General Windows Info
windows Version
PS>
Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version
CMD>
systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"
last bootup-Time
PS>
Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object LastBootUpTime
CMD>
systeminfo | find "System Boot Time"
Get Last Shutdown/Reboot Events
fetches shutdown/reboot events from Eventlogger
PS>
Get-EventLog -LogName system -Source user32 | Select TimeGenerated, Message -Unique | ft -Wrap
Pending Reboot
Get Info if a Reboot is pending
install module
PS>
Install-Module -Name PendingReboot
Import-Module PendingReboot
get info
PS>
Test-PendingReboot -Detailed
Display Device Domain Join Status
CMD>
dsregcmd /status
Battery Report
CMD>
powercfg /batteryreport
get hotfix Info
PS>
Get-HotFix | Select-Object -First 20 -Property Description, HotFixID, InstalledOn | Sort-Object -Property InstalledOn -Descending
CMD>
wmic qfe list brief /format:table | findstr /i /v "Caption"
shutdown
shutdown PC after the time given with /t xxx (in seconds)
for reboot add /r
the /f Flag enforces the shutdown... loged in users get signed out!
on execution, active users get a notification that the PC will shutdown in t time, without further notice
CMD>
shutdown /f /t 0
CPU Info
CPU - Overall Usage
gives a single value of the total average usage
PS>
Get-CimInstance win32_processor | Measure-Object -Property LoadPercentage -Average
CPU - Overall Usage (continous)
gives a single value of the total average usage every second
PS>
While($true){ Get-CimInstance win32_processor | Measure-Object -Property LoadPercentage -Average | Select-Object Average;Start-Sleep -Seconds 1 }
CPU - High usage processes
get processes using most CPU (using logical processes… values over 100% possible)
-gt 2 = more than 2 seconds of cpu time
PS>
(Get-Counter '\Process(*)\% Processor Time').CounterSamples | Where-Object {$_.CookedValue -gt 2} | Select-Object -Property InstanceName, CookedValue | Sort-Object -Property cookedvalue -Descending
Windows System
Bypass Execution Policy
PS>
set-executionpolicy bypass
Windows troubleshooter:
Win11: Microsoft moves Troubleshooter to their "Get Help" app.
Currently most Troubleshooters known until Windows 10 are still available in Win11 23H2 using msdt.exe
For a list of available packages, see Available Troubleshooting packs.
Example: Run Network Adapter Diagnostics:
CMD>
msdt.exe /id NetworkDiagnosticsNetworkAdapter
General System Repair
file-System & Component Store Repair
PS>
mkdir -force C:\_temp
sfc /scannow | Tee-Object -file c:\_temp\sfc_scannow.log
DISM.exe /Online /Cleanup-image /Scanhealth | Tee-Object -file c:\_temp\DISM-Online-Scanhealth.log
DISM.exe /Online /Cleanup-image /RestoreHealth | Tee-Object -file c:\_temp\DISM-Online-Restorehealth.log
CMD>
mkdir -q C:\_temp
sfc /scannow > c:\_temp\sfc_scannow.log
DISM.exe /Online /Cleanup-image /Scanhealth > c:\_temp\DISM-Online-Scanhealth.log
DISM.exe /Online /Cleanup-image /RestoreHealth > c:\_temp\DISM-Online-Restorehealth.log
Auto-Copy Logs
Copies files from C:\_temp\ and C:\Windows\Logs\CBS\ to remote device...
This will first prompt you for Admin credentials and afterwards for the destination Device-Name
use remote PowerShell or PowerShell directly on Client machine!
setup connection
PS>
$cred = Get-Credential
$dhn = Read-Host "Enter the destination-HostName"
New-PSDrive -Name X -PSProvider FileSystem -Root "\\$dhn\c$" -Credential $cred
$destinationPath = "X:\remote-files\$env:COMPUTERNAME\"
New-Item -ItemType Directory -Path $destinationPath -Force
copy data
PS>
Copy-Item "C:\_temp\*" -Destination $destinationPath
Copy-Item "C:\Windows\Logs\CBS\CBS.log" -Destination $destinationPath
Copy-Item "C:\Windows\Logs\DISM\dism.log" -Destination $destinationPath
rm -force -recurse C:\_temp\*
CMD>
set /p dhn=Enter the destination-HostName:
set "destinationPath=\\%dhn%\c$\remote-files\%COMPUTERNAME%"
mkdir "%destinationPath%" 2>nul
xcopy "C:\_temp\*" "%destinationPath%" /s /i /y
xcopy "C:\Windows\Logs\CBS\CBS.log" "%destinationPath%" /s /i /y
info
copies all logs to \\<Destination-HostName>\c$\remotefiles\<source-HostName>\
CMD command not tested... use at own risk
release credentials and network-Drive
PS>
Remove-PSDrive -Name X
$cred = ""
Component Store Repair
if /RestoreHealth results in an error that the source files can not be found, proceed with Analyzing the Component Store Source
PS>
DISM /Online /Cleanup-Image /AnalyzeComponentStore | Tee-Object -file c:\_temp\dism_AnalyzeComponentStore.log
if /AnalyzeComponentStore results in the information that a Component Store Cleanup is adviced, proceed with the following
PS>
DISM /Online /Cleanup-Image /StartComponentCleanup | Tee-Object -file c:\_temp\dism_StartComponentCleanup.log
SCCM - Repair (local)
PS>
start-process $env:WinDir\CCM\ccmrepair.exe
CMD>
%WinDir%\CCM\ccmrepair.exe
SCCM - Repair (remote)
PS>
function SCCM-RepairClient([String] $CompName) {
$SCCMClient = [wmiclass] "\\$CompName\root\ccm:sms_client"
$SCCMClient.RepairClient()
}
$ComputerName=Read-Host "`r`nSCCM-Client Repair:`r`n-------------------`r`nEnter Computername"
SCCM-RepairClient -ComputerName "$ComputerName"
Memory Repair (Win+R)
Each (LowEnergy)CPU core can scan parallel 4gb in about 20min (limited by RAM/DDR speed limits)
e.g 4core CPU scans 16gb in 20 min, 2 core scans 16gb in 40 min, 8core CPU scans 16gb in 20min aswell
CMD>
MDSCHED
Disk Check and repair
CMD>
chkdsk /r /f
info
/r: This switch tells CHKDSK to locate bad sectors in the disk and attempt to recover any readable information from them. It also implies the functionality of /f, so you don't need to specify /f separately.
/f: This switch tells CHKDSK to fix any errors it finds on the disk.
Specific System Repair
Reset Explorer Views
force resets all Explorer view Settings
delete the following keys and restart Explorer
REG>
HKEY_USERS\Software\Microsoft\Windows\Shell\Bags
HKEY_USERS\Software\Microsoft\Windows\Shell\BagMRU
Repair WMI repository
PS>
winmgmt /verifyrepository
winmgmt /salvagerepository
stop-service -force winmgmt
start-service winmgmt
General Windows Update Troubleshoot
Windows Update Troubleshoot
Check if services are running:
PS>
get-service wuauserv
get-service bits
get-service appidsvc
get-service cryptsvc
WinUpdate troubleshooter:
For a list of available packages, see Available Troubleshooting packs.
Info for Win11 23H2 and later!: Windows Update Diagnostics has been fully deprecated and is only available via a special passkey provided by Microsoft
PS>
msdt.exe /id WindowsUpdateDiagnostic
Cleanup Windows Update
PS>
$currentDateTime=(Get-Date).ToString("yyyy-MM-dd_HH-mm")
$softwareDistributionPath = "$Env:systemroot\SoftwareDistribution"
$catroot2Path = "$Env:systemroot\system32\catroot2"
$softwareDistributionBackupPath = "$softwareDistributionPath.bak"
$catroot2BackupPath = "$catroot2Path.bak"
stop-service @('wuauserv','bits','appidsvc','cryptsvc','msiserver','trustedinstaller')
if (Test-Path -Path $softwareDistributionBackupPath) {
Write-Verbose "Backup directory exists. Deleting $softwareDistributionBackupPath..."
