Bertland Hope

Clean old spooled documents.

2022-09-15T16:30:00+00:00

Requirements:

Must run as administrator

Batch File Execution

echo Stopping print spooler.
echo.
net stop spooler
echo Deleting old print jobs...
echo.
FOR %%i IN (%systemroot%\system32\spool\printers\*.*) DO DEL %%i
echo Starting print spooler.
echo.
net start spooler

PowerShell Execution

$Date = (Get-Date).AddHours(-2)

Stop-Service spooler
Sleep 5
Get-ChildItem -Path "C:\Windows\System32\spool\PRINTERS" | Where-Object { $_.LastWriteTime -lt $Date } | Remove-Item -Verbose
Start-Service spooler

Active Directory One-Liners

2022-09-14T16:30:00+00:00

FSMO Roles

ntdsutilroles Connections “Connect to server %logonserver%” Quit “selectOperation Target” “List roles for conn server” Quit Quit Quit [JDH: This is really a series of steps, not a single command expression]

Domain Controllers

Nltest /dclist:%userdnsdomain%

Domain Controller IP Configuration

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do psexec \%i ipconfig /all

Stale computer accounts

dsquery computer domainroot -stalepwd 180 -limit 0

Stale user accounts

dsquery user domainroot -stalepwd 180 -limit 0

Disabled user accounts

dsquery user domainroot -disabled -limit 0

AD Database disk usage

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dir \%i\admin$\ntds

Global Catalog Servers from DNS

dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp | find /i “3268”

Global Catalog Servers from AD

dsquery * “CN=Configuration,DC=forestRootDomain” -filter “(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))”

Users with no logon script

dsquery * domainroot -filter”(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))”-limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName

User accounts with no pwd required

dsquery * domainroot -filter “(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))”

User accounts with no pwd expiry

dsquery * domainroot -filter”(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))”

User accounts that are disabled

dsquery * domainroot -filter “(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))”

DNS Information

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dnscmd %i /info

DNS Zone Detailed information

dnscmd /zoneinfo %userdnsdomain%

Garbage Collection and tombstone

dsquery * “cn=Directory Service,cn=WindowsNT,cn=Services,cn=Configuration,DC=forestRootDomain” -attrgarbageCollPeriod tombstoneLifetime

Netsh authorised DHCP Servers

netsh dhcp show server

DSQuery authorised DHCP Servers

Dsquery * “cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain” -attr dhcpServers

DHCP server information

netsh dhcp server \DHCP_SERVER show all

DHCP server dump

netsh dhcp server \DHCP_SERVER dump

WINS serer information

Netsh wins server \WINS_SERVER dump

Group Policy Verification Tool

gpotool.exe /checkacl /verbose

AD OU membership

dsquery computer -limit 0

AD OU membership

dsquery user -limit 0

List Service Principal Names

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do setspn -L %i

Compare DC Replica Object Count

dsastat ?s:DC1;DC2;… ?b:Domain ?gcattrs:objectclass ?p:999

Check AD ACLs

acldiag dc=domainTree

NTFRS Replica Sets

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl sets %i

NTFRS DS View

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl ds %i

Domain Controllers per site

Dsquery * “CN=Sites,CN=Configuration,DC=forestRootDomain” -filter (objectCategory=Server)

DNS Zones in AD

for /f %i in (‘dsquery server -o rdn’) do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)

Enumerate DNS Server Zones

for /f %i in (‘dsquery server -o rdn’) do dnscmd %i /enumzones

Subnet information

Dsquery subnet ?limit 0

List Organisational Units

Dsquery OU

ACL on all OUs

For /f “delims=|” %i in (‘dsquery OU’) do acldiag %i

Domain Trusts

nltest /domain_trusts /v

Print DNS Zones

dnscmd DNSServer /zoneprint DNSZone

Active DHCP leases

For /f %i in (DHCPServers.txt) do for /f “delims=- “ %j in (‘”netshdhcp server \%i show scope | find /i “active”“’) do netsh dhcp server\%i scope %j show clientsv5

DHCP Server Active Scope Info

For /f %i in (DHCPServers.txt) do netsh dhcp server \%i show scope | find /i “active”

Resolve DHCP clients hostnames

for /f “tokens=1,2,3 delims=,” %i in (Output from ‘Find Subnets fromDHCP clients’) do @for /f “tokens=2 delims=: “ %m in (‘”nslookup %j |find /i “Name:”“’) do echo %m,%j,%k,%i

