10 Useful and Exciting Windows Command Prompt Tricks

With a beautiful interface such as that of Windows 10, it’s quite easy to forget the marvels that come with the Windows command prompt (CMD) nifty tool.

While the command prompt may appear mysterious and intimidating for some people, it’s easy to make the most of the tool.

In this tutorial, you will learn some exciting Window 10 tricks that you can use to improve your overall performance.

1. Copy output of CMD to the clipboard

Occasionally, you may want to copy and share the information or output of the command prompt after running commands. Instead of taking a screenshot, you can copy the output and paste it on a text editor.

Here is the syntax:

command | clip

For example, to copy the output of ipconfig command, run:

Ipconfig | clip

You can then launch Notepad or any other text editor and paste the contents:

2. Change the title of the command prompt tool

By default, the title of the command prompt bears the title names Command Prompt or Administrator: Command Prompt, as shown below:

When it’s run as an Administrator, the title appears as shown below:

If you wish to customize it to your own preference, run this command:

title preferred-name

For instance, to change the title to a username ‘james’, run:

title james

3. Watch Star Wars in ASCII format on command prompt

One of the coolest features of the command prompt is the ability to stream an ASCII version of Star Wars. The method is quite simple and utilizes the telnet protocol.

To view Star Wars in ASCII format, execute the command below and hit ‘Enter’:

telnet towel.blinkenlights.nl

Shortly after, Star Wars in ASCII version will be launched:

NOTE:

Before you begin launching Star Wars, ensure that Telnet feature is enabled in Windows Features. You can go to Control Panel > Programs > Programs and Features.

On the left pane, click on ‘Turn Windows Features on or off’. Then, scroll and check the telnet option to activate the telnet protocol.

4. Change the text or background color of the command prompt

If you are adventurous, you can follow the steps below to play around with the text color or modify the background of the CMD:

  1. Right-click on the title bar
  2. Select the ‘Properties’ option
  3. In the Window that appears, click on the colors tab
  4. You can now choose the preferred color for screen text and background as well. Additionally, you can change transparency of your CMD window.
  5. If satisfied with your options, click ‘OK

5. Create a Wi-Fi hotspot

This may come as a surprise to many, but it’s possible. You can easily create a Wi-Fi hotspot right from your Windows PC on the command prompt and share your Internet connection with other devices.

To accomplish this, follow the steps below:

  • Launch the command prompt
  • Run the command netsh wlan set hostednetwork mode=allow ssid=HotspotName key=Password“. Replace “HotspotName” with your preferred Wi-Fi hotspot name and “Password” with the SSID password or password of the Wi-Fi hotspot.
  • Next, type “netsh wlan start hostednetwork” and hit ‘Enter’. Thereafter, your Wi-Fi hotspot will be broadcasted, and other devices will be able to connect to it.
  • To stop broadcasting your Wi-Fi hotspot, simply type and run netsh wlan stop hostednetwork

6. Generate battery health report

You can generate your battery’s health report by following the steps below:

  • Launch the command prompt as an Administrator; such that the prompt changes to: C:\Windows\System32
  • Run the command powercfg/energy
  • Windows will take 60 seconds to analyze and then generate a report in HTML format that is located in C:\Windows\System32\energy-report.html

7. Display a list of your computer’s drivers

To list your PC’s drivers, simply run the command driverquery:

8. Scan and repair files

If your Windows 10 PC is a bit sluggish and behaves in a weird manner, you might consider scanning and repairing files to rectify the situation.

To accomplish this, simply run the command below:

sfc /scannow

This will take some time, depending on your computer’s speed.

9. Get information on a command’s usage

If you are unsure about a certain command or you want to learn more about a command you have been using and the options available, use the syntax below:

Command /?

For example, to find out more about the ipconfig command, run:

ipconfig /?

10. Execute one command after another

To execute one command after the other, use the && operator between the two commands, as shown below:

command1 && command2

For example:

ipconfig && ping google.com

Then, sit back, relax, and wait for the commands to finish running!

Conclusion

With the above tricks, getting some extra tasks accomplished becomes easier using the command prompt tool.

Is there another CMD trick we might have left out?

Please share in the comment section below.

Are you sure your data on Windows Servers is secure?

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!



How to Use the NTFS Compression Feature on Windows 10

Imagine using a machine that never gets full because you know how to bypass or free up more space to hold more data.

The NTFS compression feature can help you to manage the straightforward task of making your files smaller on storage media.

The Windows 10 operating system, with its New Technology File System (NTFS) technology, has an added compression feature that helps users to save on space while retaining normal access and without going through the manual decompression process.

Enabling NTFS compression could affect your machine’s performance negatively, especially if it has low computing power.

Whenever you access files, NTFS works on the background, decompressing and recompressing files.

Although compression reduces the performance of your machine, there are other setups that makes sense to use it. For example, it allows you to free up space even after deleting all temporary files and unnecessary contents.

