1 files changed, 36 insertions, 9 deletions

diff --git a/docs/enterprise.md b/docs/enterprise.md
index 3f75ad14..8430cc99 100644
--- a/docs/enterprise.md
+++ b/docs/enterprise.md
@@ -8,7 +8,7 @@ While consumer users are generally directed toward [wireguard-installer.exe](htt
 
 ### Tunnel Service versus Manager Service and UI
 
-The "manager service" is responsible for displaying a UI on select users' desktops (in the system tray), and responding to requests from the UI to do things like add, remove, start, or stop tunnels. The "tunnel service" is a separate Windows service for each tunnel. These two services may be used together, or separately, as described below.
+The "manager service" is responsible for displaying a UI on select users' desktops (in the system tray), and responding to requests from the UI to do things like add, remove, start, or stop tunnels. The "tunnel service" is a separate Windows service for each tunnel. These two services may be used together, or separately, as described below. The various commands below will log errors and status to standard error, or, if standard error does not exist, to standard output.
 
 ### Tunnel Service
 
@@ -58,15 +58,24 @@ The manager service monitors `%ProgramFiles%\WireGuard\Data\Configurations\` for
 
 The UI is started in the system tray of all builtin Administrators when the manager service is running. A limited UI may also be started in the system tray of all builtin Network Configuration Operators, if the correct registry key is set. [See `adminregistry.md` for information.](adminregistry.md)
 
-By default, the manager stops existing tunnels when starting new tunnels, so that only one tunnel service is running at a time. This behavior may be disabled if the correct registry key is set. [See `adminregistry.md` for information.](adminregistry.md)
+### Diagnostic Logs
 
+The manager and all tunnel services produce diagnostic logs in a shared ringbuffer-based log. This is shown in the UI, and also can be dumped to standard out using the command:
 
-### Diagnostic Logs
+```text
+> wireguard /dumplog > C:\path\to\diagnostic\log.txt
+```
+
+Alternatively, the log can be tailed continuously, for passing it to logging services:
 
-The manager and all tunnel services produce diagnostic logs in a shared ringbuffer-based log. This is shown in the UI, and also can be dumped to a file using the command:
+```text
+> wireguard /dumplog /tail | log-ingest
+```
+
+Or it can be monitored in PowerShell by piping to `select`:
 
 ```text
-> wireguard /dumplog C:\path\to\diagnostic\log.txt
+PS> wireguard /dumplog /tail | select
 ```
 
 ### Updates
@@ -74,13 +83,31 @@ The manager and all tunnel services produce diagnostic logs in a shared ringbuff
 Administrators are notified of updates within the UI and can update from within the UI, but updates can also be invoked at the command line using the command:
 
 ```text
-> wireguard /update C:\path\to\update\log.txt
+> wireguard /update
+```
+
+Or, to log the status of that command:
+
+```text
+> wireguard /update 2> C:\path\to\update\log.txt
+```
+
+One could have Task Scheduler run it daily at 3am:
+
+```text
+> schtasks /create /f /ru SYSTEM /sc daily /tn "WireGuard Update" /tr "%PROGRAMFILES%\WireGuard\wireguard.exe /update" /st 03:00
 ```
 
-### Wintun Adapters
+### Driver Removal
+
+The tunnel service creates a network adapter at startup and destroys it at shutdown. If there are no more network adapters, the driver may be removed with:
+
+```text
+> wireguard /removedriver
+```
 
-The tunnel service creates a Wintun adapter at startup and destroys it at shutdown. It may be desirable, however, to remove all Wintun adapters created in WireGuard's pool and uninstall the driver if no other applications are using Wintun. This can be accomplished using the command:
+Or, to log the status of that command:
 
 ```text
-> wireguard /removealladapters C:\path\to\removal\log.txt
+> wireguard /removedriver 2> C:\path\to\removal\log.txt
 ```