Applications & Services

The applications and services of a Windows system can be listed through the command prompt. Some of the characteristics of the progams can also be modified through the command prompt.

OS Architecture

wmic OS get OSArchitecture

List Applications and their properties

#Command Prompt
Wmic product get name, version, vendor
wmic qfe get Caption, Description, HotFixID, InstalledOn
#Powershell
#32 Bit
Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname
#64 Bit
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" | select displayname

List Running Applications

Get-Process
#Powershell - Can be run using RDP only
Get-CimInstance -ClassName win32_service | Select Name,State,PathName | Where-Object {$_.State -like 'Running'}

List Installed Drivers

Driveryquery /v

List loaded Drivers

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/driverquery

driverquery.exe /v /fo csv | ConvertFrom-CSV | Select-Object ‘Display Name’, ‘Start Mode’, Path

List versions of Drivers

Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName, DriverVersion, Manufacturer | Where-Object {$_.DeviceName -like "*VMware*"}

List Scheduled Tasks

Schtasks /query /fo LIST /v

Procmon.exe - Filesystem, Registry and Process/thread activity

https://learn.microsoft.com/en-us/sysinternals/downloads/procmon

Icacls.exe - Lists/Modifies Discretionary ACLs of files

icacls "C:\xampp\apache\bin\httpd.exe"

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/icacls

Check Startup Type of Apps

Get-CimInstance -ClassName win32_service | Select Name, StartMode | Where-Object {$_.Name -like 'xampp'}

List Firewall Rules

netsh advfirewall show currentprofile
netsh advfirewall firewall show rule name=all

Enable RDP through Registry Entry

This is a very important command as this can be used to enable RDP on a system once you have privileged access to a terminal,

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

List Services

The following command can be used to list the services installed on the computer,

sc query state= all

Start/Stop a Service

The windows SC command can be used to start or stop a service that is installed,

sc.exe start <service name>

Restart Service

The following command can be used to restart a windows service through Powershell,

Restart-Service <service name>

PreviousSystem Details NextFiles & Filesystems

Last updated 1 year ago