This post contains short notes / Tips for personal references, These are common task that we perform on daily basis in out IT slavery environment!
Regards
Syed Jahanzaib
Powershell PSTerminalServices module
This module helped to see who is logged on remote pc via RDP with client ip/name
First download the module from here ….
then import it in powershell. make sure to run powershell RUN as admin.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned Get-Module -Name PSTerminalServices -ListAvailable Import-Module PSTerminalServices Get-Command -Module PSTerminalServices
# Gets all Active sessions from remote computer ‘comp1′, made from IP addresses that starts with ’10’.
Get-TSSession -ComputerName ZAIBPC
OR
Get-TSSession -ComputerName comp1 -Filter {$_.ClientIPAddress -like '10*' -AND $_.ConnectionState -eq 'Active'}
MORE COMMANDS
# Logs off all the active sessions from remote computer 'comp1', no confirmations Get-TSSession -ComputerName comp1 -State Active | Stop-TSSession –Force # Displays a message box inside all active sessions of computer name 'comp1'."} PS > $Message = "Importnat`n, the server is going down for maintenance in 10 minutes. Please save your work and logoff." PS > Get-TSSession -State Active -ComputerName comp1 | Send-TSMessage -Message $Message # Gets all processes connected to session id 0 from remote computer 'comp1'. PS>Get-TSSession -ID 0 -ComputerName comp1 | Get-TSProcess
Check motherboard version
wmic baseboard get product,Manufacturer,version,serialnumber
PSTOOLS Related
.
Adding Local Account in remote workstation with PSTOOLS
If you are domain admin, and wanted to add local account in remote client workstation, then use pstools’s psexec
psexec.exe \\target-pc net user /add USERNAME USERPASSWORD psexec.exe \\target-pc net net localgroup administrators USERNAME /add
# PSLOGGEDON COMMANDS
To check which user is logged on remote pc,
psloggedon \\remotepc
# PSEXEC COMMANDS
– To execute any command on remote pc like
psexec \\remtotepc ipconfig
- Check network configuration and find IP address only,
PsExec.exe \\REMOTEPC ipconfig|findstr /i "IPv4"
– To open COMMAND prompt of remote user
psexec \\remotepc cmd
-Interacting with the Logged On User on the Remote PC
psexec \\remotepc -d -i notepad
# PSINFO COMMANDS
Getting general info with disk info as well
psinfo -d \\remotepc
# PSLIST COMMANDS
pslist \\remotepc
# PSKILL COMMANDS
– Kill remote pc program
pskill \\remotepc notepad
to query time
net time \\REMOTEPC
To change time on remote pc with domain server agpinf05
PsExec.exe \\REMOTEPC -u DOMAIN\ADMIN -p PASS cmd "/c net time \\DC /set /y"
Change IP configuration of remote PC to obtain IP via DHCP
psexec \\REMOTEPC cmd ipconfig
Then note down the required interface name and issue following command,
netsh interface ip set dns "Local Area Connection" dhcp ipconfig /renew
Batch file to change setting of network adapters to obtain IP from DHCP
Make sure to change adapter names to match your’s …
@echo off echo Setting IP Address to AUTO DHCP [Office DHCP Server by syed.jahanzaib]... netsh interface ip set address name="Local Area Connection" source=dhcp netsh interface ip set dns "Local Area Connection" source=dhcp netsh interface ip set address name="Wireless Network Connection" source=dhcp netsh interface ip set dns "Wireless Network Connection" source=dhcp echo Done....
Command to change IP via CMD
netsh interface ip set address name=”Local Area Connection” static 192.168.0.1 255.255.255.0 192.168.0.254 netsh interface ip set dns name=”Local Area Connection” static 192.168.0.250 netsh interface ip add dns name=”Local Area Connection” 8.8.8.8 index=2
Check Remote PC OS version & other details by CMD
systeminfo /s \\REMOTEPCNAME # OR systeminfo /s \\REMOTEPCNAME|findstr /i "host OS "
Result:
C:\>systeminfo /s \\syed_jahanzaib Host Name: SYED_JAHANZAIB OS Name: Microsoft Windows 7 Professional OS Version: 6.1.7601 Service Pack 1 Build 7601 OS Manufacturer: Microsoft Corporation OS Configuration: Member Workstation OS Build Type: Multiprocessor Free Registered Owner: Syed Jahanzaib Registered Organization: Product ID: xxxxxx-005-xxxx-xxxx Original Install Date: 4/11/2017, 1:14:44 PM System Boot Time: 6/19/2018, 7:44:47 AM System Manufacturer: INTEL_ System Model: DH77KC__ System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~3392 Mhz BIOS Version: Intel Corp. KCH7710H.86A.0069.2012.0224.1825, 2/24/20 12 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume1 System Locale: en-us;English (United States) Input Locale: en-us;English (United States) Time Zone: (UTC+05:00) Islamabad, Karachi Total Physical Memory: 8,090 MB Available Physical Memory: 2,450 MB Virtual Memory: Max Size: 16,178 MB Virtual Memory: Available: 10,455 MB Virtual Memory: In Use: 5,723 MB Page File Location(s): C:\pagefile.sys Domain: DOMAIN1 Logon Server: \\DOMAIN_DC Hotfix(s): 187 Hotfix(s) Installed. ........................... Network Card(s): 3 NIC(s) Installed. [01]: Intel(R) 82579V Gigabit Network Connection Connection Name: DOMAIN - LAN DHCP Enabled: No IP address(es) [01]: 192.168.100.100 [02]: 192.168.50.10 [03]: 192.168.8.23 [02]: VMware Virtual Ethernet Adapter for VMnet1 Connection Name: VMware Network Adapter VMnet1 DHCP Enabled: No IP address(es) [01]: 169.254.97.149 [02]: fe80::ad90:fdcb:3f81:6195 [03]: VMware Virtual Ethernet Adapter for VMnet8 Connection Name: VMware Network Adapter VMnet8 DHCP Enabled: No IP address(es) [01]: 169.254.80.235 [02]: fe80::5598:be9:b61d:50eb C:\>
