netstat -a | more Shows all current network connections
ipconfig /all Shows all allocated network addresses
cacls Change ACL’s (This utility can be used in Windows-XP Home to set permissions, instead of booting into Safe Mode).
Usage:

net user Adds or modifies user accounts or displays user account information.
Usage:

Parameters:

username Specifies the name of the user account to add, delete, modify, or view. The name of the user account can have as many as 20 characters.

Password Assigns or changes a password for the user's account. Type an asterisk (*) to produce a prompt for the password. The password is not displayed when you type it at the password prompt.

/domain Performs the operation on the domain controller in the computer's primary domain.
options Specifies a command-line option. The following table lists valid command-line options that you can use.

Command-line option syntax Description:

/active:{no | yes} Enables or disables the user account. If the user account is not active, the user cannot access resources on the computer. The default is yes (that is, active).

/comment:"text" Provides a descriptive comment about the user's account. This comment can have as many as 48 characters. Enclose the text in quotation marks.

/countrycode:nnn Uses the operating system Country/Region codes to implement the specified language files for a user's Help and error messages. A value of 0 signifies the default Country/Region code.

/domain Performs the operation on the domain controller in the computer's primary domain. options
Specifies a command-line option. The following table lists valid command-line options that you can use.
Command-line option syntax
Description
/active:{no | yes} Enables or disables the user account. If the user account is not active, the user cannot access resources on the computer. The default is yes (that is, active).
/comment:"text" Provides a descriptive comment about the user's account. This comment can have as many as 48 characters. Enclose the text in quotation marks.
/countrycode:nnn Uses the operating system Country/Region codes to implement the specified language files for a user's Help and error messages. A value of 0 signifies the default Country/Region code.
/expires:{{mm/dd/yyyy | dd/mm/yyyy | mmm,dd ,yyyy} | never} Causes the user account to expire if you specify date. Expiration dates can be in [mm/dd/yyyy], [dd/mm/yyyy], or [mmm,dd ,yyyy] format, depending on the Country/Region code. Note that the account expires at the beginning of the specified date. For the month value, you can use numbers, spell it out, or use a three-letter abbreviation (that is, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec). You can use two or four numbers for the year value. Use commas or slashes to separate parts of the date. Do not use spaces. If you omit yyyy, the next occurrence of the date (that is, according to your computer's date and time) is assumed. For example, the following entries are equivalent if entered between Jan. 10, 1994, and Jan. 8, 1995:
Jan,9
1/9/95
january,9,1995
1/9
/fullname:"name" Specifies a user's full name rather than a user name. Enclose the name in quotation marks.
/homedir:path Sets the path for the user's home directory. The path must exist.
/passwordchg:{yes | no} Specifies whether users can change their own password. The default is yes.
/passwordreq:{yes | no} Specifies whether a user account must have a password. The default is yes.
/profilepath:[path] Sets a path for the user's logon profile. This path points to a registry profile.
/scriptpath:path Sets a path for the user's logon script. Path cannot be an absolute path. Path is relative to %systemroot%\System32\Repl\Import\Scripts.
/times:{day[-day][,day[-day]] ,time[-time][,time[-time]] [;…] | all} Specifies the times that users are allowed to use the computer. Time is limited to 1-hour increments. For the day values, you can spell out or use abbreviations (that is, M,T,W,Th,F,Sa,Su). You can use 12-hour or 24-hour notation for hours. If you use 12-hour notation, use AM and PM, or A.M. and P.M. The value all means a user can always log on. A null value (blank) means a user can never log on. Separate day and time with commas, and units of day and time with semicolons (for example, M,4AM-5PM;T,1PM-3PM). Do not use spaces when designating times.
/usercomment:"text" Specifies that an administrator can add or change the "User comment" for the account. Enclose the text in quotation marks.
/workstations:{ComputerName[,...] | *} Lists as many as eight workstations from which a user can log on to the network. Separate multiple entries in the list with commas. If /workstations has no list or if the list is an asterisk (*), users can log on from any computer.

