Windows Administration

                                      Windows Technical Information

Fetch System Information Using PowerShell:- To Get System Information (Like WMIC csproduct) Run this in PowerShell: powershell Get-CimInstance -ClassName Win32_ComputerSystemProduct To Get CPU Information Get-CimInstance -ClassName Win32_Processor | Select-Object Name, MaxClockSpeed, NumberOfCores To Get RAM Information Get-CimInstance -ClassName Win32_PhysicalMemory | Select-Object Capacity, Manufacturer, Speed To Get Storage Information Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object DeviceID, Size, FreeSpace

Windows OS Version Checking :-

Command :- slmgr /xpr

WINDOWS EFI -BOOT LOADER :-


\EFI\Microsoft\Boot\bootmgfw.efi

Windows Product Key :=

Windows product key access

The Windows Product Key is embedded in the BIOS, and can be viewed using the command below:

    Right-Click on Start and open a Command Prompt (Admin) or Windows PowerShell (Admin).
    Type (or copy and paste) the following:   

wmic path softwarelicensingservice get OA3xOriginalProductKey

    Press Enter

The resulting key is your Windows Product Key.

Another option is to use a free tool found in the Microsoft Store called ShowKeyPlus. It will show you more details about the embedded Windows Product Key.

https://apps.microsoft.com/detail/showkeyplus/9PKVZCPRX9NV?hl=en-us&gl=US  

Once you have the key, open Settings >> Update & Security >> Activation, and enter the resulting key.

Using PowerShell

1. Open PowerShell as an administrator:

   - Right-click the Start button and select Windows PowerShell (Admin).

2. Run the following command:-

   (Get-WmiObject -Query "SELECT * FROM SoftwareLicensingService").OA3xOriginalProductKey

   This should display your product key if it’s stored in the BIOS/UEFI.

Using Third-Party Software :-

- ShowKeyPlus:

  - Download and run [ShowKeyPlus](https://github.com/Superfly-Inc/ShowKeyPlus/releases).

  - It will display your product key and other details about your Windows installation.

Command for Opening saved windows password credentials:=

" rundll32.exe keymgr.dll,KRShowKeyMgr"

Local Users and Groups 

User Accounts Management Command Prompt (CMD) :-

In Windows, you can create a new user account from Command Prompt (as admin) with:

net user <username> <password> /add

Example:

net user testuser MyPass@123 /add

If you also want to make the account an administrator:

net localgroup administrators <username> /add

Example:
net localgroup administrators testuser /add

Activate an User Account :-

Net user <USER NAME> /active:yes

Local Users and Groups console :=

lusrmgr.msc = for Local Users and Group Managing.

Local Users and Groups (lusrmgr.msc) is available only in the Pro, Enterprise,  and Education editions of Windows 11 and Windows 10.  

How to find all the local users and groups 

Press Win + X on your keyboard and select Computer Management from the menu. In Computer Management, select “Local Users and Groups” in the left panel. 

An alternative way to open Local Users and Groups is to run lusrmgr.msc command.

Running the lusrmgr.msc command opens the Local Users and Groups console directly  and without loading it in Computer Management. 

In the Users folder, you see all the user accounts available on your Windows 11 or  Windows 10 PC. This includes accounts that are hidden or disabled. 

Types of users 

∙ Default Accounts / Built-in Accounts 

∙ Administrator Account 

∙ Guest Account 

∙ Normal User Accounts 

Examples: Satya, Lokeshwari, Govardhan, Uday,…

Activities with Users and groups 

1. Create an User Account 

2. Rename the User Account 

3. Change the Password 

4. Change Account Type 

5. Password Breaking  

6. Create Group Account 

7. Rename the Group Account 

8. Add/ Remove User Accounts from Groups 

Warning: Don’t change the standard Windows users and groups!

Password Reset 

1. Normal User Account 

Login as a Default Administrator Account > Go to Computer  Management > Local User and Groups > Users > Select  Account > Right Click > Set Password > Create New  Password 

2. Administrator Account

a. Boot Desktop/Laptop with Windows OS 

(Press F12 for Boot menu while booting the PC, And  choose bootable media) 

b. Press any key to boot from CD/DVD… 

c. Go to Repair Option 

d. Troubleshoot > Command prompt 

\Windows\System32\cmd.exe : is for command prompt for  users after login 

\Windows\System32\sethc.exe : is for command prompt for  Administrator before login 

e. Search the OS Drive (C / D/ E) 

C: Enter -----> C:\> 

D: Enter ----> D:\> 

dir – to check the folders 

Choose the OS Drive 

            C:\>copy Windows\System32\cmd.exe Windows\System32\sethc.exe

g. Exit > Continue to the OS 

h. …..>net user User_Name New_Password 

…..>net user Administrator Satya@123

 

To Find MAC Address : getmac -v

To Get Product Details, Service Tag : wmic csproduct. 

Laptop Battery Report :-

CMD :-

Powercfg /batteryreport or Powercfg -energy

 Windows Shortcuts :=

 

Windows Shortcut Keys

Windows Function Run Command Add Hardware Wizard hdwwiz Adding a new Device devicepairingwizard Advanced User Accounts azman.msc Advanced User Accounts netplwiz Backup and Restore sdclt Calculator calc Certificates certmgr.msc Character Map charmap ClearType Tuner cttune Color Management colorcpl Command Prompt cmd Component Services comexp.msc Component Services dcomcnfg Computer Management compmgmt.msc Computer Management compmgmtlauncher Connect to a Projector displayswitch Control Panel control Credential Backup and Restore Wizard credwiz Data Execution Prevention systempropertiesdataexecutionprevention Date and Time timedate.cpl Device Manager hdwwiz.cpl Diagnostics Troubleshooting Wizard msdt Digitizer Calibration Tool tabcal DirectX Diagnostic Tool dxdiag Disk Cleanup cleanmgr Disk Defragmenter dfrgui Disk Management diskmgmt.msc Display dpiscaling Display Color Calibration dccw DPAPI Key Migration Wizard dpapimig Driver Verifier Manager verifier Ease of Access Center utilman Event Viewer eventvwr.msc Fax Cover Page Editor fxscover Game Controllers joy.cpl Getting Started irprops.cpl IExpress Wizard iexpress Internet Explorer iexplore Internet Options inetcpl.cpl Language Pack Installer lpksetup Local Users and Groups lusrmgr.msc Magnifier magnify Malicious Software Removal Tool mrt Math Input Panel mip Microsoft Management Console mmc Mouse main.cpl NAP Client Configuration napclcfg.msc Narrator narrator Network Connections ncpa.cpl New Scan Wizard wiaacmgr Notepad notepad ODBC Data Source Administrator odbcad32 On-Screen Keyboard osk Open Documents Folder documents Open Downloads Folder downloads Open Favorites Folder favorites Open Pictures Folder pictures Open Recent Folder recent Open Videos Folder videos Paint mspaint Pen and Touch tabletpc.cpl People Near Me collab.cpl Performance Monitor perfmon.msc Performance Options systempropertiesperformance Phone and Modem telephon.cpl Phone Dialer dialer Power Options powercfg.cpl Printer User Interface printui Private Character Editor eudcedit Problem Steps Recorder psr Programs and Features appwiz.cpl Region and Language intl.cpl Registry Editor regedit Remote Access Phonebook rasphone Remote Desktop Connection mstsc Resource Monitor resmon SAM Lock Tool syskey Screen Resolution desk.cpl Services services.msc Set Program Access and Computer Defaults computerdefaults Share Creation Wizard shrpubw Shared Folder Wizard shrpubw Shared Folders fsmgmt.msc Snipping Tool snippingtool Sound mmsys.cpl Sound Recorder soundrecorder SQL Server Client Network Utility cliconfg Sticky Notes stikynot Sync Center mobsync System Configuration msconfig System Configuration Editor sysedit System Information msinfo32 System Properties sysdm.cpl System Properties (Advanced Tab) systempropertiesadvanced System Properties (Hardware Tab) systempropertieshardware System Properties (Remote Tab) systempropertiesremote System Properties (System Protection Tab) systempropertiesprotection System Restore rstrui Task Manager taskmgr Task Scheduler taskschd.msc Taskbar and Start Menu control.exe /name Microsoft.TaskbarandStartMenu Troubleshooting control.exe /name Microsoft.Troubleshooting Trusted Platform Module (TPM) Management tpm.msc User Account Control Settings useraccountcontrolsettings User Accounts control.exe /name Microsoft.UserAccounts Utility Manager utilman Version Reporter Applet winver Volume Mixer sndvol Windows Action Center wscui.cpl Windows Activation Client slui Windows Anytime Upgrade WindowsAnytimeUpgradeui Windows Anytime Upgrade Results windowsanytimeupgraderesults Windows Disc Image Burning Tool isoburn Windows DVD Maker dvdmaker Windows Easy Transfer migwiz Windows Explorer explorer Windows Fax and Scan wfs Windows Features optionalfeatures Windows Firewall firewall.cpl Windows Journal journal Windows Media Player wmplayer Windows Memory Diagnostic Scheduler mdsched Windows Mobility Center mblctr Windows PowerShell powershell Windows PowerShell ISE powershell_ise Windows Remote Assistance msra Windows Repair Disc recdisc Windows Script Host wscript Windows Update wuapp Windows Update Standalone Installer wusa WMI Management wmimgmt.msc WordPad write XPS Viewer xpsrchvw

ENABLE BITLOCKER USING COMMAND PROMPT :- 

To enable BitLocker and save the recovery key as a PDF file in the D drive using the command prompt, follow these steps:

1. Open Command Prompt as Administrator: Right-click on the Start menu and select "Run as administrator".

2. Enable BitLocker: Use the following command to enable BitLocker on a specific drive (replace "C:" with the drive letter you want to protect):

   This will add a Trusted Platform Module (TPM) protector to the drive.

3. Save Recovery Key to PDF: Use the following command to save the recovery key as a PDF file in the D drive:

   Replace "D:\BitLockerRecoveryKey.pdf" with the desired path and filename for the PDF file.

4. Confirm and Save: You will be prompted to confirm the recovery key. Enter "Y" to confirm and save it to the specified PDF file.

Important Notes:

• Ensure that your system has a TPM chip enabled and configured correctly.
• If you don't have a TPM chip, you can use a USB recovery drive instead.
• Make sure you have the recovery key saved in a safe location. If you lose it, you won't be able to access your encrypted drive.
• 
  

BitLocker Unlocking From Command Prompt :-

Unlocking BitLocker:

Using Recovery Key:

manage-bde -unlock C: -RecoveryPassword <your-recovery-key>

Replace <your-recovery-key> with your actual 48-digit BitLocker recovery key.

Using Password:

manage-bde -unlock C: -Password

Disabling BitLocker Protection Temporarily:

manage-bde -protectors -disable C:

Disable BitLocker Encryption:

 To disable BitLocker, type the following command and press Enter:

manage-bde -off <drive letter>:

Replace `<drive letter>` with the letter of your BitLocker-encrypted drive (e.g., `C:`).

Monitor the Decryption Process:

The decryption process will start.

To monitor the Bitlocker progress using cmd :-

manage-bde -status <drive letter>:

This command will show the percentage completed.

To Check or View Bitlocker Key of a Particular Drive in CMD :-

manage-bde -protectors -get C:

To force backup Bitlocker Key to Active Directory using :-

manage-bde -protectors -adbackup C: -id "{ProtectorID}"

File Copy Command :-

To copy the AppData folder from C:\Users\keerthana\AppData to D:\backup 26-07-2024, you can use the xcopy command in the Command Prompt. Here is the command you can use:

xcopy "C:\Users\keerthana\AppData" "D:\backup 26-07-2024" /s /e /h /i /c /y

Here's a breakdown of the options used:

    /s: Copies directories and subdirectories except empty ones.
    /e: Copies all subdirectories, including empty ones.
    /h: Copies hidden and system files also.
    /i: If the destination does not exist and you are copying more than one file, this option assumes that the destination must be a directory.
    /c: Continues copying even if errors occur.
    /y: Suppresses prompting to confirm you want to overwrite an existing destination file.   

Alternatively, you can use the robocopy command, which is more robust for such operations:

robocopy "C:\Users\keerthana\AppData" "D:\backup 26-07-2024" /mir /xd "C:\Users\keerthana\AppData\Local\Temp"

Here's a breakdown of the options used:

    /mir: Mirrors the directory tree (equivalent to /e plus /purge).
    /xd: Excludes the specified directories from the copy operation (e.g., 'Local\Temp' is often excluded due to its transient nature).

