![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Longhorn: the secret to server core .. revealed!
c:\Windows\System32>cscript SCregEdit.wsf /?
===usage===
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
Automatic Updates - Manage Automatic Windows Updates
These settings can be used to configure how Automatic Updates are applied to
the Windows system. It includes the ability to disable automatic updates and
to set the installation schedule.
/AU [/v][value]
/v View the current Automatic Update settings
value value you want to set to.
Options:
4 - Enable Automatic Updates
1 - Disable Automatic Updates
Terminal Service - Allow Remote Administration Connections
This allows administrators to connect remotely for administration purposes.
/AR [/v][value]
/v View the Remote Terminal Service Connection setting
value (0 = enabled, 1 = disabled)
Terminal Service - Allow connections from previous versions of Windows
This setting configures CredSSP based user authentication for
Terminal Service connections
/CS [/v][value]
/v View the Terminal Service CredSSP setting
value (0 = allow previous versions, 1 = require CredSSP)
IP Security (IPSEC) Monitor - allow remote management
This setting configures the server to allow the IP Security (IPSEC) Monitor to
be able to remotely manage IPSEC.
/IM [/v][value]
/v View the IPSEC Monitor setting
value (0 = do not allow, 1 = allow remote management)
DNS SRV priority - changes the priority for DNS SRV records
This setting configures the priority for DNS SRV records and is only useful
on Domain Controllers.
For more information on this setting, search TechNet for LdapSrvPriority
/DP [/v][value]
/v View the DNS SRV priority setting
value (value from 0 through 65535. The recommended value is 200.)
This allows administrators to connect remotely for administration purposes.
/AR [/v][value]
/v View the Remote Terminal Service Connection setting
value (0 = enabled, 1 = disabled)
Terminal Service - Allow connections from previous versions of Windows
This setting configures CredSSP based user authentication for
Terminal Service connections
/CS [/v][value]
/v View the Terminal Service CredSSP setting
value (0 = allow previous versions, 1 = require CredSSP)
IP Security (IPSEC) Monitor - allow remote management
This setting configures the server to allow the IP Security (IPSEC) Monitor to
be able to remotely manage IPSEC.
/IM [/v][value]
/v View the IPSEC Monitor setting
value (0 = do not allow, 1 = allow remote management)
DNS SRV priority - changes the priority for DNS SRV records
This setting configures the priority for DNS SRV records and is only useful
on Domain Controllers.
For more information on this setting, search TechNet for LdapSrvPriority
/DP [/v][value]
/v View the DNS SRV priority setting
value (value from 0 through 65535. The recommended value is 200.)
DNS SRV weight - changes the weight for DNS SRV records
This setting configures the weight for DNS SRV records and is only useful
on Domain Controllers.
For more information on this setting, search TechNet for LdapSrvWeight
/DW [/v][value]
/v View the DNS SRV weight setting
value (value from 0 through 65535. The recommended value is 50.)
Command Line Reference
This setting displays a list of common tasks and how to perform them from
the command line.
/CLI
and /CLI yields:
===CS CLI QuickRef===
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.
To activate:
Cscript slmgr.vbs -ato
To use KMS volume licensing for activation:
Configure KMS volume licensing:
cscript slmgr.vbs -ipk [volume license key]
Activate KMS licensing
cscript slmgr.vbs -ato
Set KMS DNS SRV record
cscript slmgr.vbs -skma [KMS FQDN]
Determine the computer name, any of the following:
Set c
Ipconfig /all
Systeminfo.exe or Hostname.exe
Rename the Server Core computer:
Domain joined:
Netdom renamecomputer %computername% /NewName:new-name /UserD:domain-u
sername /PasswordD:*
Not domain joined:
Netdom renamecomputer %computername% /NewName:new-name
Changing workgroups:
Wmic computersystem where name="%computername%" call joindomainorworkgroup
name="[new workgroup name]"
Install a role or optional feature:
Start /w Ocsetup [packagename]
Note: For Active Directory, run Dcpromo with an answer file.
View role and optional feature package names and current installation state:
oclist
Start task manager hot-key:
ctrl-shift-esc
Logoff of a Terminal Services session:
Logoff
To set the pagefile size:
Disable system pagefile management:
wmic computersystem where name="%computername%" set AutomaticManagedPagefile=False
Configure the pagefile:
wmic pagefileset where name="C:\\pagefile.sys" set InitialSize=500,MaximumSize=1000
Configure the timezone, date, or time:
control timedate.cpl
Configure regional and language options:
control intl.cpl
Manually install a management tool or agent:
Msiexec.exe /i [msipackage]
List installed msi applications:
Wmic product
Uninstall msi applications:
Wmic product get name /value
Wmic product where name="[name]" call uninstall
To list installed drivers:
Sc query type= driver
Install a driver that is not included:
Copy the driver files to Server Core
Pnputil -i -a [path]\[driver].inf
Rename a Network Adapter:
netsh interface set interface name="Local Area Connection" newname="Private Network"
Disable a Network Adapter:
netsh interface set interface name="Local Area Connection 2" admin=DISABLED
Determine a file's version:
wmic datafile where name="c:\\windows\\system32\\ntdll.dll" get version
List of installed patches:
wmic qfe list
Install a patch:
Wusa.exe [patchame].msu /quiet
Configure a proxy:
Netsh winhttp set proxy [proxy_name]:[port]
Add, delete, query a Registry value:
reg.exe add /?
reg.exe delete /?
reg.exe query /?
Ref, say, http://support.microsoft.com/kb/555964 or hundreds of other things Google turns up once you know SCregEdit.wsf
no subject
Is that even allowed by MSFT, or was this some rogue developer who got fed up? :)
Well, he/they work there...
It genuinely looks like some of their more recent hires implemented a complete and featureful command line interface in the XP-2008 cycle. It's pretty cool if really quirky and unstandarized (cf the wsf script with all of the magic in it) .. and I'm not even really trying to puzzle out why they reimplemented so much of unix (findstr /v ??), shipped UNIX (SUA) as an OS feature, and (!) wrote their own weird and wonderful programmable shell even though they ship Perl, csh (in SUA), and VB. Oh and WSH, too. Wtf is cscript?
It's scary when they are making Gnome look consistent, but I'm happy to have the tools.
Check these links for more dirt:
"Built-in Windows commands to determine if a system has been hacked"
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1303709,00.html
"More built-in Windows commands for system analysis"
http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1313370,00.html
no subject
I'm so sorry if that's true..