/expires:{{mm/dd/yyyy | dd/mm/yyyy | mmm,dd ,yyyy} | never} Causes the user account to expire if you specify date. Expiration dates can be in [mm/dd/yyyy], [dd/mm/yyyy], or [mmm,dd ,yyyy] format, depending on the Country/Region code. Note that the account expires at the beginning of the specified date. For the month value, you can use numbers, spell it out, or use a three-letter abbreviation (that is, Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec). You can use two or four numbers for the year value. Use commas or slashes to separate parts of the date. Do not use spaces. If you omit yyyy, the next occurrence of the date (that is, according to your computer's date and time) is assumed. For example, the following entries are equivalent if entered between Jan. 10, 1994, and Jan. 8, 1995: jan,9 1/9/95 january,9,1995 1/9

/fullname:"name" Specifies a user's full name rather than a user name. Enclose the name in quotation marks.

/homedir:path Sets the path for the user's home directory. The path must exist.

/passwordchg:{yes | no} Specifies whether users can change their own password. The default is yes.

/passwordreq:{yes | no} Specifies whether a user account must have a password. The default is yes.

/profilepath:[path] Sets a path for the user's logon profile. This path points to a registry profile.

/scriptpath:path Sets a path for the user's logon script. Path cannot be an absolute path. Path is relative to systemroot%\System32\Repl\Import\Scripts.

/times:{day[-day][,day[-day]] ,time[-time][,time[-time]] [;…] | all} Specifies the times that users are allowed to use the computer. Time is limited to 1-hour increments. For the day values, you can spell out or use abbreviations (that is, M,T,W,Th,F,Sa,Su). You can use 12-hour or 24-hour notation for hours. If you use 12-hour notation, use AM and PM, or A.M. and P.M. The value all means a user can always log on. A null value (blank) means a user can never log on. Separate day and time with commas, and units of day and time with semicolons (for example, M,4AM-5PM;T,1PM-3PM). Do not use spaces when designating times.

/usercomment:"text" Specifies that an administrator can add or change the "User comment" for the account. Enclose the text in quotation marks.

/workstations:{ComputerName[,...] | *} Lists as many as eight workstations from which a user can log on to the network. Separate multiple entries in the list with commas. If /workstations has no list or if the list is an asterisk (*), users can log on from any computer.

net help command Displays help for the specified net command.
Remarks

Examples:

reg.exe A command line tool can be used to set policy from within a script

RUNAS [ [/noprofile | /profile] [/env] [/netonly] ]
/smartcard [/user:<UserName>] program

/noprofile Specifies that the user's profile should not be loaded.
This causes the application to load more quickly, but
can cause some applications to malfunction.
/profile Specifies that the user's profile should be loaded.
This is the default.
/env To use current environment instead of user's.
/netonly Use if the credentials specified are for remote
access only.
/savecred To use credentials previously saved by the user.
This option is not available on Windows XP Home Edition
and will be ignored.
/smartcard Use if the credentials are to be supplied from a
smartcard.
/user <UserName> should be in form USER@DOMAIN or DOMAIN\USER
command line for EXE.

hfnetchk.exe A tool to detect and list the patches on a system (From www.microsoft.com/technet/security/tools/contents.asp)
secedit.exr A command line tool for applying security templates from a script

To check a disk from the recovery console: chkdsk /c /p /r

Use create system restore points and press <F8> during boot to restore.

To launch system restore: Start->run: msconfig then click launch system restore button.
Login to the Recovery Console (passwd = enter) %systemroot%\system32\restore\rstui.exe

Use create system restore points and press <F8> during boot to restore.Right-click:

To launch system restore: Start->run: msconfig then click launch system restore button.
Login to the Recovery Console (passwd = enter) %systemroot%\system32\restore\rstui.exe

Security Tools
hfnetchk.exe A tool to detect and list the patches on a system (From www.microsoft.com/technet/security/tools/contents.asp)
oh -t (Windows 2000 Resource kit). Run it once and reboot. When you run it again, it gives you a list of all open files by process. E.g. oh –t File –o outputfile.txt
passprop /[no]adminlockout Allow/Prevent Windows users from logging in as admin except on the console
sysdiff Monitors file and Registry additions/deletions/changes, when a program is installed (Windows 2000 Resource Kit). E.g.

sysdiff /snap baseline Makes an initial snapshot of your system and stores it in the file named baseline.

sysdiff /diff baseline delta To compare the baseline after the installation

sysdiff /dump delta delta.txt Converts the report to ASCII.

Download mailwasher: www.mailwasher.net to preview messages before downloading them
Download "Swatit" from the net to detect trojans.

