Show current key details.
.. -*- coding: utf-8; -*-
=============
Windows OS.
=============
.. contents::
:local:
Determining windows version
===========================
To show GUI dialog with Windows build/version information type::
<Win+R> winver <Enter>
<Win+Break>
or run::
cmd> winver
``cmd`` has built-in command ``ver``.
For Win 2000 and upper check registry key::
cmd> reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentVersion
To check 32/64-bit OS use PROCESSOR_ARCHITECTURE env var (it has such values:
x86, AMD64, IA64).
Full info about Windows edition available from this .vbs::
cmd> slmgr -dli
Windows history.
================
https://www.microsoft.com/en-us/itpro/windows-10/release-information
Windows 10 release information. Table with schedules.
http://windows.microsoft.com/en-us/windows/history
A history of Windows
Windows update
==============
To find updates and drivers visit (подлинность Windows not checked):
* http://catalog.update.microsoft.com/
You can search driver by keywords from Device Manager like::
VEN_10DE DEV_0247
VID_22B8 PID_2A62
After obtaining ``.cab`` file for driver unpack files::
cmd> expand FILE.cab -F:* c:\tmp\dir
and use that directory in "Update driver" dialog.
Also you can find updates on:
* http://www.microsoft.com/downloads/ru-ru/default.aspx
Updates that reset pirate copy of Windows: КВ971033.
List of installed updates with full information::
cmd> wmic qfe
power# get-hotfix
List only hotfix id::
cmd> wmic qfe get hotfixid
power# get-hotfix -id KB...,KB...
http://catalog.update.microsoft.com/v7/site/faqgeneric.aspx
Microsoft Update Catalog FAQ
https://support.microsoft.com/en-us/kb/323166
How to download updates that include drivers and hotfixes from the Windows
Update Catalog.
Check system files integrity
============================
Run check with (utility is available starting from Windows 2000)::
cmd> sfc /Scannow
Look to ``c:/Windows/Logs/CBS/CBS.log`` for errors and warnings.
To repair run::
dism /Online /Cleanup-image /Scanhealth
dism /Online /Cleanup-Image /RestoreHealth
If Windows Update is broken you can provide path::
dism /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows /LimitAccess
See:
* http://support.microsoft.com/kb/929833
* http://support.microsoft.com/kb/222471
* http://support.microsoft.com/kb/310747/ru
Repair boot.
============
If you only damage boot sector of master or system partition boot from Windows
XP installation CD, enter to recovery console and run::
cmd> fixboot
cmd> fixmbr
See:
* http://support.microsoft.com/kb/307654/ru
Automatically connect to shared resource.
=========================================
Add to autorun such .bat file::
net use x: \\server\share /user:username password
See:
* http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/net_use.mspx
Activate Windows
================
Show current key details::
: basic
slmgr.vbs /dli
: detailed
slmgr.vbs /dlv
Install an activation key::
slmgr.vbs /ipk YGR45-THIS9-WONT5–0WORK-D7667
Activate Windows::
slmgr.vbs /ato
Reset the evaluation period/licensing status and activation state of the machine::
slmgr.vbs -rearm
Check exparation date::
slmgr.vbs /xpr
See:
https://support.microsoft.com/en-us/windows/activate-windows-10-c39005d4-95ee-b91e-b399-2820fda32227
Windows Product Key Update Tool Instructions
Activate Windows XP.
--------------------
Replace %WINDIR%/system32/winlogon.exe with valid in Safe Mode and run Windows Product Key Update
Tool.
Windows images.
===============
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=2fcde6ce-b5fb-4488-8c50-fe22559d164e
Windows XP Service Pack 3 - ISO-9660 CD Image File
hosts file.
===========
Edit ``%windir%/system32/Drivers/etc/hosts``. Under Windows 7/8/10 you need to
run editor with "Run as administrator".
Access to Samba from Vista/7.
=============================
By default, you cannot authenticate and share files to and from Mac OS X or
Linux Samba due to a well known authentication method turned off by default.
To enable this,
Only for Windows Vista Ultimate/Business/Enterprise Editions.