Find two online PCs per subnet

Echo. > TwoClientsPerSubnet.txt & for /f “tokens=1,2,3,4delims=, “ %i in (‘”find /i “pc” ‘Output from Resolve DHCP clientshostnames’”’) do for /f “tokens=3 skip=1 delims=: “ %m in (‘”Find /i /c”%l” TwoClientsPerSubnet.txt”’) do If %m LEQ 1 for /f %p in (‘”ping -n1 %i | find /i /c “(0% loss”“’) do If %p==1 Echo %i,%j,%k,%l

AD Subnet and Site Information

dsquery * “CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain” -attr cn siteObject description location

AD Site Information

dsquery * “CN=Sites,CN=Configuration,DC=forestRootDomain” -attr cn description location -filter (objectClass=site)

Printer Queue Objects in AD

dsquery * domainroot -filter “(objectCategory=printQueue)” -limit 0

Group Membership with user details

dsget group “groupDN” -members | dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr

Total DHCP Scopes

find /i “subnet” “Output from DHCP server information” | find /i “subnet”

Site Links and Cost

dsquery * “CN=Sites,CN=Configuration,DC=forestRootDomain” -attr cn costdescription replInterval siteList -filter (objectClass=siteLink)

Time gpresult

timethis gpresult /v

Check time against Domain

w32tm /monitor /computers:ForestRootPDC

Domain Controller Diagnostics

dcdiag /s:%logonserver% /v /e /c

Domain Replication Bridgeheads

repadmin /bridgeheads

Replication Failures from KCC

repadmin /failcache

Inter-site Topology servers per site

Repadmin /istg * /verbose

Replication latency

repadmin /latency /verbose

Queued replication requests

repadmin /queue *

Show connections for a DC

repadmin /showconn *

Replication summary

Repadmin /replsummary

Show replication partners

repadmin /showrepl * /all

All DCs in the forest

repadmin /viewlist *

ISTG from AD attributes

dsquery * “CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain” -attr interSiteTopologyGenerator

Return the object if KCC Intra/Inter site is disabled for each site

Dsquery site | dsquery * -attr * -filter “(|(Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))”

Find all connection objects

dsquery * forestRoot -filter (objectCategory=nTDSConnection) ?attr distinguishedName fromServer whenCreated displayName

Find all connection schedules

adfind -b “cn=Configuration,dc=qraps,dc=com,dc=au” -f “objectcategory=ntdsConnection” cn Schedule -csv

Software Information for each server

for /f %i in (Output from ‘Domain Controllers’) do psinfo \%i &filever \%i\admin$\explorer.exe \%i\admin$\system32\vbscript.dll\%i\admin$\system32\kernel32.dll \%i\admin$\system32\wbem\winmgmt.exe\%i\admin$\system32\oleaut32.dll

Check Terminal Services Delete Temp on Exit flag

For /f %i in (Output from ‘Domain Controllers’) do Reg query”\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer” /v DeleteTempDirsOnExit

For each XP workstation, query the current site and what Group Policy info

@dsquery * domainroot -filter”(&(objectCategory=Computer)(operatingSystem=Windows XPProfessional))” -limit 0 -attr cn > Workstations.txt & @For /f%i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel0 If NOT ErrorLevel 1 @Echo %i & for /f “tokens=3” %k in (‘”regquery “\%i\hklm\software\microsoft\windows\currentversion\grouppolicy\history” /v DCName | Find /i “DCName”“’) do @for /f %m in(‘”nltest /server:%i /dsgetsite | find /i /v “completedsuccessfully”“’) do @echo %i,%k,%m

Information on existing GPOs

dsquery * “CN=Policies,CN=System,domainRoot” -filter”(objectCategory=groupPolicyContainer)” -attr displayName cnwhenCreated gPCFileSysPath

Copy all Group Policy .pol files

for /f “tokens=1-8 delims=" %i in (‘dir /b /s\%userdnsdomain%\sysvol\%userdnsdomain%\policies*.pol’) do @echo copy\%i\%j\%k\%l\%m\%n\%o %m_%n.pol

Domain Controller Netlogon entries

for /f %i in (‘dsquery server /o rdn’) do echo %i & reg query\%i\hklm\system\currentcontrolset\services\netlogon\parameters

WINS Statistics

for /f “tokens=1,2 delims=,” %i in (WINSServers.txt) do netsh wins server \%i show statistics

