Syed Jahanzaib Personal Blog to Share Knowledge !

June 19, 2018

Microsoft Products Short Notes – Personnel References

Filed under: Microsoft Related — Tags: , , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 9:25 AM

This post contains short notes / Tips for personal references, These are common task that we perform on daily basis in out IT slavery environment!

Regards
Syed Jahanzaib


Powershell PSTerminalServices module

This module helped to see who is logged on remote pc via RDP with client ip/name

First download the module from here ….

then import it in powershell. make sure to run powershell RUN as admin.

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Get-Module -Name PSTerminalServices -ListAvailable
Import-Module PSTerminalServices
Get-Command -Module PSTerminalServices

# Gets all Active sessions from remote computer ‘comp1′, made from IP addresses that starts with ’10’.

Get-TSSession -ComputerName ZAIBPC

OR

Get-TSSession -ComputerName comp1 -Filter {$_.ClientIPAddress -like '10*' -AND $_.ConnectionState -eq 'Active'}

MORE COMMANDS

# Logs off all the active sessions from remote computer 'comp1', no confirmations
Get-TSSession -ComputerName comp1 -State Active | Stop-TSSession –Force

# Displays a message box inside all active sessions of computer name 'comp1'."}
PS > $Message = "Importnat`n, the server is going down for maintenance in 10 minutes. Please save your work and logoff."
PS > Get-TSSession -State Active -ComputerName comp1 | Send-TSMessage -Message $Message

# Gets all processes connected to session id 0 from remote computer 'comp1'.
PS>Get-TSSession -ID 0 -ComputerName comp1 | Get-TSProcess

 


Check motherboard version

wmic baseboard get product,Manufacturer,version,serialnumber

PSTOOLS Related

.

Adding Local Account in remote workstation with PSTOOLS

If you are domain admin, and wanted to add local account in remote client workstation, then use pstools’s psexec 

psexec.exe \\target-pc net user /add USERNAME  USERPASSWORD
psexec.exe \\target-pc net net localgroup administrators USERNAME /add

# PSLOGGEDON COMMANDS
To check which user is logged on remote pc,

psloggedon \\remotepc

# PSEXEC COMMANDS

– To execute any command on remote pc like

psexec \\remtotepc ipconfig
  • Check network configuration and find IP address only,
PsExec.exe \\REMOTEPC ipconfig|findstr /i "IPv4"

– To open COMMAND prompt of remote user

psexec \\remotepc cmd

-Interacting with the Logged On User on the Remote PC

psexec \\remotepc -d -i notepad

# PSINFO COMMANDS
Getting general info with disk info as well

psinfo -d \\remotepc

# PSLIST COMMANDS

pslist \\remotepc

# PSKILL COMMANDS
– Kill remote pc program

pskill \\remotepc notepad

to query time

net time \\REMOTEPC

To change time on remote pc with domain server agpinf05

PsExec.exe \\REMOTEPC -u DOMAIN\ADMIN -p PASS cmd "/c net time \\DC /set /y"

Change IP configuration of remote PC to obtain IP via DHCP

psexec \\REMOTEPC cmd

ipconfig

Then note down the required interface name and issue following command,

netsh interface ip set dns "Local Area Connection" dhcp

ipconfig /renew

Batch file to change setting of network adapters to obtain IP from DHCP

Make sure to change adapter names to match your’s …

@echo off
echo Setting IP Address to AUTO DHCP [Office DHCP Server by syed.jahanzaib]...
netsh interface ip set address name="Local Area Connection" source=dhcp
netsh interface ip set dns "Local Area Connection" source=dhcp
netsh interface ip set address name="Wireless Network Connection" source=dhcp
netsh interface ip set dns "Wireless Network Connection" source=dhcp
echo Done....

Command to change IP via CMD

netsh interface ip set address name=”Local Area Connection” static 192.168.0.1 255.255.255.0 192.168.0.254
netsh interface ip set dns name=”Local Area Connection” static 192.168.0.250
netsh interface ip add dns name=”Local Area Connection” 8.8.8.8 index=2

Check Remote PC OS version & other details by CMD

systeminfo /s \\REMOTEPCNAME
# OR
systeminfo /s \\REMOTEPCNAME|findstr /i "host OS "

Result:

C:\>systeminfo /s \\syed_jahanzaib

Host Name: SYED_JAHANZAIB
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
OS Manufacturer: Microsoft Corporation
OS Configuration: Member Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Syed Jahanzaib
Registered Organization:
Product ID: xxxxxx-005-xxxx-xxxx
Original Install Date: 4/11/2017, 1:14:44 PM
System Boot Time: 6/19/2018, 7:44:47 AM
System Manufacturer: INTEL_
System Model: DH77KC__
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 58 Stepping 9 GenuineIntel ~3392 Mhz
BIOS Version: Intel Corp. KCH7710H.86A.0069.2012.0224.1825, 2/24/20
12
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC+05:00) Islamabad, Karachi
Total Physical Memory: 8,090 MB
Available Physical Memory: 2,450 MB
Virtual Memory: Max Size: 16,178 MB
Virtual Memory: Available: 10,455 MB
Virtual Memory: In Use: 5,723 MB
Page File Location(s): C:\pagefile.sys
Domain: DOMAIN1
Logon Server: \\DOMAIN_DC
Hotfix(s): 187 Hotfix(s) Installed.
...........................
Network Card(s): 3 NIC(s) Installed.
[01]: Intel(R) 82579V Gigabit Network Connection
Connection Name: DOMAIN - LAN
DHCP Enabled: No
IP address(es)
[01]: 192.168.100.100
[02]: 192.168.50.10
[03]: 192.168.8.23
[02]: VMware Virtual Ethernet Adapter for VMnet1
Connection Name: VMware Network Adapter VMnet1
DHCP Enabled: No
IP address(es)
[01]: 169.254.97.149
[02]: fe80::ad90:fdcb:3f81:6195
[03]: VMware Virtual Ethernet Adapter for VMnet8
Connection Name: VMware Network Adapter VMnet8
DHCP Enabled: No
IP address(es)
[01]: 169.254.80.235
[02]: fe80::5598:be9:b61d:50eb

C:\>

DCHP Related ! [Tested with W2008]

DHCP is running on windows 2008 server, IP is 192.168.0.1


#DCHP BACKUP
netsh dhcp server 192.168.0.1 dump > c:\dhcpoutput.txt all

#DHCP DELETE OLD SCOPE
netsh dhcp server delete scope 192.168.0.0 dhcpfullforce

#DHCP IMPORT
[Disable DHCP Service before import]
netsh dhcp server import c:\tools\dhcpoutput all

#DHCP DISABLE
netsh dhcp server 192.168.0.1 scope 192.168.0.0 set state 0

Disable Internet Explorer Proxy via CMD

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

Clear cache in windows

ipconfig /flushdns
net stop dnscache
net start dnscache

Event ID

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx?i=j


Excel 2010 showing Blank Sheet

in Excel 2010 , When you open any excel sheet,( any particular, either yours or sent to you by some one else , it appears blank sheet

This may also occur if your computer’s screen resolution is higher than that of the person who last saved the workbook.

In Excel 2010, go to the View tab.

Select the ‘Arrange All’ button, then choose to Cascade.

OR

Excel 2010
opening blank sheets

ctrl+shift and open file
or its related with MACRO, run macro


Display Mother board model via CMD

- To find Board number of local pc
wmic baseboard get product,Manufacturer,version,serialnumber

- To find Board number of remote pc
wmic /node:"remotepc" baseboard get product,Manufacturer,version,serialnumber

- To find remote pc Architechture liek 32bit or 64bit
wmic /node:"remotepc" os get osarchitecture

Adding Static Routes in Windows via CMD

Adding route for single host

route -p ADD 10.1.1.12 MASK 255.255.255.255 101.11.11.4 METRIC 1 IF 11

Notes:

To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

To make a static route persistent, you can either enter route add commands in a batch file that is run during system startup or use the -p option when adding routes.

Routes added by using the -p option are stored in the registry under the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip \Parameters\PersistentRoutes

Windows 7 Temporary profile Issue:

http://www.sysprobs.com/fix-temporary-profile-windows-7


There is no script engine for file extension .vbs

When we upgraded from win7 to windows 10/2012, our domain welcome logon script stopped working, with above error, to sort it we copied welcome vb script to domain logon folder and used this …

cscript //e:vbscript c:\path\to\script.vbs

Convert bootable USB in ISO file

The instructions for USB to .iso are as follows (for a Windows 7 installation for example):

  1. Install ImgBurn. You can even get a portable version of it, just search for it.
  2. Plug the bootable USB into the computer
  3. Start ImgBurn.
  4. Click on the “Create image file from files / folders” button on the home menu.
  5. In “Sources” browse to the USB drive.
  6. In “Destination” choose where to save the final .iso image.
  7. Go to the “Advanced” tab on the right and then “Bootable Disk”.
  8. Check the box “Make Bootable Image” and then, in the “Boot image” box browse to file “etfsboot.com” that is in the USB stick found in the folder “boot”.
  9. In the field “Developer ID” put “Microsoft Corporation” and enter “07C0” in the “Load Segment” field.
  10. Enter ‘4’ in the ‘Sectors To Load’ field if your etfsboot.com file is 2K is size, enter ‘8’ if it’s 4K. In other words, x = size of etfsboot.com in bytes / 512.
  11. Click “Build” and you’re done!

Credits: https://mindthebandgap.wordpress.com/2013/03/13/how-to-convert-bootable-usb-into-an-iso-file/


Reboot Remote Workstation from Domain Admin PC

shutdown /r /t 60 /m \\REMOTE-PC /c "YOU PC WILL REBOOT AFTER 1 MINUTE..."

.NET Framework 3.5 error code 0x800F081F on Windows 10.

net error.png

To solve it, use following.

Dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

In above command make sure to change the path D:\sources\sxs to your windows 10 dvd / usb location. Basically You have to provide the Windows installation DVD/USB path so that it can copy the required files for .net

Get Installed Printer list from remote workstation using PS cmd

Get-WmiObject win32_printer -ComputerName "REMOTE_PC_NAME"

Disable Internet Explorer (chrome) Proxy via CMD

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

Regard’s
Syed Jahanzaib

January 26, 2017

Check remote windows logged-in user/lock status via BASH

Filed under: Microsoft Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 10:42 AM

locked

Scenario:

We have Active Directory environment in our office. Clients OS are mixed starting from windows 2000/2003/2008 and Win7.
For some specific reasons/policy, our helpdesk staff is often required to inquire if the employee is working on his workstation or if his/her windows status is locked.

Solution:

Since I am using my Ubuntu box to manage most of the Active Directory functions using Webmin/BASH scripts, therefore I made a small bash script which queries for remote windows logged in user session and windows locked/unlocked status.

The bash script does the following …

  • Check for remote PC PING Status, if ping fails, exit with error
  • Get remote windows IP via NSLOOKUP using local DNS
  • Current Logged-in user and their status
  • Current status of windows either its locked/unlocked.
  • TRIM the results and display according to our taste

the Script!

> root@linux:/temp# cat winuserstatus.sh

#!/bin/bash
# Script to check remote windwos status, like Loggedin + Windows Lock/Unlock status
# More functions can be added/removed as required.
# I attached this script to webmin for our Support dept.
# Syed Jahanzaib / aacable.wordpress.com / aacable @ hotmail . com
# Created: 25-JAN-2017
# Revised: 29-JUN-2017
#set -x
QUSER_HOLDER="/tmp/$1.quser"
LOCK_HOLDER="/tmp/$1.lockstatus"
REMOTE_PC="$1"
PING_ATEMPTS="1"
PING_STATUS="/tmp/$1.ping.status"
LOCAL_DNS_IP="101.11.11.5#"

# Domain credentials details so that winexe can execute commands on all domain clients
DOMAIN="YOURDOMAINNAME"
DOMAIN_ADMIN="ADMINID"
ADMIN_PASS="PASSWORD"
# Empty All Holders
> $QUSER_HOLDER
> $LOCK_HOLDER
> $PING_STATUS
# Check if remote PC is accessibel or not,
## IF PING FAILS then inform accordingly and EXIT
ping -q -c $PING_ATEMPTS $REMOTE_PC &>/dev/null > $PING_STATUS
PING_RESULT=`cat $PING_STATUS`
if [ "$PING_RESULT" = "" ]; then
echo "ERROR: Unable to resolve hostnname using $LOCAL_DNS_IP DNS Server.
Unknown HOST. Exiting"
exit 1
fi
# Print PC NAME (from $1 variable)
echo "Remote PC : $1"
IPADD=`nslookup $1 | grep Address | sed /$LOCAL_DNS_IP/d`
# Print IP of remote PC via nslookp using local DNS
echo "IP $IPADD"
# If ping failed, then print Error and EXIT
if [[ $(ping -q -c $PING_ATEMPTS $REMOTE_PC) == @(*100% packet loss*) ]]; then
echo "$1 not responding to ping request, probably system is not UP & without ping the status cannot be queried. Exiting ..."
exit 1
fi
# Query remote windows Logged in user using Linux WINEXE tool
winexe -U $DOMAIN/$DOMAIN_ADMIN%"$ADMIN_PASS" //$1 "quser" > $QUSER_HOLDER
QUSER_RESULT=`cat $QUSER_HOLDER |grep "Failed"`

if [[ -n "$QUSER_RESULT" ]]; then
echo "User Status = ERROR: Ping is ok but unable to query the user status."
exit 1
fi
QUSER_RESULT=`cat $QUSER_HOLDER |grep "Active"`
if [[ -n "$QUSER_RESULT" ]]; then
echo "User Status = Logged in User found ... details as below ...
$QUSER_RESULT"
fi

# Query remote windows TASK list to find if windows is locked/unlocked
winexe -U $DOMAIN/$DOMAIN_ADMIN%"$ADMIN_PASS" //$1 "tasklist" > $LOCK_HOLDER
LOCK_RESULT=`cat $LOCK_HOLDER |grep -E "LogonUI.exe|logon.scr"`

#Check if Someone is logged in via RDP session
QUSER_RESULT=`cat $QUSER_HOLDER |grep "rdp-tcp#0"`
if [[ -n "$QUSER_RESULT" ]]; then
echo "It seems someone is logged IN from RDP Session."
fi

# CHeck if windows is unlocked locally
if [[ "$LOCK_RESULT" = "" ]]; then
echo "Windows Status = Windows is UN-LOCKED"
fi

#Check if windwos is LOCKED locallay
if [[ -n "$LOCK_RESULT" ]]; then
echo "Windows Status = Windows Local Login seems to be Locked!"
fi

# Script function ends here
# Thank you


Result:

winuserexec result.PNG


Regard’s
Syed Jahanzaib

%d bloggers like this: