These are collected for my own reference and should not be taken as complete or entered without some understanding of the ramifications.
Where possible, I’ve included my source of info, which should be referenced for more context. In most cases, the CMD version works in PS; PS commands will not work in CMD
Have a suggestion? Send it to tips@ajones.xyz and check back soon.
This space reserved for contributors requesting general credit, which is happily given!
ctrl+shift+enter to run as admin (usually works)
Sometimes requires shift-rightClick - Run as another user (then use admin)
defrag [volume] /A /U /Vdefrag [volume] /D /U /Vdefrag /CF7 for interactive display of history
F8 for in-line selection
takeown /f x:\path\to\file /r /d y
takeown /f x:\path\to\file /a /r /d yCurrent user takes ownership of the folder and contents / Administrators group takes ownership of the folder and contents
icacls \\path\to\file /grant "domain\user":[permission level] /ticacls c:\tmp\note.csv /grant "HQ\ajones":Micacls C:\temp\notesdir /setowner "hq\ajones" /tRecursively takes ownership of the directory notesdir
(echo line1
echo line2
echo line3
.
.
.
) > x:\path\to\file.txtwmic qfe listwusa /uninstall /kb:#######
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > C:\temp\sfc_result.txt...cbs.log | morec:\windows\system32\w32tm.exe /query /status
c:\windows\system32\w32tm.exe /query /configuration
c:\windows\system32\w32tm.exe /query /source
c:\windows\system32\w32tm.exe /stripchart /computer:remote.time.server.tldc:\windows\system32\w32tm.exe /config /syncfromflags:manual /manualpeerlist:"pool.ntp.org time.nist.gov" /reliable:yes /update
net stop w32timenet start w32time
w32tm /resync /force
pnputil -epnputil -f -d xxxxx.infogpupdate /force
gpupdate /force /target:usergpupdate /force /target:computergpresult /r
gpresult /r /user Usernamegpresult /r /s [Hostname|IP]gpresult /r /scope:[user|computer]qwinstaquery userdcdiag /c /v /f:c:\temp\dcdiag_result.TXTecho %logonserver%rundll32 printui.dll PrintUIEntry /ga /n "\\path\to\printer"runas /user:administrator@domain.tld /noprofile cmd.execscript "%Programfiles%\Microsoft Office\Office16\OSPP.VBS" /dstatuscscript "%Programfiles%\Microsoft Office\Office16\OSPP.VBS" /unpkey:<key>echo %COMPUTERNAME%.%USERDNSDOMAIN%cscript [path\to\script] [/script options]cscript c:\windows\system32\slmgr.vbs /xprslmgr.vbs /ipk [windows-key-here]slmgr.vbs /atoslgmr.vbs /xprslui [1|2|3|4]
slui 3query user /server:[hostname/ip]
logoff [sessionID]systeminfo[.exe] [/s Computer [/u Domain\User [/p Password]]] [/fo {TABLE|LIST|CSV}] [/nh]Where: - /fo { TABLE | LIST | CSV } - Specifies the format to use for the output. Valid values are TABLE, LIST, and CSV. The default format for output is LIST.
- /nh - Suppresses column headers in the output. Valid when the /fo parameter is set to TABLE or CSV
wmic path softwarelicensingservice get OA3xOriginalProductKeynetsh -r (hostname/ip) interface ipv4 show interfaceswmic nic get Name,NetConnectionID,MACAddressipconfig /release [adapter name]wmic bios get serialnumberwmic product get name,versionnet [start,stop] servicenamenet start nagios
sc.exe config servicename start=disabled [disabled,auto,delayed-auto,demand(='manual')]
sc.exe delete servicename
sc query type= servicewmic service list configtaskkill /f /im [processname.exe]
taskkill /f /im notepad.exetaskkill /pid 1223 /pid 1224** NB - normal password change warnings apply! Encrypted content no longer accessible, saved credentials gone, etc. **
mv ./sethc.exe ./sethc.exe.bak)cp ./cmd.exe ./sethc.exe)cd ~ ; umount /dev/sda1)net user <username> *net user administrator /active:yesnet user [username]net user [username] /domainnb; active: yes means unlocked.
