DOS COMMANDS SYNTAX 6, TREASURE--> DOWNLOAD
| 101). MV = Copy in-use files... |
|---|
| (EXPLAIN - MV.exe) Move File - Copy a file to another location even if the file is in use (Locked) Syntax MV /x /d source destination Key The first file name is the file to be copied and the second the destination pathname. /d : does not copy the file until reboot time allows in-use files to be replaced /x : Prevents the default action that will otherwise create a folder called "deleted" containing a copy of the original file. Note that you must use a FULL pathname to each file. The NT resource kit contains 2 versions of MV.EXE - a posix version and a Windows NT version - they are not the same! The /d option is not available with the posix version of mv, but if you prefer, you can do a file replace at boot time by manually updating the registry (which is all MV.exe does) Start the registry editor (regedt32.exe not regedit.exe) Move to HKLM\SYSTEM\CurrentControlSet\Control\Session Manager Double click on PendingFileRenameOperations (if it does not exist - create of type multi_str ) On the first line is the name of the new file with \??\ in front, e.g. \??\d:\temp\ntfs.sys On the second line is the file to replaced with !\??\ in front, e.g. !\??\c:\winnt\system32\drivers\ntfs.sys Click OK So the complete Multi-String Data would appear like: \??\d:\temp\ntfs.sys !\??\c:\winnt\system32\drivers\ntfs.sys Once the reboot is complete and the file replaced the PendingFileRenameOperations value will be deleted from the registry |
| 102). NET = Manage network resources... |
|---|
| (EXPLAIN - NET.exe) The NET Command is used to manage network resources as follows: Manage Services NET START, STOP, PAUSE, CONTINUE Connect to a file/print Share (Drive Map) NET USE Manage file and printer shares NET SHARE, VIEW Manage open files and user sessions NET FILE, SESSIONS Manage Network Time NET TIME Manage Network Print jobs NET PRINT Security NET ACCOUNTS, USER, GROUP, LOCALGROUP Network Messaging NET NAME, SEND Help NET HELP, HELPMSG Network configuration NET COMPUTER, CONFIG_WORKSTATION, CONFIG_SERVER, STATISTICS_WORKSTATION, STATISTICS_SERVER When you use NET commands in a batch file, you can use the Y or N switch to unconditionally answer Yes or No to questions returned by the Net command |
| 103). NETDOM = Domain Manager... |
|---|
| (EXPLAIN - NETDOM.exe) Domain Manager - Manage Machine Accounts and Passwords. NetDom is available as part of the RSAT feature on a Windows 7 / 2008 R2 server (or by default, with the AD DS or AD LDS server roles.) Syntax NETDOM ADD Add a workstation or server account to the domain NETDOM COMPUTERNAME Manage computer names NETDOM HELP NETDOM JOIN Join a workstation or member server to the domain NETDOM MoveNT4BDC Rename an NT4 backup domain controller NETDOM MOVE Move a workstation or member server to a new domain NETDOM QUERY Query the domain for information NETDOM TRUST Manage or verify the trust relationship between domains NETDOM REMOVE Remove a workstation or server from the domain. NETDOM RENAMECOMPUTER Rename a computer. NETDOM RESETPWD Reset the machine account password for a domain controller NETDOM RESET Reset the secure connection between a workstation and a DC NETDOM VERIFY Verify the secure connection between a workstation and a DC Only use the version of netdom supplied for your operating system, an older version of the NETDOM utility is included with the Windows XP Support Tools. |
| 104). NETSH = Configure Network Interfaces, Windows Firewall & Remote access... |
|---|
| (EXPLAIN - NETSH (Network Shell) Configure Network Interfaces, Windows Firewall, Routing & remote access. Syntax NETSH [Context] [sub-Context] command Key The contexts and commands available vary by platform, the list below is for Windows 2008. Use interactive mode/help (described below) to check the commands available on your machine. = add - Add a configuration entry to a list of entries. netsh add helper - Install the specified helper DLL = advfirewall - Change the 'netsh advfirewall' context. netsh advfirewall consec ? - Display a list of commands. netsh advfirewall consec add - Add a new connection security rule. netsh advfirewall consec delete - Delete all matching connection security rules. netsh advfirewall consec dump - Display a configuration script. netsh advfirewall consec set - Set new values for properties of an existing rule. netsh advfirewall consec show - Display a specified connection security rule. netsh advfirewall dump Create a script that contains the current configuration. If saved to a file, this can be used to restore the configuration settings. netsh advfirewall export path\filename - Export the current policy to the specified file. netsh advfirewall import path\filename - Import policy from the specified file. netsh advfirewall firewall add - Add a new inbound or outbound firewall rule. netsh advfirewall firewall delete - Delete all matching inbound rules. netsh advfirewall firewall dump - Display a configuration script. netsh advfirewall firewall set - Set new values for properties of a existing rule. netsh advfirewall firewall show - Display a specified firewall rule. netsh advfirewall monitor delete - Delete all matching security associations. netsh advfirewall monitor dump - Display a configuration script. netsh advfirewall monitor show - Show all matching security associations. netsh advfirewall reset - Reset to factory settings (Firewall=ON) netsh advfirewall set allprofiles - Set properties in all profiles. netsh advfirewall set currentprofile - Set properties in the active profile. netsh advfirewall set domainprofile - Set properties in the domain profile. netsh advfirewall set global - Set the global properties. netsh advfirewall set privateprofile - Set properties in the private profile. netsh advfirewall set publicprofile - Set properties in the public profile. netsh advfirewall show allprofiles - Display properties for all profiles. netsh advfirewall