Processes
tasklist – list of active processes
tasklist /SVC – list of active processes with services in each process
tasklist /m kernel* – list of active processes with dlls starting ‘kernel’ in each process
tasklist /s WSN-130 /u domain\administrator /p password – list of processes on the remote machine.
tasklist /s WSN-130 /u domain\administrator /p password /SVC – list of processes with services in each process on remote machine
tasklist /s WSN-130 /u domain\administrator /p password /m pix* – list of processes with dll’s starting ‘pix’ on remote machine.
If tasklist does not work on remote machines (access denied, etc.) Try using it with Beyond Execute (see below).
MsiExec.exe
MsiExec.exe options
/passive – shows uninstalling progress and reboots without prompt.
/qn – doesn’t show anything and reboots without prompt.
/qf – full uninstalling interface. Asks users permission to uninstall.
/qr – shows uninstalling progress (full) and prompts for reboot.
/qb – shows uninstalling progress (basic) and prompts for reboot.
Run .msi as administrator
runas /user:domain\administrator “msiexec /i C:\application.msi”
Install .msi with .mst transform file
msiexec /i “\\path\to\setup.msi” TRANSFORMS=”\\path\to\transform.mst”
Stored user names and passwords
Rundll32.exe Keymgr,KRShowKeyMgr
Windows Time
w32tm /resync /rediscover – redetect the network configuration and synchronise time
Restart Windows Time service:
net stop w32time
net start w32time
Beyond Execute
Execute processes on remote computers. Command line tool. Download. More Info.
Usage:
beyondexecv2.exe \\computer [-options] [program/arguments]
-u Administrator Account Name on Remote Machine.
-p Administrator Password.
-s Use System Account.
-i Allow Process to Interact with Desktop.
-t Terminate Process after x Seconds.
Examples:
beyondexecv2.exe \\WSN-025 ipconfig
Remote uninstall:
beyondexecv2.exe \\WSN-025 -i MsiExec.exe /qb /X{17071117-5BB9-4737-B05B-C5FABD367323} – Uninstalls and prompts for reboot.
beyondexecv2.exe \\WSN-055 MsiExec.exe /qn /X{A73227F9-C4B0-4029-B1B0-4DCAF791A29E} – Uninstalls without any user interaction. Reboots without prompt if needed.
MsiExec.exe options:
/passive – shows uninstalling progress and reboots without prompt.
/qn – doesn’t show anything and reboots without prompt.
/qf – full uninstalling interface. Asks users permission to uninstall.
/qr – shows uninstalling progress (full) and prompts for reboot.
/qb – shows uninstalling progress (basic) and prompts for reboot.
To find out the uninstall string:
Check in registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall – This contains the values that Add/Remove Programs uses to display a computer’s installed software
Or use MyUninstaller. More info.
Other
rmdir /S “\\path\to\folder\to\delete”– Deletes directory tree.
wuauclt.exe /detectnow – Force Windows Update check for new updates.
C:\WINDOWS\WindowsUpdate.log – Windows Update Log file.
Leave a Reply