Skip to main content

Posts

List services on Windows

To check services on a Windows operating system can be done on a lot of ways.
Example below uses PowerShell script to check services.             
The code is PowerShell script thus it can be used also to check services on remote computers.
There is already a cmdlet included in PowerShell to check services in Windows.
TechNet link below provides details on how to use Get-Service cmdlet. https://technet.microsoft.com/en-us/library/ee176858.aspx
The code example below utilizes the Win32_service class.
The script will list all the services found on the system and the output will show the exit code, service name, process ID if the service is running, start mode whether the service is set to manual or auto, it will also show the state whether the service is running or in stopped mode and also indicate the status of the service.

Here's the script:
$computer="." $service = get-wmiobject -class win32_service -computername $computer Write-Output $service

Above script will list all …

Rename interface or network adapter name using PowerShell or Command line

How to rename interface or network adapter name using command line or Powershell?


In  Windows network connection window, it shows the list of available network card on the computer, NICs are listed with its name, interface card vendor name (like Intel(R) I350 Gigabit) and its connection name whether it's domain network, local network, private or other network connection name.

Network connections window can be access by typing "ncpa.cpl" from windows run box. Or typing "control cpa.cpl" from command line. Of course it can also be access via GUI from the control panel or task bar.

To rename Interface name using netsh via command line:

Netsh interface set interface name="Local Network" newname="Private LAN Network"


If the server or computer has multiple nics; its better to set the interface name with identifiable name that best describes the interface connection.

Netsh interface set interface name="Local Network" newname="NIC 1 W…

PowerShell check if port is open

PowerShell code snippet to check or test whether a port is open or closed on the IP Address specified.
==============================

$port_num= "2443" $IP_Add="192.168.2.1"
$result = New-Object Net.Sockets.TcpClient $IP_Add, $port_num
if($result.Connected) { write-host "Port 443 is open." $result.close() } else { write-host "Attempt to connect failed, check firewall or other settings." } ==============================

If port 2443 is open in IP Address 192.168.2.1 then PowerShell script will show "Port 443 is open."
If port 2443 is close the script will show "Attempt to connect failed, check firewall or other settings."
If the port is closed it could be that the firewall is not set to accept incoming connections for the particular port.
Do not set firewall settings to open any port if it is not necessary to do it.
If the service or application that is using the port is not operational anymore then close the port that was used by the app…

Delete local admin on remote PC via PowerShell

To delete a local admin on remote computer, run the PowerShell code below in elevated mode and it will delete the user name specified on the command.

The command below will fail if the remote PC is not configured to accept WMI connections.


invoke-command -ComputerName PC007 -ScriptBlock { net localgroup user_name /delete }


In a Windows domain environment, users should not have local admin or else it will be tough to control. There will be a lot of security issues and if the user is quite smart he or she will be able to circumvent group policies or domain settings.

If the user has local admin the user will be able to install software without the knowledge of the domain admin.

To check local admin accounts on remote computers check the link below.

There are quite a few tools on the web that will delete or list local admins on remote computers but whether the software has a malicious code on its coding then that would be another issue. Scripting is better than installing unknown software…

PowerShell get local admins on remote PCs

How to list members of local administrators on a domain environment?

How to get localgroup administrator members on remote computers in an active directory domain?

Below is a piece of code using Powershell to list members of local administrator  groups on remote PCs.

Code should be run in an elevated mode which has proper access on remote computers.

It needs also WMI to be enable on remote computers being queried. Which is quite dangerous to enable all the time, after using WMI then it is good to disable the settings in order not to be exploited by other users, viruses or malwares.

If WMI is not enable on the remote PC then PowerShell will throw this error:

Connecting to remote server SERVER_NAME failed with the following error message : WinRM cannot complete the operation. Verify that the specified computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is
enabled and allows access from this computer. By default,…

PowerShell list printers of remote computers

How to print installed printers on remote computers?

With and PowerShell WMIC it can be don easily.

PowerShell command to list installed printers of a remote PC.

Invoke-command -ComputerName PC0100 -ScriptBlock { wmic printer get name}

Command above needs appropriate privileges to execute successfully and remote computers should be configured to accept remote WMIcommands.

Sample output: