Microsoft Windows

Batch scripting

Shortcuts

Copy a path to the keyboard

SHIFT + Right click and “Copy as path”. This can be done on multiple files at the same time!

Open a command prompt to a folder

SHIFT + Right click on the folder and “Open command window here”. This can be done on a folder item or directly on the current folder window.

Local administration

Search for a file

To search for the file bg_switch.png in the current folder (and its subfolders)

dir /b /s bg_switch.png

It's way faster than using the lame Explorer.

Shutdown / Restart

Shutdown immediately

shutdown -s

Shutdown in 10 minutes

shutdown -s -t 600

Cancel shutdown

shutdown -a

Restart immediately

shutdown /r /f

Enable/disable Hibernation

powercfg.exe -h on
powercfg.exe -h off

Find the free space on all the physical drives

wmic logicaldisk where drivetype=3 get freespace, caption

Show all environment variables

set

Figure out where is that executable you're calling

You want to know where is the nc.exe you're using when typing “nc” in cmd ?

where nc

Find system uptime

systeminfo|find "Time:"

Poor Man Disk Space Warning

  • Open Task Scheduler and create a new task.
  • Enter a name for the task, select “Run whether user is logged on or not”, and check “Do not store password.”
  • Add a new trigger on the Triggers tab.
  • Select “On an event” in the “Begin the task” box.
  • Set Log to “System”, Source to “srv”, and Event ID to “2013”.
  • Add a new action on the Actions tab.
  • Set Action to “Start a program”. Set program to “powershell” and Add arguments to
-command &{send-mailmessage -from from@addre.ss -to to@addre.ss -subject 'Disk Usage Warning' -body 'Go check the disk usage!' -smtpserver smtpserver.addre.ss}
  • To configure when the low disk space event is recorded in the System Log, open the Registry Editor, navigate to HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters and add a DWORD value named “DiskSpaceThreshold”, setting it to the desired percentage. When the entry does not exist, the default value is 10.

Thanks to Patrick Uhlmann.

Start menu location (Windows 10)

Shared :

%ProgramData%\Microsoft\Windows\Start Menu\Programs

User-specific :

%AppData%\Microsoft\Windows\Start Menu\Programs

Various tips

Services

Start a service

net start "Service name"
sc start "Service name" param1 param2

Stop a service

net stop "Service name"

Delete a service

sc delete "Service Name"

Tasks

Create a task

The task is started by running task.bat.

Daily, at 3:00

create_task.bat
SET dir=%~dp0
schtasks /Create /ru "" /SC Daily /ST 3:00 /TN NameOfTheTask /TR %dir%task.bat

Once every 30 minutes

create_task.bat
SET dir=%~dp0
schtasks /Create /ru "" /SC Minute /mo 30 /TN NameOfTheTask /TR %dir%task.bat

Run as current user

Replace

/ru ""

by

/ru %userdomain%\%username%

Display a popup every 45 minutes

Delete a task

delete_task.bat
schtasks /Delete /TN NameOfTheTask

Installed applications

Uninstall an application

wmic product where name="Application Name" call uninstall /nointeractive

Event Viewer

Know when user logged in + unlocked the screen

Event Viewer > Windows Logs > Security. Create the following filer

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
      *[
        System[(EventID=4624)] and
        EventData[Data[@Name='LogonType'] and (Data='7')] and
        EventData[Data[@Name='ProcessName'] and (Data='C:\Windows\System32\lsass.exe')] and
        EventData[Data[@Name='LogonGuid'] and (Data='{00000000-0000-0000-0000-000000000000}')]
      ]
    </Select>
  </Query>
</QueryList>

Know when user locks the screen

Event Viewer > Windows Logs > Security. Create the following filer

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
      *[
        System[(EventID=4656)] and
        EventData[Data[@Name='ObjectType'] and (Data='SAM_SERVER')]
      ]
    </Select>
  </Query>
</QueryList>

ActiveDirectory

List the name and SID of all users

wmic useraccount get name,sid

Find the SID of a specific user

wmic useraccount where name='cfr' get sid

Find your groups and their SID

whoami /groups

List all the members of a group

net group group_name /domain

Lookup a user/group from his SID

In PowerShell :

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-...")
$objUser = $objSID.Translate([System.Security.Principal.NTAccount])
$objUser.Value

Unlock a user account

net user /Domain /Active:YES the_username

Network

Show which executable is listening on which port

netstat -a -b | more

Port redirection

This redirects all incoming TCP transfert from port 80 to port 11000.

netsh interface portproxy set mode online
netsh interface portproxy add v4tov4 listenport=80 connectport=11000 connectaddress=localhost

To see all the active redirections, use

netsh interface portproxy show all

Remote administration

Open a Remote Desktop Connection to a specific machine

%windir%\system32\mstsc.exe /v:"machine-name.domain.local"

Open services of a specific machine

%windir%\system32\services.msc /Computer=machine-name.domain.local

Open a Windows shell to a specific machine

%windir%\system32\winrs -r:machine-name.domain.local cmd /K hostname

Run a command remotely on a specific machine

%windir%\system32\winrs -r:machine-name.domain.local cmd /k "mkdir whatever & exit"

Add a user xyz to the administrators group

net localgroup administrators cfr /add

Troubleshooting

Error 2502 and 2503 during installation

The installer must be ran as Administrator by calling the installer from an Administrator command prompt. Note that after installation, MSI installers are copied to C:\Windows\Installer, and a new registry key is added to HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\.

Print/export