Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1 Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1
Windows Client OS

Alternative Command Shells for Windows

I’ve used the command shell since the days of DOS 5.0. In these days, using the command line was a necessity since Windows was in its infancy. As Windows technology improved I never gave up my command line roots since I could automate many tasks using scripts which gave me more time to do other things.

However, I became more dissatisfied with the native Windows command shell. I learned to program the UNIX shell (bash to be specific) a bit and found it to be way more advanced than the Windows shell. I wanted this power under Windows and I eventually began to use a mixture of NT shell scripts with Perl programs.


Today there are more options available for Windows scripting than there were seven years ago when I started using Perl. Let’s explore a few of them.


PowerShell is a new command line shell designed to address many of the shortcomings of the NT command shell and Windows Scripting Host. It includes interactive and scripting command support and was created from the ground up with system administrators in mind.

PowerShell is available for Windows XP, 2003 Server and Vista.

Basic Powershell Usage

Using PowerShell is a bit different than any other command shell I have used. It is centered around the concept of cmdlets (command lets), which are commands that manipulate objects to perform a single task. Cmdlets may be combined to perform more complex tasks.

PowerShell Cmdlets typically consist of a verb noun pair that is separated by a hyphen (i.e. get-process). A large set of verbs (get, set, add, remove …) may be applied to many nouns (process, childitem, PSDrive…) to construct complex commands capable of performing many tasks. This strange syntax is consistent throughout PowerShell which eases the learning curve.

What does that mean to you as a PowerShell user? In regards to combining cmdlets, it means that you should now think of your scripts more in terms of the UNIX philosophy of many small programs combined to form larger more complex ones.

In regards to cmdlets passing objects around, it also means that unlike traditional shell scripts (or batch files as they are often called in the Windows world), PowerShell scripts do not manipulate unformed data and pass the results to other commands in textual format. PowerShell scripts behave like an object oriented programming language with the added capability of being able to execute arbitrary Windows commands.

Let’s see an example of typical shell command and its PowerShell equivalent.

dir | sort’ – Produces a directory listing sorted by date using traditional shell commands

get-childItem | sort-object -property date’ – Produces a directory listing sorted by date using PowerShell cmdlets.

This PowerShell syntax is obviously more verbose but it is also more powerful. In the PowerShell version of the command, the output of the get-childItem cmdlet is piped (using the | operator) into the input of sort-object cmdlet. This is how commands are combined.

However, the textual output of the cmdlet is not what is sent to sort-object, the object output is sent. This means that the sort command does not need to parse or interpret the information received from the dir command, it can operate on this input as a pre-parsed structured object. This is why the output of the PowerShell version of the command sorts properly while the traditional version does not.

The PowerShell distribution includes a Users Guide, a Getting Started Guide and a Reference Guide as well as extensive online help. There are also several books published about PowerShell. Use these resources to get up to speed on this new powerful tool.

Powershell Security

PowerShell scripts may be created by adding commands to a text file. These scripts are conceptually identical to good old traditional batch files with one major difference. These scripts will not run unless they are signed by a trusted certificate. This prevents code from un-trusted sources from executing in your Windows environment. This addresses the security shortcomings of Windows Scripting Host (WSH). WSH scripts are very powerful but ultimately insecure and led to a number of high profile virus outbreaks. Anyone remember the I Love You virus?


PowerShell is extensible and may be integrated into custom applications to provide an administrative scripting interface. It forms the administrative basis for several of the newer Microsoft product offerings including Microsoft Exchange 2007 and Virtual Machine Manager.

This is a huge improvement over cmd shell based applications since the only framework it provided was for console input and output.

Where to get Powershell

PowerShell is provided as a free download by Microsoft. There are different packages depending on which OS you are using.

How to Download Windows PowerShell 1.0


Cygwin is more than an alternative command prompt for Windows. It is a Linux like environment for Windows that allows the execution of Linux (and U*NIX) programs under Windows. It does this by providing a dynamically linked library (dll) that implements much of the Linux api. UNIX software can be compiled under Windows with Cygwin and linked against this dll. The UNIX software will think its running within a typical UNIX environment while it is instead being hosted under Windows.

Cygwin is available for Windows versions dating back Windows 95 all the way through to Windows Vista.

