techadvisor

Saturday, October 22, 2016

Connecting to file shares

Chapter 10 - Connecting to file shares

As we mentioned in Chapter 8, the Windows Command Prompt is based off the old DOS command line, and DOS had barely any networking commands. Starting with Windows for Workgroups, Windows focused heavily on networking, and also on file sharing. "File sharing" is one of the most basic functions of computer networking. It basically means making files available to other users and systems via a network connection. Shared folders are generally referred to as "file shares" or more simply as "shares." Microsoft has for years made it easy to share files from Windows (maybe too easy, given how quickly viruses spread over the Internet in the first years of the 21st century).

But do you need to use Windows's graphical tools to access file shares? Not at all! DOS might have lacked file-sharing commands, but the Windows Command Prompt includes them. Using these commands, you can connect and disconnect from shared folders, and even create your own shares.

MAPPING NETWORK DRIVES

You might have heard people talk about "mapping a network drive." What does that phrase mean? "Mapping a network drive" refers to taking a shared network folder it and making it appear on your Windows system with a drive letter. When you plug in a USB flash drive or a USB hard drive, you're used to it appearing in the Computer window with the next available drive letter. By mapping a network drive, you can make it appear in Computer with a drive letter, just like any other external drive. You can then issue commands from the Command Prompt to move, delete, and copy files to and from the network share.

Assuming, of course, that you have the proper share permissions, which we shall discuss in the next section.

SHARE PERMISSIONS

We've already discussed NTFS permissions in Chapter 5. Share permissions, however, are something entirely different from NTFS permissions. NTFS generally deal with which users and groups can access a file. Share permissions control which users can access the shared folder or file, and what level of access they have to the folder, over a network connection. However, NTFS permissions can override share permissions. If you have the share permission to add files to a shared folder, but your account only possesses the NTFS Read permission, you will not be able to copy any files to the share.

This can seem confusing, but taken piece by piece, share permissions are straightforward. In fact, there are six major NTFS permissions, but only three share permissions: Read, Change, and Full.

The Read share permission gives a user permission to view the file or folder over the network. It works a lot like the Read NTFS permission. A user with the Read permission will be able to see the file in the directory, open up the file, and read it. However, the user will not be able to alter the file or delete it.

The Change share permission gives the user permission to alter a shared file. Basically, it functions like the NTFS Write permission. The user has permission to change a file with the Write permission, but he cannot delete the file, and he cannot change its share permissions.

The Full share permission, like the NTFS Full Control permission, gives the user complete control over the file or folder. If you have the Full share permission, you can read the file, make changes to it, and delete it. You can also alter its share permissions for other users.

What happens when the share permissions and NTFS permissions conflict? The rule of thumb is that the most restrictive permission wins. For instance, say you have the Full share permission to a file, but only the NTFS Read permission. You'll be able to read the file, but the NTFS permissions will block you from editing the file in anyway. Likewise, let's say you have the NTFS Full Control permission for a file, but only the Read share permission. You'll be able to read the file, but since your share permissions are limited to Read, you won't be able to do anything else with it.

VIEWING FILE SHARES

The first step to connecting to file shares from the Command Prompt is to find those shared folders. To connect to a file server, you'll need to know either its IP address, or its Fully Qualified Domain Name. (A FQDN is a computer's proper DNS name - for instance, fileserver.testdomain.com.) Whether connecting via the IP address or the FQDN, you'll need to use a syntax called UNC - Uniform Naming Convention. UNC is a technology Microsoft uses in Windows to designate the location of a network resource. For example, if you have a file server at 192.168.1.1 which contains a shared folder named Data, the UNC path to the server and the folder would look like this:

\\192.168.1.1\data

You'll need to use UNC to designate the server and folder you want to use when working with file shares from the Command Prompt. Let's say you want to view the shared folders available on a server with the IP address of 192.168.1.1. To do so, you would use the NET command. The NET command is the Swiss army knife of the Command Prompt. It does a variety of different things, and is your chief tool for connecting to file shares from the command line. More specifically, you would use the NET VIEW command to view the available file shares on a server:

NET VIEW \\192.168.1.1

The command will generate an output that should look something like this:

Shared resources at \\192.168.1.1

Share name Type Used as Comment

------------------------------------------------

images Disk

data Disk

backup Disk

The command completed successfully.

From this output, you can see that the server at \\192.168.1.1 has three separate shared folders available - images, data, and disk. You can then use this information to connect to the file share and map it as a network drive, which we'll discuss how to do in the next section.

CONNECTING TO A FILE SHARE

To connect to a file share, you again use the NET command. To connect, however, you'll use the NET USE command, rather than NET VIEW. If you wanted to connect to the data fileshare on \\192.168.1.1 and map it as your computer's H drive, you would use this command:

NET USE H: \\192.168.1.1\data

This will mount the shared folder "data" at \\192.168.1.1 as your computer's H drive.

Unfortunately, if you reboot your computer, or log out and then log back into your account, this will break your connection to the share, and you'll have to remap the network drive all over again. You can avoid this by using NET USE with the /PERSISTENT switch:

NET USE H: \\192.168.1.1\data /PERSISTENT:YES

This will tell Windows to remap the network drive every time you log into your account. If the network share is available when you log in, Windows will remap the drive for you.

You might also need to connect to the share as a different user. This can be accomplished via the /USER switch with the NET USE command. If you wanted to connect to the \\192.168.1.1\data share using the user account named camalas, you would use the NET USE command with these parameters:

NET USE H: \\192.168.1.1\data /USER:CAMALAS

This will connect you to the network share at \\192.168.1.1\data using camalas's user account.

DISCONNECTING FROM A FILE SHARE

If you no longer need a particular network drive, you might want to disconnect it. Just as with mapping a network drive, you can disconnect a network drive from the Command Prompt via the NET USE command. To disconnect the H drive we mapped in the earlier example, you would use this command:

NET USE H: \\192.168.1.1\data /DELETE

Using the /DELETE switch might seem rather drastic. Fortunately, the /DELETE switch is misnamed. It doesn't delete any of the files or subdirectories contained in the file share. It only disconnects the mapped network drive from your computer, and you can reconnect to it at your leisure.

CREATE A FILE SHARE

In addition to connecting to file shares from the Command Prompt, you can also create your own file shares using the command line. Windows Vista and Windows 7 are generally called "client systems", since they're designed to interact with larger server systems running a version of Windows Server. However, the client versions of Windows can act as limited server systems. You can created shared folders on your Windows client system, and allow users to connect to them remotely.

As with finding and connecting to network shares, you use the NET command to create file shares on your Windows computer. To create network shares, you use the NET SHARE version of the NET command. Let's say you have a directory named data in the root directory of your C drive you want to share. To make it into a shared folder, use this command:

NET SHARE DATA=C:\DATA

This will set C:\DATA as a shared folder with a share name of "DATA." The new share won't do you very much good unless you assign share permissions to users. You also use the NET SHARE command to assign share permissions to users. For instance, if you wanted to grant the camalas user account the Read permission to the DATA share:

NET SHARE DATA /GRANT:CAMALAS READ

This will assign the camalas user account the Read share permission. To assign the Change permission to the camalas user account, use this command:

NET SHARE DATA /GRANT:CAMALAS CHANGE

And to grant the Full share permission:

NET SHARE DATA /GRANT:CAMALAS FULL

Finally, to view all the file shares on your system, use the NET SHARE command without any arguments:

NET SHARE

This will generate a similar output to using NET VIEW to view the file shares on a remote system, but this listing will show only the file shares on the local system.

Networking

Chapter 8 - Networking

The Windows Command Prompt is based off the old DOS command line, and DOS had hardly any networking commands. Back in the days of DOS, computer networking was still in its infancy, and therefore DOS had no need of networking commands. Stand-alone workstations were more common than computers joined together in local area networks.

