ip: 18.97.9.175 DKs blog - Windows administration

DK's Blog

Windows administration

How to enable or disable windows Automatic Administrative Shares

To disable shares using regedit:

1. browse registry: HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\

2. Create two REG_DWORD entries if they don't exist:
    AutoShareServer
    AutoShareWks

3. put 0 in both

4. restart windows

To enable shares using regedit:

1. browse registry: HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\

2. Create two REG_DWORD entries if they don't exist:
    AutoShareServer
    AutoShareWks

3. put 1 in both

4. restart windows


BATCH script which backups MYSQL database using 7-zip

 

@ECHO OFF

SET ime=%date:~10,4%-%date:~7,2%-%date:~4,2%_%time:~0,2%-%time:~3,2%-%time:~6,2%.7z
SET ime=%ime: =0%
@REM for testing
@REM ECHO %ime%
@REM mysqldump -u root --password=password username | 7z a -si -mx9  2011-02-02_09-45-11.7z

mysqldump -u root --password=MyPassword DatabaseName | 7z a -si -mx9 %ime%

 


If there is error with NTP on Windows here is few steps to remove install DLL and configure it

 

if error on w32tm command: "The service name is invalid."
unregister DLL and register DLL (assuming that DLL is not damaged)
after that configure NTP client (assume that 1.1.1.1 and 2.2.2.2 is NTP servers near you)

 

unregister & register DLL

regsvr32 -u w32time.dll
regsvr32 w32time.dll

 

configure windows service

#one liner
w32tm /config /manualpeerlist:"time.google.com time2.google.com" /syncfromflags:manual /reliable:yes /update

#if time offset is to big use this to sync
net time /set

#after that restart service
Net stop w32time
Net start w32time

 

list servers which you use

w32tm /query /peers

 

force PC to sync with domain controller

w32tm /config /syncfromflags:domhier /update

# After that you have to run:
net stop w32time
net start w32time

 

force resyncronization

w32tm /resync /force

 

test clock with your domain clock (if your domin is CORP)

w32tm /stripchart /computer:corp /dataonly /samples:5

 

is my windows 10 clock behind NTP server ?

w32tm /query /status /verbose

 

compare windows clock to NTP server

w32tm /monitor /computers:time.google.com

 


How to find DELL service tag

in CMD type:

wmic csproduct get vendor,name,identifyingnumber

 


How to setup FREE ramdisk on windows server (2003 - 2016 tested) x64 and x86 with no limit on size

First you need imDisk install it on windows server. Also if you want to add ramdisk to directory you'll need junc.
Great FAQ for this ramdisk is here. I created directory (c:\RAMDisk and copy junc and this bat script in it)

to set up ramdisk and add it to .net temp disk here is BAT script which can be run at startup by task sheduler:

@ECHO OFF
REM create ramdisk (1GB) and format NTFS on it
imdisk -a -s 1000M -p "/fs:ntfs /q /y" -m R:
icacls R:\ /resize
icacls R:\ /grant:r everyone:(OI)(CI)M

REM this is for IIS compressed files cache (need to edit metabase.xml on IIS6 to point to R:\IISCache)
r:
mkdir IISCache
icacls R:\IISCache /grant:r everyone:(OI)(CI)M

iisreset /stop

REM create juntion for directory
rmdir /q /s "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files"
junc "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files" \Device\ImDisk0
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files" /grant:r everyone:(OI)(CI)M

rmdir /q /s "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files"
junc "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files" \Device\ImDisk0
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files" /grant:r everyone:(OI)(CI)M

iisreset /start

How to disable user on MS SQL Server to view all databases

Open MS SQL Server Manager
Connect to server
Right button over server -> properties -> Permissions
Select user and check View Any database  -> Deny 

 


How to make Full and Differential backup using batch script and 7Zip

This script copy full/diff backup to network share \\1.1.1.1\MyShare. 
It searches for last full backup and create differential backup on it, I choose e:\MyDir to backup
you need to have 7z in PATH or in same directory as batch script.

