Friday, January 11, 2013

Windows 7 - Right-Click + C to Close Window in Taskbar

I spent many years mastering shortcuts in Windows XP.  One of the shortcuts I used frequently was right-clicking a window in the taskbar and pressing 'c' on my keyboard to close the window.  When I started using Windows 7, I was slowed down due to the fact that this did not have the same function.

When you have an open window in the taskbar, right-clicking it brings up a different context menu known as a Jump List.  Instead of a menu to manipulate the window (minimize, maximize, close, etc.), you are given a menu that is unique to the application.  Generally it will have a list of Recent files open within the program, an entry to launch the program (or another instance of the program), an option to pin this application to the taskbar, and Close window.

By pressing 'c' on this menu, if there are any items that begin with the letter 'c' they will be highlighted.  If the only item in the menu is Close window, it too becomes highlighted but is not selected.  You would still need to press enter or click Close window in order to perform the action.

I discovered that if you hold down the Shift key when right-clicking, you receive the old context menu as you did in previous versions of Windows.  With this present, you can press 'c' and it will close the window.

Rename User Profile in Windows 7

It is common to have to rename profiles on machines in various situations.  Working in a Windows XP environment, this process was easy.  Simply sign into the computer as an account with administrative rights and rename the users profile.  When they would log in, it would create a new profile and any issues that were present should be alleviated.

Once you switch to a Windows 7 environment, this process changes just a bit.  After you rename the users profile, you also need to delete the associated registry key for that profile.

Launch regedit.exe and navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Browse through the available SID keys looking at the "ProfileImagePath" value.

Once you locate the associated registry key for the renamed profile, export the registry key as a backup, then delete the key.

When the user logs in it will create a new profile.

Thursday, January 10, 2013

Validating Windows Credentials Remotely

I occasionally work with customers that require using alternate credentials to access resources on remote machines.  These machines are sometimes part of a domain or just workgroup systems.  I wanted to throw something together to provide a few examples of testing credentials on a remote computer.

Note: Some of these commands may not work due to firewalls/restrictions in place on the remote machine.  Be sure to verify the appropriate services are enabled and permissions are set.

SMB Access

Use this command to map a remote share as a network drive; You will be prompted for credentials
 net use x: \\\c$  

Use this command to remove your mapped network drive
 net use x: /delete

Use this command to map the network drive, but include credentials in a single command
 net use x: \\\c$ password /user:username

WMI Access

Use this command to verify you have access to WMI on the remote machine
 wmic /node:"" /user:user /password:password bios

Remote Registry

I did not know of a way via command line to test registry access, so I chose to use the example of connecting to a remote registry via regedit.exe

Launch regedit.exe

Click File > Connect Network Registry

Enter in the hostname or IP Address of the remote machine and click OK

You will be prompted for a username and password

Once authenticated, you will now see the remote machine as a separate node in your registry editor.  Navigate around to verify you can view registry keys.

Verify account is in admin group

Aside from launching a Computer Management console (compmgmt.msc) and connecting to the remote machine, here is another WMIC command that will enumerate the users and groups.  I added a piped find to look for any line with "Administrators" to single out the Administrators group.

 wmic /node:"" /user:username /password:password path win32_groupuser | find /i "Administrators"