All that has changed. Nowadays, a computer is far more likely to be connected to some kind of network (whether a home connection or workplace LAN) than not. In fact, computers that are not connected to the Internet in some form are increasingly rare. This means that Command Prompt has numerous commands dealing with networks, networking, and IP addresses, and we’ll discuss those commands in this chapter.

WHAT IS AN IP ADDRESS?

First, however, we should discuss IP addresses. Before we explain the Windows Command Prompt's networking commands, it’s a good idea to have a firm grasp of the basics of IP addressing.

The letters "IP" stand for Internet Protocol, and the Internet Protocol is part of the TCP/IP (Transmission Control Protocol/Internet Protocol) suite, a group of related protocols that lay down the rules for how computers communicate over networks, both over LANs and the larger Internet. An IP address, therefore, is a (theoretically) unique address assigned to a computer. It's a bit like a street address - it lets other computers send traffic to and receive traffic from your system. An IP address consists of four groups of numbers separated by dots:

192.168.1.1

These numbers are actually the numerical form of a binary number. None of these numbers can be higher than 255. (While watching a detective TV show, it’s occasionally hilarious to see the police track a criminal using a ludicrously implausible IP address, like 689.34.385.339.)

The dominant version of the IP protocol is Version 4, commonly referred to as IPv4. Under IPv4, there are only 4.6 billion IP addresses available, and the available IP addresses ran out a few months before the time of this writing. (IPv6, which has many more available addresses, will eventually replace IPv4, but for now, IPv4 remains dominant.) There are obviously far more computers, phones, routers, switches, and other networked devices in the world than 4.6 billion, so how do all these devices receive IP addresses?

The answer is a "private IP address." Certain blocks of IP addresses have been reserved for use in private networks. These blocks, using a technology called Network Address Translation (NAT), are then "translated" to public IP addresses. This has extended the lifetime of the available IPv4 address space for decades. The ranges of the reserved private addresses are:

10.0.0.0 - 10.255.255.255

172.16.0.0 - 172.31.255.255

192.168.0.0 - 192.168.255.255

Odds are, your computer has an IP address in one of those ranges as part of a private network (even if it's just a private network generated by your wireless router).

IP address also have a "subnet mask". A subnet mask defines which parts of the IP address designate the network, and which part designates the individual computer. Let's say the IP address of 192.168.1.1 from above has a subnet mask like this:

255.255.255.0

That means the 192.168.1 part of the address indicates the network, while the final 1 indicates the computer.

IP addresses usually include a “broadcast” address. Any traffic sent to the broadcast address is directed to every single computer in the local network. A broadcast address has a “255” as its final number, so a computer with a 192.168.1.1 address will have a broadcast address of 192.168.1.255.

Lastly, IP addresses usually (but not always) come with a "default gateway". The default gateway is the address you computer sends traffic destined for anywhere outside the local network segment. Like, say you want to visit Google with your web browser. Your computer recognizes that Google isn't on the 192.168.1.* network, and so forwards the request to the default gateway, which then sends the traffic on to Google. (This is a simplification, but adequate for our purposes.)

FINDING YOUR IP ADDRESS

Find your IP address from the Command Prompt is quite easy, and in fact (as we mentioned in the Introduction) quite a bit easier than doing it from the GUI. Simply go to the Command Prompt and type this command:

IPCONFIG

The IPCONFIG command stands for “IP Configuration”, and in its default state it spits out quite a bit of information about your computer’s network configuration. The most important information is found under two different headings. You can find the information for your computer’s Ethernet adapter under the heading marked “Ethernet adapter Local Area Connection.” (If you have more than one Ethernet adapter, each additional adapter will be labeled Local Area Connection 2, Local Area Connection 3, and so forth.) If your computer has a wireless network card, as most laptops do, it will have a heading marked “Wireless LAN adapter Wireless Network Connection.”

The important information will look like this:

IPv4 Address. . . . . . . . . . . : 10.10.8.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . :10.10.8.200

Here you see listed your computer’s IP (version 4) address, your subnet mask, and your default gateway.

There is a second command available to find your IP address. It takes longer to type, but it presents much less extraneous information than IPCONFIG. The Command Prompt includes a command called NETSH (for “net shell”) to perform network tasks from the command line, and you can use it to find your IP address:

NETSH INTERFACE IPV4 SHOW ADDRESS

The command’s output will look something like this:

Configuration for interface "Wireless Network Connection"

DHCP enabled: Yes

IP Address: 10.10.8.100

Subnet Prefix: 10.10.8.0/24 (mask 255.255.255.0)

Default Gateway: 10.10.8.200

Gateway Metric: 0

InterfaceMetric: 25

Using either IPCONFIG or NETSH INTERFACE IPV4 SHOW ADDRESS will allow you to view your IP address from the command line.

FINDING THE MAC ADDRESS AND OTHER INFORMATION

Finding your IP address is useful, but there are other pieces of networking information that you might need. Your computer’s DNS server, for one – DNS stands for “Domain Name Service”, and a DNS server translates easy domain names, like http://www.jonathanmoeller.com, into appropriate IP addresses. You might also need to find your computer’s MAC address. MAC stands for “Media Access Control”, and every network adapter has its own unique MAC address burned into the hardware. (Theoretically, anyway – it’s relatively simple to fake a MAC address.)

IPCONFIG in its default state does not show the MAC address. But like every other command, it includes switches. With the /ALL switch, IPCONFIG shows a great deal more information:

IPCONFIG /ALL

Here’s some of the information the command will list for each network adapter on your system:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . :

Physical Address. . . . . . . . . :

DHCP Enabled. . . . . . . . . . . :

Autoconfiguration Enabled . . . . :

Link-local IPv6 Address . . . . . :

IPv4 Address. . . . . . . . . . . :

Subnet Mask . . . . . . . . . . . :

Lease Obtained. . . . . . . . . . :

Lease Expires . . . . . . . . . . :

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . :

DHCPv6 IAID . . . . . . . . . . . :

DHCPv6 Client DUID. . . . . . . . :

DNS Servers . . . . . . . . . . . :

Primary WINS Server . . . . . . . :

NetBIOS over Tcpip. . . . . . . . :

Your computer’s MAC address will be listed under the “Physical Address” item. You can also find the address of your DNS servers under the “DNS Servers” item.

There is a quicker way to find your MAC address with the GETMAC command. Type this command, and it will list the MAC address for every single network adapter on your system:

GETMAC

However, the default output generated by the GETMAC command is not terribly useful. It lists the adapters by “transport name”, which is generally a long string of letters and numbers. It’s quite difficult to figure out which transport name corresponds to which adapter. Fortunately, using the /V switch with GETMAC produces a more informative ouput:

GETMAC /V

This sorts the output by the name of the connection (Local Area Connection, etc.) and therefore makes it much easier to find which MAC address goes with which adapter.

RENEWING AND RELEASING IP ADDRESSES

There are two ways to give a computer an IP address, static and dynamic. With a static IP address, you manually assign an IP address to a computer, and it never changes. This works well enough for small networks, but on a network with hundreds or even thousands of computers, keeping track of which computer has which IP address quickly becomes overwhelming.

The second method is a technology called DHCP, which stands for Dynamic Host Configuration Protocol. With DHCP, the network administrator configures a DHCP server for the network. When a computer connects to the network, it communicates with the server and receives an IP address. With the IP address comes a “lease”, the amount of time the computer gets to keep the address. Usually, the computer renews its lease with the DHCP server halfway before the time expires.

DHCP is automated, and the process is supposed to be invisible to the user. Like any technical process, things sometimes do go wrong. A common one is that the computer has an expired IP address, yet refuses to release it (this often happens when you move a computer to a different network with a different DHCP server). You can use the IPCONFIG command at the Command Prompt to force your computer to release any DHCP address. Type IPCONFIG with this switch:

IPCONFIG /RELEASE

This will release your computer’s IP addresses.

(Note that you must be running Command Prompt as an administrator for this command to work.)