@ECHO OFF

SET putanja=\\1.1.1.1\MyShare

Rem ****************************************************************************
REM check if today is fisrt day in month if it is then FULL BACKUP should be performed
SET varDD=%DATE:~4,2%
if "%varDD%"=="01" GOTO FULL

Rem ****************************************************************************
REM Differential backup
:DIFF
echo "Differential backup"
SET ime=%putanja%\MyDir_%date:~10,4%-%date:~7,2%-%date:~4,2%_%time:~0,2%-%time:~3,2%-%time:~6,2%_diff.7z
SET ime=%ime: =0%

FOR /F "delims=|" %%I IN ('DIR "%putanja%\MyDir*_full.7z" /B /O:D') DO SET NewestFile=%%I
7z u %putanja%\%NewestFile% e:\MyDir -ms=off -mx=3 -t7z -u- -up0q3r2x2y2z0w2!%ime%

GOTO END

Rem ****************************************************************************
Rem Full backup
:FULL
echo "Full backupa"
SET ime=%putanja%\MyDir_%date:~10,4%-%date:~7,2%-%date:~4,2%_%time:~0,2%-%time:~3,2%-%time:~6,2%_full.7z
SET ime=%ime: =0%

7z a %ime% e:\MyDir

:END


 


How to extract one directory from 7Zip archive

7z x MyArchive.7z -oMyTmpDir Dir1/Dir2/Dir3/

 


How to make Full and Differential backup using Powershell script and 7Zip

 

This is whole story for this FULL/DIFF backup:

1. lets say that you have sam SAN with shared directory in which backup is stored (server name: server share dir: myShare)
2. You want to backup directory d:\MyDirectoryToBackup
3. First day in month you want full backup other days differential backup
4. Old backup are not deleted
Don't forget to us FULL PATH to Powershell script when calling it
Example: powershell c:\MyScripts\script.ps1

 

#Create variable $ime2 which will have this format:
#fordername\webovi_YEAR-MONTH-DAY_HOUR_MINUTE_SECOND_full.7z
$folder$folder = "\\Server.com\MyShare"
$SourceDir="d:\MyDirectoryToBackup"
$datum   = Get-Date
$godina  = $datum.Year
$mjesec  = $datum.Month
$mjesec  = "{0:D2}" -f $mjesec
$dan     = $datum.Day
$dan     = "{0:D2}" -f $dan
$sat     = $datum.Hour
$sat     = "{0:D2}" -f $sat
$minuta  = $datum.Minute
$minuta  = "{0:D2}" -f $minuta
$sekunda = $datum.Second
$sekunda = "{0:D2}" -f $sekunda

$ime2 = $folder + "\webovi_$godina-$mjesec-" + $dan + "_$sat-$minuta-$sekunda" 
$fullZadnji = (dir $folder\webovi*full* | sort -prop LastWriteTime | select -last 1)

if ($dan -eq 1)
{
  #first day in month FULL backup
  $ime = $ime2 + "_full.7z"
  $cmd2 = " a -mx=3 $ime $SourceDir"

} else {
  #DIFF backup
  $ime = $ime2 + "_diff.7z"
  $cmd2 = " u " + $fullZadnji + " " + $SourceDir + " -ms=off -mx=3 -t7z -u- -up0q3r2x2y2z0w2!" + $ime  
}
#enable this if U need debug
#Write-Host "cmd2: $cmd2"
[System.Diagnostics.Process]::Start("C:\PROGRA~1\7-Zip\7z.exe", $cmd2)

 

 



How to make test if some TCP port is open using nmap and Powershell and send mail if port is closed

 

This example test conectivity on TCP port 80 on IP address 1.1.1.1
if port is not accessable mail is sent to me@damir.globaldizajn.hr through local SMPT server (localhost)
Don't forget to us FULL PATH to Powershell script when calling it
Example: powershell c:\MyScripts\script.ps1

 

$r = C:\PROGRA~1\nmap\nmap.exe -Pn -sT -p 80 1.1.1.1 2>&1
function sendMail {
    Write-Host "Sending Email"

    #SMTP server name
    $smtpServer = "localhost"
    
    #Creating a Mail object
    $msg = new-object Net.Mail.MailMessage
    
    #Creating SMTP server object
    $smtp = new-object Net.Mail.SmtpClient($smtpServer)
    
    #Email structure 
    $msg.From = "me@damir.globaldizajn.hr"
    $msg.ReplyTo = "me@damir.globaldizajn.hr"
    $msg.To.Add("me@damir.globaldizajn.hr,me2@damir.globaldizajn.hr")
    $msg.Bcc.Add("me3@damir.globaldizajn.hr")
    $msg.subject = "TCP port is not accessable"
    $msg.body = "call administrator and bla bla bla"
    
    #Sending email 
    $smtp.Send($msg)
}

if ( $r  -like  "*80/tcp open*" ) {
    write-host "TCP port open"
#    sendMail2
} else {
    write-host "TCP port close"
    sendMail
}

 


How to force .NET framework compilation on RAMdisk (in my case R: disk \Temp.NETv2 directory here is example)

 

You need to add one attribute in web.config of your aspx.net application

< compilation defaultLanguage="vb" debug="true" targetFramework="4.0"/ >
#change to this
< compilation defaultLanguage="vb" debug="true" tempDirectory="R:\Temp.NETv4\myWeb.com" targetFramework="4.0" />
 

How to mitigate Slow http attack (slow loris) on IIS 8

WARNING, if you upload pictures, big documents and stuff like that you might change some settings !!!

For IIS do this:

1. Configuration editor -> section: -> System.ApplicationHost -> weblimits

  • connectionTimeout: 00:00:30
  • headerWaitTimeout: 00:00:10
  • minBytesPerSecond: 500

Per Site:

1. Advanced settings:

  • Connection time-out: 30
  • Maximum Url Segments: 16

2. IP address and domain restristions

Edit Dynamic Restriction Settings:

  • Maximum number of concurrent requests: 200
  • Maximum number of requests: 200
  • Time Period (in milliseconds); 1000

3. Request filtering

Edit Feature Settings:

  • Maximum allowed contetn length (Bytes): 300000
  • Maximum URL length (Bytes): 1024
  • Maximum query string (Bytes): 1024

Headers:

Add Header

  • Content-type: 1000

How to enable more administrators simultaneous Remote Desktop connections for windows server 2012 

if you have need for 2 or more administrators working on same windows server in same time.

gpedit.msc

Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Limit number of connections

 


How to uninstall all "Microsoft .NET Core" at once including ones not installed by MSI using powershell:

 

function Uninstall-App {
    Write-Output "Uninstalling $($args[0])"
    foreach($obj in Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall") {
        $dname = $obj.GetValue("DisplayName")
        if ($dname -contains $args[0]) {
            $uninstString = $obj.GetValue("UninstallString")
            foreach ($line in $uninstString) {
                $found = $line -match '(\{.+\}).*'
                If ($found) {
                    $appid = $matches[1]
                    Write-Output $appid
                    start-process "msiexec.exe" -arg "/X $appid /qb" -Wait
                }
            }
        }
    }
}

$apps = Get-WmiObject -Query "SELECT * FROM Win32_Product WHERE Name LIKE 'Microsoft .NET Core%'"
foreach ($app in $apps) {
    "Uninstalling: " + $app.Name
    Uninstall-App $app.Name
}

 


How to uninstall software using powershell (run as administrator !!!)

 

# Get all packages with "SQL" in their name
$packages = Get-Package | Where-Object { $_.Name -like '*SQL*' }

# Uninstall each matching package
foreach ($package in $packages) {
    $packageName = $package.Name
    Write-Host "Uninstalling package: $packageName"
    Uninstall-Package -Name $packageName -Force
    Write-Host "Uninstalled $packageName"
}

 


How to list all sites on IIS 

 

Import-Module Webadministration
Get-ChildItem -Path IIS:\Sites

How to list all sites on IIS which have HTTPS binded

 

Import-Module WebAdministration

# Retrieve all IIS sites and filter those with HTTPS bindings
Get-ChildItem -Path IIS:\Sites | ForEach-Object {
    $siteName = $_.Name
    $httpsBindings = $_.Bindings.Collection | Where-Object { $_.protocol -eq 'https' }
    
    if ($httpsBindings) {
        $siteName
    }
}

 


How to copy recursively only new and modified files to destination directory with xcopy

 

xcopy sourceDir DestinationDir /e /h /i /d /y

copy form one server to another (server2) exclude 2 direcotries json and start, also exlude file web.config, copy file 

c:\windows\system32\robocopy.exe "e:\webovi\myweb.com" "\\server2\e$\webovi\myweb.com" /mir /XF web.config /XD "e:\webovi\myweb.com\json" /XD "e:\webovi\myweb.com\start" > "c:\logs\myweb.com\copy.log"

 


Change directory and file permissions from command line

 

icacls "c:\Logs" /grant Users:(Oi)(CI)RX /T
(OI) - files
(CI) - directories
RX - read and execute access
/T - recursive



How to delete ton of emails on gmail

Use script to delete lots of email from gmail from facebook or any other criteria

 

1. go to https://script.google.com

2. create script with search pattern that is important for you

 

function batchDeleteFacebook() {
  var batchSize = 100 // Process up to 100 threads at once
  var threads = GmailApp.search('from:notification@facebookmail.com');
  for (j = 0; j < threads.length; j+=batchSize) {
    GmailApp.moveThreadsToTrash(threads.slice(j, j+batchSize));
  }
}

 

3. start script


How to migrate IIS configuration to another IIS

 

#export
%windir%\system32\inetsrv\appcmd list site /config /xml > c:\sites.xml

#import
%windir%\system32\inetsrv\appcmd add site /in < c:\sites.xml

 


How to check if there is problem with windows 10 installation

CHKDSK /F /R C:
#now restart Windows and let chkdsk do a checking.
DISM /Online /Cleanup-Image /StartComponentCleanup
DISM /Online /Cleanup-image /Restorehealth
SFC /scannow

#If there is an error in /Restorehealth download the media creation tool from MS, download ISO 
#mount it (this is for Windows 10/11) for the server version ) use installation media
#How to find the install file is to simply order by size it should be the biggest file in the sources directory

#first try to fix image with local data using this
DISM /Online /Cleanup-Image /Restorehealth

#If you get an error that the local image is corrupted, then use an external image to fix it.
#if your image is on D: disk list what is inside an install file (ESD or WIM) this is for WIM
DISM /Get-Wiminfo /wimfile:D:\Sources\Install.wim

#There could be two types of images: ESD and WIM. Here are the differences between them.
DISM /Online /Cleanup-Image /Restorehealth /Source:ESD:D:\sources\Install.esd:1 /limitaccess 
DISM /Online /Cleanup-Image /Restorehealth /Source:WIM:D:\sources\Install.wim:1 /limitacces

DISM /Cleanup-Mountpoints

bootrec /fixmbr
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd


#This worked for my Windows Server 2016 and should be the same for Windows 10/11
1. DISM /Get-Wiminfo /wimfile:e:\Sources\Install.wim 
   - if ends with .WIM then it is WIM version
   - it will list all versions of win in a install.wim file, my was 4
2. DISM /Online /Cleanup-Image /Restorehealth /Source:WIM:D:\sources\Install.wim:4 /limitaccess




 


Unable to boot windows and system is corrupted  so trry to fix it from USB stick (media creation tool)