show currentprofile - Display properties for the active profile. netsh advfirewall show domainprofile - Display properties for the domain properties. netsh advfirewall show global - Display the global properties. netsh advfirewall show privateprofile - Display properties for the private profile. netsh advfirewall show publicprofile - Display properties for the public profile. netsh advfirewall show store - Display the policy store for the current interactive session. =bridge - Change to the 'netsh bridge' context. netsh bridge dump - Display a configuration script. netsh bridge install - Install the component corresponding to the current context. netsh bridge set - Set configuration information. netsh bridge show - Display information. netsh bridge uninstall - Remove the component corresponding to the current context. =delete - Delete a configuration entry from a list of entries. netsh delete helper Remove the specified helper DLL from netsh. Note that after a helper is removed, it is no longer supported by netsh. =dhcpclient - Change to the 'netsh dhcpclient' context. netsh dhcpclient list - List all the commands available. netsh dhcpclient trace enable - Enable tracing for DHCP client and DHCP QEC. netsh dhcpclient trace disable - Disable tracing for DHCP client and DHCP QEC. =dump - Display a configuration script. netsh dump - Create a script that contains the current configuration. If saved to a file, this can be used to restore the configuration settings. =exec - Run a script file. exec - Load a script file and run it. =firewall - Change to the 'netsh firewall' context. netsh firewall add - Add firewall configuration. netsh firewall delete - Delete firewall configuration. netsh firewall dump - Display a configuration script. netsh firewall reset - Reset firewall configuration to default. netsh firewall set allowedprogram - Set firewall allowed program configuration. netsh firewall set icmpsetting - Set firewall ICMP configuration. netsh firewall set logging - Set firewall logging configuration. netsh firewall set multicastbroadcastresponse - Set firewall multicast/broadcast response configuration. netsh firewall set notifications - Set firewall notification configuration. netsh firewall set opmode - Set firewall operational configuration. netsh firewall set portopening - Set firewall port configuration. netsh firewall set service - Set firewall service configuration. netsh firewall show allowedprogram - Show firewall allowed program configuration. netsh firewall show config - Show firewall configuration. netsh firewall show currentprofile - Show current firewall profile. netsh firewall show icmpsetting - Show firewall ICMP configuration. netsh firewall show logging - Show firewall logging configuration. netsh firewall show multicastbroadcastresponse - Show firewall multicast/broadcast response configuration. netsh firewall show notifications - Show firewall notification configuration. netsh firewall show opmode - Show firewall operational configuration. netsh firewall show portopening - Show firewall port configuration. netsh firewall show service - Show firewall service configuration. netsh firewall show state - Show current firewall state. =help - Display a list of netsh commands. netsh help =http - Change to the 'netsh http' context. netsh http add - Add a configuration entry to a table. netsh http delete - Delete a configuration entry from a table. netsh http dump - Display a configuration script. netsh http flush - Flushe internal data. netsh http show - Display information. =interface - Change to the 'netsh interface' context. netsh interface 6to4 + Change to the 'netsh interface 6to4' context. netsh interface add - Add a configuration entry to a table. netsh interface delete - Delete a configuration entry from a table. netsh interface dump - Display a configuration script. netsh interface ipv4 + Change to the 'netsh interface ipv4' context. netsh interface ipv6 + Change to the 'netsh interface ipv6' context. netsh interface isatap + Change to the 'netsh interface isatap' context. netsh interface portproxy + Change to the 'netsh interface portproxy' context. netsh interface reset - Reset information. netsh interface set - Set configuration information. netsh interface show - Display information. netsh interface tcp + Change to the 'netsh interface tcp' context. netsh interface teredo + Change to the 'netsh interface teredo' context. The following sub-contexts are available: 6to4 ipv4 ipv6 isatap portproxy tcp teredo =ipsec - Change to the 'netsh ipsec' context. netsh ipsec dump - Display a configuration script. netsh ipsec dynamic add - Add policy, filter, and actions to SPD. netsh ipsec dynamic delete - Delete policy, filter, and actions from SPD. netsh ipsec dynamic dump - Display a configuration script. netsh ipsec dynamic set - Modifiy policy, filter, and actions in SPD. netsh ipsec dynamic show - Display policy, filter, and actions from SPD. netsh ipsec static add - Create new policies and related information. netsh ipsec static delete - Delete policies and related information. netsh ipsec static dump - Display a configuration script. netsh ipsec static exportpolicy - Export all the policies from the policy store. netsh ipsec static importpolicy - Import the policies from a file to the policy store. netsh ipsec static set - Modify existing policies and related information. netsh ipsec static show - Display details of policies and related information. =lan - Change to the 'netsh lan' context. netsh lan add - Add a configuration entry to a table. netsh lan delete - Delete a configuration entry from a table. netsh lan dump - Display a configuration script. netsh lan export - Save LAN profiles to XML files. netsh lan reconnect - Reconnect on an interface. netsh lan set - Configure settings on interfaces. netsh lan show - Display information. =nap - Change to the 'netsh nap' context. netsh nap client + Change to the 'netsh nap client' context. netsh nap dump - Display a configuration script. netsh nap hra + Change to the 'netsh nap hra' context. netsh nap reset - Reset configuration. netsh nap show - Show configuration and state information. =netio - Change to the 'netsh netio' context. netsh netio add - Add a configuration entry to a table. netsh netio delete - Delete a configuration entry from a table. netsh netio dump - Display a configuration script. netsh netio show - Display information. =ras - Change to the 'netsh ras' context. (Remote Access Server) netsh ras aaaa - Change to the 'netsh ras aaaa' context. netsh ras add - Add items to a table. netsh ras delete - Remove items from a table. netsh ras diagnostics - Change to the 'netsh ras diagnostics' context. netsh ras dump - Display a configuration script. netsh ras ip - Change to the 'netsh ras ip' context. netsh ras ipv6 - Change to the 'netsh ras ipv6' context. netsh ras set - Set configuration information. netsh ras show - Display information. =rpc - Change to the 'netsh rpc' context. (RPC firewall filter) netsh rpc add - Create an Add list of subnets. netsh rpc delete - Create a Delete list of subnets. netsh rpc dump - Display a configuration script. netsh rpc filter - Change to the 'netsh rpc filter' context. netsh rpc reset - Reset the selective binding settings to 'none' (listen on all interfaces). netsh rpc show - Display the selective binding state for each subnet on the system. =set - Update configuration settings on a remote machine. netsh set machine [name=] [user=][[DomainName\]UserName] [pwd=][Password | *] If a machine name is not specified, the local machine is used. A username and password cannot be used to connect to the local machine. =show - Display information. netsh show alias - List all defined aliases. netsh show helper - List all the top-level helpers. =winhttp - Change to the 'netsh winhttp' context. netsh winhttp dump - Display a configuration script. netsh winhttp import - Import WinHTTP proxy settings. netsh winhttp reset - Reset WinHTTP settings. netsh winhttp set - Configure WinHTTP settings. netsh winhttp show - Display currents settings. =winsock - Change to the 'netsh winsock' context. netsh winsock audit - Display a list of Winsock LSPs that have been installed and removed. netsh winsock dump - Display a configuration script. netsh winsock remove - Remove a Winsock LSP from the system. netsh winsock reset - Reset the Winsock Catalog to a clean state. netsh winsock show - Display information. netsh - Interactive mode In interactive mode, switch context by typing any context name: advfirewall, bridge, firewall, http, interface, ipsec.. etc list commands with ? exit interactive mode with Quit or Exit. To view help for any command, type the command, followed by a space and ? The syntax on this page is based on Windows 2008, for backwards compatibility with XP dns is an alias for dnsserver, ip is an alias for ipv4 Examples: Install ipmontr.dll: C:\> netsh advfirewall net add helper ipmontr.dll Export the fiewall policy: C:\> netsh advfirewall export "c:\advfirewallpolicy.wfw" Show TCP/IP settings C:\> netsh interface ip show config Set a static IP address (e.g. for a laptop) C:\> Netsh interface ip set address name="Local Area Connection" source=static addr=192.168.0.10 mask=255.255.255.0 gateway=192.168.0.1 gwmetric=1 Set a dynamic IP address with DHCP C:\> Netsh interface ip set address name="Local Area Connection" source=dhcp Add multiple DNS servers: C:\> Netsh interface ipv4 add dns "Local Area Connection" 10.0.0.1 C:\> Netsh interface ipv4 add dns "Local Area Connection" 10.0.0.3 index=2 index=2 adds the IP as a secondary dns server. Set a static DNS server address: C:\> Netsh interface ip set dns name="Local Area Connection" source=static addr=192.168.0.2 register=none Set a dynamic DNS server address with DHCP: C:\> netsh interface ip set dns name="Local Area Connection" source=dhcp Set a static address for the WINS server: C:\> Netsh interface ip set wins name="Local Area Connection" source=static addr=192.168.100.3 To configure WINS from DHCP: C:\> Netsh interface ip set wins name="Local Area Connection" source=dhcp Backup the local DHCP server configuration to a file: C:\> netsh dump dhcp > C:\backupDHCPconfig.dat You can use this backup file to recreate the DHCP server with Netsh . Work against a remote machine: C:\> netsh set machine server64 Backup the current network interface configuration to a file: C:\> netsh dump interface > c:\backupInterfaceConfig.dat Restore network interface configuration from a file: C:\> netsh exec c:\backupInterfaceConfig.dat Run Netsh from Powershell (returns a Text object you can manipulate) PS C:\> $myFWstate=netsh firewall show state PS C:\> $myFWstate -match "disable" Disable Network auto-tuning (certain routers and networking devices perform better with this off.) PS C:\> netsh interface tcp set global autotuning=disabled Enable Network auto-tuning (certain routers and networking devices perform better with this on.) PS C:\> netsh interface tcp set global autotuning=normal |
| 105). NETSVC Command-line Service Controller... |
|---|
| (EXPLAIN - NETSVC.exe) Command-line Service Controller. Start, Stop or Query running services. Syntax NETSVC \\server command servicename Key server The workstation or server where the service is running servicename The Name of the service, unlike the SC command this will accept either the DisplayName or the service name commands: /list Lists installed services. Omit servicename with this command. /query Query the status of a service. /start Start the specified service. /stop Stop the specified service. /pause Pause the specified service. /continue Restart a paused service. Arguments can be specified in any order: NETSVC /query \\Server299 "DHCP Client" NETSVC "DHCP Client" \\Server299 /query |
| 106). NBTSTAT = Display networking statistics (NetBIOS over TCP/IP)... |
|---|