Remove-Item -Path $softwareDistributionBackupPath -Recurse -Force -Verbose
}
if (Test-Path -Path $softwareDistributionPath) {
Rename-Item -Path $softwareDistributionPath -NewName SoftwareDistribution.bak
}
if (Test-Path -Path $catroot2BackupPath) {
Write-Verbose "Backup directory exists. Deleting $catroot2BackupPath..."
Remove-Item -Path $catroot2BackupPath -Recurse -Force -Verbose
}
if (Test-Path -Path $catroot2Path) {
Rename-Item -Path $catroot2Path -NewName catroot2.bak
}
start-service @('bits','wuauserv','appidsvc','cryptsvc','msiserver','trustedinstaller')
$successMessage = "Windows Update Cleanup successfully.`r`nSoftwareDistribution and catroot2 folders have been renamed."
Write-Host "`r`n`r`n[$currentDateTime] - INFO:`r`n$successMessage"
CMD>
net stop bits
net stop wuauserv
net stop cryptsvc
rmdir %systemroot%\SoftwareDistribution /S /Q
rmdir %systemroot%\system32\catroot2 /S /Q
net start cryptsvc
net start wuauserv
net start bits
info
check Service Status by executing Get-Service <service-name> in PowerShell
Windows Update Install (PowerShell)
install module UpdateID instead of KB-number
PS>
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
Install-Module -Name PSWindowsUpdate -Force
Get-Package -Name PSWindowsUpdate
Import-Module PSWindowsUpdate
switch -KBArticleID to -updateID to use Windows update Catalog UpdateID instead of KB-number
PS>
Get-WindowsUpdate -Install -KBArticleID KB5017308
info
powerShell import Module might not work if script execution is blocked by company (WindowsUpdate module needs to be imported > gets blocked by policy)
Network-Drive Mapping
restart Services
PS>Stop-Service @('FDResPub','fdPHost') ; Start-Service @('fdPHost','FDResPub')
info
Windows tries to Map the Network-Drives immediately when loading the Profile, even if no network is available... this may cause that the Drives are not available in the Explorer
as prevention run gpedit and Enable the policy: "Always wait for the network at computer startup and logon" located under Computer Configuration -- Policies -- Administrative Templates -- System -- Logon
Restart Printer Spooler
PS>restart-service spooler
CMD>net stop spooler
net start spooler
check User Sessions
get logged in users on machine
PS>query user
log off specific session
PS>logoff <ID>
long Shutdown Fix
Win Settings > Updates > Troubleshoot > additional troubleshooters > Power
turn off fast boot via Control Panel > Power Options > Choose what the Power buttons do
turn off clearing PageFile on shutdown by changing ClearPageFileAtShutdown to 0
Reg>Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
change WaitToKillServiceTimeout to 2000 (or higher)
Reg>Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
Software Uninstallation
Uninstallation troubleshooter:
To troubleshoot failing installs and un-installs, Microsoft provides a specific Troubleshooter:
Simply dowload via this direct-Link, or via support.microsoft.com.
get all installed Software:
PS>
Get-WmiObject -Class Win32_Product | select Name, Version, Vendor | Sort-Object -Property Name
CMD>
wmic product get Name, Version
get installed Software of Vendor:
PS>
$pkgPub=Read-Host “Enter Publisher”
Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*, HKLM:\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, InstallDate, Publisher, DisplayVersion | Where-Object {
$_.InstallDate -match '\d{8}' -and $_.Publisher -match "$pkgPub"
} | ForEach-Object {
[PSCustomObject]@{ Name = $_.DisplayName
Publisher = $_.Publisher
Version = $_.DisplayVersion
InstallDate = [datetime]::ParseExact($_.InstallDate, 'yyyyMMdd', $null).ToString('yyyy-MM-dd')
}
} | Sort-Object Name, InstallDate, Version, Publisher
remove installed Software:
replace <Software-Name>
use Full name provided by the get all installed Software section above.
PS>
$pkgName = Read-Host "Enter the Package Name" ; $pkg=Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -eq "$pkgName"} ; $pkg.Uninstall()
Microsoft Support and Recovery Assistant (cmd-based):
(OffScrub)
Removes all MS Office installations and Residuals
Download Assistant from: https://aka.ms/SaRA_EnterpriseVersionFiles
Documentation: https://aka.ms/SaRA_CommandLineVersion
- Download Assistant
- Extract the files (e.g. to C:\Temp\)
- Open CMD as Admin
- Change to the directory where the files are located (e.g. " cd 'C:\Temp\SaRACmd_17_01_2276_000\' ")
- Run the following command:
CMD>
SaRAcmd.exe -S OfficeScrubScenario -AcceptEula -OfficeVersion All
General Software Repair
Office
Office 365 General
Office File Cache
Office File Cache is used to store files that are used by Office Applications. If office does not work properly these file will not be cleared when Closing the Office-Document. This may cause File in use issues
info
clear Cache via Office > File > Options > Save > Cache Settings > Delete Cached Files. Doubble check the path below if it is empty
Additionally set in Office > File > Options > Save > Cache Settings > Delete files from the Office Document Cache when they are closed
path>
%userprofile%\AppData\Local\Microsoft\Office\16.0\OfficeFileCache
Office repair via CMD
PS>
“$Env:ProgramFiles\Microsoft Office 15\ClientX64\OfficeClicktoRun.exe” scenario=Repair platform=x64 culture=en-us DisplayLevel=True
CMD>
“%ProgramFiles%\Microsoft Office 15\ClientX64\OfficeClicktoRun.exe” scenario=Repair platform=x64 culture=en-us DisplayLevel=True
Office x86 to x64 upgrade
When upgrading Microsoft Office 365 from x86 to x64 Architecture, it may happen that a Registry Entry is not removed which points to the Program Files x86 Path.
This may cause 3rd Party Software which communicates with MS Office to throw Errors
path>
$regPath = "HKLM:\Software\Classes\TypeLib\{00062FFF-0000-0000-C000-000000000046}\9.6\0\Win32"
if (Test-Path $regPath) {
try {
Remove-Item -Path $regPath -Recurse -Force
Write-Host "The 'Win32' folder has been successfully deleted from the registry."
} catch {
Write-Host "An error occurred while trying to delete the 'Win32' folder: $_"
}
} else {
Write-Host "The 'Win32' folder does not exist in the specified registry path."
}
Re-register Word in Registry
use when Word does not start or crash on start
This will not repair the Word, but may fix issues with the Windows-Registry
only works with Word... if it even does something 🤷♀️... Well, it's Microsoft
run>
winword.exe /r
info
Re-registers the Word in the Windows registry. This switch starts the App, runs Office Setup, updates the Windows registry, and then closes... allegedly
But convince yourself here: Microsoft Support: Command-line switches for Microsoft Office products
Office 365 EXE names:
| Word | |
| Excel | |
| PowerPoint | |
| Outlook | |
| OneNote | |
| Teams | |
| Access |
Outlook
Outlook switches
Outlook Switches are applied on the whole outlook client. Therefore changes are applied to all mailboxes in the profile!
Safe Mode
RUN>
outlook.exe /safe
Clean Views
RUN>
outlook.exe /cleanviews
Profile Prompt
RUN>
outlook.exe /profiles
Clean Rules
use when the Rules-Button in File>Account-Settings>Deligate-Access throws an error
/cleanrules removes all rules on client and server!
delete Rules on Client
RUN>
outlook.exe /cleanclientrules
delete Rules on Server
RUN>
outlook.exe /cleanserverrules
delete all Rules
RUN>
outlook.exe /cleanrules
other Oultook Switches
reset Folder Names
Resets the language of the default folders to the language of the Outlook client.
RUN>
outlook.exe /ResetFolderNames
reset Folders
Restores missing folders for the default delivery location.
RUN>
outlook.exe /ResetFolders
reset Ribbon
Rebuilds the Outlook Bar (Ribbon)
RUN>
outlook.exe /ResetOutlookBar
reset Navigation
Rebuilds the Navigation Pane
RUN>
outlook.exe /ResetNavPane
clear ItemProcSearch
Clears the ItemProcSearch Folder, when messages are stuck in the incoming item processing pipeline
RUN>
outlook.exe /cleanips
MS-Teams
delete all files in the following folders (except 'Backgrounds', those you can keep')
Cache MS-Teams Classic
RUN>
%appdata%\Microsoft\Teams
Cache New MS-Teams
8wekyb3d8bbwe may vary from user to user
RUN>
%LOCALAPPDATA%\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams
OneDrive
reset OneDrive
CMD>
%LOCALAPPDATA%\Microsoft\OneDrive\OneDrive.exe /reset
info
if OneDrive is not installed as User-Only, the location of OneDrive is either in "C:\Program Files\Microsoft OneDrive\" or in C:\Program Files (x86)\Microsoft OneDrive
in some cases, global installation causes problems if user has no Admin rights
clean remove OneDrive residuals
PS>
function Stop-ProcessGracefully {param ([string[]]$processnames)
foreach ($processName in $processNames) {$prc=Get-Process $processName -ErrorAction Ignore
if ($prc) {Stop-Process -force -Name $processName}
}
}
try{
try{Stop-ProcessGracefully @("FileCoAuth","UserOOBEBroker")}catch{Write-Error "$_"}
Remove-Item -ErrorAction Ignore -Force -Recurse @("$env:localappdata\Microsoft\OneDrive","$env:localappdata\OneDrive","$env:localappdata\Packages\Microsoft.OneDrive*","$env:programfiles\Microsoft OneDrive","${env:programfiles(x86)}\Microsoft OneDrive","$env:ProgramData\Microsoft OneDrive","HKLM:\SOFTWARE\Microsoft\OneDrive","HKLM:\SOFTWARE\Microsoft\PolicyManager\default\ADMX_UserExperienceVirtualization\MicrosoftOffice2013OneDriveForBusiness","HKLM:\SOFTWARE\Microsoft\PolicyManager\default\ADMX_UserExperienceVirtualization\MicrosoftOffice2016OneDriveForBusiness","HKLM:\SOFTWARE\Microsoft\PolicyManager\default\System\DisableOneDriveFileSync","HKLM:\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\OneDrive.exe","HKLM:\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.OneDriveSync*","HKLM:\SOFTWARE\WOW6432Node\Microsoft\OneDrive")
Write-host "OneDrive Cleanup completed!"
}catch{Write-Host "Error: Please restart the system!`r`n$_"}
reinstall OneDrive (forced User Only)
run PowerShell as User, not as admin!
PS>
winget install Microsoft.OneDrive
info
if winget is not found, run cd $Env:localappdata\Microsoft\WindowsApps (in PowerShell) and call up .\winget.exe <command>
Active Directory
Search User by PhoneNr
PS>
$number = Read-Host -Prompt "What is the mobile phone number you are looking for "
Write-Host "`r`n`r`nStarting Search.`r`nProcess will continue if a match has been found.`r`nTo cancel Press 'Ctrl+C'."
