Windows 7 One Liners

From richud.com
Jump to navigation Jump to search


Fix ”word cannot print, there is no printer installed”

To fix, disable stupidty of Office 2010 (with Win7 x86 x64 etc)

reg add "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\General" /v DisablePrintFeaturesOnCrash /t REG_DWORD /d 0

Take folder ownership back

Assuming you are running as SYSTEM in psexec...

takeown /r /f c:\temp\temp
icacls c:\temp\temp /grant SYSTEM:F /T
rmdir /s /q c:\temp\temp

VBoxManage clonevm

Create clone of a virtual machine at a specific snapshot, merged to this point.

Remember to ignore brackets round snapshot name

VBoxManage clonevm "Windows 7 sequencer" --snapshot "c++ x86, 2010 sp1 2008 sp1" --mode machine --basefolder "/media/2/sequencer"

Reset CSC (Client Side Cache)

Wipe/reset the client side cache for offline files/folders, where xxx.xxx is remote machine name or IP. (User affected needs to login and then reboot)

reg add \\xxx.xxx.xxx.xxx\HKLM\System\CurrentControlSet\Services\CSC\Parameters /v FormatDatabase /t REG_DWORD /d 1 /f

UAC on/off

  • status

reg query \\xxx.xxx.xxx.xxx\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA

  • on (needs reboot)

reg ADD \\xxx.xxx.xxx.xxx\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

  • off (needs reboot)

reg ADD \\xxx.xxx.xxx.xxx\HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f


Stop being able to lock workstation

Set to 1 this stops a user being able to lock the machine

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 0 /f

Alter lock state remotely

Where XX-XXXX is remote hostname, get remote Hive name

reg query \\XX-XXXX\HKU

HKEY_USERS\.DEFAULT
HKEY_USERS\S-1-5-19
HKEY_USERS\S-1-5-20
HKEY_USERS\S-1-5-21-1039984320-261210814-111111111-11111
HKEY_USERS\S-1-5-21-1039984320-261210814-111111111-11111_Classes
HKEY_USERS\S-1-5-18

check what it is (replace S-1-5-21-1039984320-261210814-111111111-11111 with the users SID)

reg query \\XX-XXXX\HKEY_USERS\S-1-5-21-1039984320-261210814-111111111-11111\Software\Microsoft\Windows\CurrentVersion\PolicyLockWorkstation

HKEY_USERS\S-1-5-21-1039984320-261210814-111111111-11111\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableLockWorkstation    REG_DWORD    0x1

Then to change it

reg add \\XX-XXXX\HKEY_USERS\S-1-5-21-1039984320-261210814-111111111-11111\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 0 /f
The operation completed successfully.

Find logged in user SID

Z:\>reg query "\\xx-xxxx\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users
    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default
    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public
    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1039984320-261210814-957142514-56711     << Logged in user

Check they cannot lock it

Now knowing the SID of logged in user is S-1-5-21-1039984320-261210814-957142514-56711

Z:\>reg query "\\xx-xxxx\HKU\S-1-5-21-1039984320-261210814-957142514-56711\Software\Microsoft\Windows\CurrentVersion\Policies\System"

HKEY_USERS\S-1-5-21-1039984320-261210814-957142514-56711\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableLockWorkstation    REG_DWORD    0x1
    ReportControllerMissing    REG_DWORD    0x1

Let them be able to lock it

Z:\>reg add  "\\xx-xxxx\HKU\S-1-5-21-1039984320-261210814-957142514-56711\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableLockWorkstation /t REG_DWORD /d 0 /f
The operation completed successfully.

Check now correct

Z:\>reg query "\\xx-xxxx\HKU\S-1-5-21-1039984320-261210814-957142514-56711\Software\Microsoft\Windows\CurrentVersion\Policies\System"

HKEY_USERS\S-1-5-21-1039984320-261210814-957142514-56711\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableLockWorkstation    REG_DWORD    0x0
    ReportControllerMissing    REG_DWORD    0x1


Can also set for all users here, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

DisableLockWorkstation

Reset IE

Shut all IE instances,

  • control panel > internet options > General > Delete > Select, Temporary Internet Files, Cookies, History > Delete
  • control panel > internet options > Advanced > Restore advanced settings
  • control panel > internet options > Advanced > Reset

Installing CA Chain

Split out certs (usually a root and intermediate) from .p7b chain into separate .cer DER files.

Add to local machine store (default), root to "Trusted Root Certification Authority" and intermediary into "Intermediate Certificate Authority"

Certutil -addstore -f "root" c:\root.cer
Certutil -addstore -f "CA" c:\inter.cer

Force sfc to run

sfc /scannow

If you get this lovely piece of English;

"There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again"

You can force it with this, assuming the drive with Windows installed has acquired the drive letter D at the moment

(i.e it may normally be C but booting into wherever you are now, is getting unumerated as D)

sfc /scannow /offbootdir=d:\ /offwindir=d:\windows

Find Printer Model

Obviously going to the web page will tell you, but if that is passworded, FTP may still be open and may tell you! (Login with anything, press enter for password)


ftp> open xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx.
220 FTP Server Ready
Name (xxx.xxx.xxx.xxx:xxxxx): ftp  
331 Enter password.
Password:
230-Hewlett-Packard FTP Print Server Version 3.0.
Directory:    Description:
--------------------------
PORT          HP Designjet Z6200ps 42in Photo

Add network printer remotely

Psexec into the machine, copy drivers to c:\TEMP\DRIVER\xxxxxxxxxxxxxx

2 steps.