1. download media creation tool from windows 

2. boot from USB

3. Repair your computer ->troubleshoot -> Command prompt

4. Find your windows drive and USB drive for this example C: is windows D: is USB

dism /image:c:\ /cleanup-image /restorehealth /source:c:\windows

5. if there is scratchdir error and you can't go further create c:\temp and use this command

dism /image:c:\ /cleanup-image /restorehealth /source:c:\windows /scratchdir:c:\temp

in case of error use external source (USB), proceed ti step 6 ONLY if step 4/5 fails

6. in USB there shoud be \sources\install.esd or \sources\install.wim (the biggest file >4GB in this directory)

dism /image:c:\ /cleanup-image /restorehealth /source:d:\sources\install.esd

7. run sfc in offline mode

sfc /scannow /offbootdir=c: /offwindir=c:\windows

 


How to delete files from windows update service (wuauserv - netsvcs)

Windows update directory

net stop wuauserv
rmdir %windir%\softwaredistribution  /s /q
net start wuauserv
exit

 


How to check times windows server was BSOD in last 48 hours

This is powershell script

 $CurrentDate = Get-Date
 $DateFiltered = $CurrentDate.AddHours(-48)
 get-eventlog -log system -source "bugcheck" | where-object {$_.TimeWritten -gt $DateFiltered}

 


How to reduce the size of the Win 10 WinSxS folder

 

reduce size of WinSxS dir, start CMD as administrator

Dism.exe /online /Cleanup-Image /StartComponentCleanup

 

to reduce even further WIn 10 size, after that, uninstall of updates will not be possible

Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase

 


Windows 10 Desktop not refreshing

Here is 3 things to do and restart Windows

1. delete all files inside this folders:

%AppData%\Microsoft\windows\recent\automaticdestinations
%AppData%\Microsoft\windows\recent\customdestinations

2. add/update registry settings

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\explorer.exe]
@="C:\\windows\\explorer.EXE"
"Path"="C:\\windows\\"
"UseURL"="1"
"SaveURL"="1"

3. restart windows

 


Windows 10 Start menu not working

 

1. run CMD as administrator

sfc /scannow

 

2. 

DISM /Online /Cleanup-Image /RestoreHealth

 

3. 

control /name Microsoft.IndexingOptions

 

click - modify

  • uncheck all

advanced option

  • rebuild

 

If you try to start start menu manually

start ms-settings:

And get ms-settings has not been provisioned do this:

4. start powershell as administrator

Get-appxpackage -all *shellexperience* -packagetype bundle |% {add-appxpackage -register -disabledevelopmentmode ($_.installlocation + “\appxmetadata\appxbundlemanifest.xml”)}

5. after that do this:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

 

 


Windows 10 Home edition Windows Defender hardening

Need to start powershell script as administrator

 

Set-MpPreference -MAPSReporting Advanced
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
Set-MpPreference -CloudBlockLevel HighPlus
Set-MpPreference -CloudExtendedTimeout 5
Set-MpPreference -DisableBlockAtFirstSeen $false
Set-MpPreference -PUAProtection Enabled
Set-MpPreference -LowThreatDefaultAction Quarantine
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -ModerateThreatDefaultAction Quarantine

 


How to delete duplicate lines in text file with awk for windows

 

#if you have awk for windows installed
awk "!seen[$0]++" file.txt

 


How to find out why Windows 10 is waking up on it's own when restart for update is pending

start cmd as administrator

powercfg /requests
powercfg /lastwake
powercfg /sleepstudy
powercfg /systemsleepdiagnostics
powercfg /systempowerreport

 


How to see all available keys for zabbix to read

list all performance counters:

typeperf -qx 

 

 example:

zabbix_get -s 192.168.71.2 -k perf_counter["\System\Context Switches/sec"]

How to search for string in files recursivly

 

