23 ago 2019

Restore del Registry in Windows 10 1803 e successive da una Shadow Copy usando il Command Prompt

Avviare in ambiente WinPE e andare alla directory windows\system32
vssadmin.exe list shadows

In questo esempio, l'ultima copia shadow è stata eseguita il 20/10/2016 4:02:40 e ha come percorso: \\? \ GLOBALROOT \ Device \ HarddiskVolumeShadowCopy6 \
Montare il punto di ripristino (shadow copy) in modalità sola lettura nella cartella c:\ShadowCopy utilizzando lo strumento mklink 
mklink /D C:\ShadowCopy \?\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\
Ora è possibile accedere ai file memorizzati nel volume shadow. Basta copiare e sostituire i file di registro usando i seguenti comandi:
xcopy c:\shadowCopy\ Windows\System32\config\DEFAULT c:\Windows\System32\config
xcopy c:\shadowCopy\ Windows\System32\config\SAM c:\Windows\System32\config
xcopy c:\shadowCopy\ Windows\System32\config\SOFTWARE c:\Windows\System32\config
xcopy c:\shadowCopy\ Windows\System32\config\SECURITY c:\Windows\System32\config
xcopy c:\shadowCopy\ Windows\System32\config\SYSTEM c:\Windows\System32\config


16 ago 2019

How to Switch Domain Controller

Find Current Domain Controller

You can grab the domain controller that the computer is currently connected to with these steps:
  1. Select the “Start” button.
  2. Type “CMD“.
  3. Hold “Shift” and right-click “Command Prompt“.
  4. Select “Run as different user“.
  5. Type credentials for a Domain Admin user account.
  6. At the Command Prompt, type:
    • nltest /dsgetdc:domainname

Switch Domain Controller Command

Actually switch the domain controller computer is using with these steps.
  1. Select the “Start” button.
  2. Type “CMD“.
  3. Hold “Shift” and right-click “Command Prompt“.
  4. Select “Run as different user“.
  5. Type credentials for a Domain Admin user account.
  6. At the command prompt, type:
    • nltest /Server:ClientComputerName /SC_RESET:DomainName\DomainControllerName
Note: This option is not permanent, as a restart of the computer may grab a different DC.

Set Domain Controller Via Registry

  1. Hold the Windows Key and press “R” to bring up the Windows Run dialog.
  2. Type “Regedit“, then press “Enter“.
  3. Navigate to:
    • HKEY_LOCAL_MACHINE
    • SYSTEM
    • CurrentControlSet
    • Services
    • Netlogon
    • Parameters
  4. Create a String value called “SiteName“, and set it to the domain controller you wish the computer to connect to. (i.e. DC1.domain.com)