Override UAC restrictions on running elevated processes on workgroup
New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1
Get ADComputer lastLogonDate
Get-ADComputer -SearchBase 'CN=Users,DC=xxx,DC=com,DC=SG' -Filter * -Properties * | FT Name,LastLogonDate Get-ADComputer -SearchBase 'CN=Computers,DC=xxx,DC=com,DC=SG' -Filter * -Properties * | Sort LastLogonDate | FT Name,LastLogonDate Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize Get-ADComputer -Filter * -Properties * | sort LastLogonDate | FT Name, LastLogonDate -Autosize
Get all XP machines
Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate, OperatingSystem -Autosize Get-ADComputer -Filter * -Properties * | Sort OperatingSystem | FT Name, LastLogonDate, OperatingSystem -Autosize
Enable inheritance on all AD user accounts
Error: Insufficient access rights to perform the operation
Security Tab > Select Advance > Enable the check box Include Inheritable Permissions from this object’s parent
AD DS deployment
Import-Module ADDSDeployment Install-ADDSForest ` -CreateDnsDelegation:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainMode "Win2012R2" ` -DomainName "xxx.com.sg" ` -DomainNetbiosName "2012GUI" ` -ForestMode "Win2012R2" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SysvolPath "C:\Windows\SYSVOL" ` -Force:$true
Prevent registering unwanted NIC(s) in DNS on a Mulithomed Domain Controller
On Unwanted NIC TCP/IP Properties -> Advanced -> DNS - > Uncheck "Register this connections Address in DNS" DNS server console > highlight server > Properties > Interfaces tab > select "listen on only the following IP addresses" Zone properties > Name server tab > Select FQDN server > Edit > Remove unwanted IP address associated in the list
Add Active Directory Schema snap-in (MMC)
Run CMD as administrator and enter below command regsvr32 schmmgmt.dll
2012 Server Core
Enable RDP
# Turn on RDPs sconfig # Enable or disable Firewall for RDP Enable-NetFirewallRule -DisplayGroup "Remote Desktop" Disable-NetFirewallRule -DisplayGroup "Remote Desktop" # Verify setting Get-netfirewallrule -DisplayGroup "Remote Desktop" | Ft Name, Enabled -a
Join core to domain
Add-computer -DomainName xyz.com.sg #Confirm it's joined to domain and restart computer Get-wmiObject -Class Win32_ComputerSystem Restart-Computer
Core to Domain Controller
Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -CriticalReplicationOnly:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainName "xxx.domain.com.sg" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SiteName "Default-First-Site-Name" ` -SysvolPath "C:\Windows\SYSVOL" ` -Force:$true
Minimum administrative privileges required for a user to administer Core server
Enable Remote Management for Core to be managed by another host
#Event Viewer Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management" #Services Enable-NetFirewallRule -DisplayGroup "Remote Service Management" #Shared Folders Enable-NetFirewallRule -DisplayGroup "File And Printer Sharing" #Task Scheduler Enable-NetFirewallRule -DisplayGroup "Performance Logs and Alerts" #Disk Management(requires on both core and host managing core) Enable-NetFirewallRule -DisplayGroup "Remote Volume Management" #Required to enable service name "Virtual Disk" on core Set-Service VDS -StartupType Automatic #Windows Firewall with Advanced Security Enable-NetFirewallRule -DisplayGroup "Windows Firewall Remote Management" #MMC snap-ins Enable-NetFirewallRule -DisplayGroup "Remote Administration" #IP Security Monitor On/Off/view Cscript \windows\system32\scregedit.wsf /im 1 Cscript \windows\system32\scregedit.wsf /im 0 Cscript \windows\system32\scregedit.wsf /im /v
