Applications & Services
The applications and services of a Windows system can be listed through the command prompt. Some of the characteristics of the progams can also be modified through the command prompt.
List Applications and their properties
#Command Prompt
Wmic product get name, version, vendor
wmic qfe get Caption, Description, HotFixID, InstalledOn
#Powershell
#32 Bit
Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
#64 Bit
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
List Running Applications
Get-Process
#Powershell - Can be run using RDP only
Get-CimInstance -ClassName win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'}
List loaded Drivers
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/driverquery
driverquery.exe /v /fo csv | ConvertFrom-CSV | Select-Object βDisplay Nameβ, βStart Modeβ, Path
List versions of Drivers
Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName, DriverVersion, Manufacturer | Where-Object {$_.DeviceName -like "*VMware*"}
Icacls.exe - Lists/Modifies Discretionary ACLs of files
icacls "C:\xampp\apache\bin\httpd.exe"
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls
Check Startup Type of Apps
Get-CimInstance -ClassName win32_service | Select Name, StartMode | Where-Object {$_.Name -like 'xampp'}
List Firewall Rules
netsh advfirewall show currentprofile
netsh advfirewall firewall show rule name=all
Enable RDP through Registry Entry
This is a very important command as this can be used to enable RDP on a system once you have privileged access to a terminal,
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
List Services
The following command can be used to list the services installed on the computer,
sc query state= all
Last updated