A collection of how-tos related to the administration and monitoring of Microsoft Windows machines. Note: much of this is not original content, but for my own reference. Links are provided to the sources.
Win+R Quick Reference
| Command | Opens |
|---|---|
| control panel | Control Panel! |
| cmd + SHIFT + CTRL + ENTER | Command Prompt in administrative mode |
| SystemPropertiesComputerName | System Properties / Computer Name |
| SystemPropertiesHardware | System Properties / Hardware |
| SystemPropertiesProtection | System Properties / Protection |
| SystemPropertiesRemote | System Properties / Remote |
From the Command Line
Enable Administrator Account
net user administrator /active:yes
Manage User Passwords
net user username newpassword
Recover Lost Password
Method 1:
One method that works up until build 1903:
- Load the recovery and troubleshooting environment, e.g. by clicking on "Repair your computer" during Windows Setup if you boot from Windows installation media.
- Select Troubleshoot > Command Prompt.
- Switch to the drive letter that Windows is installed on and there in the system32 directory, e.g. cd c:\windows\system32
- Type rename utilman.exe utilman.bak.
- Type copy cmd.exe utilman.exe.
- Restart the computer and boot from the Window installation this time.
- If you run Windows 10 version 1803 or earlier, click on the Ease of Access button to open a command prompt window.
- If you run Windows 10 version 1809 or later, do the following first:
- Hold Shift-key on the keyboard and click on the Power button to select Restart.
- After the Restart, hold down the Shift-key again and select Restart from the Power menu again to boot into startup repair.
- Select Troubleshoot > Advanced Options > Startup Settings > Restart
- When the Startup Settings screen appears after the Restart, select 8) Disable early launch anti-malware protection.
- Click on the Ease of Access button on the next start on the login screen to open the command prompt window.
- Type net user to display the names of all user accounts.
- Use the command net user [username] [password] to change the password of the account, e.g. net user martin qwerty123456 to change the password of the user martin to qwerty123456.
Method 2: Create a New User to Save Account Files
- Boot into windows setup (via USB stick)
- Once the setup begins, hit Shift+F10 to bring up a command prompt
move d:\windows\system32\utilman.exe d:\windows\system32\utilman.exe.bakcopy d:\windows\system32\cmd.exe d:\windows\system32\utilman.exewpeutil reboot- At the login screen, click the Utility Manager
net user /addnet localgroup administrators /add- Reboot, and you should see your new user in the login screen
- Log in and use computer management to reset the password of the other account
Alternatively, use a utility:
- https://www.passfolk.com/windows-password-recovery.html (TIPP!)
- https://pogostick.net/~pnh/ntpasswd/ (Free, based on Linux LiveCD)
- http://ophcrack.sourceforge.net/ (Free, pretty fast with rainbow tablets)
- https://www.winpwd.com/ (Premium, nice GUI and great for newbies)
- http://www.oxid.it/index.html
- https://www.passcue.com/
Tips
Run something as an administrator
win + <command> and press ctrl + shift + enter
Get into safe mode
From the Login screen:
- On the Windows sign-in screen, press and hold the Shift key while you select the Power > Restart
- After your PC restarts to the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart
From Settings:
- Go to Settings > Update & Security > Recovery
- Under Advanced startup, select Restart now
- After reboot, select Troubleshoot > Advanced options > Startup Settings > Restart
Reactivate the F8 key (and bring back the boot menu):
bcdedit /set {default} bootmenupolicy legacy
To return to the "normal" startup, run:
bcdedit /set {default} bootmenupolicy standard
Windows hangs? Telemetry might be the cuplrit!
(1) Disable CompatTelRunner.exe
Task Manager → CompatTelRunner.exe → End Task
Task Scheduler → Microsoft → Windows → Application Experience → right click on each task for: DISABLE
(2) Other things to try:
sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\\ProgramData\\Microsoft\\Diagnosis\\ETLLogs\\AutoLogger\\AutoLogger-Diagtrack-Listener.etl
reg add "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection" /v AllowTelemetry /t REG_DWORD /d 0 /f
Here is a more complete guide.
There is also a tool to do the above (and more), I cannot vouch for it though!
References:
- https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/what-is-compattelrunnerexe-on-win10-64-bit-and-why/3af9a0ea-bb18-4df7-99d5-4930ae59d247?auth=1
- https://answers.microsoft.com/en-us/windows/forum/windows_10-performance/how-to-stop-the-windows-compatability-telemetry/3e6f469a-e527-4744-a313-cb52030b3461?page=2
- https://ugetfix.com/ask/how-to-disable-microsoft-compatibility-telemetry-compattelrunner-exe/
Your CPU usage just shot up? Could be WinSAT!
To see what's using up your resources open up the Windows Task Manager. Go to the Tasks pane and order the rows by CPU. If you see winsat.exe near the top, then it is probably the culprit.
WinSAT (Windows System Assessment Tool) is scheduled to run once a week and when it does, it measures your PC-s performance and possibly takes action to try and mitigate any slow-downs. Such an action might be dumbing down your visuals (for example window transparency). Of course, if you haven't changed your hardware, it really isn't necessary to run this once every week. So just disable it!
- Open Task Scheduler
- Find Microsoft\Windows\Maintenance
- Right click “WinSAT” and choose “Disable”
Use Robocopy to Copy Files & Retain File Permissions
robocopy source destination /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /MT:5 /V /TEE /LOG:Robocopy.log
Here's what the switches mean:
source :: Source Directory (drive:\path or \\server\share\path).
destination :: Destination Dir (drive:\path or \\server\share\path).
/E :: copy subdirectories, including Empty ones.
/ZB :: use restartable mode; if access denied use Backup mode.
/DCOPY:T :: COPY Directory Timestamps.
/COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU). Copies the Data, Attributes, Timestamps, Ownser, Permissions and Auditing info
/R:n :: number of Retries on failed copies: default is 1 million but I set this to only retry once.
/W:n :: Wait time between retries: default is 30 seconds but I set this to 1 second.
/MT:5 if you have downtime scheduled for this, tack on /MT:<number-of-threads> to make the transfer much faster
/V :: produce Verbose output, showing skipped files.
/TEE :: output to console window, as well as the log file.
/LOG:file :: output status to LOG file (overwrite existing log).
Move shared folders and retain file and share permissions with robocopy
I have a project coming up where I need to move all the shared files (stored in ONE directory, and within that LOTS of directories inside that with files, etc...) to a new se...
The Spiceworks Community
robocopy
Reference article for the robocopy command, which copies file data from one location to another.
