Jump to content

Windows: Difference between revisions

From Smithnet Wiki
← Older edit
No edit summary
 
(27 intermediate revisions by the same user not shown)
Line 9: Line 9:
Revert to normal:
Revert to normal:
  bcdedit /deletevalue {current} safeboot
  bcdedit /deletevalue {current} safeboot
== Performance Metrics ==
winsat mem
winsat cpu -encryption
winsat disk


== Installation ==
== Installation ==
Line 48: Line 54:
Unmount ISO:
Unmount ISO:
  Dismount-DiskImage -ImagePath $iso
  Dismount-DiskImage -ImagePath $iso
=== Show/Change network profile ===
Get-NetConnectionProfile
Set-NetConnectionProfile -Name "Network" -NetworkCategory Private
== Server Core ==
* At the console, menu driven app: SConfig
To enable remote management:
winrm qc
or:
Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"
To disable the firewall:
Get-NetFirewallProfile
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true
Connect remotely with Computer Manager, Registry Editor, etc
See [https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-administer here] for other tasks.
== IoT ==
* [https://learn.microsoft.com/en-us/windows/iot-core/downloads Download & Installation]
To set up remote PowerShell connectio to device "iotdev", start PowerShell on desktop:
net start winrm
Enable trust with either:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value iotdev
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "iotdev,another-device.example.com"
Enter and leave remote PS sessions:
Enter-PSSession -ComputerName iotdev -Credential iotdev\Administrator
Exit-PSSession
eg shutdown immediately:
shutdown /r /t 0
== Hyper-V ==
Default file Locations:
* C:\ProgramData\Microsoft\Windows\Virtual Hard Disks
* C:\ProgramData\Microsoft\Windows\Hyper-V
External virtual network switch may perform very badly with Intel Wireless NICs.
*To fix poor upload speed:
** On the Hyper-V Virtual Ethernet Adapter, disable:
*** Large Send Offload IPv4
*** Large Send Offload IPv6
*To fix poor Download speed:
** On the Wifi Card, disable:
*** Packet Coalescing


== Registry ==
== Registry ==
Line 67: Line 129:


* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
=== User ===
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfilekList\[SID]\ProfileImagePath
Use netplwiz to change username


== NFS Client ==
== NFS Client ==
Line 79: Line 147:
== PowerShell ==
== PowerShell ==


Concatenate files:
Get-Content -Raw infile1, infile2 | Set-Content -NoNewline outfile
Find process name for something holding open port 443:
Get-Process -id (Get-NetTCPConnection -LocalPort 443).OwningProcess
Unzip:
Unzip:
  Expand-Archive somefile.zip
  Expand-Archive somefile.zip
Line 114: Line 187:
Test Network connection:
Test Network connection:
  Test-NetConnection -Port 5985
  Test-NetConnection -Port 5985
Show PS Session Permissions:
Get-PSSessionConfiguration -Name Microsoft.PowerShell


Remote PS Session:
Remote PS Session:
Line 131: Line 207:
     "";
     "";
  };
  };
Run commands remotely:
Invoke-Command -ComputerName somehost -FilePath C:\path\script.ps1 -credential Administrator
The [https://learn.microsoft.com/en-gb/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.3 execution policy] may need to be changes:
Get-ExecutionPolicy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Revert with:
Set-ExecutionPolicy -ExecutionPolicy Default
Find in files:
Get-Content *.py | Selectt-String -Pattern wibble


=== Remove Applications ===
=== Remove Applications ===
Line 159: Line 248:


Can also convert to mbr format
Can also convert to mbr format
== Move User Profiles ==
User profiles are stored in (for example) C:\Users\Sharon. Can be moved per-user to a new drive or NTFS mount, eg D:\Users\Store
* Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)
Some hiddent junctions may be problematic during copy. Can list them with:
dir /s /A:L
As Administrator:
xcopy C:\Users\Sharon\*.* D:\Users\Sharon /E /H /K /O
These options:
* Copy Everything
* Including System/Hidden files
* Preserve file/director attributes
* Preserve file/directory permissions
May also need /C : continue on errors. On my Windows 11 system I found a junction loop:
* C:\Users\Sharon\AppData\Local\Application Data -> C:\Users\Sharon\AppData\Local
which I had to remove with remdir to allow zcopy to proceed.
cd C:\Users
ren Sharon Sharon.old
mklink /J C:\Users\Sharon D:\Users\Sharon
Here we create an NTFS junction to point from the original location to the new one.
Alternatively, see:
* Move C:\Users\Sharon directory
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<User SID>
* Change ProfileImagePath to C:\Store\Sharon
* Search/replace registry for old entries for C:\Users\Sharon


== NTFS ==
== NTFS ==
Line 170: Line 293:
* /h Creates a hard link instead of a symbolic link
* /h Creates a hard link instead of a symbolic link
* /j Creates a director junction
* /j Creates a director junction
To remove a symlink (not the target) to a directory use:
rmdir Alias


=== Drive as a folder ===
=== Drive as a folder ===

Latest revision as of 16:47, 16 July 2025

Boot Mode

Boot into safe mode: 

bcdedit /set {current} safeboot minimal

Or, with networking: 

bcdedit /set {current} safeboot network

Revert to normal: 

bcdedit /deletevalue {current} safeboot

Performance Metrics

winsat mem
winsat cpu -encryption
winsat disk

Installation

Allow Win 11 Upgrades

In-place upgrade:

  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\AllowUpgradesWithUnsupportedTPMOrCpu = 1 (DWORD32)

From USB install/ISO, at first setup screen, SHIFT-F10 to open regedit, and add:

  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassTPMCheck = 1 (DWORD32)
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassSecureBootCheck = 1 (DWORD32)
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassRAMCheck = 1 (DWORD32)

Create bootable thumb drive from ISO file

Insert >= 8 GiB thumb drive that has been initalised as GPT with no partitions. In PowerShell:

Mount ISO file: 

$iso = "C:\en_windows_server_2019_x64.iso"
$isomount = Mount-DiskImage -ImagePath $iso -StorageType ISO -PassThru
$isodrive = ($isomount | Get-Volume).DriveLetter

Look for USB drives, identify by FriendlyName or SerialNumber: 

Get-Disk | Where BusType -eq "USB"
$thumb = Get-Disk | Where SerialNumber -eq "1234567890"

Clear thumb drive, and initialise to GPT: 

$thumb | Clear-Disk -RemoveData -PassThru

Create partition, format to FAT32 

$vol = $thumb| New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem FAT32 -NewFileSystemLabel WINSVR-2019

Copy files to thumb drive: 

Copy-Item -Path ($isodrive + ":\*") -Destination ($vol.DriveLetter + ":\") -Recurse

Unmount ISO: 

Dismount-DiskImage -ImagePath $iso

Show/Change network profile

Get-NetConnectionProfile
Set-NetConnectionProfile -Name "Network" -NetworkCategory Private

Server Core

  • At the console, menu driven app: SConfig

To enable remote management: 

winrm qc

or: 

Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"

To disable the firewall: 

Get-NetFirewallProfile
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true

Connect remotely with Computer Manager, Registry Editor, etc

See here for other tasks.

IoT

To set up remote PowerShell connectio to device "iotdev", start PowerShell on desktop: 

net start winrm

Enable trust with either: 

Set-Item WSMan:\localhost\Client\TrustedHosts -Value iotdev
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "iotdev,another-device.example.com"

Enter and leave remote PS sessions: 

Enter-PSSession -ComputerName iotdev -Credential iotdev\Administrator
Exit-PSSession

eg shutdown immediately: 

shutdown /r /t 0

Hyper-V

Default file Locations:

  • C:\ProgramData\Microsoft\Windows\Virtual Hard Disks
  • C:\ProgramData\Microsoft\Windows\Hyper-V

External virtual network switch may perform very badly with Intel Wireless NICs.

  • To fix poor upload speed:
    • On the Hyper-V Virtual Ethernet Adapter, disable:
      • Large Send Offload IPv4
      • Large Send Offload IPv6
  • To fix poor Download speed:
    • On the Wifi Card, disable:
      • Packet Coalescing

Registry

Chrome updates and forced Extensions

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\UpdateDefault = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\AutoUpdateCheckPeriodMinutes = 30
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update = 1
  • HKEY_CURRENT_USER\SOFTWARE\Google\Update = 1

Firefox updates

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\DisableAppUpdate = 0

Wifi Names

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

User

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfilekList\[SID]\ProfileImagePath

Use netplwiz to change username

NFS Client

Can mount, like: 

mount \\nfsserver\home\fred F:

but to make writeable, in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

  • Create AnonymousUid as DWORD and enter the UID of the remote user that has write permissions
  • Create AnonymousUid as DWORD and enter the GID of the remote user that has write permissions

PowerShell

Concatenate files: 

Get-Content -Raw infile1, infile2 | Set-Content -NoNewline outfile

Find process name for something holding open port 443: 

Get-Process -id (Get-NetTCPConnection -LocalPort 443).OwningProcess

Unzip: 

