Perrmissions
get-acl [-path] filepath
get-acl “\\server\folder\subfolder” | format-list
AD Queries
dsquery user -name Blo* | dsget user –display (return AD display names of all names starting Blo)
dsquery user -name "joe blogg" | dsget user -upn (return the UserPrincipalName)
dsquery group -name AD_GroupName | dsget group -members (return a list of members of an AD group called AD_GroupName)
dsquery user -upn “UserPrincipalName@Domian.com” | dsget user –memberof (return group memberships from a query run on a UPN)
dsquery user –name ACCOUNTNAME | dsget user –dn (return the distinguished name)
dsquery computer -name Server0* -limit 2000 | dsget computer ( default =100 use –limit to increase returned results, or 0 to switch limit off...return computer hostnames starting with Server0)
dsquery computer –stalepwd 30 (queries AD for systems not connected to AD for 30 days there is a limited output so use)
dsquery computer -stalepwd 30 -limit 0
dsquery group -name “globalgroup-name” | dsget group -members (lists members of AD Global Groups)
You can query group memberships and redirect the display names to a text file then do this
type
textfilename.txt | dsget user -dn -tel -email
(etc etc see the switches from dsget user /? and add them on) this will give you email addresses and telephone numbers if stored in the AD account info
Remote\Local Server Shares
get-wmiobject -class win32_share (local share)
get-wmiobject -class win32_share -computername Fileserver1 (returns shares on Fileserver1 )
Service Tag Numbers
wmic systemenclosure get serialnumber /value (on local computer or through RDP session)
Or with Powershell
get-wmiobject -class win32_baseboard | format-list * (on local computer or through RDP session returns a list of information of the baseboard installed)
get-wmiobject -class win32_baseboard -computername fileserver1| format-list * (from a powershell session to a remote server called fileserver1)
Or remotely raising your account to admin
get-wmiobject -class win32_baseboard -computername Fileserver1 -credential doamin\adminaccountname | format-list *
Printers
Prnjobs –l
Sc query spooler
prncnfg.vbs Lists and manages printerprint configs
prndrvr.vbs List, Install and manager drivers
prnjobs.vbs Manage Print Qs
prnmngr.vbs Install, remove and list printers
prnport.vbs install, remove and config tcp/ip print ports
prnqctl.vbs Print Q management
pubprn.vbs Publish printers in AD
You may have to set CScript to be the default scripting host in the WSH. You can do this typing
'''cscript //h:cscript //s''' in a cmd shell.
if you want print driver info from the print server, install the win2k3 reskit, launch the CMD shell, make sure the shell is in the reskit working folder or add it to the OS path and type
printdriverinfo
and all the driver and DLL details are displayed, these can be redirected to a text file.
Querying Services & Processes
sc query type= service state= all (note there is a space after the = sign, return the state of all services those running and those disabled)
Query a remote system
sc \\Fileserver1 type= service state= all (note the UNC path of the host, could also be a PC )
PowerShell Method
Stop-service servicename
get-sevice servicename (check service state)
start-service servicename
For processes
tasklist (will list currently running processes and provide process IDs and Memory usage)
tasklist /m (This nice….will give you the modules each process uses, then you can check DLL versions to see if that is the problem)
tasklist /svc (will give you the services each process is using)
Terminal services
To see who has a current RDP session on a server
query user /server:servername (provides usernames and session details of session RDP-ing to Terminal Servers or PCs)
mstsc /console (enables a RDP connection when the licenses are full and you cant login)
DHCP
Want to get the DHCP scope info from a remote DHCP server?
netsh -r IP Addr dhcp server dump all > output_file_path (IP Addr = 196.168.171.20 for example)
Need to get the DHCP Statistics from a DHCP server
netsh dhcp server \\server_name show all
Returns the DHCP database stats for all the configured scopes
Networking
Powershell Method (check remote computers tcp/ip settings)
To check the networking settings on a remote computer type
get-wmiobject -class win32_networkadapterconfiguration -computer PC_Hostname | format-list *
why? Coz IPCONFIG /ALL no worky on remote computers!!!
Exchange
Powershell Query find users mailbox information store
You must have installed Quest Active roles snap-in for Powershell
Get-QADUser “*bloggs*” -IncludedProperties homeMDB | Format-Table Name,homeMDB
Provides server and information store information, to expand on this the native powershell commands can be used
get-wmiobject -namespace root\microsoftexchangev2 -class exchange_mailbox -computer “hostname” | sort-object mailbocdisplayname | format-table mailboxdisplayname,servername,storagegroupname,storename,size,totalitems
Just use the above commands from a standard Powershell V2.0 shell, and it will bring back a very handy sorted data list that can be opened in excel. Use the normal redirectors to pipe to a text file or the Powershell convert-csv type commands
Powershell query Tombstoned computers
get-qadcomputer -tombstone | format-list * (returns deleted server\PC accounts in AD)
get-qadcomputer -computerrole ‘domaincontroller’ -tombstone | format-list * (returns deleted Domain Controller accounts in AD)
Powershell Query Event Logs
Get-eventlog “application” -computername fileserver1 | where-object {$_.entrytype -match “error”} > file.txt
This will query the APPLICATION event viewer entries and redirect the results and catch all the entries that match the word ERROR in the event viewer stamp
Powershell – Reboot Remote Systems
get-wmiobject win32_operatingsystem -computer hostname -enableallprivileges | invoke-method reboot
Will reboot the remote computer, win32_operating system is a WMI class and REBOOT is a method or action that can be performed on the class!
List Files In Use on a Windows Server or PC
Command Line Method...
NET SESS (or NET SESSION)
NET FILE
A GUI Method....
Right Click "My Computer", select MANAGE,Select "SHARED FOLDERS" and finally "OPEN FILES"
Command line method is better as this can be piped or redirected to a new file or amended to a current one.
List of Installed apps
WMIC command....
wmic product get (local command line session)
wmic /node: nodename product get ( retrieve apps from remote pcs)
Powershell...
get-wmiobject -class win32_product (local posh session)
get-wmiobject -class win32_product -computer computername ( retrieve apps from remote pcs)
keep in mind the apps may only be in the registry...or the correct registry key if the app has been installed through the control panel...add remove applications
Find Global Catalogue Servers across Sites & Services
Using DSQuery
dsquery server -isgc -domain "registered.domain.name"
Using NSLookup
nslookup gc._msdcs.registered.domain.name
WMIC
Good link for WMIC commands....Technet-WMIC
Get a list of installed apps from remote windows systems
wmic /node:hostname product get
www.robvanderwoude.com
No comments:
Post a Comment