How to: Monitor CPU/GPU/HDD temperature in Linux (Debian/Ubuntu/Kali Linux/CentOS/RHEL etc.) easily

1 glances

Monitors CPU usage, RAM usage, SWAP usage, system load, process list, hard drive I/O, Network I/O, sensors (temperature), battery, file system usage, Docker, Monitor, alarm, system information, up time etc.

Install on Debian/Ubuntu/Kali Linux

sudo apt install glances -y

Usage

sudo glances
glances
glances

2 sensor

By default, it’s installed on some Linux distros like Ubuntu etc. It can show CPU, HDD, temperature, fan RPM etc.

Install on Debian/Ubuntu/Kali Linux

sudo apt install lm-sensors

Usage

# Initialize/Detect sensors
sudo sensors-detect
 
# Show sensors information
sudo sensors

Output

coretemp-isa-0000 Adapter: ISA adapter Core 0:       +47.0°C  (high = +105.0°C, crit = +105.0°C) Core 1:       +46.0°C  (high = +105.0°C, crit = +105.0°C) acpitz-virtual-0 Adapter: Virtual device temp1:        +51.0°C  (crit = +105.0°C) thinkpad-isa-0000 Adapter: ISA adapter fan1:         674 RPM temp1:        +50.0°C temp2:        +51.0°C temp3:        +52.0°C temp4:         -1.0°C temp5:         +0.0°C temp6:         +0.0°C temp7:        +32.0°C temp8:         +0.0°C

How to: Remove/Clear journal log files (To free some storage) for Debian/Ubuntu etc.

Journal logs are stored in “/var/log/journal” folder

journal logs
journal logs

Check journal log file size

We can open that folder to check manually or use “ncdu” command, we can also use dedicate journalctl command

sudo journalctl --disk-usage
sudo journalctl --disk-usage
sudo journalctl –disk-usage

Change maximum journal log folder size

1 Open “/etc/systemd/journald.conf” file

2 Change or add following line

SystemMaxUse=

To a size you prefer

SystemMaxUse=100M

Force log rotation

sudo systemctl kill --kill-who=main --signal=SIGUSR2 systemd-journald.service
 
sudo systemctl restart systemd-journald.service

Linux Command Line/ Terminal Disk Space Usage tool (Find largest folder/file)

For finding largest file/folder or showing disk space usage on Windows, refer to this one: How to: Find Largest file on Windows, Windows 7, Windows 10, Microsoft Windows, Windows Server (Disk Space Usage)

Ncdu (NCurses Disk Usage) is a command line tool to view and analyse disk space usage on Linux.

It can be easily installed on most Linux systems with package management system.

ncdu on Kali Linux 2020
ncdu on Kali Linux 2020

Debian/Kali Linux/Ubuntu etc. Linux installation

sudo apt install ncdu -y
 
OR
 
sudo aptitude ncdu -y

RHEL/CentOS/Fedora etc. Linux installation

If EPEL repo is not installed yet, we have to install EPEL repo first

sudo yum -y install epel-release

Next, we can now install ncdu

sudo yum install ncdu -y

Using ncdu is simple.

Show current working directory info

ncdu

Show info for a folder e.g. “/etc”

ncdu /etc

To show more info about a folder while in ncdu, press “i” key (Press “i” again to dismiss)

ncdu - i
ncdu – i

Press Shift + ? to show help document while in ncdu

ncdu help
ncdu help

Press “q” key to quit menus and the ncdu program


How to: Quickly remove printer jobs from Windows, Quickly reset printer jobs

Method 1

1 Save following text to ResetPrinterJob.cmd or ResetPrinterJob.bat

Simple version

rem https://dannyda.com
net stop spooler
del /q /s c:\windows\system32\spool\printers*.*
net start spooler

