Windows & Unix:Important Commands
— ny_wk

This Windows and Linux sysadmin commands reference covers the day-to-day tools every system administrator needs — hardware discovery, package rollbacks, time sync, remote reboots, and disk reporting — with the correct, copy-paste-ready syntax and the gotchas that bite people in production.
Memorizing a handful of essential sysadmin commands is the difference between a five-minute fix and a long outage. The list below is organized by task so you can jump straight to what you need, whether you live in a Bash shell on Red Hat Enterprise Linux or in cmd.exe on Windows Server. Every command has been verified against current behavior, and where the popular shorthand is wrong or dangerous, the corrected version is shown.
Linux system administration commands
Most of these run on RHEL, CentOS Stream, Rocky, AlmaLinux, Fedora, and Debian/Ubuntu with minor differences (notably yum/dnf vs apt). Run anything that touches kernel state, packages, or power as root or via sudo.
Identify the hardware and platform
When you log into an unfamiliar box, the first job is figuring out what it actually is — physical server, virtual machine, or cloud instance.
dmidecode -s system-product-name— reads the SMBIOS/DMI table and prints the product name. On a VM you will see strings likeVMware Virtual Platform,VirtualBox, orKVM; on bare metal you get the vendor model (e.g.PowerEdge R740). Other useful keys aresystem-manufacturerandsystem-serial-number.lspci | grep -i vmware— lists PCI devices and filters for VMware-specific hardware. A match (such as a VMware SVGA or VMXNET adapter) confirms you are inside a VMware guest. Swap the pattern forvirtio,red hat, orxento detect KVM/Xen guests.lsb_release -a— shows the distribution name, release number, and codename. If the command is missing, installredhat-lsb-core(RHEL) or readcat /etc/os-release, which is the modern, dependency-free equivalent.uname -a— kernel version, hostname, and architecture in one line.
Inspect disks, files, and inodes
df -Ph— disk free space, POSIX output format with human-readable sizes (e.g.20G,512M). The-Pflag forces one line per filesystem so the output is safe to parse in scripts.stat file— full metadata for a file: size, permissions, owner, and the three timestamps (access, modify, change). To see just the inode number, usels -il fileorstat -c '%i' file.ldd /path/to/binary— prints the shared-library dependencies an executable needs at runtime. If a program fails with a "cannot open shared object file" error,lddshows exactly which library is missing.
Convert line endings and capture sessions
dos2unix file— strips Windows carriage returns (\r\n→\n) so a script edited on Windows runs cleanly under Bash. The reverse isunix2dos. A missing-package fallback issed -i 's/\r$//' file.script -a /tmp/filename— records everything printed to your terminal into a typescript file;-aappends rather than overwriting. Typeexitto stop recording. This is invaluable for capturing the exact output of a change for a ticket or audit trail.tty— prints the terminal device file (e.g./dev/pts/0) for the current session.
Keep jobs running after logout
To launch a long-running script that survives your SSH session disconnecting:
- Run it detached and redirect output:
nohup ./script.sh > run.log 2>&1 & - Confirm it is alive:
jobs -lorps -ef | grep script.sh - For anything that must survive a closed terminal AND be re-attachable, prefer
tmuxorscreeninstead ofnohup.
Note: a bare nohup ./script.sh & still writes stdout to nohup.out in the current directory, which can fill a disk on a chatty script — always redirect explicitly.
Kernel modules
lsmod— lists currently loaded kernel modules and their dependencies.modinfo <module>— shows a module's description, parameters, and file path.modprobe <module>— loads a module and its dependencies (preferred over the lower-levelinsmod);modprobe -r <module>removes it.
Time synchronization (NTP)
ntpq -pn— queries the running NTP daemon and lists its peers;-nshows numeric IPs instead of resolving hostnames. The peer marked with an asterisk (*) is the currently selected sync source.ntpdate <server>— a one-shot manual time set (the command isntpdate, notntpupdate). Stop thentpdservice first, becausentpdatewill refuse to step the clock while the daemon holds the NTP port.- On modern systems
ntpd/ntpdateare deprecated in favor of chrony. The current equivalents arechronyc sources -v(peer list) andchronyc makestep(force an immediate correction).
RPC and service management
rpcinfo -p— lists RPC services registered with the portmapper/rpcbind (NFS, NIS, etc.) and the ports they listen on.ntsysv— a curses menu to toggle services on or off per runlevel;ntsysv --level 3targets runlevel 3 specifically (note the space). On systemd-based releases this is legacy — usesystemctl enable/disable <service>instead.