# show all
# cd id directory where you will search whit recursion
findstr /spin /c:"some string" u_ex211008.log

# show one per file
# cd id directory where you will search whit recursion
# need to have awk for windows
findstr /spi /c:"some string" u_ex211104* | awk "{print $1}" | awk "!seen[$0]++"

 


How to list all IP addresses in windows firewall rule

 

#all IPa
Get-NetFirewallRule -DisplayName "Rule Name" | Get-NetFirewallAddressFilter |where remoteaddress  | select -ExpandProperty RemoteAddress 


#all IPs with 194 in it
Get-NetFirewallRule -DisplayName "Rule Name" | Get-NetFirewallAddressFilter |where remoteaddress  | select -ExpandProperty RemoteAddress | find "194"

 


How to find IPs which DDoS my IIS site through reverse proxy

Use log parser when you find out which domain is under attack, if attack is on default page with variable GET params (random params are 30+ chars)

logparser -rtp:-1 "SELECT TOP 100 X-Forwarded-For, COUNT(X-Forwarded-For) FROM e:\logs\W3SVC60\u_ex210515_x.log WHERE cs-uri-stem='/' AND time > '15:05:00' AND time < '15:11:59' AND STRLEN(cs-uri-query) >= 30 GROUP BY X-Forwarded-For ORDER BY COUNT(X-Forwarded-For) DESC" -i:W3C

 


How to show all TCP connection made to windows server using netstat

I will remove IPs that are not network, useful for slowloris attack analysis

netstat -nat | find "TCP" | find /v "127.0.0.1" | find /v "[::]" | find /v "0.0.0.0" 

 


How to find out which proccess is using all bandwidth (windows network) 

Task manager -> Performace -> open resource Monitor -> Disk

 


How to list all network adapters in zabbix

 

zabbix_get -s 192.168.2.2 -k net.if.discovery

How to list network bandwidth on this zabbix NICs

 

zabbix_get -s 192.168.2.2 -k net.if.out["vmxnet3 Ethernet Adapter"]

 


How to find string "Rejected-By-Urlscan" in log files for 2022-03

 

#if you have grep and uniq installed od windows (ports from linux)
findstr /i /s /c:"Rejected-By-UrlScan" *2209* | grep -Eo "^[^:]+" | uniq -c | sort /R
# if you have regexp - you don't have it 'cos it's my util ...
findstr /i /s /c:"Rejected-By-UrlScan" *2203* | regexp "^[\w\d\\]+" | uniq -c | sort /R

 


Find files in directory modified or created  between two dates and with some extensions

 

Get-ChildItem -Recurse `
| Where-Object `
{ `
    ( `
        ( ($_.LastWriteTime -ge "04/14/2022") -and ($_.LastWriteTime -lt "04/16/2022") ) `
        -or `
        ( ($_.CreationTime -ge "04/14/2022") -and ($_.CreationTime -lt "04/16/2022") ) `
    ) `
    -and  `
    ( `
            ($_.extension -eq ".asp") `
        -or ($_.extension -eq ".aspx") `
        -or ($_.extension -eq ".asax") `
        -or ($_.extension -eq ".dll") `
        -or ($_.extension -eq ".php") `
    ) `
}

 


How to find out version of .NET install

use registry edit

#installed versions
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"

#list specific
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\full" /v version

 


How to replace ALL SSL on IIS with new SSL

This is for case whan you have asterix certificate like *.globaldizajn.hr and need to replace it on ALL subdomains

#PowerShell script
#WARNNING this replace only certs in WebHosting not under Personal
#if you want to chage under Personal change WebHosting to My in Get-ChildItem command
#old and new certificate are specified by tumbprint (hash)

$OldThumbprint = "D1A59FDEF3DCEB028778542E9F6219911E70FF8C"
$NewThumbprint = "923C5B09D1856FC3724C783A9BD4A0889E97F16D"

$cert = Get-ChildItem -Path cert:\LocalMachine\WebHosting\$OldThumbprint
$certNew = Get-ChildItem -Path cert:\LocalMachine\WebHosting\$NewThumbprint