Verbose version

@echo off
echo dannyda.com
echo(
NET SESSION >nul 2>&1
IF %ERRORLEVEL% EQU 0 (
    ECHO Administrator PRIVILEGES Detected! 
) ELSE (
    ECHO This script has to be run with Administrator PRIVILEGES!
    ECHO(
    ECHO The script will now terminate.
    @pause
    exit
)
echo(
net stop spooler
del /q /s c:\windows\system32\spool\printers.
net start spoolerA
if %ERRORLEVEL% == 0 goto :successful
echo "Errors encountered during execution.  Exited with status: %errorlevel%"
goto :failed
:successful
echo The printer is ready for use again!
@pause
exit
:failed
echo "Script completed with error"
@pause

2 Run ResetPrinterJob.cmd or ResetPrinterJob.bat in Admin mode.

3 Now the printer is ready to be used again.

Method 2

1 Open “Task Manager” by using Ctrl + Alt + Delete key combination or right click on task bar then click on “Task Manager”

2 Click on “Services” tab

3 Find “Spooler”

4 Right click on it then click on “Stop”

5 Open file explorer navigate to “C:\Windows\system32\spool\PRINTERS”

6 Delete all files within the folder (Do not delete the “C:\Windows\system32\spool\PRINTERS” folder)

7 Bring back the Task Manager, start the Spooler service

8 Now the printer is ready to be used again.


Useful Windows network commands

1 ping

Usually, it can be used for testing the connectivity and the network latency in millisecond (ms)

bytes: Packet size in bytes

time: Response time in ms, smaller = quicker

TTL: Time To Live

By default, Linux have TTL value of 64 or 255, WindowsNT/2000/XP have TTL value of 128, Windows 98 has TTL of 32, Unix have TTL of 255.

Windows TTL: 100 ~ 130ms

Unix/Linux TTL: 240 ~ 255ms

ping <host name>
ping <domain name>
ping <IP address>
ping google.com
ping google.com

1.1 ping 127.0.0.1: Check if the Network interface controller (NIC), TCP/IP protocol, subnet mask works.

1.2 ping the current host’s IP address: Check if local configuration/installation are correct. (If not, we can check network equipment and cables.)

1.3 ping IP within the current subnet: Check if the NIC works in local area network (LAN), if there is no reply, it means that the subnet mask may be incorrect, network cable issue, configuration issue etc.

1.4 ping default gateway: Check if the gateway works.

1.5 ping remote IP address: Check if the default gateway works, if the device can get on to internet.

1.6 ping localhost: localhost is an operating system (OS) reserved host name. It resolves to 127.0.0.1. Usually, devices should be able to resolve this to such address, otherwise there can be something wrong with the host file (/Window/host for Windows) (/etc/host for Linux)

1.7 ping www.google.com: It will be resolved to IP address first via querying DNS server, if not resolved, it can be the DNS server is not configured correctly or DNS server is not working. Sometimes it can be the domain is blocked by firewall in local area network. (ping can be blocked completely by firewall as well.) Or simply, the domain does not exist.

ping IP -t: ping the IP address continuously until Ctrl + C is pressed.

ping IP -l 1000: ping with specified length (1000 bytes) (default is 32 byte)

ping IP -f -l 1492: ping with specified length without fragmenting the packet.

ping IP -n 10: execute the ping command 10 times.

ping IP -a: Resolve the hostname and NetBIOS name via the pingable IP address.

for /L %D in (1,1,254) do ping 10.0.0.%D: ping from 10.0.0.1 to 10.0.0.254

for /L %D in (1,1,254) do ping 10.0.0.%D

Note: Ping command can be blocked by firewall deployed in the LAN, while it is a useful and helpful command for troubleshooting the network issues most of the time, but do not rely on it entirely and draw conclusion completely from ping command. Better to use it as a reference.

2 ipconfig

Used for checking TCP/IP configuration. Release, Renew DHCP leasse. Flush DNS cache etc.

2.1 ipconfig: Show IP address, Subnet Mask, Default Gateway of the interface

2.2 ipconfig /all: Show all details including DNS, WINS and extra information, MAC address, DHCP server IP address, DHCP lease obtained time, expire time etc.

2.3 ipconfig /release: Release all IP addresses obtained from DHCP server

2.4 ipconfig /renew: Renew the IP address from DHCP server, usually it will be the same IP address before “ipconfig /release”

2.5 ipconfig /flushdns: Flush DNS cache in Windows

2.6 ipconfig /displaydns: Print DNS cache from local machine on screen. (We can use ipconfig /displaydns > C:\dns-cache.txt to save output to text file for easier diagnostic)

3 tracert (traceroute)

Windows: tracert

Linux: traceroute

Used for checking routing condition/path and latency etc.

tracert <host name>
tracert <domain name>
tracert <IP address>
tracert google.com
tracert google.com

Output with 5 columns

Column 1: The number of the hop

Column 2: Round Trip Time 1 (RTT 1)

Column 3: RTT 2

Column 4: RTT 3

Column 5: IP address, name of the router

If any packet loss happen, “*” will be used instead of time in “ms”

4 arp (Address Resolution Protocol)

Used to check the corresponding Media Access Control Address (MAC address) of the IP address.

Can be used to output ARP cached information from current device or other devices. Manually set the MAC/IP pair.

arp -a
arp -a <IP>
arp -s <IP>
arp -d <IP>

4.1 arp -a: Show all data in ARP cache

4.2 arp -a IP: Only show all ARP cache from one of the NIC associated with the specified IP address

4.3 arp -s IP MAC: Manually add the IP MAC pair as static ARP cache to the system (Persistent across reboots)

4.4 arp -d IP: Manually delete a static ARP cache

5 route

Used for checking and configuring routing information.

route print
route add
route change

5.1 route print: Show current routing table

5.2 route add:

e.g. To configure a routing table for reaching 192.168.1.11, through 5 networks, via one of the route on local network which is 192.168.2.22, where the subnet is 255.255.255.224, then the following command will be used

route add 192.168.1.11 mask 255.255.255.224 192.168.2.22 metric 5

5.3 route change:

Can be used to change the path for the routing table but not the routing destination.

e.g. Change the above example from metric 5 to metric 2

route change 192.168.1.11 mask 255.255.255.224 metric 2

5.4 route delete: Delete routing table.

route delete 192.168.1.11

6 nslookup

Used to find out domain name/IP address of an host. Usually require DNS server.

6.1 nslookup: Show current configured DNS server on the host

nslookup

6.2 nslookup google.com: Use the default DNS server to check DNS records

nslookup goolge.com

6.3 nslookup google.com 8.8.8.8: Use the google DNS server (8.8.8.8) to resolve domain (google.com)

nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8

6.4 nslookup <IP address> <DNS server>: Reverse lookup

nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8

7 netstat

Get current network information from current host.

Show active TCP connections, Ports the host listening on, Ethernet information, IP routing table, IPv4 information (IP, ICMP, TCP, UDP protocol), IPv6 information (IPv6, ICMPv6, TCP, UDP over IPv6).

7.1 netstat

Show active TCP connections

netstat

7.2 netstat -a: Show all connections, including “ESTABLISHED”, “LISTENING” states. (With host name/domain)

7.3 netstat -n: List the detail in IP address rather than host name/domain name.

7.4 netstat -e: Show statistical data about Network interface. (Total Bytes transferred, Errors, Discards, Unicast packets, Unknown protocols, Non-unicast packets)

7.5 netstat -r: Similar to route print, the output is similar to rout print command as well. Output routing table information.

Network DestinationDestination network
0.0.0.0Unknown network (Added automatically when using default gateway)
127.0.0.0Local host network address
224.0.0.0Multicast address
255.255.255.255Broadcast address
NetmaskNetmask address
GatewayGateway address
InterfaceInterface address
MetricHops

8 nbtstat

Used to troubleshoot NetBIOS.

8.1 nbtstat -n: Show information about your workgroup.

8.2 nbtstat -a <IP Aaddress>: Show NetBIOS information about that device

9 net

Used for service related, network related.

9.1 net help: Get more help

9.2 net hep <command> e.g. net help accounts: To get help on that specific net command (accounts in this case)

CommandExampleDescription
NET ACCOUNTSNET ACCOUNTSShow current accounts information
NET CONFIGNET CONFIG SERVER (or WORKSTATION)Show network configuration
NET GROUPNET GROUPShow groups (Only available on Domain Controller)
NET SENDNET SEND server1 “test message”Send broadcast message to other computers
NET SHARENET SHAREShow shared files/folders from local host
NET STARTNET START FaxStart service
NET STOPNET STOP FaxStop service
NET STATISTICSNET STATISTICS WORKSTATION (or SERVER)Show network statistics
NET USENET USE x:\serverFolderMap network drive with letter
NET USERNET USERShow accounts/users on local host
NET VIEWNET VIEWShow available computers on network

How to: Create/Add/Delete/Remove/List Users/Groups with Command Prompt/Command line in Windows (net command)

Keywords: Windows command prompt, command line, cmd, Add Users, Create Users, Delete Users, Remove Users, List Users, Add local groups, Create local groups, Delete local groups, List local groups, net command

Launch the Command Prompt (In Admin mode)

We should launch the Command Prompt in Administrator mode.

  • Use Win + X key combination -> “Windows PowerShell (Admin)”

or

  • Open start menu -> Type “cmd” -> Right click on “Command Prompt” -> Run as administrator

Add a New User

net user username password /add

net user user1 1234 /add
net user username password /add
net user username password /add

Add a user to a group

net localgroup administrator username /add

e.g. add user to local administrator group

net localgroup administrators user1 /add
net localgroup administrators user1 /add
net localgroup administrators user1 /add

Add a New Local Group

net localgroup newGroupName /add

net localgroup newgroup /add
net localgroup newgroup /add
net localgroup newgroup /add

List All Users

net user

net user
net user
net user

List information about a specific User

net user userName

net user win10
net user win10
net user win10

List All Users with Sid

WMIC useraccount get name

WMIC useraccount get name,sid

WMIC useraccount get name
WMIC useraccount get name,sid
WMIC useraccount get name,sid
WMIC useraccount get name,sid

List All Local Groups

net localgroup

net localgroup
net localgroup
net localgroup

Remove a User from a Local Group

net localgroup groupName userName /delete

net localgroup administrators user1 /delete
net localgroup administrators user1 /delete
net localgroup administrators user1 /delete

Remove a Local Group

net localgroup groupname /delete

net localgroup mygroup /detele
net localgroup mygroup /detele
net localgroup mygroup /detele

Remove a User

net user username /delete

net user user1 /delete
net user user1 /delete
net user user1 /delete

Windows Operating System Penetration – Disable security measures via commands

We must have obtained admin privilege first, then execute following commands under administrator privilege.

  • Disable built-in firewall
netsh advfirewall set allprofiles state off
Disable Windows firewall
Disable Windows firewall

  • Disable Windows Defender (Via sc stop or net stop command, or via registry)

  • Disable DEP
bcdedit.exe /set {current} nx AlwaysOff 

  • Disable Bitlocker
manage-bde -off C:

(Use following command to check Bitlocker status)

manage-bde -status C:
manage-bde
manage-bde

Show/Set service’s security descriptor on Windows, Windows Server. Security Descriptor Definition Language (SDDL)

Show service’s security descriptor

sc sdshow serviceName

e.g. Show Windows Defender’s security descriptor

sc sdshow WinDefend
sc sdshow WinDefend
sc sdshow WinDefend

The security descriptor, as displayed by sc sdshow, is formatted according the Security Descriptor Definition Language (SDDL).

Set service’s security descriptor

sc [<ServerName>] sdset <ServiceName> <ServiceSecurityDescriptor> 
sc sdset <ServiceName> <ServiceSecurityDescriptor>

sdset Parameters

ParameterDescription
<ServerName>Specifies the name of the remote server on which the service is located. The name must use the Universal Naming Convention (UNC) format (for example, \\myserver). To run SC.exe locally, omit this parameter.
<ServiceName>Specifies the service name returned by the getkeyname operation.
<ServiceSecurityDescriptor>Specifies the service descriptor in SDDL.
/?Displays help at the command prompt.

