NW Doc

For Windows Vista & Windows 7 above

This is easy using the 'netsh' command.

To block it we would call it like this:

netsh advfirewall firewall add rule name="BlockAIM" protocol=TCP
dir=out remoteport=4099 action=block

Let me explain each setting:

name = The name of the rule. (Pick something descriptive)
protocol = The protocol we are going to block (UDP or TCP for most cases)
dir = The direction of the block. Can be IN or OUT
remoteport = The port of the remote host that is going to be blocked
action = Could be block or allow. In our case we want to block the connection

Once you execute the above code, all outbound requests to any host on port 4099 will be blocked, and it adds an entry to the Windows firewall.

If you want to remove the rule from the command line, you can call netsh like this:

netsh advfirewall firewall delete rule name="BlockAIM"

That is all there is to it. One line to add a rule, and one line to remove.

Cloud storage means "the storage of data online in the cloud," wherein a company's data is stored in and accessible from multiple distributed and connected resources that comprise a cloud.

Cloud storage can provide the benefits of greater accessibility and reliability; rapid deployment; strong protection for data backup, archival and disaster recovery purposes; and lower overall storage costs as a result of not having to purchase, manage and maintain expensive hardware. However, cloud storage does have the potential for security and compliance concerns.

There are four main types of cloud storage:
Personal Cloud Storage

Also known as mobile cloud storage, personal cloud storage is a subset of public cloud storage that applies to storing an individual's data in the cloud and providing the individual with access to the data from anywhere. It also provides data syncing and sharing capabilities across multiple devices. Apple's iCloud is an example of personal cloud storage.
Public Cloud Storage

Cloud storage where the enterprise and storage service provider are separate and there aren't any cloud resources stored in the enterprise's data center. The cloud storage provider fully manages the enterprise's public cloud storage.
Private Cloud Storage

A form of cloud storage where the enterprise and cloud storage provider are integrated in the enterprise's data center. In private cloud storage, the storage provider has infrastructure in the enterprise's data center that is typically managed by the storage provider. Private cloud storage helps resolve the potential for security and performance concerns while still offering the advantages of cloud storage.
Hybrid Cloud Storage

A combination of public and private cloud storage where some critical data resides in the enterprise's private cloud while other data is stored and accessible from a public cloud storage provider.

Site

TRACERT COMMANDS IS A WINDOWS UTLITY WHICH HELPS TO TRACE THE ROUTE OF PACKETS ON A NETWORK.
ITS ONE OF A USEFULL TOOL USED IN FINDING THE IP ADRESS OF A PERSON OR SERVER.
WHEN WE ARE CONNECTED TO A COMPUTER. AS EACH PACKETS OF TINFORMATION TO OUR COMPUTER PASSES TO THE NET
THROUGH ROUTERS .THE TRACING OF PACKETS HELPS US WITH. FINDING THE DESTINATION.
TRACE NETWORK : tracert [-d][-h maximum_hops][-j host-list][-w
timeout]target_name
PACKET/SITE TO IP
-d : do not resolve addresses to hostnames
-h maximum_hops : maximum number of hops to search for target
-j host-list : loose source route along host-list
-w timeout : wait timeout milliseconds for each reply
EX : TRACERT 192.63.19.100
--------------------------------------------------------------------------------------------
THIS UTLITY WAS USED TO KNOW WHETHER A SYSTEM OR SERVER IS ALIVE OR NOT WE SEND IT WITH A FEW PACKETS OF DATA .AND IF WE DOSENT HAS ANY LOSS OF DATA WHILE THE TRAFIC THE SERVE IS ALIVE.
PING HOST/IP : ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]][-w timeout] destination-list
Options:
-t Pings the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet.
-i TTL Time To Live.
-v TOS Type Of Service.
-r count Record route for count hops.
-s count Timestamp for count hops.
-j host-list Loose source route along host-list.
-k host-list Strict source route along host-list.
-w timeout Timeout in milliseconds to wait for each reply.
EX:PING 192.62.99.100
--------------------------------------------------------------------------------------------
THIS WILL BE FAIRLY IMPORTANT WHILE WE NEED TO DISGUISE AS SOME BODY AS AN IP ADRESS IS ONE KIND OF AUTHENTICATION CHANGE IP ON A
NETWORK CARD : ARP -s inet_addr eth_adr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a :Displays current ARP entries by interrogating the current protocol data.
If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed.
-g : Same as -a
inet_addr : Specifies an internet address.
-N if addr : Displays the ARP entries for the network interface specified
by if_addr.
-d : Deletes the host specified by inet_addr.
-s : Adds the host and associates the Internet address inet_addr with the
Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes seperated by hyphens. The entry is permanent.
eth_addr : Specifies a physical address
if_addr : If present, this specifies the Internet address of the interface
whose address translation table should be modified. If not present, the first applicable interface will be used.
--------------------------------------------------------------------------------------------
DISPLAY OR CHANGE FILE ATTRIBUTES : ATTRIB [+R|-R] [+A|-A] [+S|-S] [+H|-H]
[[drive:][path]filename] [/S]
+ Sets an attribute.
- Clears an attribute.
R Read-only file attribute.
A Archive file attribute.
S System file attribute.
H Hidden file attribute.
/S Processes files in all directories in the specified path.
--------------------------------------------------------------------------------------------
VIEW A NETWORK Using NET.exe
/NETWORK SETTINGS : NET CONFIG Displays your current workgroup settings.
NET CONFIG [/YES]
/YES Carries out the NET CONFIG command without first prompting you to provide information or confirm actions.

NET DIAG Runs the Microsoft Network Diagnostics program to test the hardware
connection between two computers and to display information about a single computer.
NET DIAGNOSTICS [/NAMES | /STATUS]
/NAMES Specifies a diagnostic server name in order to avoid conflicts when
NET DIAG is used simultaneously by multiple
users. This option works only when the network uses a NetBIOS protocol.
/STATUS Enables you to specify a computer about which you want network
diagnostics information.

NET HELP Displays information about NET commands and error messages.
command /?
NET HELP [suffix]
NET HELP errornum
command /? -Specifies the Microsoft NET command that you want information
about.
suffix -Specifies the second word of the command you want information
about. For example, the suffix of NET VIEW is VIEW.
errornum -Specifies the number of the error message that you want
information about.

NET INIT Loads protocol and network-adapter drivers without binding them to
Protocol Manager. This command may be required if you are using a third-party network-adapter driver. You can then bind the drivers to Protocol Manager by typing
NET START NETBIND.
NET INITIALIZE [/DYNAMIC]

/DYNAMIC Loads the Protocol Manager dynamically. This is useful with some
third-party networks, such as Banyan® VINES®, to resolve memory problems.

NET LOGOFF Breaks the connection between your computer and the shared
resources to which it is connected.
NET LOGOFF [/YES]

/YES Carries out the NET LOGOFF command without first prompting you to
provide information or confirm actions.

NET LOGON Identifies you as a member of a workgroup.
NET LOGON [user [password | ?]] [/DOMAIN:name] [/YES] [/SAVEPW:NO]

user- Specifies the name that identifies you in your workgroup. The name you
specify can contain up to 20 characters.
password -The unique string of characters that authorizes you to gain access
to your password-list file. The password
can contain up to 14 characters.
? -Specifies that you want to be prompted for your password.
/DOMAIN -Specifies that you want to log on to a Microsoft Windows NT or LAN
Manager domain. name Specifies the Windows NT
or LAN Manager domain you want to log on to.
/YES -Carries out the NET LOGON command without first prompting you to
provide information or confirm actions.
/SAVEPW:NO Carries out the NET LOGON command without prompting you to
create a password-list file.
If you would rather be prompted to type your user name and password instead
of specifying them in the NET LOGON command
line, type NET LOGON without options.

NET PASSWORD Changes your logon password.
NET PASSWORD [oldpassword [newpassword]]
NET PASSWORD \\computer| /DOMAIN:name [user [oldpassword [newpassword]]]

oldpassword -Specifies your current password.
newpassword -Specifies your new password. It can have as many as 14
characters.
computer -Specifies the Windows NT or LAN Manager server on which you want
to change your password.
/DOMAIN -Specifies that you want to change your password on a Windows NT or LAN Manager domain.
name -Specifies the Windows NT or LAN Manager domain on which you want to change your password.
user -Specifies your Windows NT or LAN Manager user name.
The first syntax line above is for changing the password for your password-list file. The second syntax line above is for changing your password on a Windows NT or LAN Manager server or domain.

NET PRINT Displays information about print queues and controls print jobs.
NET PRINT \\computer[\printer] | port [/YES]
NET PRINT \\computer| port [job# [/PAUSE | /RESUME | /DELETE]] [/YES]

computer -Specifies the name of the computer whose print queue you want
information about.
printer -Specifies the name of the printer you want information about.
port -Specifies the name of the parallel (LPT) port on your computer that is
connected to the printer you want information about.
job# -Specifies the number assigned to a queued print job. You can specify
the following options:
/PAUSE -Pauses a print job.
/RESUME -Restarts a print job that has been paused.
/DELETE -Cancels a print job.
/YES -Carries out the NET PRINT command without first prompting you to
provide information or confirm actions.
When you specify the name of a computer by using the NET PRINT command, you
receive information about the print queues
on each of the shared printers that are connected to the computer.

NET START Starts services. NOTE: Services cannot be started from a command
prompt within Windows.
NET START [BASIC | NWREDIR | WORKSTATION | NETBIND | NETBEUI | NWLINK]
[/LIST] [/YES] [/VERBOSE]

BASIC Starts the basic redirector.
NWREDIR Starts the Microsoft Novell® compatible redirector.
WORKSTATION Starts the default redirector.
NETBIND Binds protocols and network-adapter drivers.
NETBEUI Starts the NetBIOS interface.
NWLINK Starts the IPX/SPX-compatible interface.
/LIST Displays a list of the services that are running.
/YES Carries out the NET START command without first prompting you to
provide information or confirm actions.
/VERBOSE Displays information about device drivers and services as they are
loaded.
To start the workgroup redirector you selected during Setup, type NET START
without options. In general, you don't need to use any of the options.

NET STOP Stops services. NOTE: Services cannot be stopped from a command
prompt within Windows.
NET STOP [BASIC | NWREDIR | WORKSTATION | NETBEUI | NWLINK] [/YES]
NET STOP Stops the basic redirector.
BASIC Stops the basic redirector.
NWREDIR Stops the Microsoft Novell® compatible redirector.
WORKSTATION Stops the default redirector.
NETBEUI Stops the NetBIOS interface.
NWLINK Stops the IPX/SPX compatible interface.
/YES Carries out the NET STOP command without first prompting you to provide
information or confirm actions.
To stop the workgroup redirector, type NET STOP without options. This breaks
all your connections to shared resources and removes the NET commands from your computer's memory.

NET TIME Displays the time on or synchronizes your computer's clock with the
shared clock on a Microsoft Windows for Workgroups,Windows NT, Windows 95, or NetWare time server.
NET TIME [\\computer | /WORKGROUP:wgname] [/SET] [/YES]

computer -Specifies the name of the computer (time server) whose time you
want to check or synchronize your computer's
clock with. /WORKGROUP Specifies that you want to use the clock on a computer (time
server) in another workgroup.
wgname -Specifies the name of the workgroup containing a computer whose
clock you want to check or synchronize your computer's clock with.
If there are multiple time servers in that workgroup, NET TIME uses the
first one it finds.
/SET Synchronizes your computer's clock with the clock on the computer or
workgroup you specify.
/YES Carries out the NET TIME command without first prompting you to provide
information or confirm actions.

