.. -*- coding: utf-8; -*-============= Windows OS.=============.. contents:: :local:Determining windows version===========================To show GUI dialog with Windows build/version information type:: <Win+R> winver <Enter> <Win+Break>or run:: cmd> winver``cmd`` has built-in command ``ver``.For Win 2000 and upper check registry key:: cmd> reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentVersionTo check 32/64-bit OS use PROCESSOR_ARCHITECTURE env var (it has such values:x86, AMD64, IA64).Full info about Windows edition available from this .vbs:: cmd> slmgr -dliWindows history.================https://www.microsoft.com/en-us/itpro/windows-10/release-information Windows 10 release information. Table with schedules.http://windows.microsoft.com/en-us/windows/history A history of WindowsWindows update==============To find updates and drivers visit (подлинность Windows not checked):* http://catalog.update.microsoft.com/You can search driver by keywords from Device Manager like:: VEN_10DE DEV_0247 VID_22B8 PID_2A62After obtaining ``.cab`` file for driver unpack files:: cmd> expand FILE.cab -F:* c:\tmp\dirand use that directory in "Update driver" dialog.Also you can find updates on:* http://www.microsoft.com/downloads/ru-ru/default.aspxUpdates that reset pirate copy of Windows: КВ971033.List of installed updates with full information:: cmd> wmic qfe power# get-hotfixList only hotfix id:: cmd> wmic qfe get hotfixid power# get-hotfix -id KB...,KB...http://catalog.update.microsoft.com/v7/site/faqgeneric.aspx Microsoft Update Catalog FAQhttps://support.microsoft.com/en-us/kb/323166 How to download updates that include drivers and hotfixes from the Windows Update Catalog.Check system files integrity============================Run check with (utility is available starting from Windows 2000):: cmd> sfc /ScannowLook to ``c:/Windows/Logs/CBS/CBS.log`` for errors and warnings.To repair run:: dism /Online /Cleanup-image /Scanhealth dism /Online /Cleanup-Image /RestoreHealthIf Windows Update is broken you can provide path:: dism /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccessSee:* http://support.microsoft.com/kb/929833* http://support.microsoft.com/kb/222471* http://support.microsoft.com/kb/310747/ruRepair boot.============If you only damage boot sector of master or system partition boot from WindowsXP installation CD, enter to recovery console and run:: cmd> fixboot cmd> fixmbrSee:* http://support.microsoft.com/kb/307654/ruAutomatically connect to shared resource.=========================================Add to autorun such .bat file:: net use x: \\server\share /user:username passwordSee:* http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_use.mspxActivate Windows.=================Activate Windows from command line:: cmd> slmgr -ipk YGR45-THIS9-WONT5–0WORK-D7667Reset the evaluation period/licensing status and activation state of themachine:: cmd> slmgr -rearmCheck activation:: cmd> slmgr /xprSee:http://www.microsoft.com/genuine/selfhelp/XPPkuinst.aspx?sGuid=bab9e103-6365-44dd-9337-93f0cd9dd4b7&displaylang=en Windows Product Key Update Tool InstructionsActivate Windows XP.--------------------Replace %WINDIR%/system32/winlogon.exe with valid in Safe Mode and run Windows Product Key UpdateTool.Windows images.===============http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e Windows XP Service Pack 3 - ISO-9660 CD Image Filehosts file.===========Edit ``%windir%/system32/Drivers/etc/hosts``. Under Windows 7/8/10 you need torun editor with "Run as administrator".Access to Samba from Vista/7.=============================By default, you cannot authenticate and share files to and from Mac OS X orLinux Samba due to a well known authentication method turned off by default.To enable this,Only for Windows Vista Ultimate/Business/Enterprise Editions.