Windows

Certificates (Creating and managing)

Creating Certificates

makecert

Type ( -cy ) For
end end entity
authority certification authority
OID ( -eku ) OID
1.3.6.1.4.1.311.10.3.4 Encrypting File System (EFS)
1.3.6.1.4.1.311.10.3.12 Document Signing
1.3.6.1.4.1.311.10.12.1 Any Application Policy
1.3.6.1.5.5.7.3.1 Server authentication (i.e. Server SSL Certificate)
1.3.6.1.5.5.7.3.2 Client authentication (i.e. Client SSL Certificate)
1.3.6.1.5.5.7.3.3 Code signing (i.e. Authenticode)
1.3.6.1.5.5.7.3.4 Email Encryption and Signing
1.3.6.1.5.5.7.3.5 IPsec end system
1.3.6.1.5.5.7.3.6 IPsec tunnel
1.3.6.1.5.5.7.3.7 IPsec user
1.3.6.1.5.5.7.3.8 Timestamping
1.3.6.1.5.5.8.2.2 Internet Key Exchange (IKE)
Key Specification( -iky -sky ) Specification
Signature AT_SIGNATURE key specification
Exchange AT_KEYEXCHANGE key specification
integer

-iky -sky key specification option is used in Internet Explorer version 4.0 or later

Registry -ir -sr Location
CurrentUser HKEY_CURRENT_USER (default)
LocalMachine HKEY_LOCAL_MACHINE
Name -is -ss Certificate Store
My Personal
Root Trusted Root CA
AddressBook Other People
AuthRoot Third-Party Root CA
CA Intermediate CA
TrustedPeople Trusted People
TrustedPublisher Trusted Publisher
Trust Enterprise Trust
Disallowed Untrusted

Note: not all versions of makecert support the -pe option

makecert is part of Windows SDK and found under C:\Program Files (x86)\Windows Kits\10\bin\<version>\x64 (download: Windows 7 SDK)

Self-signed Root CA

makecert -n "CN=Name-Root CA" -pe -ss Root -sky Exchange -b 01/01/2020 -m 121 -a sha256 -len 2048 -cy authority -r nameCA.cer

Add -sv nameCA.pvk to save key in file instead of store.

Code sign certificate signed by above

Issuer in store: makecert -n "CN=Name-Code Sign" -pe -ss My -sky Exchange -b 01/01/2020 -m 61 -a sha256 -len 2048 -cy end -eku 1.3.6.1.5.5.7.3.3 -is Root -in "Name-Root CA" nameSign.cer

Issuer from file: makecert -n "CN=Name-Code Sign" -pe -ss My -sky Exchange -b 01/01/2020 -m 61 -a sha256 -len 2048 -cy end -eku 1.3.6.1.5.5.7.3.3 -ic nameCA.cer -iv nameCA.pvk nameSign.cer

Add -sv nameSign.pvk to save key in file instead of store.

Self-signed certificate for code signing

makecert -r -pe -n "CN=Name" -b 01/01/2009 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -ss My name.cer

Add certificate as Trusted (Excel)

certmgr -add -all nameSign.cer -s TrustedPublisher ?
certutil -enterprise -addstore TrustedPublisher name.cer
certutil -user -addstore TrustedPublisher name.cer

Registry

HKEY_CURRENT_USER - Software - Microsoft - SystemCertificates
HKEY_LOCAL_MACHINE - Software - Microsoft - SystemCertificates

Managing Certificates

start (open) certmgr.msc ,
or start mmc.exe (Microsoft Management Console) and add the Certificate snap-in (Demo)

BitLocker

Listing Protectors

manage-bde -protectors -get C:

Correction when password not working

manage-bde -protectors -disable C:
manage-bde -protectors -enable C:

Commands

APPWIZ.CPL
starts the application wizard.
ASSOC
show/change file-extension to file-type associations. See FTYPE.
CACLS
edit files Access Control List.
CERTMGR.MSC
open certificate manager.
CHARMAP
show character mapping.
CLEANMGR
clean disk (started if disk full).
DISKPART
partition manager, set volume to read only.
FTYPE
show/change the command executed for a given file-type. See ASSOC.
GETMAC
get the MAC number of network adapters.
MKLINK
creates a symbolic link.
MOUNTVOL
enable/disable automount, manage mount points.
MSCONFIG
startup config (run by Windows-R or from C:\WINDOWS\pchealth\helpctr\binaries
NBTSTAT
show netbios status.
NETSH
config network (netsh diag gui).
SC
manage services and the Service Controller.
SUBST
associates a path with a drive letter.
SYSDM.CPL
system properties.
VSSADMIN
admin volume shadow copies (restore points)

