Run commands
sysdm.cpl – System Properties – change domain/hostname
ncpa.cpl – Network Connections
Calc – Calculator
Cfgwiz32 – ISDN Configuration Wizard
Charmap – Character Map
Chkdisk – Repair damaged files
Cleanmgr – Cleans up hard drives
Clipbrd – Windows Clipboard viewer
Cmd – Opens a new Command Window (cmd.exe)
Control – Displays Control Panel
Dcomcnfg – DCOM user security
Debug – Assembly language programming tool
Defrag – Defragmentation tool
Drwatson – Records programs crash & snapshots
Dxdiag – DirectX Diagnostic Utility
Explorer – Windows Explorer
Fontview – Graphical font viewer
Ftp – ftp.exe program
Hostname – Returns Computer’s name
Ipconfig – Displays IP configuration for all network adapters
Jview – Microsoft Command-line Loader for Java classes
MMC – Microsoft Management Console
Msconfig – Configuration to edit startup files
Msinfo32 – Microsoft System Information Utility
Nbtstat – Displays stats and current connections using NetBios over TCP/IP
Netstat – Displays all active network connections
Nslookup – Returns your local DNS server
Odbcad32 – ODBC Data Source Administrator
Ping – Sends data to a specified host/IP
Regedit – registry Editor
Regsvr32 – register/de-register DLL/OCX/ActiveX
Regwiz – Registration wizard
Sfc /scannow – System File Checker
Sndrec32 – Sound Recorder
Sndvol32 – Volume control for soundcard
Sysedit – Edit system startup files (config.sys, autoexec.bat, win.ini, etc.)
Systeminfo – display various system information in text console
Taskmgr – Task manager
Telnet – Telnet program
Taskkill – kill processes using command line interface
Tskill – reduced version of Taskkill from Windows XP Home
Tracert – Traces and displays all paths required to reach an internet host
Winchat – simple chat program for Windows networks
Winipcfg – Displays IP configuration
Management Consoles
certmgr.msc – Certificate Manager
ciadv.msc – Indexing Service
compmgmt.msc – Computer management
devmgmt.msc – Device Manager
dfrg.msc – Defragment
diskmgmt.msc – Disk Management
fsmgmt.msc – Folder Sharing Management
eventvwr.msc – Event Viewer
gpedit.msc – Group Policy (< XP Pro)
iis.msc – Internet Information Services
lusrmgr.msc – Local Users and Groups
mscorcfg.msc – Net configurations
ntmsmgr.msc – Removable Storage
perfmon.msc – Performance Manager
secpol.msc – Local Security Policy
services.msc – System Services
wmimgmt.msc – Windows Management
Control Panel utilities
access.cpl – Accessibility Options
hdwwiz.cpl – Add New Hardware Wizard
appwiz.cpl – Add/Remove Programs
timedate.cpl – Date and Time Properties
desk.cpl – Display Properties
inetcpl.cpl – Internet Properties
joy.cpl – Joystick Properties
main.cpl keyboard – Keyboard Properties
main.cpl – Mouse Properties
ncpl.cpl – Network Properties
telephon.cpl – Phone and Modem options
powercfg.cpl – Power Management
intl.cpl – Regional settings
mmsys.cpl sounds – Sound Properties
mmsys.cpl – Sounds and Audio Device Properties
nusrmgr.cpl – User settings
firewall.cpl – Firewall Settings (sp2)
wscui.cpl – Security Center (sp2)Wupdmgr – Takes you to Microsoft Windows Update
POWERSHELL
Install openssh server PS C:\>Add-WindowsCapability -Online -Name OpenSSH.Server* SSH related files such as known_hosts and any user generated keypairs are located in %USERPROFILE%\.ssh\
EXTRA MICROSOFT TOOLS
Sysinternals Live is a service that enables you to execute Sysinternals tools directly from the Web without hunting for and manually downloading them. Simply enter a tool’s Sysinternals Live path into Windows Explorer or a command prompt as live.sysinternals.com/<toolname> or \\live.sysinternals.com\tools\<toolname>. You can view the entire Sysinternals Live tools directory in a browser at https://live.sysinternals.com/.