Encrypt e-mails by obtaining a free digital ID from: www.wildid.com
Deleted file analysis util: www.execsoft.com/downloads/menu.asp
Free Registry monitor utility: www.sysinternals.com/ntw2k/source/regmon.shtml
Check firewall privacy using www.auditmypc.com
Use sfc to check system files
RegScrubXP will optimise your registry by removing old entries.
Ethereal can decode most routing protocols
Ntop can be used to discover central traffic points
Tcpdump -e shows data link addresses
Nmap (www.insecure.org) and (www.phenoelit.de) protos scan for IP protocols
Autonomous Systems Scanner (ASS) can be used for active or passive Router detection
WinDiff Windows XP support tools. This can be useful for comparing exported registry files.
secedit.exr A command line tool for applying security templates from a script

Windows-2000 can be preconfigured and installed over the network using Remote Installation Services (RIS). RIS creates a client boot floppy to start the installation.

Most Win-2k security is done within the Microsoft Management Console (MMC).

NB: Using DHCP reveals your router addresses

To make a machine that you want to make invisible, open the Registry Editor via the REGEDIT command. When the Registry Editor opens, navigate through the registry tree to this key. Next, right-click on the Parameters container and select New and then DWORD Value from the resulting shortcut menu. The Registry Editor will create the value, label it New Value #1, and highlight the label for editing. To change the label, just type Hidden. (This value is case sensitive.)
Now, double-click on the Hidden key to open the Edit DWORD Value dialog box, where you can set the key's data. By default, the key is set to 0, which means that the key is disabled. You can enable the key by setting the data value to 1 and clicking OK. If you ever need to make the server visible, just set the data value back to 0 or delete the Hidden key altogether.
You can also make a server visible or invisible by using the Net Config command instead of the Registry Editor. To make a server invisible, go to the server you want to hide, open a Command Prompt window, and enter this command:
NET CONFIG SERVER /HIDDEN:YES
If you want to make the server visible again, use this command:
NET CONFIG SERVER /HIDDEN:NO
Whether you choose to modify the registry or use the Net Config command, you must either reboot the machine or stop and restart the Server service for the change to take effect. Even after rebooting or stopping and restarting the service, it could take up to 51 minutes for the server to disappear from or reappear on the browse list. This is due to the browse list's expiration policies.

They can still access it through the UNC path (\\servername\share) or by the server's IP address, if they know either of those identifiers. And of course, hiding a server isn't going to keep an experienced hacker from finding it, either.
What it will do is stop someone from accidentally accessing it -- or accessing it out of security--through the browse list. It may also prevent newbie hackers from discovering the server, depending on what tools they are using.
Hiding a server is just one of thousands of security techniques, and no one technique is going to protect your network. It can be a good precautionary security measure, but it definitely shouldn't be the only security mechanism that you use to protect network servers.

NTFS Encrypted Files
Open the Certificates Console and find your certificate under Current User>Personal >Certificates.
Check your certificates:
View Add/Remove Columns>Intended Purpose shows you what the certificates are for.

Right-Click on your certificate and choose "All Tasks>Export" to start the Export Wizard. Export your private keys and pick a password to protect them. If you need to restore the certificate right-click on the console and choose "All Tasks>Import".

Speed tips
Turn off device detection for IDE if you only have SCSI drives
In Device Manager open Disk Drives, open your disk drives key, double click on your hard drive and choose policies. Tick Enable Write Caching on disk and enable "optimise for performance"

Turn off support for ZIP files and use Winzip. Regsrv32 /u zipfldr.dll

Try preventing Windows from keeping DLL's in memory after it has finished using them: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL

Stop windows from caching thumbnails: Tools>Folder Options>View and clear "Do not cache thumbnails".

When you add a user to XP-Home they are given full administrative powers

To increase Broadband Speed
TTL
Regedit: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesTcpip\Parameters" and change the "DefaultTTL" to 128 decimal. "EnablePMTUBHDetect" to 0. EnablePMTUDiscovery = 1. Change Max Transmission Unit.

Create DWORDS:
Create/Amend "GlobalMaxTcpWindowSize" to 32767 (dec)
Create/Amend "TcpMaxDupAcks" to 2
Create/Amend "SackOpts" to 1

TCP13230pts =1
TcpWindowSize = 32767 (Experiment with 93440, 186880, 372300)

Installing the Rescue Console
\i386\winnt32.exe /cmcons