DCHP Related ! [Tested with W2008]
DHCP is running on windows 2008 server, IP is 192.168.0.1
#DCHP BACKUP netsh dhcp server 192.168.0.1 dump > c:\dhcpoutput.txt all #DHCP DELETE OLD SCOPE netsh dhcp server delete scope 192.168.0.0 dhcpfullforce #DHCP IMPORT [Disable DHCP Service before import] netsh dhcp server import c:\tools\dhcpoutput all #DHCP DISABLE netsh dhcp server 192.168.0.1 scope 192.168.0.0 set state 0
Disable Internet Explorer Proxy via CMD
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Clear cache in windows
ipconfig /flushdns net stop dnscache net start dnscache
Event ID
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j
Excel 2010 showing Blank Sheet
in Excel 2010 , When you open any excel sheet,( any particular, either yours or sent to you by some one else , it appears blank sheet
This may also occur if your computer’s screen resolution is higher than that of the person who last saved the workbook.
In Excel 2010, go to the View tab.
Select the ‘Arrange All’ button, then choose to Cascade.
OR
Excel 2010
opening blank sheets
ctrl+shift and open file
or its related with MACRO, run macro
Display printers list installed on Remote PC
Get-WMIObject Win32_Printer -ComputerName REMOTE_PC_NAME
Display Motherboard model via CMD
- To find Board number of local pc wmic baseboard get product,Manufacturer,version,serialnumber - To find Board number of remote pc wmic /node:"remotepc" baseboard get product,Manufacturer,version,serialnumber - To find remote pc Architechture liek 32bit or 64bit wmic /node:"remotepc" os get osarchitecture
Adding Static Routes in Windows via CMD
Adding route for single host
route -p ADD 10.1.1.12 MASK 255.255.255.255 101.11.11.4 METRIC 1 IF 11
Notes:
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.
To make a static route persistent, you can either enter route add commands in a batch file that is run during system startup or use the -p option when adding routes.
Routes added by using the -p option are stored in the registry under the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters\PersistentRoutes
Windows 7 Temporary profile Issue:
http://www.sysprobs.com/fix-temporary-profile-windows-7
There is no script engine for file extension .vbs
When we upgraded from win7 to windows 10/2012, our domain welcome logon script stopped working, with above error, to sort it we copied welcome vb script to domain logon folder and used this …
cscript //e:vbscript c:\path\to\script.vbs
Convert bootable USB in ISO file
The instructions for USB to .iso are as follows (for a Windows 7 installation for example):
- Install ImgBurn. You can even get a portable version of it, just search for it.
- Plug the bootable USB into the computer
- Start ImgBurn.
- Click on the “Create image file from files / folders” button on the home menu.
- In “Sources” browse to the USB drive.
- In “Destination” choose where to save the final .iso image.
- Go to the “Advanced” tab on the right and then “Bootable Disk”.
- Check the box “Make Bootable Image” and then, in the “Boot image” box browse to file “etfsboot.com” that is in the USB stick found in the folder “boot”.
- In the field “Developer ID” put “Microsoft Corporation” and enter “07C0” in the “Load Segment” field.
- Enter ‘4’ in the ‘Sectors To Load’ field if your etfsboot.com file is 2K is size, enter ‘8’ if it’s 4K. In other words, x = size of etfsboot.com in bytes / 512.
- Click “Build” and you’re done!
Credits: https://mindthebandgap.wordpress.com/2013/03/13/how-to-convert-bootable-usb-into-an-iso-file/
Reboot Remote Workstation from Domain Admin PC
shutdown /r /t 60 /m \\REMOTE-PC /c "YOU PC WILL REBOOT AFTER 1 MINUTE..."
.NET Framework 3.5 error code 0x800F081F on Windows 10.
To solve it, use following.
Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess
In above command make sure to change the path D:\sources\sxs to your windows 10 dvd / usb location. Basically You have to provide the Windows installation DVD/USB path so that it can copy the required files for .net
Get Installed Printer list from remote workstation using PS cmd
Get-WmiObject win32_printer -ComputerName "REMOTE_PC_NAME"
Disable Internet Explorer (chrome) Proxy via CMD
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
Check System Info & HOTFIXES / Windows Updates
Windows Built In cmd’s to query for System information & windows updates list
wmic qfe | find “982802” systeminfo > c:\updates.txt
PowerShell:
get-hotfix To search for a specific hotfix get-hotfix | out-string -stream | select-string "KB977236"
Regard’s
Syed Jahanzaib
Leave a Reply