#Version 2023.01.25.0001 -------------------------------------------------------------------------------- Lost MBR: boot windows DVD repair mode command prompt bootrec /fixmbr bootrec /fixboot reboot -------------------------------------------------------------------------------- #get your windows back after you undock from multiple screens #many ways, some work better in different situations 1-windows+d, windows+d #if you cannot see a window, this will get it back 2-use "move" on the icon (shift+right-click on icon) in the taskbar 3-use "cascade windows" from the root desktop menu 4-use "maximize" on the icon (shift+right-click on icon) in the taskbar 5-change screen resolution 6-windows+P #turn back to a single screen, should show back up. -------------------------------------------------------------------------------- #what is my product key? wmic path softwareLicensingService get OA3xOriginalProductKey -------------------------------------------------------------------------------- #looking for drivers? http://www.pcidatabase.com/index.php http://pci-ids.ucw.cz/ -------------------------------------------------------------------------------- #cleanup old OS files WICleanupUI: removed unneeded Windows/Installer/*/*mst files disk cleanup: removed many Windows/winsxs files -------------------------------------------------------------------------------- #AD resync gpupdate /force sfc /scannow -------------------------------------------------------------------------------- #Remote Desktop Connection Select CONSOLE when rebooting a server. OR START->RUN-> mstsc /console start services: services.msc Start -> Programs -> Accessories -> communications -> remote desktop connection -------------------------------------------------------------------------------- If tcpip get messed up: netsh winsock reset catalog then reboot ipconfig /all /renew /release /flushdns /allcompartments /all -------------------------------------------------------------------------------- #someone is watching you - running processes w/ network connections http://www.matveev.se/net/akamai.htm netstat -bano netstat -bano 10 c:\netstat.txt Yeah, if you see somthing like kjdljsffvlkj.exe running and is established then you should be concerned. As a future reference, I find the command Netstat -bano a little more useful, as it also shows PID that you can use it with the command taskkill /pid ####. Another usefull command Tasklist /svc also shows what tasks are running and the details of each svhost.exe in detail. All of these commands can be output to a txt file so you don't have to mark and copy from the CLI window and it keeps things more clear format. Example: Netstat -bano c:\netstat.txt &... tasklist /svc c:\tasklist.txt There is also more advanced features such as a time interval that is useful if you suspect a virus or outbound connection and have trouble detecting it catching it. Netstat -bano 10 c:\netstat.txt This will do a new netstat command in 10 second intervals and output it to the same log file. CTRL+C will stop the command. The default timewaits for tcp connections is 60 seconds. So an ideal range is 10-45. -------------------------------------------------------------------------------- uptime: net statistics server net statistics workstation #look at first line to see how long it has been booted/up task manager -> Performance #look for uptime field systeminfo | find "System Boot Time:" uptime #in CMD SHELL, if you have the software loaded -------------------------------------------------------------------------------- Want to kill processes without using taskmanager: List the processes tasklist Kill all the processes that match the pattern taskkill /F /IM PATTERN EXAMPLE: taskkill /F /IM UcMapi.exe -------------------------------------------------------------------------------- msinfo32 msinfo32 /report msinfo32-output.nfo systeminfo C:\Windows\System32\systeminfo dxdiag dxdiag /t dxdiag.txt wmic csproduct get name wmic bios get serialnumber help wmic wmic /? http://ss64.com/nt/wmic.html http://technet.microsoft.com/en-us/library/bb742610.aspx -------------------------------------------------------------------------------- msconfig #turn on/off startup service systeminfo defrag.exe -c winver #windows version -------------------------------------------------------------------------------- How do I set up Explorer so that, on startup, it only shows the Desktop expanded (i.e. Desktop and My Computer expanded, with C:, D:, E:, F:, etc. collapsed. USE: C:\WINNT\explorer.exe /e,/root,,/select,c:\ -------------------------------------------------------------------------------- Here is the URL to download Holidays http://microsoft.com/downloads/details.aspx?FamilyId=7D4D9017-8D4E-4963-8BA7-D2E91D491F5E&displaylang=en -------------------------------------------------------------------------------- Setup a network printer on a client. Installing and Test Printing from User Workstation Because direct printing is essentially a peer-to-peer networking arrangement, setting up each individual workstation is essentially identical to the previous task, except that it is done on the user's PC. 1. Insert the NetportExpress CD into the CD-ROM drive of the Windows NT server. 