These are collected for my own reference and should not be taken as complete or entered without some understanding of the ramifications.
Where possible, I’ve included my source of info, which should be referenced for more context. In most cases, the CMD version works in PS; PS commands will not work in CMD
Have a suggestion? Send it to tips@ajones.xyz and check back soon.
This space reserved for contributors requesting general credit, which is happily given!
ctrl+shift+enter to run as admin (usually works)
Sometimes requires shift-rightClick - Run as another user (then use admin)
defrag [volume] /A /U /V
defrag [volume] /D /U /V
defrag /C
F7 for interactive display of history
F8 for in-line selection
takeown /f x:\path\to\file /r /d y
takeown /f x:\path\to\file /a /r /d y
Current user takes ownership of the folder and contents / Administrators group takes ownership of the folder and contents
icacls \\path\to\file /grant "domain\user":[permission level] /t
icacls c:\tmp\note.csv /grant "HQ\ajones":M
icacls C:\temp\notesdir /setowner "hq\ajones" /t
Recursively takes ownership of the directory notesdir
(echo line1
echo line2
echo line3
.
.
.
) > x:\path\to\file.txt
wmic qfe list
wusa /uninstall /kb:#######
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > C:\temp\sfc_result.txt
...cbs.log | more
c:\windows\system32\w32tm.exe /query /status
c:\windows\system32\w32tm.exe /query /configuration
c:\windows\system32\w32tm.exe /query /source
c:\windows\system32\w32tm.exe /stripchart /computer:remote.time.server.tld
c:\windows\system32\w32tm.exe /config /syncfromflags:manual /manualpeerlist:"pool.ntp.org time.nist.gov" /reliable:yes /update
net stop w32time
net start w32time
w32tm /resync /force
pnputil -e
pnputil -f -d xxxxx.info
gpupdate /force
gpupdate /force /target:user
gpupdate /force /target:computer
gpresult /r
gpresult /r /user Username
gpresult /r /s [Hostname|IP]
gpresult /r /scope:[user|computer]
qwinsta
query user
dcdiag /c /v /f:c:\temp\dcdiag_result.TXT
echo %logonserver%
rundll32 printui.dll PrintUIEntry /ga /n "\\path\to\printer"
runas /user:administrator@domain.tld /noprofile cmd.exe
cscript "%Programfiles%\Microsoft Office\Office16\OSPP.VBS" /dstatus
cscript "%Programfiles%\Microsoft Office\Office16\OSPP.VBS" /unpkey:<key>
echo %COMPUTERNAME%.%USERDNSDOMAIN%
cscript [path\to\script] [/script options]
cscript c:\windows\system32\slmgr.vbs /xpr
slmgr.vbs /ipk [windows-key-here]
slmgr.vbs /ato
slgmr.vbs /xpr
slui [1|2|3|4]
slui 3
query user /server:[hostname/ip]
logoff [sessionID]
systeminfo[.exe] [/s Computer [/u Domain\User [/p Password]]] [/fo {TABLE|LIST|CSV}] [/nh]
Where: - /fo { TABLE | LIST | CSV }
- Specifies the format to use for the output. Valid values are TABLE, LIST, and CSV. The default format for output is LIST.
- /nh
- Suppresses column headers in the output. Valid when the /fo parameter is set to TABLE or CSV
wmic path softwarelicensingservice get OA3xOriginalProductKey
netsh -r (hostname/ip) interface ipv4 show interfaces
wmic nic get Name,NetConnectionID,MACAddress
ipconfig /release [adapter name]
wmic bios get serialnumber
wmic product get name,version
net [start,stop] servicename
net start nagios
sc.exe config servicename start=disabled [disabled,auto,delayed-auto,demand(='manual')]
sc.exe delete servicename
sc query type= service
wmic service list config
taskkill /f /im [processname.exe]
taskkill /f /im notepad.exe
taskkill /pid 1223 /pid 1224
** NB - normal password change warnings apply! Encrypted content no longer accessible, saved credentials gone, etc. **
mv ./sethc.exe ./sethc.exe.bak
)cp ./cmd.exe ./sethc.exe
)cd ~ ; umount /dev/sda1
)net user <username> *
net user administrator /active:yes
net user [username]
net user [username] /domain
nb; active: yes means unlocked.
net accounts
net accounts /domain
net user [username] * /add
net localgroup administrators [username] /add
net user administrator /active:yes
wmic useraccount where “Name='username'” set PasswordExpires=false
netstat -nbp [tcp|udp|tcp6|ICMP|ICMPv6]
diskpart
select volume [volume letter or number]
remove letter [letter]
diskpart
select volume [volume number]
assign letter [volume letter]
nslookup [name] [server]
nslookup -type=[record type] [name] [server]
nslookup -type=mx google.com 75.75.75.75
nslookup -debug host.site.tld
route ADD [networkIP] MASK [subnetmask] [gatewayIP]
route ADD 192.168.30.0 MASK 255.255.255.0 192.169.20.2
route -p ADD [ip] MASK [mask] [gateway]
route delete [networkIP]
route delete 192.168.30.0
fsutil file createnew \path\to\file.txt [size in bytes]
fsutil file createnew c:\temp\testfile.txt 2000000
update: read-host doesn’t work correctly in a copy-paste block. This is useful as a script or if pasted per-line, but would be better rewritten as a function with mandatory parameters
$name = read-host -prompt "Files basename?"
$count = read-host -prompt "Number of empty files?"
$size = read-host -prompt "Size of each file in b?"
if ($size -gt 50000){
$size = 50000
}
if ($count -gt 20){
$count = 20
}
for ($num=1; $num -le $count; $num++) {
fsutil file createnew $name$num $size
}
wmic diskdrive get /all /format:list
./psexec.exe \\[remotecomputername] "C:\path\to\remote\file"
schtasks /query /v /fo list [/u [domain\]user /p password]
schtasks /query /fo list /v | find "some string to match"
schtasks /query /fo list /v | select-string "some string to match"
schtasks /delete /tn [name of task] /f
schtasks /create /tn reboot_once /tr "c:\windows\system32\shutdown.exe /r /t 60" /sc once /st 23:59 /rl highest /np /sd "02/22/2019"
schtasks /create /tn no_screenlock /tr "c:\temp\capslock.vbs" /sc minute /np
net use [driveletter]: \\path\to\file /persistent:Yes
net use S: \\contoso-FS01\Scandocs /persistent:Yes
@echo off
net use S: \\contoso-FS01\Scandocs
exit
net use X: \\Path /user:domain.local\username * /persistent:[Yes|No]
net use
net share
reg query path\to\key
reg query hklm\software\microsoft\windows
reg export keyname filename
reg export hklm\software\sonicewall c:\users\username\desktop\file.reg
reg add key /v valuename /t datatype /d data
reg add HKLM\Software\Somename /v DataVal /t REG_DWORD /d 10010
netsh interface show interface
netsh interface ipv4 add dnsserver "interfacename" address=xxx.xxx.xxx.xxx index=#
netsh interface ip set dns "InterfaceName" static 123.123.123.123
netsh interface ip set [dns|address] "InterfaceName" dhcp
netsh [command [sub-command]] /?