WINS Record counts per server

for /f “tokens=1,2 delims=,” %i in (WINSServers.txt) do netsh wins server \%i show reccount %i

WINS Server Information

for /f “tokens=2 delims=,” %i in (WINSServers.txt) do netsh wins server \%i show info

WINS Server Dump

for /f “tokens=2 delims=,” %i in (WINSServers.txt) do netsh wins server \%i dump

WINS Static Records per Server

netsh wins server \LocalWINSServer show database servers={} rectype=1

Find policy display name given the GUID

dsquery * “CN=Policies,CN=System,DC=domainRoot” -filter (objectCategory=groupPolicyContainer) -attr Name displayName

Find empty groups

dsquery * -filter “&(objectCategory=group)(!member=*)” -limit 0-attr whenCreated whenChanged groupType sAMAccountNamedistinguishedName memberOf

Find remote NIC bandwidth

wmic /node:%server% path Win32_PerfRawData_Tcpip_NetworkInterface GET Name,CurrentBandwidth

Find remote free physical memory

wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory

Find remote system information

SystemInfo /s %Computer%

Disk statistics, including the number of files on the filesystem

chkdsk /i /c

Query IIS web sites

iisweb /s %Server% /query “Default Web Site”

Check port state and connectivity

portqry -n %server% -e %endpoint% -v

Forest/Domain Functional Levels

ldifde -d cn=partitions,cn=configuration,dc=%domain% -r”(|(systemFlags=3)(systemFlags=-2147483648))” -lmsds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -fcon

Forest/Domain Functional Levels

dsquery * cn=partitions,cn=configuration,dc=%domain% -filter”(|(systemFlags=3)(systemFlags=-2147483648))” -attrmsDS-Behavior-Version Name dnsroot ntmixeddomain NetBIOSName

Find the parent of a process

wmic path Win32_Process WHERE Name=’notepad.exe’ GET Name,ParentProcessId

Lookup SRV records from DNS

nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}

Find when the AD was installed

dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base

Enumerate the trusts from the specified domain

dsquery * “CN=System,DC=domainRoot” -filter “(objectClass=trustedDomain)” -attr trustPartner flatName

Find a DC for each trusted domain

for /f “skip=1” %i in (‘”dsquery * CN=System,DC=domainRoot -filter(objectClass=trustedDomain) -attr trustPartner”’) do nltest /dsgetdc:%i

Check the notification packages installed on all DCs

for /f %i in (‘dsquery server /o rdn’) do @for /f “tokens=4” %m in(‘”reg query\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v”Notification Packages” | find /i “Notification”“’) do @echo %i,%m

List ACLs in SDDL format

setacl -on %filepath% -ot file -actn list -lst f:sddl

Find out if a user account is currently enabled or disabled

dsquery user DC=%userdnsdomain:.=,DC=% -name %username% | dsget user -disabled -dn

Find servers in the domain

dsquery * domainroot -filter “(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=Server))” -limit 0

Open DS query window

rundll32 dsquery,OpenQueryWindow

Deploy Office 365 (for IT Pros)

2022-09-13T16:30:00+00:00

To download 32bit office

networkSharePath\office\Office365> .\setup.exe /download Configuration-32.xml

create a file save it as add the content below download Configuration-32.xml

To Remove 32bit Office

networkSharePath\office\Office365> .\setup.exe /configure uninstall-Office365ProPlus-32.xml

create a file save it as add the content below download uninstall-Office365ProPlus-32.xml
<Configuration>
<Remove OfficeClientEdition=”86”>
<Product ID=”O365BusinessRetail”>
<Language ID=”en-us”/>
</Product>
</Remove>
<Display Level=”None” AcceptEULA=”TRUE”/>
</Configuration>

To install 32bit

networkSharePath\office\Office365> .\setup.exe /configure Configuration-32.xml

Powershell Windows Updates

2022-09-12T16:45:00+00:00

1st: We need to install the PSWindowsUpdate module,

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

Step2: Job that silently installs C++ 2015-2019 runtime

Your code goes here!

