# Applications & Services

The applications and services of a Windows system can be listed through the command prompt. Some of the characteristics of the progams can also be modified through the command prompt.

<details>

<summary>OS Architecture</summary>

```
wmic OS get OSArchitecture
```

</details>

<details>

<summary>List Applications and their properties</summary>

```
#Command Prompt
Wmic product get name, version, vendor
wmic qfe get Caption, Description, HotFixID, InstalledOn
#Powershell
#32 Bit
Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
#64 Bit
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
```

</details>

<details>

<summary>List Running Applications</summary>

```
Get-Process
#Powershell - Can be run using RDP only
Get-CimInstance -ClassName win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'}
```

</details>

<details>

<summary>List Installed Drivers</summary>

```
Driveryquery /v
```

</details>

<details>

<summary>List loaded Drivers</summary>

<https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/driverquery>

```
driverquery.exe /v /fo csv | ConvertFrom-CSV | Select-Object ‘Display Name’, ‘Start Mode’, Path
```

</details>

<details>

<summary>List versions of Drivers</summary>

```
Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName, DriverVersion, Manufacturer | Where-Object {$_.DeviceName -like "*VMware*"}
```

</details>

<details>

<summary>List Scheduled Tasks</summary>

```
Schtasks /query /fo LIST /v
```

</details>

<details>

<summary>Procmon.exe - Filesystem, Registry and Process/thread activity</summary>

<https://learn.microsoft.com/en-us/sysinternals/downloads/procmon>

</details>

<details>

<summary>Icacls.exe - Lists/Modifies Discretionary ACLs of files</summary>

```
icacls "C:\xampp\apache\bin\httpd.exe"
```

<https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls>

</details>

<details>

<summary>Check Startup Type of Apps</summary>

```
Get-CimInstance -ClassName win32_service | Select Name, StartMode | Where-Object {$_.Name -like 'xampp'}
```

</details>

<details>

<summary>List Firewall Rules</summary>

```
netsh advfirewall show currentprofile
netsh advfirewall firewall show rule name=all
```

</details>

<details>

<summary><mark style="color:red;"><strong>Enable RDP through Registry Entry</strong></mark> </summary>

This is a very important command as this can be used to enable RDP on a system once you have privileged access to a terminal,

```
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
```

</details>

<details>

<summary>List Services</summary>

The following command can be used to list the services installed on the computer,

```
sc query state= all
```

</details>

<details>

<summary>Start/Stop a Service</summary>

The windows SC command can be used to start or stop a service that is installed,

```
sc.exe start <service name>
```

</details>

<details>

<summary>Restart Service</summary>

The following command can be used to restart a windows service through Powershell,

```
Restart-Service <service name>
```

</details>