Windows: Difference between revisions

From Smithnet Wiki
Jump to navigation Jump to search
m (28 revisions imported)
 
(18 intermediate revisions by the same user not shown)
Line 9: Line 9:
Revert to normal:
Revert to normal:
  bcdedit /deletevalue {current} safeboot
  bcdedit /deletevalue {current} safeboot
== Performance Metrics ==
winsat mem
winsat cpu -encryption
winsat disk


== Installation ==
== Installation ==
Line 48: Line 54:
Unmount ISO:
Unmount ISO:
  Dismount-DiskImage -ImagePath $iso
  Dismount-DiskImage -ImagePath $iso
== Server Core ==
* At the console, menu driven app: SConfig
To enable remote management:
winrm qc
or:
Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"
To disable the firewall:
Get-NetFirewallProfile
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true
Connect remotely with Computer Manager, Registry Editor, etc
See [https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-administer here] for other tasks.
== IoT ==
* [https://learn.microsoft.com/en-us/windows/iot-core/downloads Download & Installation]
To set up remote PowerShell connectio to device "iotdev", start PowerShell on desktop:
net start winrm
Enable trust with either:
Set-Item WSMan:\localhost\Client\TrustedHosts -Value iotdev
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "iotdev,another-device.example.com"
Enter and leave remote PS sessions:
Enter-PSSession -ComputerName iotdev -Credential iotdev\Administrator
Exit-PSSession
eg shutdown immediately:
shutdown /r /t 0
== Hyper-V ==
Default file Locations:
* C:\ProgramData\Microsoft\Windows\Virtual Hard Disks
* C:\ProgramData\Microsoft\Windows\Hyper-V
External virtual network switch may perform very badly with Intel Wireless NICs.
*To fix poor upload speed:
** On the Hyper-V Virtual Ethernet Adapter, disable:
*** Large Send Offload IPv4
*** Large Send Offload IPv6
*To fix poor Download speed:
** On the Wifi Card, disable:
*** Packet Coalescing


== Registry ==
== Registry ==
Line 67: Line 124:


* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
=== User ===
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfilekList\[SID]\ProfileImagePath
Use netplwiz to change username


== NFS Client ==
== NFS Client ==
Line 131: Line 194:
     "";
     "";
  };
  };
Run commands remotely:
Invoke-Command -ComputerName somehost -FilePath C:\path\script.ps1 -credential Administrator
The [https://learn.microsoft.com/en-gb/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.3 execution policy] may need to be changes:
Get-ExecutionPolicy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted
Revert with:
Set-ExecutionPolicy -ExecutionPolicy Default


=== Remove Applications ===
=== Remove Applications ===
Line 165: Line 238:


* Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)
* Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)
Some hiddent junctions may be problematic during copy. Can list them with:
dir /s /A:L


As Administrator:
As Administrator:
Line 184: Line 260:


Here we create an NTFS junction to point from the original location to the new one.
Here we create an NTFS junction to point from the original location to the new one.
Alternatively, see:
* Move C:\Users\Sharon directory
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<User SID>
* Change ProfileImagePath to C:\Store\Sharon
* Search/replace registry for old entries for C:\Users\Sharon


== NTFS ==
== NTFS ==

Latest revision as of 04:53, 8 May 2024

Boot Mode

Boot into safe mode: 

bcdedit /set {current} safeboot minimal

Or, with networking: 

bcdedit /set {current} safeboot network

Revert to normal: 

bcdedit /deletevalue {current} safeboot

Performance Metrics

winsat mem
winsat cpu -encryption
winsat disk

Installation

Allow Win 11 Upgrades

In-place upgrade:

  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\AllowUpgradesWithUnsupportedTPMOrCpu = 1 (DWORD32)

From USB install/ISO, at first setup screen, SHIFT-F10 to open regedit, and add:

  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassTPMCheck = 1 (DWORD32)
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassSecureBootCheck = 1 (DWORD32)
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassRAMCheck = 1 (DWORD32)

Create bootable thumb drive from ISO file

Insert >= 8 GiB thumb drive that has been initalised as GPT with no partitions. In PowerShell:

Mount ISO file: 

$iso = "C:\en_windows_server_2019_x64.iso"
$isomount = Mount-DiskImage -ImagePath $iso -StorageType ISO -PassThru
$isodrive = ($isomount | Get-Volume).DriveLetter

Look for USB drives, identify by FriendlyName or SerialNumber: 

Get-Disk | Where BusType -eq "USB"
$thumb = Get-Disk | Where SerialNumber -eq "1234567890"

Clear thumb drive, and initialise to GPT: 

$thumb | Clear-Disk -RemoveData -PassThru

Create partition, format to FAT32 

$vol = $thumb| New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem FAT32 -NewFileSystemLabel WINSVR-2019

Copy files to thumb drive: 

Copy-Item -Path ($isodrive + ":\*") -Destination ($vol.DriveLetter + ":\") -Recurse

Unmount ISO: 

Dismount-DiskImage -ImagePath $iso

Server Core

  • At the console, menu driven app: SConfig

To enable remote management: 

winrm qc

or: 

Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"

To disable the firewall: 

Get-NetFirewallProfile
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true

Connect remotely with Computer Manager, Registry Editor, etc

See here for other tasks.

IoT

To set up remote PowerShell connectio to device "iotdev", start PowerShell on desktop: 

net start winrm

Enable trust with either: 

Set-Item WSMan:\localhost\Client\TrustedHosts -Value iotdev
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "iotdev,another-device.example.com"

Enter and leave remote PS sessions: 

Enter-PSSession -ComputerName iotdev -Credential iotdev\Administrator
Exit-PSSession

eg shutdown immediately: 

shutdown /r /t 0

Hyper-V

Default file Locations:

  • C:\ProgramData\Microsoft\Windows\Virtual Hard Disks
  • C:\ProgramData\Microsoft\Windows\Hyper-V

External virtual network switch may perform very badly with Intel Wireless NICs.