net accounts
net accounts /domainnet user [username] * /addnet localgroup administrators [username] /addnet user administrator /active:yeswmic useraccount where “Name='username'” set PasswordExpires=falsenetstat -nbp [tcp|udp|tcp6|ICMP|ICMPv6]diskpart
select volume [volume letter or number]
remove letter [letter]diskpart
select volume [volume number]
assign letter [volume letter]nslookup [name] [server]
nslookup -type=[record type] [name] [server]
nslookup -type=mx google.com 75.75.75.75
nslookup -debug host.site.tldroute ADD [networkIP] MASK [subnetmask] [gatewayIP]
route ADD 192.168.30.0 MASK 255.255.255.0 192.169.20.2route -p ADD [ip] MASK [mask] [gateway]route delete [networkIP]
route delete 192.168.30.0fsutil file createnew \path\to\file.txt [size in bytes]
fsutil file createnew c:\temp\testfile.txt 2000000update: read-host doesn’t work correctly in a copy-paste block. This is useful as a script or if pasted per-line, but would be better rewritten as a function with mandatory parameters
$name = read-host -prompt "Files basename?"
$count = read-host -prompt "Number of empty files?"
$size = read-host -prompt "Size of each file in b?"
if ($size -gt 50000){
$size = 50000
}
if ($count -gt 20){
$count = 20
}
for ($num=1; $num -le $count; $num++) {
fsutil file createnew $name$num $size
}wmic diskdrive get /all /format:list./psexec.exe \\[remotecomputername] "C:\path\to\remote\file"schtasks /query /v /fo list [/u [domain\]user /p password]
schtasks /query /fo list /v | find "some string to match"schtasks /query /fo list /v | select-string "some string to match" schtasks /delete /tn [name of task] /f
schtasks /create /tn reboot_once /tr "c:\windows\system32\shutdown.exe /r /t 60" /sc once /st 23:59 /rl highest /np /sd "02/22/2019"schtasks /create /tn no_screenlock /tr "c:\temp\capslock.vbs" /sc minute /npnet use [driveletter]: \\path\to\file /persistent:Yes
net use S: \\contoso-FS01\Scandocs /persistent:Yes@echo off
net use S: \\contoso-FS01\Scandocs
exitnet use X: \\Path /user:domain.local\username * /persistent:[Yes|No]net usenet sharereg query path\to\key
reg query hklm\software\microsoft\windowsreg export keyname filename
reg export hklm\software\sonicewall c:\users\username\desktop\file.regreg add key /v valuename /t datatype /d data
reg add HKLM\Software\Somename /v DataVal /t REG_DWORD /d 10010netsh interface show interface
netsh interface ipv4 add dnsserver "interfacename" address=xxx.xxx.xxx.xxx index=#netsh interface ip set dns "InterfaceName" static 123.123.123.123netsh interface ip set [dns|address] "InterfaceName" dhcpnetsh [command [sub-command]] /?
netsh interface show interface
netsh inteface ipv4 show ipstatsnetsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow [ remoteip=ip1,ip2 ]netsh advfirewall firewall add rule name="ICMP Allow incoming V6 echo request" protocol=icmpv6:8,any dir=in action=allow [remoteip=ip1,ip2 ]netsh advfirewall firewall add rule name="allow_inbound_TCP_port_12345" protocol=TCP dir=in localport=12345 action=allow remoteip=127.0.0.1 profile=Domainnet stats workstation
(c:\windows\system32\) systeminfo.exe | find "Time:"driverquery /v /fo list"%~dp0""%~f0"dism.exe /online /cleanup-image /checkhealth
dism.exe /online /cleanup-image /scanhealth
dism.exe /online /cleanup-image /restorehealth
dism.exe /online /cleanup-image /restorehealth /source:d:\path\to\source\windowscontrol.exe
control.exe printerscontrol.exe /name canonical.name
control.exe /name microsoft.networkandsharingcenterget-controlpanelitem
show-controlpanelitem [item]
show-controlpanelitem mail*Get-WmiObject Win32_OperatingSystem | Select-Object LastBootUpTime