Package management and safe rollbacks (yum/dnf)
One of the most important Linux system administration commands skills is being able to undo a bad update. RHEL-family systems keep a full transaction history you can replay or reverse.
Updating while protecting the kernel
yum update -x kernel* — applies all updates but excludes the kernel packages. This is common on servers where a kernel change requires a scheduled reboot and revalidation. Use the glob kernel* so related packages (kernel-headers, kernel-devel) are also held. The same flag works with dnf update -x kernel*.
Reviewing and undoing transactions
| Command | What it does |
yum history | Lists past transactions with an ID, date, and action summary. |
yum history info 46 | Shows exactly which packages were installed, updated, or removed in transaction 46. |
yum history undo 46 | Reverses only transaction 46 (undo this one change). |
yum history rollback 46 | Rolls the system back to the state it was in right after transaction 46 — reversing every transaction newer than 46. |
yum history repeat 46 | Re-applies the same actions that transaction 46 performed. |
Pitfall: the difference between undo and rollback trips people up constantly. undo targets a single transaction; rollback targets everything after a point in time. Rolling back only works if the older package versions are still available in your enabled repositories or local cache.
RPM-level rollbacks and extraction
rpm2cpio package.rpm | cpio -idmv— extracts the contents of an RPM into the current directory without installing it. Use this to pull one file out of a package or inspect what it ships. (Modern flags:-iextract,-dcreate directories,-mpreserve mtimes,-vverbose.)rpm -Uvh --rollback '1 hour ago'andrpm -Uvh --rollback 'March 20'— the legacy RPM rollback feature, which reverts to package state at a given time. Modern equivalent: RPM rollback depends on repackaging that is disabled by default and effectively abandoned. On any current system useyum/dnf history rollbackinstead — it is the supported path.
Remotely force a reboot with Magic SysRq
When a Linux box has a read-only or wedged root filesystem and a clean reboot or shutdown hangs, the Magic SysRq kernel feature lets you trigger a hard reset over SSH — the software equivalent of the physical reset button.
- Enable SysRq for this session:
# echo 1 > /proc/sys/kernel/sysrq - Flush filesystem buffers to disk (skipped in the original shorthand, and the reason people lose data):
# echo s > /proc/sysrq-trigger - Remount everything read-only:
# echo u > /proc/sysrq-trigger - Immediately reboot the machine:
# echo b > /proc/sysrq-trigger
The mnemonic for a safer emergency reboot is "Raising Elephants Is So Utterly Boring" → R E I S U B (unraw, terminate, kill, sync, unmount, reboot). At minimum do S then B. echo b is a hard power-cycle with no graceful shutdown of services — this is genuinely a last resort, only when a clean shutdown will not work.
Essential Windows administration commands
On the Windows side, the same system administration commands tasks — inventory, reboot, remote access, and cleanup — are handled with wmic, systeminfo, shutdown, and mstsc. Run an elevated Command Prompt ("Run as administrator") for anything that reboots or queries another machine.
Hardware and OS inventory
wmic os get osarchitecture— reports 32-bit vs 64-bit;wmic os get Nameprints the full edition string.msinfo32— opens the graphical System Information window (BIOS, RAM, CPU, drivers) — the richest single-pane inventory tool.systeminfo | find /I "system type"— filters thesysteminfodump for architecture;/Imakes the search case-insensitive.systeminfo | findstr /C:"Total Physical Memory"— shows installed RAM. Usefindstr /C:for a literal multi-word string (plainfindneeds the phrase in quotes too).
Modern note: wmic is deprecated by Microsoft and absent from fresh Windows 11/Server 2025 images. The PowerShell replacements are Get-CimInstance Win32_OperatingSystem | Select OSArchitecture, Caption and Get-ComputerInfo. Learn the PowerShell forms now — the wmic ones are living on borrowed time.
Reboot, local and remote
shutdown /r /t 10— reboots (/r) after a 10-second timer (/t). Note the Windows syntax uses a forward slash and/r, not the Unix-style-r. Add/fto force-close apps and/m \\HOSTto reboot a remote machine.wmic os where primary=true call reboot— an alternative reboot via WMI that acts on the primary OS instance. The PowerShell equivalent isRestart-Computer -Force(add-ComputerName HOSTfor remote).
Remote desktop (RDP)
mstsc launches the Remote Desktop client. Useful switches:
mstsc /v:SERVER /f— connect toSERVERand open fullscreen.mstsc /v:SERVER /admin— connect to the console/admin session (this replaced the old/consoleswitch on Windows Vista and later;/consolestill parses but maps to/admin).
Replace SERVER with a real hostname or IP — a placeholder like 0.0.0.0 will not connect to anything.
Delete directories older than N days
To clean up stale folders on Windows there are two solid approaches. The native, no-extra-tools method uses forfiles:
- Preview what would be deleted:
forfiles /P C:\backups /D -7 /C "cmd /c if @isdir==TRUE echo @path" - When the list looks right, delete:
forfiles /P C:\backups /D -7 /C "cmd /c if @isdir==TRUE rd /s /q @path"
The Unix-utilities-on-Windows version (from the original list, corrected) is: C:\bin\UnixUtils\find C:\backups -maxdepth 1 -type d -mtime +6 -exec C:\bin\UnixUtils\rm -rfv {} \; — the trailing \; must be escaped, and you must give find a starting path. Always run the preview first; rm -rf and rd /s /q delete without confirmation.
Common pitfalls and how to avoid them
- Confusing
undowithrollback.yum history undoreverses one transaction;rollbackreverses everything since a point in time. Always runyum history info <id>first to confirm the blast radius. - Forgetting the sync before
echo b. A bare reboot-trigger withoutecho scan lose un-flushed writes. Sync first, every time. - Typos in command names. It is
ntpdate(notntpupdate) anddmidecode(one word). The wrong name just returns "command not found" and wastes an outage minute. - Stopping
ntpdbeforentpdate. The daemon holds the UDP/123 port; the one-shot tool cannot step the clock until the service is stopped. - Relying on deprecated tools.
wmic,ntpd/ntpdate, and RPM--rollbackare end-of-life. Learn the modern equivalents (PowerShell CIM cmdlets,chrony,dnf history) so your runbooks survive the next OS upgrade.
Verification: confirm the change worked
Never assume a command succeeded — verify the resulting state:
- After a yum rollback:
rpm -q <package>shows the now-installed version, andyum historyrecords the new reversing transaction. - After an NTP fix:
ntpq -pn(orchronyc tracking) should show a selected peer and an offset near zero. - After a remote reboot:
ping -t HOST(Windows) orping HOSTuntil it answers, then re-SSH/RDP and checkuptime/systeminfo | find "System Boot Time". - After disk cleanup: re-run
df -Ph(Linux) ordir C:\backups(Windows) to confirm the freed space and that only the intended folders are gone.
Key Takeaways
- Identify the host first:
dmidecode -s system-product-nameandlspcion Linux,wmic os get/systeminfoon Windows reveal whether you are on metal, a VM, or in the cloud. - The transaction history is your safety net:
yum history info/undo/rollbackis the supported, modern way to reverse a bad update — RPM--rollbackis effectively dead. - Magic SysRq is a true last resort: enable it,
echo sto sync,echo uto remount read-only, thenecho bto reset — never skip the sync. - Mind the syntax differences: Linux uses
-r, Windows uses/r;find ... \;needs an escaped semicolon and a starting path. - Migrate off EOL tools: swap
wmicfor PowerShell CIM cmdlets,ntpdateforchrony, and lean ondnf historyfor rollbacks.
Frequently Asked Questions
How do I check if a Linux machine is a virtual machine?
Run dmidecode -s system-product-name — a VM returns strings like VMware Virtual Platform or KVM, while bare metal shows the vendor model. You can also use systemd-detect-virt, which prints the hypervisor name (or none) in one word.
What is the difference between yum history undo and rollback?
yum history undo <id> reverses the actions of that single transaction only. yum history rollback <id> returns the system to the state it was in immediately after that transaction, undoing every newer transaction in the process. Use undo for surgical fixes and rollback to return to a known-good point in time.
Is wmic still available on Windows 11 and Server 2025?
No — wmic is deprecated and removed from recent Windows builds (it is now an optional feature at best). Use PowerShell instead: Get-CimInstance Win32_OperatingSystem for OS details and Get-ComputerInfo for a full inventory. They return structured objects you can filter and script reliably.
How can I reboot a Linux server when the filesystem is read-only?
Use Magic SysRq over your existing SSH session: echo 1 > /proc/sys/kernel/sysrq to enable it, then echo s, echo u, and echo b into /proc/sysrq-trigger to sync, remount read-only, and hard-reboot. This bypasses the hung shutdown path and is the cleanest way to force a reset remotely.
For more hands-on Windows and Linux walkthroughs, subscribe to @explorenystream on YouTube.