Commands: Difference between revisions

← Older edit
No edit summary
 
(60 intermediate revisions by 6 users not shown)
Line 1: Line 1:
<hr>This page includes both cmd and powershell commands, realistically, all of them should run from powershell anyway.<hr>
This page includes both cmd and powershell commands, realistically, all of them should run from powershell anyway.


= IP Configuration (ipconfig) =


<hr>ipconfig<hr>
The ipconfig command is a command-line utility used to display and manage the IP address assigned to a machine.
 
 
The ipconfig command is a command-line utility used to display and manage the IP address assigned to a machine. It provides information about the current TCP/IP network configuration, including the IP address, subnet mask, and default gateway for all adapters . In Windows, typing ipconfig without any parameters displays the computer's currently assigned IP, subnet mask, and default gateway addresses. Additional parameters can be used to perform various actions, such as releasing and renewing IP addresses, flushing the DNS cache, and displaying DNS information.
 
 
 
<code>ipconfig</code>


== ipconfig [CMD] ==
ipconfig
Displays the basic TCP/IP configuration for all adapters.
Displays the basic TCP/IP configuration for all adapters.


 
== ipconfig /all [CMD] ==
<code>ipconfig /all</code>
ipconfig /all
 
Displays the full TCP/IP configuration for all adapters.
Displays the full TCP/IP configuration for all adapters.


 
== ipconfig /release [CMD] ==
<code>ipconfig /release</code>
ipconfig /release
 
Releases the IP address assigned to the computer.
Releases the IP address assigned to the computer.


 
== ipconfig /renew [CMD] ==
<code>ipconfig /renew</code>
ipconfig /renew
 
Renews the IP address assigned to the computer.
Renews the IP address assigned to the computer.


 
== ipconfig /flushdns [CMD] ==
<code>ipconfig /flushdns</code>
ipconfig /flushdns
 
Purges the DNS resolver cache.
Purges the DNS resolver cache.


== ipconfig /registerdns [CMD] ==
ipconfig /registerdns
Refreshes DHCP leases and re-registers DNS names.


<code>ipconfig /registerdns</code>
== ipconfig /displaydns [CMD] ==
ipconfig /displaydns
Displays DNS cache contents.


Refreshes all DHCP leases and re-registers DNS names.
== ipconfig (IPv6 & advanced) [CMD] ==
ipconfig /allcompartments
ipconfig /release6
ipconfig /renew6
ipconfig /showclassid
ipconfig /setclassid
ipconfig /showclassid6
ipconfig /setclassid6
ipconfig /flushdns6


= Windows Repair (USE THIS IF WINDOWS IS ACTING UP) =


<code>ipconfig /displaydns</code>
== DISM RestoreHealth [CMD] ==
DISM /Online /Cleanup-Image /RestoreHealth


Displays the contents of the DNS cache.
== SFC Scan (run after DISM) [CMD] ==
SFC /scannow


== SFC Scan (after reboot) [CMD] ==
SFC /scannow


<code>ipconfig /showclassid</code>
= Reset Internet Settings (Fixes a surprisingly large amount of problems with ms office) [CMD] =
RunDll32.exe InetCpl.cpl,ResetIEtoDefaults


Displays the DHCP class ID for network adapters.
= Network Drive Management =


== List Mapped Drives [CMD] ==
net use


<code>ipconfig /setclassid</code>
== Remove Mapping [CMD] ==
net use <drive letter>: /delete


Sets the DHCP class ID for network adapters.
== Recreate Mapping [CMD] ==
net use <drive letter>: \\server\share /persistent:yes


== Delete All Mappings [CMD] ==
net use * /delete


<code>ipconfig /allcompartments</code>
== Persistently Map Drive [CMD] ==
net use /persistent:yes h: \\VBoxSvr\Win11\Documents


Displays the full TCP/IP configuration for all adapters, including all compartments.
= User Management =


== Create Local User [CMD] ==
net user "user.name" password /add


<code>ipconfig /release6</code>
== Add to Administrators [CMD] ==
net localgroup administrators "user.name" /add