| (EXPLAIN - NBTSTAT.exe) Display protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP). Syntax By Name NBTSTAT -a Remote_host_Name [options] [interval] By IP address NBTSTAT -A IP_address [options] [interval] Key -a (adapter status) List the remote machine's name table given its name -A (Adapter status) List the remote machine's name table given its IP address -c (cache) List NBT's cache of remote [machine] names and their IP addresses -n (names) List local NetBIOS names. -r (resolved) List names resolved by broadcast and via WINS -R (Reload) Purge and reloads the remote cache name table -S (Sessions) List sessions table with the destination IP addresses -s (sessions) List sessions table converting destination IP addresses to computer NETBIOS names. -RR (ReleaseRefresh) Send Name Release packets to WINS and then, starts Refresh interval Redisplay selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics. |
| 107). NETSTAT = Display networking statistics (TCP/IP)... |
|---|
| (EXPLAIN - NETSTAT.exe) Display current TCP/IP network connections and protocol statistics. Syntax NETSTAT [options] [-p protocol] [interval] Key -a Display All connections and listening ports. -e Display Ethernet statistics. (may be combined with -s) -n Display addresses and port numbers in Numerical form. -r Display the Routing table. -o Display the Owning process ID associated with each connection. -b Display the exe involved in creating each connection or listening port.* -v Verbose - use in conjunction with -b, to display the sequence of components involved for all executables. -p protocol Show only connections for the protocol specified; may be any of: TCP, UDP, TCPv6 or UDPv6. If used with the -s option then the following protocols may also be specified: IP, IPv6, ICMP,or ICMPv6. -s Display per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; (The v6 protocols are not available under 2k and NT4) The -p option may be used to display just a subset of these. interval Redisplay statistics, pausing interval seconds between each display. (default=once only) Press CTRL+C to stop. * Where available this will display the sequence of components involved in creating the connection or listening port. (Typically well-known executables which host multiple independent components.) This option will display the executable name in [ ] at the bottom, with the component it called on top, repeated until TCP/IP is reached. The -b option can be time-consuming and will fail unless you have sufficient permissions. |
| 108). NOW = Display the current Date and Time... |
|---|
| (EXPLAIN - NOW.exe) Display Message with current Date and Time Syntax NOW [message to be printed with time-stamp] Typical output: Mon Mar 06 14:58:48 2000 your message here |
| 109). NSLOOKUP = Name server lookup... |
|---|
| (EXPLAIN - NSLOOKUP (TCP/IP) Lookup IP addresses on a NameServer. Syntax Lookup the ip address of MyHost: NSLOOKUP [-option] MyHost Lookup ip address of MyHost on MyNameServer: NSLOOKUP [-option] MyHost MyNameServer Enter "command mode": NSLOOKUP Command Mode options: help or ? - print a list of Command Mode options exit or ^C - exit "command mode" set all - print options, current server and host finger [USER] - finger the optional NAME at the current default host MyHost - print ip address of MyHost MyHost MyNameServer - print ip address of MyHost on MyNameServer set [no]debug - print debugging info set [no]d2 - print exhaustive debugging info set domain=NAME - set default domain name to NAME set root=NAME - set root server to NAME root - set current default server to the root server NAME - set default server to NAME, using current default server lserver NAME - set default server to NAME, using initial server set srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2,... set retry=X - set number of retries to X set timeout=X - set initial time-out interval to X seconds set [no]defname - append domain name to each query set [no]recurse - ask for recursive answer to query set [no]search - use domain search list set [no]vc - always use a virtual circuit set class=X - set query class (for example, IN (Internet), ANY) set [no]msxfr - use MS fast zone transfer set ixfrver=X - current version to use in IXFR transfer request set type=X - set query type set querytype=X - set query type (e.g. A, ANY, CNAME, MX, NS, PTR, SOA, SRV) ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (and optionally output to FILE) -d - list all records -t TYPE - list records of the given Type (for example, A, CNAME, MX, NS, PTR, and so on) -a - list Aliases and canonical names. view FILE - sort an 'ls' output file and view it with pg Example: C:\> nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net |
| 110). NTBACKUP = Backup folders to tape... |
|---|
| (EXPLAIN - NTBACKUP) Backup to tape: drives, folders and the systemstate. Syntax: NTBACKUP backup [systemstate] "@bks file name" /J {"job name"} [options] [/SNAP:{on|off}] [/um] Options: systemstate Back up the System State data. This will also force the backup type to normal or copy. @bks file name The name of the backup selection file (.bks file). In WinXP the at (@) character must precede this name. A backup selection file contains information on the files and folders to be backed up. You have to create the file using the GUI version of NT Backup. /J {"job name"} The job name to be used in the log file Describe the files and folders and the backup date-time. /P {"pool name"} The media pool from which you want to use media. Usually a subpool of the Backup media pool, such as 4mm DDS. If you select this you cannot use /A, /G, /F, or /T /G {"guid name"} Overwrite or append to this tape. Don't use with a media Pool (/P). /T {"tape name"} Overwrite or append to this tape. Don't use with a media Pool (/P). /A Perform an append operation. Either "guid name" (/G) or "tape name" (/T) must be specified with this switch. Don't use with a media Pool (/P). /N {"media name"} The new tape name. Don't use with Append (/A). /F {"file name"} Backup to a file - logical disk path and file name. Do not use with the switches: /P /G /T. /D {"set description"} Label for each backup set /DS {"server name"} Back up the directory service file for MS Exchange 5.5 server. This is not needed/does not work with Exchange 2000 since Exchange 2000 uses Active Directory. /IS {"server name"} Back up the Information Store file for an MS Exchange 5.5 Server. /V:{yes|no} Verify the data after the backup is complete. /R:{yes|no} Restrict access to this tape to the Owner/AdministratorS /L:{f|s|n} The type of log file: f=full, s=summary, n=none /M {backup type} The backup type. One of: normal, copy, differential, incremental, or daily /RS:{yes|no} Backs up the migrated data files located in Remote Storage. The /RS command-line option is not required to back up the local Removable Storage database (that contains the Remote Storage placeholder files). When you backup the %systemroot% folder, Backup automatically backs up the Removable Storage database as well. /HC:{on|off} Use hardware compression, if available, on the tape drive. /SNAP:{on|off} Copy open/locked files, requires XP or 2003, creates a temporary snapshot for the volume shadow copy. /um (Windows 2000 only) Find the first available media, format it, and use for the current backup. Use with the /p switch to scan for available media pools. This command is only for standalone tape devices (not tape loaders.) The /UM switch must be at the end of the command line. NTBackup has a reputation for being clumsy and unreliable, Microsoft Data Protection Manager is a more robust solution for Windows backup and recovery. Third party and cross platform tools are also available: List of backup software NT Backup was discontinued in Windows Vista/Windows 7. |
| 111). NTRIGHTS = Edit user account rights... |
|---|
| (EXPLAIN - NTRIGHTS.exe 2000/2003) Edit user account Privileges. Syntax NTRIGHTS +r Right -u UserOrGroup [-m \\Computer] [-e Entry] NTRIGHTS -r Right -u UserOrGroup [-m \\Computer] [-e Entry] Key: +/-r Right Grant or revoke one of the rights listed below. -u UserOrGroup Who the rights are to be granted or revoked to. -m \\Computer The computer (machine) on which to perform the operation. The default is the local computer. -e Entry Add a text string 'Entry' to the computer's event log. Below are the Privileges that can be granted or revoked, all are Case-Sensitive. Logon Privileges: Log on as a batch job SeBatchLogonRight Deny logon as a batch job SeDenyBatchLogonRight Log on locally SeInteractiveLogonRight Deny local logon SeDenyInteractiveLogonRight Logon as a service SeServiceLogonRight Deny logon as a service SeDenyServiceLogonRight Access this Computer from the Network SeNetworkLogonRight Deny Access to this computer from the network SeDenyNetworkLogonRight Allow logon through Terminal Services SeRemoteInteractiveLogonRight (Not supported on Win 2000) Deny logon through Terminal Services SeDenyRemoteInteractiveLogonRight (Not supported on Win 2000) System Admin Privileges: Generate security audits SeAuditPrivilege Manage auditing and security log SeSecurityPrivilege Backup files and directories SeBackupPrivilege Add workstations to the domain SeMachineAccountPrivilege Shut down the system SeShutdownPrivilege Force shutdown from a remote system SeRemoteShutdownPrivilege Create a pagefile SeCreatePagefilePrivilege Increase quotas SeIncreaseQuotaPrivilege Restore files and directories SeRestorePrivilege Change the system time SeSystemTimePrivilege Manage the files on a volume SeManageVolumePrivilege (Win XP only) Take ownership of files/objects SeTakeOwnershipPrivilege Enable computer/user accounts to be trusted for delegation SeEnableDelegationPrivilege Remove computer from docking station SeUndockPrivilege Service Privileges: Create permanent shared objects SeCreatePermanentPrivilege Create a token object SeCreateTokenPrivilege Replace a process-level token SeAssignPrimaryTokenPrivilege Impersonate a client after authentication SeImpersonatePrivilege (Not supported on WinXP or earlier) Increase scheduling priority SeIncreaseBasePriorityPrivilege Act as part of the operating system SeTcbPrivilege Profile a single process SeProfileSingleProcessPrivilege Load and unload device drivers SeLoadDriverPrivilege Lock pages in memory SeLockMemoryPrivilege Create global objects SeCreateGlobalPrivilege (Not supported on Windows XP or earlier) Misc Privileges: Debug programs SeDebugPrivilege Bypass traverse checking SeChangeNotifyPrivilege Synch directory service data SeSyncAgentPrivilege Edit firmware environment values SeSystemEnvironmentPrivilege Profile system performance SeSystemProfilePrivilege Obsolete and unused SeUnsolicitedInputPrivilege (has no effect) To run ntrights you need to be an administrator, to change privileges remotely (-m option) you need to have administrator rights on the machine being changed. To change permissions for a large number of users, add them to a domain workgroup and grant the privileges to the group. The group policy editor can be used to view these privileges in a GUI. On a Windows 2008 Server (or Vista), allowing logon through Terminal Services (SeRemoteInteractiveLogonRight) requires an extra step: Control Panel > System > 'Remote Settings' > 'Select Users' button, and then add users/groups. Examples: Allow all members of the local 'Users' group to logon locally ntrights -u Users +r SeInteractiveLogonRight Allow all members of the 'Admin_RDP' group to logon remotely via RDP to "server64", also log this security change in the event log: ntrights -u MyDom\Admin_RDP +r SeRemoteInteractiveLogonRight -m \\server64 -e "Added RDP rights for Admin_RDP" Allow all members of the domain group 'Admin_General' to shutdown this computer. ntrights -u MyDom\Admin_General +r SeShutdownPrivilege Allow the domain user 'JDoe' to shutdown the machine 'Server64' ntrights -u MyDom\JDoe +r SeShutdownPrivilege -m \\Server64 Specifically deny local logon rights to Henry: ntrights -u Henry +r SeDenyInteractiveLogonRight |
