Windows: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
Line 79: Line 79:
* Sysinternals suite
* Sysinternals suite
* Microsoft Network monitor.
* Microsoft Network monitor.
* TCP analyser ( takes pcaps from MS Netowrk monitor above and makes reports. )
* TCP analyser ( takes pcaps from MS Network monitor above and makes reports. )
 
* http://www.advanced-ip-scanner.com/


== Cached credentials? ==
== Cached credentials? ==

Revision as of 16:04, 11 July 2013

recovery

list drives:

wmic logicaldisk get caption,providername,drivetype,volumename

also start notepad and open: commdlg!!!

Scripting firewall changes:

http://technet.microsoft.com/en-us/library/ee692652.aspx

Deployment Image Servicing and Management

A possible way to clean up SXS (Side-by-side assembly)

dism /online /cleanup-image /spsuperseded

http://www.iishacks.com/2011/06/23/reduce-windows-7-winsxs-folder-size/

Resource Checker

>sfc
Microsoft (R) Windows (R) Resource Checker Version 6.0
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

Scans the integrity of all protected system files and replaces incorrect version s with correct Microsoft versions.

SFC [/SCANNOW] [/VERIFYONLY] [/SCANFILE=<file>] [/VERIFYFILE=<file>]
    [/OFFWINDIR=<offline windows directory> /OFFBOOTDIR=<offline boot directory>]

/SCANNOW        Scans integrity of all protected system files and repairs files with problems when possible.
/VERIFYONLY     Scans integrity of all protected system files. No repair operati on is performed.
/SCANFILE       Scans integrity of the referenced file, repairs file if problems are identified. Specify full path <file>
/VERIFYFILE     Verifies the integrity of the file with full path <file>.  No repair operation is performed.
/OFFBOOTDIR     For offline repair specify the location of the offline boot directory
/OFFWINDIR      For offline repair specify the location of the offline windows directory

e.g.

        sfc /SCANNOW
        sfc /VERIFYFILE=c:\windows\system32\kernel32.dll
        sfc /SCANFILE=d:\windows\system32\kernel32.dll /OFFBOOTDIR=d:\ /OFFWINDIR=d:\windows
        sfc /VERIFYONLY

Which ?

You want to know where a binary is in your path.

it's in your path, it works, but where is it?

answer: where.exe

Compare:

  • Nix
mrtg@athena /home/david/public_html $ which perl
/usr/bin/perl
mrtg@athena /home/david/public_html $

Windows:

C:\Users\David>where perl
C:\Perl64\bin\perl.exe

C:\Users\David>

Notepad++ tips

doing dev work onwindows with notepass++: ENV!

http://blog.sanaulla.info/2008/07/25/using-notepad-to-compile-and-run-java-programs/

Resource and Tools

Must haves:

Cached credentials?

c:\windows\system32\rundll32.exe keymgr.dll,KRShowKeyMgr

Your credentials for shares / mapped drives may not be listed.

Uptime

powershells script:

function Get-SystemUptime            
{            
$operatingSystem = Get-WmiObject Win32_OperatingSystem
[Management.ManagementDateTimeConverter]::ToDateTime($operatingSystem.LastBootUpTime)            
}
Get-SystemUptime
Write-Host "Press any key to continue ..."
$x = $host.UI.RawUI.ReadKey ("NoEcho,IncludeKeyDown")