1) This will create a RAW TCP_IP port called "IP_xxx.xxx.xxx.xxx"

cscript c:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r IP_xxx.xxx.xxx.xxx -h xxx.xxx.xxx.xxx

A key should appear here

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\IP_xxx.xxx.xxx.xxx

2) This will add a printer to that port

rundll32 printui.dll,PrintUIEntry /if /f "c:\TEMP\DRIVER\HPDesignJet 800 Plotter\64bit\dsgj510.inf" /r "IP_xxx.xxx.xxx.xxx" /m "HP Designjet 800 42 by HP"
  • Note the 'printer driver model name' given (/m) must match whats in the inf file .e.g.
<SNIP>
"HP Designjet 800 42 by HP"		=DJ800_42, USBPRINT\Hewlett-PackardDesig162B
"HP Designjet 800 42 by HP"		=DJ800_42, LPTENUM\Hewlett-PackardDesig162B
<SNIP>

To delete one, also must use correct name - it will also remove the TCPIP port (if no other printers are on same port)

rundll32 printui.dll,PrintUIEntry /dl /n "HP Designjet 800 42 by HP"

Check Driver installed, sorting with newest last, should see something like this as newest entry

dir /o:d %systemroot%\system32\DriverStore\FileRepository
..
27/01/2015  13:35    <DIR>          dsgj510.inf_amd64_neutral_b4e0df5a6c382135

Check registry for entry

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
    DefaultSpoolDirectory    REG_SZ    C:\Windows\system32\spool\PRINTERS
    LANGIDOfLastDefaultDevmode    REG_DWORD    0x409

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\Adobe PDF
<SNIP>
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP Designjet 800PS 42 by HP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\HP Designjet Z6200ps 42in HPGL2
<SNIP>

P2015 print queue add

Where xxx.xxx.xx.xxx is the P2015's IP

Drivers (using the PCL6 'for Vista' trick for win7 so no HP Universal ones) extracted, and dpinstXX.exe/xml copied too, to /x64 and /x32 sub folders

@echo off
pushd "%~dp0"
cscript c:\Windows\System32\Printing_Admin_Scripts\en-US\prnport.vbs -a -r IP_xxx.xxx.xx.xxx -h xxx.xxx.xx.xxx
if defined PROGRAMFILES(X86) (
    x64\dpinst64.exe
	rundll32 printui.dll,PrintUIEntry /if /f "x64\hppdp604.inf" /r "IP_xxx.xxx.xx.xxx" /m "HP LaserJet P2015 Series PCL 6"
) else (
    x32\dpinst32.exe
	rundll32 printui.dll,PrintUIEntry /if /f "x32\hppcp604.inf" /r "IP_xxx.xxx.xx.xxx" /m "HP LaserJet P2015 Series PCL 6"
)

Set environment environmental variables

Path setting

Appending %PATH% , note you will need to start a new command window for echo %PATH% to show the change.

system level (HKLM)

SETX PATH "%PATH%;C:\Python27;C:\Python27\Scripts" /M

See value also via

reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v Path

user level (HKU)

SETX PATH "C:\Python27;C:\Python27\Scripts"

Windows Backup

Get around error 0x80780119 , (free space issues with your windows system (hidden) partition)

Backup C drive to E

wbAdmin start backup -backupTarget:E: -include:C:


Remove programs remotely

Remote machine Name xxxxxxxxxx

If program name is say Vigyanlabs

Check it is right thing (wmic line is input, lines below are output)

wmic /node:"xxxxxxxxxx" product where "vendor like 'Vig%'" get name,version,identifyingNumber
IdentifyingNumber                       Name     Version
{9F99F3B7-3A87-4FCE-BC85-CA56C1E178AE}  IPMPLUS  1.8.18.0

Remove (wmic line is input, lines below are output)

wmic /node:"xxxxxxxxxx" product where "vendor like 'Vig%'" call uninstall /nointeractive
Executing (\\xxxxxxxxxx\ROOT\CIMV2:Win32_Product.IdentifyingNumber="{9F99F3B7-3A87-4FCE-BC85-CA56C1E178AE}",Name="IPMPLUS"
,Version="1.8.18.0")->Uninstall()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};

Error 0xc000000e the boot selection failed because a required device is inaccessible

Caused by PARTUUID missing (6 bytes? in MBR, near end before partition table.)

Run DART it fixes it in a second.

Comments

blog comments powered by Disqus