You can also use IPCONFIG to contact the network’s DHCP server for a new address. Generally, when you connect your computer to a new network, it should automatically contact the DHCP server to receive an address. But if you’ve just released the address, your computer might not re-contact the DHCP server. You can force it to renew the lease on its IP address with this command:

IPCONFIG /RENEW

If your computer doesn’t have a DHCP-assigned address, it will attempt to contact a DHCP server and get an address. If your computer already has an address, it will contact the DHCP server and renew its lease on that address.

SETTING A STATIC IP ADDRESS

Under most circumstances, most computers do not need a static IP address (especially if there’s a DHCP server on the network). Most server systems, however, need a static IP. Server software likes stability, and is liable to malfunction every time the server receives a new DHCP IP address. For that matter, keeping a static IP makes it easier for client systems to find the target server.

You can set a static IP address using the NETSH command. If you wanted to set a static IP address on the “Local Area Connection” Ethernet adapter of 192.168.1.100, with a subnet mask of 255.255.255.0 and a default gateway of 192.168.1.200:

NETSH INTERFACE IPV4 SET ADDRESS “LOCAL AREA CONNECTION” STATIC 192.168.1.100 255.255.255.0 192.168.1.200

Note that you need to run NETSH from the Command Prompt as an administrator.

Having a static IP address will not do you much good unless you also set the address for the DNS sever. Most DHCP servers supply the address of a DNS server as part of the address information, but if you use a static address, you’ll need to set it on your own. Fortunately, you can do this with NETSH. If you wanted to set a DNS server address of 192.168.1.200, you would use this command:

NETSH INTERFACE IPV4 SET DNSSERVERS “LOCAL AREA CONNECTION” STATIC 192.168.1.100

These two command will let you first set a static IP, and then assign a DNS server address to your computer.

If you change your mind and want to use a DHCP address again, you can also set your computer to use a DHCP address from the Command Prompt. To set your computer to receive a dynamic IP address on the “Local Area Connection” adapter, use the NETSH command:

NETSH INTERFACE IPV4 SET ADDRESS NAME=”LOCAL AREA CONNECTION” SOURCE=DHCP

To tell your computer to receive its DNS server address from the DHCP server, use this version of the NETSH command:

NETSH INTERFACE IPV4 SET DNSSERVERS NAME=”LOCAL AREA CONNECTION” SOURCE=DHCP

This will configure your computer to receive a DNS server address from the DHCP server.

DIAGNOSING NETWORK PROBLEMS

If you’ve ever had to repair a computer (or even used one, for that matter), you know that network and Internet connection problems are a depressingly common occurance. And you also know that Windows’s built-in graphical tools for solving network problems are not often that useful. Fortunately, the command line’s tools are much better at getting practical information.

The first and most commonly used network-diagnostic command is the PING command. PING stands for “Packet Internet Groper”, and it relies upon the ICMP protocol, the Internet Control Message Protocol. Basically, the PING command sends a packet to a network destination, such as a server or another PC, and if the destination is activate, it sends back an acknowledgement packet. For instance, if you wanted to ping the PC at the IP address of 192.168.1.2, you would use this command:

PING 192.168.1.2

If 192.168.1.2 is up, the PING command will generate an output like this:

Reply from 192.168.1.2: bytes=32 time=1ms TTL=127

Reply from 192.168.1.2: bytes=32 time=32ms TTL=127

PING also has a few command options you can use to alter its performance. The /T switch tells PING to continuously send packets until you use CTRL-C to tell it to stop:

PING /T 192.168.1.2

This is useful to continuously test a connection, since it will allow you to see if it is intermittently dropping traffic.

You can also use the /N switch to tell PING to send a certain number of packets. In this example, PING will send six packets, and then stop:

PING /N 6 192.168.1.2

Note that the PING command will not always work, even if a remote destination has an active network connection. This is because Windows 7, by default, blocks ICMP traffic, and several other operating systems do the same. However, enough devices do permit ICMP traffic to make PING a useful diagnostic tool.

TRACING PATHS

Sometimes your network connection is active, but you can’t access a particular destination. In this case, the TRACERT command becomes useful. TRACERT maps the network route from your computer to the destination, and sends every device in the path an ICMP packet. You can then see which devices in the path are not responding, and then hopefully determine a solution. For instance, to trace the path to 192.168.1.2, you would use TRACERT like this:

TRACERT 192.168.1.2

The output will look something like this, with one line for each “hop” (another device in the chain) to the destination:

1 1 ms 1 ms 1 ms 10.10.11.254

2 54 ms 1 ms 1 ms 192.168.1.2

TRACERT, by default, runs up to thirty hops, but you can use the /H switch to force a higher or lower number of hops.

DNS PROBLEMS

DNS is a bit like the circulatory system in the human body. When it’s working right, you will forget that it’s there. But when it goes bad, everything grinds to a halt. DNS is much the same way. Without it, you can’t type addresses into the addresses bar of your web browser, or use any network resources that depend upon DNS.

You can use the NSLOOKUP utility to determine if your DNS server is functioning or not. NSLOOKUP runs a query against the DNS server, and if the server is active, the command produces a response. Specifically, it looks up the IP address of the domain name you used with the command. For example, this is what the command to look up the IP address of Google.com would look like:

NSLOOKUP google.com

The command would generate an output like this:

Non-authoritative answer:

Name: google.com

Addresses: 74.125.225.84

74.125.225.83

74.125.225.81

74.125.225.82

74.125.225.80

If NSLOOKUP does not generate a response, you know that either your DNS server is having problems, or your computer cannot communicate with the DNS server due to a connection problem.

TRACKING NETWORK STATISTICS

The Command Prompt also includes a powerful utility for tracking network statistics – the NETSTAT command. Issuing the NETSTAT command without any switches at the command line displays a list of currently active network connections to your computer. NETSTAT comes with a variety of switches that improve its usefulness:

-/A, which lists all connections and open ports on your computer.

-/E, displays the Ethernet statistics – how many bytes of data your computer as sent and received, and so forth.

-/S, displays the statistics on a per-protocol basis – TCP, IP, ICMP, and others.

NETSTAT is a fairly advanced utility, but you can use it to help track down obscure network problems afflicting your computer.

Chapter 7 - Copying, moving, renaming, and deleting files.

we will discuss the basics of managing your files from the command line.

COPYING FILES

One of the most useful features of the modern PC is the ability to swiftly copy files from one location to another. Practically every computing device has the ability to copy files. The Windows operating system and the Command Prompt are no different. The basic command for copying files from the Command Prompt is the COPY command. If you wanted to use COPY to copy a file called test.txt to the root directory of a USB flash drive assigned the letter J:

COPY test.txt J:\

The command will create a copy of test.txt in the root directory of the J drive.

Like most Command Prompt commands, COPY assumes that you will be copying files from the working directory, and looks there first to find the filenames you specify. However, you can also use COPY with absolute file paths. If test.txt were in the Users directory of the C drive, you would use this command to copy it to J:

COPY C:\Users\test.txt J:\

But what happens if there's already a file named "test.txt" in the root directory of J? If there's already a file there, COPY will pause for your confirmation before continuing:

Overwrite J:\test.txt? (Yes/No/All):

If you hit Y to continue, COPY will overwrite the file. Hit N, and COPY will leave the file intact. (The All option is used when copying multiple files at once - hit A, and COPY will not ask you again if you want to overwrite the files for the remainder of the copying job.)

You can override this prompt with the /Y switch:

COPY C:\Users\test.txt J:\ /Y

With the /Y switch, COPY will overwrite any files without first prompting you to continue. Needless to say, you should be careful using the /Y switch, since you might accidentally overwrite valuable data.