2. If the CD does not Autorun a setup program, run SETUP.EXE from the root directory of the CD. 3. Select the "Install Port Monitor" option. 4. When prompted, reboot your system. Do so before continuing. 5. From "My Computer", select "Printers", then "Add Printer" wizard. 6. Set up a temporary LOCAL printer on LPT1 using the printer drivers for the printer connected to the print server, but do NOT print a test page. 7. Right-click on the new printer definition and click "Properties". 8. Click the "Details" tab and click "Add Port". 9. Select Other, then "Intel NetportExpress Network Port" and click "New Port". 10. Browse to the print server and printer port or enter the print server and port name such as "\\SALES\HPCOLOR", then click OK. 11. Right-click on the new printer definition and click "Properties" again. 12. Click on the "General" tab and select "Print Test Page". 13. Click OK to save the configuration. -------------------------------------------------------------------------------- To enable USB drive writting: regedit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies set to 0 -------------------------------------------------------------------------------- Issues with devices not having drivers, after you've exhausted all the normal means. Go to "computer -> manage", then "device manager", then right click on the bad device to "properties". Then go to the "details" tab, and select "Hardware IDs" in the pulldown. Copy the first line of the output, and paste into the search on "http://devid.info" and it will tell you the device, and probable driver package to try. -------------------------------------------------------------------------------- Boot off of a DVD/CD in windows 8 On systems with Windows 8 pre-installed, you can access the UEFI (BIOS) setup screens from the Windows 8 boot menu: Press the Windows key + C, or swipe in from the right edge of the screen Click Settings. Click Change PC Settings. In PC Settings, select General. Under Advanced startup, click Restart now. The system will restart and show the Windows 8 boot menu. In the boot menu, select Troubleshoot. In the Troubleshoot menu, select Advanced options. In the Advanced options menu, select UEFI Firmware Settings. Click Restart to restart the system and enter UEFI (BIOS) -------------------------------------------------------------------------------- wmic os get osarchitecture [/value] wmic os get version [/value] wmic os [get /format:htable] wmic bios [get /format:htable] wmic useraccount list brief wmic nic list process get name,processid process where processid="1000" call terminate process where name='outlook.exe' call terminate wmic logicaldisk get name wmic os list brief WMIC /Output:bios.html BIOS Get Manufacturer,Name,Version /Format:htable wmic product list brief wmic diskdrive get model,name,size #memory dimms wmic MEMORYCHIP get banklabel, devicelocator, caption, capacity To execute these queries, run “WMIC” at a command prompt, followed by one of the following alias/es: baseboard: get Manufacturer, Model, Name, PartNumber, slotlayout, serialnumber, poweredon bios: get name, version, serialnumber bootconfig: get BootDirectory, Caption, TempDirectory, Lastdrive cdrom: get Name, Drive, Volumename computersystem: get Name, domain, Manufacturer, Model, NumberofProcessors, PrimaryOwnerName,Username, Roles, totalphysicalmemory /format:list cpu: get Name, Caption, MaxClockSpeed, DeviceID, status datafile: where name='c:\\boot.ini' get Archive, FileSize, FileType, InstallDate, Readable, Writeable, System, Version dcomapp: get Name, AppID /format:list desktop: get Name, ScreenSaverExecutable, ScreenSaverActive, Wallpaper /format:list desktopmonitor: get screenheight, screenwidth diskdrive: get Name, Manufacturer, Model, InterfaceType, MediaLoaded, MediaType diskquota: get User, Warninglimit, DiskSpaceUsed, QuotaVolume environment: get Description, VariableValue fsdir: where name='c:\\windows' get Archive, CreationDate, LastModified, Readable, Writeable, System, Hidden, Status group: get Caption, InstallDate, LocalAccount, Domain, SID, Status idecontroller: get Name, Manufacturer, DeviceID, Status irq: get Name, Status job: get