Data Store Cleaning

  1. net stop wuaserv
  2. net stop bits
  3. delete all files inside C:\Windows\SoftwareDistribution\Download directory
  4. delete the DataStore.edb into C:\Windows\SoftwareDistribution\DataStore
  5. net start bits
  6. net start wuauserv

internals / DLL's

hotplug (USB)
"C:\WINDOWS\system32\rundll32.exe" shell32.dll,Control_RunDLL hotplug.dll

Terminal Server

Microsoft Terminal Server Commands
Scripting Terminal Server Commands

Master Control Panel

Create a Folder and rename it to MasterControl.{ED7BA470-8E54-465E-825C-99712043E01C}

Registry

Explorer

avoid "Shortcut" in name
do not add "- Shortcut" to the name when creating a link

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00

DOS here
cmd.exe /s /k pushd "%V"

[HKEY_CLASSES_ROOT\Directory\shell\dos]
@=DOS here

[HKEY_CLASSES_ROOT\Directory\shell\dos\command]
@=cmd.exe /s /k pushd "%V"

[HKEY_CLASSES_ROOT\Directory\Background\shell\dos]
@=DOS here

[HKEY_CLASSES_ROOT\Directory\Background\shell\dos\command]
@=cmd.exe /s /k pushd "%V"

Keyboard

enabe Unicode
HKEY_Current_User/Control Panel/Input Method/EnableHexNumpad

Create as string (REG_SZ) with value "1". To enter an unicode character press and hold the ALT key while typing the + on the numpad followed by the hexadedcimal value.

layouts
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts
login priority
HKEY_USERS\.DEFAULT\Keyboard Layout\Preload (Cannot log on after changing keyboard settings)

Network

MAC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\xxxx\NetworkAddress

ZIP

disable search
HKEY_CLASSES_ROOT\SystemFileAssociations\.zip\CLSID

remove/rename this key to disable search in .zip files.
(on XP, CLSID = {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} )

regsvr32 c:\windows\\system32\zipfldr.dll /u
diasble search in ZIP.
regsvr32 c:\windows\\system32\zipfldr.dll
enable search in ZIP.

General

autorun
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom
Autorun = 0 to disable
add to Start-Menu
add key HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
hide user
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
$USERNAME$ (DWORD) 0 to hide, 1 to show
lock screen
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization

NoLockScreen = 1 (DWORD) to hide lock screen

Copy File Path

an explorer extension to copy file/folder path to the clipboard
Uncompress the file CopyPathExtension.zip and merge (double-click) the content to the registry.
It will add an entry to the explorer context menu (right-click) to copy the path of the selected file/folder to the clipboard.
Requires the Clipboard Utility ( cb.exe ) from AutoHotKey on the command PATH. I got it here. (cb.exe should be replaced by standard CLIP command)

Mount Drive Read-only

Start DISKPART.EXE and use:

list vol to get a list of volumes
sel vol X to select the desired volume
att vol set readonly to set readonly
att vol clear readonly to clear readonly
detail vol or att vol to see actual settings

Send To

Clipboard

open shell:sendto and add shortcut with
cmd /c CLIP <

Themes

Window Border

from JohnHonest56

Open gpedit.msc , run as admin.
User config>Admin templates>All settings> scroll down to "Force specific visual style file.."
specifically the Luna visual style type in %windir%\resources\Themes\Luna\Luna.msstyles
Enable the rule and hit apply.

For the Home version, or those that are comfortable editing the registry. regedit-run as admin
If in doubt- Back it up or create restore point before making changes !
HKCU\Control Panel\Desktop\WindowMetrics

  • BorderWidth
  • PaddedBorderWidth

change the string value, higher# equals thicker window frame, example: -15 -60 for Luna as shown wireframe thin would be zero (0)

Tools

Editor

Typora Minimal Markdown Editor
vim / gvim

Image

GIMP GNU Image Manipulation Program

Sound

Audacity

Mind Map

TheBrain

Network

Firefox (Add-ons, Quicksearch)

Office

Excel

=SUMME(WENN(ZEILE(A1:A8)<3;A1:A8))    (Ctrl-Shift-Return)

Remote Desktop

Add to end of RDP file: enablecredsspsupport:i:0

Version Control

GIT

SSH_ASKPASS
/mingw64/libexec/git-core/git-gui—askpass
PLINK_PROTOCOL
ssh
GIT_SSH
"C:\Program Files\PuTTY\plink.exe"
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.