Step3: Powershell

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-Module PSWindowsUpdate -Force

import-module PSWindowsUpdate -force
get-wulist -microsoftupdate

$GWU = Get-WuList -MicrosoftUpdate

Step4: Install ALL available updates [no reboot]

import-module PSWindowsUpdate -force
get-wulist -microsoftupdate -acceptall -install -ignorereboot

Batch Commands

2022-09-11T17:30:00+00:00

BATCH: Get the date into ISO 8601 standard date format (yyyy-mm-dd) and store it in the “CUR_DATE” variable

FOR /f %%a in (‘WMIC OS GET LocalDateTime ^| find “.”’) DO set DTS=%%a set CUR_DATE=%DTS:~0,4%-%DTS:~4,2%-%DTS:~6,2%

BATCH: Identify Windows operating system version and store it in the “WIN_VER” variable

Thanks to UJSTech for this ( http://community.spiceworks.com/topic/post/2898378 )

for /f “tokens=3*” %%i IN (‘reg query “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion” /v ProductName ^| Find “ProductName”’) DO set WIN_VER=%%i %%j

Example Windows version of above command & returned string:

Windows XP Professional SP3: Microsoft Windows XP Windows Server 2003 Enterprise: Microsoft Windows Server 2003 Windows Vista Home Premium: Windows Vista (TM) Home Premium Windows Vista Ultimate: Windows Vista (TM) Ultimate Windows 7 Home Premium: Windows 7 Home Premium Windows 7 Professional: Windows 7 Professional Windows 7 Enterprise: Windows 7 Enterprise Windows 7 Starter: Windows 7 Starter Windows 8.1 Professional: Windows 8.1 Pro Windows Server 2008 R2 Standard: Windows Server 2008 R2 Standard Windows Server 2012 R2 Standard: Windows Server 2012 R2 Standard Windows 10 Professional: Windows 10 Pro

BATCH: Check SMART status of all disks with title, index, caption and status

wmic diskdrive get Availability,Index,Caption,Status

BATCH: Install global shared printer (system-wide)

rundll32 printui.dll,PrintUIEntry /ga /n “\SERVER\PRINTER”

BATCH: Show IPCONFIG output for only a single adapter (long version first, short version second)

netsh interface ip show addresses eth0 netsh int ip sh ad eth0

BATCH: Add static route to the host 192.168.1.83 via the gateway of 172.16.1.1, on interface #11, and persist across reboots (-p)

route add 192.168.1.83 mask 255.255.255.255 172.16.1.1 metric 31 if 11 -p

BATCH: Add static route to the 192.168.1.0/24 subnet via the gateway of 172.16.1.1, on interface #11, and persist across reboots (-p)

route add 192.168.1.0 mask 255.255.255.0 172.16.1.1 metric 31 if 11 -p

BATCH: Flush all static routes; active, takes effect immediately:

route -f

BATCH: Flush all static routes; persistent routes only, takes effect at reboot:

reg delete HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes /va /f

BATCH: Kill all browsers

taskkill /f /im iexplore.exe /im firefox.exe /im chrome.exe /im palemoon.exe /im opera.exe

BATCH: Kill Firefox

wmic process where name=”firefox.exe” call terminate

BATCH: Get list of ALL installed products

wmic product get identifyingnumber,name,version /all wmic product get name, vendor, version /all

BATCH: Find out if .NET 3.5 is installed

reg query “HKLM\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5”| findstr Install

BATCH: Remotely get installed version of Firefox on all domain computers

psexec \* cmd /c (cd “C:\Program Files (x86)\Mozilla Firefox" ^& firefox -v ^| more)

BATCH: Uninstall programs, various examples

BATCH: /nointeractive doesn’t prompt user to remove the program

wmic product where description=”Symantec” uninstall wmic product where name=”Symantec” uninstall wmic product where version=’65.39.83’ uninstall

BATCH: Uninstall programs using wildcards

wmic product where “name like ‘java%%Runtime%%’” uninstall /nointeractive wmic product where “name like ‘java%%platform%%’” uninstall /nointeractive wmic product where “name like ‘java%%tm%%’” uninstall /nointeractive

BATCH: Remove ALL “Microsoft Visual C++ Redistributable” runtimes.

wmic product where “name like ‘Microsoft Visual C%%’” call uninstall /nointeractive

BATCH: Remotely determine logged in user

wmic /node:remotecomputer computersystem get username

BATCH: List running processes

wmic process list brief

BATCH: Kill a process

wmic process where name=”cmd.exe” delete

BATCH: Determine open shares

net share wmic share list brief

BATCH: Display remote machines MAC address

wmic /node:machinename nic get macaddress

BATCH: List remote systems running processes every second

wmic /node:machinename process list brief /every:1

BATCH: Display remote systems System Info

wmic /node:machinename computersystem list full

BATCH: Disk drive information

wmic diskdrive list full wmic partition list full

BATCH: BIOS info

wmic bios list full

BATCH: Get system model number

wmic csproduct get name

BATCH: Get system serial number

wmic product get serialnumber

BATCH: Get hard drive physical serial numbers (first option gives serial number printed on the hard drive case). Last one gets it from a remote system

wmic path win32_physicalmedia get SerialNumber wmic diskdrive get serialnumber,name,description wmic /node:REMOTE-COMPUTER-NAME bios get serialnumber