netsh interface show interface
netsh inteface ipv4 show ipstats
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow [ remoteip=ip1,ip2 ]
netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow [remoteip=ip1,ip2 ]
netsh advfirewall firewall add rule name="allow_inbound_TCP_port_12345" protocol=TCP dir=in localport=12345 action=allow remoteip=127.0.0.1 profile=Domain
net stats workstation
(c:\windows\system32\) systeminfo.exe | find "Time:"
driverquery /v /fo list
"%~dp0"
"%~f0"
dism.exe /online /cleanup-image /checkhealth
dism.exe /online /cleanup-image /scanhealth
dism.exe /online /cleanup-image /restorehealth
dism.exe /online /cleanup-image /restorehealth /source:d:\path\to\source\windows
control.exe
control.exe printers
control.exe /name canonical.name
control.exe /name microsoft.networkandsharingcenter
get-controlpanelitem
show-controlpanelitem [item]
show-controlpanelitem mail*
Get-WmiObject Win32_OperatingSystem | Select-Object LastBootUpTime
systeminfo.exe | select-string "Time:"
get-rdusersession
while (1) {command | out-host;sleep 5;clear}
for ($i=1; $i -le 10; $i++) {do something}
measure-command {command goes here}
measure-command {get-childitem}
measure-command {command|out-default}
out-default
Outputs result to terminal as well as giving the measurement metricsget-childitem | measure-object -sum length
Get-ChildItem -Path . -Recurse| ? {$_.LastWriteTime -gt (Get-Date).AddDays(-3)}
history
invoke-history [command index]
get-history
, invoke-history
can referenced by alias ‘ihy’some command | ft property1,property2
some command | fl property1, property2
Id : 12480 Handles : 795 CPU : 47.203125 SI : 1 Name : Zoom
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName 795 111 45084 10176 47.36 12480 1 Zoom
repair-windowsimage -checkhealth
repair-windowsimage -scanhealth
repair-windowsimage -restorehealth
[some command] | select-string -pattern SearchString -context 2,4
get-smbshare
$usersid = (User's SID identifier here. Use gci hku:\ for possible matches)
get-childitem -path HKCU:\$usersid\
get-process [ProcessName]
get-process Notepad
ps Notepad
get-process -computername [name or ip] | sort-object [object] -descending[/ascending]
powershell "(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey"
Get-WmiObject win32_service | ?{$_.Name -like '*searchstring_omit-to-list-all*'} | select Name, DisplayName, State, PathName
get-service
Enter-PSSession Server01 (may work by name only)
exit-pssession
(get-item "HKLM:\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters")
Get-VM
Get-VM -name [VMGuestName]
Get-VM -ComputerName [VMHostName]
PS C:\> Restart-Computer -ComputerName Server01
get-netadapter -name * -cimsession <computername>
get-netadapter -name * -cimsession <computername>
Get-WmiObject Win32_VideoController | Select description,driverversion
$Path = 'HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*'
Get-ItemProperty -Path $Path | Select-Object -Property FriendlyName, CompatibleIDs, Mfg
get-itemproperty -path HKLM:\System\CurrentControlSet\Services\* | select-object -Property ImagePath > path/to/file
* filename (date)created: MM/DD/YYYY (date)modified: MM/DD/YYYY size: GB,MB,KB Operators: < > = <= >= <>
Get-psdrive C
Get-psdrive C | select-object free,used
Get-psdrive -psprovider 'filesystem'
gdr -psprovider 'filesystem'
Get-PhysicalDisk
Get-PhysicalDisk –FriendlyName PhysicalDisk1 | Get-StorageReliabilityCounter
Get-PhysicalDisk | Get-StorageReliabilityCounter | ft deviceid,temperature,wear
Get-PhysicalDisk | Sort Size | FT FriendlyName, Size, MediaType, SpindleSpeed, HealthStatus, OperationalStatus -AutoSize
$cabfiles= get-childitem c:\windows\temp | where-object {$_.name -like "CAB_*" AND $_.lastwritetime -lt (Get-Date).adddays(-10)}
$url = Read-Host -Prompt "Enter Url to Search"
start-process "chrome.exe" "https://www.urlscan.io","https://whois.icann.org/en/lookup?name=$url","https://toolbox.googleapps.com/apps/dig/#ANY/$url","https://transparencyreport.google.com/safe-browsing/search?url=$url", '--profile-directory="Guest"'
stop-process -name <string>
get-filehash -algorithm [md5,sha256,etc] file
(get-filehash ...).hash
(get-filehash -algorithm sha256 testfile.txt).hash
diff (cat file1) (cat file2)
diff
is alias of compare-object
and cat
is alias of get-content
get-content path\to\file -tail 20 -wait
get-content path\to\file | select-object -last 20
do-something | output-gridview
do-something | ogv
Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}
powershell –ExecutionPolicy Bypass
Install-Module PowershellGet -Force
Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -userprinciplename [user@domain.tld]
----------------------------------------------------------------------------
We have released new management cmdlets which are faster and more reliable.
