Windows

From Smithnet Wiki
Jump to navigation Jump to search

Boot Mode

Boot into safe mode: 

bcdedit /set {current} safeboot minimal

Or, with networking: 

bcdedit /set {current} safeboot network

Revert to normal: 

bcdedit /deletevalue {current} safeboot

Installation

Allow Win 11 Upgrades

In-place upgrade:

  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\MoSetup\AllowUpgradesWithUnsupportedTPMOrCpu = 1 (DWORD32)

From USB install/ISO, at first setup screen, SHIFT-F10 to open regedit, and add:

  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassTPMCheck = 1 (DWORD32)
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassSecureBootCheck = 1 (DWORD32)
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassRAMCheck = 1 (DWORD32)

Create bootable thumb drive from ISO file

Insert >= 8 GiB thumb drive that has been initalised as GPT with no partitions. In PowerShell:

Mount ISO file: 

$iso = "C:\en_windows_server_2019_x64.iso"
$isomount = Mount-DiskImage -ImagePath $iso -StorageType ISO -PassThru
$isodrive = ($isomount | Get-Volume).DriveLetter

Look for USB drives, identify by FriendlyName or SerialNumber: 

Get-Disk | Where BusType -eq "USB"
$thumb = Get-Disk | Where SerialNumber -eq "1234567890"

Clear thumb drive, and initialise to GPT: 

$thumb | Clear-Disk -RemoveData -PassThru

Create partition, format to FAT32 

$vol = $thumb| New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem FAT32 -NewFileSystemLabel WINSVR-2019

Copy files to thumb drive: 

Copy-Item -Path ($isodrive + ":\*") -Destination ($vol.DriveLetter + ":\") -Recurse

Unmount ISO: 

Dismount-DiskImage -ImagePath $iso

IoT

To set up remote PowerShell connectio to device "iotdev", start PowerShell on desktop: 

net start winrm

Enable trust with either: 

Set-Item WSMan:\localhost\Client\TrustedHosts -Value iotdev
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "iotdev,another-device.example.com"

Enter and leave remote PS sessions: 

Enter-PSSession -ComputerName iotdev -Credential ginger\Administrator
Exit-PSSession

eg shutdown immediately: 

shutdown /r /t 0

Registry

Chrome updates and forced Extensions

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\UpdateDefault = 1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\Update\AutoUpdateCheckPeriodMinutes = 30
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist\*
  • HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update = 1
  • HKEY_CURRENT_USER\SOFTWARE\Google\Update = 1

Firefox updates

  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\DisableAppUpdate = 0

Wifi Names

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

NFS Client

Can mount, like: 

mount \\nfsserver\home\fred F:

but to make writeable, in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default

  • Create AnonymousUid as DWORD and enter the UID of the remote user that has write permissions
  • Create AnonymousUid as DWORD and enter the GID of the remote user that has write permissions

PowerShell

Unzip: 

Expand-Archive somefile.zip

Show all attributes on an object: 

Get-Date | Format-List
Get-Service | Format-List

Show properties and methods: 

Get-Date | Get-Member

Show a subset of data: 

Get-VM | Select Name, State, Status

Name                  State Status
----                  ----- ------
Local Discovery         Off Operating normally
Local Fedora (lisa) Running Operating normally

Determine type: 

$_.GetType().Name

Find certificate objects: 

Get-ChildItem -Path Cert:\LocalMachine -Recurse | WhereObject {$_.Name -match 'X509Certificate'}

Show MD5 sum: 

Get-FileHash C:\somefile -Algorithm MD5

Issue Rest-API call: 

$uri='https://www.example.com/api/v1.1/admin/about'
$token='Mzo3ODI4ZjgzNzM2OTk3OGJiNTFmYTdmMDAwM...'
$headers=@{Authorization="Bearer $token"}
Invoke-RestMethod -SkipCertificateCheck -Uri $uri -Method 'GET' -Headers $headers

Test Network connection: 

Test-NetConnection -Port 5985

Remote PS Session: 

Enter-PSSession -ComputerName somehost -Credential Administrator

Remote PS Command: 

Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-NetIPAddress}
Invoke-Command -ComputerName somehost -Credential Administrator -ScriptBlock {Get-CIMInstance -Class Win32_NetworkAdapter}

Network Connections to PID 0: 

Get-NetTCPConnection | Where-Object {$_.OwningProcess -eq 0} | ForEach-Object {
    "local_ip_addr: {0}" -f $_.LocalAddress;
    "local_port: {0}" -f $_.LocalPort;
    "remote_ip_addr: {0}" -f $_.RemoteAddress;
    "remote_port: {0}" -f $_.RemotePort;
    "pid: {0}" -f $_.OwningProcess;
    "";
};

Run commands remotely: 

Invoke-Command -ComputerName somehost -FilePath C:\path\script.ps1 -credential Administrator


Remove Applications

Get-AppxPackage | Out-File packages.txt
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxGamingOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxSpeechToTextOverlay | Remove-AppxPack

List all installed apps: 

Get-AppxPackage | Select Name , PackageFullName

Remove all inbuilt / default app from all user account 

Get-AppxPackage -AllUsers | Remove-AppxPackage

Remove all modern apps: 

Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage -online

Remove XBox apps: 

get-appxpackage *xbox* | remove-appxpackage

Diskpart

list disk
select disk 6
convert gpt
exit

Can also convert to mbr format

Move User Profiles

User profiles are stored in (for example) C:\Users\Sharon. Can be moved per-user to a new drive or NTFS mount, eg D:\Users\Store

  • Ensure target directory (D:\Users\Sharon) is created with full-control permissions (eg create as Sharon)

Some hiddent junctions may be problematic during copy. Can list them with: 

dir /s /A:L

As Administrator: 

xcopy C:\Users\Sharon\*.* D:\Users\Sharon /E /H /K /O

These options:

  • Copy Everything
  • Including System/Hidden files
  • Preserve file/director attributes
  • Preserve file/directory permissions

May also need /C : continue on errors. On my Windows 11 system I found a junction loop:

  • C:\Users\Sharon\AppData\Local\Application Data -> C:\Users\Sharon\AppData\Local

which I had to remove with remdir to allow zcopy to proceed. 

cd C:\Users
ren Sharon Sharon.old
mklink /J C:\Users\Sharon D:\Users\Sharon

Here we create an NTFS junction to point from the original location to the new one.

Alternatively, see:

  • Move C:\Users\Sharon directory
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\<User SID>
  • Change ProfileImagePath to C:\Store\Sharon
  • Search/replace registry for old entries for C:\Users\Sharon

NTFS

Junction

Create a directory (/d option) symbolic link: 

mklink /D C:\Alias "C:\Original Data"

so now Alias can be referenced to access original data.

  • /h Creates a hard link instead of a symbolic link
  • /j Creates a director junction

To remove a symlink (not the target) to a directory use: 

rmdir Alias

Drive as a folder

diskpart
DISKPART> list volume

Note the volume number. 

DISKPART> select volume <volumenumber>
DISKPART> assign mount="C:\Users\John\Documents\NewDrive"
Retrieved from ‘https://www.smithnet.org.uk/wiki/index.php?title=Windows&oldid=671