Like most other file manipulation commands, COPY works with the wildcard characters. If you wished to copy every file with the "txt" extension in the Users directory to J:\, you would use this command:

COPY C:\Users\*.txt J:\

The COPY command is easy to use, but it is fairly limited, and has only a few available options. For a more powerful copying utility, Command Prompt offers the XCOPY utility. On the surface, XCOPY works just like COPY - you can copy individual files, use wildcards, and so forth. XCOPY's main advantage over COPY is that it allows you to copy subdirectories. In other words, you can copy entire branches of the directory tree from one location to another with the XCOPY command. In this example, XCOPY will copy the entire contents of your C:\Users directory, including all subdirectories, to the USB drive at J:

XCOPY C:\Users\*.* J:\ /S /E

You will notice the use of two switches, /S and /E. The /S switch tells XCOPY to copy all the subdirectories in the C:\Users directory. The /E switch tells XCOPY to copy the subdirectories even if they are empty.

Here are a few more useful switches XCOPY offers:

-/M copies only files with the Archive attribute enabled, and then switches it off. This essentially lets you use XCOPY as a crude backup utility.

-/D:m-d-y only copies files changed after the specified date (for instance, for December 27th, 2010, the command would look like this: XCOPY *.* /D:12-27-2010).

-/C tells XCOPY to continue the copy operation even if there are errors. This is useful when copying large numbers of files from a failing or damaged disk - if you're trying to copy off, say, 85 gigabytes worth of music files, it is quite irritating to have the operation fail two gigabytes into the job due to an error.

-/H tells XCOPY to copy files with the System and Hidden attributes, as well.

-/R overwrites any files with the Read-only attribute in the destination directory that share same name as the copied files. You should be careful with this option, since it can cause data loss.

-/N copies the files using their 8.3 filenames.

-/Y works the same as the /Y switch with the COPY command, and tells XCOPY to overwrite any files of the same name without prompting you first.

The COPY command is good enough for quickly copying small groups of files, but for heavy-duty file copying, you'll want to use the XCOPY command.

MOVING FILES

There are two ways to move a file. You could copy the file to its new destination, and then delete the original source file. This involves unnecessary work. Using the MOVE command, you can move a file from its original location to a new one, all in a single command. If you wanted to move the test.txt file to a USB flash drive at J:

MOVE test.txt J:\

This will move test.txt to the root directory of J, while removing the original source file.

Like COPY and XCOPY, the MOVE command supports the use of wildcard characters. This command will move every file in the current directory to the root directory of J:

MOVE *.* J:\

RENAMING FILES

Very often you will need to change the name of a file or of a directory. Renaming a file is quite simple, thanks to the REN command. In the following example, you use the REN command to change the name of test.txt to example.txt:

REN test.txt example.txt

Likewise, you can also use the REN command to change the name of directories. For instance, if you wanted to change the name of the C:\test directory to C:\finished, you would use this command:

REN C:\test C:\finished

The REN command has a few caveats, though. The renamed file has to stay in the same location as it started - you cannot use the REN command like the MOVE command, in other words. In addition, you cannot rename a file to match the name of a file that already exists in the current directory - you cannot use REN like the COPY or the XCOPY commands to overwrite a file.

DELETING FILES

Deleting files from Windows Explorer is simple enough - you simply drag and drop them to the Recycle Bin icon on your desktop. This works well enough for one or two files, but becomes quite cumbersome if you want to delete, say, one hundred files at once. Especially if the files are mixed with other files that you want to keep - you'll need to cumbersomely scroll down while CTRL-clicking the files, or drag them one by one to the Recycle Bin.

Either way is a waste of time, especially when you can delete files quickly and easily from the Command Prompt.

The command to delete files (and directories - we'll discuss that later) is the DEL command. If you wanted to delete a file named test.txt in the current directory, you would use this command:

DEL test.txt

The test.txt file will be deleted in short order.

If, however, the file has the Read-only attribute, you'll get an error message that says "Access is denied." If this happens, you have two options. You can use the ATTRIB command to revoke its Read-only status and then delete the file. Alternatively, you can use the DEL command with the /F switch:

DEL /F test.txt

The /F switch tells DEL to delete the file, even if it has the Read-only attribute. You should of course take considerable care when using the /F switch, since you might inadvertently delete important files.

If you don't have NTFS permissions to the file, you can't delete it. You'll need to first alter the permissions so you have at least the Modify permission, or log onto your Windows system using an account (such as administrator account) that has the permissions.

Like XCOPY and COPY, the DEL command also works with the wildcard characters. Using DEL with the wildcard characters makes the command extremely powerful (and extremely dangerous). For example, if you have a series of files named data1.doc, data2.doc, and so forth, you could delete them all at once using the question mark wildcard character:

DEL data?.doc

This will delete every file in the current directory hat begins with data, has an extension of "doc", and has a single character after the "data" part of the filename. (It works much like the previous example with the COPY command, except instead of copying the files, DEL deletes them.)

Using the asterisk wildcard character with DEL creates an even more powerful command:

DEL *.doc

This command will delete every single file with the "doc" extension in the current directory. If you use it conjunction with the /F switch, it will wipe out files with the Read-only attribute.

If you remember what we've discussed about the asterisk wildcard character, then you know what this command will do:

DEL *.*

This will delete every single file in the current directory. Needless to say, you should only use this command when you are absolutely certain that you want to delete every single one of the files in the current directory.

Like XCOPY, the DEL command isn't confined to working in a single directory at a time. This command will tell DEL to delete every file with the "doc" extension in the current directory, and every file with the "doc" extension in the current directory's subdirectories:

DEL *.doc /s

And to take it one step further, this command will delete all the files in the current directory, and all files in all the current directory's subdirectories as well:

DEL *.* /s

Needless to say, you should exercise great caution when using this command.

Like XCOPY and COPY, DEL also works with absolute file paths. For instance, if you wanted to delete every file in the C:\temp directory, you would employ this command:

DEL C:\temp\*.*

Using DEL, you can delete files from the Command Prompt more efficiently than through Windows Explorer. Just use it carefully - you can accidentally wipe out important data.

WHAT ARE WILDCARD CHARACTERS?(chapter 6)

WHAT ARE WILDCARD CHARACTERS?

Wildcards are characters that represent all possible other characters. As you might remember from Chapter 4, the question mark character (?) can represent every other potential character, and the asterisk (*) can represent any potential combination of characters. Why are wildcards useful? Basically, they let your commands affect more than one file at a time.

Let’s say you wanted to use the DEL command to erase a file called test.txt:

DEL test.txt

That command (assuming you had the proper permissions) would delete the test.txt file and do nothing else. But if you add wildcards into the mix, the command can affect multiple files. For instance, add a single question mark to the command:

DEL test?.txt

This command will not delete the test.txt file. It will, however, delete every file in the directory that has “test” in its name, “txt”, as its extension, and additional single character before the extension. So test1.txt, test2.txt, and test3.txt, would all be deleted by this single command. Much more efficient than typing DEL over and over again!

However, any of the files that had two characters before the extension – like test10.txt and test11.txt – will not be deleted. This is because the question mark character only serves as a wildcard for a single character. It’s useful if you want your command to affect a very narrow subset of files – if you only want to copy a few files, or to delete a few particular files.

To cast a wider net with your command, you need the asterisk (*) wildcard character. The question mark wildcard character represents a single character, but the asterisk wildcard represents any number of characters. For example, consider what would happen if you used an asterisk instead of a question mark with the DEL command:

DEL test*.txt

This command will delete every single file in the current directory that begins with “test” and has an extension of “txt”. No matter how many characters come after “test” and before “txt”, the DEL command will delete them all.

You can make the DEL command even more powerful by removing the filename and leaving only the asterisk:

DEL *.txt

This command will delete every file in the current directory that has an extension of “txt.” We’ve already mentioned how an asterisk wildcard character can represent any number of characters – here will delete any file, regardless of its name, that has the “txt” extension.

So think about what would happen if you typed this command:

DEL *.*

The use of the asterisk wildcard characters here means that the DEL command will delete any file with any name and any extension. To put it more simply, DEL will delete every single file in the current directory! Needless to say, you should exercise extreme caution while using wildcards with the DEL command.