|--------------------------------------------------------------------------|
| Old Cmdlets | New/Reliable/Faster Cmdlets |
|--------------------------------------------------------------------------|
| Get-CASMailbox | Get-EXOCASMailbox |
| Get-Mailbox | Get-EXOMailbox |
| Get-MailboxFolderPermission | Get-EXOMailboxFolderPermission |
| Get-MailboxFolderStatistics | Get-EXOMailboxFolderStatistics |
| Get-MailboxPermission | Get-EXOMailboxPermission |
| Get-MailboxStatistics | Get-EXOMailboxStatistics |
| Get-MobileDeviceStatistics | Get-EXOMobileDeviceStatistics |
| Get-Recipient | Get-EXORecipient |
| Get-RecipientPermission | Get-EXORecipientPermission |
|--------------------------------------------------------------------------|
To get additional information, run: Get-Help Connect-ExchangeOnline
Please send your feedback and suggestions to exocmdletpreview@service.microsoft.com
----------------------------------------------------------------------------
// — do things — //
disconnect-exchangeonline
Get-MailboxFolderPermission username:\calendar
Get-Mailbox –database mbxdbname| ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRights
Add-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights Editor
Get-Mailbox –database mbxdbname | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}
Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar –user user2@domain.com
Get-Mailbox -Filter {recipienttypedetails -eq "SharedMailbox"} | Set-Mailbox -HiddenFromAddressListsEnabled $true
get-inboxrule -mailbox user@domain.com -IncludeHidden | select -property * > \\path\to\file.txt
get-mailbox -resultsize unlimited |
foreach {
Write-Verbose "Checking $($_.alias)..." -Verbose
$inboxrule = get-inboxrule -Mailbox $_.alias
if ($inboxrule) {
foreach($rule in $inboxrule){
[PSCustomObject]@{
Mailbox = $_.alias
Rulename = $rule.name
Rulepriority = $rule.priority
Ruledescription = $rule.description
}
}
}
} |
Export-csv "$env:userprofile\desktop\export.csv" -NoTypeInformation
Get-MailboxFolderStatistics <username> -FolderScope RecoverableItems | FL Name,FolderAndSubfolderSize,ItemsInFolderAndSubfolders
Get-MailboxFolderStatistics <username> -FolderScope RecoverableItems -Archive | FL Name,FolderAndSubfolderSize,ItemsInFolderAndSubfolders
Enable-Mailbox <user mailbox> -AutoExpandingArchive
Set-OrganizationConfig -AutoExpandingArchive
Get-Mailbox <user mailbox> | FL AutoExpandingArchiveEnabled
start-managedfolderassistant -identity "user@domain.tld"
Export-MailboxDiagnosticLogs -Identity _mailboxname_ -ExtendedProperties
, then review the “elcLastSuccessTimestamp” value. All of the elc* tags correspond to MFA.[1][2]get-mailbox -recipienttypedetails usermailbox
Get-MailboxFolderStatistics -identity $userName -IncludeOldestAndNewestItems -folderscope Inbox | ft folderpath,oldestitemreceiveddate
get-mailboxfolderstatistics -identity $userName | ft name,folderpath,itemsinfolder,folderandsubfoldersize,archivepolicy
get-publicfolder -Identity "\" -Recurse
get-mailboxjunkemailconfiguration -identity "user"
get-mailbox -recipienttypedetails usermailbox | get-mailboxjunkemailconfiguration | export-csv -path \\path\to\file
set-organizationconfig -OAuth2ClientProfileEnabled $True
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
Invoke-WebRequest -Uri [URL] -OutFile [OutputDestFile]
wget
is an alias for invoke-webrequestresolve-dnsname -name [hostname] -server [lookupserver]
resolve-dnsname -name [hostname] -type [ALL;A;TXT;MX;CNAME;PTR;NS;SOA;...etc]
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[xml]$somevar = get-content path\to\xml
OR
[xml]$somevar = wget (get-webrequest) url/to/xml/data
$somevar.nodeParent.nodeChild.nodeGrandchild
$somevar.dot.path.valuewithattribute.'#text' (read #text value from node that also has an attribute)
$hash = @{}
$hash["<key>"]= "<value>"
$hash.clear()
$objSID = New-Object System.Security.Principal.SecurityIdentifier ("ENTER-SID-HERE")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value
As one line:
([System.Security.Principal.SecurityIdentifier]("PUT-SID-HERE")).Translate([System.Security.Principal.NTAccount]).Value
do-thing | tee-object -filepath "\\path\to\file.txt" | do-more-things
Get-MessageTrace -SenderAddress john@contoso.com -StartDate 06/13/2018 -EndDate 06/15/2018
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("path\to\file").FileVersion
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("c:\windows\system32\TSpkg.dll").FileVersion
test-netconnection -informationlevel "Detailed" -computername "$hostnameOrIP" -port $portNum
Import-Module ActiveDirectory
Get-ADUser -identity AccountName
Get-ADUser GlenJohn -Properties * (return properties for user GlenJohn)
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" (return all users in the fabricam.com/UserAccounts/Finance OU)
get-aduser -filter ('Name -like '*fuzzyname*') | fl Name,UserPrincipalName
get-aduser -filter * -properties passwordlastset,passwordneverexpires | ft name,passwordlastset,passwordneverexpires
$name=read-host -prompt "Look up what name?"