Expand-Archive somefile.zip

Show all attributes on an object: 

Get-Date | Format-List
Get-Service | Format-List

Show properties and methods: 

Get-Date | Get-Member

Show a subset of data: 

Get-VM | Select Name, State, Status

Name                  State Status
----                  ----- ------
Local Discovery         Off Operating normally
Local Fedora (lisa) Running Operating normally

Determine type: 

$_.GetType().Name

Find certificate objects: 

Get-ChildItem -Path Cert:\LocalMachine -Recurse | WhereObject {$_.Name -match 'X509Certificate'}

Show MD5 sum: 

Get-FileHash C:\somefile -Algorithm MD5

Issue Rest-API call: 

$uri='https://www.example.com/api/v1.1/admin/about'
$token='Mzo3ODI4ZjgzNzM2OTk3OGJiNTFmYTdmMDAwM...'
$headers=@{Authorization="Bearer $token"}
Invoke-RestMethod -SkipCertificateCheck -Uri $uri -Method 'GET' -Headers $headers

Test Network connection: 

Test-NetConnection -Port 5985

Show PS Session Permissions: 

Get-PSSessionConfiguration -Name Microsoft.PowerShell

Remote PS Session: 

Enter-PSSession -ComputerName somehost -Credential Administrator

Remote PS Command: 

Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-NetIPAddress}
Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-CIMInstance -Class Win32_NetworkAdapter}

Network Connections to PID 0: 

Get-NetTCPConnection | Where-Object {$_.OwningProcess -eq 0} | ForEach-Object {
    "local_ip_addr: {0}" -f $_.LocalAddress;
    "local_port: {0}" -f $_.LocalPort;
    "remote_ip_addr: {0}" -f $_.RemoteAddress;
    "remote_port: {0}" -f $_.RemotePort;
    "pid: {0}" -f $_.OwningProcess;
    "";
};

Run commands remotely: 

Invoke-Command -ComputerName somehost -FilePath C:\path\script.ps1 -credential Administrator

The execution policy may need to be changes: 

Get-ExecutionPolicy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Revert with: 

Set-ExecutionPolicy -ExecutionPolicy Default

Find in files: 

Get-Content *.py | Selectt-String -Pattern wibble

Remove Applications

Get-AppxPackage | Out-File packages.txt
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxGamingOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxSpeechToTextOverlay | Remove-AppxPack

List all installed apps: 

Get-AppxPackage | Select Name , PackageFullName

Remove all inbuilt / default app from all user account 

Get-AppxPackage -AllUsers | Remove-AppxPackage

Remove all modern apps: 

Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage -online

Remove XBox apps: 

get-appxpackage *xbox* | remove-appxpackage

Diskpart

list disk
select disk 6
convert gpt
exit

Can also convert to mbr format

Move User Profiles

User profiles are stored in (for example) C:\Users\Sharon. Can be moved per-user to a new drive or NTFS mount, eg D:\Users\Store

  • Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)

Some hiddent junctions may be problematic during copy. Can list them with: 

dir /s /A:L

As Administrator: 

xcopy C:\Users\Sharon\*.* D:\Users\Sharon /E /H /K /O

These options:

  • Copy Everything
  • Including System/Hidden files
  • Preserve file/director attributes
  • Preserve file/directory permissions

May also need /C : continue on errors. On my Windows 11 system I found a junction loop:

  • C:\Users\Sharon\AppData\Local\Application Data -> C:\Users\Sharon\AppData\Local

which I had to remove with remdir to allow zcopy to proceed. 

cd C:\Users
ren Sharon Sharon.old
mklink /J C:\Users\Sharon D:\Users\Sharon

Here we create an NTFS junction to point from the original location to the new one.

Alternatively, see:

  • Move C:\Users\Sharon directory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<User SID>
  • Change ProfileImagePath to C:\Store\Sharon
  • Search/replace registry for old entries for C:\Users\Sharon

NTFS

Junction

Create a directory (/d option) symbolic link: 

mklink /D C:\Alias "C:\Original Data"

so now Alias can be referenced to access original data.

  • /h Creates a hard link instead of a symbolic link
  • /j Creates a director junction

To remove a symlink (not the target) to a directory use: 

rmdir Alias

Drive as a folder

diskpart
DISKPART> list volume

Note the volume number. 

DISKPART> select volume <volumenumber>
DISKPART> assign mount="C:\Users\John\Documents\NewDrive"
Retrieved from "https://www.smithnet.org.uk/wiki/index.php?title=Windows&oldid=1403"