Ansible, powershell, packer
{"builders": [{
"type": "amazon-ebs",
"region": "eu-west-1",
"instance_type": "t2.medium",
"ami_name": "My system here {{timestamp}}",
"user_data_file": "./scripts/SetUpWinRM.ps1",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_use_ssl": true,
"winrm_insecure": true,
"associate_public_ip_address": false,
"subnet_id": "subnet-foo",
"ssh_interface": "private_ip",
"source_ami_filter": {
"filters": {
"name": "Windows_Server-2016-English-Full-Base-*"
},
"owners": ["amazon"],
"most_recent": true
},
"tags": {
"owner": "Me",
"os": "windows 2016" }
}],
"provisioners": [{
"type": "shell-local",
"environment_vars": ["WINRMPASS={{.WinRMPassword}}"],
"script": "./aws_win_ansible.sh"
}]
}
PowerShell setup script:
<powershell>
Invoke-WebRequest -Uri 'https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1' -UseBasicParsing -Outfile $env:TEMP\ConfigureRemotingForAnsible.ps1
powershell.exe -ExecutionPolicy Bypass -File "$($env:TEMP)\ConfigureRemotingForAnsible.ps1" -CertValidityDays 3650 -Verbose
</powershell>
Packer shell script:
!/bin/bash
set -euo pipefail
packer_instance_id="$(awk -F': ' '$0 ~ /Instance\s+ID/ {print $3}' /tmp/packer.*.log | sed 's/\x1b[[0-9;]*m//g')"
echo "Using ${packer_instance_id}"
packer_instance_details="$(aws --region eu-west-1 ec2 describe-instances --instance-ids "${packer_instance_id}")"
packer_instance_ip="$(echo "${packer_instance_details}" | jq -M -r '.Reservations[0].Instances[0].PrivateIpAddress')"
echo "Packer IP: ${packer_instance_ip}"
pushd ansible_playbook
touch extra_vars_file
echo "ansible_winrm_transport: basic" >> extra_vars_file
echo "ansible_user: Administrator" >> extra_vars_file
echo "ansible_password: '${WINRMPASS}'" >> extra_vars_file
echo "some_variable: some_value" >> extra_vars_file
echo "some_other_variable: 'some_other_value'" >> extra_vars_file
echo "${packer_instance_id} ansible_host=${packer_instance_ip}" >> inventory
ansible-playbook -i inventory -e@./extra_vars_file plays/site.yml
Popd
Terraform
Azure Windows Server VM
variables.tf:
variable "resource_group_name" {
type = string
}
variable "location" {
type = string
}
variable "prefix" {
type = string
}
variable "vm_size" {
type = string
default = "Standard_D2s_v3"
}
variable "admin_username" {
type = string
}
variable "admin_password" {
type = string
}
variable "windows_sku" {
type = string
default = "2022-Datacenter"
}main.tf:
# Provider configuration
provider "azurerm" {
features {}
}
# Resource group
resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.location
}
# Virtual network
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
# Subnet
resource "azurerm_subnet" "subnet" {
name = "${var.prefix}-subnet"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# Network Security Group
resource "azurerm_network_security_group" "nsg" {
name = "${var.prefix}-nsg"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule {
name = "allow-rdp"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "[ADD YOUR IPADD]"
destination_port_range = "3389"
source_address_prefix = var.allowed_cidr_block
destination_address_prefix = "*"
}
}
# Associate the Network Security Group with the Subnet
resource "azurerm_subnet_network_security_group_association" "nsg_association" {
network_security_group_id = azurerm_network_security_group.nsg.id
subnet_id = azurerm_subnet.subnet.id
}
# Network interface
resource "azurerm_network_interface" "nic" {
name = "${var.prefix}-nic"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
}
}
# Windows VM
resource "azurerm_windows_virtual_machine" "vm" {
name = "${var.prefix}-vm"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
size = var.vm_size
admin_username = var.admin_username
admin_password = var.admin_password
network_interface_ids = [
azurerm_network_interface.nic.id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = var.windows_sku
version = "latest"
}
}AWS Windows Server EC2
# Configure the AWS Provider
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
# VPC
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "windows-ec2-vpc"
}
}
# Subnet
resource "aws_subnet" "main" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
tags = {
Name = "windows-ec2-subnet"
}
}
# Security Group
resource "aws_security_group" "allow_rdp" {
name = "allow_rdp"
description = "Allow RDP inbound traffic "
vpc_id = aws_vpc.main.id
ingress {
description = "RDP from your IP address"
from_port = 3389
to_port = 3389
protocol = "tcp"
cidr_blocks = ["<YOUR_IP_ADDRESS>/32"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_rdp"
}
}
# Windows EC2 Instance
resource "aws_instance" "windows_server" {
ami = "ami-0be0e902919675894" # Windows Server 2022 Base in us-east-1
instance_type = "t2.medium"
subnet_id = aws_subnet.main.id
vpc_security_group_ids = [aws_security_group.allow_rdp.id]
tags = {
Name = "WindowsServer2022"
}