-------------------------------------------------------------Goto Start->Run and open gpedit.msc or secpol.mscSelect Continue on the User Account Control prompt. This will launch the GroupPolicy Object Editor for the Local Computer Policy.In the Group Policy Object Editor, expand:-> Computer Configuration-> Windows Settings-> Security Settings-> Local Policies-> Security OptionsOpen the "Network security: LAN Manager authentication level" policy andchange the Security Setting to:Send LM & NTLM - use NTLMv2 session security if negotiatedWindows Vista Home Edition.---------------------------Since Windows Vista Home Edition does not feature the Group Policy Editor, youmay do the following to enable this feature:Goto Start->Run-> and type regedit.Select Continue on the User Account Control prompt.Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LsaCreate the following DWORD value (if it doesn't exist): LmCompatibilityLevelAnd set its value to: 1Map dir to disk.================To create:: cmd> subst [to-disk: [from-disk:]path]To remove:: cmd> subst disk: /dStandard scripts.=================:``msconfig``: System Configuration Utility, you can disable services registered at boot.:``regedit``: Registry Editor.:``services.msc``: Service management.:``compmgmt.msc``: Computer management.:``devmgmt.msc``: Device manager.:``diskmgmt.msc``: Disk management.:``msinfo32``: System Information.:``perfmon.msc``: Performance monitor.These scripts can be invoked via ``Win+R``:: dfrg.msc - Disk defrag eventvwr.msc - Event viewer fsmgmt.msc - Shared folders gpedit.msc - Group policies lusrmgr.msc - Local users and groups secpol.msc - Local security settings win.ini - windows loading information(also system.ini) winver - Shows current version of windows command - Opens command prompt control fonts - Fonts Folder control printers - Printers Folder appwiz.cpl - Add & Remove Programs timedate.cpl - Date/Time Properties desk.cpl - Display Properties inetcpl.cpl - Internet Options mmsys.cpl - Sound Settings sysdm.cpl - System Properties password.cpl - Password Options main.cpl - Mouse and Keyboard Options``.cpl`` scripts can be run from command line as:: cmd> Rundll32 Shell32.dll,Control_RunDLL cmd> Rundll32 Shell32.dll,Control_RunDLL Mmsys.cpl,,0Path====Max path length---------------260 chars. Use MAX_PATH macros from 'windows.h'.Allowed characters------------------Not allowed:* characters from 0 to 31* ``<`` (less than)* ``>`` (greater than)* ``:`` (colon)* ``"`` (double quote)* ``/`` (forward slash)* ``\`` (backslash)* ``|`` (vertical bar or pipe)* ``?`` (question mark)* ``*`` (asterisk)http://msdn.microsoft.com/en-us/library/aa365247.aspx Naming Files, Paths, and Namespaces.Memory======http://msdn.microsoft.com/en-us/library/ff542275%28v=VS.85%29.aspx Boot Parameters to Configure DEP and PAEPAE---All 32-bit Windows XP support only 4 GiB RAM. To enable PAE (Physical AddressExtension) edit ``c:\boot.ini``, add option ``/pae``:: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Prof" /fastdetect /paehttp://msdn.microsoft.com/en-us/library/ff557168.aspx ``/pae`` option.http://www.microsoft.com/whdc/system/platform/server/pae/paedrv.mspx PAE support.NX--NX (no execute) in Windows realised in Data Execution Prevention (DEP)technology.On 64-bit processes, DEP is enabled by default and cannot be disabled. For32-bit Windows DEP is supported in Windows Server 2003 with SP1, Windows XPwith SP2, Windows Vista, and later versions of Windows.To enable NX on 32-bit Windows edit 'c:\boot.ini', add option'/noexecute=...' (alwayson/optout/optin/alwaysoff):: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Prof" /fastdetect /noexecute=alwaysonTo see current DEP status run:: cmd> wmic OS Get DataExecutionPrevention_Available cmd> wmic OS Get DataExecutionPrevention_SupportPolicy cmd> wmic OS Get DataExecutionPrevention_Drivershttp://msdn.microsoft.com/en-us/library/ff557134%28VS.85%29.aspx /noexecute parameterhttp://support.microsoft.com/kb/912923 How to determine that hardware DEP is available and configured on your computerWindows ISO images.===================http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25129 Windows XP Service Pack 3 - ISO-9660 CD Image FileLife cycle.===========http://www.microsoft.com/windows/lifecycle/servicepacks.mspx Windows Service Pack Road Maphttp://www.microsoft.com/windows/lifecycle/default.mspx Windows Life-Cycle Policyhttp://support.microsoft.com/gp/lifeselect Life-Cycle Policy by producthttp://support.microsoft.com/lifecycle/search Microsoft Product Lifecycle Search. Type product name into search box (like "Windows 95", "Windows XP", "Windows Server 2003", etc)!NTFS junction points.=====================To craete use 'junction.exe' from Mark Russinovich or 'linkd.exe' fromMicrosoft Windows 2000 Resource Kit.'junction.exe' included with Sysinternals suite:: cmd> md c:\Program-Files cmd> junction c:\Program-Files "c:\Program Files"http://technet.microsoft.com/en-gb/sysinternals/bb896768.aspx Junction v1.05, Published: July 24, 2007http://support.microsoft.com/?kbid=205524 How to create and manipulate NTFS junction pointshttp://en.wikipedia.org/wiki/NTFS_junction_point NTFS junction pointMicrosoft Windows 2000 Resource Kit.====================================http://support.microsoft.com/kb/927229 Windows 2000 Resource Kit Tools for administrative tasks separate tools downloadsMicrosoft security tools.=========================http://www.microsoft.com/downloads/details.aspx?FamilyID=CD057D9D-86B9-4E35-9733-7ACB0B2A3CA1&displayLang=enhttp://www.microsoft.com/downloads/details.aspx?FamilyID=B1E76BBE-71DF-41E8-8B52-C871D012BA78&displayLang=en Microsoft Baseline Security Analyzer 2.1.1 (for IT Professionals)http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=4a2346ac-b772-4d40-a750-9046542f343d&displayLang=en Enhanced Mitigation Evaluation Toolkithttp://blogs.technet.com/b/srd/archive/2009/10/27/announcing-the-release-of-the-enhanced-mitigation-evaluation-toolkit.aspx Announcing the release of the Enhanced Mitigation Evaluation Toolkit (old version 1.0)http://blogs.technet.com/b/srd/archive/2010/07/28/announcing-the-upcoming-release-of-emet-v2.aspxEnable/Disabling UAC.=====================To disable UAC on the computer, you must be able to log on with or provide thecredentials of a member of the local Administrators group.Starting with Windows 7, UAC is disabled by following these steps:1. On the Start menu, type "UAC" and then click Change User Account settings.2. Move the slide bar to the bottom (Never Notify) and then click OK.On Windows Vista and Windows Server 2008, UAC is disabled by following these steps:1. Start Control Panel and double-click User Accounts.2. In the User Accounts tasks window, click Turn User Account Control on or off.3. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off Turn User Account Control on or offFix file association.=====================Check current association:: $ cmd /c assoc | grep -i "^\.mp3" .mp3=mp3fileGet list of all available commands:: $ cmd /c ftype ... AIMP.mp3="C:\Program Files\AIMP2\AIMP2.exe" "%1" ...and select one on them:: $ cmd /c assoc .mp3=AIMP.mp3Clean up Windows system directories===================================Run ``cleanmgr.exe``.Disable hibernation:: powercfg /hibernate offOn Windows 10 use compaction (compressing Windows bloatware). It frees about 2 GiB:: Compact.exe /CompactOS:alwaysClean up WinSXS directory (from admin permission):: DISM /online /Cleanup-Image /SpSuperseded DISM /online /Cleanup-Image /StartComponentCleanup /ResetBaseYou can safely remove SP restore files:: %Systemroot%\$NtServicePackUninstall$Also check such directories:: %SYSTEMDRIVE%\Program Files\Common Files %SYSTEMDRIVE%\Documents