Windows

recovery

list drives:

wmic logicaldisk get caption,providername,drivetype,volumename

also start notepad and open: commdlg!!!

Scripting firewall changes:

http://technet.microsoft.com/en-us/library/ee692652.aspx

List restore points. In powershell as admin:

Get-ComputerRestorePoint

Restore-Computer ...

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/restore-computer?view=powershell-5.1

Checkpoint-Computer ...

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/checkpoint-computer?view=powershell-5.1

more: https://mcpmag.com/articles/2012/02/21/powershell-windows-restore.aspx

Git for Windows Notes

use git bash for rudimentary stuff, fix the default prompt:

export PS1="\[\033[01;32m\]\u@\h[\033[0:34m\] \w \$\[\033[00m\]"

add git usr bin to path so you get openssh not putty.

/c/Program Files/Git/usr/bin:

ssh-add and ssh-agent work the same as on *unix

git wants to use the ssh in your path which is probably putty not openssh.

so you add /c/Program\ Files/Git/usr/bin/ to your path and that doesn't work.

Then you:

David@Enkidu[ ~/Intro_ml_w_Python $git config --global core.sshCommand "/c/Program Files/Git/usr/bin/ssh.exe"
David@Enkidu[ ~/Intro_ml_w_Python $git config -pull
C:/Program Files/Git/usr/bin/ssh.exe: C:/Program: No such file or directory
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

And that also doesn't work.

So you copy C:\Program Files\Git to C:\Git and then:

git config --global core.sshCommand "/c/Git/usr/bin/ssh.exe"

and that works. Sigh.

Deployment Image Servicing and Management

A possible way to clean up SXS (Side-by-side assembly)

dism /online /cleanup-image /spsuperseded

http://www.iishacks.com/2011/06/23/reduce-windows-7-winsxs-folder-size/

Resource Checker

>sfc
Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

Scans the integrity of all protected system files and replaces incorrect version s with correct Microsoft versions.

SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
    [/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>]

/SCANNOW        Scans integrity of all protected system files and repairs files with problems when possible.
/VERIFYONLY     Scans integrity of all protected system files. No repair operati on is performed.
/SCANFILE       Scans integrity of the referenced file, repairs file if problems are identified. Specify full path <file>
/VERIFYFILE     Verifies the integrity of the file with full path <file>.  No repair operation is performed.
/OFFBOOTDIR     For offline repair specify the location of the offline boot directory
/OFFWINDIR      For offline repair specify the location of the offline windows directory

e.g.

        sfc /SCANNOW
        sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
        sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows
        sfc /VERIFYONLY

Which ?

You want to know where a binary is in your path.

it's in your path, it works, but where is it?

answer: where.exe

Compare:

• Nix

mrtg@athena /home/david/public_html $ which perl
/usr/bin/perl
mrtg@athena /home/david/public_html $

Windows:

C:\Users\David>where perl
C:\Perl64\bin\perl.exe

C:\Users\David>

Notepad++ tips

doing dev work on windows with notepass++: ENV!

http://blog.sanaulla.info/2008/07/25/using-notepad-to-compile-and-run-java-programs/

Resource and Tools

Must haves:

• Sysinternals suite
• Microsoft Network monitor.
• TCP analyser ( takes pcaps from MS Network monitor above and makes reports. )
• http://www.advanced-ip-scanner.com/

security related

• Revo Uninstaller ( http://www.revouninstaller.com/ )
• Malwarebytes
• avg
• spybot search and destroy.
• other tools ( Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo ) ( ref http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_start/adwcleaner-is-not-safe/40295ce4-027b-46bb-b721-2499a8a53108?auth=1 )

Cached credentials?

c:\windows\system32\rundll32.exe keymgr.dll,KRShowKeyMgr

Your credentials for shares / mapped drives may not be listed.

also: as admin:

net stop lanmanworkstation ;
net start lanmanworkstation ;
net start netlogon ;
net start sessionenv