Other administrators use it to store files that are not in use or to save files that have no significant impact on computer operations such as pictures and documents.

Regardless of your current operating environment, as long as you are using Windows 10, you can enable the compression feature using any of the following two ways:

  • Using compression at the file level
  • Using compression at the drive level

We are going to use this article as a guide to take you through the processes of enabling the NTFS compression using the two levels.

Using NTFS File Compression (File Level)

File level compression is the easiest to use in making files smaller without touching on the storage media or using additional tools such as zipping methods.

You can use the following steps to compress files and folders using NTFS:

  • Open File Explorer
  • Open the folder that will store the compressed files
  • Click on the Home button
  • Click the New folder button

TIP: Use the Ctrl + Shift + N shortcut to create a new folder

  • Give the New folder a name of your choice (in our case “Compression”) and press Enter
  • Right click on “Compression” and select the Properties option

  • Click on the General tab
  • Click on the Advanced button

  • Below the “Compress or Encrypt attributes” section, click to check the Compress contents to save disk space option

  • Click OK button
  • Click Apply button
  • In the “Confirm Attribute Changes” dialog box that follows, select Apply changes to this folder, subfolders, and files
  • Click the OK button

Once you have done all the steps above, NTFS file compression will be active, and any file sent to the folder will automatically undergo the compression process. The new changes in the folder will work on both files and folders.

By looking at the newly created folder, you will notice two arrows pointing to each other at the top right corner.

You can confirm the amount of space you are saving by right clicking on the folder and selecting the Properties option. Size indicates the original size before compression while Size on disk indicates the size of the folder after compression.

You can revert to the original folder properties using the same instructions but ensure you clear the Compress contents to save disk space option.

Using NTFS Drive Compression (Drive Level)

Alternatively, you can also use the option of shrinking folders and files individually by way of compressing the whole drive. This feature gives the same benefits as compressing individual files, meaning that accessing files will be much faster.

You can use the following steps on the hard drive to enable NTFS drive compression:

  • Open File Explorer
  • Click and select This PC
  • On the “Devices and drives section”, right click on the storages you wish to compress (in this case Data), then select the Properties option

  • Click on the Compress this drive to save disk space option

  • Click the Apply button
  • In the small “Confirm Attribute Changes” dialog window, select Apply Changes to Drive, subfolders, and files

  • Click OK button
  • Click OK button

Once you are here, know that the NTFS files will be active inside the drive. Compression can be active on a drive with or without files.

Note that compressing a drive with so many files will take a considerable amount of time; therefore, it is a good idea to compress an empty drive before storing files inside it.

To undo the changes above done at the drive level, use the same instruction as outlined but do not check the Compress this drive to save disk space option.

Knowing the Right Time to Compress Files Using NTFS

The compression ability of Windows 10 without the help of third-party software is useful when dealing with media storage issues.

However, before engaging the NTFS compression feature, here are the things you need to look at:

  • Activating compression on a drive running Windows 10 is not a bad idea; however, doing so may bring some negative consequences, such as poor system performance issues.
  • Before compressing the drive on the system, consider using Compact OS, which is an inbuilt feature that reduces installation footprints, giving up free space on the system drive.
  • Compression is applicable on virtually any device; for example, you can activate the feature on systems running on new processors and fast drives such as the Solid State Drive (SSD) for optimal performance. SD cards and USB flash drives can also use NTFS compression, but your focus should always be on more capable system drives such as the SSD and Hard disks.
  • If you are using a low-end or an old device, you can forgo the compression option and buy a larger external drive. External drives also play an important role in freeing up resources, without necessarily compressing and decompressing data that could slow down your system.
  • The amount of space you save using this feature depends on the amount of data and other factors. NTFS compression is ideally a fast and a quick process, but gives a small compression ratio compared to what third party tools offer.
  • Drivers and folders that use the NTFS compression can take in compressed files such as zip files and music files. Files that are already in compression state do not change in size.
  • When using NTFS compression, files go through a decompression process before moving over the network, meaning no optimization takes place to reduce bandwidth or time. So, instead of sending a large amount of data over a network through compression, try the zip container.
  • All the above steps also apply to the earlier version of Windows, such as Windows 8.1 and Windows 7.

Shortcode

Protect yourself! Discover all security holes in the folder hierarchy on your Windows fileservers!

Get your free trial of the easiest and fastest NTFS Permission Reporter now!

A Simple Way to Create and Hide a Junction Link on Windows 10

In the Windows Operating system, there are three types of links:

  • Hard links
  • Junction links
  • Symbolic links

A hard link creates a second directory entry to a file such that it can reference a file using more than one reference path.

A symbolic link creates a new file altogether that references an already existing file.

A junction link, also referred to as a soft link, is used in linking directories which are located on different volumes or drives, but not between network drives. It’s created only between two folders and not files.

In this article, you will learn how you can create and hide junction links.