NET USE Connects or disconnects your computer from a shared resource or
displays information about your connections.
NET USE [drive: | *] [\\computer\directory [password | ?]]
[/SAVEPW:NO] [/YES] [/NO]
NET USE [port:] [\\computer\printer [password | ?]]
[/SAVEPW:NO] [/YES] [/NO]
NET USE drive: | \\computer\directory/DELETE [/YES]
NET USE port: | \\computer\printer/DELETE [/YES]
NET USE * /DELETE [/YES]
NET USE drive: | * /HOME

drive -Specifies the drive letter you assign to a shared directory.
* -Specifies the next available drive letter. If used with /DELETE,
specifies to disconnect all of your connections.
port -Specifies the parallel (LPT) port name you assign to a shared printer.
computer -Specifies the name of the computer sharing the resource.
directory -Specifies the name of the shared directory.
printer -Specifies the name of the shared printer.
password -Specifies the password for the shared resource, if any.
? -Specifies that you want to be prompted for the password of the shared
resource. You don't need to use this option unless the password is optional.
/SAVEPW:NO Specifies that the password you type should not be saved in your
password-list file. You need to retype the password the next time you connect to this resource.
/YES Carries out the NET USE command without first prompting you to provide
information or confirm actions.
/DELETE Breaks the specified connection to a shared resource.
/NO Carries out the NET USE command, responding with NO automatically when
you are prompted to confirm actions.
/HOME Makes a connection to your HOME directory if one is specified in your
LAN Manager or Windows NT user account.
To list all of your connections, type NET USE without options.

NET VER Displays the type and version number of the workgroup redirector you
are using.
NET VER

NET VIEW Displays a list of computers in a specified workgroup or
the shared resources available on a specified computer.
NET VIEW [\\computer] [/YES]
NET VIEW [/WORKGROUP:wgname] [/YES]

computer -Specifies the name of the computer whose shared resources you want
to see listed.
/WORKGROUP Specifies that you want to view the names of the computers in
another workgroup that share resources.
wgname -Specifies the name of the workgroup whose computer names you want to
view.
/YES Carries out the NET VIEW command without first prompting you to provide
information or confirm actions.
To display a list of computers in your workgroup that share
resources, type NET VIEW without options.
--------------------------------------------------------------------------------------------
DEBUG : DEBUG [[drive:][path]filename [testfile-parameters]]
[drive:][path]filename Specifies the file you want to test.
testfile-parameters Specifies command-line information required by the
file you want to test.
***After Debug starts, type ? to display a list of debugging commands.***
To get out of Debug you need to "Q" and enter
To execute the Debug routine you need to do "G" and enter
--------------------------------------------------------------------------------------------
IPCONFIG : ipconfig [/all][/batch][/renew_all][/release_all][/renew
N][/release N]
/All Display detailed information.
/Batch [file] Write to file or ./WINIPCFG.OUT
/renew_all Renew all adapters.
/release_all Release all adapters.
/renew N Renew adapter N.
/release N Release adapter N.
--------------------------------------------------------------------------------------------
FTP : Depending upon the version of FTP and the Operating System being
used each of the following commands may or may
not work. Generally typing -help or a ? will list the commands
available to you.
Command Information
! : Using this command you will have the capability of toggling back and
forth between the operating system and ftp.
Once back in the Operating System generally typing exit will take you
back to the FTP command line.
? : Access the Help screen.
abor : Abort Transfer
append : Append text to a local file.
ascii : Switch to ASCII transfer mode
bell : Turns bell mode on / off.
binary : Switches to binary transfer mode.
bye : Exits from FTP.
cd : Changes directory.
cdup : Change to parent directory on remote system
close : Exits from FTP.
cwd : Change working directory on remote system
dele : Delete file on remote system
delete : Deletes a file.
debug : Sets debugging on / off.
dir : Lists files if connected.
dir -C = Will list the files in wide format.
dir -1 = Lists the files in bare format in alphabetic order
dir -r = Lists directory in reverse alphabetic order.
dir -R = Lists all files in current directory and sub directories.
dir -S = Lists files in bare format in alphabetic order.
disconnect : Exits from FTP.
get : Get file from the computer connected to.
glob : Sets globbing on / off.
hash : Sets hash mark printing on / off
help : Access the Help screen and displays information about command if
command typed after help.
lcd : Displays local directory or if path typed after lcd will change local
directory.
list : Send a list of file names in the current directory on the remote
system on the data connection.
literal : Sends command line
ls : Lists files if connected.
mdelete : Multiple delete
mdir : Lists contents of multiple remote directories
mget : Get multiple files
mkd : Make directory.
mkdir : Make directory.
mls : Lists contents of multiple remote directories.
mode : Specifies the transfer mode. Available parameters are generally S, B
or C.
mput : Sent multiple files
nlst : Send a full directory listing of the current directory on the remote
system on the data connection.
open : Opens address.
pass : Supplies a user password.
port : Specify the client port number.
prompt : Enables disables prompt.
put : Send one file
pwd : Print working directory
quit : Exits from FTP.
quote : Send arbitrary ftp command
recv : Receive file
retr : Get file from remote system.
remotehelp : Get help from remote server
rename : Renames a file
rmdir : Removes a directory
send : Send single file
status : Shows status of currently enabled / disabled options
trace : Toggles packet tracing
type : Set file transfer type
user : Send new user information
verbose : Sets verbose on / off.
--------------------------------------------------------------------------------------------
DISPLAY TCP/IP
NETWORK PROTOCOL : NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
INFORMATION
-a Displays all connections and listening ports.
-e Displays Ethernet statistics. This may be combined with the -s option.
-n Displays addresses and port numbers in numerical form.
-p proto -Shows connections for the protocol specified by proto; proto may
be TCP or UDP. If used with the -s option
to display per-protocol statistics, proto may be TCP, UDP, or IP.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are shown for
TCP, UDP and IP; the -p option may be used to specify a subset of the default.
interval Redisplays selected statistics, pausing interval seconds between
each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current
configuration information once.
--------------------------------------------------------------------------------------------
DISPLAY OR SET A SEARCH PATH FOR EXECUTABLE FILES :
PATH [[drive:]path[;...]]
PATH ;
Type PATH ; to clear all search-path settings and direct Windows to search
only in the current directory.
Type PATH without parameters to display the current path.
--------------------------------------------------------------------------------------------
MANUALLY CONFIGURE MODEMS ROUTE :
ROUTE [-f] [-p] [command [destination] [MASK netmask] [gateway] [METRIC
metric]
[IF interface]
-f Clears the routing tables of all gateway entries. If this is used in
conjunction with one of the commands, the tables are cleared prior to running the command.
-p When used with the ADD command, makes a route persistent across boots of
the system. By default, routes are not
preserved when the system is restarted. When used with the PRINT
command, displays the list of registered persistent routes. Ignored for all other commands, which always affect the appropriate persistent routes. This option
is not supported Windows'95. command One of these:
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route destination Specifies the host.
MASK Specifies that the next parameter is the 'netmask' value.
NETMASK Specifies a subnet mask value for this route entry. If not
specified, it defaults to 255.255.255.255.
GATEWAY Specifies gateway. interface the interface number for the specified
route.
METRIC Specifies the metric, ie. cost for the destination.
All symbolic names used for destination are looked up in the network
database file NETWORKS. The symbolic names for
gateway are looked up in the host name database file HOSTS.
If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.
If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes: Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: 87