Using robocopy is generally recommended for complex directory copy tasks due to its advanced features and resilience.

UnHidding Folder Using Command :-

Troubleshooting Folder Visibility:

1. Check Folder Attributes:

• Sometimes, a folder might have hidden attributes. To remove hidden and system attributes from the folder, use the following command:

attrib -h -s "D:\@ backup 26-07-2024" /s /d

2. Enable Hidden Files View in File Explorer:

• Open File Explorer.
• Go to the View tab.
• Check the options for "Hidden items" and "File name extensions."

3. Check Folder Permissions:

• Right-click on the folder D:@ backup 26-07-2024 in File Explorer.
• Select Properties. 

Manage User Accounts and Password from Command Prompt :-

1. Open Command Prompt as Administrator :-

Note : If the password as special characters while entering the password in command prompt for changing, Enter the Eg:[ "New Password" ] between double quotes.

Note: (The special characters `<>$#@&` can be interpreted by the command prompt using double quotes [ Eg: "AC3C<IbW" ])

 

Here’s the updated script with the password wrapped in double quotes:

@echo off

:: Change the temporary profile password

net user TempUser "AC3C<IbW"

:: Enable the administrator account

net user administrator /active:yes

:: Change the administrator account password

net user administrator "U@ybQ>z7mP"

echo Changes applied successfully.

pause

By wrapping the password in double quotes, you ensure that the special characters are correctly interpreted as part of the password rather than as command prompt operators.

1: Create a Local Admin Account

1. Open Command Prompt as Administrator:

   • Press Win + X and select Command Prompt (Admin) or Windows Terminal (Admin).

2. Create the Local Account:

   • Run the following command to create a new local user account:

     net user Username Password /add

     Replace Username with the desired username and Password with a secure password.

3. Add the Account to the Local Administrators Group:
   
   

   Run the following command to add the new account to the Administrators group:

   net localgroup Administrators Username /add
   
   
   

How to Logoff a User from CMD :-

C:\Windows\System32>quser

 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME

>santhoshba            console             5  Active          .  04-10-2024 10:14 AM

 temp                                      6  Disc            .  04-10-2024 01:53 PM

C:\Windows\System32>logoff 6

C:\Windows\System32>quser

 USERNAME              SESSIONNAME        ID  STATE   IDLE TIME  LOGON TIME

>santhoshba            console             5  Active          .  04-10-2024 10:14 AM

To automatically move emails from `santhoshb@tj.com` to the "santhoshb" folder, you can create an email rule in your email client. Here’s how to do it in Outlook:

**Using Outlook (Desktop App)**

1. **Open Outlook**: Go to your Inbox.

2. **Create a New Rule**:

   - Click on the **"Home"** tab.

   - Click on **"Rules"** and select **"Manage Rules & Alerts."**

   - In the **"Rules and Alerts"** window, click on **"New Rule."**

3. **Set the Rule Conditions**:

   - In the **"Rules Wizard"**, under **"Start from a blank rule"**, select **"Apply rule on messages I receive"** and click **"Next."**

   - In the next window, check **"from people or public group"**.

   - Click on **"people or public group"** in the rule description box below and select or type **santhoshba@tj.com**. Click **"OK"**.

4. **Move the Email to a Specific Folder:

   - Click **"Next."**

   - Check **"move it to the specified folder."

   - In the rule description box, click on **"specified"** and choose the "santhoshb" folder. Click **"OK."**

5. **Finish the Rule Setup**:

   - Click **"Finish"** to complete the rule setup.

   - Finally, click **"OK"** in the **"Rules and Alerts"** window to save the rule.

Now, any email you receive from `santhoshb@tj.com` will automatically be moved to the "santhoshb" folder.

Update Group Policy in Client System :-

To update Group Policy, you can use the gpupdate command in the Command Prompt.
Here are the basic commands:
Update all Group Policies:
This command will force an immediate update of all Group Policies on the local computer.
Update specific Group Policy objects (GPOs):
Replace "Computer" with the name of the GPO you want to update.
Additional options:
Update only user policies:
Update both computer and user policies:
Wait for policy update to complete:
Example:
To update the "Default Domain Policy" GPO, you would use the following command:
Note: You'll need to run Command Prompt as an administrator to use the gpupdate command.

