master
1C:\>cmd /c "date /t && time /t"
2Wed 10/04/2008
302:12 PM
4
5C:\>AuditPol
6
7Running ...
8
9(X) Audit Enabled
10
11AuditCategorySystem = Success
12AuditCategoryLogon = Success
13AuditCategoryObjectAccess = No
14AuditCategoryPrivilegeUse = No
15AuditCategoryDetailedTracking = No
16AuditCategoryPolicyChange = Success
17AuditCategoryAccountManagement = Success
18Unknown = Success
19Unknown = Success
20
21C:\>ipconfig /all
22
23
24Windows IP Configuration
25
26 Host Name . . . . . . . . . . . . : MISKA
27 Primary Dns Suffix . . . . . . . : STARBAND.net
28 Node Type . . . . . . . . . . . . : Unknown
29 IP Routing Enabled. . . . . . . . : No
30 WINS Proxy Enabled. . . . . . . . : No
31 DNS Suffix Search List. . . . . . : STARBAND.net
32
33Ethernet adapter Local Area Connection:
34
35 Connection-specific DNS Suffix . :
36 Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
37 Physical Address. . . . . . . . . : 00-50-56-BD-69-A1
38 DHCP Enabled. . . . . . . . . . . : No
39 IP Address. . . . . . . . . . . . : 148.78.247.25
40 Subnet Mask . . . . . . . . . . . : 255.255.255.0
41 Default Gateway . . . . . . . . . : 148.78.247.10
42 DNS Servers . . . . . . . . . . . : 127.0.0.1
43 148.78.247.22
44
45C:\>psloggedon
46
47
48PsLoggedOn v1.32 - Logon Session Displayer
49Copyright (C) 1999-2006 Mark Russinovich
50SysInternals - www.sysinternals.com
51
52Users logged on locally:
53 Error: could not retrieve logon time
54NT AUTHORITY\LOCAL SERVICE
55 Error: could not retrieve logon time
56NT AUTHORITY\NETWORK SERVICE
57 10/3/2008 12:44:19 PM STARBAND\Administrator
58 Error: could not retrieve logon time
59NT AUTHORITY\SYSTEM
60
61No one is logged on via resource shares.
62
63C:\>pslist
64
65
66PsList 1.26 - Process Information Lister
67Copyright (C) 1999-2004 Mark Russinovich
68Sysinternals - www.sysinternals.com
69
70Process information for MISKA:
71
72Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
73Idle 0 0 1 0 0 45:28:19.625 0:00:00.000
74System 4 8 52 821 0 0:02:00.593 0:00:00.000
75smss 264 11 3 18 140 0:00:00.421 46:49:32.859
76csrss 428 13 11 438 1688 0:00:26.796 46:49:31.500
77winlogon 464 13 21 615 7600 0:00:32.796 46:49:30.937
78services 548 9 17 322 3856 0:00:21.687 46:49:28.609
79lsass 564 9 52 960 25100 0:03:08.484 46:49:28.296
80svchost 760 8 5 76 712 0:00:00.250 46:49:27.359
81svchost 1024 8 10 207 1168 0:00:08.687 46:49:20.859
82svchost 1088 8 11 147 3640 0:00:04.125 46:49:20.453
83svchost 1108 8 13 161 1020 0:00:00.656 46:49:20.359
84svchost 1132 8 45 861 11936 0:00:29.609 46:49:20.328
85spoolsv 1948 8 12 147 3616 0:00:01.328 46:48:51.828
86msdtc 1972 8 13 145 1424 0:00:00.250 46:48:51.750
87dfssvc 196 8 11 120 1692 0:00:03.015 46:48:51.281
88dns 300 8 13 180 7340 0:00:18.875 46:48:51.125
89svchost 348 8 2 54 448 0:00:00.015 46:48:50.968
90ismserv 372 8 9 118 1612 0:00:00.781 46:48:50.906
91ntfrs 396 8 20 295 9072 0:00:20.921 46:48:50.828
92svchost 492 8 2 55 420 0:00:00.078 46:48:50.359
