Category: Windows

Micro$oft Windows

List top processes using memory from Windows commandline

This seems to do the trick for listing processes by memory usage. I’m most interested in the top 9 processes (I have to figure out why the regexp isn’t working in findstr for anything over 10 in a range like [1-15].

tasklist /NH | sort /R /+65 | findstr /N . | findstr  "^[1-9]:"

Here’s an example output.

C:\Users\rjk>tasklist /NH | sort /R /+65 | findstr /N . | findstr  "^[1-9]:"
1:dwm.exe                       1640 Console                    1  4,232,012 K
2:OUTLOOK.EXE                  10600 Console                    1    590,128 K
3:explorer.exe                  3824 Console                    1    342,608 K
4:SearchHost.exe                7016 Console                    1    316,300 K
5:chrome.exe                    4340 Console                    1    279,036 K
6:PhoneExperienceHost.exe      13136 Console                    1    231,060 K
7:MsMpEng.exe                  12364 Services                   0    215,128 K
8:testEmbedNet9401.servUnde     1772 Console                    1    205,808 K
9:msedge.exe                   26452 Console                    1    189,468 K

This goes in line with some other work I’ve done in determining CPU usage using command line (wmic specifically) from the following articles:

Delete saved passwords for Chrome and Edge from the command line

After implementing a Group Policy to prohibit saving of passwords in Google Chrome and Microsoft Edge, the previously saved passwords are still on the system. To remove these from multiple systems, a simple script can be deployed via GPO at User Logon to do the work. Otherwise, on a case-by-case basis, the passwords can be cleared by going into each browser’s settings and then the passwords section to clear saved passwords.

@echo off

taskkill /f /im msedge.exe
taskkill /f /im chrome.exe

del "%LocalAppData%\Google\Chrome\User Data\Default\Login Data" /q
del "%LocalAppData%\microsoft\edge\User Data\Default\Login Data" /q

mmc – Windows cannot access the specified device, path, or file.

If you get the following error on a Windows Server (possibly desktop client), you can use the local group policy editor to resolve this. It commonly impacts Server 2019 systems promoted to a domain controller wherein the UAC admin approval mode is reset and does not contain a value (Enabled or Disabled).

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

Security Settings / Local Policies / Security Options / User Account Control: Admin Approval Mode for the Built-in Administrator account.

Rename Windows Domain

The following procedure shows you how to rename an Active Directory domain.

  1. Open a command window in “administrator” mode and enter the following command which will generate a Domainlist.xml file:
rendom /list
  1. Edit the xml file, changing your old domain to the new one:
<?xml version ="1.0"?>
<Forest>
	<Domain>
		<!-- PartitionType:Application -->
		<Guid>210a7b30-fca4-486b-a660-b4ff8bdc5271</Guid>
		<DNSname>ForestDnsZones.kreider.io</DNSname>
		<NetBiosName></NetBiosName>
		<DcName></DcName>
	</Domain>
	<Domain>
		<!-- PartitionType:Application -->
		<Guid>8815a697-1a11-4a28-ab88-58e7ec1d5876</Guid>
		<DNSname>DomainDnsZones.kreider.io</DNSname>
		<NetBiosName></NetBiosName>
		<DcName></DcName>
	</Domain>
	<Domain>
		<!-- ForestRoot -->
		<Guid>61b2edc1-6431-251c-fac2-bebc218bcbea</Guid>
		<DNSname>kreider.io</DNSname>
		<NetBiosName>KREIDER</NetBiosName>
		<DcName></DcName>
	</Domain>
</Forest>

In the file, I modified kreider.local to kreider.io.

  1. Enter the following command to verify the match:
rendom /showforest
  1. Enter the following command to load the file:
rendom /upload
  1. Enter the following command which will allow you to contact all the domain controllers and prepare them for the change.
rendom /prepare
  1. Enter the following command to start the renaming. The controllers will restart automatically:
rendom /execute
  1. Enter the following to repair the GPO links:
gpfixup /olddns:kreider.local /newdns:kreider.io

Note: If you changed your NETBIOS name (up above in the XML file), you’ll need to run the following to update it. I didn’t in my particular situation.

gpfixup /oldnb:OLDNETBIOSNAME /newnb:NEWNETBIOSNAME
  1. The following command is to be passed when you are sure that all the stations have taken the name change into account because it removes the forwarders from the old name to the new one. I advise you to wait a few weeks especially if you have nomadic workstations.
rendom /clean

As a result of this, you will also be able to delete the old DNS zone from your server.

Improving Performance and Reliability of Windows Search

I usually hit Winkey and start typing whatever it is I’m looking to start; be it a command prompt, Outlook, explorer, or other installed applications and I rarely (read: never) use it for searching the internet.

Sometimes search gets “stuck”… because it’s crashing in the background. Here’s a method to improve performance and reliability of Windows 10 / Windows 11 Search by disabling search box suggestions.

reg add HKCU\Software\Policies\Microsoft\Windows\Explorer /v DisableSearchBoxSuggestions /d 1 /t REG