Windows Administration: Difference between revisions

From miki
Jump to navigation Jump to search
(→‎Registry: added command line for silent merge)
Line 122: Line 122:
Windows Registry Editor Version 5.00 <font face="sans-serif">for Windows 2000, Windows XP, and Windows Server 2003</font>
Windows Registry Editor Version 5.00 <font face="sans-serif">for Windows 2000, Windows XP, and Windows Server 2003</font>
REGEDIT4 <font face="sans-serif">for Windows 98 and Windows NT 4.0 (but is also accepted in 2000, XP or 2003)</font>
REGEDIT4 <font face="sans-serif">for Windows 98 and Windows NT 4.0 (but is also accepted in 2000, XP or 2003)</font>

== Network ==
=== Detect Network Environment Change ===

The following VBS script can be used to detect automatically when a network cable is connected or disconnected ("network cable unplugged"), as in [http://groups.google.co.uk/group/microsoft.public.win32.programmer.wmi/msg/27930d28706d5d08?dmode=source&hl=en]. Some explanations at [http://blogs.technet.com/heyscriptingguy/archive/2005/03/21/how-can-i-be-notified-any-time-a-network-cable-gets-unplugged.aspx], and more on [http://www.google.com/search?client=opera&rls=en&q=detect+network+cable+unplugged&sourceid=opera&ie=utf-8&oe=utf-8].

Use '''MSNdis_StatusMediaDisconnect''' to detect when a cable is unplugged.
<source lang="winbatch">
Set colMonitoredEvents = GetObject("winmgmts:root\wmi")._
ExecNotificationQuery("Select * from MSNdis_StatusMediaConnect")
Do
Set strLatestEvent = colMonitoredEvents.NextEvent
WScript.Echo "Connected! Do something here"
' enable the line below if you want to exit after the first event.
' Exit Do
Loop
</source>

Same script a bit improved in order to limit detection to some specific adapter:
<source lang="winbatch">
Set colMonitoredEvents = GetObject("winmgmts:root\wmi")._
ExecNotificationQuery("Select * from MSNdis_StatusMediaConnect" _
& " WHERE InstanceName = '3Com 10/100 Mini PCI Ethernet Adapter'")
Do
Set strLatestEvent = colMonitoredEvents.NextEvent
WScript.Echo "Connected! Do something here"
' enable the line below if you want to exit after the first event.
'Exit Do
Loop
</source>

Revision as of 13:55, 16 November 2009

Device Management

View and Delete Unused Devices

Open a cmd.exe console: 

> set devmgr_show_nonpresent_devices=1
> devmgmt.msc

In the Device Management Console, select show hidden devices. Unused devices are grayed out.

Convert Logical Drive Letter to PhysicalDrive

The following C program illustrates what Win32 API to use to convert a logical drive letter like C: to the corresponding PhysicalDrive specification. 

#include <stdio.h>
#include <w32api/wtypes.h>
#include <w32api/ddk/ntdddisk.h>

int main()
{
    HANDLE hDeviceHandle = NULL;

    char drive[] = {'\\', '\\', '.', '\\', 'A', ':', 0};
    DWORD driveMask = GetLogicalDrives();

    for(int i = 0; i < 26; i++)
    {
        drive[4] = 'A' + i;
        printf("Drive: %s\n", drive);
        hDeviceHandle = CreateFile(drive , 0, 0, NULL,
        OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL);
        if (hDeviceHandle != (HANDLE)-1)
        {
            STORAGE_DEVICE_NUMBER sdn;
            DWORD returned;
            if (DeviceIoControl(
                hDeviceHandle,IOCTL_STORAGE_GET_DEVICE_NUMBER,NULL ,0,&sdn,sizeof(sdn),&returned,NULL));
            {
                printf("\tDevice type: %d number: %d partition: %d\n",sdn.DeviceType,
                sdn.DeviceNumber, sdn.PartitionNumber);
                if(sdn.DeviceType == 7)
                    printf("\t-->\t\\\\.\\PhysicalDrive%d\n",sdn.DeviceNumber);
            }
        }
    }

    return 0;
}

Compile with: 

% gcc logicalToPhysicalDrive.cpp

Example of output: 

Drive: \\.\C:
        Device type: 7 number: 0 partition: 1
        -->     \\.\PhysicalDrive0

Patch file version resource

Some windows file have a specific resource record that stores release information on that specific file (like file version, company name, etc ). One can see this record by using the NT Explorerright clickpropertiesVersion panel.

