Commit 0f00552
Changed files (1)
windows
windows/todo.txt
@@ -0,0 +1,462 @@
+C:\>cmd /c "date /t && time /t"
+Wed 10/04/2008
+02:12 PM
+
+C:\>AuditPol
+
+Running ...
+
+(X) Audit Enabled
+
+AuditCategorySystem = Success
+AuditCategoryLogon = Success
+AuditCategoryObjectAccess = No
+AuditCategoryPrivilegeUse = No
+AuditCategoryDetailedTracking = No
+AuditCategoryPolicyChange = Success
+AuditCategoryAccountManagement = Success
+Unknown = Success
+Unknown = Success
+
+C:\>ipconfig /all
+
+
+Windows IP Configuration
+
+ Host Name . . . . . . . . . . . . : MISKA
+ Primary Dns Suffix . . . . . . . : STARBAND.net
+ Node Type . . . . . . . . . . . . : Unknown
+ IP Routing Enabled. . . . . . . . : No
+ WINS Proxy Enabled. . . . . . . . : No
+ DNS Suffix Search List. . . . . . : STARBAND.net
+
+Ethernet adapter Local Area Connection:
+
+ Connection-specific DNS Suffix . :
+ Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
+ Physical Address. . . . . . . . . : 00-50-56-BD-69-A1
+ DHCP Enabled. . . . . . . . . . . : No
+ IP Address. . . . . . . . . . . . : 148.78.247.25
+ Subnet Mask . . . . . . . . . . . : 255.255.255.0
+ Default Gateway . . . . . . . . . : 148.78.247.10
+ DNS Servers . . . . . . . . . . . : 127.0.0.1
+ 148.78.247.22
+
+C:\>psloggedon
+
+
+PsLoggedOn v1.32 - Logon Session Displayer
+Copyright (C) 1999-2006 Mark Russinovich
+SysInternals - www.sysinternals.com
+
+Users logged on locally:
+ Error: could not retrieve logon time
+NT AUTHORITY\LOCAL SERVICE
+ Error: could not retrieve logon time
+NT AUTHORITY\NETWORK SERVICE
+ 10/3/2008 12:44:19 PM STARBAND\Administrator
+ Error: could not retrieve logon time
+NT AUTHORITY\SYSTEM
+
+No one is logged on via resource shares.
+
+C:\>pslist
+
+
+PsList 1.26 - Process Information Lister
+Copyright (C) 1999-2004 Mark Russinovich
+Sysinternals - www.sysinternals.com
+
+Process information for MISKA:
+
+Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
+Idle 0 0 1 0 0 45:28:19.625 0:00:00.000
+System 4 8 52 821 0 0:02:00.593 0:00:00.000
+smss 264 11 3 18 140 0:00:00.421 46:49:32.859
+csrss 428 13 11 438 1688 0:00:26.796 46:49:31.500
+winlogon 464 13 21 615 7600 0:00:32.796 46:49:30.937
+services 548 9 17 322 3856 0:00:21.687 46:49:28.609
+lsass 564 9 52 960 25100 0:03:08.484 46:49:28.296
+svchost 760 8 5 76 712 0:00:00.250 46:49:27.359
+svchost 1024 8 10 207 1168 0:00:08.687 46:49:20.859
+svchost 1088 8 11 147 3640 0:00:04.125 46:49:20.453
+svchost 1108 8 13 161 1020 0:00:00.656 46:49:20.359
+svchost 1132 8 45 861 11936 0:00:29.609 46:49:20.328
+spoolsv 1948 8 12 147 3616 0:00:01.328 46:48:51.828
+msdtc 1972 8 13 145 1424 0:00:00.250 46:48:51.750
+dfssvc 196 8 11 120 1692 0:00:03.015 46:48:51.281
+dns 300 8 13 180 7340 0:00:18.875 46:48:51.125
+svchost 348 8 2 54 448 0:00:00.015 46:48:50.968
+ismserv 372 8 9 118 1612 0:00:00.781 46:48:50.906
+ntfrs 396 8 20 295 9072 0:00:20.921 46:48:50.828
+svchost 492 8 2 55 420 0:00:00.078 46:48:50.359
+VMwareService 812 13 3 47 532 0:25:09.781 46:48:50.031
+svchost 1420 8 16 131 1328 0:00:00.281 46:48:42.906
+wmiprvse 1208 8 4 150 2388 0:00:02.468 46:47:43.531