Releases the IPv6 address assigned to the computer.
== Remove from Administrators [CMD] ==
net localgroup administrators "user.name" /delete


== Delete User [CMD] ==
net user "user.name" /delete


<code>ipconfig /renew6</code>
== Disable Built-in Accounts [CMD] ==
net user "Administrator" /active:no
net user "Guest" /active:no


Renews the IPv6 address assigned to the computer.
= Power & System =


== Disable Hibernation [CMD] ==
powercfg.exe /Hibernate off


<code>ipconfig /showclassid6</code>
== Compact OS [CMD] ==
Compact.exe /CompactOS:always


Displays the IPv6 DHCP class ID for network adapters.
== Rename Computer [PowerShell] ==
Rename-Computer -NewName "YourNewHostname"


= Sessions =


<code>ipconfig /setclassid6</code>
== List Sessions [CMD] ==
query session


Sets the IPv6 DHCP class ID for network adapters.
== Logoff Session [CMD] ==
logoff {number}


= Windows Fixes =


<code>ipconfig /flushdns6</code>
== Fix Windows 11 Right Click [CMD] ==
reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve


Purges the IPv6 DNS resolver cache.
== Make Edge Alt Key not focus settings  [CMD] ==
reg add HKLM\SOFTWARE\Policies\Microsoft\Edge /v ConfigureKeyboardShortcuts /d {"disabled":["focus_settings_and_more"]}


== Disable Widgets [CMD] ==
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0


== Fix Windows Update Missing [CMD] ==
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /f


<hr>
== Disable Telemetry (May auto-undo itself on non-enterprise windows versions) [CMD] ==
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /v AllowTelemetry /t REG_DWORD /d 0 /f


= Active Directory =


USE THIS IF WINDOWS IS ACTING UP HELLA WEIRD
== Check Password Expiry [PowerShell] ==
Get-ADUser -identity INSERTclientUSERNAMEHERE -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires | ft Name, PasswordLastSet, PasswordExpired, PasswordNeverExpires


== Force AD Sync [PowerShell] ==
start-adsyncsynccycle -policytype delta


The <code>DISM /Online /Cleanup-Image /RestoreHealth</code> command is used to scan for corruption in the Windows image and repair any issues found. DISM stands for Deployment Image Servicing and Management, and it is a command-line tool used to service and prepare Windows images for deployment, recovery, and setup.
== Join Domain [PowerShell] ==
add-computer -domainname "YourDomainName" -restart


When you run the <code>DISM /Online /Cleanup-Image /RestoreHealth</code> command, it performs the following tasks:
= Apps & Installation =


Scans the Windows image for corruption and identifies any issues.
== Install New Teams [PowerShell] ==
Verifies the integrity of the system file backups in the Component Store by comparing them against known good copies from the Windows Update servers.
Add-ProvisionedAppPackage -Online -PackagePath "MSTeams-x64.msix" -SkipLicense
Attempts to repair any corruption found in the Windows image by replacing the corrupted files with the known good copies.


It's important to note that running this command requires administrative privileges, and it may take some time to complete, depending on the system and the extent of the corruption.
== Install OpenSSH [PowerShell] ==
Add-WindowsCapability -Online -Name OpenSSH.Server
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'


== Install RSAT [PowerShell] ==
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online


-open cmd in admin
== Install Vim (System Wide) [PowerShell] ==
mkdir vim-install; cd vim-install; $ProgressPreference = 'SilentlyContinue'; Invoke-Webrequest -UseBasicParsing https://github.com/vim/vim-win32-installer/releases/download/v9.1.0/gvim_9.1.0_x86_signed.zip -o gvim.zip; Expand-Archive -Path gvim.zip -DestinationPath .; cp .\vim\vim91\vim.exe C:\windows\system32\vim.exe


<code>DISM /Online /Cleanup-Image /RestoreHealth</code>
== Install Vim (User Only) [PowerShell] ==
mkdir vim-install; cd vim-install; $ProgressPreference = 'SilentlyContinue'; Invoke-Webrequest -UseBasicParsing https://github.com/vim/vim-win32-installer/releases/download/v9.1.0/gvim_9.1.0_x86_signed.zip -o gvim.zip; Expand-Archive -Path gvim.zip -DestinationPath .; cp .\vim\vim91\vim.exe $env:LOCALAPPDATA\Microsoft\WindowsApps\vim.exe


== Install Git [PowerShell] ==
winget install --id Git.Git -e --source winget --scope user


-after running DISM, run this right after, if errors are found, it will fix it, reboot pc
= Services =


<code>SFC /scannow</code>
== List Services [PowerShell] ==
Get-Service


== Set Auto Start [PowerShell] ==
Set-Service -Name {servicename} -StartupType Automatic


-after reboot, run CMD as admin and run again
== Manage Service [PowerShell] ==
Start-Service {servicename}
Stop-Service {servicename}
Restart-Service {servicename}


<code>SFC /scannow</code>
= Networking (Advanced) =


== Remove Default Gateway [PowerShell] ==
Remove-NetRoute -InterfaceAlias "{get this name from Get-NetAdapter}" -DestinationPrefix 0.0.0.0/0


== Set IP Address [PowerShell] ==
Get-NetAdapter -Name '{get this name from Get-NetAdapter}' | New-NetIPAddress -IPAddress {newIP} -PrefixLength {cidr}


== Allow Ping [CMD] ==
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow


== Show WiFi Passwords [CMD] ==
for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @if "%j" NEQ "" (echo SSID: %j & netsh wlan show profiles %j key=clear | findstr "Key Content")


<hr>
== Disable WiFi Scanning [CMD] ==
 
netsh wlan set autoconfig enabled=no interface="Wi-Fi"
-Let's not forget the G.O.A.T., Use in Run to reset internet settings especially if you are having connecting MS app online or if Sonicwall Netextender breaks the connection
 
<code>RunDll32.exe InetCpl.cpl,ResetIEtoDefaults</code>
<hr>
 
 
 
Create a Local user with CMD and make it into Admin, IF The username has a period in between please use the quotations.
 
 
<code>net user "user.name" password /add</code>
 
 
then
 
<code>net localgroup administrators "user.name" /add</code>
 


If you need to remove Admin creds
== Enable WiFi Scanning [CMD] ==
netsh wlan set autoconfig enabled=yes interface="Wi-Fi"


<code>net localgroup administrators "user.name" /delete</code>
= Storage & Files =


== Resize VHD [PowerShell] ==
resize-vhd -path "f:\Shares\profiledisks" -Sizebytes 30GB


if you need to delete the local account
== Robocopy Migration [CMD] ==
robocopy "C:\users\awesome.guy" "D:\users\awesome.guy" /E /COPYALL /zb /r:10 /w:10 /tee /unilog+:"D:\robocopylog.txt"


<code>net user "user.name" /delete</code>
= DNS & Group Policy =


== Add DNS Suffix [PowerShell] ==
Set-DnsClientGlobalSetting -SuffixSearchList @("corp.mariocorp.com")


Disable builtin Administrator and Guest accounts:
== Force GP Update [CMD] ==
gpupdate.exe /force


<code>net user "Administrator" /active:no</code>
= Misc =


<code>net user "Guest" /active:no</code>
== Firefox Profile Manager [CMD] ==
"C:\Program Files\Mozilla Firefox\firefox.exe" --ProfileManager


== Ping with Timestamp [PowerShell] ==
ping google.com -t | % { "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') $_" }


<hr>
== Open a Command Prompt as SYSTEM ==


Disable hibernation file to resolve issues with shutdown and free up some disk space.
=== PSExec Method (Requires installing PSExec) [PowerShell] ===
The oneliner below installs psexec for you and uses it to open the SYSTEM cmd. Needs an elevated powershell prompt.
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PSTools.zip"; Expand-Archive "$env:TEMP\PSTools.zip" -DestinationPath "$env:TEMP\PSTools" -Force; & "$env:TEMP\PSTools\PsExec64.exe" -accepteula -i -s -d cmd.exe /k "title NT AUTHORITY\SYSTEM - whoami && whoami"


<code>powercfg.exe /Hibernate off</code>
If it has been run before, you can open the prompt with just:
;& "$env:TEMP\PSTools\PsExec64.exe" -i -s -d cmd.exe


=== UAC Method (May trip antivirus but does not require external tools) ===
This method uses the UAC secure desktop (via On-Screen Keyboard trick) to launch cmd.exe as '''NT AUTHORITY\SYSTEM''' without third-party tools.


