Start Trace Stop Trace Convert *.etl-File to *.pcapng for wireshark analysis Download etl2pcapng from here: https://github.com/microsoft/etl2pcapng Convert the file with the following command Other useful filters You can list filter options using:
Continue readingTag: Windows
Enable WMI-Tracing
Events will be written in the following Event-Log (press [win] + [r], write eventvwr and [Enter] to open Event Viewer): If the Event Log isn’t shown: In Event Viewer press [View] and click “Show Analytic and Debug Logs”. Check the Event Logs again.
Continue readingWindows 10: Cleanup pending Updates / boot loop fix
If Windows 10 hangs in a boot loop you can try the following steps to fix it. Boot with Windows PE Stick or Windows-Installation-CD or Windows-Installation-Stick (best with the windows version installed on the computer)–> Select “Next” –> “Repair your computer” –> “Troubleshoot” –> “Advanced options” –> “Command Prompt” Enter
Continue readingSCCM – Error (0x800703ee) No Updates
Error Cleanup Machine Policy Trigger Software Update Scan Cycle (optional) Check your windows update settings manually
Continue readingManaging Applocker with Powershell
Check XMLPolicy against installed AppxPackages Fetch Applocker-Policy from Domain Controller Get local Applocker policy Get effective Applocker policy
Continue readingWindows Logon Type Overview
Logon Type Number Name Description 2 Interactive Logon interactively with keyboard and mouse sitting in front of the computer (also Logons over KVM-over-IP, IPMI Remote Consoles, etc.) 3 Network Logons over network e.g. when accessing a network share or Logons to an IIS webserver (Basic Authentication is not included here
Continue readingWindows Server – View Network Interface errors
View interface errors with netstat View detailed information (received an outbount errors) with powershell
Continue readingActivate Windows 10 using kms server
View your KMS-Server via cmd Make sure you can reach the kms server using powershell Install KMS-Key Active online If it fails you can try to restart the software protection service
Continue readingCheck Port used by System Process
Any service that uses the HTTP API in Windows will effectively be handled by the SYSTEM process, so you cannot just look up the process with netstat -ano and kill it. To view the webservices runing inside the SYSTEM process run the following command
Continue readingFind services running inside svchost.exe
Find services running inside svchost.exe via cmd.exe tasklist /svc | findstr “svchost.exe”
Continue reading