+explorer 2392 8 13 380 9236 0:00:15.125 25:27:51.734
+VMwareTray 2548 8 2 27 636 0:00:08.156 25:27:44.296
+VMwareUser 3232 8 1 26 644 0:00:09.437 25:27:44.031
+wuauclt 1152 8 3 107 5256 0:00:00.187 25:27:43.359
+mmc 3988 8 3 236 6976 0:00:17.203 24:37:13.062
+cmd 2216 8 1 25 1428 0:00:00.296 0:05:03.343
+pslist 3212 13 1 80 628 0:00:00.031 0:00:00.078
+
+
+C:\>listdlls | C:\>find "Command"
+
+Command line: <no command line>
+Command line: \SystemRoot\System32\smss.exe
+Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows
+ SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
+ ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
+Command line: winlogon.exe
+Command line: C:\WINDOWS\system32\services.exe
+Command line: C:\WINDOWS\system32\lsass.exe
+Command line: C:\WINDOWS\system32\svchost.exe -k DcomLaunch
+Command line: C:\WINDOWS\system32\svchost.exe -k rpcss
+Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService
+Command line: C:\WINDOWS\system32\svchost.exe -k LocalService
+Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
+Command line: C:\WINDOWS\system32\spoolsv.exe
+Command line: C:\WINDOWS\system32\msdtc.exe
+Command line: C:\WINDOWS\system32\Dfssvc.exe
+Command line: C:\WINDOWS\System32\dns.exe
+Command line: C:\WINDOWS\System32\svchost.exe -k WinErr
+Command line: C:\WINDOWS\System32\ismserv.exe
+Command line: C:\WINDOWS\system32\ntfrs.exe
+Command line: C:\WINDOWS\system32\svchost.exe -k regsvc
+Command line: "C:\Program Files\VMware\VMware Tools\VMwareService.exe"
+Command line: C:\WINDOWS\System32\svchost.exe -k termsvcs
+Command line: C:\WINDOWS\system32\wbem\wmiprvse.exe
+Command line: C:\WINDOWS\Explorer.EXE
+Command line: "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
+Command line: "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
+Command line: "C:\WINDOWS\system32\wuauclt.exe"
+Command line: "C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\dnsmgmt.msc" /s
+Command line: "C:\WINDOWS\system32\cmd.exe"
+Command line: Z:\Private\TrustedTools\listdlls
+
+C:\>netstat -an
+
+
+Active Connections
+
+ Proto Local Address Foreign Address State
+ TCP 0.0.0.0:53 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:88 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:464 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:593 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:636 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:1037 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:1049 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING
+ TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING
+ TCP 127.0.0.1:389 127.0.0.1:1032 ESTABLISHED
+ TCP 127.0.0.1:389 127.0.0.1:1033 ESTABLISHED
+ TCP 127.0.0.1:389 127.0.0.1:1034 ESTABLISHED
+ TCP 127.0.0.1:389 127.0.0.1:1045 ESTABLISHED
+ TCP 127.0.0.1:1026 127.0.0.1:1059 ESTABLISHED
+ TCP 127.0.0.1:1032 127.0.0.1:389 ESTABLISHED
+ TCP 127.0.0.1:1033 127.0.0.1:389 ESTABLISHED
+ TCP 127.0.0.1:1034 127.0.0.1:389 ESTABLISHED
+ TCP 127.0.0.1:1045 127.0.0.1:389 ESTABLISHED
+ TCP 127.0.0.1:1059 127.0.0.1:1026 ESTABLISHED
+ TCP 148.78.247.25:139 0.0.0.0:0 LISTENING
+ TCP 148.78.247.25:139 148.78.247.202:1392 ESTABLISHED
+ TCP 148.78.247.25:389 148.78.247.25:3906 ESTABLISHED
+ TCP 148.78.247.25:389 148.78.247.25:4609 TIME_WAIT
+ TCP 148.78.247.25:389 148.78.247.25:4610 TIME_WAIT
+ TCP 148.78.247.25:1026 148.78.247.25:1217 ESTABLISHED
+ TCP 148.78.247.25:1026 148.78.247.25:1460 ESTABLISHED
+ TCP 148.78.247.25:1026 148.78.247.25:4608 ESTABLISHED
+ TCP 148.78.247.25:1217 148.78.247.25:1026 ESTABLISHED
+ TCP 148.78.247.25:1460 148.78.247.25:1026 ESTABLISHED
+ TCP 148.78.247.25:3906 148.78.247.25:389 ESTABLISHED
+ TCP 148.78.247.25:4607 148.78.247.25:135 TIME_WAIT
+ TCP 148.78.247.25:4608 148.78.247.25:1026 ESTABLISHED
+ TCP 148.78.247.25:4611 148.78.247.25:445 TIME_WAIT
+ TCP 148.78.247.25:4615 148.78.247.22:445 ESTABLISHED
+ UDP 0.0.0.0:445 *:*
+ UDP 0.0.0.0:500 *:*
+ UDP 0.0.0.0:1029 *:*
+ UDP 0.0.0.0:1036 *:*
+ UDP 0.0.0.0:1043 *:*
+ UDP 0.0.0.0:4500 *:*
+ UDP 127.0.0.1:53 *:*
+ UDP 127.0.0.1:123 *:*
+ UDP 127.0.0.1:1031 *:*
+ UDP 127.0.0.1:1035 *:*
+ UDP 127.0.0.1:1038 *:*
+ UDP 127.0.0.1:1044 *:*
+ UDP 127.0.0.1:1221 *:*
+ UDP 127.0.0.1:1233 *:*
+ UDP 127.0.0.1:1415 *:*
+ UDP 127.0.0.1:1799 *:*
+ UDP 127.0.0.1:2730 *:*
+ UDP 148.78.247.25:53 *:*
+ UDP 148.78.247.25:88 *:*
+ UDP 148.78.247.25:123 *:*
+ UDP 148.78.247.25:137 *:*
+ UDP 148.78.247.25:138 *:*
+ UDP 148.78.247.25:389 *:*
+ UDP 148.78.247.25:464 *:*
+
+C:\>fport
+
+FPort v2.0 - TCP/IP Process to Port Mapper
+Copyright 2000 by Foundstone, Inc.
+http://www.foundstone.com
+
+Pid Process Port Proto Path
+300 dns -> 53 TCP C:\WINDOWS\System32\dns.exe
+564 lsass -> 88 TCP C:\WINDOWS\system32\lsass.exe
+1024 -> 135 TCP
+4 System -> 139 TCP
+0 System -> 389 TCP
+564 lsass -> 389 TCP C:\WINDOWS\system32\lsass.exe
+4 System -> 445 TCP
+564 lsass -> 464 TCP C:\WINDOWS\system32\lsass.exe
+1024 -> 593 TCP
+564 lsass -> 636 TCP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1026 TCP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1027 TCP C:\WINDOWS\system32\lsass.exe
+372 ismserv -> 1032 TCP C:\WINDOWS\System32\ismserv.exe
+372 ismserv -> 1033 TCP C:\WINDOWS\System32\ismserv.exe
+372 ismserv -> 1034 TCP C:\WINDOWS\System32\ismserv.exe
+396 ntfrs -> 1037 TCP C:\WINDOWS\system32\ntfrs.exe
+300 dns -> 1045 TCP C:\WINDOWS\System32\dns.exe
+300 dns -> 1049 TCP C:\WINDOWS\System32\dns.exe
+564 lsass -> 1059 TCP C:\WINDOWS\system32\lsass.exe
+396 ntfrs -> 1217 TCP C:\WINDOWS\system32\ntfrs.exe
+564 lsass -> 1460 TCP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 3268 TCP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 3269 TCP C:\WINDOWS\system32\lsass.exe
+396 ntfrs -> 3906 TCP C:\WINDOWS\system32\ntfrs.exe
+4 System -> 4615 TCP
+0 System -> 4622 TCP
+196 Dfssvc -> 4623 TCP C:\WINDOWS\system32\Dfssvc.exe
+196 Dfssvc -> 4624 TCP C:\WINDOWS\system32\Dfssvc.exe
+
+1024 -> 53 UDP
+564 lsass -> 53 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 88 UDP C:\WINDOWS\system32\lsass.exe
+372 ismserv -> 123 UDP C:\WINDOWS\System32\ismserv.exe
+564 lsass -> 123 UDP C:\WINDOWS\system32\lsass.exe
+372 ismserv -> 137 UDP C:\WINDOWS\System32\ismserv.exe