Basic Usage

Using the Cygwin Bash (Bourne Again Shell) shell is very similar to using a traditional Windows command prompt. Commands may be issued to the prompt interactively or save into a text file as a script. However, the scripting language and utilities provided by the prompt are different than the ones that ship with Windows.

ls –la’ – produce a directory listing similar to what the ‘dir /ah /b’ command provides

Commands in the Cygwin environment are case sensitive. This can take a bit of getting used to if you have worked mostly in a Windows environment.

Another thing to note is that UNIX has no notion of drive letters. The file system on a UNIX system is one continuous tree, whereas a Windows system may have as many file system trees as it has local and mapped drives.

Cygwin simulates a UNIX file system by mounting the local and mapped drives of the Windows host system under the /cygdrive/ mount point. Therefore the ‘C’ drive of a typical Windows computer would be located under /cygdrive/c within the Cygwin Bash shell.

The tools that ship with Cygwin will not allow you to easily access Windows facilities (i.e. the registry). But when used in combination with standard NT shell commands, Cygwin becomes very powerful.

For example Bash offers a full programming language with loops, conditional statements, regular expressions and much more. And Bash script commands may be mixed with regular operating system commands.

The Cygwin manual is available at the same location where you can download the software (see below). The official GNU Bash manual is available for free at I also recommend the book Unix in a Nutshell by Arnold Robbins (try Google Book Search).

Cygwin Security

Cygwin scripts behave more like batch files or WSH scripts in that their execution cannot be restricted based on a digital signature. However, bash scripts typically either have no file extension or have an extension of ‘sh’. Files with no extension cannot be launched in Windows with a double click (or if they can, I surely do not know how to do it). Files with an extension of ‘sh’ are not configured to execute in Windows. These facts lower the security risk of malicious code execution in your environment. But keep in mind that it is possible to wrap a call to a bash script inside of a standard batch file which could then be executed.

Cygwin ships with a number of server products such as the Apache web server and the PostgresQL relational database. Care should be taken to either 1) not install these packages or 2) consider the security implications of their installation.

However, if all you want is the bash shell for scripting purposes, do not install these unneeded services since they are all potential security risks.


Extending the functionality offered by Cygwin is similar to extending the functionality offered by the NT command shell. This amounts to writing a new utility that processes console input and’or output in addition to whatever other specialized application specific processing is done.

Where to get it

Cygwin is provided as a free download by RedHat. Visit the Cygwin website to obtain it.

Windows Services for UNIX (SFU)

SFU is Microsoft’s answer to Cygwin. It is a product that serves a very similar purpose; to help facilitate running UNIX programs on Windows. Microsoft hopes that you will not stop there, however. They would rather you use SFU as an intermediary step before you port your UNIX native application to Windows completely. Then SFU will no longer be needed for that application. SFU exists to make the process smoother and to woo UNIX developers to the Windows platform.

Why then do we care about this product if is aimed at UNIX developers? We care about it because it includes two UNIX command prompts and a host of UNIX utilities. These utilities can be used for scripting.

Basic Usage

SFU ships with the C shell and the Korn shell. Both of these shells offer similar benefits as those discussed with the Bash shell. They are also both well documented.


As with the Cygwin environment, commands in either of these shells are case sensitive. Also, the Windows file system will be presented as a single tree in the SFU environment just as with Cygwin. However, the mount point is different. SFU mounts all drives under /dev/fs/.

SFU is fairly well documented and includes sections on programming with C and Korn shell scripts. This information may be supplemented with any of the many good books on the subject. Again, I recommend checking out the book Unix in a Nutshell by Arnold Robbins.


When installing SFU, a prompt will appear asking if you want to alter windows policy settings to allow UNIX compatible permissions and case sensitivity. It will warn you that there are security implications for doing this. This is something you will need to consider for your environment before deciding to enable these settings.

SFU also includes a number of servers for NFS, NIS, telnet and others. These are all potential security risks and careful consideration must be taken before installing these services. Although installing these components is not necessary if you only want to get scripting functionality with the C and Korn shells. If scripting is your only purpose, it is best to not install these other services.


Again, the process of extending the services offered by this environment is similar to that of extending the Cygwin environment.

Where to Get it

SFU is available for free from Microsoft. Visit the SFU homepage to download it.


These are but a few of the command shell alternatives available to Windows administrators. Scripting is a powerful technique that I have used over the past decade to automate tasks and generally make my job easier to perform.

Recent Scripting Forum threads

Got a question? Post it on our Scripting Forum!

Related Topics:

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.