ScreenConnect / Connectwise Control Notes
The remote sharing server mentioned on the home page refers to ScreenConnect (SC) or what is now known as Connectwise Control. Here are some useful commands used in the command window.
NOTE: You will notice a couple of lines added to the scripts below that are specific commands for ScreenConnect. If you remove these two lines you can run these commands on any Windows machine. Here is an explanation of those lines:
- #!ps - This command tells SC the following commands are PowerShell commands. You are simply sending commands to the command prompt you can use #!cmd instead. I'm lazy and use #!ps for most of the commands.
- #maxlength=100000 - This command defines the number of lines to be returned. You can modify this based on what you are expecting, again I simply use the same for all my commands.
- #timeout=90000 - An important command that provides a timeout and is very useful for when you make a mistake! ;) Set this too low and your command may not complete...especially during installations.
Create new domain user account from CLI
Create a new user account on the domain with full name, comment and require changing of password after initial logon:
net user username password /add /domain /fullname:"Full Name" /comment:"Position or Title" /logonpasswordchg:Yes
Download a file using BITS
Here I am downloading an mst file matching the below msi file for installation.
#!ps
#maxlength=100000
#timeout=90000
bitsadmin /transfer MEDCDownload /download /priority normal http://www.thealliedteam.com/msp/agency/DesktopCentralAgent.mst C:\Support\DesktopCentralAgent.mst
Another example of BITS download
What I'm actually doing here is copying the msi file matching the mst file above and then I will install the application.
#!ps
#maxlength=100000
#timeout=90000
bitsadmin /transfer MEDCDownload /download /priority normal http://www.thealliedteam.com/msp/agency/DesktopCentralAgent.msi C:\Support\DesktopCentralAgent.msi
msiexec from cli to install the application
#!ps
#maxlength=100000
#timeout=90000
msiexec /i C:\Support\DesktopCentralAgent.msi TRANSFORMS="C:\Support\DesktopCentralAgent.mst" ENABLESILENT=yes REBOOT=ReallySuppress INSTALLSOURCE=Manual /lv C:\Support\Agentinstalllog-2.txt
Downloading another file using BITS in Windows
This script contains commands for Windows 10 Debloate
#!ps
#maxlength=100000
#timeout=90000
bitsadmin /transfer ScriptsDownload /download /priority normal http://www.thealliedteam.com/msp/scripts.zip C:\Support\scripts.zip
Yet another BITS download for unzip.exe hosted on my site
#!ps
#maxlength=100000
#timeout=90000
bitsadmin /transfer ToolDownload /download /priority normal http://www.thealliedteam.com/msp/unzip.exe C:\Support\unzip.exe
Combining and executing
Here I combine the commands to execute
bitsadmin /transfer ScriptsDownload /download /priority normal http://www.thealliedteam.com/msp/scripts.zip C:\Support\scripts.zip
bitsadmin /transfer ToolDownload /download /priority normal http://www.thealliedteam.com/msp/unzip.exe C:\Support\unzip.exe
c:\Support\unzip.exe C:\Support\scripts.zip -d C:\Support\
powershell Set-ExecutionPolicy Unrestricted
powershell c:\Support\scripts\optimize-windows-update.ps1
powershell Set-ExecutionPolicy Restricted
Uninstall NinjaRMM
I was using NinjaRMM, but needed to uninstall. I achieved that with the following commands.
First check to see if it is installed
wmic product where "Name like '%%Ninja%%'" get name
Perform the un-installation/removal
#!ps
#maxlength=10000
#timeout=100000
wmic product where name="Ninja NMS" call uninstall /nointeractive
Rename computer from CLI
WMIC computersystem where caption='DESKTOP-95PQTKT' rename NEWNAME
Change from default WORKGROUP to a new one via CLI
WMIC ComputerSystem Where Name="%NEWNAME%" Call JoinDomainOrWorkgroup Name="WORKGROUP-NEW"
Example of how to download a Windows update file using BITS inside of PS and then execute
#!ps
#maxlength=100000
#timeout=90000
bitsadmin /transfer ScriptsDownload /download /priority normal http://download.windowsupdate.com/d/msdownload/update/software/crup/2018/01/windows10.0-kb4074608-x64_1f59742e7b3cbd6ec6e1853869fa91576400bbcc.msu C:\Support\windows10.0-kb4074608-x64_1f59742e7b3cbd6ec6e1853869fa91576400bbcc.msu
#!cmd
#maxlength=100000
#timeout=90000
wusa.exe C:\Support\windows10.0-kb4074608-x64_1f59742e7b3cbd6ec6e1853869fa91576400bbcc.msu /quiet /norestart
Another example to install Windows update from CLI
dism /online /get-packages | findstr KB4074608
Check to see if Windows update has been installed on a system
SYSTEMINFO.exe | findstr KB4074608
Download PatchMyPC
#!cmd
#maxlength=100000
#timeout=90000
bitsadmin /transfer ScriptsDownload /download /priority normal https://patchmypc.net/freeupdater/PatchMyPC.exe C:\Support\PatchMyPC.exe
Modify Registry Entry via PS
This entry is not display last user logged on:
#!ps
#maxlength=100000
#timeout=90000
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name dontdisplaylastusername -Value 1
Installing WebRoot AV from CLI and assigning license
#!cmd
#maxlength=100000
#timeout=90000
msiexec /i http://anywhere.webrootcloudav.com/zerol/wsasme.msi GUILIC=XXXX-XXXX-XXXX-XXXX CMDLINE=SME,quiet /qn /l*v install.log
Uninstall WebRoot AV from CLI
"C:\Program Files\Webroot\WRSA.exe" -uninstall
"C:\Program Files (x86)\Webroot\WRSA.exe" -uninstall
Windows Defender on Win 10
Turn off
Run the following command in PowerShell:
Set-MpPreference -DisableRealtimeMonitoring $true
Enable Controlled Folder Access
Set-MpPreference -EnableControlledFolderAccess Enabled
CAUTION: Take ownership and delete
@echo off
takeown /A /R /F %1
rd /s /q %1
Running Windows Updates from PowerShell CLI
The first thing you will need to do is to manually Install the Windows Update module,
#!ps
#maxlength=10000
#timeout=100000
Install-Module PSWindowsUpdate
Next, you will need to connect to the Windows Update servers and download the updates, if any are needed
#!ps
#maxlength=10000
#timeout=100000
Get-WindowsUpdate
Last, use the following to install the Windows Updates downloaded to the computer
#!ps
#maxlength=10000
#timeout=100000
Install-WindowsUpdate -AcceptAll -MicrosoftUpdate -AutoReboot
If needed, you may need to register the update service with the following:
#!ps
#maxlength=10000
#timeout=100000
Add-WUServiceManager -ServiceID "7971f918-a847-4430-9279-4a52d1efe18d" -Confirm:$false
Updating SSL Cert for Server
After adding your certificate to the Local Computer\User store, you need to ensure it says, "You have a private key that corresponds to this certificate." If it does not, you will receive an error similar to the following:
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated.
To resolve this error, "click the Details tab and obtain the Serial number for the certificate. Then at a command prompt run the following:
certutil -repairstore my "<serial_number>"
To bind the certificate to the appropriate port, obtain the thumbprint of the certificate and run the following command, the appid for SC is irrelevant and you can use an empty GUID as mentioned:
netsh http add sslcert ipport=0.0.0.0:443 certhash=<thumbprint> appid="{00000000-0000-0000-0000-000000000000}"