Windows: Difference between revisions
Line 143: | Line 143: | ||
Your credentials for shares / mapped drives may not be listed. | Your credentials for shares / mapped drives may not be listed. | ||
also: | |||
as admin: | |||
<pre> | |||
net stop lanmanworkstation ; | |||
net start lanmanworkstation ; | |||
net start netlogon ; | |||
net start sessionenv | |||
</pre> | |||
== Double hop RDP == | == Double hop RDP == |
Latest revision as of 19:03, 6 August 2022
recovery
list drives:
wmic logicaldisk get caption,providername,drivetype,volumename
also start notepad and open: commdlg!!!
Scripting firewall changes:
http://technet.microsoft.com/en-us/library/ee692652.aspx
List restore points. In powershell as admin:
Get-ComputerRestorePoint
Restore-Computer ...
Checkpoint-Computer ...
more: https://mcpmag.com/articles/2012/02/21/powershell-windows-restore.aspx
Git for Windows Notes
use git bash for rudimentary stuff, fix the default prompt:
export PS1="\[\033[01;32m\]\u@\h[\033[0:34m\] \w \$\[\033[00m\]"
add git usr bin to path so you get openssh not putty.
/c/Program Files/Git/usr/bin:
ssh-add and ssh-agent work the same as on *unix
git wants to use the ssh in your path which is probably putty not openssh.
so you add /c/Program\ Files/Git/usr/bin/ to your path and that doesn't work.
Then you:
David@Enkidu[ ~/Intro_ml_w_Python $git config --global core.sshCommand "/c/Program Files/Git/usr/bin/ssh.exe" David@Enkidu[ ~/Intro_ml_w_Python $git config -pull C:/Program Files/Git/usr/bin/ssh.exe: C:/Program: No such file or directory fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
And that also doesn't work.
So you copy C:\Program Files\Git to C:\Git and then:
git config --global core.sshCommand "/c/Git/usr/bin/ssh.exe"
and that works. Sigh.
Deployment Image Servicing and Management
A possible way to clean up SXS (Side-by-side assembly)
dism /online /cleanup-image /spsuperseded
http://www.iishacks.com/2011/06/23/reduce-windows-7-winsxs-folder-size/
Resource Checker
>sfc Microsoft (R) Windows (R) Resource Checker Version 6.0 Copyright (c) 2006 Microsoft Corporation. All rights reserved. Scans the integrity of all protected system files and replaces incorrect version s with correct Microsoft versions. SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>] [/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>] /SCANNOW Scans integrity of all protected system files and repairs files with problems when possible. /VERIFYONLY Scans integrity of all protected system files. No repair operati on is performed. /SCANFILE Scans integrity of the referenced file, repairs file if problems are identified. Specify full path <file> /VERIFYFILE Verifies the integrity of the file with full path <file>. No repair operation is performed. /OFFBOOTDIR For offline repair specify the location of the offline boot directory /OFFWINDIR For offline repair specify the location of the offline windows directory e.g. sfc /SCANNOW sfc /VERIFYFILE=c:\windows\system32\kernel32.dll sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows sfc /VERIFYONLY
Which ?
You want to know where a binary is in your path.
it's in your path, it works, but where is it?
answer: where.exe
Compare:
- Nix
mrtg@athena /home/david/public_html $ which perl /usr/bin/perl mrtg@athena /home/david/public_html $
Windows:
C:\Users\David>where perl C:\Perl64\bin\perl.exe C:\Users\David>
Notepad++ tips
doing dev work on windows with notepass++: ENV!
http://blog.sanaulla.info/2008/07/25/using-notepad-to-compile-and-run-java-programs/
Resource and Tools
Must haves:
- Sysinternals suite
- Microsoft Network monitor.
- TCP analyser ( takes pcaps from MS Network monitor above and makes reports. )
- http://www.advanced-ip-scanner.com/
- Revo Uninstaller ( http://www.revouninstaller.com/ )
- Malwarebytes
- avg
- spybot search and destroy.
- other tools ( Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo ) ( ref http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_start/adwcleaner-is-not-safe/40295ce4-027b-46bb-b721-2499a8a53108?auth=1 )
Cached credentials?
c:\windows\system32\rundll32.exe keymgr.dll,KRShowKeyMgr
Your credentials for shares / mapped drives may not be listed.
also: as admin:
net stop lanmanworkstation ; net start lanmanworkstation ; net start netlogon ; net start sessionenv
Double hop RDP
aka slow rdp session starts.
it's possible CredSSP is giving you trouble.
tl;dr: in your rdp file add:
enablecredsspsupport:i:0
alternatively update your GPO to support multi hop CredSSP:
https://msdn.microsoft.com/en-us/library/ee309365(v=vs.85).aspx
Uptime
easy mode:
net stats srv
or
net statistics server
powershells script:
function Get-SystemUptime { $operatingSystem = Get-WmiObject Win32_OperatingSystem [Management.ManagementDateTimeConverter]::ToDateTime($operatingSystem.LastBootUpTime) } Get-SystemUptime Write-Host "Press any key to continue ..." $x = $host.UI.RawUI.ReadKey ("NoEcho,IncludeKeyDown")
removing roaming profiles
two tools:
- delprof2
- vtra tsprofcleaner
Volume Shadow Copy Failed
Windows 7, while trying to make a system image.
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>wbadmin start backup -allCritical -systemState -backupTarget :d: -include:c: wbadmin 1.0 - Backup command-line tool (C) Copyright 2004 Microsoft Corp. ERROR - One of the parameters or options provided is unexpected: systemState. Se e the syntax below. Syntax: WBADMIN START BACKUP [-backupTarget:{<BackupDestinationVolume> | <TargetNetworkShare>}] [-include:<VolumesToInclude>] [-allCritical] [-user:<UserName>] [-password:<Password>] [-noInheritAcl] [-noVerify] [-vssFull | -vssCopy] [-quiet] Description: Creates a backup using specified parameters. If no parameters are specified and you have created a scheduled daily backup, this command creates the backup by using the settings for the scheduled backup. Parameters: -backupTarget Specifies the storage location for this backup. Requires a hard disk drive letter (f:), a volume GUID-based path in the format of \\?\Volume{GUID}, or a Universal Naming Convention (UNC) path to a remote shared folder (\\<servername>\<sharename>\). By default, the backup will be saved at: \\<servername> \<sharename>\WindowsImageBackup\<ComputerBackedUp>\. Important: If you save a backup to a remote shared folder, that backup will be overwritten if you use the same folder to back up the same computer again. In addition, if the backup operation fails, you may finish with no backup because the older backup will be overwritten, but the newer backup will not be usable. You can avoid this by creating subfolders in the remote shared folder to organize your backups. If you do this, the subfolders will need twice the space of the parent folder. -include Specifies the comma-delimited list of items to include in the backup. You can include multiple volumes. Volume paths can be specified using volume drive letters, volume mount points, or GUID-based volume names. If you use a GUID-based volume name, it should be terminated with a backslash (\). You can use the wildcard character (*) in the file name when specifying a path to a file. Should be used only when the -backupTarget parameter is used. -allCritical Creates a backup that includes all critical volumes (critical volumes contain the operating system files and components) in addition to any other items that you specified with the -include parameter. This parameter is useful if you are creating a backup for bare metal recovery or system state recovery. Should be used only when the -backupTarget parameter is used. -user If the backup is saved to a remote shared folder, specifies the user name with write permission to the folder. -password Specifies the password for the user name that is provided by the parameter -user. -noInheritAcl Applies the access control list (ACL) permissions that correspond to the credentials specified by -user and -password to \\<servername>\<sharename>\WindowsImageBackup \<ComputerBackedUp>\ (the folder that contains the backup). To access the backup later, you must use these credentials or be a member of the Administrators group or the Backup Operators group on the computer with the shared folder. If -noInheritAcl is not used, the ACL permissions from the remote shared folder are applied to the <ComputerBackedUp> folder by default so that anyone with access to the remote shared folder can access the backup. -noVerify Specifies that backups written to removable media (such as a DVD) are not verified for errors. If you do not use this parameter, backups saved to removable media are verified for errors. -vssFull Performs a full backup using the Volume Shadow Copy Service (VSS). Each file's history is updated to reflect that it was backed up. If this parameter is not used WBADMIN START BACKUP makes a copy backup, but the history of files being backed up is not updated. Caution: Do not use this parameter if you are using a product other than Windows Server Backup to back up applications that are on the volumes included in the current backup. Doing so canpotentially break the incremental, differential, or other type of backups that the other backup product is creating. -vssCopy Performs a copy backup using VSS. The history of the files being backed up is not updated. This is the default value. -quiet Runs the command with no prompts to the user. Example: WBADMIN START BACKUP -backupTarget:f: -include:e:,d:\mountpoint, \\?\Volume{cc566d14-44a0-11d9-9d93-806e6f6e6963}\ C:\Windows\system32>wbadmin start backup -allCritical -backupTarget:d: -include: c: wbadmin 1.0 - Backup command-line tool (C) Copyright 2004 Microsoft Corp. Retrieving volume information... This will back up volume workbackup(C:) to d:. Do you want to start the backup operation? [Y] Yes [N] No Y The backup operation to D: is starting. Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a shadow copy of the volumes specified for backup... Creating a backup of volume workbackup(C:), copied (0%). Creating a backup of volume workbackup(C:), copied (1%). Creating a backup of volume workbackup(C:), copied (2%). Creating a backup of volume workbackup(C:), copied (4%). Creating a backup of volume workbackup(C:), copied (5%). Creating a backup of volume workbackup(C:), copied (6%). Creating a backup of volume workbackup(C:), copied (7%). Creating a backup of volume workbackup(C:), copied (9%). Creating a backup of volume workbackup(C:), copied (10%). Creating a backup of volume workbackup(C:), copied (11%). Creating a backup of volume workbackup(C:), copied (12%). Creating a backup of volume workbackup(C:), copied (13%). Creating a backup of volume workbackup(C:), copied (15%). Creating a backup of volume workbackup(C:), copied (16%). Creating a backup of volume workbackup(C:), copied (17%). Creating a backup of volume workbackup(C:), copied (18%). Creating a backup of volume workbackup(C:), copied (20%). Creating a backup of volume workbackup(C:), copied (21%). Creating a backup of volume workbackup(C:), copied (22%). Creating a backup of volume workbackup(C:), copied (23%). Creating a backup of volume workbackup(C:), copied (25%). Creating a backup of volume workbackup(C:), copied (26%). Creating a backup of volume workbackup(C:), copied (27%). Creating a backup of volume workbackup(C:), copied (28%). Creating a backup of volume workbackup(C:), copied (29%). Creating a backup of volume workbackup(C:), copied (31%). Creating a backup of volume workbackup(C:), copied (32%). Creating a backup of volume workbackup(C:), copied (33%). Creating a backup of volume workbackup(C:), copied (34%). Creating a backup of volume workbackup(C:), copied (35%). Creating a backup of volume workbackup(C:), copied (37%). Creating a backup of volume workbackup(C:), copied (38%). Creating a backup of volume workbackup(C:), copied (39%). Creating a backup of volume workbackup(C:), copied (40%). Creating a backup of volume workbackup(C:), copied (41%). Creating a backup of volume workbackup(C:), copied (42%). Creating a backup of volume workbackup(C:), copied (44%). Creating a backup of volume workbackup(C:), copied (46%). Creating a backup of volume workbackup(C:), copied (47%). Creating a backup of volume workbackup(C:), copied (48%). Creating a backup of volume workbackup(C:), copied (49%). Creating a backup of volume workbackup(C:), copied (50%). Creating a backup of volume workbackup(C:), copied (51%). Creating a backup of volume workbackup(C:), copied (53%). Creating a backup of volume workbackup(C:), copied (54%). Creating a backup of volume workbackup(C:), copied (55%). Creating a backup of volume workbackup(C:), copied (56%). Creating a backup of volume workbackup(C:), copied (57%). Creating a backup of volume workbackup(C:), copied (58%). Creating a backup of volume workbackup(C:), copied (60%). Creating a backup of volume workbackup(C:), copied (61%). Creating a backup of volume workbackup(C:), copied (62%). Creating a backup of volume workbackup(C:), copied (63%). Creating a backup of volume workbackup(C:), copied (64%). Creating a backup of volume workbackup(C:), copied (65%). Creating a backup of volume workbackup(C:), copied (66%). Creating a backup of volume workbackup(C:), copied (67%). Creating a backup of volume workbackup(C:), copied (68%). Creating a backup of volume workbackup(C:), copied (70%). Creating a backup of volume workbackup(C:), copied (71%). Creating a backup of volume workbackup(C:), copied (72%). Creating a backup of volume workbackup(C:), copied (73%). Creating a backup of volume workbackup(C:), copied (74%). Creating a backup of volume workbackup(C:), copied (75%). Creating a backup of volume workbackup(C:), copied (76%). Creating a backup of volume workbackup(C:), copied (77%). Creating a backup of volume workbackup(C:), copied (78%). Creating a backup of volume workbackup(C:), copied (79%). Creating a backup of volume workbackup(C:), copied (80%). Creating a backup of volume workbackup(C:), copied (81%). Creating a backup of volume workbackup(C:), copied (82%). Creating a backup of volume workbackup(C:), copied (84%). Creating a backup of volume workbackup(C:), copied (85%). Creating a backup of volume workbackup(C:), copied (86%). Creating a backup of volume workbackup(C:), copied (87%). Creating a backup of volume workbackup(C:), copied (88%). Creating a backup of volume workbackup(C:), copied (89%). Creating a backup of volume workbackup(C:), copied (90%). Creating a backup of volume workbackup(C:), copied (91%). Creating a backup of volume workbackup(C:), copied (92%). Creating a backup of volume workbackup(C:), copied (93%). Creating a backup of