How to create a junction link on Windows 10

To create a junction, you first need to define the location of the junction link as well as the folder you’d want to link it to. Take note that the target folder should exist before creating the junction link.

In this tutorial, we will create a junction link at:

C:\Users\james\OneDrive\Music with the target defined at E:\MTBL

To begin with, you need to run the Command Prompt tool as an Administrator.

You can achieve this by clicking on the Start button, typing cmd in the text field, right clicking on the Command Prompt option, and selecting ‘Run as Administrator’.

Next, let’s apply the mklink command as shown in the syntax below:

mklink /J “path to junction link” “path to target folder”

In our case, the command will be as follows:

mklink /J “C:\Users\james\OneDrive\Music\MTBL” “E:\MTBL”

You can verify the existence of the junction link using the dir command as shown below:

How to hide a junction link on Windows 10

Additionally, you can create a directory junction with the ::$INDEX_ALLOCATION attribute, which will create a directory with dots like this […].

Here is an example:

In this case, the target folder, E:\MTBL, is not displayed as highlighted. This shows that we have tactfully managed to “hide” it.

To navigate into the directory, you can use the syntax below:

cd …/…/

To ensure that it contains the same files as the target folder, you can use the dir command:

Here is a simple tutorial for creating and hiding junction links on the Windows 10 operating systems.

As you can see above, we have successfully managed to hide the path to the target directory using the […] notation.

Bravo!

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows Filesystem: How to Hide the Destination of a Directory Junction

Directory junctions are critical NTFS features on Windows that hide security vulnerabilities from would-be attackers. Junctions can help in creating symbolic links using normal privileges.

The best vulnerability that can exploit directory junctions is the AVGater, which works by abusing the ability of users to restore dangerous files that antivirus products have quarantined.

For example, the vulnerability can take place when a file is placed inside a folder X, and the antivirus solution marks the file as a virus, and moves it to the quarantine folder.

Thereafter, if the previously quarantined file is restored, the attacker can trick it into an arbitrary directory, which is not its original location.

The attacker can transfer the quarantined file to a hidden location on the host system, leading to abuse of the SYSTEM permissions and causing extensive damages.

Directory junctions can be misused if the target has time-of-check to time-of-use (TOCTOU) vulnerabilities.

You can also create a directory junction using the mklink utility, alongside the /J argument. It will now be possible to combine this with the ::$INDEX_ALLOCATION trick to create a directory junction with the name “…”

As you can see on the example above, the first directory was created using the normal name, which explains why destination is correctly shown in the dir output.

In the second junction, the target is absent and shown as […]. You can have your first junction to point to the second one, which also points to the third junction—until the last one points to the actual destination.

The paths are obviously confused; you can enter the junction using cd …\…\ that must be inside the System 32 folder. Remember the directory will point to C:\Test\

With the dir command, you can output files found on the System32 folder. The first command above created the Hello.bat file in C:\Test\

From the screenshot above, the Hello.bat command is shown to come from the current directory (.\). It will execute to its content, not what is contained in the C:\Windows\System32\hello.bat.

Since you can set up folders in any way, this can be applied to bypass application whitelisting programs using white scripted files.

This way, hiding the destination of a directory junction becomes possible.

Do you want to prevent unauthorized deletion of directory objects or something similar to this problem?

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!

Windows: How to Create Files that Cannot be Found Using the “…” Dots

All Windows folders must have two entries: the directory “.” (denoting the current directory) and “..” (denoting the parent directory).

On a Windows platform, it’s important to create a file extension with dots. This prevents attacks that the system may confuse with dots and parses.

However, as seen on the command above, you cannot create a file with “…”, including using it as a name.

All this can be bypassed using the ::$INDEX_ALLOCATION trick.

Using the folder name twice also creates the folders.

For example, you can pass the command mkdir “….\….\” to create a directory and another one inside it. This will enable you to enter the folders, store files, and execute programs from the same location.

It is not possible to enter the folder using its name. As such, after creating the files in the folder, you’ll be forced to use the “cd … \… \” syntax.

Please note that if you use “cd.” in the folder, it will take you one directory up because of the confusion in paths.

You may not open the same directory from the Graphical User Interface (GUI).

In some cases, if you stay in the same directory and maintain the same path, double clicking a folder may not have any impact.

In other cases, you may notice that you are in the folder but the path in the explorer changes. For instance, when opening the folder several times, you may notice many dirs in the path of the graphical interface.

By entering as many folders as you want, you may not show all the files inside the folder in the GUI, and you may also not open a folder by passing “C:\Sample\Test\…\…\” in the input field.

NOTE: Deleting the folder will crash the explorer because it will not stop counting files being deleted; best advice is to avoid doing this on your working system

Using the GUI to search for files may also not work for you; for example, searching for a Sample123.txt will keep searching forever, without anything to show.

Searching for the same file via the command prompt gives a positive result, as shown below.

However, most administrators prefer to use the PowerShell, which gives an endless loop.