$number = $number -replace '[^0-9]'
Get-ADUser -Filter * -Properties MobilePhone, HomePhone, OfficePhone, DisplayName, sAMAccountName | Select-Object DisplayName, sAMAccountName, @{Name = "MobilePhone"
Expression = {($_.MobilePhone -replace '[^0-9]')}},@{Name = "OfficePhone"
Expression = {($_.OfficePhone -replace '[^0-9]')}},@{Name = "HomePhone"
Expression = {($_.HomePhone -replace '[^0-9]')}} | Where-Object {($_.MobilePhone -like "*$number*") -or ($_.OfficePhone -like "*$number*") -or ($_.HomePhone -like "*$number*")}
List all Groups, a user is member of
PS>
$user=read-host "enter username"
((Get-ADUser $user -Properties MemberOf ).MemberOf.split(",")| where-object {$_.contains("CN=")}).replace("CN=","")
Add a User to a Group
PS>
$user=read-host "enter username"
$adGroup=Read-Host "Enter User-Group name"
Add-ADGroupMember -Identity $adGroup -Members $user
Compare Usergroup Membership
Compares 2 users and lists the 'Member of'-Groups that are missing on User1
PS>
$user1=read-host "enter username User1"
$user2=read-host "enter username User2"
$users = $user1, $user2
$user1Groups = ((Get-ADUser $users[0] -Properties MemberOf).MemberOf.split(",") | where-object { $_.contains("CN=") }).replace("CN=", "")
$user2Groups = ((Get-ADUser $users[1] -Properties MemberOf).MemberOf.split(",") | where-object { $_.contains("CN=") }).replace("CN=", "")
$missingInUser1 = $user2Groups | Where-Object { $user1Groups -notcontains $_ }
Write-Host "`r`n`r`n`r`nFollowing groups are missing for $user1 :"
$missingInUser1
list Goups in a specific OU
wich $searchBase specify the path in reverse order.
so if the OU location is part of company.com then $searchBase = "OU=location,OU=company.com"
PS>
$searchBase=read-host "enter OU path in reverse Order"
Get-ADObject -Filter 'objectClass -eq "group"' -SearchBase $searchBase -Properties DistinguishedName, ManagedBy, Description | ForEach-Object {
$groupCN = $_.DistinguishedName.split(",") | Where-Object { $_.contains("CN=") } | ForEach-Object { $_.replace("CN=", "") }
$owner = if ($_.ManagedBy) { (Get-ADUser -Identity $_.ManagedBy).SamAccountName } else { "No owner" }
[PSCustomObject]@{
GroupCN = $groupCN
Description = $_.Description
Owner = $owner
}
} | Group-Object Owner | ForEach-Object {
# Output the owner
Write-Output "Owner: $($_.Name)"
# Output each group under this owner
$_.Group | ForEach-Object {
Write-Output " - Group: $($_.GroupCN)"
Write-Output "Path: $($_.Description)"
Write-Output ""
}
Write-Output "" # Blank line between owner groups
}
Network commands
Network Info
CMD>
ipconfig /all
renew DNS
CMD>
ipconfig /flushdns
ipconfig /registerdns
renew IP (dhcp)
CMD>
ipconfig /renew
IP/Hostname resolve
resolves Hostname/Webdomain to its IP address and vice versa
additionally shows the resolving Nameserver that handled the request
use: nslookup <hostname/domain> or nslookup <IP-address>
CMD>
nslookup
Follow request path
lists the ip-Adresses of DevicesServers that handle your request
use: tracert <hostname/domain> or tracert <IP-address>
CMD>
tracert
list devices in local Network
lists the MAC-Adress of Devices in the local Network with the dedicated IP-Address
CMD>
arp -a
Who Is
shows the 'WhoIs' information (owner-information)of a domain
use: whois <domain>
CMD>
whois
info
Official Domains (eg. microsoft.com) have the WhoIs information public.
This information may indicate that a mail/Website might be malicous
Attention: the WhoIs information is provided by the Domain-Owner. Therefore it may be false!
WhoIs Information may indicate a malicous domain, but never that it is save!
WhoIs Information may be redacted for privacy reasons. This may be for 'save' private Domains and malicous ones!
WhoIs is not part of windows 10 and upwards
download from Microsoft SysInternals | WhoIs
either copy whois.exe to C:\Windows\system32\ or go to the whois.exe-location in CMD by entering cd <Directory-Path-to-whois.exe>
show known Networks
CMD>
netsh wlan show profiles
show Wifi Interfaces
CMD>
netsh wlan show interfaces
Change Wifi Priority
CMD>
netsh wlan set profileorder name="NETWORK-PROFILE-NAME" interface="YOUR-INTERFACE-NAME" priority=1
info
connect to Remote PowerShell
PS>
$rhn = Read-Host "Enter the remote-HostName" ; Enter-PSSession -ComputerName $rhn
info
Port-Scans:
Scan for open TCP-Ports
PS>
mkdir -force C:\_temp ; Get-NetTCPConnection -State Established | Tee-Object -file C:\_temp\tcp_all.log
Scan for open UDP-Ports
PS>
mkdir -force C:\_temp ; Get-NetUDPEndpoint | Tee-Object -file C:\_temp\udp_all.log
Scan for specific Ports
PS>
mkdir -force C:\_temp ; $port= Read-Host "Enter the Port-Number" ; Get-NetUDPEndpoint -LocalPort $port | Select-Object LocalAddress,LocalPort,OwningProcess,@{Name="ProcessName"; Expression={((Get-Process -Id $_.OwningProcess).Name )} } | Tee-Object -file "C:\_temp\udp_$port.log"
info
To Search UDP-Ports used for a specific IP, change -LocalPort to -LocalAddress
new Windows Profile
either run the script removeUserProfile.ps1 or follow the steps below
- whith the user still signed in, make a Screenshot of the Mapped Network-Drives and Printers
- Sign out the User in question & Log in as different user (Admin)
- Registry:
open the following path:
Reg>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList - here you will find at least one Key (Folder) named something like S-1-5-21-3552239657-3581867678-65225843-1001
look through the Keys in ProfileList and look in each under ProfileImagePath for the User - get the Name of the Key (=SID) and copy it aside (e.g. into Editor)
- go right-click in the Registry on the Key > Export
- delete the SID-Key in ProfileList (the whole folder)
- (only if available) in HKEY_USERS look again for the Keys containing the SID-Key (also the one ending in <SID-Key>_classes)
select each Key, go to File & click on Unload Hive... - In Explorer: rename User folder C:\Users\<username> to C:\Users\<username>.OLD
- Log out
- let user Login again
- set up printer, network Drives etc
- copy relevent data from old profile to new profile-Folder (Documents, Pictures, etc. ... if they are not synced via OneDrive or similar)
- delete old profile
following directories may be relevant to copy:
only copy if they are not (part of) the reason why a new Profile has been created
- Sticky-Notes:
C:\Users\<username>\AppData\Roaming\Microsoft\Sticky Notes - WSL:
in the following path: C:\Users\<username>\AppData\Local\Packages\
WSL will be stored in folders depending on the OS used...