EXAMPLES
Examples:
>route PRINT
>route ADD 157.0.0.0
^destination
MASK 255.0.0.0
^mask 157.55.80.1
^gateway METRIC 3
^metric IF 2
^Interface
If IF is not given, it tries to find the best interface for a given gateway.
>route PRINT
>route PRINT 157* .... Only prints those matching 157*
>route DELETE 157.0.0.0
>route PRINT
One way to use this would be as follows: You can't ping the server that you
are connecting to, but you know the ip address to be 127.16.16.10
>route PRINT
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 a4 c3 44 20 ...... Xircom CardBus Ethernet 10/100 Adapter
0x3 ...00 b0 d0 43 55 a5 ...... 3Com EtherLink PCI
0x4 ...00 01 b0 8f 8f 80 ...... NdisWan Adapter
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 127.16.8.14 127.16.8.14 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
127.16.0.0 255.255.0.0 127.16.8.14 127.16.8.14 1
127.16.8.14 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.50.0 255.255.255.0 192.168.50.65 192.168.50.65 2
192.168.50.65 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.50.255 255.255.255.255 192.168.50.65 192.168.50.65 1
224.0.0.0 224.0.0.0 127.16.8.14 127.16.8.14 1
224.0.0.0 224.0.0.0 192.168.50.65 192.168.50.65 1
255.255.255.255 255.255.255.255 192.168.50.65 192.168.50.65 1
** notice that no gateway for the current ip goes to 255.255.255.0, so it
must be added. Now do the following command:
>route ADD 127.16.0.0 MASK 255.255.255.0 <your current ip from winntcfg or
>winipcfg> METRIC 1
**Then do the following command:
>route print
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 127.16.8.14 127.16.8.14 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
127.16.0.0 255.255.0.0 127.16.8.14 127.16.8.14 1
** 127.16.0.0 255.255.255.0 127.16.8.14 127.16.8.14 1
127.16.8.14 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.50.0 255.255.255.0 192.168.50.65 192.168.50.65 2
192.168.50.65 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.50.255 255.255.255.255 192.168.50.65 192.168.50.65 1
224.0.0.0 224.0.0.0 127.16.8.14 127.16.8.14 1
224.0.0.0 224.0.0.0 192.168.50.65 192.168.50.65 1
255.255.255.255 255.255.255.255 192.168.50.65 192.168.50.65 1

**Notice the ** ip address gives you the default gateway.
--------------------------------------------------------------------------------------------
DISPLAY PROTOCOL STATISTICS
AND CURRENT TCP/IP CONNECTIONS
USING NBT(NETBIOS OVER TCP/IP): NBTSTAT [-a RemoteName] [-A IP address]
[-c] [-n]
[-r] [-R] [-s] [S] [interval] ]
-a (adapter status): Lists the remote machine's name table given its name
-A (Adapter status): Lists the remote machine's name table given its IP address
-c (cache) : Lists the remote name cache including the IP addresses
-n (names) : Lists local netBIOS names
-r (resolved) : Lists names resolved by broadcast and via WINS
-R (Reload) : Purges and reloads the remote cache name table
-S (Sessions) : Lists sessions table with the destination IP addresses
-s (sessions) : Lists sessions table converting destination IP addresses to host names via the hosts file RemoteName Remote host machine name. IP address Dotted decimal representation of the IP address. interval Redisplays selected statistics, pausing interval seconds between each display. Press Ctrl+C to stop redisplaying statistics.

Site

Computer networks is an interconnection of computers that allows communication, sharing of resources and information. Each groupings are being managed using different methods for organizing computers in the network.

Windows-based computers inside the network automatically creates a workgroup or domain. Computers on local area network or home networks are always part of a workgroup and computers in businesses and offices are usually part of a domain.

Definitions

Network

A group of devices that communicate either wireless or wired using physical connection such as ethernet cable or a phone line.

Workgroup

A group of computers that are connected on a network and share resources such as printer and files. All computers are peers, means no computer has control over another.

Domain

A collection of computers on a computer network that share a common database and security policy. A domain is administered as a unit with common rules and procedures, and each domain must have a unique name. This makes it easy to make changes because any changes are automatically made to all computers. Domain users must provide a password or credentials each time they access the domain. There can be thousands of computers in a domain and different local networks.