93VMwareService 812 13 3 47 532 0:25:09.781 46:48:50.031
94svchost 1420 8 16 131 1328 0:00:00.281 46:48:42.906
95wmiprvse 1208 8 4 150 2388 0:00:02.468 46:47:43.531
96explorer 2392 8 13 380 9236 0:00:15.125 25:27:51.734
97VMwareTray 2548 8 2 27 636 0:00:08.156 25:27:44.296
98VMwareUser 3232 8 1 26 644 0:00:09.437 25:27:44.031
99wuauclt 1152 8 3 107 5256 0:00:00.187 25:27:43.359
100mmc 3988 8 3 236 6976 0:00:17.203 24:37:13.062
101cmd 2216 8 1 25 1428 0:00:00.296 0:05:03.343
102pslist 3212 13 1 80 628 0:00:00.031 0:00:00.078
103
104
105C:\>listdlls | C:\>find "Command"
106
107Command line: <no command line>
108Command line: \SystemRoot\System32\smss.exe
109Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows
110 SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
111 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
112Command line: winlogon.exe
113Command line: C:\WINDOWS\system32\services.exe
114Command line: C:\WINDOWS\system32\lsass.exe
115Command line: C:\WINDOWS\system32\svchost.exe -k DcomLaunch
116Command line: C:\WINDOWS\system32\svchost.exe -k rpcss
117Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
118Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
119Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
120Command line: C:\WINDOWS\system32\spoolsv.exe
121Command line: C:\WINDOWS\system32\msdtc.exe
122Command line: C:\WINDOWS\system32\Dfssvc.exe
123Command line: C:\WINDOWS\System32\dns.exe
124Command line: C:\WINDOWS\System32\svchost.exe -k WinErr
125Command line: C:\WINDOWS\System32\ismserv.exe
126Command line: C:\WINDOWS\system32\ntfrs.exe
127Command line: C:\WINDOWS\system32\svchost.exe -k regsvc
128Command line: "C:\Program Files\VMware\VMware Tools\VMwareService.exe"
129Command line: C:\WINDOWS\System32\svchost.exe -k termsvcs
130Command line: C:\WINDOWS\system32\wbem\wmiprvse.exe
131Command line: C:\WINDOWS\Explorer.EXE
132Command line: "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
133Command line: "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
134Command line: "C:\WINDOWS\system32\wuauclt.exe"
135Command line: "C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\dnsmgmt.msc" /s
136Command line: "C:\WINDOWS\system32\cmd.exe"
137Command line: Z:\Private\TrustedTools\listdlls
138
139C:\>netstat -an
140
141
142Active Connections
143
144 Proto Local Address Foreign Address State
145 TCP 0.0.0.0:53 0.0.0.0:0 LISTENING
146 TCP 0.0.0.0:88 0.0.0.0:0 LISTENING
147 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
148 TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
149 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
150 TCP 0.0.0.0:464 0.0.0.0:0 LISTENING
151 TCP 0.0.0.0:593 0.0.0.0:0 LISTENING
152 TCP 0.0.0.0:636 0.0.0.0:0 LISTENING
153 TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
154 TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
155 TCP 0.0.0.0:1037 0.0.0.0:0 LISTENING
156 TCP 0.0.0.0:1049 0.0.0.0:0 LISTENING
157 TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING
158 TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING
159 TCP 127.0.0.1:389 127.0.0.1:1032 ESTABLISHED
160 TCP 127.0.0.1:389 127.0.0.1:1033 ESTABLISHED
161 TCP 127.0.0.1:389 127.0.0.1:1034 ESTABLISHED
162 TCP 127.0.0.1:389 127.0.0.1:1045 ESTABLISHED
163 TCP 127.0.0.1:1026 127.0.0.1:1059 ESTABLISHED
164 TCP 127.0.0.1:1032 127.0.0.1:389 ESTABLISHED
165 TCP 127.0.0.1:1033 127.0.0.1:389 ESTABLISHED
166 TCP 127.0.0.1:1034 127.0.0.1:389 ESTABLISHED
167 TCP 127.0.0.1:1045 127.0.0.1:389 ESTABLISHED
168 TCP 127.0.0.1:1059 127.0.0.1:1026 ESTABLISHED
169 TCP 148.78.247.25:139 0.0.0.0:0 LISTENING
170 TCP 148.78.247.25:139 148.78.247.202:1392 ESTABLISHED
171 TCP 148.78.247.25:389 148.78.247.25:3906 ESTABLISHED
172 TCP 148.78.247.25:389 148.78.247.25:4609 TIME_WAIT
173 TCP 148.78.247.25:389 148.78.247.25:4610 TIME_WAIT
174 TCP 148.78.247.25:1026 148.78.247.25:1217 ESTABLISHED
175 TCP 148.78.247.25:1026 148.78.247.25:1460 ESTABLISHED
176 TCP 148.78.247.25:1026 148.78.247.25:4608 ESTABLISHED
177 TCP 148.78.247.25:1217 148.78.247.25:1026 ESTABLISHED
178 TCP 148.78.247.25:1460 148.78.247.25:1026 ESTABLISHED
179 TCP 148.78.247.25:3906 148.78.247.25:389 ESTABLISHED
180 TCP 148.78.247.25:4607 148.78.247.25:135 TIME_WAIT
181 TCP 148.78.247.25:4608 148.78.247.25:1026 ESTABLISHED
182 TCP 148.78.247.25:4611 148.78.247.25:445 TIME_WAIT
183 TCP 148.78.247.25:4615 148.78.247.22:445 ESTABLISHED
184 UDP 0.0.0.0:445 *:*
185 UDP 0.0.0.0:500 *:*
186 UDP 0.0.0.0:1029 *:*
187 UDP 0.0.0.0:1036 *:*
188 UDP 0.0.0.0:1043 *:*
189 UDP 0.0.0.0:4500 *:*
190 UDP 127.0.0.1:53 *:*
191 UDP 127.0.0.1:123 *:*
192 UDP 127.0.0.1:1031 *:*
193 UDP 127.0.0.1:1035 *:*
194 UDP 127.0.0.1:1038 *:*
195 UDP 127.0.0.1:1044 *:*
196 UDP 127.0.0.1:1221 *:*
197 UDP 127.0.0.1:1233 *:*
198 UDP 127.0.0.1:1415 *:*
199 UDP 127.0.0.1:1799 *:*
200 UDP 127.0.0.1:2730 *:*
201 UDP 148.78.247.25:53 *:*
202 UDP 148.78.247.25:88 *:*
203 UDP 148.78.247.25:123 *:*
204 UDP 148.78.247.25:137 *:*
205 UDP 148.78.247.25:138 *:*
206 UDP 148.78.247.25:389 *:*
207 UDP 148.78.247.25:464 *:*
208
209C:\>fport
210
211FPort v2.0 - TCP/IP Process to Port Mapper
212Copyright 2000 by Foundstone, Inc.
213http://www.foundstone.com
214
215Pid Process Port Proto Path
216300 dns -> 53 TCP C:\WINDOWS\System32\dns.exe
217564 lsass -> 88 TCP C:\WINDOWS\system32\lsass.exe
2181024 -> 135 TCP
2194 System -> 139 TCP
2200 System -> 389 TCP
221564 lsass -> 389 TCP C:\WINDOWS\system32\lsass.exe
2224 System -> 445 TCP
223564 lsass -> 464 TCP C:\WINDOWS\system32\lsass.exe
2241024 -> 593 TCP
225564 lsass -> 636 TCP C:\WINDOWS\system32\lsass.exe
226564 lsass -> 1026 TCP C:\WINDOWS\system32\lsass.exe
227564 lsass -> 1027 TCP C:\WINDOWS\system32\lsass.exe
228372 ismserv -> 1032 TCP C:\WINDOWS\System32\ismserv.exe
229372 ismserv -> 1033 TCP C:\WINDOWS\System32\ismserv.exe
230372 ismserv -> 1034 TCP C:\WINDOWS\System32\ismserv.exe
231396 ntfrs -> 1037 TCP C:\WINDOWS\system32\ntfrs.exe
232300 dns -> 1045 TCP C:\WINDOWS\System32\dns.exe
