The cacls command lets you edit permissions from the command line on windows
E:\>cacls Folder
outputs
E:\Folder BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
BUILTIN\Users:(CI)(special access:)
adds full control of Folder to my user
E:\> Cacls Folder /E /G cyborg:F
removes full control of Folder from my user
E:\> Cacls Folder /E /R cyborg:F
I’m a regular user of the logger command on linux boxes and I’ve found the equivalent in windows. The command is called eventcreate.exe and seems to be present from windows XP forward. To create an informational event in the application log with a message subject of “Test message”, an arbitrary message id of 13 and a message text of “This is a test” you would just run the following
eventcreate /t information /l application /so "Test message" /id 13 /d "This is a test"
More info on eventcreate.exe can be found at microsoft
To find files older than X days on a windows box, you either need the forfiles.exe command installed from the windows resource kit, or a 2003 and newer machine. The command looks like so
forfiles -pC:\TEMP -s -m*.* -d-5 -c"cmd /C echo @PATH\@FILE"
Just replace “-d-5″ with “-d-X” where X is the number of days since a file has been created.
All of the IIS process’s show up as the same process name, which makes it really challenging to figure out which of your websites has lost it’s mind. In order to trace an IIS website or application pool back to a PID, you just need to open a command prompt and run the iisapp utility.
iisapp
Outputs
W3WP.exe PID: 7424 AppPoolId: Site1
W3WP.exe PID: 8096 AppPoolId: JoesSite
W3WP.exe PID: 13080 AppPoolId: Wookielove.com
And now you can just use taskmanager to track resource usage to a site.
I’ve run into a situation a couple of times now where DNS hasn’t been setup correctly and I have no idea what hostname an IP resolves to. For better or worse, windows has the netbios system that keeps it’s own naming services and can be queried from the command line using nbtstat.
nbtstat -A XXX.XXX.XXX.XXX
Where XXX is the IP address that you are trying to resolve.
