Windows One Liners cmdline

Random collection of one liners!

=Quick backup drive with xcopy=

Backup all of c: drive to external drive e: (skipping any problems, copying and creating empty and non empty dirs, dont print everything)

xcopy /e /c /i /q /h c:\ e:\

=Quickly find a file=

Microsoft's half arsed attempt at find.

Case insensitive find any file on entire c: drive, will find ALL files (read only, system, hidden etc.) and give location.

attrib /s /d c:\* | findstr /i "mystring"

=Find a string in files=

Microsoft's half arsed attempt at grep.

Find string in text file only (/p), print matching text findstr /s /i /p "mystring" c:\*

Find string in any file print matching filename only (/m) (otherwise you will end up with pages of binary stuff it matches, if you WANT this then omit /m) findstr /s /i /m "mystring" c:\*


 * Note, If "mystring" contains a space use /c:"my string" otherwise it uses OR on each word, bizarre!


 * Note, findstr will fail to find anything in certain file encodings, e.g. Little Endian UTF-16 Unicode files, like .inf files. (Although in all fairness, so does grep)

=Bitlocker=

Just some notes...

Enable it
manage-bde -tpm -turnon manage-bde -tpm -Takeownership test_password manage-bde -protectors -add c: -TPMAndPIN  manage-bde -on c:

Check progress
manage-bde.exe -status

Remotely:

Z:\>psexec \\xx-xxxx manage-bde.exe -status

PsExec v1.98 - Execute processes remotely Copyright (C) 2001-2010 Mark Russinovich Sysinternals - www.sysinternals.com

BitLocker Drive Encryption: Configuration Tool version 6.1.7601 Copyright (C) Microsoft Corporation. All rights reserved.

Disk volumes that can be protected with BitLocker Drive Encryption: Volume C: [Windows OS] [OS Volume]

Size:                297.80 GB    BitLocker Version:    Windows 7 Conversion Status:   Fully Encrypted Percentage Encrypted: 100% Encryption Method:   AES 128 with Diffuser Protection Status:   Protection On    Lock Status:          Unlocked Identification Field: None Key Protectors: Numerical Password TPM And PIN

manage-bde.exe exited on pu-0103 with error code 0.

=net add Administrators=

net user /add xxxxxxxxx password

net localgroup /add Administrators xxxxxxxxx

=wmic=

disable password expirey
wmic path Win32_UserAccount where Name='xxxxxxxxx' set PasswordExpires=false

query remote pc's serial number
get SMBIOS info

wmic /node:"xxx-xx.xxx.xx.xx.xx" csproduct

office 2010 temp outlook folder
C:\Users\USERNAME_HERE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\RANDOM_FOLDER\

get rid of pending reboots
Get rid of "computer needs to be rebooted" ! reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations"

This also this needs to be 0 if it exists, [not sure if in Win7 (may be under Wow6432Node if x64?)] reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates" /V UpdateExeVolatile /t REG_DWORD /D 0 /f

change (VLK/MAK/KMS) product key (license code) Win 7
//B = silent, remove if you want a response. xxxx is the product key to change to. cscript //B "%windir%\system32\slmgr.vbs" /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx cscript //B "%windir%\system32\slmgr.vbs" /ato


 * Note Switches /dli and /dlv will dump info about current license to screen.

Silent office 2010 language pack
http://www.technize.net/office-2010-language-packs/

You need to extract, copy a config.xml over and then install - "pt-br" needs changing to the correct language (in this example config.xml is in the same folder as setup.exe which is why you dont need to specify the location)

  

"X16-37687.exe" /extract:"c:\temp\X16-37687" /quiet /passive

copy /y "Config_pt-br.xml" "c:\temp\X16-37687\Config.xml"

"c:\temp\X16-37687\setup.exe"

Windows 7 MUI language pack
Win 7 http://www.mydigitallife.info/download-windows-7-mui-language-packs-official-32-bit-and-64-bit-direct-download-links/

Win 7 SP1 http://www.mydigitallife.info/windows-7-sp1-mui-language-packs-official-direct-download-links/

no silent install but will run in background with psexec ok

start /wait windows6.1-kb2483139-x64-pt-br_f8035731c55d774c95c7c673aedfd42d52479294

netsh
netsh interface ipv4 show config

reset broken networking winsock
netsh int ip reset reset.txt

netsh winsock reset

netsh advfirewall reset

sc
sc config "Bonjour Service" start= disabled sc stop "Bonjour Service"

delete files on reboot
Run as user logging in. This will delete only jobs the user has permission to delete (which a normal user probably wont have) reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\940" /v "1" /d "cmd /c del /f /q /s \\Windows\\System32\\spool\\PRINTERS\\*.*"

Run as System (~Administrator). This will only remove one file per entry so rather useless if say wanting to clear print spooler. reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d "\??\%systemroot%\System32\spool\PRINTERS\FP00001.SPL"

delete stuck print spool files
Run as System (~Administrator). This should delete any jobs and then the service will delete. (e.g. add this on a (remote) machine, reboot it, all jobs gone including and locked print jobs). * I like this little trick I came up with :) This can also run a .bat file or .exe or do anything else! SC create cleanup binpath= "cmd /c cmd /c del /f /q /s \Windows\System32\spool\PRINTERS\*.* & sc delete cleanup" type= own type= interact start= auto