BATCH: Create a single folder for every day in the year

for %%m in (01,02,03,04,05,06,07,08,09,10,11,12) do for %%d in (01,02,03,04,05,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31) do mkdir “2018-%%m-%%d” for %%m in (04,06,09,11) do rmdir /s /q “2018-%%m-31” for %%d in (29,30,31) do rmdir /s /q “2018-02-%%d”

BATCH: List all installed Microsoft hotfixes/patches

wmic qfe

BATCH: Look for a particular patch

wmic qfe where hotfixid=”KB958644” list full

BATCH: Remotely List Local Enabled Accounts and Disabled domain accounts

wmic /node: USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name wmic /node: USERACCOUNT WHERE "Disabled=1 AND LocalAccount=0" GET Name

BATCH: Start a service remotely

wmic /node:machinename 4 service lanmanserver CALL Startservice sc \machinename start lanmanserver

BATCH: List services

wmic service list brief sc \machinename query

BATCH: Disable startup service

sc config example disabled

BATCH: List user accounts

wmic useraccount list brief

BATCH: Enable RDP remotely

wmic /node:”machinename 4” path Win32_TerminalServiceSetting where AllowTSConnections=0” call SetAllowTSConnections 1”

BATCH: List number of times a user logged on

wmic netlogin where (name like “%%Admin%%”) get numberoflogons

BATCH: Query active RDP sessions

qwinsta /server:192.168.1.1

BATCH: Remove active RDP session ID 2

rwinsta /server:192.168.1.1 2

BATCH: Remotely query registry for last logged in user

reg query “\computername\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon” /v DefaultUserName

BATCH: List all computers in domain “blah” (limited to first 6000 results); dump the output in “output.txt”

dsquery computer “OU=example,DC=blah” -o rdn -limit 6000 > output.txt

BATCH: Reboot immediately

shutdown /r /t 0

BATCH: Shutdown

shutdown /s /t 0

BATCH: Remotely reboot machine

shutdown /m \192.168.1.1 /r /t 0 /f

BATCH: Copy entire folder and its contents from a remote source to local machine

xcopy /s \remotecomputer\directory c:\local

BATCH: Find location of file with string “blah” in file name

dir c:\ /s /b | find “blah”

BATCH: Determine name of a machine with known IP

nbtstat -A 192.168.1.1

BATCH: Find directory named blah

dir c:\ /s /b /ad | find “blah”

BATCH: Command line history

BATCH: Determine the current user (aka whoami Linux equivalent)

echo %USERNAME%

BATCH: Determine who is apart of the administrators group

net localgroup administrators

BATCH: Add a user where travis is the username and password is blah

net user travis blah /add

BATCH: Add user travis to administrators group

net localgroup administrators travis /add

BATCH: List user accounts

net user

net use T: \serverNameOrIP\shareName

BATCH: List network connections and the programs that are making those connections

netstat -nba

BATCH: Display contents of file text.txt

type text.txt

BATCH: Determine PC name

hostname

BATCH: Run cmd.exe as administrator user

runas /user:administrator cmd

BATCH: Determine whether a system is 32 or 64 bit

wmic cpu get DataWidth /format:list

BATCH: Information about OS version and other useful system information

systeminformation

BATCH: Startup applications

wmic startup get caption,command

BATCH: Recursively unzip all zip folders, you’ll need unzip.exe for this

FOR /R %a (*.zip) do unzip -d unzipDir “%a”

BATCH: Variable extraction

Syntax %variable:~num_chars_to_skip% %variable:~num_chars_to_skip,num_chars_to_keep%

This can include negative numbers:

  %variable:~num_chars_to_skip,-num_chars_to_keep%
  %variable:~-num_chars_to_skip,num_chars_to_keep%
  %variable:~-num_chars_to_skip,-num_chars_to_keep%

BATCH: Start at the first character of a variable (reading left-to-right, position 0, AKA the left-most character) and echo 5 characters starting from there. This command will output ‘abcde’

set ALPHABET=abcdefghijklmnopqrstuvwxyz echo %ALPHABET:~0,5% abcde

BATCH: Start at the fifth character of a variable (reading left-to-right) and echo 3 characters starting from there. This command will output ‘fgh’

set ALPHABET=abcdefghijklmnopqrstuvwxyz echo %ALPHABET:~5,3% fgh

BATCH: Start at the first character of a variable (reading left-to-right, position 0, AKA the left-most character) and echo all characters EXCEPT omit the last 2 characters. This command will output ‘abcdefghijklmnopqrstuvwxyz’

set ALPHABET=abcdefghijklmnopqrstuvwxyz echo %ALPHABET:~0,-2% abcdefghijklmnopqrstuvwxyz

BATCH: Find all files bigger than 100MB starting at C:\

forfiles /P C:\ /S /M * /C “cmd /c if @fsize GEQ 104857600 echo @path”

BATCH: Find all files bigger than 1GB starting at C:\

forfiles /P C:\ /S /M * /C “cmd /c if @fsize GEQ 1073741824 echo @path”

BATCH: Find all files greater than 200MB and modified since 01/17/2016

forfiles /P D:\ /M . /S /D +”01/17/2016” /C “cmd /c if @fsize gtr 209715200 echo @path @fsize @fdate @ftime”

User Profile Size

2022-09-11T17:00:00+00:00

Recursively scans every folder in C:\Users, then adds up the size of every file to get an approximate size for every user’s profile.

This scanner may take a while to run!

$ErrorActionPreference = "SilentlyContinue"

$UserFolders = Get-ChildItem -Path "C:\Users" -Force -Directory

ForEach ( $Folder in $UserFolders ) {

	[UInt64]$FolderSize = ( Get-Childitem -Path $Folder.FullName -Force -Recurse | Measure-Object -Property "Length" -Sum ).Sum
	
	[PSCustomObject]@{
		FolderName    = $Folder.BaseName
		FolderPath    = $Folder.FullName
		Size          = $FolderSize
	}

}

User Sessions

2022-09-11T14:00:00+00:00

Calculates how long users were logged in based on audit events.

Requirements

Enable “Audit logon events” in Group Policy.
- Windows Settings\Security Settings\Local Policies\Audit Policy
Configure your retention policy to keep the amount of history you want.
- Administrative Templates\Windows Components\Event Log Service\Security

Parameters

Lowercase

Transforms the Username field to lowercase so it groups properly in Inventory. If you don’t want this behavior, remove -Lowercase from the Parameters field.

[CmdletBinding()]
param (
	[Switch]$Lowercase
)

$Logons = @{}
$LogonTypes = @{
	2  = 'Local'
	10 = 'Remote'
}
$IndexTable = @{
	4624 = @{
		'AccountName' = 5
		'LogonId'     = 7
	}
	4647 = @{
		'AccountName' = 1
		'LogonId'     = 3
	}
}
$Params = @{
	'LogName'     = 'Security'
	'InstanceId'  = [Array]$IndexTable.Keys
	'ErrorAction' = 'SilentlyContinue'
}

# Query all logon and logoff events.
Get-EventLog @Params | ForEach-Object {

	$EventMessage = $_
	$TimeGenerated = $EventMessage.TimeGenerated
	# InstanceId is Int64, but hashtable keys have to be Int32.
	$InstanceId = [Int32]$EventMessage.InstanceId
	$IndexData = $IndexTable.$InstanceId
	$AccountName = $EventMessage.ReplacementStrings[$IndexData.AccountName]
	$LogonId = $EventMessage.ReplacementStrings[$IndexData.LogonId]

	# Skip Windows service accounts.
	if ( $AccountName -match '^(DWM|UMFD)-\d' ) {

		Return

	}

	# Make usernames lowercase so they group properly in Inventory.
	if ( $Lowercase ) {

		$AccountName = $AccountName.ToLower()

	}

	switch ( $InstanceId ) {

		# Logoff.
		4647 {

			# Temporarily store the time and Id in a hashtable so it can be matched to its logon event.
			$Logons.$AccountName = @{
				'Time' = $TimeGenerated
				'Id'   = $LogonId
			}

		}

		# Logon.
		4624 {

			# Skip this logon event if there's no logoff event with a matching username.
			if ( -not $Logons.$AccountName ) {

				Return

			}

			$SessionData = $Logons.$AccountName

			# Skip logon events that don't match the logoff event's Logon ID.
			if ( $SessionData.Id -ne $LogonId ) {

				Return

			}

			$LogonType = [Int32]$EventMessage.ReplacementStrings[8]

			# Skip logon events that don't match the list of logon types.
			if ( $LogonType -notin $LogonTypes.Keys ) {

				Write-Verbose "Skipping ID $LogonId because it is Logon Type $LogonType"
				Return

			}
			
			$SessionLength = $SessionData.Time - $TimeGenerated
			$Logons.Remove($AccountName)

			[PSCustomObject]@{
				'Username'       = $AccountName
				'Logon Time'     = $TimeGenerated
				'Logoff Time'    = $SessionData.Time
				'Session Length' = $SessionLength
				'Logon Type'     = $LogonTypes.$LogonType
				'Logon ID'       = $LogonId
			} 

		}

	} 

}

Windows Package Manager Client

2022-09-07T14:00:00+00:00

This repository contains the source code for the Windows Package Manager Client.

If you are new to the Windows Package Manager, you might want to Explore the Windows Package Manager tool. The packages available to the client are in the Windows Package Manager Community Repository.

Installing The Client

The client requires Windows 10 1809 (build 17763) or later at this time. Windows Server 2019 is not supported as the Microsoft Store is not available nor are updated dependencies. It may be possible to install on Windows Server 2022, this should be considered experimental (not supported), and requires dependencies to be manually installed as well.

Microsoft Store [Recommended]

The client is distributed within the App Installer package.

Development Releases

There are two methods to get development releases:

Install a Windows 10 or Windows 11 Insider build.
Join the Windows Package Manager Insider program by signing up.

Note: it may take a few days to get the updated App Installer after you receive e-mail confirmation from joining the Windows Package Manager Insider program. If you decide to install the latest release from GitHub, and you have successfully joined the insider program, you will receive updates when the next development release has been published in the Microsoft Store.

Once you have received the updated App Installer from the Microsoft Store you should be able to execute winget features to see experimental features. Some users have reported issues with the client not being on their PATH.

Manually Update

The same Microsoft Store package will be made available via our Releases. Note that installing this package will give you the WinGet client, but it will not enable automatic updates from the Microsoft Store if you have not joined the Windows Package Manager Insider program.

You may need to install the VC++ v14 Desktop Framework Package. This should only be necessary on older builds of Windows 10 and only if you get an error about missing framework packages.

Troubleshooting

Please read our troubleshooting guide.

Administrator Considerations

Installer behavior can be different depending on whether you are running winget with administrator privileges.

When running winget without administrator privileges, some applications may require elevation to install. When the installer runs, Windows will prompt you to elevate. If you choose not to elevate, the application will fail to install.
When running winget in an Administrator Command Prompt, you will not see elevation prompts if the application requires it. Always use caution when running your command prompt as an administrator, and only install applications you trust.

Build your own

You can also build the client yourself. While the client should be perfectly functional, we are not ready to provide full support for clients running outside of the official distribution mechanisms yet. Feel free to file an Issue, but know that it may get lower prioritization.

Build Status

Windows Package Manager Release Roadmap

The plan for delivering next Windows Package Manager releases is described included in our discussions, and will be updated as the project proceeds.

Overview of the Windows Package Manager

The Windows Package Manager is a tool designed to help you quickly and easily discover and install those packages that make your PC environment special. By using the Windows Package Manager, from one command, you can install your favorite packages:

winget install <package>

Overview

Client Repository

This winget-cli repository includes the source code designed to build the client. You are encouraged to participate in the development of this client. We have plenty of backlog features in our Issues. You can upvote the ones you want, add more, or even get started on one.

Sources

The client is built around the concept of sources; a set of packages effectively. Sources provide the ability to discover and retrieve the metadata about the packages, so that the client can act on it.

The default “winget” source includes packages in the Windows Package Manager Community Repository.
The default “msstore” source includes packages in the Microsoft Store.
It is also possible to host your own private REST based source.

Building the client

Prerequisites

Windows 10 1809 (17763) or later
Developer Mode enabled
Visual Studio 2022
- Or use winget to install it ;) (although you may need to adjust the workloads via Tools->Get Tools and Features…)
The following workloads:
- .NET Desktop Development
- Desktop Development with C++
- Universal Windows Platform Development
The following extensions:
- Microsoft Visual Studio Installer Projects

Building

We currently only build using the solution; command line methods of building a VS solution should work as well.

Credit

We would like to thank Keivan Beigi (@kayone) for his work on AppGet which helped us on the initial project direction for Windows Package Manager.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. More information is available in our CONTRIBUTING.md file.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information, please refer to the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Data/Telemetry

The winget.exe client is instrumented to collect usage and diagnostic (error) data and sends it to Microsoft to help improve the product.

If you build the client yourself the instrumentation will not be enabled and no data will be sent to Microsoft.

The winget.exe client respects machine wide privacy settings and users can opt-out on their device, as documented in the Microsoft Windows privacy statement here. In addition, you may also explicitly block telemetry using settings

In short to opt-out, go to Start, then select Settings > Privacy > Diagnostics & feedback, and select Basic.

See the privacy statement for more details.

Chocolatey CLI (choco)

2022-06-11T12:30:00+00:00

Chocolatey installs in seconds. You are just a few steps from running choco right now!

First, ensure that you are using an administrative shell - you can also install as a non-admin, check out Non-Administrative Installation.
Copy the text specific to your command shell - cmd.exe or powershell.exe.
Paste the copied text into your shell and press Enter.
Wait a few seconds for the command to complete.
If you don’t see any errors, you are ready to use Chocolatey! Type choco or choco -? now, or see Getting Started for usage instructions.

Requirements

Windows 7+ / Windows Server 2003+
PowerShell v2+ (Not PowerShell Core yet though)(minimum is v3 for install from this website due to TLS 1.2 requirement)
.NET Framework 4+ (the installation will attempt to install .NET 4.0 if you do not have it installed)(minimum is 4.5 for install from this website due to TLS 1.2 requirement)

That’s it! All you need is choco.exe (that you get from the installation scripts) and you are good to go! No Visual Studio required.

Install with cmd.exe

Run the following command:

@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "[System.Net.ServicePointManager]::SecurityProtocol = 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

Install with PowerShell.exe

With PowerShell, there is an additional step. You must ensure Get-ExecutionPolicy is not Restricted. We suggest using Bypass to bypass the policy to get things installed or AllSigned for quite a bit more security.

Run Get-ExecutionPolicy. If it returns Restricted, then run Set-ExecutionPolicy AllSigned or Set-ExecutionPolicy Bypass -Scope Process.
Now run the following command :

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

User Last Logged On

2022-02-17T18:00:00+00:00

Queries the Security Event Log to determine the last time each user logged on to the target machine.

Requirements

Enable “Audit logon events” in Group Policy
- Windows Settings\Security Settings\Local Policies\Audit Policy
Configure your retention policy to keep the amount of history you want
- Administrative Templates\Windows Components\Event Log Service\Security

Parameters

Lowercase

Transforms the Username field to lowercase so it groups properly in Inventory. If you don’t want this behavior, remove -Lowercase from the Parameters field.

This script requires that Audit Logon events are enabled in Group Policy and those events are kept for the amount of history preferred

[CmdletBinding()]
param (
	[Switch]$Lowercase
)

$UserArray = New-Object System.Collections.ArrayList

Query all logon events with id 4624

Get-EventLog -LogName "Security" -InstanceId 4624 -ErrorAction "SilentlyContinue" | ForEach-Object {

	$EventMessage = $_
	$AccountName = $EventMessage.ReplacementStrings[5]
	$LogonType = $EventMessage.ReplacementStrings[8]

	if ( $Lowercase ) {

		# Make all usernames lowercase so they group properly in Inventory
		$AccountName = $AccountName.ToLower()

	}

	# Look for events that contain local or remote logon events, while ignoring Windows service accounts
	if ( ( $LogonType -in "2", "10" ) -and ( $AccountName -notmatch "^(DWM|UMFD)-\d" ) ) {
	
		# Skip duplicate names
		if ( $UserArray -notcontains $AccountName ) {

			$null = $UserArray.Add($AccountName)
			
			# Translate the Logon Type
			if ( $LogonType -eq "2" ) {

				$LogonTypeName = "Local"

			} elseif ( $LogonType -eq "10" ) {

				$LogonTypeName = "Remote"

			}

			# Build an object containing the Username, Logon Type, and Last Logon time
			[PSCustomObject]@{
				Username  = $AccountName
				LogonType = $LogonTypeName
				LastLogon = [DateTime]$EventMessage.TimeGenerated.ToString("yyyy-MM-dd HH:mm:ss")
			}  

		}

	}

}