System Info
Whoami – returns the user’s login
name
Hostname – returns the computer name
Msconfig – GUI for configuring boot, services, startup…
Msinfo32 – GUI for info, including remote computers
Systeminfo – CLI tool for info
Net config workstation – CLI for host/user/domain/OS
info…
=Last restart/power on date=
net statistics workstation # For CMD
net stats work | find "Stat" # For CMD
net stats work | select-string "Stat" # PoSH
Get-CimInstance -ClassName win32_operatingsystem | select csname, lastbootuptime
systeminfo | Select-String "System Boot Time" # PoSH
systeminfo | find "Boot Time" # CMD
Sysdm.cpl – System properties (old way)
Win+Pause – System window (new way)
Echo
%username% logged on %computername% at %date%
Echo %username% logged on %computername
>> \\server\share\file
Remote commands
Mstsc /v:Server /admin
(/console)
Psexec \\Server CMD -
CLI remote connection
Change logon /Enable – execute after
Psexec
Change logon /Query – execute after
Psexec
Processes, Services, Sessions
=Services=
Sc queryex servicename
– finds
PID of an installed service
Sc config servicename start= disabled
- change service startup type
Sc config servicename start= auto - change
service startup type
=Processes=
Taskkill /pid PID /F
– kills a process by PID
Taskkill /t /IM processname /F – kills a process with its
children (/t)
Tasklist /svc /fo list | more – shows all processes on a computer
Tasklist | findstr processname – finds PID of a started process
Taskkill /FI "memusage gt 102400" /F –
kills RAM processes <100mb
=Sessions=
Query session /SERVER:server
– queries sessions for PID
Quser /SERVER:server – queries
sessions + info of a user’s logon time
Reset session PID /SERVER:server –
kills session by PID
Rwinsta PID /SERVER:server –
kills session by PID
Logoff PID /SERVER:server –
kills session by PID
For /F "Tokens=*" %a in
(Servers.txt) Do Logoff – kills the number
of sessions with a text file
NTFS Permissions
takeown /f D:\test /A /R /D Y – grants ownership to the Admins group (/A)
recursively (/R) with Yes answer (/D Y). Can use UNC path.
iCacls D:\test /setowner
"Administrators" /T /C –
grants ownership
iCacls D:\test /grant Administrators:(OI)(CI)M
/F /T /C –
Modify prm
iCacls D:\test /remove
"Administrators" /T /C –
removes user recurs.
‘Previous commands’ | find /I “denied”
>> C:\err.log –
makes log file
Windows Update troubleshooting
Wuauclt /resetauthorization /detectnow
/updatenow
Net stop wuauserv => del C:\Windows\SoftwareDistribution => start
Netsh winhttp reset proxy
WSReset.exe – clears & resets
Windows Store cache on Win8.1/10
Network
=Basic commands=
Firewall local state - netsh advfirewall
show allprofiles
Firewall remote state (PoSH) - Invoke-Command -ComputerName [ComputerName] -ScriptBlock {netsh advfirewall
show allprofiles}
Allow WMI (PoSH)- netsh firewall
set service RemoteAdmin enable
Tracert hostname – traces path by given
IP
Pathping hostname – traces path by given
IP + localhost + statistics
=Checking MAC address=
Getmac – shows
MAC address of a local computer
Getmac /s server – MAC address of a remote
computer
Ping Server (then) Arp -a – MAC address of a remote
computer
=DNS commands=
Nslookup computer – DNS info about some host (external
command)
> server 4.4.8.8 – changes DNS server to be used
(internal command)
Nslookup –q=MX <host>
<DNS server> – changes default record type
Dnscmd server
/statistics > D:\filename – DNS info
Telnet install
Telnet install Cmd - Pkgmgr
/iu:"TelnetClient"
PowerShell - Install-WindowsFeature -name Telnet-Client
DISM /online /Enable-Feature /FeatureName:TelnetClient
Netstat commands
Netstat –
shows open TCP ports in the form of server:port
Netstat -a – adds UDP ports
Netstat -o – shows PID (not in Win2000)
Netstat -b – displays involved EXE
files
Netstat -ao – shows TCP/UDP ports
and PIDs
Netstat –n 5 – shows output every 5 seconds
Netstat –a | find "135" – shows process that listens
on port 135
Netstat –a | find "established" – shows established
process
(possible parameters: listening/established/time_wait/close_wait)
Netstat –ao | find “192.168” – shows processes
with PID
Netsh commands
Netsh winsock reset – resets IP stack
Netsh int ip reset anyfile.txt
– resets
IP stack
Netsh advf set allp state off –
disable FW with CMD
Netsh interface tcp show
global – general TCP info
Netsh –r interface ip show
interfaces – local info about net interfaces
Netsh –r server interface
ip show interfaces – remote interfaces info
=Solving network speed
problems=
Netsh interface tcp show global
(Look for "Receive Window Auto-Tuning Level". You should see normal.)
Netsh interface tcp set global
autotuning=disabled
Netsh interface tcp set global
autotuning=normal
Netsh interface tcp set global
rss=disabled
Netsh interface tcp set global
rss=enabled
Active Directory
Repadmin /showrepl – shows AD
replication
Repadmin /syncall Server.dom.com – activates AD replication
Ldp.exe – GUI view on Active Directory
Set logonserver –
DC authenticated the *User*
Echo %logonserver% – DC authenticated the *User*
Nltest /query /SERVER:server
– queries netlogon
service status
Nltest /SERVER:server /finduser:username – user Domain & DC Nltest /DCLIST:Domain – list of DCs in Domain
Nltest /DSGETDC:Domain – DC authenticated the *Computer*
Exchange Server (Powershell)
=Show all organizational databases=
Get-MailboxDatabase
–STATUS
Get-MailboxDatabase
–STATUS | format-table name,mounted,backupinprogress,onlinemaintenanceprogress
Get-MailboxDatabase
– STATUS | select servername,name,databasesize
Get-MailboxDatabase – STATUS | select servername,name,databasesize |
Sort-Object Name -Descending
Get-MailboxDatabase – STATUS | select servername,name,databasesize |
Sort-Object DatabaseSize –Descending
=Show databases on the
particular Exchange Server=
Get-MailboxDatabase
–SERVER servername
Get-MailboxDatabase
–SERVER servername –Status | format-table name,mounted,backupinprogress
Get-MailboxDatabaseCopyStatus
–SERVER servername
=Check status of the
particular database=
Get-MailboxDatabase
dbname
=Check the date of Exchange
Last Full Backup=
Get-MailboxServer
| Get-MailboxDatabaseCopyStatus | ft name,latestfull*
Get-MailboxDatabase
–SERVER server -status | fl name,
*fullbackup
=Product key=
Entering a
product key (GUI) - Slui
Entering a
product key (CMD) - slmgr -ipk XXXXX-XXXXX
Check
activating status - slmgr /xpr
Check license status
- slmgr /dli
=How to add Windows Backup
feature=
Import-Module
ServerManager ; Add-WindowsFeature Backup
Additional commands
=Enable Remoting=
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
=Enable LUA UAC from CMD (reboot)=
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
/v EnableLUA /t REG_DWORD /d 1 /f
=Add computer to domain (PoSH)=
Add-Computer -DomainName DOM.Local -Credential DOM\Admin
-restart -force
=Check CMD status =
sc.exe query lanmanworkstation (should only show MRxSmb20)
=Enable SMBv1 with CMD=
dism /online /enable-feature /featurename:SMB1Protocol-Server
=ENABLE SMB1 with PoSH=
Enable-WindowsOptionalFeature -Online -FeatureName
"SMB1Protocol-Client" -All
=Disable SMBv1 CMD=
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled
=Uninstall app with CMD=
wmic product get
description | findstr /C:"Unlocker"
wmic product where "description='Unlocker' " uninstall
or enter to wmic
wmic
product get name
product where
name="Unlocker" call uninstall (needs
exact name)
=Syncing computer time with
DC=
w32tm /config
/syncfromflags:domhier /update
Then run:
net stop w32time
net start w32time
=Delete files by date=
forfiles –p C:\Share\
-s –m *.* -d -1 –c “CMD /C del /Q /F /s @path” –