Homegroup

This is a unique feature in Windows 7 in which a group of computers on a network shares pictures, music, documents, and printers. A homegroup is protected with a password.

Use Proxy Server To Access Internet at Shell Prompt With http_proxy Variable

Linux / UNIX has environment variable called http_proxy. It allows you to connect text based session / application via the proxy server. All you need is proxy server IP and port values. This variable is almost used by all utilities such as elinks, lynx, wget, curl and others.

Assuming that your HTTP Proxy IP address is 192.168.0.1 port 3128 (standard proxy port)

Set http_proxy shell variable

Type the following command to set proxy server:

$ export http_proxy=http://server-ip:port/
$ export http_proxy=http://192.168.0.1.1:3128/
$ export http_proxy=http://proxy-server.mycorp.com:3128/

How do I setup proxy variable for all users?

To setup the proxy environment variable as a global variable, open /etc/profile file:
$ vi /etc/profile

In order to make this proxy permanent, add the line to your ~/.profile or /etc/profile or ~/(bash|ksh|sh)rc file.

Add the following information:
export http_proxy=http://proxy-server.mycorp.com:3128/

Save and close the file.

How do I use password protected proxy server?

$ export HTTP_PROXY='http://username:password@192.168.0.1:3128'

You can simply use wget as follows:

$ wget --proxy-user=USERNAME --proxy-password=PASSWORD http://path.to.domain.com/some.html

Lynx has following syntax:
$ lynx -pauth=USER:PASSWORD http://domain.com/path/html.file

Curl has following syntax:
$ curl --proxy-user user:password http://url.com/

To unset this, use:

$ export HTTP_PROXY=' '

In Windows, to add a static route, the syntax is as below:

route add [destination network] mask [destination network mask] [default gateway] -p

Example:
route add 10.0.0.0 mask 255.255.255.0 192.168.1.1 -p

*Without "-p", the route will be erased upon next reboot.

To see the routing table:

route print

To delete the route:

route delete [network]

Example:

route delete 10.0.0.0

* Make a Batch file for easy.

Service Control - Create, Start, Stop, Query or Delete any Windows SERVICE. The command options for SC are case sensitive.

Syntax
      SC [\\server] [command] [service_name] [Options]

Key
   server       : The machine where the service is running

   service_name : The KeyName of the service, this is often but not always
                  the same as the DisplayName shown in Control Panel, Services.
                  You can get the KeyName by running: 
                     SC GetKeyName <DisplayName>

   commands:
          query  [qryOpt]   Show status
          queryEx [qryOpt]  Show extended info - pid, flags
          GetDisplayName    Show the DisplayName
          GetKeyName        Show the ServiceKeyName
          EnumDepend        Show Dependencies
          qc                Show config - dependencies, full path etc
          start          START a service.
          stop           STOP a service
          pause          PAUSE a service.
          continue       CONTINUE a service.
          create         Create a service. (add it to the registry)
          config         permanently change the service configuration
          delete         Delete a service (from the registry)
          control        Send a control to a service
          interrogate    Send an INTERROGATE control request to a service
          Qdescription   Query the description of a service
          description    Change the description of a service
          Qfailure       Query the actions taken by a service upon failure
          failure        Change the actions taken by a service upon failure
          sdShow         Display a service's security descriptor using SDDL
          SdSet          Sets a service's security descriptor using SDDL

   qryOpt:
          type= driver|service|all
                         Query specific types of service
          state= active|inactive|all
                         Query services in a particular state only
          bufsize= bytes 
          ri= resume_index_number (default=0)
          group= groupname
                         Query services in a particular group

   Misc commands that don't require a service name:
          SC  QueryLock  Query the LockStatus for the ServiceManager Database.
                         this will show if a service request is running
          SC  Lock       Lock the Service Database
          SC  BOOT       Values are {ok | bad} Indicates whether to save  
                         the last restart configuration as the `last-known-good`
                         restart configuration
   Options
     The CREATE and CONFIG commands allow additional options to be set
     see the build-in help: 'SC create' and 'SC config'

Note the qryOpt options above are case sensitive - they must be entered in lower case, also the position of spaces and = must be exactly as shown.

The SC command duplicates some aspects of the NET command but adds the ability to create a service.
SC query will display if a service is running, giving output like this:

        SERVICE_NAME       : messenger
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

To retrieve specific information from SC's output, pipe into FIND or FindStr
e.g.

  C:\> SC query messenger | FIND "STATE" | FIND "STOPPED"

  C:\> SC query messenger | FIND "STATE" | FIND "RUNNING"

The statements above will return an %ERRORLEVEL% = 1 if the text is not found

IF errorlevel 1 GOTO :my_subroutine

The NET START command can be used in a similar way to check if a service is running:

   NET START | FIND "Service name" > nul
   IF errorlevel 1 ECHO The service is not running

The service control manager will normally wait up to 30 seconds to allow a service to start - you can modify this time (30,000 milliseconds) in the registry

HKLM\SYSTEM\CurrentControlSet\Control
ServicesPipeTimeout (REG_DWORD)

Some options only take effect at the point when the service is started e.g. the SC config command allows the executable of a service to be changed. When the service next starts up it will run the new executable. Config changes requires the current user to have "permission to configure the service".

Examples:

 SC GetKeyName "task scheduler"
 SC GetDisplayName schedule 
 SC start schedule
 SC QUERY schedule
 SC QUERY type= driver
 SC QUERY state= all |findstr "DISPLAY_NAME STATE" >svc_installed.txt 
 SC \\myServer CONFIG myService obj= LocalSystem password= mypassword
 SC CONFIG MyService binPath=c:\myprogram.exe obj=".\LocalSystem" password=""  

Watch out for extra spaces:
SC QUERY state= all Works
SC QUERY sTate =all Fails!

A list of all the standard services

ServiceName	Service (Key)	Process	Description	Default Status & notes
Alerter	Alerter	Services.exe [HKLM\SYSTEM\ CurrentControlSet\ Services\Alerter\Parameters] [HKLM\SYSTEM\ CurrentControlSet \Services\SysmonLog\Log Queries\<alertname>]	Distribute administrative alerts to specific users or machines. e.g. Performance Monitor thresholds are distributed as alerts. Requires the Messenger and Workstation services to be started.	Manual. May be disabled if the alerts are not needed.
Application Layer Gateway Service	ALG	alg.exe	Support for Internet Connection Sharing and theInternet Connection Firewall	Manual
Application Management	appmgt	Services.exe or svchost.exe	Installation services (Add/Remove Programs) - Assign, Publish, and Remove.	Manual
Automatic Updates	wuaUserv	svchost.exe -k wugroup	Enable the download and installation of critical Windows updates.	Automatic. If the service is stopped, the operating system can be manually updated at the Windows Update Web site.
Background Intelligent Transfer Service	BITS	svchost.exe -k BITSgroup	Transfer files using idle network bandwidth, maintain file transfers through network disconnections and computer restarts.	Automatic switch to manual if you have problems - Q314862
Clipbook Server	Clipsrv	Clipsrv.exe	Provides support for the Clipbook Viewer, which allows the clipboard of the source machine to be accessed remotely.	Disabled
COM+ Event System	Event System	svchost.exe -k netsvcs	Automatic distribution of events to subscribing COM components.	Manual
Computer Browser	Browser	Services.exe	Collects the names of NetBIOS resources on the network, creating a list so that it can participate as a master browser or basic browser (one that takes part in browser elections). This maintained list of resources (computers) is displayed in Network Neighborhood and Server Manager. If disabled you can still map drives, but can't browse the whole network.	Automatic. If the machine is not connected to a LAN (stand-alone), or will not participate as a master browser or take part in elections, then feel free to change the status to manual (or disabled) This does not equate to disabling TCP/IP so internet browsing is still possible.
Cryptographic Services	CryptSvc	svchost.exe	Management of Certification Authority certificates. Driver Catalog Database, Protected Root and Key certificate Services.	Automatic
DCOM Server Process Launcher	DcomLaunch	svchost.exe	Launch DCOM services	Automatic
DHCP Client	Dhcp	Services.exe or svchost.exe	Manage network configuration by registering and updating IP addresses and DNS names.	Automatic On a stand-alone machine: Disable
Distributed Link Tracking Client	TrkWks	Services.exe or svchost.exe	Send notification of files moving between NTFS volumes in a network domain.	Automatic Can be set to manual if you dont need this function.
Distributed Transaction Coordinator	msdtc	MSDTC.exe	Coordinate transactions that are distributed across two or more databases, message queues, file systems, or other transaction protected resource managers.	Manual Can be set to Disabled if you dont need this function.
DNS Client	Dnscache	Services.exe	Resolves and caches Domain Name System (DNS) names.	Automatic
Directory Replicator (Server only)	Replicator	Lmrepl.exe	Replicate specified files & folders between computers. The host is the export server, and the target machines are called import computers. Replication is configured under Server in the Control Panel.	Automatic Domain Controllers need this to replicate the Netlogon share.
Error Reporting Service	Ersvc	svchost.exe	Report errors back to Microsoft in Redmond.	Automatic If you never want to report system crash info. to Microsoft set this to disabled.
EventLog	EventLog	Services.exe	Record System, Security, and Application Events. Viewed with the MMC Event Viewer (eventvwr.exe in NT).	Automatic
Fast User Switching Compatibility	FastUserSwitching Compatibility	svchost.exe	Enable multiple users to login to the same PC simultaneously.	Manual
Fax Service	Fax	faxsvc.exe	Send and receive faxes	Automatic or Manual
Help and Support	helpsvc	svchost.exe	Help and Support Center	Automatic. If stopped the help system will stop working.
Human Interface Device Access	HidServ	svchost.exe	Support for extra keyboard 'hot buttons' and other multimedia input devices.	Disabled
HTTP SSL	HTTPFilter	svchost.exe	Support for HTTPS (Secure Socket Layer) websites such as banking and e-commerce.	Manual
IMAPI CD-Burning COM Service	ImapiService	imapi.exe	CD-Rom Burning	Manual If you have problems changing to Automatic may help.
Indexing Service	cisvc	cisvc.exe	Index the contents and properties of files on local and remote computers. [ RESOURCE HOG ]	Manual For improved performance Disable or Uninstall thru C.Panel add/remove
IPSEC Policy Agent	PolicyAgent	lsass.exe	Manage IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.	Automatic May be changed to Manual if IPSec is not needed.
License Logging Service (Server)	LicenseService	Llssrv.exe	License tracking on a server or DC (Domain Controller).	If disabled then licensing status alerts will not be generated.
Logical Disk Manager	Dmserver	services.exe or svchost.exe	Required by the MMC Disk Management plug-in.	Automatic
Logical Disk Manager Administrative Service	Dmadmin	dmadmin.exe /com	Administrative service for disk management requests	Manual
Message Queuing		mqsvc.exe	Message Queuing
Message Queuing Triggers		mqtgsvc.exe	Message Queuing
MS Software Shadow Copy Provider Service	swprv	dllhost.exe	Microsoft Backup Utility	Manual Disable if you never use Shadow Copy features.
Messenger	Messenger	Services.exe	Process the receipt or delivery of pop-up messages sent via NET SEND. Not related to Windows Messenger	Disabled vulnerability once used to send pop-up spam.
Network Connections	Netman	svchost.exe -k netsvcs	Manage objects in the Network and Dial-Up Connections folder (LAN and remote connections.)	Manual
Net Logon	Netlogon	Lsass.exe (Local Security Authority Subsystem)	Network Authentication: maintains a synced domain directory database between the PDC and BDC(s), handles authentication of respective accounts on the DCs, and authenticates domain accounts on networked machines.	Automatic For stand-alone machines never connected to a domain set to Manual.
NetMeeting Remote Desktop Sharing	Nmnsrvc	mnmsrvc.exe	Allows authorized people to remotely access your Windows desktop using NetMeeting.	Manual. A good idea to Disable unless you plan to allow remote connections.
Network DDE	NetDDE	Netdde.exe	Support the network transport of DDE (Dynamic Data Exchange) connections. Requires Network DDE DSDM to be started. See Clipbook service	Disabled
Network DDE DSDM	NetDDEdsdm	Netdde.exe	Manage shared DDE conversations (from shares like: \\computername\ndde$). See Clipbook service	Disabled
NLA - Network Location Awareness	nla	svchost.exe	Part of Internet Connection Sharing (ICS) and the Internet Connection Firewall (ICF)	Manual
Network Provisioning Service	xmlprov	svchost.exe	Manage XML configuration files on a domain basis	Manual
NT LM Security Support Provider	NtLmSsp	Services.exe	Extends NT security to Remote Procedure Call (RPC) programs using various transports other than named pipes. RPC activity is quite common, and most RPC apps don't use named pipes.	Manual
Performance Logs and Alerts (XP) Alerts and Performance Logs (Win 2K)	sysmonLog	smlogsvc.exe	Configure performance logs and alerts.	Manual. May be disabled if the alerts are not needed.
Plug and Play	PlugPlay	Services.exe	Plug and Play. Do not disable this service.	Automatic
Universal Plug and Play Host	UPNPhost	svchost.exe	Device Host detect and configure external UPnP devices. UPnP<>PnP	Manual