Name, Owner, DaysOfMonth, DaysOfWeek, ElapsedTime, JobStatus, StartTime, Status loadorder: get Name, DriverEnabled, GroupOrder, Status logicaldisk: get Name, Compressed, Description, DriveType, FileSystem, FreeSpace, SupportsDiskQuotas, VolumeDirty, VolumeName memcache: get Name, BlockSize, Purpose, MaxCacheSize, Status memlogical: get AvailableVirtualMemory, TotalPageFileSpace, TotalPhysicalMemory, TotalVirtualMemory memphysical: get Manufacturer, Model, SerialNumber, MaxCapacity, MemoryDevices netclient: get Caption, Name, Manufacturer, Status netlogin: get Name, Fullname, ScriptPath, Profile, UserID, NumberOfLogons, PasswordAge, LogonServer, HomeDirectory, PrimaryGroupID netprotocol: get Caption, Description, GuaranteesSequencing, SupportsBroadcasting, SupportsEncryption, Status netuse: get Caption, DisplayType, LocalName, Name, ProviderName, Status nic: get AdapterType, AutoSense, Name, Installed, MACAddress, PNPDeviceID,PowerManagementSupported, Speed, StatusInfo nicconfig: get MACAddress, DefaultIPGateway, IPAddress, IPSubnet, DNSHostName, DNSDomain nicconfig: get MACAddress, IPAddress, DHCPEnabled, DHCPLeaseExpires, DHCPLeaseObtained, DHCPServer nicconfig: get MACAddress, IPAddress, DNSHostName, DNSDomain, DNSDomainSuffixSearchOrder, DNSEnabledForWINSResolution, DNSServerSearchOrder nicconfig: get MACAddress, IPAddress, WINSPrimaryServer, WINSSecondaryServer, WINSEnableLMHostsLookup, WINSHostLookupFile ntdomain: get Caption, ClientSiteName, DomainControllerAddress, DomainControllerName, Roles, Status ntevent: where (LogFile='system' and SourceName='W32Time') get Message, TimeGenerated ntevent: where (LogFile='system' and SourceName='W32Time' and Message like '%timesource%') get Message, TimeGenerated ntevent: where (LogFile='system' and SourceName='W32Time' and EventCode!='29') get TimeGenerated, EventCode, Message onboarddevice: get Description, DeviceType, Enabled, Status os: get Version, Caption, CountryCode, CSName, Description, InstallDate, SerialNumber, ServicePackMajorVersion, WindowsDirectory /format:list os: get CurrentTimeZone, FreePhysicalMemory, FreeVirtualMemory, LastBootUpTime, NumberofProcesses, NumberofUsers, Organization, RegisteredUser, Status pagefile: get Caption, CurrentUsage, Status, TempPageFile pagefileset: get Name, InitialSize, MaximumSize partition: get Caption, Size, PrimaryPartition, Status, Type printer: get DeviceID, DriverName, Hidden, Name, PortName, PowerManagementSupported, PrintJobDataType, VerticalResolution, Horizontalresolution printjob: get Description, Document, ElapsedTime, HostPrintQueue, JobID, JobStatus, Name, Notify, Owner, TimeSubmitted, TotalPages process: get Caption, CommandLine, Handle, HandleCount, PageFaults, PageFileUsage, PArentProcessId, ProcessId, ThreadCount product: get Description, InstallDate, Name, Vendor, Version qfe: get description, FixComments, HotFixID, InstalledBy, InstalledOn, ServicePackInEffect quotasetting: get Caption, DefaultLimit, Description, DefaultWarningLimit, SettingID, State recoveros: get AutoReboot, DebugFilePath, WriteDebugInfo, WriteToSystemLog Registry: get CurrentSize, MaximumSize, ProposedSize, Status scsicontroller: get Caption, DeviceID, Manufacturer, PNPDeviceID server: get ErrorsAccessPermissions, ErrorsGrantedAccess, ErrorsLogon, ErrorsSystem, FilesOpen, FileDirectorySearches service: get Name, Caption, State, ServiceType, StartMode, pathname share: get name, path, status sounddev: get Caption, DeviceID, PNPDeviceID, Manufacturer, status startup: get Caption, Location, Command sysaccount: get Caption, Domain, Name, SID, SIDType, Status sysdriver: get Caption, Name, PathName, ServiceType, State, Status systemenclosure: get Caption, Height, Depth, Manufacturer, Model, SMBIOSAssetTag, AudibleAlarm, SecurityStatus, SecurityBreach, PoweredOn, NumberOfPowerCords systemslot: get Number, SlotDesignation, Status, SupportsHotPlug, Version, CurrentUsage, ConnectorPinout tapedrive: get Name, Capabilities, Compression, Description, MediaType, NeedsCleaning, Status, StatusInfo timezone: get Caption, Bias, DaylightBias, DaylightName, StandardName useraccount: get AccountType, Description, Domain, Disabled, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID memorychip: get BankLabel, Capacity, Caption, CreationClassName, DataWidth, Description, Devicelocator, FormFactor, HotSwappable, InstallDate, InterleaveDataDepth, InterleavePosition, Manufacturer, MemoryType, Model, Name, OtherIdentifyingInfo, PartNumber, PositionInRow, PoweredOn, Removable, Replaceable, SerialNumber, SKU, Speed, Status, Tag, TotalWidth, TypeDetail, Version -------------------------------------------------------------------------------- --------------------------------------------------------------------------------