volume workbackup(C:), copied (94%). Creating a backup of volume workbackup(C:), copied (95%). Creating a backup of volume workbackup(C:), copied (96%). Creating a backup of volume workbackup(C:), copied (97%). Creating a backup of volume workbackup(C:), copied (98%). Creating a backup of volume workbackup(C:), copied (99%). The backup of volume workbackup(C:) successfully completed. The backup operation stopped before completing. Summary of the backup operation: ------------------ The backup operation stopped before completing. Detailed error: ERROR - A Volume Shadow Copy Service operation error has occurred: (0x80042306) The shadow copy provider had an error. Check the System and Application event lo gs for more information. Windows Backup failed to create the shadow copy on the storage location. ERROR - A Volume Shadow Copy Service operation error has occurred: (0x80042306) The shadow copy provider had an error. Check the System and Application event lo gs for more information. C:\Windows\system32>
some command lines:
wbadmin start backup -allCritical -systemState -backupTarget:d: -include:c:
wbadmin start backup -allCritical -backupTarget:d: -include:c:
vssadmin resize shadowstorage /on=C: /for=C: /maxsize=40GB
Routing
route print
C:\Windows\system32>route add 10.120.97.192 mask 255.255.255.192 10.68.255.252 OK! C:\Windows\system32>
C:\WINDOWS\system32>route delete 87.237.34.200 mask 255.255.255.255 0.0.0.0 IF 30
Cyphers
use this tool t ochange ssl tls config:
https://www.nartac.com/Products/IISCrypto/
Scripting Roles and Supporting Software
##AD DS ## Install-WindowsFeature –name AD-Domain-Services Install-WindowsFeature –name DNS iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex choco install sysinternals -y choco install procexp -y choco install procmon -y ##TS ## Import-module ServerManager –verbose Get-WindowsFeature –Name *RDS* Add-WindowsFeature –Name RDS-RD-Server –IncludeAllSubFeature set-rdlicenseconfiguration -LicenseServer localhost -Mode PerUser iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex choco install sysinternals -y choco install procexp -y choco install procmon -y ##IIS ## import-module servermanager add-windowsfeature web-server -includeallsubfeature iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex choco install sysinternals -y choco install procexp -y choco install procmon -y ##SQL## iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex choco install sysinternals -y choco install procexp -y choco install procmon -y
Domain Controller Health Check
https://gallery.technet.microsoft.com/scriptcenter/Active-Directory-Health-709336cd
dcdiag https://blogs.technet.microsoft.com/askds/2011/03/22/what-does-dcdiag-actually-do/
Working with Printers and printer drivers
( testing windows 7 )
In the start menu type "print management". This will give you access to the surrently installed printers, and all drivers for printer not installed.
Hidden drivers , device not connected
windows 7:
to see devices not connected ( that you maybe you can uninstall the driver )
cmd.exe
set devmgr_show_nonpresent_devices=1 start devmgmt.msc
Limiting Bits Regedit way
reference: https://superuser.com/questions/1039229/limit-bandwidth-used-by-windows-update
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\BITS
Create a DWORD value called EnableBITSMaxBandwidth with a value of 1; that tells BITS that there are settings to look at. Create DWORD values called MaxBandwidthValidFrom and MaxBandwidthValidTo, each containing an hour of the day from 0 to 23. (For example, 8 is 8:00 AM, and 17 is 5:00 PM.) These actually don't matter a lot in this case, but I told you about them for completion's sake.
Create two more DWORD values called MaxTransferRateOffSchedule and MaxTransferRateOnSchedule. Give each of them the maximum rate of transfer in Kbps. Note that you may need to switch to Decimal entry mode to see the value as normal humans think about numbers.
Summary:
DWORD EnableBITSMaxBandwidth 1 DWORD MaxBandwidthValidFrom [0-23] DWORD MaxBandwidthValidTo [0-23]
DWORD MaxTransferRateOffSchedule 64 ( in kilobytes ) DWORD MaxTransferRateOnSchedule 64 ( in kilobytes )
Regedit file:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\BITS] "EnableBITSMaxBandwidth"=dword:00000001 "MaxTransferRateOnSchedule"=dword:00000040 "MaxTransferRateOffSchedule"=dword:00000040
Boot Performance
Windows 7 Pro
reference: https://www.guidingtech.com/2955/fix-slow-windows-startup-boot-performance-diagnostics/
TL:DR;
- "gpedit.msc"
- Computer Configuration -> Administrative Templates -> Systems -> Troubleshooting and Diagnostics-> Windows Boot Performance Diagnostics.
- "Configure Scenario Execution Level"
- Enable.
- start service: "Diagnostic Policy Service"
- results in even log
also see: