## Runas Error 193: *.msc is not a valid Win32 application

If you’re trying to run compmgmt.msc (Computer Management) or any other MMC snap-in via the runas command, you might’ve seen Error 193: compmgmt.msc is not a valid Win32 application. This is simply due to some complications with the runas command. If you just type compmgmt.msc without runas, it’ll open successfully. The reason is some complications with the runas command.

Luckily there’s an easy solution. Since compmgmt.msc is not a regular win32 (or a typical exe) application, you have to prepend “mmc” in order to tell Microsoft that you’re trying to run a Microsoft Management Console snap-in.

runas /user:domain\username "mmc compmgmt.msc"

This is also the case for every other *.msc snap-in, such as lusrmgr.msc.

I’ve mentioned this briefly in an earlier post as well:

## Extract OEM key from Windows 8/8.1/10

First of a quick clarification regarding Windows licenses.

• An OEM Windows license are bundled with prebuilt computers from hardware manufacturers (like Dell and Asus). These keys are only valid for that specific computer. An OEM key can not be used on any other computers, even if you extract the license key.
• A Retail Windows license works similarly that it will only work on 1 computer, but you can choose which computer to use it on and reassign it to another computer if you’d like to.

To sum it up; an OEM key belongs to the computer while a retail key belongs to you.

Now there are still valid reasons to extract the OEM license key and that’s what we’re going to do today. The OEM key for Windows 8, 8.1 and 10 are now stored in the BIOS/UEFI (using ACPI) and no longer written on physical stickers like it used to.

Easiest method is to use the builtin wmic interface by running this command in command prompt:

wmic path softwarelicensingservice get OA3xOriginalProductKey

Alternatively you can start PowerShell and type get-wmiobject and enter SoftwareLicensingService when it prompts for what Class to use.

### get_win8key from Christian Korneck

https://github.com/christian-korneck/get_win8key

This application reads the license key directly from the firmware/ACPI. It’s built in Python but has a binary .exe file ready to use on the github repo.

### ProduKey from Nirsoft

http://www.nirsoft.net/utils/product_cd_key_viewer.html

Nir Sofer gets the job done as usual. This will also list other used license keys, not just the operating system. See example screenshot below, but note that my hardware has been modified and therefore has no OEM key.

#### RW Everything

https://rweverything.com

This is a very powerful tool which you should use with great caution. This application talks directly with your firmware and since it also can WRITE data in addition to READ, you must be very careful so you don’t break anything. If the other steps above did not work, you can give RWEverything a try. See further instructions from this Stackexchange thread: https://superuser.com/a/593795/312773

## Turn off CTRL + ALT + DEL at login prompt Windows 10

If your computer still requires you to press CTRL ALT DEL upon login, this simple guide will teach you how to disable it. Note that this will require administrator access and it might not work on Windows Home editions as it requires to modify local group policies.

• Open gpedit.msc
• Browse to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options
• Locate the policy called “Interactive logon: Do not require CTRL+ALT+DEL
• Doubleclick the policy and set it to Enabled
• Exit

Starting from your next restart, you should no longer be required to press CTRL+ALT+DEL at the Windows login prompt.

If you’re running on older Windows version the policy might be called “Disable CTRL+ALT+DEL requirement for logon

## Create a cmd alias/shortcut for issuing commands on remote computer

Before we begin, you must:

1) Open your text editor of choice and paste the following code:

C:\path\to\PSTools\PsExec.exe \\%1 cmd /c %2

Correct the path for PsExec.exe. Save it as rce.bat in the %windir%\system32 folder. If not permitted, save it elsewhere and copy it into the system32 folder manually (will probably show UAC prompt).

Fun fact: RCE is short for Remote Code Execution, typically the holy grail of vulnerability exploits

2) Actually there’s no more steps, you’re done.

Lets try it out. Open cmd.exe and run the following command:

rce computername ipconfig

Note that if the command uses several separated words, you must enclose it with ” ”

rce computername "net stats workstation"

You might also be interested in this other article showing you how to make a sudo-like command for opening an elevated command prompt:

Create a su command for Windows Command Prompt

## How to see server uptime on Windows and Linux

### See uptime and average load information on Linux machines

Run command:uptime

Output:

kek@donald:~\$ uptime
08:17:33 up 293 days, 14:21, 1 user, load average: 0.00, 0.00, 0.00

### Show uptime on Windows machines using net stats

AFAIK there is no command in Windows to quickly see the uptime. However, there are several commands to get the last boot time, although you’ll have to do a quick calculation if you need the uptime in days. The easiest/fastest method is to use net stats.

Run command: net stats srv

Output:

C:\Users\kek>net stats srv
Server Statistics for \\hostname

Statistics since 09.11.2017 00.02.28 # last boot/uptime

Sessions accepted 1
Sessions timed-out 0
Sessions errored-out 0

Kilobytes sent 1649

Mean response time (msec) 0

System errors 0
Permission violations 0

Files accessed 329
Communication devices accessed 0
Print jobs spooled 0

Times buffers exhausted

Big buffers 0
Request buffers 0

The command completed successfully.

## How to install .NET Framework 3.5 on Windows 10

If you’re trying to install .NET Framework 3.5 using the regular installer, it’ll most likely say you already have a newer version installed. Luckily you can still install it using some other methods which I’ll quickly go through today along with its probability of success (because for reasons they only work sometimes).