systeminfo.exe | select-string "Time:"get-rdusersessionwhile (1) {command | out-host;sleep 5;clear}for ($i=1; $i -le 10; $i++) {do something}measure-command {command goes here}
measure-command {get-childitem}
measure-command {command|out-default}out-default Outputs result to terminal as well as giving the measurement metricsget-childitem | measure-object -sum lengthGet-ChildItem -Path . -Recurse| ? {$_.LastWriteTime -gt (Get-Date).AddDays(-3)}history
invoke-history [command index]get-history, invoke-history can referenced by alias ‘ihy’some command | ft property1,property2some command | fl property1, property2Id : 12480 Handles : 795 CPU : 47.203125 SI : 1 Name : Zoom
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName 795 111 45084 10176 47.36 12480 1 Zoom
repair-windowsimage -checkhealth
repair-windowsimage -scanhealth
repair-windowsimage -restorehealth[some command] | select-string -pattern SearchString -context 2,4get-smbshare$usersid = (User's SID identifier here. Use gci hku:\ for possible matches)
get-childitem -path HKCU:\$usersid\get-process [ProcessName]
get-process Notepad
ps Notepad
get-process -computername [name or ip] | sort-object [object] -descending[/ascending]powershell "(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey"Get-WmiObject win32_service | ?{$_.Name -like '*searchstring_omit-to-list-all*'} | select Name, DisplayName, State, PathName
get-serviceEnter-PSSession Server01 (may work by name only)
exit-pssession(get-item "HKLM:\SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters")Get-VM
Get-VM -name [VMGuestName]
Get-VM -ComputerName [VMHostName]PS C:\> Restart-Computer -ComputerName Server01get-netadapter -name * -cimsession <computername>
get-netadapter -name * -cimsession <computername>Get-WmiObject Win32_VideoController | Select description,driverversion$Path = 'HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*'
Get-ItemProperty -Path $Path | Select-Object -Property FriendlyName, CompatibleIDs, Mfgget-itemproperty -path HKLM:\System\CurrentControlSet\Services\* | select-object -Property ImagePath > path/to/file* filename (date)created: MM/DD/YYYY (date)modified: MM/DD/YYYY size: GB,MB,KB Operators: < > = <= >= <>
Get-psdrive C
Get-psdrive C | select-object free,usedGet-psdrive -psprovider 'filesystem'
gdr -psprovider 'filesystem'Get-PhysicalDisk
Get-PhysicalDisk –FriendlyName PhysicalDisk1 | Get-StorageReliabilityCounter
Get-PhysicalDisk | Get-StorageReliabilityCounter | ft deviceid,temperature,wear
Get-PhysicalDisk | Sort Size | FT FriendlyName, Size, MediaType, SpindleSpeed, HealthStatus, OperationalStatus -AutoSize$cabfiles= get-childitem c:\windows\temp | where-object {$_.name -like "CAB_*" AND $_.lastwritetime -lt (Get-Date).adddays(-10)} $url = Read-Host -Prompt "Enter Url to Search"
start-process "chrome.exe" "https://www.urlscan.io","https://whois.icann.org/en/lookup?name=$url","https://toolbox.googleapps.com/apps/dig/#ANY/$url","https://transparencyreport.google.com/safe-browsing/search?url=$url", '--profile-directory="Guest"'stop-process -name <string>get-filehash -algorithm [md5,sha256,etc] file
(get-filehash ...).hash
(get-filehash -algorithm sha256 testfile.txt).hashdiff (cat file1) (cat file2)diff is alias of compare-object and cat is alias of get-contentget-content path\to\file -tail 20 -waitget-content path\to\file | select-object -last 20do-something | output-gridview
do-something | ogvGet-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}powershell –ExecutionPolicy BypassInstall-Module PowershellGet -Force
Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -userprinciplename [user@domain.tld]----------------------------------------------------------------------------
We have released new management cmdlets which are faster and more reliable.