The wildcard characters work with file manipulation commands other than DEL. You can use the wildcards to make copying and moving files from the Command Prompt far quicker and more efficient.

REDIRECTION

To understand redirection at the Command Prompt, you first to need to understand the ideas of input and output. Input is any information you enter into the computer – a mouse click, or the commands you type at the Command Prompt. Output is information that the computer returns to you – the menu that appears when you right-click the mouse, or the text Command Prompt displays when you enter a command.

Using redirection, you can redirect the output from one command to another command. The most common use of redirection is with the MORE command. If you type the DIR command in a directory that contains a great deal of files, the output will probably scroll off the top of the screen. You could use the DIR /P command to view the output one screen at a time. You have another option with the MORE command and a redirection pipe:

DIR | MORE

The pipe character (|) redirects the output from the DIR command to MORE. The MORE command takes the output and displays it one screen at a time, letting you scroll down line by line. You can also use the pipe character and MORE with the TYPE command. The TYPE command displays the contents of a plain-text file (generally a file with the “txt” extension, though some system INI files are plain-text) on the screen. See this example:

TYPE test.txt | MORE

If test.txt is too long to display on the screen, the MORE command will parse it out one screen of text at a time.

You can also use output redirection create files with the output from the commands. For example, what if you wanted to keep a listing of all the files in a particular directory? You could type the DIR command, of course, but the output would disappear as soon as you closed the Command Prompt window, or even if you typed enough other commands. However, you can avoid the problem if you use DIR with the greater than (>) sign:

DIR > output.txt

When you hit the Enter key, it might seem initially that nothing has happened. However, a new file named "output.txt" has been created in your current directory, and it contains the output from the DIR command. You can display the file with this command:

TYPE output.txt

You can then view the contents of the file.

It is important to take care while using the greater than sign to redirect output. In the previous example, if there's already a file named "output.txt" in the directory, the command will overwrite it, and any data in the original file will be lost. So make sure that you pick a new filename for your output.

However, by using a double greater than sign (>>) you can append the output to an existing file. Rather than overwriting an existing file, the double greater than sign will simply add the output to the end of the existing file. Here's an example:

DIR >> output.txt

You can then read output.txt at your leisure, whether with the TYPE command or with the Notepad application.

Redirecting output to text files might not seem very useful with the DIR command, but it really comes in handy when working with Command Prompt's networking commands. (We'll discuss networking more in Chapter 8.) Many of the networking commands produce long and complicated outputs, and you might want to put the output in a text file to peruse at your leisure.

File attributes and NTFS permissions

Chapter 5 - File attributes and NTFS permissions

We’ve already mentioned both file attributes and NTFS permissions throughout this book. In this chapter we’ll take a closer look at file attributes, and discuss how to view and change attributes from the command line. We’ll also examine NTFS permissions, which are considerably more powerful than file attributes, and discuss how to view and alter them as well.

WHAT ARE FILE ATTRIBUTES?

“File attributes” are basically pieces of metadata that contain additional information about the file. In Windows, files generally have their names, their types (defined by the file’s extension), and their timestamps. (Certain kinds of files, such as MP3 music files, have additional kinds of metadata, such as the album and artist name.) With file attributes, however, there are four additional pieces of information that you can add to a file.

These four pieces of information are:

-Archive, represented with the A character. The Archive attribute indicates whether or not a file needs to be backed up – basically, whether or not it has been backed up since the last time the file was altered. The Windows Backup feature makes heavy use of the Archive attribute to determine if a file needs to be backed up or not.

-Hidden, represented with the H character. Hidden files are made invisible to the user – they do not show up in the Windows Explorer window, and are not listed when you use the DIR command. However, we’ve already explained how to view hidden files with the DIR /A command. Files are generally hidden to protect them from casual deletion – when editing a Microsoft Word document, for example, the temporary files that Word generates are hidden.

-Read-only, represented by the R character. When a file has the Read-only attribute, it cannot be altered. You can open it up and view it, or run it (if it’s a program), but you cannot make any changes to do it. Nor can you delete it – if you attempt to delete a file protected by the Read-only attribute, you will receive the “Access is denied” error message.

-System, represented by the S character. Windows uses the System attribute to mark which files are part of the Windows operating system. Needless to say, deleting files marked with the System attribute is a bad idea, since it can result in your computer malfunctioning or even rendering Windows unbootable. For that reason, the System attribute is almost always combined with the Read-only attribute.

LISTING FILE ATTRIBUTES

How do you find out what attributes a file possesses? You can do that with the ATTRIB command. Enter ATTRIB at the command prompt, and ATTRIB will list every file (including the hidden ones) in the current directory, along with their attributes. The output will look something like this:

C:\>attrib

A C:\autoexec.bat

A SHR C:\bootmgr

A SHR C:\BOOTSECT.BAK

A C:\config.sys

A SH I C:\hiberfil.sys

A SH C:\pagefile.sys

(Note that ATTRIB doesn’t generally work with absolute file paths – for most applications of the command, you will have to use it in the current directory.)

As you can see, this is a listing of the root directory of a C drive, and the files’ attributes are listed on the left side of the screen, with A for Archive, S for System, H for Hidden, and R for Read-only.

(The I attribute for the C:\hiberfil.sys attribute is a rare one – it simply means a file should not be listed by Windows’s built-in indexing for file search. Most regular users, and a good many administrators, will have no need for this attribute.)

CHANGING FILE ATTRIBUTES

You can also use the ATTRIB command to change a file’s attributes. For instance, if you wanted to mark the test.txt file as Read-only, you would use this command:

ATTRIB +R test.txt

And if you later changed your mind and wanted to remove the Read-only attribute, you would type this command:

ATTRIB –R test.txt

You can also change more than one attribute at the same time. Let’s say you wanted to mark test.txt both as a Hidden file and as a Read-only file. Rather than typing the ATTRIB command twice, you can change both attributes at once:

ATTRIB +R +H test.txt.

And you can also remove both attributes simulatenously:

ATTRIB –R –H test.txt

Using the plus sign (+), the minus sign (-), and the one-letter codes for the four attributes, you can change the attributes on files at your leisure.

THE SIX NTFS PERMISSIONS

While file attributes are useful, they are obsolete – they’re a holdover from the old days of DOS. NTFS file and directory permissions allow you to exercise more powerful and more granular control over individual files. In essence, NTFS permissions allow you to mark a file as Read-only, but only for certain users – other users might have permission to modify and even delete the file. And this is only the beginning of what you can do with NTFS permissions.

First, though, what is NTFS? NTFS stands for “New Technology File System.” (A “file system” is a method for organizing the information on a hard disk so the operating system and applications can find it easily.) Microsoft began working on NTFS in the early 1990s as a replacement for the older File Allocation Table (FAT) file system. NTFS has numerous advantages over FAT – it supports larger disk sizes, larger file sizes, is generally faster, and permits you to use NTFS permissions.

But what are NTFS permissions? NTFS permissions are a way of granting specific users specific permissions to files. Let’s say that you have two users on a system – Caina Amalas (with a username of camalas) and Lucan Maraeus (with a username of lmaraeus). If you have a file or a directory, you can set different permissions for the two users. You could give camalas full control over the file, while giving lmaraeus permission to only read the file.

There are six major NTFS permissions. Each of the “big six” are composed of many smaller permissions, but for the purposes of most users and administrators, the six major permissions are enough. They are:

-List Folder Contents. This lets a user see the files in a specific directory, but not necessarily open, run, or modify them. To put it simply, a user can use the DIR command to list the files in a directory, but can do nothing with them.

-Read. This lets a user view the contents of a file. Note that if it’s a program file, the user cannot run it – he needs the Read & Execute permission for that. Needless to say, the user will not be able to delete and modify any files.

-Read & Execute. This gives the user permission to run an executable file, but not permission to modify or delete it.