Checking DNS
Get-DnsClientServerAddress Test-NetConnection host.name.com.sg
Query system info
systeminfo logoff
Enable Windows update on Core (Run over Remote Desktop RDP, not remote shell)
sconfig > 5 > Automatic
#View current setting cscript C:\windows\System32\SCregEdit.wsf /AU /v #Stop Windows Update service net stop wuauserv #Enable Automatic Windows Update cscript C:\windows\System32\SCregEdit.wsf /AU /4 #Disable Windows Update cscript C:\windows\System32\SCregEdit.wsf /AU /1 #Start Windows Update service net start wuauserv
Remove old domain controller (still online)
Import-Module ADDSDeployment Uninstall-ADDSDomainController ` -Credential (Get-Credential) ` -DemoteOperationMasterRole:$true ` -DnsDelegationRemovalCredential (Get-Credential) ` -RemoveDnsDelegation:$true ` -Force:$true
Enable PSRemoting
#Enable Enable-PSRemoting #test Test-WSMan serverName
Install driver on Core
pnputil –i –a <driver.inf> #list installed drivers sc query type= driver
To disable a device driver
sc query type= driver sc delete <service_name_get_from_sc_query_type=_driver>
Enable Firewall for remote management (Computer Management)
Enable-NetFirewallRule -DisplayGroup "Windows Remote Management" Enable-NetFirewallRule -DisplayGroup "Remote Event Log Management" Enable-NetFirewallRule -DisplayGroup "Remote Volume Management" Set-Service VDS -StartupType Automatic Get-NetFirewallRule | Select DisplayGroup -Unique | Sort DisplayGroup Enable-NetFirewallRule -name RVM-RPCSS-In-TCP,RVM-VDSLDR-In-TCP,RVM-VDS-In-TCP
Add static route on Windows to survive reboot (persistent)
#Add persistent route route -p add 10.255.255.4 MASK 255.255.255.254 172.16.1.252 route -p add 10.121.15.0 MASK 255.255.255.0 172.16.1.252 #To remove route route -p delete 10.255.255.4 route -p delete 10.121.15.1 #View existing route route print
Add static route without Default Gateway
route -p add FIX.REMOTE.IP.ADD MASK 255.255.255.255 LOCAL.DEFAULT.GATEWAY.IP route -p add 111.222.111.222 MASK 255.255.255.255 192.168.1.1
Convert a disk to GPT
diskpart list disk select disk # convert gpt list disk
Active Directory
# To install AD DS Install-WindowsFeature AD-Domain-Services # To install first DC in new forest Install-ADDSForest Install-ADDSForest -DomainName xxx.com.sg -CreateDNSDelegation DomainMode Win2008 – ForestMode Win 2008 R2 -DatabasePath "d:\NTDS" -SysvolPath "d:\SYSVOL" –LogPath "e:\Logs" # To install first DC in a child or tree domain Install-ADDSDomain # To install additional domain controller in domain Install-ADDSDomainController
Install DHCP RSAT (Remote Server administration Tool)
Install-WindowsFeature -Name RSAT -DHCP
Find version and Build No
[Environment]::OSVersion [System.Environment]::OSVersion.Version gwmi win32_operatingsystem | % caption (Get-ItemProperty -Path c:\windows\system32\hal.dll).VersionInfo.FileVersion
Find Windows key that is embedded in the BIOS/UEFI
wmic path softwarelicensingservice get OA3xOriginalProductKey powershell "(Get-WmiObject -query 'select * from SoftwareLicensingService').OA3xOriginalProductKey"
Get AD members
#Domain Admins Get-ADGroupMember "Domain Admins" Get-AdGroupMember "Enterprise Admins" -recursive Get-ADGroupMember "administrators"
A user is member of (including nested groups)
dsget user "CN=User Name Kim XYZ,OU=X,dc=XXX,dc=com,dc=sg" -memberof dsget user "CN=User Name Kim XYZ,OU=X,dc=XXX,dc=com,dc=sg" -memberof -expand
Rename domain computer
Rename-Computer -ComputerName OldPC -NewName NewPC -domaincredential Rename-Computer -ComputerName OldPC -NewName NewPC -domaincredential -Restart