eg Ubuntu will be in a Folder named something like CanonicalGroupLimited.Ubuntu22.04LTS_79rhkp1fndgsc\
Dism install features
get all features
CMD>
dism /online /get-features /format:table
install feature
if output says Pending, a reboot is needed
PS>
$feature = Read-Host "Enter the Feature Name" ; Dism /online /Enable-Feature /FeatureName:$feature /norestart /quiet ; Dism /online /Get-FeatureInfo /FeatureName:$feature
CMD>
set /p feature=Enter the Feature Name: & Dism /online /Enable-Feature /FeatureName:%feature% /norestart /quiet & Dism /online /Get-FeatureInfo /FeatureName:%feature%
Disable feature
if output says Pending, a reboot is needed
PS>
$feature = Read-Host "Enter the Feature Name" ; Dism /online /Disable-Feature /FeatureName:$feature /norestart /quiet ; Dism /online /Get-FeatureInfo /FeatureName:$feature
CMD>
set /p feature=Enter the Feature Name: & Dism /online /Disable-Feature /FeatureName:%feature% /norestart /quiet & Dism /online /Get-FeatureInfo /FeatureName:%feature%
Windows Tools
Use Run (Win+R) to Execute
| Icon | Executable | Name | Description |
|---|---|---|---|
| cleanmgr.exe | Disk Cleanup Manager | Removes unnecessary files from your hard drive | |
| compmgmt.msc | Computer Management | Provides a centralized console for managing system components. | |
| control.exe | Control Panel | a central hub for system settings | |
| control.exe keymgr.dll | Credential Manager | Manage stored Login Credetials | |
| desk.cpl | Display Settings (new) | Set up and customize Display Resolution, Position, etc. | |
| devmgmt.msc | Device Manager | Manages hardware devices | |
| diskmgmt.msc | Disk Management | for managing disk partitions and volumes. | |
| dxdiag.exe | DirectX Diagnostic Tool | Diagnoses DirectX-related issues and provides system information. | |
| eventvwr.msc | Event Viewer | Logs system events, errors, and warnings | |
| gpedit.msc | Group Policy Editor | Configures group policies | |
| inetcpl.cpl | Internet Properties | Configures Internet Explorer settings | |
| intl.cpl | Region | Win95 Region and Format Settings | |
| lusrmgr.msc | Local Users and Groups | Manages local user accounts and groups | |
| mdsched.exe | Memory Diagnostic Scheduler | Diagnoses memory issues | |
| mmc.exe | Microsoft Management Console | A framework for managing various system components | |
| mmsys.cpl | Multimedia Control Panel | for configuring audio and video devices. | |
| msconfig.exe | System Configuration | Configures system startup settings | |
| msdt.exe | Diagnostic tool | used for various hardware and software troubleshooting. | |
| msinfo32.exe | System Information | Provides detailed information about system hardware and software | |
| ncpa.cpl | Network Connections (Network Adapters) |
Folder for all network Adapters, used for Adapter-specific Network-Configuration | |
| netstat.exe | Network Statistics | for viewing network connections and statistics (CMD Tool). | |
| perfmon.exe | Performance Monitor | Monitors system performance metrics | |
| perfmon.exe /rel | Reliability Monitor | Tracks system reliability and helps identify and resolve common issues. | |
| regedit.exe | Registry Editor | for editing the Windows Registry | |
| resmon.exe | Resource Monitor | Provides a real-time view of system resource usage, including CPU, memory, disk, and network activity | |
| secpol.msc | Local Security Policy | Configures security settings | |
| services.msc | Services | for managing system services | |
| sysdm.cpl | System Properties | Provides system information and settings | |
| taskmgr.exe | Task Manager | for monitoring system performance and processes | |
| taskschd.msc | Task Scheduler | for managing planned and reoccurring Tasks | |
| timedate.cpl | Date and Time | Win95 Date and Time Settings | |
| winver.exe | Windows Version | Displays Windows version and build information. |
Alphabet
English
A Alpha |
B Beta |
C Ceasar |
D Delta |
E Echo |
F Foxtrott |
G Golf |
H Hotel |
I India |
J Juliet |
K Kilo |
L Lima |
M Mike |
N November |
O Oscar |
P Papa |
Q Quebec |
R Romeo |
S Sierra |
T Tango |
U Uniform |
V Victor |
W Whiskey |
X X-Ray |
Y Yankee |
Z Zulu |
|
|
|
|
German
A Anton |
B Berta |
C Cäsar |
D Dora |
E Emil |
F Friedrich |
G Gustav |
H Heinrich |
I Ida |
J Julius |
K Konrad |
L Ludwig |
M Martha |
N Nordpol |
O Otto |
P Paula |
Q Quelle |
R Richard |
S Siegfried |
Sch Schule |
T Theodor |
U Ulrich |
V Viktor |
W Wilhelm |
X Xaver |
Y Ypsilon |
Z Zeppelin |
Ä Ärger |
Ö Ökonom |
Ü Übermut |