Part 1 - Alexandre Borges PDF
Preview Part 1 - Alexandre Borges
Windows Commands and Tools – Part 1 ALEXANDRE BORGES - BLOG Windows Commands and Tools – Part 1 Author: Alexandre Borges Revision: A.1 Website: http://alexandreborges.org This document is the first part of a series of articles about useful Windows commands (graphical or not) which can help you in a daily administration. Most them are self-explanatory. All commands were tested in a Windows 7 environment. Enjoy it! Command 1: How to verify the firewall status (WinXP and Win7 – deprecated command) C:\>netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 5800 TCP Any (null) 5900 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 Command 2: How to verify the firewall status and configuration (Win7) C:\>netsh advfirewall show allprofiles Domain Profile Settings: ---------------------------------------------------------------------- http://alexandreborges.org Page 1 Windows Commands and Tools – Part 1 State OFF Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall .log MaxFileSize 4096 Private Profile Settings: ---------------------------------------------------------------------- State OFF Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall .log MaxFileSize 4096 Public Profile Settings: ---------------------------------------------------------------------- State OFF Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Disable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall .log MaxFileSize 4096 Ok. http://alexandreborges.org Page 2 Windows Commands and Tools – Part 1 Command 3: How to verify the firewall configuration (WinXP and Win7 – deprecated command) C:\>netsh firewall show config Domain profile configuration: ------------------------------------------------------------------- Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Allowed programs configuration for Domain profile: Mode Traffic direction Name / Program ------------------------------------------------------------------- Port configuration for Domain profile: Port Protocol Mode Traffic direction Name ------------------------------------------------------------------- 1900 UDP Enable Inbound Windows Live Communications Platform (SSDP) 2869 TCP Enable Inbound Windows Live Communications Platform (UPnP) ICMP configuration for Domain profile: Mode Type Description ------------------------------------------------------------------- Enable 2 Allow outbound packet too big Standard profile configuration (current): ------------------------------------------------------------------- Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Service configuration for Standard profile: Mode Customized Name ------------------------------------------------------------------- Enable No File and Printer Sharing Enable No Network Discovery Allowed programs configuration for Standard profile: Mode Traffic direction Name / Program ------------------------------------------------------------------- Enable Inbound Apache HTTP Server / C:\program files (x86)\postgresql\enterprisedb- apachephp\apache\bin\httpd.exe Disable Inbound Free Download Manager / C:\program files (x86)\free download manager\fdm.exe Enable Inbound Dropbox / C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe Enable Inbound vncviewer.exe / C:\Program Files (x86)\UltraVNC\vncviewer.exe http://alexandreborges.org Page 3 Windows Commands and Tools – Part 1 Enable Inbound WinSCP: SFTP, FTP and SCP client / C:\program files (x86)\winscp\winscp.exe Enable Inbound Microsoft OneNote / C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE Port configuration for Standard profile: Port Protocol Mode Traffic direction Name ------------------------------------------------------------------- 5800 TCP Enable Inbound vnc5800 5900 TCP Enable Inbound vnc5900 1900 UDP Enable Inbound Windows Live Communications Platform (SSDP) 2869 TCP Enable Inbound Windows Live Communications Platform (UPnP) ICMP configuration for Standard profile: Mode Type Description ------------------------------------------------------------------- Enable 2 Allow outbound packet too big Log configuration: ------------------------------------------------------------------- File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log Max file size = 4096 KB Dropped packets = Disable Connections = Disable IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 . Command 4: How to list the running processes C:\>tasklist Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ System Idle Process 0 Services 0 24 K System 4 Services 0 56 K smss.exe 436 Services 0 656 K csrss.exe 628 Services 0 4.048 K wininit.exe 704 Services 0 328 K csrss.exe 728 Console 1 20.552 K services.exe 772 Services 0 9.912 K (truncated output) Command 5: How to list the running services associated with processes http://alexandreborges.org Page 4 Windows Commands and Tools – Part 1 C:\>tasklist /SVC Image Name PID Services ========================= ======== ============================================ System Idle Process 0 N/A System 4 N/A smss.exe 436 N/A csrss.exe 628 N/A wininit.exe 704 N/A csrss.exe 728 N/A services.exe 772 N/A lsass.exe 784 KeyIso, ProtectedStorage, SamSs lsm.exe 792 N/A svchost.exe 900 DcomLaunch, PlugPlay, Power nvvsvc.exe 976 NVSvc svchost.exe 1016 RpcEptMapper, RpcSs (truncated output) Command 6: How to list started services C:\>net start These Windows services are started: Adobe Acrobat Update Service Application Information avast! Antivirus Background Intelligent Transfer Service Base Filtering Engine Bitvise SSH Server Bluetooth Support Service Certificate Propagation CNG Key Isolation COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager (truncated output) Command 7: How to list network connections C:\>netstat -oban Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 13232 [BvSshServer.exe] http://alexandreborges.org Page 5 Windows Commands and Tools – Part 1 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1016 RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 Can not obtain ownership information TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 4728 [wmpnetwk.exe] TCP 0.0.0.0:902 0.0.0.0:0 LISTENING 3136 [vmware-authd.exe] TCP 0.0.0.0:912 0.0.0.0:0 LISTENING 3136 (truncated output) Command 8: How to list local shares C:\>net view 127.0.0.1 Shared resources at 127.0.0.1 Share name Type Used as Comment ------------------------------------------------------------------------------- Home_Printer Print Home_Printer Users Disk WCProWIAInbox Disk The command completed successfully. Command 9: How to check logged users on C:\>net user User accounts for \\EXADATA ------------------------------------------------------------------------------- Administrator ALEXANDRE BORGES Guest The command completed successfully. Command 10: How to open Local User and Group Administration GUI C:\>lusrmgr.msc http://alexandreborges.org Page 6 Windows Commands and Tools – Part 1 Command 11: How to open the Eventviewer C:\>eventvwr.msc Command 12: How to get motherboard info (1) C:\>wmic baseboard list brief Manufacturer Model Name Product SerialNumber SKU Dell Inc. Base Board 08V9YG /D5965S1/CN7590022400A3/ Command 13: How to get motherboard info (2) http://alexandreborges.org Page 7 Windows Commands and Tools – Part 1 C:\>wmic baseboard get manufacturer Manufacturer Dell Inc. Command 14: How to get cpu info (1) C:\>wmic cpu list brief Caption DeviceID Manufacturer MaxClockSpeed Name SocketDesignation Intel64 Family 6 Model 42 Stepping 7 CPU0 GenuineIntel 2501 Intel(R) Core(TM) i7- 2920XM CPU @ 2.50GHz CPU 1 Command 15: How to get CPU info (2) C:\>wmic cpu list full AddressWidth=64 Architecture=9 Availability=3 Caption=Intel64 Family 6 Model 42 Stepping 7 ConfigManagerErrorCode= ConfigManagerUserConfig= CpuStatus=1 CreationClassName=Win32_Processor CurrentClockSpeed=1975 CurrentVoltage=0 DataWidth=64 Description=Intel64 Family 6 Model 42 Stepping 7 DeviceID=CPU0 ErrorCleared= ErrorDescription= ExtClock=100 Family=198 InstallDate= L2CacheSize=256 L2CacheSpeed= LastErrorCode= Level=6 LoadPercentage= Manufacturer=GenuineIntel MaxClockSpeed=2501 Name=Intel(R) Core(TM) i7-2920XM CPU @ 2.50GHz OtherFamilyDescription= PNPDeviceID= PowerManagementCapabilities= PowerManagementSupported=FALSE ProcessorId=BFEBFBFF000206A7 ProcessorType=3 Revision=10759 http://alexandreborges.org Page 8 Windows Commands and Tools – Part 1 Role=CPU SocketDesignation=CPU 1 Status=OK StatusInfo=3 Stepping= SystemCreationClassName=Win32_ComputerSystem SystemName=EXADATA UniqueId= UpgradeMethod=1 Version= VoltageCaps= Command 16: How to get CDROM info (1) C:\>wmic cdrom list status Availability Drive ErrorCleared MediaLoaded NeedsCleaning Status StatusInfo 3 D: FALSE OK 3 E: FALSE OK Command 17: How to get CDROM info (2) C:\>wmic cdrom list brief Caption Drive Manufacturer VolumeName MATSHITA BD-RE UJ252 D: (Standard CD-ROM drives) ELBY CLONEDRIVE SCSI CdRom Device E: (Standard CD-ROM drives) Command 18: How to get CDROM info (3) C:\>wmic cdrom list full Availability=3 Capabilities={3,4,7} CapabilityDescriptions={"Random Access"," Supports writing"," Supports Removable Media"} CompressionMethod=Unknown ConfigManagerErrorCode=0 ConfigManagerUserConfig=FALSE DefaultBlockSize= Description=CD-ROM Drive DeviceID=IDE\CDROMMATSHITA_BD- RE_UJ252____________________1.01____\4&2A37E9BC&0&0.1.0 Drive=D: DriveIntegrity= ErrorCleared= ErrorDescription= ErrorMethodology= FileSystemFlags= FileSystemFlagsEx= http://alexandreborges.org Page 9 Windows Commands and Tools – Part 1 Id=D: InstallDate= LastErrorCode= Manufacturer=(Standard CD-ROM drives) MaxBlockSize= MaximumComponentLength= MaxMediaSize= MediaLoaded=FALSE MediaType=DVD Writer MfrAssignedRevisionLevel=1.01 MinBlockSize= Name=MATSHITA BD-RE UJ252 NeedsCleaning= NumberOfMediaSupported= PNPDeviceID=IDE\CDROMMATSHITA_BD- RE_UJ252____________________1.01____\4&2A37E9BC&0&0.1.0 PowerManagementCapabilities= PowerManagementSupported= RevisionLevel= SCSIBus=0 SCSILogicalUnit=0 SCSIPort=0 SCSITargetId=1 Size= Status=OK StatusInfo= SystemName=EXADATA TransferRate=-1 VolumeName= VolumeSerialNumber= (truncated output) Command 19: How to get BootConfig Information (1) C:\>wmic bootconfig list brief BootDirectory Caption Name SettingID C:\Windows \Device\Harddisk0\Partition2 BootConfiguration Command 20: How to get BootConfig Information (2) C:\>wmic bootconfig list full BootDirectory=C:\Windows ConfigurationPath=C:\Windows Description=\Device\Harddisk0\Partition2 LastDrive=Q: Name=BootConfiguration ScratchDirectory=C:\Windows\system32\config\systemprofile\AppData\Local\Temp http://alexandreborges.org Page 10
Description:The list of books you might like