-Write. This lets a user both read and make changes to a file. However, the user still cannot delete the file. (Of course, a user could erase all the text or data in the file, leaving the file blank, but he cannot delete the file entirely.) If a directory has the write permission, it allows the user to add files to it.

-Modify. The modify permission allows a user to read, make changes to, run as a program, and delete a file. Basically, the user can do everything to file except change its permissions or change its ownership.

-Full control. The user can do any action to a file – deleting it, modifying it, and changing its ownership and permissions.

You’ll notice that the higher permissions are a superset of the preceding permissions. Modify is a combination of Write, Read & Execute, and Read, while Full Control is a combination of the previous five permissions. The full list of the permissions for a file or a directory is called its ACL – its Access Control List.

LISTING AND CHANGING NTFS PERMISSIONS

Listing and changing a file’s or a directory’s NTFS permissions from the Command Prompt uses the same command – the ICACLS command. The ICACLS command is extremely complicated, and has several screens worth of options and command switches – you could write an entire short book about ICACLS on its own. However, here we’ll discuss how to use ICACLS to do some basic permission changes.

To find out the NTFS permissions of a file named test.txt, use this command:

ICACLS test.txt

The command should produce output that looks something like this:

test.txt NT AUTHORITY\SYSTEM:(I)(F)

BUILTIN\Administrators:(I)(F)

SYSTEMNAME\USERNAME:(I)(F)

The first line shows the name of the file, test.txt. It also shows NT AUTHORITY\SYSTEM, which is one of the groups built into your system. The I in parentheses after the group name means that the file is inheriting its permissions from a parent folder. (In NTFS permissions, “inheritance” means that you can set the permissions on one directory, and then any subdirectories or files created in that directory “inherit” its permissions. Generally, it’s a good idea never to disable inheritance unless you have a really good idea, since disabled inheritance can cause all kinds of confusing permissions-related errors.) The F in parentheses means that NT AUTHORITY\System has the Full Control permission for the file.

The next two lines show the groups that have access to the file. The BUILTIN\Administrators group likewise has full control. After that, you’ll see a list of users that have access to the file. In this example, SYSTEMNAME\USERNAME is a placeholder for how an entry would look – SYSTEMNAME would be the name of either the local computer or the domain (if the computer is a member of an Active Directory domain) and USERNAME would be the actual username of the user involved.

ICACLS uses one-letter codes to represent the rights as user has to a file.

-N, a user has no access to the file.

-F, a user has full access to the file.

-M, a user has the right to modify the file (this includes the right to delete it).

-RX, a user has the right to read the file and run it as a program, if it’s executable.

-R, a user has only read-only access to the file.

-W, write-only access, a user can make changes to the file, but cannot delete it.

-D, a user has the right to delete the file.

You can use ICACLS to change the permissions on a file. For instance, say you wanted to give the user account camalas full control over the test.txt file:

ICACLS text.txt /grant camalas:(F)

This will grant the camalas user account full control over the test.txt file.

Likewise, if you wanted to deny camalas full control over the file, you would use this command:

ICALCS text.txt /deny camalas:(F)

The camalas user account will then be unable to access the test.txt file at all.

An important note – in NTFS permissions, a Deny permission always overrides an Allow permission. For instance, if you were grant camalas the Read permission on test.txt, but also deny the camalas account the Full control permission, camalas would be unable to access test.txt in any way. This can be confusing because user accounts can belong to groups, which have their own permission sets, which can conflict with the individual file’s permission.

ICACLS is a complicated command, but you should now know the basics of changing permissions from the Command Prompt.

Working with directories

Chapter 4 - Working with directories

We've already mentioned directories quite a few times in this book. In this chapter, we'll discuss commands for moving from directory to directory, for listing directory contents, creating directories, and deleting directories. With these commands, you will have a thorough knowledge of how to work with directories from the Windows Command Prompt.

CHANGING DIRECTORIES

In the previous chapter, we discussed how the prompt changes as you move from directory to directory. But how exactly do you move from directory to directory in the command line? It's not as if you can click on an icon, after all. Fortunately, the command to change the current directory is quick and easy to type - the CD command, which stands for "change directory." For instance, if Command Prompt is in the root (\) directory of C, and you wanted to change to the Users directory, you would type this command:

CD Users

Once you're in the C:\Users directory, if you wanted to move back up to the root directory, you would use this command:

CD ..

Typing the "CD .." command moves you up one directory level. If you're in C:\Windows\system32, the "CD .." command will move you up to C:\Windows. If you're in C:\Windows, "CD .." will move you up to the root directory.

The CD command will let you move to any subdirectories immediately below the level of the current directory. For instance, if you're in the root directory, you need only type "CD Windows" or "CD Users" to change to the Windows directory or the Users directory.

However, CD will not let you jump to a subdirectory two levels down from your current directory. To do that, you'll need to use the full path of the directory to which you want to move. Let's say you are in the root directory of C, and you want to change to C:\Windows\system32. You could type "CD Windows", and then once you're in C:\Windows, "CD system32." However, it might be quicker just to type this:

CD \Windows\system32

With tab completion, it is definitely quicker to use the full path.

LISTING DIRECTORY CONTENTS

Once you've changed your location to a new directory, the next step is to see the contents of the directory. And you can do that with the DIR command. The DIR command, entered without any switches, displays a list of the files and subdirectories in the current directory. For instance, if you're in the root directory of your C drive, and you type the DIR command, the output will look something like this:

07/13/2009 10:20 PM <DIR> PerfLogs

08/16/2011 05:34 PM <DIR> Program Files

08/12/2011 10:13 PM <DIR> Program Files (x86)

03/08/2011 09:44 PM 6,276 shared.log

08/21/2010 10:43 PM <DIR> SIERRA

04/20/2010 08:00 PM <DIR> Users

11/07/2007 08:00 AM 5,686 vcredist.bmp

11/07/2007 08:50 AM 1,927,956 VC_RED.cab

11/07/2007 08:53 AM 242,176 VC_RED.MSI

07/30/2011 11:08 PM <DIR> Windows

25 File(s) 3,953,909 bytes

6 Dir(s) 811,349,843,968 bytes free

The default output of the DIR command produces five columns of information. The first column displays a list of dates - these dates show the last time the file was modified. The second column shows a list of times. This is called a timestamp - it shows the last time the file was modified, and together with the information of the first column, indicates both the date and the time that the file was last changed. The third column is only used if the file listed is in fact a directory - if you see a <DIR> in the line, that means the line belongs to a subdirectory, not a file. The fourth column is only used if the entry actually belongs to a file - the number is the size (in bytes) of the listed file. (To find its size in megabytes, divide the number by 1024.) The final column lists the names of the files and subdirectories in the current directory.

Without any switches, the DIR command only lists the contents if the current directory. If you're in the root directory of C, but you want to list the contents of C:\Windows\system32, you might use the CD command to change the current directory to C:\Windows\system32, and use the DIR command from there. However, the DIR command supports absolute paths:

DIR C:\Windows\system32

Type that command, and DIR will list the contents of the C:\Windows\system32 directory. If you use the absolute path of any directory with the command, DIR will list the contents of that directory, regardless of the directory you currently occupy, if you have proper NTFS permissions to the directory (we'll discuss permissions more in Chapter 5).

As you have seen, the DIR command presents a variety of useful information. Using command switches, you can alter the information DIR displays and view additional data.

The most common switch used with DIR is the /P switch. Let's say you type this command:

DIR C:\Windows\system32

If you do, the results of the command will quickly scroll out of sight. To prevent this, use the command with a slight alteration:

DIR C:\Windows\system32 /P

Instead of scrolling off the top of the Command Prompt window, DIR will instead display the results one screen at a time. Once you've finished examining a screen of information, press any key to scroll to the next screen of information. Keeping pressing keys until you reach the end of the list and return to the prompt. (Alternatively, you can press CTRL-C to cancel the command and return to the prompt.)

