Table of Contents
|
Certificates (Creating and managing)
Creating Certificates
makecert
Type ( -cy ) | For |
---|---|
end | end entity |
authority | certification authority |
OID ( -eku ) | OID |
---|---|
1.3.6.1.4.1.311.10.3.4 | Encrypting File System (EFS) |
1.3.6.1.4.1.311.10.3.12 | Document Signing |
1.3.6.1.4.1.311.10.12.1 | Any Application Policy |
1.3.6.1.5.5.7.3.1 | Server authentication (i.e. Server SSL Certificate) |
1.3.6.1.5.5.7.3.2 | Client authentication (i.e. Client SSL Certificate) |
1.3.6.1.5.5.7.3.3 | Code signing (i.e. Authenticode) |
1.3.6.1.5.5.7.3.4 | Email Encryption and Signing |
1.3.6.1.5.5.7.3.5 | IPsec end system |
1.3.6.1.5.5.7.3.6 | IPsec tunnel |
1.3.6.1.5.5.7.3.7 | IPsec user |
1.3.6.1.5.5.7.3.8 | Timestamping |
1.3.6.1.5.5.8.2.2 | Internet Key Exchange (IKE) |
Key Specification( -iky -sky ) | Specification |
---|---|
Signature | AT_SIGNATURE key specification |
Exchange | AT_KEYEXCHANGE key specification |
integer |
-iky -sky key specification option is used in Internet Explorer version 4.0 or later
Registry -ir -sr | Location |
---|---|
CurrentUser | HKEY_CURRENT_USER (default) |
LocalMachine | HKEY_LOCAL_MACHINE |
Name -is -ss | Certificate Store |
---|---|
My | Personal |
Root | Trusted Root CA |
AddressBook | Other People |
AuthRoot | Third-Party Root CA |
CA | Intermediate CA |
TrustedPeople | Trusted People |
TrustedPublisher | Trusted Publisher |
Trust | Enterprise Trust |
Disallowed | Untrusted |
Note: not all versions of makecert support the -pe option
makecert is part of Windows SDK and found under C:\Program Files (x86)\Windows Kits\10\bin\<version>\x64 (download: Windows 7 SDK)
Self-signed Root CA
makecert -n "CN=Name-Root CA" -pe -ss Root -sky Exchange -b 01/01/2020 -m 121 -a sha256 -len 2048 -cy authority -r nameCA.cer
Add -sv nameCA.pvk to save key in file instead of store.
Code sign certificate signed by above
Issuer in store: makecert -n "CN=Name-Code Sign" -pe -ss My -sky Exchange -b 01/01/2020 -m 61 -a sha256 -len 2048 -cy end -eku 1.3.6.1.5.5.7.3.3 -is Root -in "Name-Root CA" nameSign.cer
Issuer from file: makecert -n "CN=Name-Code Sign" -pe -ss My -sky Exchange -b 01/01/2020 -m 61 -a sha256 -len 2048 -cy end -eku 1.3.6.1.5.5.7.3.3 -ic nameCA.cer -iv nameCA.pvk nameSign.cer
Add -sv nameSign.pvk to save key in file instead of store.
Self-signed certificate for code signing
makecert -r -pe -n "CN=Name" -b 01/01/2009 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -ss My name.cer
Add certificate as Trusted (Excel)
certmgr -add -all nameSign.cer -s TrustedPublisher ?
certutil -enterprise -addstore TrustedPublisher name.cer
certutil -user -addstore TrustedPublisher name.cer
Registry
HKEY_CURRENT_USER - Software - Microsoft - SystemCertificates
HKEY_LOCAL_MACHINE - Software - Microsoft - SystemCertificates
Managing Certificates
start (open) certmgr.msc ,
or start mmc.exe (Microsoft Management Console) and add the Certificate snap-in (Demo)
BitLocker
Listing Protectors
manage-bde -protectors -get C:
Correction when password not working
manage-bde -protectors -disable C:
manage-bde -protectors -enable C:
Commands
- APPWIZ.CPL
- starts the application wizard.
- ASSOC
- show/change file-extension to file-type associations. See FTYPE.
- CACLS
- edit files Access Control List.
- CERTMGR.MSC
- open certificate manager.
- CHARMAP
- show character mapping.
- CLEANMGR
- clean disk (started if disk full).
- DISKPART
- partition manager, set volume to read only.
- FTYPE
- show/change the command executed for a given file-type. See ASSOC.
- GETMAC
- get the MAC number of network adapters.
- MKLINK
- creates a symbolic link.
- MOUNTVOL
- enable/disable automount, manage mount points.
- MSCONFIG
- startup config (run by Windows-R or from C:\WINDOWS\pchealth\helpctr\binaries
- NBTSTAT
- show netbios status.
- NETSH
- config network (netsh diag gui).
- SC
- manage services and the Service Controller.
- SUBST
- associates a path with a drive letter.
- SYSDM.CPL
- system properties.