Count number of object in an OU
Get-ADComputer -SearchBase "OU=XXX Computers,DC=XXX,DC=COM,DC=SG" -Filter {Enabled -eq $true} -Properties CanonicalName | Group-Object {($_.CanonicalName -Split "/")}
Search AD PasswordNeverExpires
Search-ADAccount -PasswordNeverExpires -UsersOnly Search-ADAccount -PasswordNeverExpires -UsersOnly | FT Name, ObjectClass, PasswordNeverExpires -AutoSize Search-ADAccount -PasswordNeverExpires -UsersOnly -SearchBase "OU=Users_365,DC=xxx,DC=com,DC=sg" | FT Name, ObjectClass, PasswordNeverExpires -AutoSize Get-ADUser -Filter {PasswordNeverExpires -eq $true} Get-ADUser -Filter {PasswordNeverExpires -eq $true -AND enabled -eq $true} Get-ADUser -Filter {PasswordNeverExpires -eq $true -AND enabled -eq $true} -SearchBase "OU=Users_365,DC=xxx,DC=com,DC=sg" Get-ADUser -Filter {PasswordNeverExpires -eq $true -AND enabled -eq $true} -SearchBase "OU=Users_365,DC=xxx,DC=com,DC=sg" -Properties * | FT Name, UserprincipalName, ObjectClass,PasswordNeverExpires -AutoSize
Check for disk bad sector and repair
chkdsk C: /f /r /x
Redircmp (change newly joined computers to another OU)
#Set new location Redircmp "OU=XXX,OU=XXX,DC=XXX,DC=COM,DC=SG" #Example: redircmp OU="XXX Computers OU",DC=XXX,dc=COM,DC=SG #Verify changes Get-ADDomain | select ComputersContainer
Remove network drive
#Get network drives NET USE gwmi win32_networkconnection #Remove Remove-PSDrive -Name K NET USE Z: /DELETE /Y NET USE\\serverB\sharex /delete
Common PowerShell command
Find total number of cores on your CPU
WMIC CPU Get DeviceID,NumberOfCores WMIC CPU Get DeviceID,NumberOfCores,NumberOfLogicalProcessors,SocketDesignation
Find 32-bit or 64-bit OS
gwmi win32_operatingsystem | select osarchitecture
Get System Enclosure (SerialNumber)
wmic bios get SerialNumber Get-WmiObject win32_SystemEnclosure Get-WmiObject win32_bios | format-list SerialNumber
Who logged in
#Currently logged in user gwmi win32_computersystem | select USername, Caption, Manufacturer #Previously logged in users gwmi win32_loggedonuser | select Antecedent gwmi win32_loggedonuser | select Antecedent -Unique dir env:user*
Force time update
W32tm /resync /force
Check status
w32tm /query /status
Set NTP manually
w32tm /config /manualpeerlist:us.pool.ntp.org
Configure a client PC to sync time from the domain
w32tm /config /syncfromflags:domhier /update net stop w32time net start w32time
Create shared folder
Create shared tmp
(Get-WmiObject Win32_Share -List).Create("C:\tmp", "tmp",0);
Delete shared tmp
if ($share = Get-WmiObject -Class Win32_Share -Filter "Name='tmp'") { $share.delete() }
Enable Firewall
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
Check who is PDC (Primary domain controller)
Get-ADComputer(Get-ADDomainController -Discover -Service "PrimaryDC").name Get-ADDomainController -Discover -Service "PrimaryDC"
Create snapshot of Active Directory
ntdsutil ntdsutil: snapshot snapshot: Activate Instance ntds snapshot: create
List and mount snapshot
snapshot: list all snapshot: mount {4598e3c6-f54f-436f-baeb-d73105e9619e}
Run instance of Active Directory from the snapshot
dsamain /dbpath C:\$SNAP_201704211025_VOLUMEC$\Windows\NTDS\ntds.dit /ldapPort 33389
Run Active Directory Users and Computers (dsa.msc)
Get AD Users Password Expiry Dates
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Expiring passwords sorted
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | sort "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Logon script
C:\Windows\SYSVOL\domain\scripts %logonserver%\sysvol\