It is quite easy to change the content of this record by using an Hex Editor such as UltraEdit. Just look for either of the hex string below in the file: 

560053005F00560045005200530049004F004E005F0049004E0046004F00 // V.S._.V.E.R.S.I.O.N._.I.N.F.O.
460069006C006500560065007200730069006F006E                   // F.i.l.e.V.e.r.s.i.o.n.

Note that the version number (file version) given at the top of the Version panel is actually coded in hex. The example below gives a file version 1.2.3.4. 

xx xx xx xx xx xx xx xx xx xx 56 00 53 00 5F 00 // xxxxxxxxxxV.S._.
56 00 45 00 52 00 53 00 49 00 4F 00 4E 00 5F 00 // V.E.R.S.I.O.N._.
49 00 4E 00 46 00 4F 00 xx xx xx xx xx xx xx xx // I.N.F.O.xxxxxxxx
xx xx xx xx 02 00 01 00 04 00 03 00 xx xx xx xx // xxxx........xxxx

Shutting Down / Locking

Using rundll32.exe (see [1]): 

rundll32.exe user32.dll,LockWorkStation

Another one: 

rundll32.exe shell32.dll,SHExitWindowsEx [0|1|2|4|8]
:: 0: logoff, 1: shut down, 2: reboot, 4: forced shutdown, 8: powers down the machine

Regedit

Command-line

regtool /s registry_file.reg                     ::Silent merge registry file (no user confirmation)

Regedit .reg File Format

See also Microsoft's reference page, here, here, here and on Wikipedia.

See also regtool chapter on Cygwin page. 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup]
@=dword:00000000
"SetupType"=dword:00000000
"CmdLine"="setup -newsetup"
"SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

; Comments are created with a semi-colon

; Delete a value by assigning a minus to it
"SetupType"=-

; Delete a key by preceding the name with a minus sign
[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

The header line indicates the version and can be either 

 Windows Registry Editor Version 5.00   for Windows 2000, Windows XP, and Windows Server 2003
 REGEDIT4                               for Windows 98 and Windows NT 4.0 (but is also accepted in 2000, XP or 2003)

Network

Detect Network Environment Change

The following VBS script can be used to detect automatically when a network cable is connected or disconnected ("network cable unplugged"), as in [2]. Some explanations at [3], and more on [4].

Use MSNdis_StatusMediaDisconnect to detect when a cable is unplugged. 

Set colMonitoredEvents = GetObject("winmgmts:root\wmi")._
     ExecNotificationQuery("Select * from MSNdis_StatusMediaConnect")
Do
     Set strLatestEvent = colMonitoredEvents.NextEvent
     WScript.Echo "Connected! Do something here"
     ' enable the line below if you want to exit after the first event.
     ' Exit Do
Loop

Same script a bit improved in order to limit detection to some specific adapter: 

Set colMonitoredEvents = GetObject("winmgmts:root\wmi")._
     ExecNotificationQuery("Select * from MSNdis_StatusMediaConnect" _
        & " WHERE InstanceName = '3Com 10/100 Mini PCI Ethernet Adapter'")
Do
     Set strLatestEvent = colMonitoredEvents.NextEvent
     WScript.Echo "Connected! Do something here"
     ' enable the line below if you want to exit after the first event.
     'Exit Do
Loop
Retrieved from "https://miki.immie.org/mediawiki/index.php?title=Windows_Administration&oldid=1288"