Windows Command Line & PowerShell
Key Takeaways
- Command Prompt (cmd.exe) uses legacy DOS-style commands while PowerShell uses Verb-Noun cmdlets (Get-Process, Stop-Service) and pipelines for automation.
- File commands cd, dir, copy, xcopy, robocopy, md, rd, del, and ren handle navigation and file management; robocopy /mir mirrors directories and survives network interruptions.
- Repair commands run elevated: sfc /scannow fixes protected system files, DISM /Online /Cleanup-Image /RestoreHealth repairs the component store, and chkdsk /f /r fixes errors and bad sectors.
- When system files are corrupt, run DISM first to repair the source component store, then run sfc /scannow so it has a clean source to copy from.
- Many commands (sfc, DISM, diskpart, chkdsk on the system drive, net stop) require an elevated 'Run as administrator' prompt or they fail with access-denied.
Command Prompt Essentials
The Command Prompt (cmd.exe) is the legacy DOS-style shell. Many commands need an elevated session — right-click and choose Run as administrator, or they fail with "Access is denied."
File and directory commands
| Command | Purpose | Example |
|---|---|---|
| cd | Change directory (cd .. goes up) | cd C:\Users\Jo\Documents |
| dir | List contents (/a shows hidden) | dir /a |
| md / mkdir | Make a directory | md C:\Logs |
| rd / rmdir | Remove a directory (/s = contents) | rd C:\Old /s |
| copy | Copy a single file | copy a.txt D:\ |
| xcopy | Copy trees | xcopy C:\Src D:\Dst /s /e |
| robocopy | Robust mirror copy | robocopy C:\Src D:\Dst /mir |
| move / ren | Move or rename | ren old.txt new.txt |
| del | Delete files | del *.tmp |
| type / cls | Show file / clear screen | type readme.txt |
Why robocopy? For large data sets or flaky network shares, robocopy /mir mirrors a source to a destination, copies only changed files, retries on failure, and preserves attributes — far more reliable than copy or xcopy.
System and repair commands (elevated)
| Command | Purpose |
|---|---|
| sfc /scannow | Scan and repair protected system files |
| DISM /Online /Cleanup-Image /RestoreHealth | Repair the Windows component store |
| chkdsk C: /f /r | Fix file-system errors (/f) and locate bad sectors (/r) |
| shutdown /s /t 0 | Shut down now (/r restarts) |
| tasklist / taskkill /PID n /F | List / force-kill processes |
| systeminfo / winver | System details / Windows version |
| gpupdate /force / gpresult /r | Refresh / report applied Group Policy |
Disk and network commands
| Command | Purpose |
|---|---|
| diskpart | Interactive command-line disk management |
| format D: /FS:NTFS | Format a volume as NTFS |
| convert D: /FS:NTFS | Convert FAT32 to NTFS without data loss |
| ipconfig / ping / tracert / nslookup / netstat | Network diagnostics |
| net user / net share / net use Z: \SRV\Share | Accounts, shares, mapped drives |
System File Checker, DISM, and Order of Operations
This is the single most-tested troubleshooting sequence in the domain. System File Checker (sfc /scannow) replaces corrupt or missing protected OS files using copies from the local component store. If that store is itself damaged, sfc cannot repair and reports it could not fix some files.
DISM (Deployment Image Servicing and Management) with /Online /Cleanup-Image /RestoreHealth repairs the component store, pulling clean files from Windows Update.
Correct order: Run DISM /RestoreHealth first to heal the component store, then run sfc /scannow so it has a trustworthy source to copy from. Running sfc first on a corrupt store wastes time.
For disk-level corruption (bad sectors, file-table errors) the tool is chkdsk, not sfc. chkdsk C: /f /r schedules a check at next reboot because the system volume is locked while Windows runs.
PowerShell
PowerShell is the modern object-oriented shell built on .NET. Its commands are cmdlets in a strict Verb-Noun format, which makes them discoverable.
| Cmdlet | cmd equivalent | Purpose |
|---|---|---|
| Get-Process | tasklist | List processes |
| Stop-Process | taskkill | End a process |
| Get-Service / Start-Service / Stop-Service | net start/stop | Manage services |
| Get-ChildItem | dir | List items |
| Copy-Item / Remove-Item | copy / del | Copy / delete |
| Get-Help | help | Command help |
Key concepts:
- The pipeline (|) passes objects, not just text:
Get-Process | Sort-Object CPU -Descending. - Execution Policy governs whether scripts run:
Set-ExecutionPolicy RemoteSignedallows local scripts plus signed remote ones, a common secure default. - Because PowerShell handles .NET objects, you can filter and format properties directly rather than parsing screen text.
Elevation, Switches, and Common Exam Traps
The most frequent command-line mistake on the exam is forgetting elevation. Commands that touch protected system state — sfc, DISM, diskpart, chkdsk on the system volume, net stop/start of a service, and format of a system disk — must run in a prompt opened with Run as administrator. If a scenario says a technician ran sfc /scannow and got "You must be an administrator," the fix is not a different command; it is reopening the prompt elevated. Standard cmd and PowerShell windows run with the user's normal token and will refuse these operations.
Switches change behavior in ways the exam loves to test. For chkdsk, /f fixes file-system metadata while /r additionally scans for and recovers data from bad sectors (and implies /f); because /r reads the entire surface it is far slower. For xcopy and robocopy, the difference is durability: xcopy /s /e copies subdirectories (including empty ones with /e), whereas robocopy /mir mirrors a tree, deletes destination files no longer in the source, retries on failure, and is the right answer for large or networked transfers. For shutdown, /s shuts down, /r restarts, and /t 0 removes the countdown delay.
A subtle distinction is gpupdate versus gpresult. gpupdate /force re-applies Group Policy immediately, which you run after a policy change has not taken effect; gpresult /r only reports which policies currently apply, which you run to diagnose why a setting did or did not land. Confusing the two is a common wrong answer.
PowerShell vs. cmd choice: When a task is a one-off interactive command, either shell works, but anything involving filtering objects, scripting, or remote management favors PowerShell. A scenario that asks you to "get the top five processes by memory and stop one" is naturally a PowerShell pipeline (
Get-Process | Sort-Object WS -Descending), not a cmd task. Also recall that Set-ExecutionPolicy gates whether scripts run at all — a script that fails with "running scripts is disabled on this system" is an execution-policy problem, fixed with RemoteSigned, not a syntax error in the script.
A Windows PC shows file corruption errors. The technician runs sfc /scannow but it reports it could not repair some files. What should be done NEXT?
Which naming convention do PowerShell cmdlets follow?
The command to check the C: drive for file-system errors and fix them is: chkdsk C: /__
Type your answer below
A technician must reliably copy a large folder tree to a network share that occasionally drops the connection. Which command is BEST suited?