233300 dns -> 1049 TCP C:\WINDOWS\System32\dns.exe
234564 lsass -> 1059 TCP C:\WINDOWS\system32\lsass.exe
235396 ntfrs -> 1217 TCP C:\WINDOWS\system32\ntfrs.exe
236564 lsass -> 1460 TCP C:\WINDOWS\system32\lsass.exe
237564 lsass -> 3268 TCP C:\WINDOWS\system32\lsass.exe
238564 lsass -> 3269 TCP C:\WINDOWS\system32\lsass.exe
239396 ntfrs -> 3906 TCP C:\WINDOWS\system32\ntfrs.exe
2404 System -> 4615 TCP
2410 System -> 4622 TCP
242196 Dfssvc -> 4623 TCP C:\WINDOWS\system32\Dfssvc.exe
243196 Dfssvc -> 4624 TCP C:\WINDOWS\system32\Dfssvc.exe
244
2451024 -> 53 UDP
246564 lsass -> 53 UDP C:\WINDOWS\system32\lsass.exe
247564 lsass -> 88 UDP C:\WINDOWS\system32\lsass.exe
248372 ismserv -> 123 UDP C:\WINDOWS\System32\ismserv.exe
249564 lsass -> 123 UDP C:\WINDOWS\system32\lsass.exe
250372 ismserv -> 137 UDP C:\WINDOWS\System32\ismserv.exe
251372 ismserv -> 138 UDP C:\WINDOWS\System32\ismserv.exe
252300 dns -> 389 UDP C:\WINDOWS\System32\dns.exe
253300 dns -> 445 UDP C:\WINDOWS\System32\dns.exe
254564 lsass -> 464 UDP C:\WINDOWS\system32\lsass.exe
255564 lsass -> 500 UDP C:\WINDOWS\system32\lsass.exe
2561024 -> 1029 UDP
257564 lsass -> 1031 UDP C:\WINDOWS\system32\lsass.exe
258564 lsass -> 1035 UDP C:\WINDOWS\system32\lsass.exe
259564 lsass -> 1036 UDP C:\WINDOWS\system32\lsass.exe
260396 ntfrs -> 1038 UDP C:\WINDOWS\system32\ntfrs.exe
2614 System -> 1043 UDP
262300 dns -> 1044 UDP C:\WINDOWS\System32\dns.exe
263564 lsass -> 1221 UDP C:\WINDOWS\system32\lsass.exe
264564 lsass -> 1233 UDP C:\WINDOWS\system32\lsass.exe
265564 lsass -> 1415 UDP C:\WINDOWS\system32\lsass.exe
266564 lsass -> 1799 UDP C:\WINDOWS\system32\lsass.exe
267564 lsass -> 2730 UDP C:\WINDOWS\system32\lsass.exe
268564 lsass -> 4500 UDP C:\WINDOWS\system32\lsass.exe
269
270
271
272C:\>netstat -rn
273
274
275IPv4 Route Table
276===========================================================================
277Interface List
2780x1 ........................... MS TCP Loopback interface
2790x10003 ...00 50 56 bd 69 a1 ...... AMD PCNET Family PCI Ethernet Adapter
280===========================================================================
281===========================================================================
282Active Routes:
283Network Destination Netmask Gateway Interface Metric
284 0.0.0.0 0.0.0.0 148.78.247.10 148.78.247.25 30
285 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
286 148.78.247.0 255.255.255.0 148.78.247.25 148.78.247.25 30
287 148.78.247.25 255.255.255.255 127.0.0.1 127.0.0.1 30
288 148.78.247.255 255.255.255.255 148.78.247.25 148.78.247.25 30
289 224.0.0.0 240.0.0.0 148.78.247.25 148.78.247.25 30
290 255.255.255.255 255.255.255.255 148.78.247.25 148.78.247.25 1
291Default Gateway: 148.78.247.10
292===========================================================================
293Persistent Routes:
294 None
295
296Route Table
297
298C:\>nbtstat -rn
299
300
301Local Area Connection:
302Node IpAddress: [148.78.247.25] Scope Id: []