On a remote machine... SC \\remotepc create cleanup binpath= "cmd /c cmd /c del /f /q /s \Windows\System32\spool\PRINTERS\*.* & sc delete cleanup" type= own type= interact start= auto

rename files on reboot
This will rename multiple files. Again this is rather rubbish and if you need to do lots of things you are better using sc (above) and a batch file (note files are simply null separated "\0")  reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /t REG_MULTI_SZ /d "\??\%systemroot%\System32\spool\PRINTERS\FP00001.SPL\0\??\%systemroot%\System32\spool\PRINTERS\FP00001.aaa\0\??\%systemroot%\System32\spool\PRINTERS\FP00001.SHD\0\??\%systemroot%\System32\spool\PRINTERS\FP00001.bbb" /f


 * Note specific paths in UNC file format would be \??\c:\Program Files (x86)\somethingelse\myfile.exe

get uptime
locally net stats srv

remote (assuming on LAN) wmic /node:"xxx.xxx.xxx.xxx" os get lastbootuptime

Formatted datetime yyyymmddhhmmss.nnn

So the machine below was booted 15 August 2014 at 08.34am Z:\>wmic /node:"xx-xxxxx" os get lastbootuptime LastBootUpTime 20140815083402.125599+060

=Removing undeletable files/folders=

This is just for my notes, taken from http://blog.uvm.edu/jgm/2013/08/08/undeletable-directory/

Basically copies nothing over the thing you cant delete -it worked when nothing else would.

c:\TEMP>mkdir empty c:\TEMP>robocopy /mir /e c:\Temp\Empty c:\Temp\D

---  ROBOCOPY     ::     Robust File Copy for Windows ---

Started : Tue Sep 10 11:16:07 2013

Source : c:\Temp\Empty\ Dest : c:\Temp\D\

Files : *.*

Options : *.* /S /E /COPY:DAT /PURGE /MIR /R:1000000 /W:30

--

0   c:\Temp\Empty\ *EXTRA Dir       -1    c:\Temp\D\Install\ *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\ *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\ *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\ *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\ *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\{02798c9c-63c0-ec48-9b31-49653e262282}\ *EXTRA File            174080        GoogleUpdate.exe *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\{02798c9c-63c0-ec48-9b31-49653e262282}\L\ *EXTRA Dir       -1    c:\Temp\D\Install\{02798c9c-63c0-ec48-9b31-49653e262282}\???\???\???\{02798c9c-63c0-ec48-9b31-49653e262282}\U\

--

Total   Copied   Skipped  Mismatch    FAILED    Extras Dirs :        1         0         1         0         0         8 Files :        0         0         0         0         0         1 Bytes :        0         0         0         0         0   170.0 k   Times :   0:00:00   0:00:00                       0:00:00   0:00:00

Ended : Tue Sep 10 11:16:07 2013

c:\TEMP>cd D

c:\TEMP\D>dir Volume in drive C is Windows OS Volume Serial Number is EE40-2DEB

Directory of c:\TEMP\D

10/09/2013 11:16    . 10/09/2013 11:16              .. 0 File(s)             0 bytes 2 Dir(s) 407,021,625,344 bytes free

c:\TEMP\D>

=robocopy simple folder backup= robocopy source destination - (this needs target folder to be the same as source, i.e. c:\users\bob d:\ would dump contents of c:\users\bob into root of d:\, not create d:\bob) robocopy /mir /e /xj /r:0 /w:0 /nfl /ndl c:\users\bob123 d:\bob123
 * Using /mir will nuke anything in d:\bob123 if no in source.

=Network Adapter Interface IP Info=

Where {505D11BF-6f50-4B62-AA01-923BBrF60042} is a GUID for an interface found form /Interfaces HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{505D11BF-6f50-4B62-AA01-923BBrF60042}\Parameters\Tcpip

=Fix Win2000 Boot error=

Maybe the power went out when it was on and you are left with boot screen saying;

Error Message: Windows Could Not Start Because the Following File Is Missing or Corrupt: \Winnt\System32\Config\Systemced

Firstly fish the drive out of Win2000 machine and in another windows machine run chkdsk on it, like chkdsk /f c: otherwise you could make it worse. Then on the working windows machine open regedit, Go to HKEY_LOCAL_MACHINE > Load hive, point to c:\Winnt\System32\Config\System (on drive from the failed Win2000 machine), call it anything, say 'test'. Assuming it opens ok, then click on new key 'test', go to File > 'Export' , change save type from Registration Files (*.reg) to Registry Hive Files (*.*) and save as say c:\Winnt\System32\Config\System_ Unload hive and exit, then rename system to system.old and system_ to system. Stick Win2000 drive back in old machine and it should boot.

=Comments=