ALEXANDRE BORGES - BLOG

[Pages:26]Windows Commands and Tools ? Part 1

ALEXANDRE BORGES - BLOG

Windows Commands and Tools ? Part 1

Author: Alexandre Borges Revision: A.1 Website:

This document is the first part of a series of articles about useful Windows commands (graphical or not) which can help you in a daily administration. Most them are self-explanatory. All commands were tested in a Windows 7 environment. Enjoy it!

Command 1: How to verify the firewall status (WinXP and Win7 ? deprecated command)

C:\>netsh firewall show state

Firewall status:

-------------------------------------------------------------------

Profile

= Standard

Operational mode

= Disable

Exception mode

= Enable

Multicast/broadcast response mode = Enable

Notification mode

= Enable

Group policy version

= Windows Firewall

Remote admin mode

= Disable

Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------5800 TCP Any (null) 5900 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null)

IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at

Command 2: How to verify the firewall status and configuration (Win7)

C:\>netsh advfirewall show allprofiles

Domain Profile Settings: ----------------------------------------------------------------------



Page 1

Windows Commands and Tools ? Part 1

State

OFF

Firewall Policy

BlockInbound,AllowOutbound

LocalFirewallRules

N/A (GPO-store only)

LocalConSecRules

N/A (GPO-store only)

InboundUserNotification

Enable

RemoteManagement

Disable

UnicastResponseToMulticast

Enable

Logging:

LogAllowedConnections

Disable

LogDroppedConnections

Disable

FileName

%systemroot%\system32\LogFiles\Firewall\pfirewall

.log

MaxFileSize

4096

Private Profile Settings:

----------------------------------------------------------------------

State

OFF

Firewall Policy

BlockInbound,AllowOutbound

LocalFirewallRules

N/A (GPO-store only)

LocalConSecRules

N/A (GPO-store only)

InboundUserNotification

Enable

RemoteManagement

Disable

UnicastResponseToMulticast

Enable

Logging:

LogAllowedConnections

Disable

LogDroppedConnections

Disable

FileName

%systemroot%\system32\LogFiles\Firewall\pfirewall

.log

MaxFileSize

4096

Public Profile Settings:

----------------------------------------------------------------------

State

OFF

Firewall Policy

BlockInbound,AllowOutbound

LocalFirewallRules

N/A (GPO-store only)

LocalConSecRules

N/A (GPO-store only)

InboundUserNotification

Enable

RemoteManagement

Disable

UnicastResponseToMulticast

Enable

Logging:

LogAllowedConnections

Disable

LogDroppedConnections

Disable

FileName

%systemroot%\system32\LogFiles\Firewall\pfirewall

.log

MaxFileSize

4096

Ok.



Page 2

Windows Commands and Tools ? Part 1

Command 3: How to verify the firewall configuration (WinXP and Win7 ? deprecated command)

C:\>netsh firewall show config

Domain profile configuration:

-------------------------------------------------------------------

Operational mode

= Disable

Exception mode

= Enable

Multicast/broadcast response mode = Enable

Notification mode

= Enable

Allowed programs configuration for Domain profile: Mode Traffic direction Name / Program -------------------------------------------------------------------

Port configuration for Domain profile:

Port Protocol Mode Traffic direction Name

-------------------------------------------------------------------

1900 UDP Enable Inbound

Windows Live Communications Platform (SSDP)

2869 TCP Enable Inbound

Windows Live Communications Platform (UPnP)

ICMP configuration for Domain profile: Mode Type Description ------------------------------------------------------------------Enable 2 Allow outbound packet too big

Standard profile configuration (current):

-------------------------------------------------------------------

Operational mode

= Disable

Exception mode

= Enable

Multicast/broadcast response mode = Enable

Notification mode

= Enable

Service configuration for Standard profile: Mode Customized Name ------------------------------------------------------------------Enable No File and Printer Sharing Enable No Network Discovery

Allowed programs configuration for Standard profile:

Mode Traffic direction Name / Program

-------------------------------------------------------------------

Enable Inbound

Apache HTTP Server / C:\program files (x86)\postgresql\enterprisedb-

apachephp\apache\bin\httpd.exe

Disable Inbound

Free Download Manager / C:\program files (x86)\free download

manager\fdm.exe

Enable Inbound

Dropbox /

C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe

Enable Inbound

vncviewer.exe / C:\Program Files (x86)\UltraVNC\vncviewer.exe



Page 3

Windows Commands and Tools ? Part 1

Enable Inbound

WinSCP: SFTP, FTP and SCP client / C:\program files

(x86)\winscp\winscp.exe

Enable Inbound

Microsoft OneNote / C:\Program Files (x86)\Microsoft

Office\Office14\ONENOTE.EXE

Port configuration for Standard profile:

Port Protocol Mode Traffic direction Name

-------------------------------------------------------------------

5800 TCP Enable Inbound

vnc5800

5900 TCP Enable Inbound

vnc5900

1900 UDP Enable Inbound

Windows Live Communications Platform (SSDP)

2869 TCP Enable Inbound

Windows Live Communications Platform (UPnP)

ICMP configuration for Standard profile: Mode Type Description ------------------------------------------------------------------Enable 2 Allow outbound packet too big

Log configuration: ------------------------------------------------------------------File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log Max file size = 4096 KB Dropped packets = Disable Connections = Disable

IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at .

Command 4: How to list the running processes

C:\>tasklist

Image Name

PID Session Name Session# Mem Usage

========================= ======== ================ =========== ============

System Idle Process

0 Services

0 24 K

System

4 Services

0 56 K

smss.exe

436 Services

0 656 K

csrss.exe

628 Services

0 4.048 K

wininit.exe

704 Services

0 328 K

csrss.exe

728 Console

1 20.552 K

services.exe

772 Services

0 9.912 K

(truncated output)

Command 5: How to list the running services associated with processes



Page 4

Windows Commands and Tools ? Part 1

C:\>tasklist /SVC

Image Name

PID Services

========================= ========

============================================

System Idle Process

0 N/A

System

4 N/A

smss.exe

436 N/A

csrss.exe

628 N/A

wininit.exe

704 N/A

csrss.exe

728 N/A

services.exe

772 N/A

lsass.exe

784 KeyIso, ProtectedStorage, SamSs

lsm.exe

792 N/A

svchost.exe

900 DcomLaunch, PlugPlay, Power

nvvsvc.exe

976 NVSvc

svchost.exe

1016 RpcEptMapper, RpcSs

(truncated output)

Command 6: How to list started services

C:\>net start These Windows services are started:

Adobe Acrobat Update Service Application Information avast! Antivirus Background Intelligent Transfer Service Base Filtering Engine Bitvise SSH Server Bluetooth Support Service Certificate Propagation CNG Key Isolation COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager (truncated output)

Command 7: How to list network connections

C:\>netstat -oban

Active Connections

Proto Local Address Foreign Address State PID

TCP 0.0.0.0:22

0.0.0.0:0

LISTENING 13232

[BvSshServer.exe]



Page 5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download