If you use the Get-ChildItem –Path C:\Test –Filter Sample123.txt –Recurse –ErrorAction SilentlyContinue –Force commandon the PowerShell interface, it will iterate forever.

Some programs may seem to work correctly. For example, if you place some malware in the same directory and perform tests using an antivirus solution, nothing will happen because some of them may be unable to interpret their names and paths.

When searching for viruses inside the C:\Test\…\, the malware will be skipped inside the C:\Test\. Some Python programs that use the function os.walk() make it to work correctly.

Please note that creating a directory junction pointing to its own parent folder will not lead to an endless loop in both cmd and PowerShell.  

Shortcode

Protect yourself! Discover all security holes in the folder hierarchy on your Windows fileservers!

Get your free trial of the easiest and fastest NTFS Permission Reporter now!

How To Hide All NTFS Alternate Data Streams

It’s possible to dump Alternate Data Streams (ADS) using the /r switch in the dir command.

Moreover, you can also use the streams.exe tool found within the Windows Sysinternals to dump the streams

On earlier Windows versions, ADS was hidden by concealing the reserved names as the base names.

Examples of such names include CON, NUL, COM1, COM2, LPT1, and others.

However, in Windows 10, this seems to be fixed; and doing the same may not be possible, but it still works.

The ADS on “…” was successfully created and listed by the tools.

Creating an ADS on COM1 results in an error, but does not have an effect on the system.

ADS can also be created on the drive using echo Sample123 > C:\:Sampleabc.txt that hides it from the dir/r command inside the C:\.

However, it will show the ADS inside subfolders of C:\ for the “..” directory, as shown below

The 12 NULL:Sample.txt:$DATA was created by the C:\:Sampleabc.txt ADS. This stream is also visible using the Sysinternals streams.exe tool, if it is called on directory C:\. You can use the “…” to hide it from both tools.

There is also another way of hiding it by using “<space>”at the end of the file, and Windows will automatically remove the space.

However, we can create such a file with ADS using tools that cannot open the file because of the file name. After truncation, it will be changed to a name without any space, which, in actual sense, does not exist.

Have a look at the screenshot below.

The ADS foobar.txt is not visible using the normal searching tools

NOTE: such files can be created using the echo test> . ..:$DATA

Also, note that Sampleabc.txt uses the same ADS that was used to create one on C:\:Sampleabc.txt.

Going by that reasoning, we can create a directory with the name “..”, as shown below.

If you try entering the folder or opening it, you’ll get the following error.

Other techniques such as cd ..\..\ also do not work. However, cd “..::$INDEX_ALLOCATION” works (the double quotes are part of the command).

Directories using the name “..” can be entered using the earlier mentioned technique.

NOTE 1: The folder named Test22 can be opened through the GUI by clicking it twice and all its contents will be displayed correctly. The only downside is that you cannot open its files because Windows will interpret it as a wrong path. Using PowerShell will lead to endless loops when searching such folders.

NOTE 2: An ADS can be created on a folder with names such as Sampleabc, and be renamed by including a number, because the name will not work. To access the folder, you must rename it to its original Sampleabc name.

File System Tricks vs. Antivirus Products and Forensic Software

We conducted a quick verification of the file system tricks against an antivirus software to see if some malware could go past the system vulnerabilities. The most notable discovery was that files or folders ending with “..” bypassed the system with ease.

Upon re-enabling the antivirus software and scanning the folder and file, the program identified its own files, the folder containing the copied files, and bypassed the virus in “Sample123..” or in any of the “foo..” folders.

When the folder and the file were opened, the antivirus program found them because the contents were loaded from the system to memory. Using the “remove” action from Windows Defender could not remove the files but the “remove” action from the antivirus software deleted them.

You can change this behavior in the file guard settings by setting the scan to “Thorough” so that it can scan through all the files. The Windows defender blocks the reading of some antivirus’ text files.

Furthermore, we conducted another test using forensic software (in this case Autopsy 4.6.0) by loading “logical files” into the tool within the running system, and not using an image. As a result, we could open the “..” folder but not the “foo. .” folder.

If we created another file called “Valid”, in addition to the “..” folder that contained a space at the end of its name, it was read by the system as “..” and could be opened by double clicking.

This is possible only on “logical files” mode, disk image mode, and when running Autopsy live mode (with everything configured correctly to access data using the API).

Protect yourself and discover all permissions owner on your Windows fileservers!

Pass your next security audit without worrying about security leaks!

Get your free trial of the easiest and fastest NTFS Permission Reporter now!



How to Prevent Privilege Creep With FolderSecurityViewer

Ensuring the right access privileges are aligned with appropriate user roles is usually the headache of the IT department.

If there is a mismatch between a user’s responsibilities and their access privileges, it poses serious security risks, including data breach, exfiltration of sensitive information, and implantation of viruses and worms on the company’s systems.

In this article, we are going to talk about how to prevent privilege creep using a versatile tool known as FolderSecurityViewer.

What Is Privilege Creep?

Typically, privilege creep refers to the steady gathering of un-audited access rights beyond what a person requires to complete their tasks.

If a user requires rights to access an IT infrastructure, and sufficient justification has been given, those rights should be given.

However, when that same individual no longer needs those rights, and nothing is done to remove them, they remain unchanged. Over time, with the addition of more roles, a person can gather unnecessary and insecure rights.

How Privilege Creep Occurs

Simply, privilege creep takes place when users’ privileges are not cleaned out, especially after changing roles. Promoting employees, demoting employees, or carrying out transfers within departments are the major cause of access creep.

For example, a manager is hired and granted the access rights to the sensitive IT systems in a company. After some months in the position, he is demoted and a new manager is hired to replace him. However, instead of the access rights of the old manager being revoked, he still retains them.

The same scenario can happen when an employee is transferred to another department or an employee is promoted to a higher position. Also, if an employee is granted temporary access permissions to cover for vacations or prolonged absences, and the rights are not rescinded, privilege creep can ensue.

Dangers of Privilege Creep

Privilege creep usually leads to a two-fold security risk to organizations. The first risk occurs when an employee who still has uncleaned privileges gets tempted to gain unauthorized access to a sensitive system.

In most organizations, security incidences take place because of dissatisfied employees attempting to cause damage or just ‘make a point’. If such employees have unnecessary privileges, they can maliciously gain entry into systems away from their immediate work station, making finding them out difficult.

Second, if the user account of an employee with excess privileges is hacked, a criminal can collect more information than if the privileges of the account were not excessive. If an account is compromised, it becomes the property of the attacker, and it is more lucrative if it has excess rights.

How to Avoid Privilege Creep

Carry out access reviews

The best technique of avoiding privilege creep is carrying out frequent, thorough access reviews. The IT department should regularly confirm every employee’s access rights to ensure the unnecessary accumulated privileges are revoked.

If a company has invested in a robust identity and access management system (IAM), undertaking access reviews become less taxing and making decisions concerning employees’ continued access become easier. Implementing an IAM system will ensure granted access privileges are appropriately authenticated and audited.

Importantly, when conducting access reviews, the principle of least privilege should be applied. The permissions granted to users should be limited to the minimal level that enables them to carry out their tasks without any difficulties. For instance, someone in the HR department should not be given the privileges of accessing the organization’s customer database.

Access reviews should be maintained throughout the year, with a frequent rotation in every department within the company. Every employee, from the CEO to the lowest-ranked, should have their access permissions periodically reviewed, especially when there is a change in roles.

Communication of changes in roles

In case any employee changes roles, it should be promptly communicated to the IT department. If formal notification is not done, the IT department may not revoke the employee’s access rights, which can lead to harmful consequences.

So, the HR department should work together with the IT department to avoid such lapses, and enhance the security of the company’s infrastructure.

Ensure privileges are aligned

By ensuring the privileges of each employee are aligned to their specific roles and responsibilities, it becomes easier to prevent this creeping monster.

In the company’s employee lifecycle management policy, a comprehensive documented process should be included that clearly outlines the IT-related actions.

In case of any changes to roles, prompt notification should be made to the IT department for updating of the privileges and closure of redundant accounts.

How FolderSecurityViewer Can Help

The task of preventing privilege creep is delicate and demanding. If you try to manually sieve a big number of users’ privileges, it can consume a lot of your time and drain a lot of resources, besides the mistakes and oversights that can ensue.

Therefore, investing in an IAM system can greatly reduce the extensive costs of tackling the security vulnerabilities ensuing from privilege creep as well as misaligned or abused privileges.

For example, the FolderSecurityViewer is a powerful free tool you can use to see all the permissions accorded to users. After analyzing the permissions, you can clean them out, and reduce chances of privilege creep occurring.

First, you’ll need to download the tool from here.

After launching the tool, you’ll need to select the folder you need to review its permissions, and click the entry Permissions Report of the context menu for the magic to start.

  

You’ll then be provided with a comprehensive permissions report containing several things, including the names of users, department of users, and their respective allowed permissions.


If you want to get more information, you can click on the “Access Control List” button and see the various privilege rights accorded to users.

You can also export the permissions report in Excel, CSV, or HTML format, and make more analysis.

 After carrying out the access reviews using FolderSecurityViewer, you can audit identities and permissions to ensure role-based privileges are applied and excessive privileges are revoked.

Conclusion

The FolderSecurityViewer is a wonderful tool you can use to provide you with visibility into the permissions and access rights for your IT infrastructure. This way, you can easily prevent privilege creep and avert costly security breaches from occurring.

How To Upgrade Windows Server 2019

In-place upgrading of a Windows Server Operating System allows the Administrator to upgrade the existing installation of Windows Server to a new version without changing the existing settings and features.