+372 ismserv -> 138 UDP C:\WINDOWS\System32\ismserv.exe
+300 dns -> 389 UDP C:\WINDOWS\System32\dns.exe
+300 dns -> 445 UDP C:\WINDOWS\System32\dns.exe
+564 lsass -> 464 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 500 UDP C:\WINDOWS\system32\lsass.exe
+1024 -> 1029 UDP
+564 lsass -> 1031 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1035 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1036 UDP C:\WINDOWS\system32\lsass.exe
+396 ntfrs -> 1038 UDP C:\WINDOWS\system32\ntfrs.exe
+4 System -> 1043 UDP
+300 dns -> 1044 UDP C:\WINDOWS\System32\dns.exe
+564 lsass -> 1221 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1233 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1415 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 1799 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 2730 UDP C:\WINDOWS\system32\lsass.exe
+564 lsass -> 4500 UDP C:\WINDOWS\system32\lsass.exe
+
+
+
+C:\>netstat -rn
+
+
+IPv4 Route Table
+===========================================================================
+Interface List
+0x1 ........................... MS TCP Loopback interface
+0x10003 ...00 50 56 bd 69 a1 ...... AMD PCNET Family PCI Ethernet Adapter
+===========================================================================
+===========================================================================
+Active Routes:
+Network Destination Netmask Gateway Interface Metric
+ 0.0.0.0 0.0.0.0 148.78.247.10 148.78.247.25 30
+ 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
+ 148.78.247.0 255.255.255.0 148.78.247.25 148.78.247.25 30
+ 148.78.247.25 255.255.255.255 127.0.0.1 127.0.0.1 30
+ 148.78.247.255 255.255.255.255 148.78.247.25 148.78.247.25 30
+ 224.0.0.0 240.0.0.0 148.78.247.25 148.78.247.25 30
+ 255.255.255.255 255.255.255.255 148.78.247.25 148.78.247.25 1
+Default Gateway: 148.78.247.10
+===========================================================================
+Persistent Routes:
+ None
+
+Route Table
+
+C:\>nbtstat -rn
+
+
+Local Area Connection:
+Node IpAddress: [148.78.247.25] Scope Id: []
+ NetBIOS Local Name Table
+ Name Type Status
+ ---------------------------------------------
+ MISKA <00> UNIQUE Registered
+ STARBAND <00> GROUP Registered
+ STARBAND <1C> GROUP Registered
+ MISKA <20> UNIQUE Registered
+ STARBAND <1B> UNIQUE Registered
+ STARBAND <1E> GROUP Registered
+ STARBAND <1D> UNIQUE Registered
+ ..__MSBROWSE__. <01> GROUP Registered
+
+C:\>autorunsc
+
+
+HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip
+ RDP Clip Monitor
+ Microsoft Corporation
+ c:\windows\system32\rdpclip.exe
+
+HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ C:\WINDOWS\system32\userinit.exe
+ Userinit Logon Application
+ Microsoft Corporation
+ c:\windows\system32\userinit.exe
+
+HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exe
+ Windows Explorer
+ Microsoft Corporation
+ c:\windows\explorer.exe
+
+HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ VMware Tools
+ VMwareTray
+ VMware, Inc.
+ c:\program files\vmware\vmware tools\vmwaretray.exe
+ VMware User Process
+ VMwareUser
+ VMware, Inc.