-------------------------------------------------------------
Goto Start->Run and open gpedit.msc or secpol.msc
Select Continue on the User Account Control prompt. This will launch the Group
Policy Object Editor for the Local Computer Policy.
In the Group Policy Object Editor, expand:
-> Computer Configuration
-> Windows Settings
-> Security Settings
-> Local Policies
-> Security Options
Open the "Network security: LAN Manager authentication level" policy and
change the Security Setting to:
Send LM & NTLM - use NTLMv2 session security if negotiated
Windows Vista Home Edition.
---------------------------
Since Windows Vista Home Edition does not feature the Group Policy Editor, you
may do the following to enable this feature:
Goto Start->Run-> and type regedit.
Select Continue on the User Account Control prompt.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Create the following DWORD value (if it doesn't exist): LmCompatibilityLevel
And set its value to: 1
Map dir to disk.
================
To create::
cmd> subst [to-disk: [from-disk:]path]
To remove::
cmd> subst disk: /d
Standard scripts.
=================
:``msconfig``: System Configuration Utility, you can disable services registered
at boot.
:``regedit``: Registry Editor.
:``services.msc``: Service management.
:``compmgmt.msc``: Computer management.
:``devmgmt.msc``: Device manager.
:``diskmgmt.msc``: Disk management.
:``msinfo32``: System Information.
:``perfmon.msc``: Performance monitor.
These scripts can be invoked via ``Win+R``::
dfrg.msc - Disk defrag
eventvwr.msc - Event viewer
fsmgmt.msc - Shared folders
gpedit.msc - Group policies
lusrmgr.msc - Local users and groups
secpol.msc - Local security settings
win.ini - windows loading information(also system.ini)
winver - Shows current version of windows
command - Opens command prompt
control fonts - Fonts Folder
control printers - Printers Folder
appwiz.cpl - Add & Remove Programs
timedate.cpl - Date/Time Properties
desk.cpl - Display Properties
inetcpl.cpl - Internet Options
mmsys.cpl - Sound Settings
sysdm.cpl - System Properties
password.cpl - Password Options
main.cpl - Mouse and Keyboard Options
``.cpl`` scripts can be run from command line as::
cmd> Rundll32 Shell32.dll,Control_RunDLL
cmd> Rundll32 Shell32.dll,Control_RunDLL Mmsys.cpl,,0
Path
====
Max path length
---------------
260 chars. Use MAX_PATH macros from 'windows.h'.
Allowed characters
------------------
Not allowed:
* characters from 0 to 31
* ``<`` (less than)
* ``>`` (greater than)
* ``:`` (colon)
* ``"`` (double quote)
* ``/`` (forward slash)
* ``\`` (backslash)
* ``|`` (vertical bar or pipe)
* ``?`` (question mark)
* ``*`` (asterisk)
http://msdn.microsoft.com/en-us/library/aa365247.aspx
Naming Files, Paths, and Namespaces.
Memory
======
http://msdn.microsoft.com/en-us/library/ff542275%28v=VS.85%29.aspx
Boot Parameters to Configure DEP and PAE
PAE
---
All 32-bit Windows XP support only 4 GiB RAM. To enable PAE (Physical Address
Extension) edit ``c:\boot.ini``, add option ``/pae``::
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Prof" /fastdetect /pae
http://msdn.microsoft.com/en-us/library/ff557168.aspx
``/pae`` option.
http://www.microsoft.com/whdc/system/platform/server/pae/paedrv.mspx
PAE support.
NX
--
NX (no execute) in Windows realised in Data Execution Prevention (DEP)
technology.
On 64-bit processes, DEP is enabled by default and cannot be disabled. For
32-bit Windows DEP is supported in Windows Server 2003 with SP1, Windows XP
with SP2, Windows Vista, and later versions of Windows.