Security Descriptor Definition Language (SDDL)

The security descriptor, as displayed by sc sdshow, is formatted according the Security Descriptor Definition Language (SDDL).

The descriptor will usually be divided into two parts:

  1. Prefix of S: – System Access Control List (SACL),controls auditing (not covered in this post)
  2. Prefix of D: – Discretionary ACL (DACL),controls permissions

Each section, inside the parenthesis, represent a specific entry (security/auditing).
Inside the parenthesis, the user account and the correct permissions are specified.

(A;;CCLCSWLOCRRC;;;AU)

The first letter represents Allow (A) the opposite of Deny which would be represented by a (D).
Each pair of letters represents a specific permission:
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
RC – READ_CONTROL – read the security descriptor on this service.

Additional permissions:
RP – SERVICE_START – start the service
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service

The last two letters define the security principal assigned with these permissions (a SID or well known
aliases:
AU – Authenticated Users

Possible aliases:

“AO” Account operators
“RU” Alias to allow previous Windows 2000
“AN” Anonymous logon
“AU” Authenticated users
“BA” Built-in administrators
“BG” Built-in guests
“BO” Backup operators
“BU” Built-in users
“CA” Certificate server administrators
“CG” Creator group
“CO” Creator owner
“DA” Domain administrators
“DC” Domain computers
“DD” Domain controllers
“DG” Domain guests
“DU” Domain users
“EA” Enterprise administrators
“ED” Enterprise domain controllers
“WD” Everyone
“PA” Group Policy administrators
“IU” Interactively logged-on user
“LA” Local administrator
“LG” Local guest
“LS” Local service account
“SY” Local system
“NU” Network logon user
“NO” Network configuration operators
“NS” Network service account
“PO” Printer operators
“PS” Personal self
“PU” Power users
“RS” RAS servers group
“RD” Terminal server users
“RE” Replicator
“RC” Restricted code
“SA” Schema administrators
“SO” Server operators
“SU” Service logon user

Lets look at another example:
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)

A – Allow
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
DC – Delete All Child Objects
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
RP – Read all properites
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
SD – Delete
RC – READ_CONTROL – read the security descriptor on this service.
WD – Modify permissions
WO – Modify owner
BA- Built-in administrators

Resources

How to: Get User SID in Windows

1 Launch Command Prompt via “Win+X -> Command Prompt or PowerShell”

OR

Via run window (1. Use Win + R key combination to bring up Run window 2. Type “cmd” then hit Enter key)

Microsoft Windows - Run window
Microsoft Windows – Run window

2 Type following command to show current username and SID.

whoami /user

To show all usernames and SIDs

WMIC useraccount get name,sid

To show SID for a specific user

wmic useraccount where name="USER" get sid

e.g.

wmic useraccount where name="Administrator" get sid

How to: Enable/Disable Windows Hello / Windows Hello for Business via Group Policy, Registry, Command Prompt (CMD)

This guide is suitable for both domain joined/Intune Managed and non-domain joined/non-Intune Managed Windows 10.


Table of contents


If you are not sure which kind of Windows 10 you are using, jump to Section 2

1 For Domain Joined / Intune Managed Windows 10

If configuring with domain joined/Intune managed Windows 10, sometimes we want to give the user option to use the Windows Hello or not. Then follow this guide first “Windows 10 Sign-in options and Windows Hello Set up button greyed out After Joined AAD (Azure Active Directory)” After we have done with the above guide (The above guide modify the Windows Hello for Business organisation wide for future enrol Windows 10), next time we have new Windows 10 enrolled to the AAD, the system will request us to setup PIN/Windows Hello or Windows Hello for Business on enrolment but sometimes we don’t want to setup Windows Hello / Windows Hello for Business for some devices. We can follow Section 2 to enable and disable Windows Hello for Business individually.

