Posts

Showing posts with the label Elevated CMD

Svchost process in task manager

Svchost.exe contains generic host processes.

If the svchost.exe is accidentally close or intentionally close, then the system might crash or shutdown.

There are times that svchost.exe does consume quite a lot of resources and eats up the memory on the system. Thus, it's quite tempting to close or kill the process.

To kill or close a process forcefully via command line can be done using taskkill command plus the process id.

Ex: Taskkill /pid 1234

How to know exactly which service or process the svchost is running?

To check the pid and the process that svchost is running, type:

tasklist /svc

Tasklist /svc command will display the image name, pid and the services.

Output example for tasklist /svc command:

svchost.exe                   1172 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, W32Time, WdiServiceHost
svchost.exe                   1200 Appinfo, BITS, Browser, CertPropSvc,
                                   EapHost, IKEEXT, iphlpsvc, LanmanSe…

Domain Computer takes a long time to login

Login process should be quick and fast, so every user will be happy and start the day smoothly.
But not every day is a new year’s day and there are times that things will just go south and some issues will surface.
Enabling verbose login in local group policy will definitely help to troubleshoot which part of the login process the system halts and takes a long time to process.
Folder redirection for some reason will cause an issue that will take time to load the desktop or causes a login issue.
There are quite a lot of reasons why a GPO takes time to process, and causes login issue.
But if a computer or workstation has been working fine and all of a sudden gives a logon issue; no changes has been made on the server or GPO. Then an issue could occur at the workstation or client side.
One solution that might work on this kind of scenario is to open an elevated command prompt and issue this command on the problematic user computer:
Netsh winsock reset

Normally, the command above is issue…

Windows audio disabled and wireless icon showing disconnected

In Windows 7 I encountered an issue showing that “Windows Audio is disabled”, I had checked the device manager audio devices was working fine. I checked the Windows Audio Volume Control, the default speaker is enabled. I checked the “Audio disabled devices”, there was a device that was disabled but cannot enable.

I tried restarting Windows Audio Service but it just doesn’t help. I did some Googling and one of the results points to Microsoft Online Answers Community and one respondent suggested the commands below:

Run commands below at an elevated mode or Administrator mode.

net localgroup Administrators /add networkservice press enter then type:

net localgroup Administrators /add localservice press enter and restart your computer

Link to the original article:
https://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/audio-device-is-disabled/3d49e32d-6c1c-44c8-a7b3-52166a0233b0

After restarting the computer, the audio was working already.

Aside from the Windows Audio is di…

Map drive not working

Mapping drive can be set in different ways,  via group policy, using scripting (PowerShell, Vbscript, Jscript) or it can be set via command line.
Setting script via command line can be done easily using ”net” command, like the example below. The example below shows the syntax on how to map a drive or folder.

net use ?
The syntax of this command is:
NET USE [devicename | *] [\\computername\sharename[\volume] [password | *]]         [/USER:[domainname\]username]         [/USER:[dotted domain name\]username]         [/USER:[username@dotted domain name]         [/SMARTCARD]         [/SAVECRED]         [[/DELETE] | [/PERSISTENT:{YES | NO}]]
NET USE {devicename | *} [password | *] /HOME
NET USE [/PERSISTENT:{YES | NO}]
Example:
Net use \\AD_Server\Working_folder  Z:
The command will map “Working_folder” to drive Z on the client PC.
The above command will not need a password  if run as a batch file and deploy as a logon script via group policy.
To delete the mapped drive : net use Z: /delete

PowerShell list processes by username

List all processes by username in PowerShell, requires that PowerShell to be run in elevated mode.




List all running processes for all users:

   Get-Process -IncludeUserName  | ft -AutoSize

     ft - Autosize --will not truncate the output



List all running processes and filter by UserName:

Get-Process -IncludeUserName  | Where UserName -EQ -EQ "This_User_Name"  | ft -AutoSize

Above script will filter the output to the specified username.


Get running word or winword process for the specified user and kill or stop the process.

Get-Process winword -IncludeUserName  | Where UserName -EQ "This_User_Name"  | Stop-Process -Force

-Force parameter will suppress the prompt whether to kill or stop the process, use sparingly in production environment

Requires PS 4.0 version to run above commands.

Cheers!! till next time.
================================ Free Android Apps:
Click on links below to find out more:
Linux Android App cheat sheet: https://play.google.com/store/apps/details?…

Delete Directories with Wildcards using rd or rmdir

Deleting files in command prompt using wildcards is quite straight forward.
Command below will delete all text (".txt") files on the specified path.
Del D:\txtlog\*.txt
Command above will delete all files with ".txt" extension in d:\txtlog directory.
Easy enough to delete all matching files.
Using the same method with rmdir or rd command this will not work.

For example, if we have a directory on d drive that is auto-generated by an application and the filename is consistent with a pattern plus incrementing number at the end to differentiate the folder from other folders.

   D:\baklogs\log1\    D:\baklogs\log2\    D:\baklogs\log3\    Etc..    D:\baklogs\log100\

The folder name has a consistent pattern that is preceded by the word “log” plus incrementing number.
If the command below is executed to remove the directories in one go, an error is shown which has this message: "The filename, directory name, or volume label syntax is incorrect."
rmdir D:\baklogs\…

Disconnect Remote Desktop from command line

How to kill remote desktop sessions from the command line?
How to close RDC sessions from the command line?
One solution is to use batch file scripting or use PowerShell.
For old timers batch file might be the preferred solution because you don't need to install anything, it  comes in handy with the native command prompt.
Of course, PowerShell is also one of the best solutions; provided the environment is PowerShell ready.
The method used below utilizes batch file or the command prompt, just like the good old DOS environment of yesterday.
Command below can be run directly from the command prompt.
To use batch file scripting open notepad and save the file with ".bat"  file extension. Once saved as a batch file, the script is ready for automation with the help of Task Scheduler.
Here's the command:
for /f "tokens=2,5" %a in ('netstat -ano ^| find "3389"') do echo %a & tskill %b /v
For folks who just started to embark in batch file world,…

Check Domain Name, DHCP and IP Address

Copy all matching files