Restricting Permissions for Administrator Account:-

To ensure that the restrictions only apply to the Santest Administrator account and not to the other two administrator accounts (Temp and Administrator), you can use a combination of Group Policy and Local Security Policy settings. Here’s how you can achieve this:
1. Restrict Software Installation and Uninstallation for Santest Only
Open Group Policy Editor:
Press Win + R, type gpedit.msc, and press Enter.
Navigate to:
User Configuration > Administrative Templates > Windows Components > Windows Installer.
Configure Settings:
Double-click on Disable Windows Installer.
Set it to Enabled.
2. Restrict Changing Passwords of Other Accounts for Santest Only
Open Local Security Policy:
Press Win + R, type secpol.msc, and press Enter.
Navigate to:
Local Policies > User Rights Assignment.
Deny Access:
Find Change the password and Reset the password.
Add the Santest account to the Deny list.
3. Restrict Command Prompt Usage for Santest Only
Open Group Policy Editor:
Press Win + R, type gpedit.msc, and press Enter.
Navigate to:
User Configuration > Administrative Templates > System.
Configure Settings:
Double-click on Prevent access to the command prompt.
Set it to Enabled.
1. Restrict Access to Group Policy Editor (gpedit.msc)
Open Group Policy Editor:
Press Win + R, type gpedit.msc, and press Enter.
Navigate to:
User Configuration > Administrative Templates > System.
Configure Settings:
Double-click on Don't run specified Windows applications.
Set it to Enabled.
Click on the Show button under Options.
Add gpedit.msc to the list.
2. Restrict Access to PowerShell
Open Group Policy Editor:
Press Win + R, type gpedit.msc, and press Enter.
Navigate to:
User Configuration > Administrative Templates > System.
Configure Settings:
Double-click on Don't run specified Windows applications.
Set it to Enabled.
Click on the Show button under Options.
Add powershell.exe and powershell_ise.exe to the list.
3. Additional Steps to Restrict Command Prompt
Open Group Policy Editor:
Press Win + R, type gpedit.msc, and press Enter.
Navigate to:
User Configuration > Administrative Templates > System.
Configure Settings:
Double-click on Prevent access to the command prompt.
Set it to Enabled.
Important Note
These settings should be applied under User Configuration to ensure they only affect the Santest account and not the other administrator accounts.
Important Note
These settings in Group Policy Editor and Local Security Policy are typically user-specific when configured under User Configuration. This means they should only apply to the Santest account and not affect the Temp and Administrator accounts.

Using Software Restriction Policies
Open Group Policy Editor:
Press Win + R, type gpedit.msc, and press Enter.
Navigate to:
Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies.
Create a New Policy:
If no software restriction policies are defined, right-click on Software Restriction Policies and select New Software Restriction Policies.
Set Up Restrictions:
Under Software Restriction Policies, right-click on Additional Rules and select New Path Rule.
Set the path to the directories where software installations typically occur (e.g., C:\Program Files, C:\Program Files (x86), C:\Windows\Installer).
Set the security level to Disallowed.
Restricting Access to Group Policy Editor and PowerShell
Restrict Access to Group Policy Editor (gpedit.msc):
Open Group Policy Editor.
Navigate to User Configuration > Administrative Templates > System.
Double-click on Don't run specified Windows applications.
Set it to Enabled.
Click on the Show button under Options.
Add gpedit.msc to the list.
Restrict Access to PowerShell:
Open Group Policy Editor.
Navigate to User Configuration > Administrative Templates > System.
Double-click on Don't run specified Windows applications.
Set it to Enabled.
Click on the Show button under Options.
Add powershell.exe and powershell_ise.exe to the list.
Important Note
These settings should be applied under User Configuration to ensure they only affect the Santest account and not the other administrator accounts.


Run Applications Bypass Credentials :-

Set __COMPAT_LAYER=RunAsInvoker
Start Application.exe














Running software without admin rights :-
How to Allow Standard User to Run Specific Program with Administrator Rights, Without Need Password
ChatGPT said:
To allow a standard user to run a specific program with administrator rights without requiring a password, you can use the Task Scheduler or create a shortcut using runas command along with saved credentials. Below are two methods to achieve this:
Method 1: Using Task Scheduler
Create a Scheduled Task:
Open Task Scheduler (Start -> Task Scheduler).
In the right panel, click Create Task.
Under the General tab, give the task a name (e.g., "Run App as Admin").
Select Run with highest privileges.
Under Security options, select the user account that should run the task.
Configure the Program to Run:
Go to the Actions tab and click New.
In the Program/script box, browse to the program's executable file you want to run as an administrator.
Save the Task:
Click OK and enter the administrator password when prompted.
Create a Shortcut:
Right-click on the desktop and select New -> Shortcut.
In the location field, type:
bash
schtasks /run /tn "Run App as Admin"
Click Next, give the shortcut a name, and click Finish.
Now, the standard user can double-click the shortcut, and the program will run with administrator privileges without asking for a password.
Method 2: Using runas with Saved Credentials
Save Administrator Credentials:
Open a command prompt as administrator and run:
runas /user:Temp /savecred "cmd /c \"C:\Programfiles\National Instruments\NI Package Manager\NIPackageManager.exe\""
Replace AdminUsername with the actual administrator username and provide the path to the program's executable file.
You will be prompted to enter the password once, and it will be saved for future use.
Create a Shortcut:
Right-click on the desktop and select New -> Shortcut.
In the location field, type:
runas /user:Temp /savecred "cmd /c \"C:\Programfiles\National Instruments\NI Package Manager\NIPackageManager.exe\""

If the top Command does not work. use the below one :-

runas.exe /user:YourComputerName\LocalAdminUser /savecred "cmd /C """C:\Program Files (x86)\Synesis\ODM\odm.exe"""
Click Next, give the shortcut a name, and click Finish.
This method stores the credentials, so the program can be run without needing the password each time.
Important Considerations
Security Risks: Saving administrator credentials using /savecred can be a security risk, as it stores the credentials in a way that could be exploited. Use this method with caution and only in trusted environments.
Task Scheduler is more secure than /savecred but both methods bypass password prompts, which should be carefully managed.
Bypass Windows 11 Setup after New Installations :-

In the Network connection page :-
            Open Command Prompt by pressing (Shift + F10 ) or (Fn + Shift + F10)
            Type the command :- oobe\bypassnro
Windows will Restart and you can skip Internet connection.


To safely eject a USB pendrive using Command Prompt in Windows, follow these steps:


Eject USB Device using CMD:-

Steps to Eject a USB Pendrive Using Command Prompt
Open Command Prompt as Administrator:
Press Win + R, type cmd, and press Enter.
Identify the USB Drive Letter:
Run this command to list all connected drives:

                        wmic logicaldisk get deviceid, volumename, description

Look for your USB drive's letter (e.g., E:).

Use the diskpart Command:
Type diskpart and press Enter to open the Disk Partition Tool.
In diskpart, list all volumes:

                               list volume
Find the volume number of your USB drive (e.g., Volume 4).
Select the USB volume:

                                select volume 4
(Replace 4 with the correct volume number.)
Run this command to eject the USB drive:

                                 remove all dismount

Alternative PowerShell Command (For Simplicity): If you're comfortable with PowerShell, run this in Command Prompt:
cmd
powershell "(New-Object -comObject Shell.Application).Namespace(17).ParseName('E:').InvokeVerb('Eject')"
(Replace E: with your USB drive letter.)
Important Notes:
Ensure no files or programs are being used from the USB drive before ejecting.
After running the commands, wait for the system to confirm the device is ready for removal.
Let me know if you face any issues!
Restart Computer in the Network Remotely :- 

Microsoft Windows [Version 10.0.26100.3194]
(c) Microsoft Corporation. All rights reserved.

To Restart :-

shutdown /m \\192.168.26.52 /r /f /c "Restart" /t 5

To Shutdown :-

shutdown /m \\192.168.26.52 /s /f /c "Shutdown" /t 5


Change Time Zone using PowerShell :- 

Set-Timezone -Name "Pacific Standard Time"