+ c:\program files\vmware\vmware tools\vmwareuser.exe
+
+C:\>reg query HKLM\System\CurrentControlSet\Control\Hivelist
+
+
+! REG.EXE VERSION 3.0
+
+HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Hivelist
+ \REGISTRY\MACHINE\HARDWARE REG_SZ
+ \REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY
+ \REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\software
+ \REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\system
+ \REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\default
+ \REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume1\WINDOWS\system32\config\SAM
+ \REGISTRY\USER\S-1-5-20 REG_SZ \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT
+ \REGISTRY\USER\S-1-5-20_Classes REG_SZ \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ \REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT
+ \REGISTRY\USER\S-1-5-19_Classes REG_SZ \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ \REGISTRY\USER\S-1-5-21-4190164925-2839916710-2620655279-500 REG_SZ \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT
+ \REGISTRY\USER\S-1-5-21-4190164925-2839916710-2620655279-500_Classes REG_SZ \Device\HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+
+C:\>reg query HKLM\System\CurrentControlSet\Control\Windows
+
+
+! REG.EXE VERSION 3.0
+
+HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows
+ CSDVersion REG_DWORD 0x100
+ CSDReleaseType REG_DWORD 0x0
+ Directory REG_EXPAND_SZ %SystemRoot%
+ ErrorMode REG_DWORD 0x0
+ NoInteractiveServices REG_DWORD 0x0
+ SystemDirectory REG_EXPAND_SZ %SystemRoot%\system32
+ ShellErrorMode REG_DWORD 0x1
+ ShutdownTime REG_BINARY 45C9930D58E6C601
+
+C:\>reg query "HKLM\System\CurrentControlSet\Control\Session Manager\FileRenameOperations"
+
+
+! REG.EXE VERSION 3.0
+
+HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\FileRenameOperations
+
+C:\>reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows"
+
+
+! REG.EXE VERSION 3.0
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
+ AppInit_DLLs REG_SZ
+ DeviceNotSelectedTimeout REG_SZ 15
+ GDIProcessHandleQuota REG_DWORD 0x2710
+ Spooler REG_SZ yes
+ swapdisk REG_SZ
+ TransmissionRetryTimeout REG_SZ 90
+ USERProcessHandleQuota REG_DWORD 0x2710
+ DesktopHeapLogging REG_DWORD 0x1
+
+C:\>reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
+
+
+! REG.EXE VERSION 3.0
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
+ AutoRestartShell REG_DWORD 0x1
+ DefaultDomainName REG_SZ STARBAND
+ DefaultUserName REG_SZ Administrator
+ LegalNoticeCaption REG_SZ
+ LegalNoticeText REG_SZ
+ PowerdownAfterShutdown REG_SZ 0
+ ReportBootOk REG_SZ 1
+ Shell REG_SZ Explorer.exe
+ ShutdownWithoutLogon REG_SZ 0
+ System REG_SZ
+ Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
+ VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
+ SfcQuota REG_DWORD 0xffffffff
+ allocatecdroms REG_SZ 0
+ allocatedasd REG_SZ 0
+ allocatefloppies REG_SZ 0
+ cachedlogonscount REG_SZ 10
+ forceunlocklogon REG_DWORD 0x0
+ passwordexpirywarning REG_DWORD 0xe
+ scremoveoption REG_SZ 0
+ AllowMultipleTSSessions REG_DWORD 0x1
+ AppSetup REG_SZ
+ UIHost REG_EXPAND_SZ %SystemRoot%\system32\logonui.exe
+ DebugServerCommand REG_SZ no
+ SFCDisable REG_DWORD 0x0
+ WinStationsDisabled REG_SZ 0
+ ShowLogonOptions REG_DWORD 0x1
+ AltDefaultUserName REG_SZ Administrator
+ AltDefaultDomainName REG_SZ STARBAND
+ DisableLockWorkstation REG_DWORD 0x0
+ DCacheUpdate REG_BINARY 545616DCDFE7C601
+ CachePrimaryDomain REG_SZ STARBAND
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DomainCache
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
+
+HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials
+
+C:\>winclip -p
+
+http://www.msexchange.org/tutorials/Configuring-Exchange2003-HTTP-Remote-Access.html
+
+C:\>doskey /h
+
+
+C:\>cmd /c "date /t && time /t"
+
+Wed 10/04/2008
+02:12 PM
+