Portable Media Serial Number Service	WmdmPmSN	svchost.exe	Retrieves the serial number of any portable media player connected to this computer.	Manual Disable if you never use DRM music devices.
Print Spooler or Spooler	Spooler	Spoolsv.exe (Spoolss.exe in NT4)	The NT printing subsystem.	Automatic - If you print documents. If no printing is ever done set to manual (or disabled) Restarting this service will cancel all pending print jobs.
Protected Storage	ProtectedStorage	Pstores.exe	Encrypt and store secure info: SSL certificates, passwords for Outlook, Outlook Express, Profile Assistant, MS Wallet, and digitally signed S/MIME keys.	Automatic.
QoS RSVP	rsvp	rsvp.exe -s	Provide network signaling and local traffic control setup functionality for QoS-aware programs and control applets.	Manual
Remote Access Auto Connection Manager or Remote Access AutoDial Manager	Rasauto	svchost.exe -k netsvcs	Activates automatic dial-up when a URL link is clicked. Required for some but not all RAS, ADSL or Cable connections.	Manual May be disabled if the machine has no internet access.
Remote Access Connection Manager	Rasman	svchost.exe -k netsvcs	Required for most but not all RAS, ADSL or Cable connections.	Manual. Required for Internet Connection Sharing or accessing remote servers via RAS.
Remote Desktop Help Session Manager	RDSessMgr	sessmgr.exe	Remote Desktop Help Session Manager.	Manual May be disabled if RDP is never used.
Remote Procedure Call (RPC) Service or Remote Procedure Call (RPC)	RpcSs	svchost -k rpcss	This RPC subsystem is crucial to the operations of any RPC activities taking place on a system (e.g. DCOM)	Automatic Do not disable Many essential services are dependent on RPC.
Remote Procedure Call (RPC) Locator	RpcLocator	Locator.exe	Maintain the RPC name server database, requires the RPC service (below) to be started. Database of available server applications.	Manual.
Remote Registry Service (XP Pro only)	RemoteRegistry	regsvc.exe	Allow remote registry manipulation.	Automatic A good idea to disable this, unless you have some reason to allow remote registry editing.
Removable Storage	Ntmssvc	svchost.exe -k netsvcs	Manage removable media, drives, and libraries.	Manual.
RIP Listener (XP - option)			Listen for RIP announcements from routers and modify the routing table accordingly.	To use the RIP Listener service, your adjacent routers must support the RIP v1 protocol. You'll find the RIP Listener service under Add/Remove Windows Components - Networking Services.
Routing and Remote Access	RemoteAccess	svchost.exe -k netsvcs	Allow incoming connections via dial in or VPN. (WAN Routing)	Disabled
Secondary Logon (Win XP) RunAs (Win 2K)	secLogon	services.exe or svchost.exe	Enables starting processes under alternate credentials.	Automatic You may want to stop this service if you never use RunAs
Security Accounts Manager (Win 2K)	SamSs	lsass.exe	Stores security information for local user accounts.	Automatic
Security Center	wscsvc	svchost.exe	Monitor system security settings and configurations.	Automatic You may want to disable this if firewall and virus updates are controlled via other means.
Server	LanmanServer	Services.exe	Support for peer-to peer file sharing, print sharing, and named pipe sharing via SMB services.	Automatic May be disabled if you dont host file or print shares. (Admin$ shares)
Shell Hardware Detection	ShellHWDetection	svchost.exe	CD Autoplay	Automatic.
Smart Card	ScardSrv	SCardSvr.exe	Manages and controls access to a smart card inserted into a smart card reader attached to the computer.	Manual If you never use smart cards, Disable
Smart Card Helper	ScardDrv	SCardSvr.exe	legacy smart card readers	Removed in XP SP2
SNMP Service	Snmp	snmp.exe	Agents that monitor the activity in network devices and report to the network console workstation.	Automatic (if installed)
SSDP Discovery Service	SSDPSRV	svchost.exe	Simple Service Discovery Protocol. Enables discovery of UPnP devices on your home network	Manual May be disabled if as is likely you dont have any UPnP devices)
System Event Notification	SENS	svchost.exe -k netsvcs	Track system events such as Windows logon, network, and power events. Notifiy COM+ Event System subscribers of these events.	Automatic.
System Restore Service	srservice	svchost.exe	Creates system snap shots. [ RESOURCE HOG ]	Automatic If the machine's configuration has been cloned/backed up - turn off System Restore in Control Panel, System.
Task Scheduler or Schedule	Schedule	atsvc.exe or mstask.exe	This service is required to schedule background tasks (run at a specific date & time) Under NT it's a Resource Hog. Under XP it's used by some auto-tuning operations.	Automatic
TCP/IP NetBIOS Helper or TCP/IP NetBIOS Helper Service	lmHosts	Services.exe	Support for name resolution in a Windows 2000 domain . (Netbios/Wins) An alternative to DNS lookup.	Automatic If not required may be set to manual.
Telephony	TapiSrv	Tapisrv.exe	Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections. e.g unimodem modems.	Manual
Telnet (Win 2K)	TlntSvr	tlntsvr.exe	Allows a remote user to log on to the system and run console programs using the command line.	Disabled Very insecure, presents a security risk when running.
Terminal Services	TermService	svchost.exe	Required for Fast User Switching, Remote Desktop and Remote Assistance	Manual If not required may be Disabled
Themes	Themes	svchost.exe	XP Active Desktop Themes, and quick launch toolbars [ RESOURCE HOG ]	Automatic Set to Manual or Disabled if you dont like themes.
UPS or Uninterruptible Power Supply	UPS	Ups.exe	Support for an Uninteruptable Power Supply (UPS) physically connected to the machine.	Manual Not every UPS will need or use this service.
Universal Plug and Play Host	UPNPhost	svchost.exe	Device Host detect and configure external UPnP devices. UPnP<>PnP	Manual
Upload Manager	uploadmgr	svchost.exe	Upload Manager.	Removed in XP SP2
Volume Shadow Copy	VSS	vssvc.exe	MS Backup - A volume shadow copy is a picture of the volume at a particular moment in time. That means a computer can be backed up while files are open and applications running.	Manual If not required may be disabled see MS Software Shadow Copy Provider Service
WebClient	WebClient	svchost.exe	Allow access to web-resident disk storage from an ISP. WebDAV "internet disks" such as Apple's iDisk.	Automatic If not required may be disabled
Windows Audio	AudioSrv	svchost.exe	Sound Driver Note that disabling the sound driver won't stop sounds from playing - you just won't hear them.	Automatic If no sound card fitted then disable.
Windows Firewall (XP SP2) Internet Connection Firewall (XP) Internet Connection Sharing (Win 2K)	SharedAccess	svchost.exe -k netsvcs	Network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.	Automatic. For better protection consider adding a third party firewall.
Windows Image Acquisition	stisvc	svchost.exe	Required for some but not all cameras, scanners, and digital video cameras.	Manual
Windows Installer	MSIServer	MsiExec.exe /V	Install, repair and remove software according to instructions contained in .MSI files.	Manual
Windows Management Instrumentation	WinMgmt	C:\WINNT\System32 \WBEM\WinMgmt.exe	WMI provides system management information.	Automatic
Windows Management Instrumentation Driver Extensions	Wmi	svchost.exe	Provides systems management information to and from drivers.	Manual
Windows Time	W32time	services.exe	Update the computer clock by reference to an internet time source or a time server.	Automatic
Wireless Zero Configuration	WZCSVC	svchost.exe	Configure wireless network devices (802.11a/b/g).	Automatic disable if you don't have any wireless devices.
WMI Performance Adapter	WmiApSrv	wmiapsrv.exe	Collect performance library information.	Manual
Workstation	lanmanworkstation	Services.exe	Communications and network connections. Services dependent on this being started: Alerter, Messenger, and Net Logon.	Automatic