<hr>
==== Setup (run once as Administrator) ====
Log off someone from a desktop session
<pre>
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe" /v Debugger /t REG_SZ /d "cmd.exe" /f
</pre>


==== Trigger SYSTEM cmd ====
# Open any program '''as Administrator''' so the UAC prompt appears.
# While the UAC dialog is visible (dark background), press '''Win + U''' to open Ease of Access Center.
# Click '''On-Screen Keyboard'''.
# A Command Prompt running as '''SYSTEM''' should appear on the secure desktop.


List all sessions:
==== Cleanup (run as Administrator when done) ====
<pre>
reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe" /f
</pre>


<code>query session</code>
'''Note:''' This works because the secure desktop runs with SYSTEM privileges. The cmd window will appear only while the UAC prompt is active.
 
Logoff the corresponding session:
 
<code>logoff {number}</code>
 
 
<hr>
Fix right click on Windows 11, doesn't need admin:
 
<code>reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve</code>
 
<hr>
Check if the Password is Expired
 
Get-ADUser -identity INSERTclientUSERNAMEHERE -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires | ft Name, PasswordLastSet, PasswordExpired, PasswordNeverExpires
<hr>
Force the DC to sync the password
 
start-adsyncsynccycle -policytype delta
<hr>
Join a domain
 
add-computer -domainname "YourDomainName"  -restart
 
<hr>
Getting New Teams to install when it refuses to [Needs Admin]
 
Add-ProvisionedAppPackage -Online -PackagePath "TeamsNew-x64.msix" -SkipLicense
 
<hr>
List Services and their running status
 
Get-Service
 
<hr>
Set a service to autostart
 
Set-Service -Name {servicename} -StartupType 'Automatic'
 
<hr>
Start/Stop a service
 
Start-Service {servicename}
 
<hr>
Install OpenSSH-Server
 
<nowiki>Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0</nowiki>
 
<hr>
Remove all default gateways from a network adapter
 
Remove-NetRoute -InterfaceAlias "{get this name from Get-NetAdapter}" -DestinationPrefix 0.0.0.0/0
 
<hr>
Set an IP Address
 
Get-NetAdapter -Name '{get this name from Get-NetAdapter}' | New-NetIPAddress -IPAddress {newIP} -PrefixLength {subnet mask [cidr]}
 
<hr>
Allow inbound Ipv4 Pings
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
 
<hr>
Show all WiFi Passwords [CMD Only]
for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @if "%j" NEQ "" (echo SSID: %j & netsh wlan show profiles %j key=clear | findstr "Key Content")

Latest revision as of 21:23, 2 April 2026

This page includes both cmd and powershell commands, realistically, all of them should run from powershell anyway.

IP Configuration (ipconfig)[edit]

The ipconfig command is a command-line utility used to display and manage the IP address assigned to a machine.

ipconfig [CMD][edit]

ipconfig

Displays the basic TCP/IP configuration for all adapters.

ipconfig /all [CMD][edit]

ipconfig /all

Displays the full TCP/IP configuration for all adapters.

ipconfig /release [CMD][edit]

ipconfig /release

Releases the IP address assigned to the computer.

ipconfig /renew [CMD][edit]

ipconfig /renew

Renews the IP address assigned to the computer.

ipconfig /flushdns [CMD][edit]

ipconfig /flushdns

Purges the DNS resolver cache.

ipconfig /registerdns [CMD][edit]

ipconfig /registerdns

Refreshes DHCP leases and re-registers DNS names.

ipconfig /displaydns [CMD][edit]

ipconfig /displaydns

Displays DNS cache contents.

ipconfig (IPv6 & advanced) [CMD][edit]

ipconfig /allcompartments
ipconfig /release6
ipconfig /renew6
ipconfig /showclassid
ipconfig /setclassid
ipconfig /showclassid6
ipconfig /setclassid6
ipconfig /flushdns6

Windows Repair (USE THIS IF WINDOWS IS ACTING UP)[edit]

DISM RestoreHealth [CMD][edit]

DISM /Online /Cleanup-Image /RestoreHealth

SFC Scan (run after DISM) [CMD][edit]

SFC /scannow

SFC Scan (after reboot) [CMD][edit]

SFC /scannow

Reset Internet Settings (Fixes a surprisingly large amount of problems with ms office) [CMD][edit]

RunDll32.exe InetCpl.cpl,ResetIEtoDefaults

Network Drive Management[edit]

List Mapped Drives [CMD][edit]

net use

Remove Mapping [CMD][edit]

net use <drive letter>: /delete

Recreate Mapping [CMD][edit]

net use <drive letter>: \\server\share /persistent:yes

Delete All Mappings [CMD][edit]

net use * /delete

Persistently Map Drive [CMD][edit]

net use /persistent:yes h: \\VBoxSvr\Win11\Documents

User Management[edit]

Create Local User [CMD][edit]

net user "user.name" password /add

Add to Administrators [CMD][edit]

net localgroup administrators "user.name" /add

Remove from Administrators [CMD][edit]

net localgroup administrators "user.name" /delete

Delete User [CMD][edit]

net user "user.name" /delete

Disable Built-in Accounts [CMD][edit]

net user "Administrator" /active:no
net user "Guest" /active:no

Power & System[edit]

Disable Hibernation [CMD][edit]

powercfg.exe /Hibernate off

Compact OS [CMD][edit]

Compact.exe /CompactOS:always

Rename Computer [PowerShell][edit]

Rename-Computer -NewName "YourNewHostname"

Sessions[edit]

List Sessions [CMD][edit]

query session

Logoff Session [CMD][edit]

logoff {number}

Windows Fixes[edit]

Fix Windows 11 Right Click [CMD][edit]

reg.exe add "HKCU\Software\Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32" /f /ve

Make Edge Alt Key not focus settings [CMD][edit]

reg add HKLM\SOFTWARE\Policies\Microsoft\Edge /v ConfigureKeyboardShortcuts /d {"disabled":["focus_settings_and_more"]}

Disable Widgets [CMD][edit]

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0

Fix Windows Update Missing [CMD][edit]

reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v SettingsPageVisibility /f

Disable Telemetry (May auto-undo itself on non-enterprise windows versions) [CMD][edit]

reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection /v AllowTelemetry /t REG_DWORD /d 0 /f

Active Directory[edit]

Check Password Expiry [PowerShell][edit]

Get-ADUser -identity INSERTclientUSERNAMEHERE -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires | ft Name, PasswordLastSet, PasswordExpired, PasswordNeverExpires

Force AD Sync [PowerShell][edit]

start-adsyncsynccycle -policytype delta

Join Domain [PowerShell][edit]

add-computer -domainname "YourDomainName" -restart

Apps & Installation[edit]

Install New Teams [PowerShell][edit]

Add-ProvisionedAppPackage -Online -PackagePath "MSTeams-x64.msix" -SkipLicense

Install OpenSSH [PowerShell][edit]

Add-WindowsCapability -Online -Name OpenSSH.Server
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'

Install RSAT [PowerShell][edit]

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability -Online

Install Vim (System Wide) [PowerShell][edit]

mkdir vim-install; cd vim-install; $ProgressPreference = 'SilentlyContinue'; Invoke-Webrequest -UseBasicParsing https://github.com/vim/vim-win32-installer/releases/download/v9.1.0/gvim_9.1.0_x86_signed.zip -o gvim.zip; Expand-Archive -Path gvim.zip -DestinationPath .; cp .\vim\vim91\vim.exe C:\windows\system32\vim.exe

Install Vim (User Only) [PowerShell][edit]

mkdir vim-install; cd vim-install; $ProgressPreference = 'SilentlyContinue'; Invoke-Webrequest -UseBasicParsing https://github.com/vim/vim-win32-installer/releases/download/v9.1.0/gvim_9.1.0_x86_signed.zip -o gvim.zip; Expand-Archive -Path gvim.zip -DestinationPath .; cp .\vim\vim91\vim.exe $env:LOCALAPPDATA\Microsoft\WindowsApps\vim.exe