To enable NX on 32-bit Windows edit 'c:\boot.ini', add option
'/noexecute=...' (alwayson/optout/optin/alwaysoff)::
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="MS Windows XP Prof" /fastdetect /noexecute=alwayson
To see current DEP status run::
cmd> wmic OS Get DataExecutionPrevention_Available
cmd> wmic OS Get DataExecutionPrevention_SupportPolicy
cmd> wmic OS Get DataExecutionPrevention_Drivers
http://msdn.microsoft.com/en-us/library/ff557134%28VS.85%29.aspx
/noexecute parameter
http://support.microsoft.com/kb/912923
How to determine that hardware DEP is available and configured on your computer
Windows ISO images.
===================
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25129
Windows XP Service Pack 3 - ISO-9660 CD Image File
Life cycle.
===========
http://www.microsoft.com/windows/lifecycle/servicepacks.mspx
Windows Service Pack Road Map
http://www.microsoft.com/windows/lifecycle/default.mspx
Windows Life-Cycle Policy
http://support.microsoft.com/gp/lifeselect
Life-Cycle Policy by product
http://support.microsoft.com/lifecycle/search
Microsoft Product Lifecycle Search. Type product name into
search box (like "Windows 95", "Windows XP", "Windows Server
2003", etc)!
NTFS junction points.
=====================
To craete use 'junction.exe' from Mark Russinovich or 'linkd.exe' from
Microsoft Windows 2000 Resource Kit.
'junction.exe' included with Sysinternals suite::
cmd> md c:\Program-Files
cmd> junction c:\Program-Files "c:\Program Files"
http://technet.microsoft.com/en-gb/sysinternals/bb896768.aspx
Junction v1.05, Published: July 24, 2007
http://support.microsoft.com/?kbid=205524
How to create and manipulate NTFS junction points
http://en.wikipedia.org/wiki/NTFS_junction_point
NTFS junction point
Microsoft Windows 2000 Resource Kit.
====================================
http://support.microsoft.com/kb/927229
Windows 2000 Resource Kit Tools for administrative tasks
separate tools downloads
Microsoft security tools.
=========================
http://www.microsoft.com/downloads/details.aspx?FamilyID=CD057D9D-86B9-4E35-9733-7ACB0B2A3CA1&displayLang=en
http://www.microsoft.com/downloads/details.aspx?FamilyID=B1E76BBE-71DF-41E8-8B52-C871D012BA78&displayLang=en
Microsoft Baseline Security Analyzer 2.1.1 (for IT
Professionals)
http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=4a2346ac-b772-4d40-a750-9046542f343d&displayLang=en
Enhanced Mitigation Evaluation Toolkit
http://blogs.technet.com/b/srd/archive/2009/10/27/announcing-the-release-of-the-enhanced-mitigation-evaluation-toolkit.aspx
Announcing the release of the Enhanced Mitigation Evaluation
Toolkit (old version 1.0)
http://blogs.technet.com/b/srd/archive/2010/07/28/announcing-the-upcoming-release-of-emet-v2.aspx
Enable/Disabling UAC.
=====================
To disable UAC on the computer, you must be able to log on with or provide the
credentials of a member of the local Administrators group.
Starting with Windows 7, UAC is disabled by following these steps:
1. On the Start menu, type "UAC" and then click Change User Account settings.
2. Move the slide bar to the bottom (Never Notify) and then click OK.
On Windows Vista and Windows Server 2008, UAC is disabled by following these steps:
1. Start Control Panel and double-click User Accounts.
2. In the User Accounts tasks window, click Turn User Account Control on or off.
3. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.
http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off
Turn User Account Control on or off
Fix file association.
=====================
Check current association::
$ cmd /c assoc | grep -i "^\.mp3"
.mp3=mp3file
Get list of all available commands::
$ cmd /c ftype
...
AIMP.mp3="C:\Program Files\AIMP2\AIMP2.exe" "%1"
...
and select one on them::
$ cmd /c assoc .mp3=AIMP.mp3
Clean up Windows system directories
===================================
Run ``cleanmgr.exe``.
