Scribd
Upload
141 views

Advanced Windows Security

This document provides commands and instructions for managing user accounts, groups, and other system configuration settings in Windows. It includes commands for adding, modifying, and deleting users and groups, viewing active processes and ports, configuring network settings like IP addresses and routes, and using tools like the Microsoft Management Console and Group Policy Editor.

Uploaded by

Nikhil Singh
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
141 views

Advanced Windows Security

This document provides commands and instructions for managing user accounts, groups, and other system configuration settings in Windows. It includes commands for adding, modifying, and deleting users and groups, viewing active processes and ports, configuring network settings like IP addresses and routes, and using tools like the Microsoft Management Console and Group Policy Editor.

Uploaded by

Nikhil Singh
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

mmc Microsoft management console red team field manual

http://www.windows-commandline.com/add-user-from-command-line/
http://www.thewindowsclub.com/customizing-the-password-policy-in-windows-7
net user [username] [password] /ADD
net user {username] [password] /DELETE
net user username password /ADD /FULLNAME:"User_Fullname"
net user username password /ADD /PASSWORDCHG:Yes
net user username userpasswd /ADD /PASSWORDCHG:NO
LISTENING PORTS AND PIDS: netstat -ano
LISTENING PORTS OF PID 1234 - CAN GET FROM TASK MANAGER: netstat -ano | findstr 1234
MAKE NETWORK CARDS COME UP: ncpa.cpl
ADD ROUTE: route ADD 10.1.1.0 MASK 255.255.255.0 192.168.1.8
ADD ROUTE PERSISTENT SO LASTS TILL NEXT REBOOT: route -p ADD 10.1.1.0 MASK
255.255.255.0 192.168.1.8
DELETE ROUTE - IP OF DESTINATION: route delete 10.0.0.0
VIEW USER ACCOUNT PASSWORD AND LOGON REQUIREMENTS (ALSO DISPLAYS THE
MACHINE TYPE - NT SERVER OR NT WORKSTATION)
net accounts
VIEW PASSWORD AND LOGON REQUIREMENTS FOR THE NETWORK DOMAIN.
net accounts /domain
SET THE NUMBER OF MINUTES A USER HAS BEFORE BEING FORCED TO LOG OFF WHEN THE
ACCOUNT EXPIRES OR VALID LOGON HOURS EXPIRE
net accounts /forcelogoff:minutes /domain
PREVENT FORCED LOGOFF WHEN USER ACCOUNTS EXPIRE
net accounts /forcelogoff:no /domain
SET THE MINIMUM NUMBER OF CHARACTERS FOR A PASSWORD.
net accounts /minpwlen:c /domain
THE RANGE IS 0-14 CHARACTERS; THE DEFAULT IS 6 CHARACTERS.
SET THE MAXIMUM NUMBER OF DAYS THAT A PASSWORD IS VALID.
net accounts /maxpwage:dd /domain
THE RANGE IS 1-49710; THE DEFAULT IS 90 DAYS.

SET PASSWORDS TO NEVER EXPIRE.


net accounts /maxpwage:unlimited /domain
SET A MINIMUM NUMBER OF DAYS THAT MUST PASS BEFORE A USER CAN CHANGE A
PASSWORD (DEFAULT = 0)
net accounts /minpwage:dd /domain
REQUIRE THAT NEW PASSWORDS BE DIFFERENT FROM 'X' NUMBER OF PREVIOUS
PASSWORDS
net accounts /uniquepw:x /domain
THE RANGE FOR 'X' IS 1-24
SYNCHORONISE THE USER ACCOUNTS DATABASE (PDC AND BDC)
net accounts /sync /domain
VIEW USER ACCOUNT DETAILS
net user [/domain]
ADD USER:
net user USER PASS /add
net user USER /add
ADD A USER ACCOUNT.
net user username {password | *} /add [options] [/domain]
MODIFY A USER ACCOUNT.
net user [username [password | *] [options]] [/domain]
DELETE A USERNAME
net user username [/delete] [/domain]
GENERATE A RANDOM PASSWORD:
net user administrator /random
ADD A WORKGROUP
net group groupname /add [/comment:"text"] [/domain]
EDIT A WORKGROUP
net group [groupname [/comment:"text"]] [/domain]

DELETE A GROUP
net group groupname /delete [/domain]
ADD A USER TO A GROUP
net group groupname username [...] /add [/domain]
DELETE A USER FROM A GROUP
net group groupname username [...] /delete [/domain]
TO VIEW, ADD OR MODIFY A LOCAL WORKGROUP REPLACE GROUP IN THE COMMANDS ABOVE
WITH LOCALGROUP.
EXAMPLES
CREATE A GROUP
c:\>net localgroup spud /add
ADD TO GUESTS
c:\>net localgroup guests spud /add
THEN REMOVE
c:\>net localgroup guests spud /delete
c:\>net localgroup spud /delete

Lists active processes


tasklist
Lists all tasks that have DLL
modules loaded
tasklist/M
Redirect processes list to a file
tasklist>processes.log
Finding a process id
e.g to find the PID of notepad.exe
tasklist|findnotepad
Kill a process
taskkill/IMnotepad.exe
taskkill/PID1304(if 1304 is the
process id)
Kill all processes owned by Ish
taskkill/F/FIUSERNAMEeqIsh
Verify opened TCP or UDP ports
netstatanp
TCP
netstatanp
UDP

Search from a list of opened ports


netstatan
|find80
List IP configuration
ipconfig
ipconfig/release
ipconfig/renew
Show route configuration
routePRINT
Set DNS to Google's server :)
netshinterfaceipsetdnsLocal
AreaConnectionstatic8.8.8.8
++++++++++++++
Search for a file (e.g file named
cheat_sheet.pdf)
dir/s/pcheat_sheet.pdf

InmmcorTEMPLATES:
AddSnapins:WindowsFirewall,LocalUsersandGroups,Security
Templates,SecurityConfigurationandAnalysis,GroupPolicy(orLocal
ComputerPolicy)
Makenewtemplatepath;makenewtemplatebaseline;Goto
SecurityConfigurationandAnalysisandopendatabasebaseline;then
makesuretemplateissavedaftermakingchanges;thenimport
template;thenanalyzecomputernoworconfigurecomputernow;go
backanchecktomakesureeverythingisgood

LocalSecurityPolicy>ComputerConfiguration>WindowsSettings>
SecuritySettings>AccountPolicies

SCATComplianceChecker

gpedit.msc
https://docs.google.com/document/d/1U3IqJp0THfv2Iyu49tBwySoPwKiJO8W0UMY6LB
c2nKY/edit

You might also like