|--------------------------------------------------------------------------|
| Old Cmdlets | New/Reliable/Faster Cmdlets |
|--------------------------------------------------------------------------|
| Get-CASMailbox | Get-EXOCASMailbox |
| Get-Mailbox | Get-EXOMailbox |
| Get-MailboxFolderPermission | Get-EXOMailboxFolderPermission |
| Get-MailboxFolderStatistics | Get-EXOMailboxFolderStatistics |
| Get-MailboxPermission | Get-EXOMailboxPermission |
| Get-MailboxStatistics | Get-EXOMailboxStatistics |
| Get-MobileDeviceStatistics | Get-EXOMobileDeviceStatistics |
| Get-Recipient | Get-EXORecipient |
| Get-RecipientPermission | Get-EXORecipientPermission |
|--------------------------------------------------------------------------|
To get additional information, run: Get-Help Connect-ExchangeOnline
Please send your feedback and suggestions to exocmdletpreview@service.microsoft.com
----------------------------------------------------------------------------// — do things — //
disconnect-exchangeonlineGet-MailboxFolderPermission username:\calendarGet-Mailbox –database mbxdbname| ForEach-Object {Get-MailboxFolderPermission $_”:\calendar”} | Where {$_.User -like “Default”} | Select Identity, User, AccessRightsAdd-MailboxFolderPermission -Identity user1@domain.com:\calendar -user user2@domain.com -AccessRights EditorGet-Mailbox –database mbxdbname | ForEach-Object {Set-MailboxFolderPermission $_”:\calendar” -User Default -AccessRights Reviewer}Remove-MailboxFolderPermission -Identity user1@domain.com:\calendar –user user2@domain.comGet-Mailbox -Filter {recipienttypedetails -eq "SharedMailbox"} | Set-Mailbox -HiddenFromAddressListsEnabled $trueget-inboxrule -mailbox user@domain.com -IncludeHidden | select -property * > \\path\to\file.txtget-mailbox -resultsize unlimited |
foreach {
Write-Verbose "Checking $($_.alias)..." -Verbose
$inboxrule = get-inboxrule -Mailbox $_.alias
if ($inboxrule) {
foreach($rule in $inboxrule){
[PSCustomObject]@{
Mailbox = $_.alias
Rulename = $rule.name
Rulepriority = $rule.priority
Ruledescription = $rule.description
}
}
}
} |
Export-csv "$env:userprofile\desktop\export.csv" -NoTypeInformationGet-MailboxFolderStatistics <username> -FolderScope RecoverableItems | FL Name,FolderAndSubfolderSize,ItemsInFolderAndSubfolders
Get-MailboxFolderStatistics <username> -FolderScope RecoverableItems -Archive | FL Name,FolderAndSubfolderSize,ItemsInFolderAndSubfoldersEnable-Mailbox <user mailbox> -AutoExpandingArchiveSet-OrganizationConfig -AutoExpandingArchiveGet-Mailbox <user mailbox> | FL AutoExpandingArchiveEnabledstart-managedfolderassistant -identity "user@domain.tld"Export-MailboxDiagnosticLogs -Identity _mailboxname_ -ExtendedProperties, then review the “elcLastSuccessTimestamp” value. All of the elc* tags correspond to MFA.[1][2]get-mailbox -recipienttypedetails usermailboxGet-MailboxFolderStatistics -identity $userName -IncludeOldestAndNewestItems -folderscope Inbox | ft folderpath,oldestitemreceiveddate
get-mailboxfolderstatistics -identity $userName | ft name,folderpath,itemsinfolder,folderandsubfoldersize,archivepolicyget-publicfolder -Identity "\" -Recurseget-mailboxjunkemailconfiguration -identity "user"get-mailbox -recipienttypedetails usermailbox | get-mailboxjunkemailconfiguration | export-csv -path \\path\to\fileset-organizationconfig -OAuth2ClientProfileEnabled $True
Get-OrganizationConfig | Format-Table Name,OAuth* -AutoInvoke-WebRequest -Uri [URL] -OutFile [OutputDestFile]wget is an alias for invoke-webrequestresolve-dnsname -name [hostname] -server [lookupserver]
resolve-dnsname -name [hostname] -type [ALL;A;TXT;MX;CNAME;PTR;NS;SOA;...etc][Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12[xml]$somevar = get-content path\to\xmlOR
[xml]$somevar = wget (get-webrequest) url/to/xml/data
$somevar.nodeParent.nodeChild.nodeGrandchild
$somevar.dot.path.valuewithattribute.'#text' (read #text value from node that also has an attribute)$hash = @{}
$hash["<key>"]= "<value>"
$hash.clear()$objSID = New-Object System.Security.Principal.SecurityIdentifier ("ENTER-SID-HERE")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.ValueAs one line:
([System.Security.Principal.SecurityIdentifier]("PUT-SID-HERE")).Translate([System.Security.Principal.NTAccount]).Valuedo-thing | tee-object -filepath "\\path\to\file.txt" | do-more-thingsGet-MessageTrace -SenderAddress john@contoso.com -StartDate 06/13/2018 -EndDate 06/15/2018[System.Diagnostics.FileVersionInfo]::GetVersionInfo("path\to\file").FileVersion
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("c:\windows\system32\TSpkg.dll").FileVersiontest-netconnection -informationlevel "Detailed" -computername "$hostnameOrIP" -port $portNumImport-Module ActiveDirectory
Get-ADUser -identity AccountName
Get-ADUser GlenJohn -Properties * (return properties for user GlenJohn)
Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" (return all users in the fabricam.com/UserAccounts/Finance OU)
get-aduser -filter ('Name -like '*fuzzyname*') | fl Name,UserPrincipalName
get-aduser -filter * -properties passwordlastset,passwordneverexpires | ft name,passwordlastset,passwordneverexpires$name=read-host -prompt "Look up what name?"
get-aduser -filter ("Name -like '*$name*'")
pause[-AuthType
Set-ADAccountPassword -Identity EvanNa
Please enter the *current* password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:**********
Please enter the *desired* password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:***********
Repeat Password:***********get-localuser
set-localuser
[-AccountExpires <DateTime>]
[-AccountNeverExpires]
[-Description <String>]
[-FullName <String>]
[-Name] <String>]
[-Password <SecureString>]
[-PasswordNeverExpires <Boolean>]
[-UserMayChangePassword <Boolean>]
[-WhatIf]
[-Confirm]
rename-localuser
new-localuser
remove-localuser
Get-LocalGroupMember -Group "Administrators"
Add-LocalGroupMember -Group "Administrators" -Member "userName"Import-Module Activedirectory
get-adcomputer -filter * -properties * | FT Name,LastLogonDate | Clipget-adcomputer -filter * -properties * | where-object {$_.lastlogondate -gt (get-date).adddays(-90)} |FT Name,LastLogonDateget-adcomputer -identity HOSTNAME [-properties *]Left(name):
=LEFT(A4,FIND(" ",A4)-1)Right(lastlogondate):
=TRIM(RIGHT(A4,LEN(A4)-LEN(B4)))import-module activedirectory
search-adaccount -lockedoutsearch-adaccount -lockedout | unlock-adaccount -confirmget-addefaultdomainpasswordpolicyget-gpo -all | select-object -property "DisplayName"
get-gporeport -name $GPOName -reporttype XML -path "\\path\to\file"
get-gporeport -all -domain "$domain.tld" -reporttype HTML -path "\\path\to\file"$gpoReport = get-gporeport -name $gponame -reporttype xml
$gpoReport = $gpoReport.split("`n")
$gpoReport | select-string "searchterm" -simplematch(get-acl <folder name>).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -autodir -directory | select-object NameGet-NetConnectionProfile
Set-NetConnectionProfile -InterfaceIndex <index number> -NetworkCategory PrivateNB: Can’t be used to set a profile to Domain (“DomainAuthenticated”).
robocopy /copyall /zb /e /R:2 /W:2 /V /np /LOG+:\\path\to\logfile /L C:\path\to\source C:\path\to\destinationgi = Get-Item)gi HKLM:\Software\Microsoft\Windows\CurrentVersion\Run
gi HKCU:\Software\Microsoft\Windows\CurrentVersion\Run
gi HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce
gi HKCU:\Software\Microsoft\Windows\CurrentVersion\RunOnceget-eventlog -logname [System|Application|Security|etc]-after (get-date -date '01/01/2001 00:00:00')
-before (get-date -date '01/30/2001 00:00:00')
-entrytype \[Error|Information|FailureAudit|SuccessAudit|Warning\]
-Newest \[number of events\]
-Message \[*searchstring*\]Updated method get-winevent
get-winevent -logname System -MaxEvents 100 | sort-object TimeCreated | fl timecreated,ID,leveldisplayname,message,providernameget-winevent -providername *updateclient* | where-object {$_.message -like "*feature*"&_ | Where-Object {$_.EventID -eq 63} | Select-Object -Property Source, ID, InstanceId, Message | ft -wrap > c:\temp\errorlognslookup myip.opendns.com. resolver1.opendns.comwget diagnostic.opendns.com/myip | fl content1..254 | ForEach-Object {Get-WmiObject Win32_PingStatus -Filter "Address='192.168.0.$_' and Timeout=200 and ResolveAddressNames='true' and StatusCode=0" | select ProtocolAddress*}get-dhcpserverindc
get-dhcpserverv4scope (-computername $[dhcpServer])
get-dhcpserverv4scopestatistics (-scopeid $[scopeID])
get-dhcpserverv4dnssetting -scopeID $[scopeID]
Get-DhcpServerv4Lease -scopeid $[scopeID]
get-dhcpserverv4lease -scopeid $[scopeID] -badleasesGet-HotFix | select-object hotfixid,installedon | sort installedonReset-ComputerMachinePassword -server $DCServerHostname -credential $domain\$user$listA | where-object {$listB -notcontains $_}find [path] -[opt] "[string]"
find ./ -iname "myfile*":w !sudo tee %
:q!dig -4 domain.tld +trace | awk 'length($)<50'usermod -a -G groupname usernameusermod -g groupname usernamegpasswd -d username groupnameEmail Address: ([a-zA-Z0-9_\.-]+)@([\da-zA-Z\.-]+)\.([a-zA-Z\.]{2,6})
SSN: ^\d{3}-?\d{2}-?\d{4}$
IP Addr: ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$
Percentages: ([0-9]*\.*[0-9]+%)c:\users\$username to ~.old
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\$userKey where ProfileImagePath matches the users’s profile path.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\$userKeyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\ProfileGuid\$userGuidREG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
net start msiserverREG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d $**DOMAIN.TLD** /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d $**USERNAME** /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d $**PASSWORD** /fHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal ServerC:\Windows\System32\LogFiles\Firewall\pfirewall.log
HKEY_CURRENT_USER\Software\Microsoft\Office\$**x.0**\Outlook\Preferences
sudo firewall-cmd --get-default-zone
sudo firewall-cmd --set-default-zone=[value]
sudo firewall-cmd --get-services
sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --remove-service=http --permanent
sudo firewall-cmd --zone=public --add-port=12345/tcp --permanent
sudo firewall-cmd --zone=public --remove-port=12345/tcp --permanentconfig
web-management allow-http
interface X0 (# or needed interface)
no https-redirect enable
management http enable
finished
exitalso useful:
show ?
show device
show status
show systemhttp://portquiz.net:1234
https://config.office.com/
https://passwordsgenerator.net/plus/
https://www.10minutemail.com
https://emailstuff.org/spf/check
https://urlscan.io
https://regexr.com
https://explainshell.com
https://www.mail-tester.com/
https://support.google.com/mail/answer/7190?hl=en - note that “Primary” (eg, the default view of the Inbox) is a category
http://IP:PORT/en-US/app/search/search?q=%s
https://www.everycloud.com/it-pro-tuesdays
Tested to work for allowing authentication for admin privileges, but not for login. Anticipated to work with full login if no exclusions made.
dscl . create /Users/administrator
dscl . create /Users/administrator RealName "Administrator Account"dscl . create /Users/administrator hint "Password Hint"dscl . create /Users/administrator picture "/Path/To/Picture.png"dscl . passwd /Users/administrator thisistheaccountpassworddscl . list /Users UniqueIDdscl . create /Users/administrator UniqueID [UID]
dscl . create /Users/administrator PrimaryGroupID 80
dscl . create /Users/administrator UserShell /bin/bash
dscl . create /Users/administrator NFSHomeDirectory /Users/administrator
cp -R /System/Library/User\ Template/English.lproj /Users/administrator
chown -R administrator /Users/administrator
dseditgroup -o edit -a administrator -t user adminSet WshShell = WScript.CreateObject("WScript.Shell")
WshShell.sendkeys "{SCROLLLOCK}"Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Set Rules for Remote Control of Remote Desktop Services User Sessions