To kill a process from windows commandline
To terminate a process from the command line of windows, use the taskkill command:
When you know the name of the image to stop:
taskkill /IM notepad.exe
Or when you know the process ID, eg 784:
taskkill /PID 784
For more usage variants, type taskkill /?
NB: some of this information about what processes are running can be obtained by the tasklist command.
List all processes with the Windows Command Line
To view all the currently running processes in windows from the command line, you can use the command ‘tasklist’. The output will look something like this:
c:\>tasklist
Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 21.160 K
smss.exe 456 Services 0 996 K
csrss.exe 584 Services 0 8.276 K
wininit.exe 624 Services 0 5.112 K
csrss.exe 644 Console 1 15.304 K
winlogon.exe 684 Console 1 7.308 K
services.exe 720 Services 0 9.672 K
lsass.exe 736 Services 0 2.300 K
lsm.exe 744 Services 0 5.804 K
svchost.exe 900 Services 0 8.700 K
svchost.exe 964 Services 0 10.920 K
svchost.exe 1000 Services 0 48.996 K
svchost.exe 360 Services 0 18.344 K
svchost.exe 464 Services 0 177.740 K
Finding a string in alot of files from windows commandline
findstr can do alot of cool stuff. One of them is to emulate the grep command (still not up to the same hights but it will do for this purpose)
Say we have alot of log files that notepad++ and others cant open because they are too big. Lets find what we need from commandline then.
findstr /s /c:"string-im-looking-for" *
Here we use /s to search in subdirectories, and the ending is * wich stands for wich files to search ( *.txt and so on)
The output will look something like this:
test.txt:Where-is-the-string-im-looking-for?
And just pipe that into a textfile and you have what you need. Example follows.
findstr /s /c:"string-im-looking-for" * > c:\results.txt
Have fun finding strings that you need 
Exclude VMware Virtual Adapters from Network Awareness
Because the VMware virtual network adapters appear to be in a “Public network”, Windows thinks that the whole machine is exposed to a public network, and it triggers the public profile for Windows Firewall. While in most cases this helps protect the entire computer from external access, sometimes you actually need to have external access, and therefore you need to manually change the setting.
Make this file: network.ps1 edit it and paste in the following:
# see <a href="http://msdn2.microsoft.com/en-us/library/bb201634.aspx">http://msdn2.microsoft.com/en-us/library/bb201634.aspx</a>
#
# *NdisDeviceType
#
# The type of the device. The default value is zero, which indicates a standard
# networking device that connects to a network.
#
# Set *NdisDeviceType to NDIS_DEVICE_TYPE_ENDPOINT (1) if this device is an
# endpoint device and is not a true network interface that connects to a network.
# For example, you must specify NDIS_DEVICE_TYPE_ENDPOINT for devices such as
# smart phones that use a networking infrastructure to communicate to the local
# computer system but do not provide connectivity to an external network.
#
# Usage: run in an elevated shell (vista/longhorn) or as adminstrator (xp/2003).
#
# PS> .\fix-vmnet-adapters.ps1# boilerplate elevation check
$identity = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = new-object Security.Principal.WindowsPrincipal $identity
$elevated = $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)if (-not $elevated) {
$error = "Sorry, you need to run this script"
if ([System.Environment]::OSVersion.Version.Major -gt 5) {
$error += " in an elevated shell."
} else {
$error += " as Administrator."
}
throw $error
}function confirm {
$host.ui.PromptForChoice("Continue", "Process adapter?",
[Management.Automation.Host.ChoiceDescription[]]@("&No", "&Yes"), 0) -eq $true
}# adapters key
pushd 'hklm:\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}'# ignore and continue on error
dir -ea 0 | % {
$node = $_.pspath
$desc = gp $node -name driverdesc
if ($desc -like "*vmware*") {
write-host ("Found adapter: {0} " -f $desc.driverdesc)
if (confirm) {
new-itemproperty $node -name '*NdisDeviceType' -propertytype dword -value 1
}
}
}
popd# disable/enable network adapters
gwmi win32_networkadapter | ? {$_.name -like "*vmware*" } | % {# disable
write-host -nonew "Disabling $($_.name) ... "
$result = $_.Disable()
if ($result.ReturnValue -eq -0) { write-host " success." } else { write-host " failed." }
# enable
write-host -nonew "Enabling $($_.name) ... "
$result = $_.Enable()
if ($result.ReturnValue -eq -0) { write-host " success." } else { write-host " failed." }
}
Next, open a PowerShell prompt. Note that you need to run it with elevated credentials (i.e. "Run as Administrator").
Navigate to the folder where you've placed the script, and execute it. You can type the first letter of the script's name and press TAB to auto complete the script's name.
If you get an error like this:
File D:\Tools\Admin\Scripts\VMware - VMNET Adapters Triggering Public Profile for Windows Firewall\script.ps1 cannot be loaded because the execution of
scripts is disabled on this system. Please see "get-help about_signing" for more details.
you will have to write the following first:
Set-ExecutionPolicy Unrestricted
And wola! stuff works!
For the original article take a look at www.petri.co.il. He does some GREAT work for all windows server stuff.
Shutdown / iisreset or regedit from commandline on remote host
simply autorize first with this command:
runas /noprofile /netonly /user:user@ip cmd
afterwards run
iisreset <computername>
shutdown /m \\computername /r /f /t 0
or run regedit and connect to remote host. Now that youre authenticated you CAN get access.