940
|
1 |
.. -*- coding: utf-8; -*-
|
|
2 |
|
|
3 |
=============
|
|
4 |
Windows OS.
|
|
5 |
=============
|
|
6 |
.. contents::
|
|
7 |
|
|
8 |
Determining windows version.
|
|
9 |
============================
|
|
10 |
|
|
11 |
Run winver.exe: <Win> + R winver <RET>.
|
|
12 |
|
|
13 |
Or type: <Win> + <Break>.
|
|
14 |
|
|
15 |
Under cmd.exe use built-in command ver.
|
|
16 |
|
|
17 |
For Win 2000 and upper check registry key::
|
|
18 |
|
|
19 |
cmd> reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentVersion
|
|
20 |
|
|
21 |
To check 32/64-bit OS use PROCESSOR_ARCHITECTURE env var (it has such values:
|
|
22 |
x86, AMD64, IA64).
|
|
23 |
|
|
24 |
Windows update.
|
|
25 |
===============
|
|
26 |
|
|
27 |
To find updates and drivers visit (подлинность Windows not checked):
|
|
28 |
|
|
29 |
http://catalog.update.microsoft.com/
|
|
30 |
|
|
31 |
You can search driver by keywords from Device Manager like::
|
|
32 |
|
|
33 |
VEN_10DE DEV_0247
|
|
34 |
VID_22B8 PID_2A62
|
|
35 |
|
|
36 |
Also you can find updates on:
|
|
37 |
|
|
38 |
http://www.microsoft.com/downloads/ru-ru/default.aspx
|
|
39 |
|
|
40 |
Check system files integrity.
|
|
41 |
=============================
|
|
42 |
::
|
|
43 |
|
|
44 |
cmd> sfc /Scannow
|
|
45 |
|
|
46 |
To complete repair you may need original installation CD (you can mount it
|
|
47 |
from .iso image for example with DemonTools).
|
|
48 |
|
|
49 |
Works for Windows 2000, Windows XP, Windows 2003.
|
|
50 |
|
|
51 |
See
|
|
52 |
|
|
53 |
http://support.microsoft.com/kb/222471/
|
|
54 |
http://support.microsoft.com/kb/310747/ru
|
|
55 |
|
|
56 |
Repair boot.
|
|
57 |
============
|
|
58 |
|
|
59 |
If you only damage boot sector of master or system partition boot from Windows
|
|
60 |
XP installation CD, enter to recovery console and run:
|
|
61 |
|
|
62 |
cmd> fixboot
|
|
63 |
cmd> fixmbr
|
|
64 |
|
|
65 |
See
|
|
66 |
|
|
67 |
http://support.microsoft.com/kb/307654/ru
|
|
68 |
|
|
69 |
Automatically connect to shared resource.
|
|
70 |
=========================================
|
|
71 |
|
|
72 |
Add to autorun such .bat file:
|
|
73 |
|
|
74 |
net use x: \\server\share /user:username password
|
|
75 |
|
|
76 |
See
|
|
77 |
|
|
78 |
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_use.mspx
|
|
79 |
|
|
80 |
Activate windows.
|
|
81 |
=================
|
|
82 |
|
|
83 |
http://www.microsoft.com/genuine/selfhelp/XPPkuinst.aspx?sGuid=bab9e103-6365-44dd-9337-93f0cd9dd4b7&displaylang=en
|
|
84 |
Windows Product Key Update Tool Instructions
|
|
85 |
|
|
86 |
Activate Windows XP.
|
|
87 |
--------------------
|
|
88 |
|
|
89 |
Replace %WINDIR%/system32/winlogon.exe with valid in Safe Mode and run Windows Product Key Update
|
|
90 |
Tool.
|
|
91 |
|
|
92 |
Windows images.
|
|
93 |
===============
|
|
94 |
|
|
95 |
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e
|
|
96 |
Windows XP Service Pack 3 - ISO-9660 CD Image File
|
|
97 |
|
|
98 |
Access to Samba for Vista/7.
|
|
99 |
============================
|
|
100 |
|
|
101 |
By default, you cannot authenticate and share files to and from Mac OS X or
|
|
102 |
Linux Samba due to a well known authentication method turned off by default.
|
|
103 |
To enable this,
|
|
104 |
|
|
105 |
Only for Windows Vista Ultimate/Business/Enterprise Editions.
|
|
106 |
-------------------------------------------------------------
|
|
107 |
|
|
108 |
Goto Start->Run and open gpedit.msc or secpol.msc
|
|
109 |
|
|
110 |
Select Continue on the User Account Control prompt. This will launch the Group
|
|
111 |
Policy Object Editor for the Local Computer Policy.
|
|
112 |
|
|
113 |
In the Group Policy Object Editor, expand:
|
|
114 |
|
|
115 |
-> Computer Configuration
|
|
116 |
-> Windows Settings
|
|
117 |
-> Security Settings
|
|
118 |
-> Local Policies
|
|
119 |
-> Security Options
|
|
120 |
|
|
121 |
Open the "Network security: LAN Manager authentication level" policy and
|
|
122 |
change the Security Setting to:
|
|
123 |
|
|
124 |
Send LM & NTLM - use NTLMv2 session security if negotiated
|
|
125 |
|
|
126 |
Windows Vista Home Edition.
|
|
127 |
---------------------------
|
|
128 |
|
|
129 |
Since Windows Vista Home Edition does not feature the Group Policy Editor, you
|
|
130 |
may do the following to enable this feature:
|
|
131 |
|
|
132 |
Goto Start->Run-> and type regedit.
|
|
133 |
|
|
134 |
Select Continue on the User Account Control prompt.
|
|
135 |
|
|
136 |
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
|
|
137 |
|
|
138 |
Create the following DWORD value (if it doesn't exist): LmCompatibilityLevel
|
|
139 |
|
|
140 |
And set its value to: 1
|
|
141 |
|
|
142 |
Map dir to disk.
|
|
143 |
================
|
|
144 |
|
|
145 |
To create::
|
|
146 |
|
|
147 |
cmd> subst [to-disk: [from-disk:]path]
|
|
148 |
|
|
149 |
To remove::
|
|
150 |
|
|
151 |
cmd> subst disk: /d
|
|
152 |
|
|
153 |
Standard scripts.
|
|
154 |
=================
|
|
155 |
|
|
156 |
compmgmt.msc - Computer management
|
|
157 |
devmgmt.msc - Device manager
|
|
158 |
diskmgmt.msc - Disk management
|
|
159 |
dfrg.msc - Disk defrag
|
|
160 |
eventvwr.msc - Event viewer
|
|
161 |
fsmgmt.msc - Shared folders
|
|
162 |
gpedit.msc - Group policies
|
|
163 |
lusrmgr.msc - Local users and groups
|
|
164 |
perfmon.msc - Performance monitor
|
|
165 |
rsop.msc - Resultant set of policies
|
|
166 |
secpol.msc - Local security settings
|
|
167 |
services.msc - Various Services
|
|
168 |
msconfig - System Configuration Utility
|
|
169 |
regedit - Registry Editor
|
|
170 |
msinfo32 - System Information
|
|
171 |
sysedit - System Configuration Editor
|
|
172 |
win.ini - windows loading information(also system.ini)
|
|
173 |
winver - Shows current version of windows
|
|
174 |
mailto: - Opens default email client
|
|
175 |
command - Opens command prompt
|
|
176 |
|
|
177 |
appwiz.cpl - Add & Remove Programs
|
|
178 |
timedate.cpl - Date/Time Properties
|
|
179 |
desk.cpl - Display Properties
|
|
180 |
inetcpl.cpl - Internet Options
|
|
181 |
mmsys.cpl - Sound Settings
|
|
182 |
sysdm.cpl - System Properties
|
|
183 |
password.cpl - Password Options
|
|
184 |
main.cpl - Mouse and Keyboard Options
|
|
185 |
control fonts - Fonts Folder
|
|
186 |
control printers Printers Folder
|
|
187 |
|
|
188 |
Path.
|
|
189 |
=====
|
|
190 |
|
|
191 |
Max path length.
|
|
192 |
----------------
|
|
193 |
|
|
194 |
260 chars. Use MAX_PATH macros from 'windows.h'.
|
|
195 |
|
|
196 |
Allowed characters.
|
|
197 |
-------------------
|
|
198 |
|
|
199 |
Not allowed:
|
|
200 |
* characters from 0 to 31
|
|
201 |
* < (less than)
|
|
202 |
* > (greater than)
|
|
203 |
* : (colon)
|
|
204 |
* " (double quote)
|
|
205 |
* / (forward slash)
|
|
206 |
* \ (backslash)
|
|
207 |
* | (vertical bar or pipe)
|
|
208 |
* ? (question mark)
|
|
209 |
* * (asterisk)
|
|
210 |
|
|
211 |
http://msdn.microsoft.com/en-us/library/aa365247.aspx
|
|
212 |
Naming Files, Paths, and Namespaces
|
|
213 |
|
|
214 |
Memory.
|
|
215 |
=======
|
|
216 |
|
|
217 |
http://msdn.microsoft.com/en-us/library/ff542275%28v=VS.85%29.aspx
|
|
218 |
Boot Parameters to Configure DEP and PAE
|
|
219 |
|
|
220 |
PAE.
|
|
221 |
----
|
|
222 |
|
|
223 |
All 32-bit Windows XP support only 4 GiB RAM. To enable PAE (Physical Address
|
|
224 |
Extension) edit 'c:\boot.ini', add option '/pae':
|
|
225 |
|
|
226 |
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Prof" /fastdetect /pae
|
|
227 |
|
|
228 |
http://msdn.microsoft.com/en-us/library/ff557168%28v=VS.85%29.aspx
|
|
229 |
/pae option
|
|
230 |
http://www.microsoft.com/whdc/system/platform/server/pae/paedrv.mspx
|
|
231 |
PAE support
|
|
232 |
|
|
233 |
NX.
|
|
234 |
---
|
|
235 |
|
|
236 |
NX (no execute) in Windows realised in Data Execution Prevention (DEP)
|
|
237 |
technology.
|
|
238 |
|
|
239 |
On 64-bit processes, DEP is enabled by default and cannot be disabled. For
|
|
240 |
32-bit Windows DEP is supported in Windows Server 2003 with SP1, Windows XP
|
|
241 |
with SP2, Windows Vista, and later versions of Windows.
|
|
242 |
|
|
243 |
To enable NX on 32-bit Windows edit 'c:\boot.ini', add option
|
|
244 |
'/noexecute=...' (alwayson/optout/optin/alwaysoff)::
|
|
245 |
|
|
246 |
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Prof" /fastdetect /noexecute=alwayson
|
|
247 |
|
|
248 |
To see current DEP status run::
|
|
249 |
|
|
250 |
cmd> wmic OS Get DataExecutionPrevention_Available
|
|
251 |
cmd> wmic OS Get DataExecutionPrevention_SupportPolicy
|
|
252 |
cmd> wmic OS Get DataExecutionPrevention_Drivers
|
|
253 |
|
|
254 |
http://msdn.microsoft.com/en-us/library/ff557134%28VS.85%29.aspx
|
|
255 |
/noexecute parameter
|
|
256 |
http://support.microsoft.com/kb/912923
|
|
257 |
How to determine that hardware DEP is available and configured on your computer
|
|
258 |
|
|
259 |
Life cycle.
|
|
260 |
===========
|
|
261 |
|
|
262 |
http://www.microsoft.com/windows/support/endofsupport.mspx
|
|
263 |
End of support for Windows 98, Windows Me, and Windows XP Service Pack 1
|
|
264 |
http://www.microsoft.com/windows/lifecycle/servicepacks.mspx
|
|
265 |
Windows Service Pack Road Map
|
|
266 |
http://www.microsoft.com/windows/lifecycle/default.mspx
|
|
267 |
Windows Life-Cycle Policy
|
|
268 |
http://support.microsoft.com/gp/lifeselect
|
|
269 |
Life-Cycle Policy by product
|
|
270 |
|
|
271 |
NTFS junction points.
|
|
272 |
=====================
|
|
273 |
|
|
274 |
To craete use 'junction.exe' from Mark Russinovich or 'linkd.exe' from
|
|
275 |
Microsoft Windows 2000 Resource Kit.
|
|
276 |
|
|
277 |
'junction.exe' included with Sysinternals suite.
|
|
278 |
|
|
279 |
cmd> md c:\Program-Files
|
|
280 |
cmd> junction c:\Program-Files "c:\Program Files"
|
|
281 |
|
|
282 |
http://technet.microsoft.com/en-gb/sysinternals/bb896768.aspx
|
|
283 |
Junction v1.05, Published: July 24, 2007
|
|
284 |
http://support.microsoft.com/?kbid=205524
|
|
285 |
How to create and manipulate NTFS junction points
|
|
286 |
http://en.wikipedia.org/wiki/NTFS_junction_point
|
951
|
287 |
NTFS junction point
|
940
|
288 |
|
|
289 |
Microsoft Windows 2000 Resource Kit.
|
|
290 |
====================================
|
|
291 |
|
|
292 |
http://support.microsoft.com/kb/927229
|
|
293 |
Windows 2000 Resource Kit Tools for administrative tasks
|
|
294 |
separate tools downloads
|
|
295 |
|
|
296 |
Microsoft security tools.
|
|
297 |
=========================
|
|
298 |
|
|
299 |
http://www.microsoft.com/downloads/details.aspx?FamilyID=CD057D9D-86B9-4E35-9733-7ACB0B2A3CA1&displayLang=en
|
|
300 |
|
|
301 |
http://www.microsoft.com/downloads/details.aspx?FamilyID=B1E76BBE-71DF-41E8-8B52-C871D012BA78&displayLang=en
|
|
302 |
Microsoft Baseline Security Analyzer 2.1.1 (for IT
|
|
303 |
Professionals)
|
|
304 |
|
|
305 |
http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=4a2346ac-b772-4d40-a750-9046542f343d&displayLang=en
|
|
306 |
Enhanced Mitigation Evaluation Toolkit
|
|
307 |
|
|
308 |
http://blogs.technet.com/b/srd/archive/2009/10/27/announcing-the-release-of-the-enhanced-mitigation-evaluation-toolkit.aspx
|
|
309 |
Announcing the release of the Enhanced Mitigation Evaluation
|
|
310 |
Toolkit (old version 1.0)
|
|
311 |
|
|
312 |
http://blogs.technet.com/b/srd/archive/2010/07/28/announcing-the-upcoming-release-of-emet-v2.aspx
|
|
313 |
|
|
314 |
Enable/Disabling UAC.
|
|
315 |
=====================
|
|
316 |
|
|
317 |
To disable UAC on the computer, you must be able to log on with or provide the
|
|
318 |
credentials of a member of the local Administrators group.
|
|
319 |
|
|
320 |
Starting with Windows 7, UAC is disabled by following these steps:
|
|
321 |
|
|
322 |
1. On the Start menu, type "UAC" and then click Change User Account settings.
|
|
323 |
2. Move the slide bar to the bottom (Never Notify) and then click OK.
|
|
324 |
|
|
325 |
On Windows Vista and Windows Server 2008, UAC is disabled by following these steps:
|
|
326 |
|
|
327 |
1. Start Control Panel and double-click User Accounts.
|
|
328 |
2. In the User Accounts tasks window, click Turn User Account Control on or off.
|
|
329 |
3. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.
|
|
330 |
|
|
331 |
http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off
|
|
332 |
Turn User Account Control on or off
|
|
333 |
|
|
334 |
Fix file association.
|
|
335 |
=====================
|
|
336 |
|
|
337 |
Check current association::
|
|
338 |
|
|
339 |
$ cmd /c assoc | grep -i "^\.mp3"
|
|
340 |
.mp3=mp3file
|
|
341 |
|
|
342 |
Get list of all available commands::
|
|
343 |
|
|
344 |
$ cmd /c ftype
|
|
345 |
...
|
|
346 |
AIMP.mp3="C:\Program Files\AIMP2\AIMP2.exe" "%1"
|
|
347 |
...
|
|
348 |
|
|
349 |
and select one on them::
|
|
350 |
|
|
351 |
$ cmd /c assoc .mp3=AIMP.mp3
|
|
352 |
|
|
353 |
Clean up Windows system directories.
|
|
354 |
====================================
|
|
355 |
|
|
356 |
You can safely remove SP restore files::
|
|
357 |
|
|
358 |
%Systemroot%\$NtServicePackUninstall$
|
|
359 |
|
|
360 |
Also check such directories::
|
|
361 |
|
|
362 |
%SYSTEMDRIVE%\Program Files\Common Files
|
|
363 |
%SYSTEMDRIVE%\Documents and Settings\USER\Application Data
|
|
364 |
%SYSTEMDRIVE%\Documents and Settings\USER\Local Settings
|
|
365 |
|
|
366 |
http://support.microsoft.com/kb/290402
|
|
367 |
HOW TO: Remove the Service Pack Restore Files and Folders in Windows
|
|
368 |
|
|
369 |
Windows services from command line.
|
|
370 |
===================================
|
|
371 |
|
|
372 |
List of all running services.
|
|
373 |
-----------------------------
|
|
374 |
::
|
|
375 |
|
|
376 |
cmd> net start
|
|
377 |
|
|
378 |
Start service.
|
|
379 |
--------------
|
|
380 |
::
|
|
381 |
|
|
382 |
cmd> net start NAME
|
|
383 |
|
|
384 |
Stop service.
|
|
385 |
-------------
|
|
386 |
::
|
|
387 |
|
|
388 |
cmd> net stop NAME
|
|
389 |
|
|
390 |
Schedule Tasks in Windows.
|
|
391 |
==========================
|
|
392 |
|
|
393 |
List registered of task.
|
|
394 |
------------------------
|
|
395 |
::
|
|
396 |
|
|
397 |
$ schtasks /query
|
|
398 |
|
|
399 |
Create task.
|
|
400 |
------------
|
|
401 |
::
|
|
402 |
|
|
403 |
$ schtasks /create /tn %TASK_NAME% /ru %ROOT% /sc daily /st 23:00:00 /tr "rundll32.exe user32.dll,LockWorkStation"
|
|
404 |
|
|
405 |
/sc can be one of::
|
|
406 |
|
|
407 |
MINUTE HOURLY DAILY WEEKLY MONTHLY ONCE ONSTART ONLOGON ONIDLE
|
|
408 |
|
|
409 |
Delete task.
|
|
410 |
------------
|
|
411 |
::
|
|
412 |
|
|
413 |
schtasks /delete /tn %TASK_NAME% /f
|
|
414 |
|