DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

Windows & Unix:Important Commands

— ny_wk

Windows & Unix:Important Commands

This Windows and Linux sysadmin commands reference covers the day-to-day tools every system administrator needs — hardware discovery, package rollbacks, time sync, remote reboots, and disk reporting — with the correct, copy-paste-ready syntax and the gotchas that bite people in production.

Memorizing a handful of essential sysadmin commands is the difference between a five-minute fix and a long outage. The list below is organized by task so you can jump straight to what you need, whether you live in a Bash shell on Red Hat Enterprise Linux or in cmd.exe on Windows Server. Every command has been verified against current behavior, and where the popular shorthand is wrong or dangerous, the corrected version is shown.

Linux system administration commands

Most of these run on RHEL, CentOS Stream, Rocky, AlmaLinux, Fedora, and Debian/Ubuntu with minor differences (notably yum/dnf vs apt). Run anything that touches kernel state, packages, or power as root or via sudo.

Identify the hardware and platform

When you log into an unfamiliar box, the first job is figuring out what it actually is — physical server, virtual machine, or cloud instance.

  • dmidecode -s system-product-name — reads the SMBIOS/DMI table and prints the product name. On a VM you will see strings like VMware Virtual Platform, VirtualBox, or KVM; on bare metal you get the vendor model (e.g. PowerEdge R740). Other useful keys are system-manufacturer and system-serial-number.
  • lspci | grep -i vmware — lists PCI devices and filters for VMware-specific hardware. A match (such as a VMware SVGA or VMXNET adapter) confirms you are inside a VMware guest. Swap the pattern for virtio, red hat, or xen to detect KVM/Xen guests.
  • lsb_release -a — shows the distribution name, release number, and codename. If the command is missing, install redhat-lsb-core (RHEL) or read cat /etc/os-release, which is the modern, dependency-free equivalent.
  • uname -a — kernel version, hostname, and architecture in one line.

Inspect disks, files, and inodes

  • df -Ph — disk free space, POSIX output format with human-readable sizes (e.g. 20G, 512M). The -P flag forces one line per filesystem so the output is safe to parse in scripts.
  • stat file — full metadata for a file: size, permissions, owner, and the three timestamps (access, modify, change). To see just the inode number, use ls -il file or stat -c '%i' file.
  • ldd /path/to/binary — prints the shared-library dependencies an executable needs at runtime. If a program fails with a "cannot open shared object file" error, ldd shows exactly which library is missing.

Convert line endings and capture sessions

  • dos2unix file — strips Windows carriage returns (\r\n\n) so a script edited on Windows runs cleanly under Bash. The reverse is unix2dos. A missing-package fallback is sed -i 's/\r$//' file.
  • script -a /tmp/filename — records everything printed to your terminal into a typescript file; -a appends rather than overwriting. Type exit to stop recording. This is invaluable for capturing the exact output of a change for a ticket or audit trail.
  • tty — prints the terminal device file (e.g. /dev/pts/0) for the current session.

Keep jobs running after logout

To launch a long-running script that survives your SSH session disconnecting:

  1. Run it detached and redirect output: nohup ./script.sh > run.log 2>&1 &
  2. Confirm it is alive: jobs -l or ps -ef | grep script.sh
  3. For anything that must survive a closed terminal AND be re-attachable, prefer tmux or screen instead of nohup.

Note: a bare nohup ./script.sh & still writes stdout to nohup.out in the current directory, which can fill a disk on a chatty script — always redirect explicitly.

Kernel modules

  • lsmod — lists currently loaded kernel modules and their dependencies.
  • modinfo <module> — shows a module's description, parameters, and file path.
  • modprobe <module> — loads a module and its dependencies (preferred over the lower-level insmod); modprobe -r <module> removes it.

Time synchronization (NTP)

  • ntpq -pn — queries the running NTP daemon and lists its peers; -n shows numeric IPs instead of resolving hostnames. The peer marked with an asterisk (*) is the currently selected sync source.
  • ntpdate <server> — a one-shot manual time set (the command is ntpdate, not ntpupdate). Stop the ntpd service first, because ntpdate will refuse to step the clock while the daemon holds the NTP port.
  • On modern systems ntpd/ntpdate are deprecated in favor of chrony. The current equivalents are chronyc sources -v (peer list) and chronyc makestep (force an immediate correction).

RPC and service management

  • rpcinfo -p — lists RPC services registered with the portmapper/rpcbind (NFS, NIS, etc.) and the ports they listen on.
  • ntsysv — a curses menu to toggle services on or off per runlevel; ntsysv --level 3 targets runlevel 3 specifically (note the space). On systemd-based releases this is legacy — use systemctl enable/disable <service> instead.

