# Windows - One Liners

# Security

# List Local Group Membership

```
net localgroup “Administrators” > C:\Servers.txt
```

<div class="code-toolbar" id="bkmrk-copy-12"></div>[Original Article](https://social.technet.microsoft.com/Forums/windowsserver/en-US/04cf3cb7-3fff-4ff4-b33b-0776d095ee7a/how-to-export-the-local-group-membership-to-a-text-file?forum=winserverDS)

# List and Logoff RDP Users Remotely

To get a list of the Remote Sessions in the command window (Get the session Id of user to kick out):

```
qwinsta /server:SERVERIP
```

To disconnect the remote session:

```
rwinsta /server:SERVERIP SESSIONID
```

From [http://superuser.com/questions/62498/kicking-logging-out-remote-windows-users](http://superuser.com/questions/62498/kicking-logging-out-remote-windows-users)

# Network

# Add Multiple DNS Servers Via Command Line

```shell
netsh interface ipv4 add dnsserver name="Local Area Connection" address=192.168.100.48 index=2
```

From [https://practical365.com/exchange-server/how-to-add-multiple-dns-servers-to-windows-server-2008-core/](https://practical365.com/exchange-server/how-to-add-multiple-dns-servers-to-windows-server-2008-core/)

# ICACLS Backup/Restore

Open an elevated cmd prompt.  
Save

```
icacls E:\ /save "E:\ntfsDdrive.txt /t /c
```

Restore

```
icacls E:\ /restore "E:\ntfsDdrive.txt
```

From [https://social.technet.microsoft.com/Forums/en-US/8299036a-3cfe-40d7-beb8-becd2e56c2f4/icacls-syntax-issues-with-backup-restore?forum=winserverfiles](https://social.technet.microsoft.com/Forums/en-US/8299036a-3cfe-40d7-beb8-becd2e56c2f4/icacls-syntax-issues-with-backup-restore?forum=winserverfiles)

# Applications

# List Installed Programs

```shell
gwmi win32_product | ft name, version, ident*
```

# Uninstall Applications

## WMIC Uninstall

##### Check list of applications

```bash
wmic product where "name like '%java%'" get name
```

##### Uninstall

```bash
wmic product where "name like '%Java%' or name like '%JRE%'" call uninstall
```

## Powershell Uninstall

##### Check list of applications

```powershell
Get-Package -ProviderName Programs -IncludeWindowsInstaller -Name 'ProgramNameHere'
```

##### Uninstall

```powershell
Uninstall-Package -ProviderName Programs -IncludeWindowsInstaller -Name 'ProgramNameHere'
```

# Performance

# File System

# Get Drive/Folder Owner

```none
GET-ACL “$Path”| Select-Object path, Owner -expand access | Select-Object @{n=”Path”;e={$_.Path.replace(“Microsoft.PowerShell.Core\FileSystem::”,””)}}, Owner, IdentityReference, FileSystemRights, AccessControlType, IsInherited
```

<div class="code-toolbar" id="bkmrk-copy-13"></div>[Original Article](http://winplat.net/2014/08/23/find-file-folder-owner-information-using-powershell-or-command-prompt)

# Remove Folder With . At End Of It

```
rd /s "\\?\C:\Documents and Settings\User\Desktop\Annoying Folder."
```

<div class="code-toolbar" id="bkmrk-"><div class="toolbar"><div class="toolbar-item">  
</div></div></div>From [https://stackoverflow.com/questions/4075753/how-to](https://stackoverflow.com/questions/4075753/how-to-delete-a-folder-that-name-ended-with-a-dot)

# Remove Font Cache

```
forfiles /P C:\Windows\ServiceProfiles\LocalService\AppData\Local /M FontCache* /D -30 /C "cmd /c del @path"
```

From [https://social.technet.microsoft.com/Forums/windows/en-US/3795364f-b66c-43ae-82d3-8ed5eb1aa2ce/local-service-system-profile-grown-to-extremely-large-size?forum=winserverTS](https://social.technet.microsoft.com/Forums/windows/en-US/3795364f-b66c-43ae-82d3-8ed5eb1aa2ce/local-service-system-profile-grown-to-extremely-large-size?forum=winserverTS)

# Shrink Windows Datastore.edb

```
esentutl.exe /d c:\Windows\SoftwareDistribution\DataStore\DataStore.edb
```

From [https://www.experts-exchange.com/questions/28712976/C-Windows-SoftwareDistribution-DataStore-DataStore-edb-file-getting-bigger-than-1-GB-in-my-Windows-Server.html](https://www.experts-exchange.com/questions/28712976/C-Windows-SoftwareDistribution-DataStore-DataStore-edb-file-getting-bigger-than-1-GB-in-my-Windows-Server.html)

# Updates

# Remove Patches Via Command Line

Works on Windows Server 2008R2, 7, 8 and higher

1. Find the list of packages installed on the machine with the issue by performing this command

```
dism /online /get-packages /format:table
```

for ease of reading I did the following:

```
dism /online /get-packages /format:table > patches.txt
```

2. From the list get the Package Identity Name

`Package_for_KB2870699~31bf3856ad364e35~amd64~~6.2.1.1`

3. Run this command to uninstall the update silently

```
DISM.exe /Online /Remove-Package /PackageName:Package_for_KB2870699~31bf3856ad364e35~amd64~~6.2.1.1 /quiet /norestart
```

From [https://arstechnica.com/civis/viewtopic.php?t=1217819](https://arstechnica.com/civis/viewtopic.php?t=1217819)

# System

# Restart in Safe Mode

1\. Open Advanced Startup Options in Windows 10 or Windows 8, assuming you're using one of those operating systems. Since you can't start Windows properly, use method 4, 5, or 6 outlined in that tutorial.

With Windows 7 or Windows Vista, start System Recovery Options using your installation media or a system repair disc. Unfortunately, this process doesn't work with Windows XP.

<p class="callout info">Note: If you want to force or stop Safe Mode from starting, and you actually can access Windows properly, you don't need to follow the procedure below. See the much easier How to Start Windows in Safe Mode Using System Configuration process.</p>

2. Open Command Prompt.

Advanced Startup Options (Windows 10/8): Tap or click on Troubleshoot, then Advanced options, and finally Command Prompt.

System Recovery Options (Windows 7/Vista): Click on the Command Prompt shortcut.

3. With Command Prompt open, execute the correct bcdedit command as shown below based on which Safe Mode option you'd like to start:

Safe Mode:

```
bcdedit /set {default} safeboot minimal
```

Safe Mode with Networking:

```
bcdedit /set {default} safeboot network
```

Safe Mode with Command Prompt:

```
bcdedit /set {default} safeboot minimal
bcdedit /set {default} safebootalternateshell yes
```

Tips: Be sure to type whatever command you choose exactly as shown and then execute it using the Enter key. Spaces are very important! The { and } brackets are the ones above the \[ and \] keys on your keyboard. Two separate commands are required to start Safe Mode with Command Prompt, so be sure to execute them both.

1. A properly executed bcdedit command should return a "The operation completed successfully" message.

If you see "The parameter is incorrect", or "The set command specified is not valid", or "...is not recognized as an internal or external command...", or a similar message, check Step 3 again and make sure you executed the command properly.

2. Close the Command Prompt window.
3. In Windows 10 and 8, tap or click on Continue.

In Windows 7 and Vista, click the Restart button.

4. Wait while your computer or device restarts.
5. Once Windows starts, log in as you normally do and use Safe Mode however you were planning.

Important: Windows will continue to start in Safe Mode every time you reboot unless you undo what you did in Step 3. The easiest way to do that is not by executing more commands, but via System Configuration. See How to Start Windows in Safe Mode Using System Configuration and follow steps 8 through 11 in that tutorial.  
How to Stop a Safe Mode Loop  
If Windows is stuck in a sort of "Safe Mode Loop," preventing you from starting in normal mode again, and you've tried the instructions I gave in the Important call-out from Step 8 above but haven't been successful, try this:

1. Start Command Prompt from outside of Windows, the process outlined in Steps 1 and 2 above.
2. Once Command Prompt is open, execute this command:

```
bcdedit /deletevalue {default} safeboot
```

3. Assuming it was successfully executed (see Step 4 above), restart your computer and Windows should then start normally.

From [https://www.lifewire.com/how-to-force-windows-to-restart-in-safe-mode-2625163](https://www.lifewire.com/how-to-force-windows-to-restart-in-safe-mode-2625163)