It is inadvisable to disable a service without being aware of the consequences,

always start by setting the service to manual,

reboot and test for any problems.

A service set to manual may be automatically restarted if another service is dependent on it.
A service set to disabled will not restart even if it's required to boot the machine!

Stopping or disabling a service will generally save a small amount of memory and will reduce the number of software interrupts (cpu message queue.)

The main reason for tinkering with services is to harden the system against security vulnerabilities. Disable everything that you don't need or use -

then any future problems with those services cannot affect the machine.

To document all the services currently installed:

SC QUERY state= all |findstr "DISPLAY_NAME STATE" >my_services.csv

Some XP services communicate and send data directly to Microsoft, this is not generally something to lose sleep over.

Managing the running of these services may be a consideration if confidentiality/anonymity is highly important to you.

Removing a service completely

To delete a service, you may be tempted to hack the registry settings under (HKLM/SYSTEM/CurrentControlSet/Services)

this is not a reliable or recommended method, far better is to use the SC command:

SC delete NameofServiceTodelete

Built-in Service Accounts

In addition to other Default User & Group accounts there are 3 built-in accounts, designed for running background services.

Local Service Account (NT AUTHORITY\LOCAL SERVICE) - has the same level of access to resources and objects as

members of the Users group. This limited access helps safeguard the system if individual services or processes are compromised.

Services that run as the Local Service account access network resources as a null session without credentials.

(This account is not supported for running SQL Server services.)

Network Service Account (NT AUTHORITY\NETWORK SERVICE) - has more access to resources

and objects than members of the Users group. Services that run as the Network Service account access

network resources by using the credentials of the computer account.

Local System Account (NT AUTHORITY\SYSTEM) - a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network.

In Windows 2008 a new feature was introduced: Managed Service Accounts which provide aut

omatic password management and simplified service principal name (SPN) management.

These accounts are created in Powershell with New-ADServiceAccount

Enable or Disable Ports
Many services and applications rely on the use of a specific PORT - to determine if a particular port is enabled for use, review the list of Service names and port numbers held in the "services" file ('windows\system32\drivers\etc\services')
Installing a good firewall is the easiest way to manage this.

Source

---