and Settings\USER\Application Data %SYSTEMDRIVE%\Documents and Settings\USER\Local Settingshttp://support.microsoft.com/kb/290402 HOW TO: Remove the Service Pack Restore Files and Folders in Windowshttp://support.microsoft.com/kb/253597 Automating Disk Cleanup Tool in Windowshttps://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space Tips to free up drive space on your PC.https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/clean-up-the-winsxs-folder Clean Up the WinSxS Folder.https://support.microsoft.com/en-us/help/2795190/how-to-address-disk-space-issues-that-are-caused-by-a-large-windows-co How to address disk space issues that are caused by a large Windows component store (WinSxS) directory.Schedule Tasks in Windows=========================List registered of task:: $ schtasks /queryCreate task:: $ schtasks /create /tn %TASK_NAME% /ru %ROOT% /sc daily /st 23:00:00 /tr "rundll32.exe user32.dll,LockWorkStation"``/sc`` can be one of:: MINUTE HOURLY DAILY WEEKLY MONTHLY ONCE ONSTART ONLOGON ONIDLEDelete task:: schtasks /delete /tn %TASK_NAME% /fChange NTFS permissions=======================``icacls`` allow option:* ``/c`` - Continues the operation despite any file errors. Error messages will still be displayed.* ``/t`` - Apply recursively.* ``/l`` - Performs the operation on a symbolic link versus its destination.* ``/q`` - Suppresses success messages.Permissions description:* ``f`` - full control* ``CI`` = Container Inherit - This flag indicates that subordinate containers will inherit this ACE.* ``OI`` = Object Inherit - This flag indicates that subordinate files will inherit the ACE.To review current permissions:: cmd> icacls %dir% /t.. note:: To get brief view of permissions use ``AccessEnum`` utility from Sysinternals.Recursively change the owner of all matching files to the specified user:: cmd> icacls %dir% /setowner %user% /t /cor simply:: cmd> takeown /r /f %file%.. note:: Sometimes you don't have enough permssion to change permission. Run commands from administrator shell.Recursively grand full access for everyone:: cmd> icacls %dir% /t /grant:r %user%:(f) cmd> icacls %dir% /t /grant:r *S-1-1-0:(f)Somtimes it fail due to permission inheritance, try to strip them:: cmd> icacls %dir% /inheritance:r /t /grant:r %user%:(f)Remove all permissons from file (first reset to inherited, then remove inherited):: cmd> icacls %FILE% /reset cmd> icacls %FILE% /inheritance:rRead file attributes:: cmd> attrib %FILE%Set/remove attributes (``/s`` - recursive):: cmd> attrib +r -h %DIR% /shttps://technet.microsoft.com/en-us/library/cc753525.aspx Icacls.http://support.microsoft.com/kb/919240 The ``Icacls.exe`` utility is available for Windows Server 2003 with Service Pack 2.https://technet.microsoft.com/en-us/library/2009.07.geekofalltrades.aspx Geek of all Trades Setting Permissions from the Command Line.https://technet.microsoft.com/en-us/library/bb490868.aspx Attrib utility.User management===============List available users:: cmd> net user cmd> wmic useraccount list briefList available groups:: cmd> net localgroupList available users in group:: cmd> net localgroup %GROUP% cmd> net localgroup Administrators cmd> net localgroup UsersCurrent logged user:: cmd> whoamiCreate new user by supplying password argument:: cmd> net user /ADD %USER% %PASS%Create new user by entering password in prompt:: cmd> net user /ADD %USER% *Well-known security identifiers (SID).======================================Pring SIDs of groups:: cmd> whoami /groupsPrint current user SID:: cmd> whoami /userGet name from SID:: cmd> PsGetsid.exe S-1-0-0Get SID from name:: cmd> PsGetsid.exe "NT AUTHORITY\System" cmd> PsGetsid.exe "NT AUTHORITY\LocalService"Well known users/groups:``S-1-0-0`` Nobody. A group with no members. This is often used when a SID value is not known.``S-1-1-0`` World/Everyone. A group that includes all users.``S-1-2-0`` Local. A group that includes all users who have logged on locally.``S-1-2-1`` Console Logon. A group that includes users who are logged on to the physical console.``S-1-3-0`` Creator Owner ID. A security identifier to be replaced by the security identifier of the user who created a new object. This SID is used in inheritable ACEs.``S-1-3-1`` Creator Group ID. A security identifier to be replaced by the primary-group SID of the user who created a new object. Use this SID in inheritable ACEs.``S-1-5-6`` Service. A group that includes all security principals that have logged on as a service. Membership is controlled by the operating system.``S-1-5-7`` Anonymous. A group that includes all users that have logged on anonymously. Membership is controlled by the operating system.``S-1-5-18`` ``NT AUTHORITY\SYSTEM````S-1-5-19`` ``NT AUTHORITY\LocalService````S-1-5-32-544`` Administrators group.``S-1-5-32-545`` Users group.``S-1-5-32-546`` Guests. By default, the only member is the Guest account. The Guests group allows occasional or one-time users to log on with limited privileges to a computer's built-in Guest account.``S-1-5-32-547`` Power Users. Power users can create local users and groups; modify and delete accounts that they have created; and remove users from the Power Users, Users, and Guests groups. Power users also can install programs; create, manage, and delete local printers; and create and delete file shares.See:https://msdn.microsoft.com/en-us/library/aa379649.aspx Well-known SIDshttps://support.microsoft.com/en-us/help/243330/ Well-known security identifiers in Windows operating systems.https://msdn.microsoft.com/en-us/library/ms686005.aspx Service User Accounts.http://en.wikipedia.org/wiki/Security_Identifier Security IdentifierConverting SID to names and inside out.=======================================Use 'PsGetSid' utility from Sysinternals:: cmd> PsGetSid S-1-3-0 cmd> PsGetSid "\NULL SID"Gathering info about Windows.=============================:: cmd> systeminfoFrom ``Win+R``:: helpctr.exe -mode hcp://system/sysinfo/msinfo.xmlor by:: cmd> %SystemRoot%\pchealth\helpctr\binaries\helpctr.exe -mode hcp://system/sysinfo/msinfo.xmlAutomatically logon to Windows==============================:: cmd# control userpasswords2Time synchronization in Windows===============================Most of registry tweaks have no effect or inconsistent on Windows timescheduling.Better way to control time sync is via Windws Task with commands (start serviceand force update):: %windir%\system32\sc.exe start w32time task_started %windir%\system32\w32tm.exe /resynchttps://www.pretentiousname.com/timesync/ Make Windows synchronize time more often.https://superuser.com/questions/529367/automatically-sync-windows-time-more-often-than-default Automatically sync Windows time more often than default.https://superuser.com/questions/603120/how-to-update-windows-8-clock-with-the-internet-every-time-i-boot-the-system How to update Windows 8 clock with the internet every time I boot the system?https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings Windows Time Service Tools and Settings.https://time.is/ Online in browser service to find time difference.Format drive.=============Replace with own disk letter:: cmd# format E: /q /fs:ntfsSee:http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/format.mspx Formats the disk in the specified volume to accept Windows files.Login/logout user scripts=========================``%SystemRoot%\system32\GroupPolicy\User\Scripts\Logoff`` and``%SystemRoot%\system32\GroupPolicy\User\Scripts\Logon``.hosts file==========``%SystemRoot%\System32\drivers\etc\hosts``.Path to directory defined by registry key:: bash# cat /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/tcpip/Parameters/DataBasePath %SystemRoot%\System32\drivers\etc