- VSSADMIN
- admin volume shadow copies (restore points)
Data Store Cleaning
- net stop wuaserv
- net stop bits
- delete all files inside C:\Windows\SoftwareDistribution\Download directory
- delete the DataStore.edb into C:\Windows\SoftwareDistribution\DataStore
- net start bits
- net start wuauserv
internals / DLL's
- hotplug (USB)
- "C:\WINDOWS\system32\rundll32.exe" shell32.dll,Control_RunDLL hotplug.dll
Terminal Server
Microsoft Terminal Server Commands
Scripting Terminal Server Commands
Master Control Panel
Create a Folder and rename it to MasterControl.{ED7BA470-8E54-465E-825C-99712043E01C}
Registry
Command Prompt
- ANSI codes
- support ANSI codes
[HKEY_CURRENT_USER\Console]
"VirtualTerminalLevel"=dword:00000001
Example: echo ^[[31mRED^[[0m
(^[ is ESC typed as Ctrl-[)
Explorer
- avoid "Shortcut" in name
- do not add "- Shortcut" to the name when creating a link
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"link"=hex:00,00,00,00
- DOS here
- cmd.exe /s /k pushd "%V"
[HKEY_CLASSES_ROOT\Directory\shell\dos]
@=DOS here
[HKEY_CLASSES_ROOT\Directory\shell\dos\command]
@=cmd.exe /s /k pushd "%V"
[HKEY_CLASSES_ROOT\Directory\Background\shell\dos]
@=DOS here
[HKEY_CLASSES_ROOT\Directory\Background\shell\dos\command]
@=cmd.exe /s /k pushd "%V"
Keyboard
- enabe Unicode
- HKEY_Current_User/Control Panel/Input Method/EnableHexNumpad
Create as string (REG_SZ) with value "1". To enter an unicode character press and hold the ALT key while typing the + on the numpad followed by the hexadedcimal value.
- layouts
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts
- login priority
- HKEY_USERS\.DEFAULT\Keyboard Layout\Preload (Cannot log on after changing keyboard settings)
Network
- MAC
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\xxxx\NetworkAddress
ZIP
- disable search
- HKEY_CLASSES_ROOT\SystemFileAssociations\.zip\CLSID
remove/rename this key to disable search in .zip files.
(on XP, CLSID = {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} )
- regsvr32 c:\windows\\system32\zipfldr.dll /u
- diasble search in ZIP.
- regsvr32 c:\windows\\system32\zipfldr.dll
- enable search in ZIP.
General
- autorun
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom
- add to Start-Menu
- add key HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- hide user
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
- lock screen
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization
NoLockScreen = 1 (DWORD) to hide lock screen
Copy File Path
an explorer extension to copy file/folder path to the clipboard
Uncompress the file CopyPathExtension.zip and merge (double-click) the content to the registry.
It will add an entry to the explorer context menu (right-click) to copy the path of the selected file/folder to the clipboard.
Requires the Clipboard Utility ( cb.exe ) from AutoHotKey on the command PATH. I got it here. (cb.exe should be replaced by standard CLIP command)
Mount Drive Read-only
Start DISKPART.EXE and use:
list vol | to get a list of volumes |
sel vol X | to select the desired volume |
att vol set readonly | to set readonly |
att vol clear readonly | to clear readonly |
detail vol or att vol | to see actual settings |
Send To
Clipboard
open shell:sendto and add shortcut with
cmd /c CLIP <
Themes
Window Border
from JohnHonest56
Open gpedit.msc , run as admin.
User config>Admin templates>All settings> scroll down to "Force specific visual style file.."
specifically the Luna visual style type in %windir%\resources\Themes\Luna\Luna.msstyles
Enable the rule and hit apply.
For the Home version, or those that are comfortable editing the registry. regedit-run as admin
If in doubt- Back it up or create restore point before making changes !
HKCU\Control Panel\Desktop\WindowMetrics
- BorderWidth
- PaddedBorderWidth
change the string value, higher# equals thicker window frame, example: -15 -60 for Luna as shown wireframe thin would be zero (0)
Tools
Chrome
Disable Reporter
- File Explorer: remove all rights from C:\Users\YourName\AppData\Local\Google\Chrome\User\SWReporter : Properties - Security - Advanced - Disbale Inheritance - Remove All
- Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
-
- ChromeCleanupEnabled = 0 : DWORD(32)
- ChromeCleanupReportingEnabled = 0 : DWORD(32)
-
Editor
Typora Minimal Markdown Editor
vim / gvim
Image
GIMP GNU Image Manipulation Program
Sound
Mind Map
Network
Firefox (Add-ons, Quicksearch)
Office
Excel
=SUMME(WENN(ZEILE(A1:A8)<3;A1:A8)) (Ctrl-Shift-Return)
Remote Desktop
Add to end of RDP file: enablecredsspsupport:i:0
Version Control
GIT
- SSH_ASKPASS
- /mingw64/libexec/git-core/git-gui—askpass
- PLINK_PROTOCOL
- ssh
- GIT_SSH
- "C:\Program Files\PuTTY\plink.exe"