  • To fix poor upload speed:
    • On the Hyper-V Virtual Ethernet Adapter, disable:
      • Large Send Offload IPv4
      • Large Send Offload IPv6
  • To fix poor Download speed:
    • On the Wifi Card, disable:
      • Packet Coalescing

Registry

Chrome updates and forced Extensions

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\UpdateDefault = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\AutoUpdateCheckPeriodMinutes = 30
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update = 1
  • HKEY_CURRENT_USER\SOFTWARE\Google\Update = 1

Firefox updates

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\DisableAppUpdate = 0

Wifi Names

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

User

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfilekList\[SID]\ProfileImagePath

Use netplwiz to change username

NFS Client

Can mount, like: 

mount \\nfsserver\home\fred F:

but to make writeable, in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

  • Create AnonymousUid as DWORD and enter the UID of the remote user that has write permissions
  • Create AnonymousUid as DWORD and enter the GID of the remote user that has write permissions

PowerShell

Unzip: 

Expand-Archive somefile.zip

Show all attributes on an object: 

Get-Date | Format-List
Get-Service | Format-List

Show properties and methods: 

Get-Date | Get-Member

Show a subset of data: 

Get-VM | Select Name, State, Status

Name                  State Status
----                  ----- ------
Local Discovery         Off Operating normally
Local Fedora (lisa) Running Operating normally

Determine type: 

$_.GetType().Name

Find certificate objects: 

Get-ChildItem -Path Cert:\LocalMachine -Recurse | WhereObject {$_.Name -match 'X509Certificate'}

Show MD5 sum: 

Get-FileHash C:\somefile -Algorithm MD5

Issue Rest-API call: 

$uri='https://www.example.com/api/v1.1/admin/about'
$token='Mzo3ODI4ZjgzNzM2OTk3OGJiNTFmYTdmMDAwM...'
$headers=@{Authorization="Bearer $token"}
Invoke-RestMethod -SkipCertificateCheck -Uri $uri -Method 'GET' -Headers $headers

Test Network connection: 

Test-NetConnection -Port 5985

Remote PS Session: 

Enter-PSSession -ComputerName somehost -Credential Administrator

Remote PS Command: 

Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-NetIPAddress}
Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-CIMInstance -Class Win32_NetworkAdapter}

Network Connections to PID 0: 

Get-NetTCPConnection | Where-Object {$_.OwningProcess -eq 0} | ForEach-Object {
    "local_ip_addr: {0}" -f $_.LocalAddress;
    "local_port: {0}" -f $_.LocalPort;
    "remote_ip_addr: {0}" -f $_.RemoteAddress;
    "remote_port: {0}" -f $_.RemotePort;
    "pid: {0}" -f $_.OwningProcess;
    "";
};

Run commands remotely: 

Invoke-Command -ComputerName somehost -FilePath C:\path\script.ps1 -credential Administrator

The execution policy may need to be changes: 

Get-ExecutionPolicy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Revert with: 

Set-ExecutionPolicy -ExecutionPolicy Default

Remove Applications

Get-AppxPackage | Out-File packages.txt
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxGamingOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxSpeechToTextOverlay | Remove-AppxPack

List all installed apps: 

Get-AppxPackage | Select Name , PackageFullName

Remove all inbuilt / default app from all user account 

Get-AppxPackage -AllUsers | Remove-AppxPackage

Remove all modern apps: 

Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage -online

Remove XBox apps: 

get-appxpackage *xbox* | remove-appxpackage

Diskpart

list disk
select disk 6
convert gpt
exit

Can also convert to mbr format

Move User Profiles

User profiles are stored in (for example) C:\Users\Sharon. Can be moved per-user to a new drive or NTFS mount, eg D:\Users\Store

  • Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)

Some hiddent junctions may be problematic during copy. Can list them with: 

dir /s /A:L

As Administrator: 

xcopy C:\Users\Sharon\*.* D:\Users\Sharon /E /H /K /O

These options:

  • Copy Everything
  • Including System/Hidden files
  • Preserve file/director attributes
  • Preserve file/directory permissions

May also need /C : continue on errors. On my Windows 11 system I found a junction loop:

  • C:\Users\Sharon\AppData\Local\Application Data -> C:\Users\Sharon\AppData\Local

which I had to remove with remdir to allow zcopy to proceed. 

cd C:\Users
ren Sharon Sharon.old
mklink /J C:\Users\Sharon D:\Users\Sharon

Here we create an NTFS junction to point from the original location to the new one.

Alternatively, see:

  • Move C:\Users\Sharon directory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<User SID>
  • Change ProfileImagePath to C:\Store\Sharon
  • Search/replace registry for old entries for C:\Users\Sharon

NTFS

Junction

Create a directory (/d option) symbolic link: 

mklink /D C:\Alias "C:\Original Data"

so now Alias can be referenced to access original data.

  • /h Creates a hard link instead of a symbolic link
  • /j Creates a director junction

To remove a symlink (not the target) to a directory use: 

rmdir Alias

Drive as a folder

diskpart
DISKPART> list volume

Note the volume number. 

DISKPART> select volume <volumenumber>
DISKPART> assign mount="C:\Users\John\Documents\NewDrive"
Retrieved from ‘https://www.smithnet.org.uk/wiki/index.php?title=Windows&oldid=686