get-aduser -filter ("Name -like '*$name*'")
pause
[-AuthType
Set-ADAccountPassword -Identity EvanNa
Please enter the *current* password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:**********
Please enter the *desired* password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:***********
Repeat Password:***********
get-localuser
set-localuser
[-AccountExpires <DateTime>]
[-AccountNeverExpires]
[-Description <String>]
[-FullName <String>]
[-Name] <String>]
[-Password <SecureString>]
[-PasswordNeverExpires <Boolean>]
[-UserMayChangePassword <Boolean>]
[-WhatIf]
[-Confirm]
rename-localuser
new-localuser
remove-localuser
Get-LocalGroupMember -Group "Administrators"
Add-LocalGroupMember -Group "Administrators" -Member "userName"
Import-Module Activedirectory
get-adcomputer -filter * -properties * | FT Name,LastLogonDate | Clip
get-adcomputer -filter * -properties * | where-object {$_.lastlogondate -gt (get-date).adddays(-90)} |FT Name,LastLogonDate
get-adcomputer -identity HOSTNAME [-properties *]
Left(name):
=LEFT(A4,FIND(" ",A4)-1)
Right(lastlogondate):
=TRIM(RIGHT(A4,LEN(A4)-LEN(B4)))
import-module activedirectory
search-adaccount -lockedout
search-adaccount -lockedout | unlock-adaccount -confirm
get-addefaultdomainpasswordpolicy
get-gpo -all | select-object -property "DisplayName"
get-gporeport -name $GPOName -reporttype XML -path "\\path\to\file"
get-gporeport -all -domain "$domain.tld" -reporttype HTML -path "\\path\to\file"
$gpoReport = get-gporeport -name $gponame -reporttype xml
$gpoReport = $gpoReport.split("`n")
$gpoReport | select-string "searchterm" -simplematch
(get-acl <folder name>).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto
dir -directory | select-object Name
Get-NetConnectionProfile
Set-NetConnectionProfile -InterfaceIndex <index number> -NetworkCategory Private
NB: Can’t be used to set a profile to Domain (“DomainAuthenticated”).
robocopy /copyall /zb /e /R:2 /W:2 /V /np /LOG+:\\path\to\logfile /L C:\path\to\source C:\path\to\destination
gi
= Get-Item
)gi HKLM:\Software\Microsoft\Windows\CurrentVersion\Run
gi HKCU:\Software\Microsoft\Windows\CurrentVersion\Run
gi HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce
gi HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnce
get-eventlog -logname [System|Application|Security|etc]
-after (get-date -date '01/01/2001 00:00:00')
-before (get-date -date '01/30/2001 00:00:00')
-entrytype \[Error|Information|FailureAudit|SuccessAudit|Warning\]
-Newest \[number of events\]
-Message \[*searchstring*\]
Updated method get-winevent
get-winevent -logname System -MaxEvents 100 | sort-object TimeCreated | fl timecreated,ID,leveldisplayname,message,providername
get-winevent -providername *updateclient* | where-object {$_.message -like "*feature*"
&_ | Where-Object {$_.EventID -eq 63} | Select-Object -Property Source, ID, InstanceId, Message | ft -wrap > c:\temp\errorlog
nslookup myip.opendns.com. resolver1.opendns.com
wget diagnostic.opendns.com/myip | fl content
1..254 | ForEach-Object {Get-WmiObject Win32_PingStatus -Filter "Address='192.168.0.$_' and Timeout=200 and ResolveAddressNames='true' and StatusCode=0" | select ProtocolAddress*}
get-dhcpserverindc
get-dhcpserverv4scope (-computername $[dhcpServer])
get-dhcpserverv4scopestatistics (-scopeid $[scopeID])
get-dhcpserverv4dnssetting -scopeID $[scopeID]
Get-DhcpServerv4Lease -scopeid $[scopeID]
get-dhcpserverv4lease -scopeid $[scopeID] -badleases
Get-HotFix | select-object hotfixid,installedon | sort installedon
Reset-ComputerMachinePassword -server $DCServerHostname -credential $domain\$user
$listA | where-object {$listB -notcontains $_}
find [path] -[opt] "[string]"
find ./ -iname "myfile*"
:w !sudo tee %
:q!
dig -4 domain.tld +trace | awk 'length($)<50'
usermod -a -G groupname username
usermod -g groupname username
gpasswd -d username groupname
Email Address: ([a-zA-Z0-9_\.-]+)@([\da-zA-Z\.-]+)\.([a-zA-Z\.]{2,6})
SSN: ^\d{3}-?\d{2}-?\d{4}$
IP Addr: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$
Percentages: ([0-9]*\.*[0-9]+%)
c:\users\$username
to ~.old
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\$userKey
where ProfileImagePath matches the users’s profile path.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\$userKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\ProfileGuid\$userGuid
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
net start msiserver
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d $**DOMAIN.TLD** /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d $**USERNAME** /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d $**PASSWORD** /f
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
C:\Windows\System32\LogFiles\Firewall\pfirewall.log
HKEY_CURRENT_USER\Software\Microsoft\Office\$**x.0**\Outlook\Preferences
sudo firewall-cmd --get-default-zone
sudo firewall-cmd --set-default-zone=[value]
sudo firewall-cmd --get-services
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --remove-service=http --permanent
sudo firewall-cmd --zone=public --add-port=12345/tcp --permanent
sudo firewall-cmd --zone=public --remove-port=12345/tcp --permanent
config
web-management allow-http
interface X0 (# or needed interface)
no https-redirect enable
management http enable
finished
exit
also useful:
show ?
show device
show status
show system
http://portquiz.net:1234
https://config.office.com/
https://passwordsgenerator.net/plus/
https://www.10minutemail.com
https://emailstuff.org/spf/check
https://urlscan.io
https://regexr.com
https://explainshell.com
https://www.mail-tester.com/
https://support.google.com/mail/answer/7190?hl=en - note that “Primary” (eg, the default view of the Inbox) is a category
http://IP:PORT/en-US/app/search/search?q=%s
https://www.everycloud.com/it-pro-tuesdays
Tested to work for allowing authentication for admin privileges, but not for login. Anticipated to work with full login if no exclusions made.
dscl . create /Users/administrator
dscl . create /Users/administrator RealName "Administrator Account"
dscl . create /Users/administrator hint "Password Hint"
dscl . create /Users/administrator picture "/Path/To/Picture.png"
dscl . passwd /Users/administrator thisistheaccountpassword
dscl . list /Users UniqueID
dscl . create /Users/administrator UniqueID [UID]
dscl . create /Users/administrator PrimaryGroupID 80
dscl . create /Users/administrator UserShell /bin/bash
dscl . create /Users/administrator NFSHomeDirectory /Users/administrator
cp -R /System/Library/User\ Template/English.lproj /Users/administrator
chown -R administrator /Users/administrator
dseditgroup -o edit -a administrator -t user admin
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.sendkeys "{SCROLLLOCK}"
Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Set Rules for Remote Control of Remote Desktop Services User Sessions