Windows: Difference between revisions

Boot Mode

Boot into safe mode:

bcdedit /set {current} safeboot minimal

Or, with networking:

bcdedit /set {current} safeboot network

Revert to normal:

bcdedit /deletevalue {current} safeboot

Installation

Allow Win 11 Upgrades

In-place upgrade:

• HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\AllowUpgradesWithUnsupportedTPMOrCpu = 1 (DWORD32)

From USB install/ISO, at first setup screen, SHIFT-F10 to open regedit, and add:

• HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassTPMCheck = 1 (DWORD32)
• HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassSecureBootCheck = 1 (DWORD32)
• HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassRAMCheck = 1 (DWORD32)

Create bootable thumb drive from ISO file

Insert >= 8 GiB thumb drive that has been initalised as GPT with no partitions. In PowerShell:

Mount ISO file:

$iso = "C:\en_windows_server_2019_x64.iso"
$isomount = Mount-DiskImage -ImagePath $iso -StorageType ISO -PassThru
$isodrive = ($isomount | Get-Volume).DriveLetter

Look for USB drives, identify by FriendlyName or SerialNumber:

Get-Disk | Where BusType -eq "USB"
$thumb = Get-Disk | Where SerialNumber -eq "1234567890"

Clear thumb drive, and initialise to GPT:

$thumb | Clear-Disk -RemoveData -PassThru

Create partition, format to FAT32

$vol = $thumb| New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem FAT32 -NewFileSystemLabel WINSVR-2019

Copy files to thumb drive:

Copy-Item -Path ($isodrive + ":\*") -Destination ($vol.DriveLetter + ":\") -Recurse

Unmount ISO:

Dismount-DiskImage -ImagePath $iso

Server Core

• At the console, menu driven app: SConfig

To enable remote management:

Enable-NetFirewallRule -DisplayGroup "Windows Remote Management"

To disable the firewall:

Get-NetFirewallProfile
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled true

Connect remotely with Computer Manager, Registry Editor, etc

See here for other tasks.

IoT

• Download & Installation

To set up remote PowerShell connectio to device "iotdev", start PowerShell on desktop:

net start winrm

Enable trust with either:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value iotdev
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "iotdev,another-device.example.com"

Enter and leave remote PS sessions:

Enter-PSSession -ComputerName iotdev -Credential iotdev\Administrator
Exit-PSSession

eg shutdown immediately:

shutdown /r /t 0

Registry

Chrome updates and forced Extensions

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\UpdateDefault = 1
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\AutoUpdateCheckPeriodMinutes = 30
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist\*

• HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update = 1
• HKEY_CURRENT_USER\SOFTWARE\Google\Update = 1

Firefox updates

• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\DisableAppUpdate = 0

Wifi Names

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

User

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfilekList\[SID]\ProfileImagePath

Use netplwiz to change username

NFS Client

Can mount, like:

mount \\nfsserver\home\fred F:

but to make writeable, in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

• Create AnonymousUid as DWORD and enter the UID of the remote user that has write permissions
• Create AnonymousUid as DWORD and enter the GID of the remote user that has write permissions

PowerShell

Unzip:

Expand-Archive somefile.zip

Show all attributes on an object:

Get-Date | Format-List
Get-Service | Format-List

Show properties and methods:

Get-Date | Get-Member

Show a subset of data:

Get-VM | Select Name, State, Status

Name                  State Status
----                  ----- ------
Local Discovery         Off Operating normally
Local Fedora (lisa) Running Operating normally

Determine type:

$_.GetType().Name

Find certificate objects:

Get-ChildItem -Path Cert:\LocalMachine -Recurse | WhereObject {$_.Name -match 'X509Certificate'}

Show MD5 sum:

Get-FileHash C:\somefile -Algorithm MD5

Issue Rest-API call:

$uri='https://www.example.com/api/v1.1/admin/about'
$token='Mzo3ODI4ZjgzNzM2OTk3OGJiNTFmYTdmMDAwM...'
$headers=@{Authorization="Bearer $token"}
Invoke-RestMethod -SkipCertificateCheck -Uri $uri -Method 'GET' -Headers $headers

Test Network connection:

Test-NetConnection -Port 5985

Remote PS Session:

Enter-PSSession -ComputerName somehost -Credential Administrator

Remote PS Command:

Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-NetIPAddress}
Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-CIMInstance -Class Win32_NetworkAdapter}

Network Connections to PID 0:

Get-NetTCPConnection | Where-Object {$_.OwningProcess -eq 0} | ForEach-Object {
    "local_ip_addr: {0}" -f $_.LocalAddress;
    "local_port: {0}" -f $_.LocalPort;
    "remote_ip_addr: {0}" -f $_.RemoteAddress;
    "remote_port: {0}" -f $_.RemotePort;
    "pid: {0}" -f $_.OwningProcess;
    "";
};

Run commands remotely:

Invoke-Command -ComputerName somehost -FilePath C:\path\script.ps1 -credential Administrator

The execution policy may need to be changes:

Get-ExecutionPolicy
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Revert with:

Set-ExecutionPolicy -ExecutionPolicy Default

Remove Applications

Get-AppxPackage | Out-File packages.txt
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxGamingOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxSpeechToTextOverlay | Remove-AppxPack

List all installed apps:

Get-AppxPackage | Select Name , PackageFullName

Remove all inbuilt / default app from all user account

Get-AppxPackage -AllUsers | Remove-AppxPackage

Remove all modern apps:

Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage -online

Remove XBox apps:

get-appxpackage *xbox* | remove-appxpackage

Diskpart

list disk
select disk 6
convert gpt
exit

Can also convert to mbr format

Move User Profiles

User profiles are stored in (for example) C:\Users\Sharon. Can be moved per-user to a new drive or NTFS mount, eg D:\Users\Store

• Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)

Some hiddent junctions may be problematic during copy. Can list them with:

dir /s /A:L

As Administrator:

xcopy C:\Users\Sharon\*.* D:\Users\Sharon /E /H /K /O

These options:

• Copy Everything
• Including System/Hidden files
• Preserve file/director attributes
• Preserve file/directory permissions

May also need /C : continue on errors. On my Windows 11 system I found a junction loop:

• C:\Users\Sharon\AppData\Local\Application Data -> C:\Users\Sharon\AppData\Local

which I had to remove with remdir to allow zcopy to proceed.

cd C:\Users
ren Sharon Sharon.old
mklink /J C:\Users\Sharon D:\Users\Sharon

Here we create an NTFS junction to point from the original location to the new one.

Alternatively, see:

• Move C:\Users\Sharon directory
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<User SID>
• Change ProfileImagePath to C:\Store\Sharon
• Search/replace registry for old entries for C:\Users\Sharon

NTFS

Junction

Create a directory (/d option) symbolic link:

mklink /D C:\Alias "C:\Original Data"

so now Alias can be referenced to access original data.

• /h Creates a hard link instead of a symbolic link
• /j Creates a director junction

To remove a symlink (not the target) to a directory use:

rmdir Alias

Drive as a folder

diskpart
DISKPART> list volume

Note the volume number.

DISKPART> select volume <volumenumber>
DISKPART> assign mount="C:\Users\John\Documents\NewDrive"