Monthly Archives: September 2013


Enable / Disable firewall via command line

Please refer to link: http://social.technet.microsoft.com/Forums/windowsserver/en-US/5a438757-d294-483d-8619-df9eb5700561/how-to-disable-the-windows-firewall-using-the-command-shell

netsh firewall set opmode disable

As Zaubi points out you should avoid using this command because it eliminates the firewall as a security measure completely, which is a bad thing. Temporarily disabling the firewall might be useful to troubleshoot network connectivity. The command to enable the firewall again is:

netsh firewall set opmode enable

Firewall

I recommend taking a look at one of the command lines below. I’ll show you some examples of how to open up the firewall.I assume you use the Windows Firewall in the Default profile.

 

To enable service exceptions

The Windows Firewall in a Server Core installation of Windows Server 2008 comes with a couple of default firewall exceptions. You can enable these exception to allow specific types of traffic through the firewall. For example, to allow File and Printer Sharing you can run the following command:

netsh firewall set service fileandprint

If at any point you need help with the set service command just type netsh firewall set servicewhich will show you some help. Extra command line switches may allow you to specify another firewall profile and/or specify a firewall scope (all, subnet or custom)

To open specific ports

If your situation demands you open up specific ports to allow incoming traffic through your firewall you can add specific port openings in your firewall. You can specify whether the traffic is UDP or TCP, which port number you’d like to open and which name you’d like to give your portopening, like this:

netsh firewall set portopening protocol=TCP | UDP port=PortnumberHerename=AnyNameHere

If at any point you need help with the set service command just type netsh firewall set portopening which will show you some help. Extra command line switches may allow you to specify another firewall profile and/or specify a firewall scope (all, subnet or custom)

To allow specific programs

Another way to open up the firewall is to allow specific programs to communicate with the outside world. The Windows Firewall will allow any traffic to the executables you specify. Again you can also specify a name for the rule. Use this command to allow specific programs:

netsh firewall set allowedprogram program=FullPathToExecutable name=AnyNameHere

If at any point you need help with the set service command just type netsh firewall set allowedprogram which will show you some help. Extra command line switches may allow you to specify another firewall profile and/or specify a firewall scope (all, subnet or custom)

 Advanced Firewall

Alternatively you can use the spanking new Advanced Firewall, which enables you to control incoming as well as outgoing traffic, allows you to edit the firewall configuration in offline mode (so you can change the settings, without committing any changes yet) There’s a nice webpage with more information on the Advanced Firewall functionality here. It shows you how to change settings through the commandline and how to change them using Group Policies.

Under Windows XP SP2, it is possible to enable or disable the firewall with the following command lines.

First open the command prompt: (Windows + R keys) and type : cmd


GET SYSTEM INFORMATION FROM COMMAND LINE USING SYSTEMINFO COMMAND

Refer to link: http://windowscmdline.blogspot.co.il

Get System information from command line using Systeminfo command

We can find system information of a computer from windows command line using the commandSysteminfo. This command shows the following details.
Computer name, OS version, OS configuration, OS type, Install Date, System uptime data, BIOS version, Available physical memory, Processor model, Hotfixes installed, Network cards information, 
Domain name of the computer, System Locale, Time Zone and many other details.
Since systeminfo shows us lots of information, if we want to get any particular information we can usefindstr command to filter out unwanted details. See some examples below.
To get system’s physical memory information from windows command line:
systeminfo | findstr /C:”Total Physical Memory”
To get System type from windows command line:
systeminfo | findstr /C:”System type”
To find System locale from windows command line:
systeminfo | findstr /C:”System Locale”
To find system manufacturer from windows command line:
systeminfo | findstr /C:”System Manufacturer”
To find OS install date from windows command line:
systeminfo | findstr /C:”Install Date”

NET LOCALGROUP from COMMAND

Refer to link: http://windowscmdline.blogspot.co.il/

NET LOCALGROUP

Net localgroup command can be used to manage local user groups on a computer. Using this command, administrators can add users to groups, delete users from groups, create new groups and delete existing groups. Below you can find syntax for all these operations.
Create a new local group
We can use below command to create a new local group.
net localgroup /add groupname
Example:
Command for adding a new user group ‘testgroup’
net localgroup /add testgroup
List the user groups on the local computer
‘net localgroup‘ command displays the list of user groups on the local computer.
Example:
c:\>net localgroup
Aliases for \\WINCMD-PC
——————————————————————————-
*Administrators
*Backup Operators
*Power Users
*Remote Desktop Users
*Replicator
*testgrp
*Users
Some of the groups listed above, are created by default with Windows installation.
Add a user to group
Below is the syntax for adding a user to a local group.
net localgroup groupname username /add
For example, to add user ‘user1′ to the group ‘testgrp’ the command is:
net localgroup testgrp user1 /add
List the users that belong to a group
‘net localgroup groupname‘ prints the list of users in a group.
Example:
c:\>net localgroup testgrp
Alias name     testgrp
Comment
Members
——————————————————————————-
test
The command completed successfully.
Delete user from group
Below is the command for deleting a user from a group.
net localgroup groupname username /delete
To delete user ‘user1′ from the group ‘testgrp’ the command is:
net localgroup testgrp user1 /delete
All the above commands should be run from elevated administrator command prompt in Vista and Windows 7. Other wise an error will be generated as shown below.
C:>net localgroup /add test1
System error 5 has occurred.
Access is denied.

ADD USER TO GROUP FROM COMMAND LINE (CMD)

Refer to link: http://windowscmdline.blogspot.co.il/

Add user to group from command line (CMD)

In Windows computer we can add users to a group from command line. We can use net localgroupcommand for this.

net localgroup group_name UserLoginName /add

For example to add a user to administrators group, we can run the below command. In the below example I have taken username as John.

net localgroup administrators Miller /add

Few more examples:
To add a domain user to local users group:

net localgroup users domainname\username /add

This command should be run when the computer is connected to the network. Otherwise you will get the below error.

H:\>net localgroup users domain\user /add
System error 1789 has occurred.
The trust relationship between this workstation and the primary domain failed.

To add a domain user to local administrator group:

net localgroup administrators domainname\username /add

To add a user to remote desktop users group:

net localgroup "Remote Desktop Users" UserLoginName  /add

To add a user to debugger  users group: 

net localgroup "Debugger users" UserLoginName /add

To add a user to Power users group: 

net localgroup "Power users" UserLoginName /add

This command works on all editions of Windows OS i.e. Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows 7. In Vista and Windows 7, even if you run the above command from administrator login you may still get access denied error like below.

C:\> net localgroup administrators techblogger /add
System error 5 has occurred.
Access is denied.

The solution for this is to run the command from elevated administrator account. See How to open elevated administrator command prompt

When you run the ‘net localgroup’ command from elevated command prompt:

C:\>net localgroup administrators techblogger /add
The command completed successfully.

To list the users belonging to a particular group we can run the below command.

net localgroup group_name

For example to list all the users belonging to administrators group we need to run the below command.

net localgroup administrators

ENABLE REMOTE DESKTOP FROM COMMAND LINE (CMD)

Enable remote desktop from command line (CMD)

Remote desktop can be enabled/disabled by opening My computer properties and then by changing the settings in the ‘Remote‘ tab. We can do the same by editing registry key settings. This is explained below. Remote desktop is also called Terminal services or TS or RDP. This is an in-built remote desktop software for Windows users.
To enable remote desktop.
  • Open registry editor by running regedit from Run.
  • Go to the node HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  • Change the data of the value fDenyTSConnections to 0.
We can enable remote desktop from windows command line by running the following command.
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
To disable remote desktop we need to run the below command.
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f
Reboot or logoff is not required after running the above command. I have tested this on Windows XP and Windows 7 and it has worked fine. It would work fine on Windows Vista too.
To enable Remote assistance:
reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fAllowToGetHelp /t REG_DWORD /d 1 /f
Then add a user to Remote Desktop access:
net localgroup “Remote Desktop Users” USER /ADD