### Using Windows Features – probably won’t work

• Open appwiz.cpl (Programs and Features) and click on Turn Windows features on or off [1]
• Mark the checkbox for .NET Framework 3.5 (includes .NET 2.0 and 3.0)
• Press OK

### Using DISM online version – might work

• Open command prompt as administrator
• Enter command: DISM.EXE /Online /Add-Capability /CapabilityName:NetFx3~~~~
• If it works you’ll see a progress bar for the download + installation.

### Using DISM offline version – works most of the time

• Get a copy of the .NET Framework 3.5 installation .cab file.
You can find this inside the Windows 10 install .iso file (open the .iso file in 7-Zip or any other package utility and copy the microsoft-windows-netfx3-ondemand-package.cab file from \sources\sxs\ directory to a place on your drive, like C:\Temp
• Enter command: DISM.EXE /Online /Add-Package /PackagePath:C:\Temp\microsoft-windows-netfx3-ondemand-package.cab
• If it works you’ll see a progress bar for the installation.

[1]:

## How to backup Internet Explorer passwords for Windows 7

There are many ways to manage your Internet Explorer passwords. The tricks below should also work for newer Windows versions as well.

## 1) Use registry to export the entries

Open regedit and browse to Computer\HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\SPW. You will see a list of encrypted password entries in the right column. Click on File -> Export to save the contents to a .reg file. Proceed to import this on your new PC.

## 2) Use the Windows Credentials Manager

Open Control Panel and go to User Accounts -> Credential Manager.

Your IE saved passwords will be available in the Web Credentials tab.

## 3) Export/import with credwiz.exe utility

Open the Run prompt by pressing [WIN]+[R] buttons, type credwiz.exe and press the ENTER key.

Follow the instructions in the wizard.

## 4) Use NirSoft’ IEPassView

IEPassView can also decrypt the passwords from an externally mounted harddrive.

## Copy old StickyNotes to new Windows 10 format

Copy the old StickyNotes from %appdata%\Microsoft\Sticky Notes\StickyNotes.snt

Rename StickyNotes.snt to TresholdNotes.snt

Make sure the Sticky Notes app is not open on the new computer

Create a new folder called Legacy in %localappdata%\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState

Put the TresholdNotes.snt file in %localappdata%\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\Legacy

Open Sticky Notes and let the magic unfold (it will import the TresholdNotes.snt file into its new sqlite form)

## Generate report for WLAN usage

I just discovered this cool WLAN report functionality while looking at the docs for netsh.
The command is not available on my Windows 7 machines so presumably it’s new for Windows 8 and later.

netsh wlan show wlanreport

The command generates a nice looking HTML report and saves it to C:\ProgramData\Microsoft\Windows\WlanReport\wlan-report-latest.html

Click on the picture below for an example report

Unfortunately it doesn’t seem to be supported when using netsh on a remote client.

## MS Cheatsheet

#### List TCP/IP interfaces on remote computer

netsh -r "hostname" interface ipv4 show interfaces

#### Get Windows OEM license key

wmic path SoftwareLicensingService get OA3xOriginalProductKey

#### List environment variables

set

Filter output

set prog

#### Install .NET Framework 3.5 on Windows 10

Online version:
DISM.EXE /Online /Add-Capability /CapabilityName:NetFx3~~~~

Offline version (requires .cab installer for the .NET framework):
DISM.EXE /Online /Add-Package /PackagePath:C:\Temp\microsoft-windows-netfx3-ondemand-package.cab

#### Kill a non responding task from command prompt

taskkill /F /IM taskname.exe

/F = Force kill (ignores any prompts etc)

/IM = Image Name (name of process)

#### Generate WLAN report (run as admin)

netsh wlan show wlanreport

» See an example report here

#### List all server shares on local domain network

net view /all /domain:company.com

#### Message (aka net send)

msg /server:hostname username 

Example:

msg /server:pc01 johndoe

#### List all local MAC addresses

getmac /v

#### Map network share

net use x: \\server\share /user:domain\username password

#### Remote sysinfo

msinfo32 /computer hostname

#### See uptime (and more)

net stats srv

if not available, use

net stats workstation

#### Show Domain Controllers in domain

nltest /dclist:example.com

#### Set Environment variable on remote computer

setx /s hostname /u domain\user /p pw variable value

Example:

setx /s PC1234 /u itdb\kek /p 123456 JAVA_HOME "C:\Program Files\Java\jre1.8.0_73"

#### See Windows license expiration information

slmgr /xpr

Alternatively run slmgr /dli for detailed information about your Windows license

For remote computers: slmgr hostname username password /dli

#### Useful Windows utilities which you can start from the RUN prompt

• lusrmgr.msc (Local Users Management)
• sysdm.cpl (System Properties)
• appwiz.cpl (Programs & Features)
• eventvwr (Event Viewer)
• compmgmt.msc (Computer Management)
• printmanagement.msc (Print Management)
• devmgmt.msc (Device Management)
• services.msc (Services)
• taskschd.msc (Task Scheduler)

This post will be continually updated with useful tips for remote troubleshooting and various tools for Microsoft environments

Related posts:

CRON Cheatsheet

Powershell Snippets

Linux Cheatsheet