303 NetBIOS Local Name Table
304 Name Type Status
305 ---------------------------------------------
306 MISKA <00> UNIQUE Registered
307 STARBAND <00> GROUP Registered
308 STARBAND <1C> GROUP Registered
309 MISKA <20> UNIQUE Registered
310 STARBAND <1B> UNIQUE Registered
311 STARBAND <1E> GROUP Registered
312 STARBAND <1D> UNIQUE Registered
313 ..__MSBROWSE__. <01> GROUP Registered
314
315C:\>autorunsc
316
317
318HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
319 rdpclip
320 RDP Clip Monitor
321 Microsoft Corporation
322 c:\windows\system32\rdpclip.exe
323
324HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
325 C:\WINDOWS\system32\userinit.exe
326 Userinit Logon Application
327 Microsoft Corporation
328 c:\windows\system32\userinit.exe
329
330HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
331 Explorer.exe
332 Windows Explorer
333 Microsoft Corporation
334 c:\windows\explorer.exe
335
336HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
337 VMware Tools
338 VMwareTray
339 VMware, Inc.
340 c:\program files\vmware\vmware tools\vmwaretray.exe
341 VMware User Process
342 VMwareUser
343 VMware, Inc.
344 c:\program files\vmware\vmware tools\vmwareuser.exe
345
346C:\>reg query HKLM\System\CurrentControlSet\Control\Hivelist
347
348
349! REG.EXE VERSION 3.0
350
351HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Hivelist
352 \REGISTRY\MACHINE\HARDWARE REG_SZ
353 \REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY
354 \REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\software
355 \REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\system
356 \REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\default
357 \REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\SAM
358 \REGISTRY\USER\S-1-5-20 REG_SZ \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT
359 \REGISTRY\USER\S-1-5-20_Classes REG_SZ \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
360 \REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT
361 \REGISTRY\USER\S-1-5-19_Classes REG_SZ \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
362 \REGISTRY\USER\S-1-5-21-4190164925-2839916710-2620655279-500 REG_SZ \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT
363 \REGISTRY\USER\S-1-5-21-4190164925-2839916710-2620655279-500_Classes REG_SZ \Device\HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
364
365C:\>reg query HKLM\System\CurrentControlSet\Control\Windows
366
367
368! REG.EXE VERSION 3.0
369
370HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows
371 CSDVersion REG_DWORD 0x100
372 CSDReleaseType REG_DWORD 0x0
373 Directory REG_EXPAND_SZ %SystemRoot%
374 ErrorMode REG_DWORD 0x0
375 NoInteractiveServices REG_DWORD 0x0
376 SystemDirectory REG_EXPAND_SZ %SystemRoot%\system32
377 ShellErrorMode REG_DWORD 0x1
378 ShutdownTime REG_BINARY 45C9930D58E6C601
379
380C:\>reg query "HKLM\System\CurrentControlSet\Control\Session Manager\FileRenameOperations"
381
382
383! REG.EXE VERSION 3.0
384
385HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\FileRenameOperations
386
387C:\>reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows"
388
389
390! REG.EXE VERSION 3.0
391
392HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
393 AppInit_DLLs REG_SZ
394 DeviceNotSelectedTimeout REG_SZ 15
395 GDIProcessHandleQuota REG_DWORD 0x2710
396 Spooler REG_SZ yes
397 swapdisk REG_SZ
398 TransmissionRetryTimeout REG_SZ 90
399 USERProcessHandleQuota REG_DWORD 0x2710
400 DesktopHeapLogging REG_DWORD 0x1
401
402C:\>reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
403
404
405! REG.EXE VERSION 3.0
406
407HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
408 AutoRestartShell REG_DWORD 0x1
409 DefaultDomainName REG_SZ STARBAND
410 DefaultUserName REG_SZ Administrator
411 LegalNoticeCaption REG_SZ
412 LegalNoticeText REG_SZ
413 PowerdownAfterShutdown REG_SZ 0
414 ReportBootOk REG_SZ 1
415 Shell REG_SZ Explorer.exe
416 ShutdownWithoutLogon REG_SZ 0
417 System REG_SZ
418 Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
419 VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
420 SfcQuota REG_DWORD 0xffffffff
421 allocatecdroms REG_SZ 0
422 allocatedasd REG_SZ 0
423 allocatefloppies REG_SZ 0
424 cachedlogonscount REG_SZ 10
425 forceunlocklogon REG_DWORD 0x0
426 passwordexpirywarning REG_DWORD 0xe
427 scremoveoption REG_SZ 0
428 AllowMultipleTSSessions REG_DWORD 0x1
429 AppSetup REG_SZ
430 UIHost REG_EXPAND_SZ %SystemRoot%\system32\logonui.exe
431 DebugServerCommand REG_SZ no
432 SFCDisable REG_DWORD 0x0
433 WinStationsDisabled REG_SZ 0
434 ShowLogonOptions REG_DWORD 0x1
435 AltDefaultUserName REG_SZ Administrator
436 AltDefaultDomainName REG_SZ STARBAND
437 DisableLockWorkstation REG_DWORD 0x0
438 DCacheUpdate REG_BINARY 545616DCDFE7C601
439 CachePrimaryDomain REG_SZ STARBAND
440
441HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache
442
443HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
444
445HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
446
447HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
448
449HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
450
451C:\>winclip -p
452
453http://www.msexchange.org/tutorials/Configuring-Exchange2003-HTTP-Remote-Access.html
454
455C:\>doskey /h
456
457
458C:\>cmd /c "date /t && time /t"
459
460Wed 10/04/2008
46102:12 PM
462