issues or working on capacity planning.

1. Check how many CPU exist

• Go to Task Manager
• Click on the “Performance” tab to see the number of CPU available

You may also use a wmic command to get CPU information.

• Open Command Prompt
• Type below command and press enter

wmic cpu

2. Check CPU Processor type

• Right-click on Computer and click on Properties
• Look for processor details under System section

You may also use “wmic cpu” command to get this information.

Finding Memory Information

Often needed in a combination of CPU to troubleshoot the application performance issue.

3. Check Installed Memory and Utilization

• Go to Task Manager
• Click on “Performance” tab >> Memory

As you can see total/available/utilized memory

You may also use systeminfo command to check available physical memory.

C:UsersChandan Kumar>systeminfo | findstr Memory
Total Physical Memory:     4,239 MB
Available Physical Memory: 3,422 MB
Virtual Memory: Max Size: 7,951 MB
Virtual Memory: Available: 7,099 MB
Virtual Memory: In Use:   852 MB
C:UsersChandan Kumar>

4. Check Uptime/Boot time

If your Windows server is rebooted unexpectedly and needs to find out when exactly it happened then this would be very handy. Use the below command on the command prompt.

C:UsersChandan Kumar>systeminfo | findstr Boot
System Boot Time:         2/21/2016, 11:02:26 AM
Boot Device:               DeviceHarddiskVolume1
C:UsersChandan Kumar>

If you need to find out process start time in Windows, then you can refer here.

5. Check TCP Packet Errors

If you are troubleshooting network related problems, then this would be probably one of the first things to check. Use netstat command to check for any errors.

C:UsersChandan Kumar>netstat -s | findstr Errors
Received Header Errors            = 0
Received Address Errors           = 0
Received Header Errors             = 0
Received Address Errors           = 0
Errors                   0           0
Errors                   0           0
Receive Errors       = 0
Receive Errors       = 0
C:UsersChandan Kumar>

6. Check all running processes

To list all the tasks running with their PID and Memory usage, you can use tasklist command.

C:UsersChandan Kumar>tasklist
Image Name                     PID Session Name       Session#   Mem Usage
========================= ======== ================ =========== ============
System Idle Process             0 Services                   0         20 K
System                           4 Services                   0     1,264 K
smss.exe                       304 Services                   0       928 K
csrss.exe                     408 Services                   0     3,548 K
wininit.exe                   480 Services                   0     3,368 K
services.exe                  568 Services                   0     6,876 K

If you need to check a particular process running or not, you may use tasklist with findstr.

Ex:

C:UsersChandan Kumar>tasklist | findstr cmd
cmd.exe                       240 Console                    2     2,160 K
C:UsersChandan Kumar>

Alternatively, you can also use Task Manager to see all the running processes with its CPU/Memory/Disk/Network utilization.

7. Kill the running process

Often used if a process is not responding and you need to kill it. You may either kill the process with “taskkill” command or Task Manager.

To kill using taskkill

• Open command prompt
• Execute taskkill command with process PID

C:UsersChandan Kumar>taskkill -pid 312
SUCCESS: Sent termination signal to the process with PID 312. 
C:UsersChandan Kumar>

To kill using Task Manager

• Open Task Manager
• Right-click on the process you want to kill and click on “End task.”

8. Find out IP, Subnet Mask; MAC address

ipconfig is a handy command to find out the IP address of the Windows server. This will display the entire Ethernet adaptor and their IP address.

ipconfig

If you need to find out the details in depth, then you can use /all syntax.

ipconfig /all

To flush the DNS cache, you can use /flushdns syntax. This will be often helpful if you have done some DNS changes and it’s not reflected due to data stored in the cache.

ipconfig/flushdns

9. Display user and group information

“whoami” command will help you to check the user details of logged in user and the group it belongs to.

C:UsersChandan Kumar>whoami
win-nffe5b9pda0chandan kumar
C:UsersChandan Kumar>

To check the group it belongs to

whoami /groups

10. Perform DNS lookup

“nslookup” command will help to find out DNS resolving IP address.

C:UsersChandan Kumar>nslookup geekflare.com
Server: UnKnown
Address: 172.16.179.2
Name:   geekflare.com.localdomain
Addresses: 162.159.243.243
         162.159.243.243 
C:UsersChandan Kumar>

If your network administrator blocks nslookup to external DNS, then you may use online tools to perform DNS lookup.

11. Capture network trace

You can use netsh command to capture the trace if you don’t have Wireshark or other capture software installed.

C:Windowssystem32>netsh trace start capture=yes
Trace configuration:
-------------------------------------------------------------------
Status:             Running
Trace File:         C:UsersChandan KumarAppDataLocalTempNetTracesNetTrace.etl
Append:             Off
Circular:           On
Max Size:           250 MB
Report:             Off
C:Windowssystem32>

To stop the capture

netsh trace stop

I hope the above helps you to get familiar with some of the Windows administration related tasks. If you are a newbie, I would strongly recommend this online course.