The /A switch is another useful option for the DIR command. Type this command in your home directory:

DIR /A

You'll probably see a lot more files than you usually do.

The /A switch does two things. First, it lets you see any hidden files in a particular directory. When a file is "hidden", it has (as you might expect) the hidden attribute set, which means it doesn't show up in Windows Explorer and doesn't appear in the default output for the DIR command. (We'll discuss file attributes more in Chapter 5.)

Second, you can also use the /A switch to look for files that have specific file attributes enabled. For instance, if you wanted to see only hidden files in the current directory, you would use this command:

DIR /AH

To see only files that have the system attribute set:

DIR /AS

To see only files that have the read-only attribute set:

DIR /AR

To see only directories (this switch will list any subdirectories in the current directory, but no files):

DIR /AD

It is possible to mix and match the additional letter after the /A switch. For example, if you wanted to view only directories that were hidden:

DIR /AHD

Another useful option for the DIR command is the /X switch. For the default DIR command, the output looks something like this:

11/07/2007 08:00 AM 17,734 eula.1028.txt

11/07/2007 08:00 AM 17,734 eula.1031.txt

11/07/2007 08:00 AM 10,134 eula.1033.txt

11/07/2007 08:00 AM 17,734 eula.1036.txt

11/07/2007 08:00 AM 17,734 eula.1040.txt

11/07/2007 08:00 AM 118 eula.1041.txt

11/07/2007 08:00 AM 17,734 eula.1042.txt

11/07/2007 08:00 AM 17,734 eula.2052.txt

11/07/2007 08:00 AM 17,734 eula.3082.txt

However, if you were to use the DIR /X command in the same directory, the output would instead look like this:

11/07/2007 08:00 AM 17,734 EULA10~1.TXT eula.1028.txt

11/07/2007 08:00 AM 17,734 EULA10~2.TXT eula.1031.txt

11/07/2007 08:00 AM 10,134 EULA10~3.TXT eula.1033.txt

11/07/2007 08:00 AM 17,734 EULA10~4.TXT eula.1036.txt

11/07/2007 08:00 AM 17,734 EUD159~1.TXT eula.1040.txt

11/07/2007 08:00 AM 118 EUFCB1~1.TXT eula.1041.txt

11/07/2007 08:00 AM 17,734 EU37E0~1.TXT eula.1042.txt

11/07/2007 08:00 AM 17,734 EULA20~1.TXT eula.2052.txt

11/07/2007 08:00 AM 17,734 EULA30~1.TXT eula.3082.txt

You'll notice the extra, trunucated file names before the main filename at the end of the row. As we mentioned in Chapter 1, these are "8.3 filenames", shorter versions of the longer file names used in Windows. You can use the DIR /X command to find these shorter 8.3 filenames.

Why would you need to know these? There are a few situations where knowing the shorter filenames would come in handy. Certain kinds of batch files, for instance, can't handle spaces in file names. Knowing the file's 8.3 name would let you use it in a batch file. Furthermore, some older applications cannot handle long file names, in which case you would need to know the 8.3 filenames in order to use the application.

The DIR command generates quite a lot of information, and you might want to sort it for easier readability. You can do this with the /O switch. By itself, DIR /O doesn't do very much - it simply lists any subdirectories alphabetically, and then any files in alphabetical order. Like DIR /A, the usefulness of DIR /O comes in the additional options you can use with /O.

If you wanted to list files by extension, you would use this command:

DIR /OE

This will list the files by type - all the DOC files (Word documents) would be listed together, all the JPEG files, and so forth.

To list the contents of a directory by size, use this command:

DIR /OS

This will list all the files in the directory, from the smallest to the largest.

If you want to list all the files in the directory by date, use this variant of the DIR /O command:

DIR /OD

This will list the files in the currently directory by age, with the oldest at the first of the list and the newest at the bottom of the list.

DIR /OS will list files by size, from smallest to largest, while DIR /OD will list files by age, from oldest to youngest, but what if you wanted to reverse the order? What if you wanted to list the files from largest to smallest and youngest to oldest? By prefixing a dash (-) to the options of DIR /O, you can reverse the order of the standard listing.

To list files by size, from largest to smallest, use this variant of the DIR command:

DIR /O-S

And to list files by their age, from youngest to oldest, use this variant of the DIR command:

DIR /O-D

Another useful switch with the DIR command is the /Q option. DIR /Q generates the usual output you’ve come to expect from the command, but with one additional piece of information – it also lists the owner of the files of the directory. In NTFS file permissions (we’ll discuss those more in Chapter 5), the owner of a file generally as full control over it, and can assign permissions to other users on the system or network. Using the DIR /Q command, you can find the owner of files from the command line, which is useful when deciding what NTFS permissions to assign (which we’ll also discuss in Chapter 5).

The DIR command, by default, only lists the files in the current directory. By modifying the command with the /S switch, DIR will list the contents of the current directory, as well as the contents of any subdirectories – as well as the contents of any subdirectories within those subdirectories. So as you can imagine, DIR /S command often produces quite a considerable amount of output. In fact, if you use DIR /S in the root directory of your C drive, it will list every single file on your hard drive. Depending upon the speed of your computer and the size of your hard drive, it can sometimes take upward of five minutes to list all the files!

So DIR /S might seem like something of a novelty, but when used in conjunction with the wildcards feature, it is a powerful tool. "Wildcards" are characters that can represent multiple characters, or even all other possible characters. For instance, the question mark character (?) represents one potential character. Let's say you had a series of files in your current directory named Document1.doc, Document2.doc, and so forth up to Document9.doc. To use the question mark wildcard to view just these files, type this command:

DIR Document?.doc

This command will list every single file in the current directory that begins with "Document", has an extension of "doc", and has one additional character before the file extension.

Wildcards are even more useful when you use them with the asterisk (*) wildcard character. The question mark wildcard character only represents a single character. In the example above, the command will list Document1.doc through Document2. doc, but if there's a Document11.doc, the command will miss it, since the question mark wildcard character only represents a single character.

The asterisk, however, represents multiple characters. Let's say you use this command:

DIR *.doc

This command will list every single file with the extension of "doc" in the current directory. Used in combination with wildcard characters, the /S switch suddenly becomes useful. Let's say you wanted to find all the *.doc files on your computer. To do so, you would simply type this command:

DIR \*.doc /S

This command will list every single *.doc file on your system. Depending on the size of your hard drive and the number of *.doc files you have, this command might take some time to run. However, you can modify this further with additional combination of wildcards. For example, say you wanted to find every JPEG file on your system that has the word "beach" in the file name:

DIR \*beach*.jpeg /S

This command will list every JPEG file on your hard drive that has the word "beach" somewhere in its file name.

The DIR /S command, therefore, can be quite useful for finding files on your hard drive.

CREATING DIRECTORIES

Now that we've discussed how to list the contents of a directory, you might want to create one of your own. To create a directory named "storage", issue this command at the prompt:

MKDIR storage

This will create an empty directory named "storage" in the current directory. Naturally, if you want to create a directory someplace else than the current directory, you'll need to first use the CD command to change your location. Alternatively, the MKDIR command supports using absolute file paths. So if you wanted to create a directory named "temp" in the root directory of your C drive, you would use this command:

MKDIR C:\temp

Note that you can only create directories if you have NTFS permissions of Write or above in the target directory - we'll discuss NTFS permissions in the next chapter.

REMOVING DIRECTORIES

From time to time, a directory will outlive its usefulness, and you'll want to remove it. You can remove directories with the RMDIR command. In its default mode, RMDIR only removes directories if they're empty. Let's say you never used the C:\temp directory from the previous example, and you've decided to get rid of it. To remove the directory, use the RMDIR command:

RMDIR C:\temp

This will remove the "temp" directory.

However, if there are in fact files in the directory, you'll receive this error message:

The directory is not empty.