Package management and safe rollbacks (yum/dnf)

One of the most important Linux system administration commands skills is being able to undo a bad update. RHEL-family systems keep a full transaction history you can replay or reverse.

Updating while protecting the kernel

yum update -x kernel* — applies all updates but excludes the kernel packages. This is common on servers where a kernel change requires a scheduled reboot and revalidation. Use the glob kernel* so related packages (kernel-headers, kernel-devel) are also held. The same flag works with dnf update -x kernel*.

Reviewing and undoing transactions

CommandWhat it does
yum historyLists past transactions with an ID, date, and action summary.
yum history info 46Shows exactly which packages were installed, updated, or removed in transaction 46.
yum history undo 46Reverses only transaction 46 (undo this one change).
yum history rollback 46Rolls the system back to the state it was in right after transaction 46 — reversing every transaction newer than 46.
yum history repeat 46Re-applies the same actions that transaction 46 performed.

Pitfall: the difference between undo and rollback trips people up constantly. undo targets a single transaction; rollback targets everything after a point in time. Rolling back only works if the older package versions are still available in your enabled repositories or local cache.

RPM-level rollbacks and extraction

  • rpm2cpio package.rpm | cpio -idmv — extracts the contents of an RPM into the current directory without installing it. Use this to pull one file out of a package or inspect what it ships. (Modern flags: -i extract, -d create directories, -m preserve mtimes, -v verbose.)
  • rpm -Uvh --rollback '1 hour ago' and rpm -Uvh --rollback 'March 20' — the legacy RPM rollback feature, which reverts to package state at a given time. Modern equivalent: RPM rollback depends on repackaging that is disabled by default and effectively abandoned. On any current system use yum/dnf history rollback instead — it is the supported path.

Remotely force a reboot with Magic SysRq

When a Linux box has a read-only or wedged root filesystem and a clean reboot or shutdown hangs, the Magic SysRq kernel feature lets you trigger a hard reset over SSH — the software equivalent of the physical reset button.

  1. Enable SysRq for this session: # echo 1 > /proc/sys/kernel/sysrq
  2. Flush filesystem buffers to disk (skipped in the original shorthand, and the reason people lose data): # echo s > /proc/sysrq-trigger
  3. Remount everything read-only: # echo u > /proc/sysrq-trigger
  4. Immediately reboot the machine: # echo b > /proc/sysrq-trigger

The mnemonic for a safer emergency reboot is "Raising Elephants Is So Utterly Boring"R E I S U B (unraw, terminate, kill, sync, unmount, reboot). At minimum do S then B. echo b is a hard power-cycle with no graceful shutdown of services — this is genuinely a last resort, only when a clean shutdown will not work.

Essential Windows administration commands

On the Windows side, the same system administration commands tasks — inventory, reboot, remote access, and cleanup — are handled with wmic, systeminfo, shutdown, and mstsc. Run an elevated Command Prompt ("Run as administrator") for anything that reboots or queries another machine.

Hardware and OS inventory

  • wmic os get osarchitecture — reports 32-bit vs 64-bit; wmic os get Name prints the full edition string.
  • msinfo32 — opens the graphical System Information window (BIOS, RAM, CPU, drivers) — the richest single-pane inventory tool.
  • systeminfo | find /I "system type" — filters the systeminfo dump for architecture; /I makes the search case-insensitive.
  • systeminfo | findstr /C:"Total Physical Memory" — shows installed RAM. Use findstr /C: for a literal multi-word string (plain find needs the phrase in quotes too).

Modern note: wmic is deprecated by Microsoft and absent from fresh Windows 11/Server 2025 images. The PowerShell replacements are Get-CimInstance Win32_OperatingSystem | Select OSArchitecture, Caption and Get-ComputerInfo. Learn the PowerShell forms now — the wmic ones are living on borrowed time.

Reboot, local and remote

  • shutdown /r /t 10 — reboots (/r) after a 10-second timer (/t). Note the Windows syntax uses a forward slash and /r, not the Unix-style -r. Add /f to force-close apps and /m \\HOST to reboot a remote machine.
  • wmic os where primary=true call reboot — an alternative reboot via WMI that acts on the primary OS instance. The PowerShell equivalent is Restart-Computer -Force (add -ComputerName HOST for remote).