2 For domain joined/ Intune Managed, non-domain joined/non-Intune managed and all other average users of Windows 10

2.1 Enable and Disable Windows Hello for Business via Group Policy

GUI

2.1.1 Use Win + R to lunch “RUN” window

Microsoft Windows - Run window
Microsoft Windows – Run window

2.1.2 Type gpedit.msc then hit Enter key to open Local Group Policy Editor

Windows 10 Local Group Policy Editor
Windows 10 Local Group Policy Editor

2.1.3 Navigate to “Computer Configuration” -> “Administrative Templates” -> “Windows Components” -> “Windows Hello for Business”

"Computer Configuration" -> "Administrative Templates" -> "Windows Components"
“Computer Configuration” -> “Administrative Templates” -> “Windows Components”
-> "Windows Hello for Business"
-> “Windows Hello for Business”

2.1.4 Double click on “Use Windows Hello for Business”

Double click on "Use Windows Hello for Business"
Double click on “Use Windows Hello for Business”

2.1.5 From the pop-up window, we can Enable or Disable Windows Hello for Business, also Enable or Disable “Do not start Windows Hello provisioning after sign-in”

Enable or Disable Windows Hello for Business
Enable or Disable Windows Hello for Business

To Enable Windows 10 to ask users to setup Windows Hello for Business right after login, we can leave the “Do not start Windows Hello provisioning after sign-in” option unchecked. (Useful for pre-configuration, then deliver to the end user, a form of forcing the end user to setup the Windows Hello for Business, If you have Multi-factor authentication (MFA) configured, it might ask them to configure MFA first before configuring Windows Hello for Business.)

To disable Windows 10 to ask users to setup Windows Hello for Business right after login, we need check the “Do not start Windows Hello provisioning after sign-in” option.

2.2 Enable and Disable Windows Hello for Business via Registry

2.2.1 Follow Step 2.1.1 to 2.1.2, Instead typing “gpedit.msc” we replace it with “regedit”

Windows 10 Registry Editor
Windows 10 Registry Editor

2.2.2 Navigate to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork”

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork

2.2.2.1 (If “PassportForWork” Key does not exist, create it manually) Right click on “Microsoft” -> Select “New” -> “Key” -> Name it “PassportForWork”

Create PassportForWork key
Create PassportForWork key

2.2.3 We need to create two Values “Enabled” and “DisablePostLogonProvisioning” Right click on right panel, Select “New” -> “DWORD (32-bit) Value”

Enabled value: 0 = Disabled, 1 = Enabled

DisablePostLogonProvisioning value: 0 = Disabled, 1 = Enabled

Create "Enabled" and "DisablePostLogonProvisioning" DWORD
Create “Enabled” and “DisablePostLogonProvisioning” DWORD

(To change it to “Not Configured”, we can just delete the “PassportForWork” Key)

.reg file

Save following as “filename.reg” file then double click and import will have same effect

  • Enable “Windows Hello for Business” and “Start Windows Hello provisioning after sign-in”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000001
"DisablePostLogonProvisioning"=dword:00000000

  • Enable “Windows Hello for Business” but “Do not start Windows Hello provisioning after sign-in”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000001
"DisablePostLogonProvisioning"=dword:00000001

  • Disable “Windows Hello for Business”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]
"Enabled"=dword:00000000
"DisablePostLogonProvisioning"=dword:00000000

  • Change back to “Not Configured” (Remove “PassportForWork” Key)
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork]

2.3 Command Prompt (CMD), .bat, .cmd

Save following as “filename.bat” or “filename.cmd” file then double click or entry following commands directly in Command Prompt window (Admin) to make the changes

  • Enable “Windows Hello for Business” and “Start Windows Hello provisioning after sign-in”
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 0 /f

  • Enable “Windows Hello for Business” but “Do not start Windows Hello provisioning after sign-in”
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 1 /f 

  • Disable “Windows Hello for Business”
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /t REG_DWORD /d 0 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /t REG_DWORD /d 0 /f  

  • Change back to “Not Configured” (Remove “PassportForWork” Key)
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v Enabled /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /v DisablePostLogonProvisioning /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork" /f