#debug print
#Write-Host $cert
#Write-Host $certNew

Get-WebBinding | Where-Object { $_.certificateHash -eq $OldThumbprint} | ForEach-Object {
    Write-Host "Replacing Cert For "  $_ 
    
    $_.RemoveSslCertificate()
    $_.AddSslCertificate($certNew.Thumbprint, "WebHosting")

    #If you want to change just first to see if it works fine uncomment break command
    #break
}

 


How to List all available certificates in WebHosting store 

#powershell script
#change cert:\LocalMachine\WebHosting to cert:\LocalMachine\My for personal store

Get-ChildItem -Path cert:\LocalMachine\WebHosting | ForEach-Object {
    Write-Host "Subject: " $_.Subject
    Write-Host "FriendlyName: " $_.FriendlyName
    Write-Host "Thumbprint: " $_.Thumbprint
    Write-Host "Certificate is valid until: " $_.NotAfter
    Write-Host "   ------------------   "
}

 


If clipboard is not working on remote desktop here is what to do

  1. remote desktop to server
  2. start Task Manager on remote desktop
  3. find task rdpclip.exe
  4. stop that task
  5. open cmd.exe and enter rdpclip.exe

Now clipboard should work fine

 


How to display installed .NET versions on Windows server

 

Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP' -Recurse |
Get-ItemProperty -Name Version -ErrorAction SilentlyContinue |
Where-Object { $_.Version } |
Select-Object PSChildName, Version

 


How to add Users group full rights to directory and all subdirectories in command line

ECHO Y|cacls "F:\logs\*" /T /E /G Users:F

 


How to copy directory from shared dir without web.config file and imagecache dir

 

robocopy \\172.19.128.36\webovi c:\webovi /S /E /NP /XD "imagecache" /XD "* Copy" /xf web.config

 


How to install winget on windows server 2019 / Win 10

use powershell to install winget

Install-Script -Name winget-install
winget-install

 


How to install clink + starship with winget

execute with cmd

#install clink and starship using winget
echo Y|winget install clink
winget install starship

#start starship when clink is stared
echo load(io.popen('starship init cmd'):read("*a"))() > %userprofile%\appdata\Local\clink\starship.lua

#save tokyo-night preset to disk if you like it
starship preset tokyo-night %userprofile%\.config\starship.toml

#if exec are too dark use light blue
clink set color.executable sgr 1;38;5;39

#if args are too dark use yellow
clink set color.input sgr 38;5;154

#if flags ar dark use again yellow
clink set color.flag sgr 38;5;154

#if pipes are too dark
clink set color.cmdsep sgr 38;5;220

#color are here: https://en.wikipedia.org/wiki/ANSI_escape_code

#change directory to this and replace myuser with you username if you have custom preset
#if you want original preset just create file %userprofile%\.config\starship.toml
#copy this in it (and replace myuser with you username)

[directory]
truncation_length = 0
truncation_symbol = ""
home_symbol = "c:\\users\\myuser"
use_os_path_sep = true

#nerd font is required for all special characters
#https://www.nerdfonts.com/font-downloads

How to list last login to Windows PC and exclude SYSTEM and CRO-PC$ logins

 

Get-EventLog -LogName Security -InstanceId 4624 | 
Where-Object { $_.ReplacementStrings[5] -notin @("SYSTEM", "CRO-PC$") } | 
Select-Object TimeGenerated, 
              @{Name='User';Expression={$_.ReplacementStrings[5]}}, 
              @{Name='IP Address';Expression={$_.ReplacementStrings[18]}} | 
Sort-Object TimeGenerated -Descending | 
Select-Object -First 100

 


How to test if there is TCP connection to remote server without telnet using Powershell

 

Test-NetConnection -Port 80 -ComputerName "www.globaldizajn.hr" -InformationLevel "Detailed"

 

 

@2016