Disable hibernation::
powercfg /hibernate off
On Windows 10 use compaction (compressing Windows bloatware). It frees about 2 GiB::
Compact.exe /CompactOS:always
Clean up WinSXS directory (from admin permission)::
DISM /online /Cleanup-Image /SpSuperseded
DISM /online /Cleanup-Image /StartComponentCleanup /ResetBase
You can safely remove SP restore files::
%Systemroot%\$NtServicePackUninstall$
Also check such directories::
%SYSTEMDRIVE%\Program Files\Common Files
%SYSTEMDRIVE%\Documents and Settings\USER\Application Data
%SYSTEMDRIVE%\Documents and Settings\USER\Local Settings
http://support.microsoft.com/kb/290402
HOW TO: Remove the Service Pack Restore Files and Folders in Windows
http://support.microsoft.com/kb/253597
Automating Disk Cleanup Tool in Windows
https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space
Tips to free up drive space on your PC.
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/clean-up-the-winsxs-folder
Clean Up the WinSxS Folder.
https://support.microsoft.com/en-us/help/2795190/how-to-address-disk-space-issues-that-are-caused-by-a-large-windows-co
How to address disk space issues that are caused by a large Windows component store (WinSxS) directory.
Schedule Tasks in Windows
=========================
List registered of task::
$ schtasks /query
Create task::
$ schtasks /create /tn %TASK_NAME% /ru %ROOT% /sc daily /st 23:00:00 /tr "rundll32.exe user32.dll,LockWorkStation"
``/sc`` can be one of::
MINUTE HOURLY DAILY WEEKLY MONTHLY ONCE ONSTART ONLOGON ONIDLE
Delete task::
schtasks /delete /tn %TASK_NAME% /f
Change NTFS permissions
=======================
``icacls`` allow option:
* ``/c`` - Continues the operation despite any file errors. Error messages will
still be displayed.
* ``/t`` - Apply recursively.
* ``/l`` - Performs the operation on a symbolic link versus its destination.
* ``/q`` - Suppresses success messages.
Permissions description:
* ``f`` - full control
* ``CI`` = Container Inherit - This flag indicates that subordinate containers will
inherit this ACE.
* ``OI`` = Object Inherit - This flag indicates that subordinate files will inherit
the ACE.
To review current permissions::
cmd> icacls %dir% /t
.. note:: To get brief view of permissions use ``AccessEnum`` utility from
Sysinternals.
Recursively change the owner of all matching files to the specified user::
cmd> icacls %dir% /setowner %user% /t /c
or simply::
cmd> takeown /r /f %file%
.. note:: Sometimes you don't have enough permssion to change permission. Run
commands from administrator shell.
Recursively grand full access for everyone::
cmd> icacls %dir% /t /grant:r %user%:(f)
cmd> icacls %dir% /t /grant:r *S-1-1-0:(f)
Somtimes it fail due to permission inheritance, try to strip them::
cmd> icacls %dir% /inheritance:r /t /grant:r %user%:(f)
Remove all permissons from file (first reset to inherited, then remove inherited)::
cmd> icacls %FILE% /reset
cmd> icacls %FILE% /inheritance:r
Read file attributes::
cmd> attrib %FILE%
Set/remove attributes (``/s`` - recursive)::
cmd> attrib +r -h %DIR% /s
https://technet.microsoft.com/en-us/library/cc753525.aspx
Icacls.
http://support.microsoft.com/kb/919240
The ``Icacls.exe`` utility is available for Windows Server 2003 with Service Pack 2.
https://technet.microsoft.com/en-us/library/2009.07.geekofalltrades.aspx
Geek of all Trades Setting Permissions from the Command Line.
https://technet.microsoft.com/en-us/library/bb490868.aspx
Attrib utility.
User management
===============
List available users::
cmd> net user
cmd> wmic useraccount list brief
List available groups::
cmd> net localgroup
List available users in group::
cmd> net localgroup %GROUP%
cmd> net localgroup Administrators
cmd> net localgroup Users
Current logged user::
cmd> whoami
Create new user by supplying password argument::
cmd> net user /ADD %USER% %PASS%
Create new user by entering password in prompt::
cmd> net user /ADD %USER% *
Well-known security identifiers (SID).