Double hop RDP

aka slow rdp session starts.

it's possible CredSSP is giving you trouble.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/b8e58d83-3178-4490-b4f4-1c6e5542c39a/rdp-slow-initial-connection

tl;dr: in your rdp file add:

enablecredsspsupport:i:0

alternatively update your GPO to support multi hop CredSSP:

https://msdn.microsoft.com/en-us/library/ee309365(v=vs.85).aspx

Uptime

easy mode:

net stats srv

or

net statistics server

powershells script:

function Get-SystemUptime            
{            
$operatingSystem = Get-WmiObject Win32_OperatingSystem
[Management.ManagementDateTimeConverter]::ToDateTime($operatingSystem.LastBootUpTime)            
}
Get-SystemUptime
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey ("NoEcho,IncludeKeyDown")

removing roaming profiles

two tools:

• delprof2
• vtra tsprofcleaner

Volume Shadow Copy Failed

Windows 7, while trying to make a system image.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>wbadmin start backup -allCritical -systemState -backupTarget
:d: -include:c:
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

ERROR - One of the parameters or options provided is unexpected: systemState. Se
e
the syntax below.

Syntax: WBADMIN START BACKUP
    [-backupTarget:{<BackupDestinationVolume> | <TargetNetworkShare>}]
    [-include:<VolumesToInclude>]
    [-allCritical]
    [-user:<UserName>]
    [-password:<Password>]
    [-noInheritAcl]
    [-noVerify]
    [-vssFull | -vssCopy]
    [-quiet]

Description:  Creates a backup using specified parameters. If no parameters
are specified and you have created a scheduled daily backup, this command
creates the backup by using the settings for the scheduled backup.

Parameters:
-backupTarget  Specifies the storage location for this backup. Requires a
                hard disk drive letter (f:), a volume GUID-based path in the
                format of \\?\Volume{GUID}, or a Universal Naming Convention
                (UNC) path to a remote shared folder
                (\\<servername>\<sharename>\).
                By default, the backup will be saved at: \\<servername>
                \<sharename>\WindowsImageBackup\<ComputerBackedUp>\.
                Important: If you save a backup to a remote shared folder,
                that backup will be overwritten if you use the same folder to
                back up the same computer again. In addition, if the backup
                operation fails, you may finish with no backup because the
                older backup will be overwritten, but the newer backup will
                not be usable.
                You can avoid this by creating subfolders in the remote shared
                folder to organize your backups. If you do this, the
                subfolders will need twice the space of the parent folder.

-include       Specifies the comma-delimited list of items to include in the
                backup. You can include multiple volumes. Volume paths can be
                specified using volume drive letters, volume mount points, or
                GUID-based volume names. If you use a GUID-based volume
                name, it should be terminated with a backslash (\). You can
                use the wildcard character (*) in the file name when
                specifying a path to a file. Should be used only when the
                -backupTarget parameter is used.

-allCritical   Creates a backup that includes all critical volumes (critical
                volumes contain the operating system files and components) in
                addition to any other items that you specified with the
                -include parameter. This parameter is useful if you are
                creating a backup for bare metal recovery or system state
                recovery. Should be used only when the -backupTarget
                parameter is used.

-user          If the backup is saved to a remote shared folder, specifies
                the user name with write permission to the folder.

-password      Specifies the password for the user name that is provided by
                the parameter -user.

-noInheritAcl  Applies the access control list (ACL) permissions that
                correspond to the credentials specified by -user and
                -password to \\<servername>\<sharename>\WindowsImageBackup
                \<ComputerBackedUp>\ (the folder that contains the backup).
                To access the backup later, you must use these credentials or
                be a member of the Administrators group or the Backup
                Operators group on the computer with the shared folder.
                If -noInheritAcl is not used, the ACL permissions from the
                remote shared folder are applied to the
                <ComputerBackedUp> folder by default so that anyone with

                access to the remote shared folder can access the backup.