The Windows Server 2019 In-Upgrade feature allows you to upgrade the existing The Long-Term Servicing Channel (LSTC) release like the Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. The in-place upgrade service allows organizations to handle upgrades to newer versions within the shortest time possible. The direct upgrade is possible even when your existing Server Installation requires some dependencies before an upgrade.

Clients who do not document server installations or do not have the infrastructure or code for deployment will find it hard to upgrade to new Window Server versions. Without the Windows Server 2019 In-Place upgrade feature, you will miss many improvements on WS2019.

How to Upgrade to Windows Server 2019

Using the in-place upgrade to move to Windows 2019, use the Windows Server 2019 media on a DVD, USB or any appropriate method of installation. Start the setup.exe

The existing installation will be discovered, and you can perform the in-place upgrade. The installation should not take more than five minutes, but it all depends on the speed of the server and running roles and features.

The following example shows an in-place upgrade from Windows 2016 to Windows 2019 from an ISO file.

  1. Mount the ISO file and click on setup
  2. Accept defaults and click next (Download and install updates as the default option)
  3. On the next screen we will specify the product key and click next – the key can activate unlimited upgrades
  4. Select the edition with the desktop experience option and click next
  5. Accept user license terms and click accept
  6. Select the option for keeping personal files and programs because we intend to upgrade the Server. Click on Next.
  7. Windows will take time collecting updates and when done click on next when done (this depends on the speed of your internet)
  8. A warning will pop up about upgrading to a new Windows Version. Read the message and if you are okay with it click on confirm.
  9. The next step requires that you click on FlightSigning to enable it. (FlightSigning enables you to trust Windows Insider Previews builds that have signed certificates but not trusted by default.
  10. Click on install to initiate the installation process.

Once the upgrade is finished, you will notice some new features

  • The PowerShell replaces CMD
  • The Apps and Features open the settings panel and not Programs and Features as it in Windows Server 2016, which opens Control Panel where you can uninstall or change program and settings instead of the control panel.
  • Windows Defender Security Center has all the security settings.

Installing the Active Directory Domain System on Windows Server 2019

There is no much difference experienced if you have installed an Active Directory Directory Services on Windows Server 2016.

Run the server manager

  1. Click on Manage
  2. Roles and Features
  3. Follow the wizard and install AD DS
  4. Click on the link to promote the Server to a Domain Controller

Selecting Server Roles

  1. Click on the Add Roles and Features Wizard
  2. On the resulting wizard click on the roles, you want to add and click next

Creating a New Forest

  1. Click on the active directory domain service configuration Wizard
  2. On the deployment configuration wizard, choose the option to add a new forest
  3. Specify the domain information for the forest
  4. Click next

The Forest Functional Level (FFL) and the Domain Functional Level (DFL) are named Windows Servers in preview versions; use the Active Directory Service Configuration wizard to promote the server.

The Domain Controller options wizard will take you through the Server promotion wizard.

If you need more configuration options such as the Hyper-V installations, you can use the preview version for Windows Server 2019, which is 8.3

At the moment, most developers are still running tests on servers using the kind of hardware you will find in a professional environment. Testing using the Virtual Machines could also give good results however a server operating system should be verified using hardware deployments.

Detect Permission Changes in Active Directory

This articles describes how to track permissions changes in Active Directory.

Overview

Let’s start an article, with a small example :

If some example organization works in three shifts, with different server administrators, and , in meantime permissions on some Active Directory objects, change, overnight, it is the good practice to know which admin ,and when changed it.

For that information, auditing for changes to permissions on Active Directory should be enabled, and in this article, we will explain how to do it successfully.

Enable auditing of Active Directory service changes

The first step is enabling auditing of Active Directory service changes. It has to be done on the domain controller, on a way to change Group policy object, Default Domain Controllers Policy.

The operation should be done from a server, or a workstation with Remote Server Administration Tools (RSAT)  installed.

By opening Group Policy Management, and expanding Active Directory Forest, Domains, and then the Domain Controllers Organizational Unit (OU), access to Default Domain Controllers Policy GPO is granted, and by right-clicking Edit from the menu, Group policy management editor will open.

When in Group Policy Management Editor, navigate to ( and expand policies )  Computer Configuration, then  Windows Settings then  Advanced Policy Configuration and click DS Access.

Among the other subcategories, there will be Audit Directory Service Changes.

In the properties of Audit Directory Service Changes policy, Configure the following audit events option, both checkboxes ( Success and Failure ) should be ticked.

Adding a system access control list (SACL)

Next step is adding a system access control list (SACL) to the domain to audit for modified permissions.

System access control lists ( SACLs) are used for establishing security policies across the system for actions like logging or auditing resource access.

SACL specifies :

  • Which security principals (users, groups, computers) should be audited when accessing the object.
  • Which access events should be audited for these principals
  • Which access events should be audited for these principals
  • Adding system access control list (SACL) is made from Active Directory Users and Computers ( ADUC), by opening View menu, and check Advanced Features ( it has to be activated).

Click Active Directory Domain ( on the left), and select Properties > Security > Advanced, then switch to Auditing tab, and click Add. It will open Auditing Entry tab.

In the Auditing Entry tab, click Select a Principal.

Enter the “everyone” in the object name in the Select User, Computer, Service Account, or Group dialog, and click Ok.

Auditing Entry has to be set to “Sucess” and Applies to option has to be set to “ This object and all descendant objects”.

Under “Permissions” option, only selected option has to be “Modify Permissions”.

Check

And that is it. The only thing left to do is check the changes of permissions.

It can be done in PowerShell by usage of the command

Get-EventLog Security -Newest 10 | Where-Object {$_.EventID -eq 5136} | Format-List

The output should be the formatted list of information about changes ( who made changes on which object, and information about new security descriptor).

Windows Server – How To Close Open Files

Here I will describe how to close open server files and processes.

Every system admin on Microsoft Windows Server systems, at least once, will come in a situation that some file is open on a server, and it is needed to check what kind of process or user opened it.

This open files can cause some troubles, like upgrade errors, or reboot hold up etc.

It could be a huge problem, which, if not thought through, can cause the delay of updates, or errors in server maintenance.

More common, but less extreme issues regarding this could come from users. Sometimes, in situations when users leave shared files open on their accounts, some other users, when opening the same file can experience error messages, and cannot access the same file.

This article will show you the way how to deal with that kind of issues, how to find and close open files/process. The operations can be applied to Microsoft Windows Server systems 2008, 2012, 2016 and Windows 10 for workstations.

There are a lot of working methods to deal with that kind of problems, first, one that we will describe is a usage of computer management:

View open files on a shared folder

In a situation of locked files on the server, made by users, this method could come in handy to troubleshoot it.

Use right click on start menu and select Computer Management ( or in start menu search type compmgmt.msc)

The procedure is very simple, and in most cases, it works with no problems.

Click on Shared Folders”, and after that, on Open Files.

That should open the screen with a list of files that are detected as open, the user that opened it, possible locks, and mode that is opened in.

By right click on the wanted file, choose an option, “Close open file”, and that will close it.

With processes and file details, the process is bit different.

Usage of Windows Task Manager

Task Manager will not close opened shared files, but it can close processes on the system.

It can be opened with a combination of keys ctrl, alt, del ( and choose Task Manager), or right-clicking on the taskbar then choose open task manager option.

Under tab processes, you can see all active processes and line it by parameters CPU, Memory etc…

If there is a process that you want to terminate, it can be done by simply right click on the process, and then choose End Process option.

Usage of Resource Monitor

For every system administrator, Resource Monitor is “the tool” that allows control and overview overall system processes and a lot more.

Resource Monitor can be opened by typing “resource monitor” in a start menu search box.

Another option is to open up the task manager, click the performance tab and then click Open Resource Monitor.

When Resource Monitor opens, it will show tabs, and one, needed for this operation is Disk.

It shows disk activity, and processes, files open, PID, read and write bytes per second etc.

If the system is running a lot of “live” processes, it can be confusing, so Resource Monitor offers “stop live monitoring” option, which will stop processes on screen running up and down, and will give you an overview of all processes up to “stop moment”.

Resource monitor offers an overview of opened files paths and processes on the system, and with that pieces of information, it is not a problem to identify and close files or processes.

Powershell cmdlet approach

Of course, PowerShell can do everything, GUI apps can, maybe even better, and in this case, there are several commands, that can and will close all your system’s opened files and processes.

There are more than one solutions with PowerShell scripts, and it is not recommended for administrators without experience in scripting.

For this example, we will show some of the possible solutions with PowerShell usage.

The following examples are applied to  Server Message Block (SMB) supported systems, and for systems that do not support SMB, the following examples will show how to close the file with NET file command approach.

In situations where one, or small numbers of exact known open files should be closed, this cmdlet can be used. It is, as usual, used from elevated PowerShell, and applies to a single file ( unsaved data on open files, in all examples, won’t be saved).

Close-SmbOpenFile -FileId ( id of file )
Confirm 
Are you sure you want to perform this action? 
Performing operation 'Close-File' on Target ‘( id of file)’. 
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): N

There is a variation of cmdlet which allows closing open files for a specific session.

Close-SmbOpenFile -SessionId ( session id )

This command does not close a single file, it applies to all opened files under the id of the specific session.

The other variation of the same cmdlet is applying to a file name extension ( in this example DOCX).

The command will check for all opened files with DOCX extension on all system clients and it will force close it. As mentioned before, any unsaved data on open files, will not be saved.

Get-SmbOpenFile | Where-Object -Property ShareRelativePath -Match ".DOCX" | Close-SmbOpenFile -Force

There are a lot more this cmdlet flags, and variations which allow applying a lot of different filters and different approaches to closing open files.

Powershell Script approach

With PowerShell scripts, the process of closing open files and processes can be automated.

$blok = {$adsi = [adsi]"WinNT://./LanmanServer"

$resources = $adsi.psbase.Invoke("resources") | Foreach-Object {

 New-Object PSObject -Property @{

 ID = $_.gettype().invokeMember("Name","GetProperty",$null,$_,$null)

 Path = $_.gettype().invokeMember("Path","GetProperty",$null,$_,$null)

 OpenedBy = $_.gettype().invokeMember("User","GetProperty",$null,$_,$null)

 LockCount = $_.gettype().invokeMember("LockCount","GetProperty",$null,$_,$null)

 }

}

$resources | Where-Object { $_.Path -like '*smbfile*'} |ft -AutoSize

$resources | Where-Object { $_.Path -like '*smbfile*'} | Foreach-Object { net files $_.ID /close }

}

Invoke-Command -ComputerName pc1 -ScriptBlock $blok

Our example script enables closing a file specified by path, that should be inserted In the script.

This way of closing open files is not recommended for administrators without PowerShell scripting experience, and if you are not 100% sure, that you are up to the task, do not use this way.

Close A File On Remote Computer Using Command Line

There are two other ways to close the open files. Either Net File or PSFile (Microsoft utility) could be used to close them. The first command can be ruined by usage of NET File command using the Psexec.exe remotely. The NET command does not support any Remote APIs.

Net file command can list all open shared files and the number of file lock per file. The command can be used to close files and remove locks ( similar to SMB example before) and it is used, similar to example before, when user leave a file open or locked.

It can be done with the following syntax

C:>net file [id [/close]]

In this syntax, ID parameter is the identification number of file ( we want to close), and of course, parameter close, represents action we want to apply to ID ( file).

Best practice of NET file command usage is to list open files by running Net File command, which lists all open files and sign it with numbers 0, 1, etc

So when files are listed, the command which will close open files is ( for example),

C:>net file 1 /close

So command will apply in a way that will close a file signed with number 1.

PsFile usage

PsFile is a third party application, but I will not put it in a list of third parties, as any good system administrator should use it as “normal”.

commands are similar to net file commands, with a difference that it doesn’t truncate long file names, and it can show files opened on remote systems locally.

It uses the NET API, documented in platform tools, and it becomes available by downloading PsTools package.

 psfile [\\RemoteComputer [-u Username [-p Password]]] [[Id | path] [-c]]

Usage of PsFile “calls” remote computer with valid username and Password, and with path inserted it will close the open files on the remote system

For Processes opened on the remote system, there is a similar command called PsKill, which on same principle “kills” processes.

Release a File Lock

In some situations, a problem with closing files can be handled by releasing a file lock. There are many examples of users locking their files, and leave it open ( for some reason, the most common type of locked files are excel files).

So all other users get an error message of type: Excel is locked for editing by another user, and get no option to close it or unlock.

As an administrator, you should have elevated rights and with right procedure, that can be fixed easily.

With pressing windows key and R, you will get windows run dialog.

In run dialog type mmc ( Microsoft Management Console).

By going to option File > Add/Remove Snap-in, add a “Shared Folders” snap-in.

If you are already an operating system that has the issue, choose Local Computer option, if not, choose Another computer option and find a wanted computer name.

Expand the Shared Folders, then select open files option.

Choose locked/open file, and close it by right click and selection of Close open file.

The described procedure will unlock and close an open file ( similar as in the first example of an article), and users will be able to access it.

Usage of Third-party apps

There is a lot of third-party apps with the purpose of handling open server files on the market.

We will describe a few of most used ones in this purpose.

Process Explorer – a freeware utility solution from Windows Sysinternals, initially created by Winternals, but acquired by Microsoft. It can be seen as Windows Task Manager with advanced features. One of many features is the close open files feature, and it is highly recommended for Server Administrators and IT professionals.

Sysinternals can be accessed on the following link :

https://docs.microsoft.com/en-us/sysinternals/

OpenedFilesView – Practically a single executable file application, displays the list of all opened files on your system. For each opened file, additional information is displayed: handle value, read/write/delete access, file position, the process that opened the file, and more.

To close a file or kill a process, right-click any file and select the desired option from the context menu.

It can be downloaded on the following link :

https://www.nirsoft.net/utils/opened_files_view.html

Lockhunter – usually a tool with a purpose of deletion of blocked files ( to recycle bin). It can be a workaround for open files, and it has a feature of listing and unlocking locked files on your system. It is very powerful, and helpful in a situation when system tools fail.

It could be downloaded on following the link: http://lockhunter.com/

Long Path Tool – Long Path Tool is a shareware program provided by KrojamSoftthat, as its name suggests, helps you fix a dozen issues you’ll face when a file’s path is too long. Those issues include not being able to copy, cut, or delete the files in question because its path is too long. With a bunch of features, this could maybe be an “overkill” for this purpose, but it is definitely a quality app for all sysadmins.

It could be downloaded on following link: https://longpathtool.com/