Remote desktop (RDP)

mstsc launches the Remote Desktop client. Useful switches:

  • mstsc /v:SERVER /f — connect to SERVER and open fullscreen.
  • mstsc /v:SERVER /admin — connect to the console/admin session (this replaced the old /console switch on Windows Vista and later; /console still parses but maps to /admin).

Replace SERVER with a real hostname or IP — a placeholder like 0.0.0.0 will not connect to anything.

Delete directories older than N days

To clean up stale folders on Windows there are two solid approaches. The native, no-extra-tools method uses forfiles:

  1. Preview what would be deleted: forfiles /P C:\backups /D -7 /C "cmd /c if @isdir==TRUE echo @path"
  2. When the list looks right, delete: forfiles /P C:\backups /D -7 /C "cmd /c if @isdir==TRUE rd /s /q @path"

The Unix-utilities-on-Windows version (from the original list, corrected) is: C:\bin\UnixUtils\find C:\backups -maxdepth 1 -type d -mtime +6 -exec C:\bin\UnixUtils\rm -rfv {} \; — the trailing \; must be escaped, and you must give find a starting path. Always run the preview first; rm -rf and rd /s /q delete without confirmation.

Common pitfalls and how to avoid them

  • Confusing undo with rollback. yum history undo reverses one transaction; rollback reverses everything since a point in time. Always run yum history info <id> first to confirm the blast radius.
  • Forgetting the sync before echo b. A bare reboot-trigger without echo s can lose un-flushed writes. Sync first, every time.
  • Typos in command names. It is ntpdate (not ntpupdate) and dmidecode (one word). The wrong name just returns "command not found" and wastes an outage minute.
  • Stopping ntpd before ntpdate. The daemon holds the UDP/123 port; the one-shot tool cannot step the clock until the service is stopped.
  • Relying on deprecated tools. wmic, ntpd/ntpdate, and RPM --rollback are end-of-life. Learn the modern equivalents (PowerShell CIM cmdlets, chrony, dnf history) so your runbooks survive the next OS upgrade.

Verification: confirm the change worked

Never assume a command succeeded — verify the resulting state:

  • After a yum rollback: rpm -q <package> shows the now-installed version, and yum history records the new reversing transaction.
  • After an NTP fix: ntpq -pn (or chronyc tracking) should show a selected peer and an offset near zero.
  • After a remote reboot: ping -t HOST (Windows) or ping HOST until it answers, then re-SSH/RDP and check uptime / systeminfo | find "System Boot Time".
  • After disk cleanup: re-run df -Ph (Linux) or dir C:\backups (Windows) to confirm the freed space and that only the intended folders are gone.

Key Takeaways

  • Identify the host first: dmidecode -s system-product-name and lspci on Linux, wmic os get / systeminfo on Windows reveal whether you are on metal, a VM, or in the cloud.
  • The transaction history is your safety net: yum history info/undo/rollback is the supported, modern way to reverse a bad update — RPM --rollback is effectively dead.
  • Magic SysRq is a true last resort: enable it, echo s to sync, echo u to remount read-only, then echo b to reset — never skip the sync.
  • Mind the syntax differences: Linux uses -r, Windows uses /r; find ... \; needs an escaped semicolon and a starting path.
  • Migrate off EOL tools: swap wmic for PowerShell CIM cmdlets, ntpdate for chrony, and lean on dnf history for rollbacks.

Frequently Asked Questions

How do I check if a Linux machine is a virtual machine?

Run dmidecode -s system-product-name — a VM returns strings like VMware Virtual Platform or KVM, while bare metal shows the vendor model. You can also use systemd-detect-virt, which prints the hypervisor name (or none) in one word.

What is the difference between yum history undo and rollback?

yum history undo <id> reverses the actions of that single transaction only. yum history rollback <id> returns the system to the state it was in immediately after that transaction, undoing every newer transaction in the process. Use undo for surgical fixes and rollback to return to a known-good point in time.

Is wmic still available on Windows 11 and Server 2025?

No — wmic is deprecated and removed from recent Windows builds (it is now an optional feature at best). Use PowerShell instead: Get-CimInstance Win32_OperatingSystem for OS details and Get-ComputerInfo for a full inventory. They return structured objects you can filter and script reliably.

How can I reboot a Linux server when the filesystem is read-only?

Use Magic SysRq over your existing SSH session: echo 1 > /proc/sys/kernel/sysrq to enable it, then echo s, echo u, and echo b into /proc/sysrq-trigger to sync, remount read-only, and hard-reboot. This bypasses the hung shutdown path and is the cleanest way to force a reset remotely.

For more hands-on Windows and Linux walkthroughs, subscribe to @explorenystream on YouTube.