-noVerify      Specifies that backups written to removable media (such as a
                DVD) are not verified for errors. If you do not use this
                parameter, backups saved to removable media are verified for
                errors.

-vssFull       Performs a full backup using the Volume Shadow Copy Service
                (VSS). Each file's history is updated to reflect that it was
                backed up. If this parameter is not used WBADMIN START BACKUP
                makes a copy backup, but the history of files being backed up
                is not updated.
                Caution: Do not use this parameter if you are using a product
                other than Windows Server Backup to back up applications that
                are on the volumes included in the current backup. Doing so
                canpotentially break the incremental, differential, or other
                type of backups that the other backup product is creating.

-vssCopy       Performs a copy backup using VSS. The history of the files
                being backed up is not updated. This is the default value.

-quiet         Runs the command with no prompts to the user.

Example: WBADMIN START BACKUP -backupTarget:f: -include:e:,d:\mountpoint,
\\?\Volume{cc566d14-44a0-11d9-9d93-806e6f6e6963}\


C:\Windows\system32>wbadmin start backup -allCritical -backupTarget:d: -include:
c:
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.

Retrieving volume information...
This will back up volume workbackup(C:) to d:.
Do you want to start the backup operation?
[Y] Yes [N] No Y

The backup operation to D: is starting.
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a shadow copy of the volumes specified for backup...
Creating a backup of volume workbackup(C:), copied (0%).
Creating a backup of volume workbackup(C:), copied (1%).
Creating a backup of volume workbackup(C:), copied (2%).
Creating a backup of volume workbackup(C:), copied (4%).
Creating a backup of volume workbackup(C:), copied (5%).
Creating a backup of volume workbackup(C:), copied (6%).
Creating a backup of volume workbackup(C:), copied (7%).
Creating a backup of volume workbackup(C:), copied (9%).
Creating a backup of volume workbackup(C:), copied (10%).
Creating a backup of volume workbackup(C:), copied (11%).
Creating a backup of volume workbackup(C:), copied (12%).
Creating a backup of volume workbackup(C:), copied (13%).
Creating a backup of volume workbackup(C:), copied (15%).
Creating a backup of volume workbackup(C:), copied (16%).
Creating a backup of volume workbackup(C:), copied (17%).
Creating a backup of volume workbackup(C:), copied (18%).
Creating a backup of volume workbackup(C:), copied (20%).
Creating a backup of volume workbackup(C:), copied (21%).
Creating a backup of volume workbackup(C:), copied (22%).
Creating a backup of volume workbackup(C:), copied (23%).
Creating a backup of volume workbackup(C:), copied (25%).
Creating a backup of volume workbackup(C:), copied (26%).
Creating a backup of volume workbackup(C:), copied (27%).
Creating a backup of volume workbackup(C:), copied (28%).
Creating a backup of volume workbackup(C:), copied (29%).
Creating a backup of volume workbackup(C:), copied (31%).
Creating a backup of volume workbackup(C:), copied (32%).
Creating a backup of volume workbackup(C:), copied (33%).
Creating a backup of volume workbackup(C:), copied (34%).
Creating a backup of volume workbackup(C:), copied (35%).
Creating a backup of volume workbackup(C:), copied (37%).
Creating a backup of volume workbackup(C:), copied (38%).
Creating a backup of volume workbackup(C:), copied (39%).
Creating a backup of volume workbackup(C:), copied (40%).
Creating a backup of volume workbackup(C:), copied (41%).
Creating a backup of volume workbackup(C:), copied (42%).
Creating a backup of volume workbackup(C:), copied (44%).
Creating a backup of volume workbackup(C:), copied (46%).
Creating a backup of volume workbackup(C:), copied (47%).
Creating a backup of volume workbackup(C:), copied (48%).
Creating a backup of volume workbackup(C:), copied (49%).
Creating a backup of volume workbackup(C:), copied (50%).
Creating a backup of volume workbackup(C:), copied (51%).
Creating a backup of volume workbackup(C:), copied (53%).
Creating a backup of volume workbackup(C:), copied (54%).
Creating a backup of volume workbackup(C:), copied (55%).
Creating a backup of volume workbackup(C:), copied (56%).
Creating a backup of volume workbackup(C:), copied (57%).
Creating a backup of volume workbackup(C:), copied (58%).
Creating a backup of volume workbackup(C:), copied (60%).
Creating a backup of volume workbackup(C:), copied (61%).
Creating a backup of volume workbackup(C:), copied (62%).
Creating a backup of volume workbackup(C:), copied (63%).
Creating a backup of volume workbackup(C:), copied (64%).
Creating a backup of volume workbackup(C:), copied (65%).
Creating a backup of volume workbackup(C:), copied (66%).
Creating a backup of volume workbackup(C:), copied (67%).
Creating a backup of volume workbackup(C:), copied (68%).
Creating a backup of volume workbackup(C:), copied (70%).
Creating a backup of volume workbackup(C:), copied (71%).
Creating a backup of volume workbackup(C:), copied (72%).
Creating a backup of volume workbackup(C:), copied (73%).
Creating a backup of volume workbackup(C:), copied (74%).
Creating a backup of volume workbackup(C:), copied (75%).
Creating a backup of volume workbackup(C:), copied (76%).
Creating a backup of volume workbackup(C:), copied (77%).
Creating a backup of volume workbackup(C:), copied (78%).
Creating a backup of volume workbackup(C:), copied (79%).
Creating a backup of volume workbackup(C:), copied (80%).
Creating a backup of volume workbackup(C:), copied (81%).
Creating a backup of volume workbackup(C:), copied (82%).
Creating a backup of volume workbackup(C:), copied (84%).
Creating a backup of volume workbackup(C:), copied (85%).
Creating a backup of volume workbackup(C:), copied (86%).
Creating a backup of volume workbackup(C:), copied (87%).
Creating a backup of volume workbackup(C:), copied (88%).
Creating a backup of volume workbackup(C:), copied (89%).
Creating a backup of volume workbackup(C:), copied (90%).
Creating a backup of volume workbackup(C:), copied (91%).
Creating a backup of volume workbackup(C:), copied (92%).
Creating a backup of volume workbackup(C:), copied (93%).
Creating a backup of volume workbackup(C:), copied (94%).
Creating a backup of volume workbackup(C:), copied (95%).
Creating a backup of volume workbackup(C:), copied (96%).
Creating a backup of volume workbackup(C:), copied (97%).
Creating a backup of volume workbackup(C:), copied (98%).
Creating a backup of volume workbackup(C:), copied (99%).
The backup of volume workbackup(C:) successfully completed.
The backup operation stopped before completing.
Summary of the backup operation:
------------------

The backup operation stopped before completing.
Detailed error: ERROR - A Volume Shadow Copy Service operation error has
occurred: (0x80042306)
The shadow copy provider had an error. Check the System and Application event lo
gs for more information.


Windows Backup failed to create the shadow copy on the storage location.
ERROR - A Volume Shadow Copy Service operation error has
occurred: (0x80042306)
The shadow copy provider had an error. Check the System and Application event lo
gs for more information.

C:\Windows\system32>

some command lines:

wbadmin start backup -allCritical -systemState -backupTarget:d: -include:c:

wbadmin start backup -allCritical -backupTarget:d: -include:c:

vssadmin resize shadowstorage /on=C: /for=C: /maxsize=40GB

Routing

route print 

C:\Windows\system32>route add 10.120.97.192 mask 255.255.255.192 10.68.255.252
 OK!
C:\Windows\system32>

C:\WINDOWS\system32>route delete 87.237.34.200 mask 255.255.255.255 0.0.0.0 IF 30

Cyphers

use this tool t ochange ssl tls config:

https://www.nartac.com/Products/IISCrypto/

Scripting Roles and Supporting Software

##AD DS ##
Install-WindowsFeature –name AD-Domain-Services
Install-WindowsFeature –name DNS
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex

choco install sysinternals -y
choco install procexp -y 

choco install procmon -y 


##TS ##
Import-module ServerManager –verbose
Get-WindowsFeature –Name *RDS*
Add-WindowsFeature –Name RDS-RD-Server –IncludeAllSubFeature 
set-rdlicenseconfiguration -LicenseServer localhost -Mode PerUser
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex

choco install sysinternals -y
choco install procexp -y 

choco install procmon -y 

##IIS ##
import-module servermanager
add-windowsfeature web-server -includeallsubfeature
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex

choco install sysinternals -y
choco install procexp -y 

choco install procmon -y 

##SQL##
iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex

choco install sysinternals -y
choco install procexp -y 

choco install procmon -y 

Domain Controller Health Check

https://gallery.technet.microsoft.com/scriptcenter/Active-Directory-Health-709336cd

dcdiag https://blogs.technet.microsoft.com/askds/2011/03/22/what-does-dcdiag-actually-do/

Working with Printers and printer drivers

( testing windows 7 )

In the start menu type "print management". This will give you access to the surrently installed printers, and all drivers for printer not installed.

Hidden drivers , device not connected

reference: https://support.microsoft.com/en-us/help/315539/device-manager-does-not-display-devices-that-are-not-connected

windows 7:

to see devices not connected ( that you maybe you can uninstall the driver )

cmd.exe

set devmgr_show_nonpresent_devices=1
start devmgmt.msc

Limiting Bits Regedit way

reference: https://superuser.com/questions/1039229/limit-bandwidth-used-by-windows-update

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\BITS

Create a DWORD value called EnableBITSMaxBandwidth with a value of 1; that tells BITS that there are settings to look at. Create DWORD values called MaxBandwidthValidFrom and MaxBandwidthValidTo, each containing an hour of the day from 0 to 23. (For example, 8 is 8:00 AM, and 17 is 5:00 PM.) These actually don't matter a lot in this case, but I told you about them for completion's sake.

Create two more DWORD values called MaxTransferRateOffSchedule and MaxTransferRateOnSchedule. Give each of them the maximum rate of transfer in Kbps. Note that you may need to switch to Decimal entry mode to see the value as normal humans think about numbers.

Summary:

DWORD EnableBITSMaxBandwidth 1
DWORD MaxBandwidthValidFrom [0-23]
DWORD MaxBandwidthValidTo [0-23]

DWORD MaxTransferRateOffSchedule 64 ( in kilobytes )
DWORD MaxTransferRateOnSchedule 64 ( in kilobytes )

Regedit file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\BITS]
"EnableBITSMaxBandwidth"=dword:00000001
"MaxTransferRateOnSchedule"=dword:00000040
"MaxTransferRateOffSchedule"=dword:00000040

Boot Performance

Windows 7 Pro

reference: https://www.guidingtech.com/2955/fix-slow-windows-startup-boot-performance-diagnostics/

TL:DR;

• "gpedit.msc"
  • Computer Configuration -> Administrative Templates -> Systems -> Troubleshooting and Diagnostics-> Windows Boot Performance Diagnostics.
  • "Configure Scenario Execution Level"
  • Enable.

• start service: "Diagnostic Policy Service"

• results in even log

also see:

https://support.microsoft.com/en-us/help/325376/how-to-enable-verbose-startup--shutdown--logon--and-logoff-status-mess

https://social.technet.microsoft.com/Forums/windows/en-US/3596b55e-e21d-4185-95a3-8c4503987910/windows-7-64bit-startup-time-is-slow-and-i-want-to-know-why?forum=w7itproperf

https://www.techrepublic.com/blog/windows-and-office/use-windows-7-event-viewer-to-track-down-issues-that-cause-slower-boot-times/

Related

• Cleaning and optimizing a Windows computer safely
• IIS Notes