Install Git [PowerShell][edit]

winget install --id Git.Git -e --source winget --scope user

Services[edit]

List Services [PowerShell][edit]

Get-Service

Set Auto Start [PowerShell][edit]

Set-Service -Name {servicename} -StartupType Automatic

Manage Service [PowerShell][edit]

Start-Service {servicename}
Stop-Service {servicename}
Restart-Service {servicename}

Networking (Advanced)[edit]

Remove Default Gateway [PowerShell][edit]

Remove-NetRoute -InterfaceAlias "{get this name from Get-NetAdapter}" -DestinationPrefix 0.0.0.0/0

Set IP Address [PowerShell][edit]

Get-NetAdapter -Name '{get this name from Get-NetAdapter}' | New-NetIPAddress -IPAddress {newIP} -PrefixLength {cidr}

Allow Ping [CMD][edit]

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

Show WiFi Passwords [CMD][edit]

for /f "skip=9 tokens=1,2 delims=:" %i in ('netsh wlan show profiles') do @if "%j" NEQ "" (echo SSID: %j & netsh wlan show profiles %j key=clear | findstr "Key Content")

Disable WiFi Scanning [CMD][edit]

netsh wlan set autoconfig enabled=no interface="Wi-Fi"

Enable WiFi Scanning [CMD][edit]

netsh wlan set autoconfig enabled=yes interface="Wi-Fi"

Storage & Files[edit]

Resize VHD [PowerShell][edit]

resize-vhd -path "f:\Shares\profiledisks" -Sizebytes 30GB

Robocopy Migration [CMD][edit]

robocopy "C:\users\awesome.guy" "D:\users\awesome.guy" /E /COPYALL /zb /r:10 /w:10 /tee /unilog+:"D:\robocopylog.txt"

DNS & Group Policy[edit]

Add DNS Suffix [PowerShell][edit]

Set-DnsClientGlobalSetting -SuffixSearchList @("corp.mariocorp.com")

Force GP Update [CMD][edit]

gpupdate.exe /force

Misc[edit]

Firefox Profile Manager [CMD][edit]

"C:\Program Files\Mozilla Firefox\firefox.exe" --ProfileManager

Ping with Timestamp [PowerShell][edit]

ping google.com -t | % { "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') $_" }

Open a Command Prompt as SYSTEM[edit]

PSExec Method (Requires installing PSExec) [PowerShell][edit]

The oneliner below installs psexec for you and uses it to open the SYSTEM cmd. Needs an elevated powershell prompt. 

Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "$env:TEMP\PSTools.zip"; Expand-Archive "$env:TEMP\PSTools.zip" -DestinationPath "$env:TEMP\PSTools" -Force; & "$env:TEMP\PSTools\PsExec64.exe" -accepteula -i -s -d cmd.exe /k "title NT AUTHORITY\SYSTEM - whoami && whoami"

If it has been run before, you can open the prompt with just: 

;& "$env:TEMP\PSTools\PsExec64.exe" -i -s -d cmd.exe

UAC Method (May trip antivirus but does not require external tools)[edit]

This method uses the UAC secure desktop (via On-Screen Keyboard trick) to launch cmd.exe as NT AUTHORITY\SYSTEM without third-party tools.

Setup (run once as Administrator)[edit]

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe" /v Debugger /t REG_SZ /d "cmd.exe" /f

Trigger SYSTEM cmd[edit]

  1. Open any program as Administrator so the UAC prompt appears.
  2. While the UAC dialog is visible (dark background), press Win + U to open Ease of Access Center.
  3. Click On-Screen Keyboard.
  4. A Command Prompt running as SYSTEM should appear on the secure desktop.

Cleanup (run as Administrator when done)[edit]

reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osk.exe" /f

Note: This works because the secure desktop runs with SYSTEM privileges. The cmd window will appear only while the UAC prompt is active.

Retrieved from "https://readonlywiki.luccapirovano.com/index.php?title=Commands&oldid=1201"