======================================
Pring SIDs of groups::
cmd> whoami /groups
Print current user SID::
cmd> whoami /user
Get name from SID::
cmd> PsGetsid.exe S-1-0-0
Get SID from name::
cmd> PsGetsid.exe "NT AUTHORITY\System"
cmd> PsGetsid.exe "NT AUTHORITY\LocalService"
Well known users/groups:
``S-1-0-0``
Nobody. A group with no members. This is often used when a SID
value is not known.
``S-1-1-0``
World/Everyone. A group that includes all users.
``S-1-2-0``
Local. A group that includes all users who have logged on locally.
``S-1-2-1``
Console Logon. A group that includes users who are logged on to the physical
console.
``S-1-3-0``
Creator Owner ID. A security identifier to be replaced by the
security identifier of the user who created a new object. This
SID is used in inheritable ACEs.
``S-1-3-1``
Creator Group ID. A security identifier to be replaced by the
primary-group SID of the user who created a new object. Use this
SID in inheritable ACEs.
``S-1-5-6``
Service. A group that includes all security principals that have
logged on as a service. Membership is controlled by the
operating system.
``S-1-5-7``
Anonymous. A group that includes all users that have logged on
anonymously. Membership is controlled by the operating system.
``S-1-5-18``
``NT AUTHORITY\SYSTEM``
``S-1-5-19``
``NT AUTHORITY\LocalService``
``S-1-5-32-544``
Administrators group.
``S-1-5-32-545``
Users group.
``S-1-5-32-546``
Guests. By default, the only member is the Guest account. The
Guests group allows occasional or one-time users to log on with
limited privileges to a computer's built-in Guest account.
``S-1-5-32-547``
Power Users. Power users can create local users and groups;
modify and delete accounts that they have created; and remove
users from the Power Users, Users, and Guests groups. Power
users also can install programs; create, manage, and delete
local printers; and create and delete file shares.
See:
https://msdn.microsoft.com/en-us/library/aa379649.aspx
Well-known SIDs
https://support.microsoft.com/en-us/help/243330/
Well-known security identifiers in Windows operating systems.
https://msdn.microsoft.com/en-us/library/ms686005.aspx
Service User Accounts.
http://en.wikipedia.org/wiki/Security_Identifier
Security Identifier
Converting SID to names and inside out.
=======================================
Use 'PsGetSid' utility from Sysinternals::
cmd> PsGetSid S-1-3-0
cmd> PsGetSid "\NULL SID"
Gathering info about Windows.
=============================
::
cmd> systeminfo
From ``Win+R``::
helpctr.exe -mode hcp://system/sysinfo/msinfo.xml
or by::
cmd> %SystemRoot%\pchealth\helpctr\binaries\helpctr.exe -mode hcp://system/sysinfo/msinfo.xml
Automatically logon to Windows
==============================
::
cmd# control userpasswords2
Time synchronization in Windows
===============================
Most of registry tweaks have no effect or inconsistent on Windows time
scheduling.
Better way to control time sync is via Windws Task with commands (start service
and force update)::
%windir%\system32\sc.exe start w32time task_started
%windir%\system32\w32tm.exe /resync
https://www.pretentiousname.com/timesync/
Make Windows synchronize time more often.
https://superuser.com/questions/529367/automatically-sync-windows-time-more-often-than-default
Automatically sync Windows time more often than default.
https://superuser.com/questions/603120/how-to-update-windows-8-clock-with-the-internet-every-time-i-boot-the-system
How to update Windows 8 clock with the internet every time I boot the system?
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings
Windows Time Service Tools and Settings.
https://time.is/
Online in browser service to find time difference.
Format drive.
=============
Replace with own disk letter::
cmd# format E: /q /fs:ntfs
See:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/format.mspx
Formats the disk in the specified volume to accept Windows
files.
Login/logout user scripts
=========================
``%SystemRoot%\system32\GroupPolicy\User\Scripts\Logoff`` and
``%SystemRoot%\system32\GroupPolicy\User\Scripts\Logon``.
hosts file
==========
``%SystemRoot%\System32\drivers\etc\hosts``.
Path to directory defined by registry key::
bash# cat /proc/registry/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/tcpip/Parameters/DataBasePath
%SystemRoot%\System32\drivers\etc