At this point, you have two options. First, you can enter the directory and manually delete any files and subdirectories inside. Or, you could use the RMDIR command with the /S switch to delete the directory, along with any files and subdirectories it contains. To delete C:\temp and any files or subdirectories it holds:

RMDIR /S C:\temp

Be very careful when using RMDIR with the /S switch! If you're not cautious, you can accidentally wipe out large chunks of your files.

Drive Letters and the File System

Chapter 2 - Drive Letters and the File System

If you've ever opened My Computer on Windows XP or Computer on Windows Vista or Windows 7, right away you've seen a large number of drives. Some of them might have been your computer's internal hard drives and optical drives. Others might have belonged to USB drives, like external hard drives or flash drives. Still others might have belonged to your computer's built-in media card reader, if your system has one. And if you have an old computer, you might even still have a letter assigned to a floppy drive, though floppy drives are becoming rarer and rarer. (Thankfully, in my opinion- floppy drives are slow and unreliable, and a $10 four gigabyte flash drive can hold the contents of roughly 1,500 three-and-a-half inch floppy disks.)

Before you can use the Command Prompt effectively, you need to understand how drive letters work, and how the Windows file system is laid out. We'll address both these topics in this chapter.

DRIVE LETTERS

In the Windows operating system, every physical drive (or logical partition on a physical drive – more on those in Chapter 9) is assigned a drive letter. For instance, your first hard drive might receive the letter C, your first optical drive the letter D, and so forth. This is different from Mac OS X and Linux, where additional drives generally show up as subfolders on the hard drive – usually in the /media or the /Volumes folder (a USB flash drive with a volume label of STORAGE would show up with a drive letter on a Windows system, but as the /Volumes/STORAGE directory on a Mac).

Why use drive letters? They provide a convenient way of finding which disk is holding a particular file. If you know that the full path to a file named Book.doc is C:\Storage\Book.doc file, then you know that the file is on the C drive, which is probably the first hard drive on your system.

Any drive can be assigned any letter. However, by tradition and convention (and in some cases technical requirements) certain letters usually get assigned to certain kinds of drives. The letters A and B are rarely used on modern Windows systems – in older DOS computers, the letters A and B were reserved for the first and second floppy drives in the system.

The letter C is almost always assigned to the first hard drive (or hard drive partition) in a system, generally the partition or hard drive where Windows is installed. On a modern computer, you can install Windows on any hard drive with any letter. However, it is usually best to install Windows on C, since many older (and badly-written) programs expect to find Windows on the C drive, and refuse to run if Windows is installed on any other drive letter.

The letter D, traditionally, is assigned to the first optical drive in the computer – a CD-ROM, DVD-ROM, CD-RW, or DVD-RW drive (or a drive that combines all four functions, as most modern drives do). However, on many modern laptops and desktops, the D drive is assigned to a recovery partition on the hard drive, which contains the files necessary to reinstall Windows from scratch in case of operating system corruption or irreparable virus damage. (Computer manufacturers started doing this to save on the cost of including a recovery DVD with the system.) If your system has a recovery partition on D, then your first optical drive will receive the letter of E.

After D and E, there is no generally agreed convention for which devices get which letters. As you add drives to your system, whether internal hard drives or removable USB flash drives and hard drives, Windows will assign them the next available letter. If you want a device to have a different letter, you can reassign the letter either using the Disk Management snap-in in the Computer Management console, or using the DISKPART command-line utility (more on DISKPART in Chapter 9).

THE PATH

As you work with the Command Prompt, you might notice that in order to run an executable file you need to either change to the directory containing a file, or type its full path at the prompt. However, for many of the built-in Windows commands, you can type the command in any directory, and Command Prompt will run it. Why is that?

This is something called the system path, or generally just the path, that Command Prompt uses to find commands. Basically, the path consists of a few directories set apart by Windows for storing commands. If you type a command at the prompt, Command Prompt searches the directories in the path for the command. If it doesn’t find the command in the path, it then checks the current directory. And if it doesn’t find the command there, it comes back with the usual error message:

FILENAME is not recognized as an internal or external command, operable program or batch file.

If you want to find out what your system’s path is, simply type the PATH command at the prompt:

PATH

The results will generally look something like this:

C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem

Command Prompt will search these three directories for commands. There might be other directories in your system’s path – installed programs sometimes add their directories to the path. You can also add directories to the path using the PATH command, though it’s best to do so sparingly. If you add too many commands to the path, Command Prompt will search them all to find a command, which can slow down system performance.

NETWORK DRIVES

From the days of Windows for Workgroups in the early 1990s, Windows has offered strong support for file sharing – accessing files stored in a shared folder on a remote server. It is possible to connect file shares to your computer and assign them a drive letter – a process called “drive mapping” or “mapping a network drive.” Once a shared folder has been mapped to your computer as a network drive, you can use it like any other kind of drive, copying files to and from it (though that may depend on your permissions to the shared folder). We’ll discuss network drives more in Chapter 10.

THE WINDOWS FILE SYSTEM

We’ve been talking about “directories”, but what do we mean by that term?

If you look at the root of your C drive through Windows Explorer, you’ll see a number of different folder icons. A “directory” is a virtual folder that allows you to sort and organize your files into different containers, so everything isn’t messily stored in just one folder. (In fact, in earlier versions of Windows, if you had too many items in your hard drive’s root directory, Windows mistakenly assumed that your hard drive had filled up!)

You could put additional directories inside directories – these directories within directories are called “subdirectories.” You can put additional subdirectories within those subdirectories, as many as you wish. If you think of the root directory of your hard drive (represented by the \ character) as the trunk of a tree, then the directories and their subdirectories are branches off the main trunk. In fact, Windows includes a command that lets you view the filesystem as a tree:

TREE

Type that command at the prompt, and you will see your filesystem represented as a tree. It will quickly scroll past your screen – the modern Windows operating system contains many thousands of directories and subdirectories. In the next section, we’ll talk about some of the more important directories on your computer’s hard drive.

IMPORTANT DIRECTORIES

If you go to the root directory of your C drive (or the drive where Windows is installed), you should see a few directories. The most important of the directories is C:\Windows, which contains the system files that make up Windows itself. The Windows directory also contains the C:\Windows\system32 directory, which holds a number of important components and utilities for Windows itself. Do not delete any of the files in this directory! Doing so can disable important parts of Windows, and may even render your system unbootable.

Also in the root directory of your C drive is the C:\Program Files folder. By default, your system’s applications install themselves here. If your computer runs a 64-bit version of Windows, you’ll also have a C:\Program Files (x86) folder, where Windows installs any 32-bit software programs. All 64-bit applications will go into the regular C:\Program Files folder on a 64-bit Windows system. If you need to uninstall a program, it’s a bad idea to simply go into the C:\Program Files directory and start deleting files – you will get better results by uninstalling an application using the Programs and Features item in Control Panel.

The C:\Program Data directory is hidden, but contains a number of application data files and system data files. For instance, all the Start Menu shortcuts are stored in C:\ProgramData\Microsoft\Windows\Start Menu\Programs. Unless you know what you’re doing, it’s not a good idea to delete or alter files in the C:\Program Data directory.

The root directory of C also holds the C:\Users folder. This folder contains the user profiles – the personal data – of every user who logs into the system. Go into the C:\Users folder, and you will see folders named for every user account on the system. Inside each of those folders, you will see the profile folders for the user – their Desktop folder, which holds the files on their Desktop, their Documents folder, their Pictures folder, and so forth. There are also a number of hidden directories that contain application settings, data files, user preferences, and similar files.

Generally, when working on a computer, it is always a good idea to back up the contents of the C:\Users directory. Especially if it is the personal machine of a technically unskilled user – the user will almost always claim that he or she doesn’t “have anything important” on the machine if you need to wipe the hard drive and reinstall Windows. Nevertheless, if you do wipe the machine and reinstall Windows, a few weeks later the user will become irate when he notices that “all his stuff is missing” – and of course the user has no backup copies! It is therefore always a good idea to back up the C:\Users directory when repairing a Windows computer.