| 112). OPENFILES = Query or display open files... |
|---|
| (EXPLAIN - OPENFILES.exe) Query or display open files, disconnect files opened by network users. Syntax Openfiles.exe /query [/s Computer [/u Domain\User [/p Password]]] [/fo {TABLE|LIST|CSV}] [/nh] [/v] Openfiles.exe /disconnect [/s Computer [/u Domain\User [/p Password]]] {[/id OpenFileID]|[/a UserName]|[/o OpenMode]} [/se SessionName] [/op OpenFileName] Key /s The name or IP address of a remote computer. (Do not use backslashes.) default=local computer. /u Run the command with the account permissions of user. Default=current logged on user. /p The password of the user account specified with /u. /fo The format to use for the query output. Valid values are TABLE, LIST, and CSV. Default=TABLE. /nh No column headers in the output. Valid only when /fo = TABLE or CSV. /id Disconnect the file opened with the specified numeric OpenFileID on computer Use openfiles.exe /query to learn the file ID. The wildcard (*) can be used to disconnect all open files on computer. /a Disconnect all open files that were accessed by user on computer. The wildcard (*) can be used to disconnect all open files on computer. /o Disconnect all open files with the specified OpenMode on the computer specified by the /s parameter. The OpenMode parameter includes the Read/Write and Read modes. The wildcard (*) can be used to disconnect all open files on computer. /se Disconnect all open files that were created by the specified session on computer. Wildcards (*) may be used. (the /se option is not available under Windows 7) /op Disconnect the open file that was created with the specified OpenFileName on computer The wildcard (*) can be used to disconnect all open files on computer. /v Display verbose information in the output. /? Help. Administrator privileges are required to run the OPENFILES command. This can be used to detect if the current user is an Admin OPENFILES > nul will set %ERRORLEVEL% = 1 if the user is not an administrator - see this forum thread. Running openfiles.exe from within powershell allows the output to be assigned to a variable. Examples PS C:\> openfiles /query PS C:\> openfiles /query /fo table /nh PS C:\> $file_list = openfiles /query /s Server64 /fo CSV /v /nh C:\> openfiles /query /fo list /v C:\> openfiles /query /s Server64 /u SS64Dom\FileAdmin /p password1 PS C:\> openfiles /disconnect /id 1 PS C:\> openfiles /disconnect /a mike C:\> openfiles /disconnect /o read/write C:\> openfiles /disconnect /op "c:\work\finance.xls" C:\> openfiles /disconnect /s Server64 /u SS64Dom\FileAdmin /id 5 C:\> openfiles /disconnect /s Server64 /u SS64Dom\FileAdmin /p password1 /id * |
| 113). PATH = Display or set a search path for executable files... |
|---|
| (EXPLAIN - PATH) Display or set a search path for executable files Syntax PATH pathname [;pathname] [;pathname] [;pathname]... PATH PATH ; Key pathname : drive letter and/or folder ; : the command 'PATH ;' will clear the path PATH without parameters will display the current path. The %PATH% environment variable contains a list of folders. When a command is issued at the CMD prompt, the operating system will first look for an executable file in the current folder, if not found it will scan %PATH% to find it. Use the PATH command to display or change the list of folders stored in the %PATH% environment variable. To view each item on a single line use this: for %G in ("%path:;=" "%") do @echo %G Or in a batch file: for %%G in ("%path:;=" "%") do @echo %%G To add items to the current path, include %PATH% in your new setting. For Example: PATH=%PATH%;C:\Program Files\My Application Note you do not need to surround each part of the path with double quotes, PATH will always treat spaces as part of the filename. Permanent Changes Changes made using the PATH command are NOT permanent, they apply to the current CMD prompt only and remain only until the CMD window is closed. T o permanently change the PATH use Control Panel, System, Environment, System Variables Control Panel, System, Environment, User Variables The %PATH% variable is set as both a system and user variable, the 2 values are combined to give the PATH for the currently logged in user. This is explained in full by MS Product Support Article Q100843 Be wary of using commands like SETX to modify the PATH - the User path can be edited, but the System path remains read-only for most users. If you try to delete an old value and add a new one it is very common for the 'delete' to fail and the 'add' to succeed, resulting in duplicate values being added to the path. If you are trying to modify the path to add settings for a single application, a reasonably safe method is to use a second variable: e.g. SetX MYAPP "C:\Program Files\My App" -m Now include your new variable in the path like so ...C:\Windows\system32;%MYAPP% You can now easily change that one variable %MYAPP% at any time in the future and the PATH will reflect the new value. (I)Changing a variable in the Control Panel will not affect any CMD prompt that is already open, only new CMD prompts will get the new setting. (II)To change a system variable you must have administrator rights (III)If your system has an AUTOEXEC.BAT file then any PATH setting in AUTOEXEC.BAT will also be appended to the %PATH% environment variable. This is to provide compatibility with old installation routines which need to set the PATH. All other commands in AUTOEXEC.BAT are ignored. Terminology For a file stored as: C:\Program Files\Adobe\Acrobat.exe The Drive is: C: The Filename is: Acrobat.exe The Path is: \Program Files\Adobe\ The Pathname is: \Program Files\Adobe\Acrobat.exe The Full Pathname is C:\Program Files\Adobe\Acrobat.exe |
| 114). PATHPING = Trace route plus network latency and packet loss... |
|---|
| (EXPLAIN - PATHPING) Trace route and provide network latency and packet loss for each router and link in the path. Combines the functionality of PING and TRACERT. Syntax PATHPING [-n] [-h max_hops] [-g host_list] [-p period] [-q num_queries] [-w timeout] [-i IPAddress] [-4 ] [-6 ][TargetName] Key -g host_list - Loose source route along host-list. -h max_hops - Maximum number of hops to search for target. -i address - Use the specified source address. -n - Do not resolve addresses to hostnames. -p period - Wait period milliseconds between pings. -q num_queries - Number of queries per hop. -w timeout - Wait timeout milliseconds for each reply. -P - Test for RSVP PATH connectivity. -R - Test if each hop is RSVP aware. -T - Test connectivity to each hop with Layer-2 priority tags. -4 - Force using IPv4. -6 - Force using IPv6. Pathping is invaluable for determining which routers or subnets may be having network problems - it displays the degree of packet loss at any given router or link. Pathping sends multiple Echo Request messages to each router between a source and destination over a period of time and computes aggregate results based on the packets returned from each router. Pathping performs the equivalent of the tracert command by identifying which routers are on the path. To avoid network congestion and to minimize the effect of burst losses, pings should be sent at a sufficiently slow pace (not too frequently.) When -p is specified, pings are sent individually to each intermediate hop. When -w is specified, multiple pings can be sent in parallel. It's therefore possible to choose a Timeout parameter that is less than the wait Period * Number of hops. Firewalls Like tracert PathPing uses Internet Control Message Protocol (ICMP) over TCP/IP. Many firewalls will block ICMP traffic by default. If an attacker is able to forge ICMP redirect packets, he or she can alter the routing tables on the host and possibly subvert the security of the host by causing traffic to flow via a path you didn't intend. |
| 115). PAUSE = Suspend processing of a batch file and display a message... |
|---|
| (EXPLAIN - PAUSE) Pause the execution of a batch file Syntax PAUSE Displays the message "Press any key to continue . . ." To suppress the message use PAUSE >nul |
| 116). PERMS = Show permissions for a user... |
|---|
| (EXPLAIN - PERMS.exe (Windows 2000) Display a user’s ACL access permissions for a file. Output from PERMS may be misleading in cases where a user has inherited permission through membership of a workgroup. Syntax PERMS [account] [path] options Key account : username or [domain\|computer\]username path : name of a file or folder in any legal format including UNC names Wildcards are permitted. /i : interactively logged on to the computer where the path resides. (rather than being connected via the network) /s : include subfolders Access Description R Read file/folder. W Write file/folder. X Execute file. D Delete file or folder. May be inherited from the parent folder via 'Delete Subfolder and Files' permission. P Change Permission. O Take Ownership. A General All - No Access * The specified user is the owner of the file or folder. # A group the user is a member of owns the file or folder. ? Permisssions cannot be determined. |
| 117). PERFMON = Performance Monitor... |
|---|
| (EXPLAIN - TypePerf.exe) Write performance data to the command window or to a log file.To stop Typeperf, press CTRL+C. Syntax typeperf counter [counter ...] [options] typeperf -cf filename [options] typeperf -q [object] [options] typeperf -qx [object] [options] Key counter The Performance counters to monitor. -f {CSV|TSV|BIN|SQL} Output file format. Default is CSV. -cf filename File containing performance counters to monitor, one per line. -si [[hh:]mm:]ss Time between samples. Default is 1 second. -o filename Path of output file or SQL database. Default is STDOUT. -q [object] List installed counters (no instances). To list counters for one object, include the object name, such as Processor. -qx [object] List installed counters with instances. To list counters for one object, include the object name, such as Processor. -sc samples Number of samples to collect. Default is to sample until CTRL+C. -config filename Settings file containing command options. -s computer_name Server to monitor if no server is specified in the counter path. -y Answer yes to all questions without prompting. -? Display context sensitive help. Counter is the full name of a performance counter in the format:"\\Computer\Object(Instance)\Counter" e.g. "\\Server1\Processor(0)\% User Time". Examples Display % Processor time until interrupted: C:\> typeperf "\Processor(_Total)\% Processor Time" Gather 600 samples of % Processor time on the local computer (this will take 10 minutes): C:\> typeperf "\processor(_Total)\% Processor Time" -O C:\SS64demo1.csv -SC 600 Gather samples of all the counters listed in counters.txt : C:\> typeperf -cf counters.txt -si 5 -sc 50 -o C:\SS64demo2.csv |
| 118). PING = Test a network connection... |
|---|
| (EXPLAIN - PING) Test a network connection - if successful, ping returns the ip address. Syntax PING [options] destination_host Options -w timeout Timeout in milliseconds to wait for each reply. -i TTL Time To Live. -v TOS Type Of Service. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -t Ping the destination host until interrupted. To see statistics and continue type Control-Break; To stop type Control-C. -l size Send buffer size. -f Set Don't Fragment flag in packet (IPv4-only). -r count Record route for count hops (IPv4-only). -s count Timestamp for count hops (IPv4-only). -j host_list Loose source route along host_list (IPv4-only). -k host_list Strict source route along host_list (IPv4-only). destination_host The name of the remote host -R Use routing header to test reverse route also (IPv6-only). -S srcaddr Source address to use. -4 Force using IPv4. -6 Force using IPv6. A response of "Request timed out" means there was no response to the ping attempt in the default time period of one second. If the latency of the response is more than one second. Use the -w option on the ping command to increase the time-out. For example, to allow responses within five seconds, use ping -w 5000. The IPv6 options are only available on versions of Windows that support IPv6, e.g. Windows 7 /2008 A successful PING does NOT always return an %errorlevel% == 0 Therefore to reliably detect a successful ping - pipe the output into FIND and look for the text "TTL" Note that "Reply" in the output of PING does not always indicate a positive response. You may receive a message from a router such as: Reply from 192.168.1.254: Destination Net Unreachable. Four steps to test an IP connection with ping: 1) Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer. PING 127.0.0.1 2) Ping the IP address of the local computer to verify that it was added to the network correctly. PING IP_address_of_local_host 3) Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network. PING IP_address_of_default_gateway 4) Ping the IP address of a remote host to verify that you can communicate through a router. PING IP_address_of_remote_host Examples Ping a server just once: PING -n 1 Server64 Check if a host is reachable: PING Server64 |find "TTL=" && ECHO MyHost found Check if a host is not reachable: PING Server64 |find "TTL=" || ECHO MyHost not found Test which iSCSI IP on a specific NIC is functioning or if a specific teamed NIC is operating as it should: Ping –S (Source IP: XXX.XXX.XXX.XXX) (Destination IP: XXX.XXX.XXX.XXX) Ping –S 10.5.7.64 10.5.7.1 Ping a website 5 times: PING -n 5 -w 7500 www.microsoft.com Script to monitor your connection to a website (example.com) every 15 seconds: @Echo off Echo Logging ping responses, press CTRL-C to stop :start Ping -n 1 example.com | find "TTL=" >>c:\pingtest.txt Echo . Ping -n 16 127.0.0.1>nul goto start The script above can be used to test an Internet connection, just replace example.com with your ISP's Default Gateway IP address. This represents the first physical device on the ISP's side of your connection. You can find the Default Gateway on your router status screen. Note: some ISP’s or network admins may not appreciate you performing frequent or continual pings to their server, try not to overdo it! PING is named after the sound that a sonar makes. Ping response times below 10 milliseconds often have low accuracy. A time of 10 milliseconds is roughly equal to a distance of 930 Miles, travelling a straight line route at the speed of light. |
| 119). POPD = Restore the previous value of the current directory saved by PUSHD... |
|---|
| (EXPLAIN - POPD) Change directory back to the path/folder most recently stored by the PUSHD command. POPD will also remove any temporary drive maps created by PUSHD Syntax POPD Example c:\Program Files> PUSHD c:\utils c:\utils> PUSHD c:\WINNT c:\Winnt> c:\Winnt> POPD c:\utils> c:\utils> POPD c:\Program Files> If Command Extensions are disabled PUSHD and POPD will not create temporary drive letters. |
| 120). PORTQRY = Display the status of ports and services... |
|---|
| (EXPLAIN - PORTQRY) Port Query - Display the status of TCP and UDP ports, troubleshoot TCP/IP connectivity and security, return LDAP base query info, SMTP, POP3, IMAP4 status, enumerate SQL Server instances (UDP port 1434), Local ports, local services running (and the DLL modules loaded by each). Portqry.exe can query a single port, a list of several ports, or a sequential range of port numbers. Syntax The 3 modes are listed below: Command line, Local and Interactive mode. Command line mode: portqry -n name_to_query [-p protocol] [-e | -r | -o endpoint(s)] [other options] Command line mode options: -n [name_to_query] IP address or name of system to query -p [protocol] TCP or UDP or BOTH (default is TCP) -e [endpoint] Single Port to query (valid range: 1-65535) -r [end point range] Range of ports to query (start:end) -o [end point order] Range of ports to query in an order (x,y,z) -l [logfile] Output a log file -y Overwrite existing log file without prompting -sp [source port] Initial source port to use for query -sl 'slow link delay' Wait longer for UDP replies from remote systems -nr By-pass default IP address-to-name resolution ignored unless an IP address is specified after -n -cn Specify SNMP community name for query ignored unless querying an SNMP port must be delimited with ! -q 'Quiet' operation runs with no output returns 0 if port is listening returns 1 if port is not listening returns 2 if port is listening or filtered Local Mode: Local Mode gives detailed data on local system's ports portqry -local [-wt seconds] [-l logfile] [-v] portqry -wpid pid [-wt seconds] [-l logfile] [-v] portqry -wport port [-wt seconds] [-l logfile] [-v] Local mode options: -local Enumerate local port usage, port to process mapping, service port usage, and list loaded modules -wport [port_number] Watch the specified port report when the port's connection status changes -wpid [process_ID] Watch the specified process ID (PID) report when the PID's connection status changes -wt [seconds] Watch time option specify how often to check for status changes valid range: 1 - 1200 seconds (default = 60 secs) -l [logfile] Log file to create -v Verbose output Interactive Mode: An alternative to command line mode portqry -i [-options] For help with -i run portqry.exe and then type 'help' Examples portqry -local portqry -local -l MyLogFile.txt -v portqry -wpid 1272 -wt 5 -l MyLogFile.txt -y -v portqry -wport 53 -l dnslog.txt portqry -n myserver.com -e 25 portqry -n 10.0.0.1 -e 53 -p UDP -i portqry -n host1.dev.reskit.com -r 21:445 portqry -n 10.0.0.1 -o 25,445,1024 -p both -sp 53 portqry -n host2 -cn !my community name! -e 161 -p udp Notes PortQry runs on Windows 2000 and later systems For best results run local commands in the context of local administrator. Port to process mapping may not be available on all systems. Defaults: TCP, port 80, no log file, slow link delay off Hit Ctrl-C to terminate prematurely. |
No comments:
Post a Comment