Day: February 21, 2011

Windows Technologies

Advanced Registry Queries

How to search for all the registry keys that match a string: C:>reg query HKLMSYSTEMCurrentControlSetServices /f *browser* /s HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesbowser Description    REG_SZ    Implements the datagram receiver for the computer browser browser service. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowser DisplayName    REG_SZ    @%systemroot%system32browser.dll,-100 Description    REG_SZ    @%systemroot%system32browser.dll,-101 HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesBrowserParameters ServiceDll    REG_EXPAND_SZ    %SystemRoot%System32browser.dll HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogSystemBrowser HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogSystemIMABrowserSS EventMessageFile    REG_SZ    C:Program Files (x86)Citrixsystem32CitrixIMAsubsystemsresourceenMfBrowserSsUI .dll HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesICABrowser HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters NullSessionPipes    REG_MULTI_SZ    browserHydraLsPipeTermServLicensing End of search: 10 match(es) found. C:>   More to follow:   C:  

Read more
PowerShell

PS: Managing Disks and Space

List all locally installed disks along with their VolumeName, Drive Letter, Total Size and Free size: PS C:> GWMI -query “select * from Win32_LogicalDisk where DriveType =’3′” | ft -auto DeviceID,VolumeName,Size,FreeSpace DeviceID VolumeName        Size   FreeSpace ——– ———-        —-   ——— C:                  53684989952 23350935552 X:       New Volume 53683941376 48905629696 PS C:> Note: use DriveType ‘2’ for “Removable Disk” and ‘4’ for “Network Drive” Refer to Win32_LogicalDisk class document for more details. More to follow…

Read more
PowerShell

PS: Managing Windows Processes

List all manageable properties of Windows Processes: PS C:> GWmi Win32_process | Where-Object {$_.ProcessName -match “notepad2″} ProcessName                : Notepad2.exe Handles                    : 66 VM                         : 83861504 WS                         : 8183808 Path                       : C:tempnotepad2.exe __GENUS                    : 2 __CLASS                    : Win32_Process __SUPERCLASS               : CIM_Process __DYNASTY                  : CIM_ManagedSystemElement __RELPATH                  : Win32_Process.Handle=”4716″ __PROPERTY_COUNT           : 45 __DERIVATION               : {CIM_Process, CIM_LogicalElement, CIM_ManagedSystemElement} __SERVER                   : Test-PC1 __NAMESPACE                : rootcimv2 __PATH                     : \Test-PC1rootcimv2:Win32_Process.Handle=”4716” Caption                    : Notepad2.exe CommandLine                : “C:tempnotepad2.exe” CreationClassName          : Win32_Process CreationDate               : 20110221055250.819087+000 CSCreationClassName        : Win32_ComputerSystem CSName                     : TDI-GOT1027 Description                : Notepad2.exe ExecutablePath             : C:tempnotepad2.exe ExecutionState             : Handle                     : 4716 HandleCount                : 66 InstallDate                : KernelModeTime             : 1560010 […]

Read more