Windows scripting, environment, explorer hooks, etc.
| Some fragmented windows-related notes (mostly admin stuff)
Windows notes - health and statistics| Troubleshooting when windows spontaneously reboots something taking 100% CPU on windows
Making your windows installation smaller
|
Environment variables
Program stuff
Program Files (%PROGRAMFILES%, and see also %PROGRAMFILES(X86)%)
- considered read-only for regular users (it's a system account that does actual installation(verify))
ProgramData (%PROGRAMDATA%, apparently also %SystemDrive%\ProgramData and %ALLUSERSPROFILE%)
- data that a program needs, yet which is not user-specific (it's not part of user profiles)
- might be writable to users in home installs
- but AD-style workstation setups (where software install is managed for you) might choose to lock this down
- that lockdown is often done in a way where only users that created a file can read back the same files, so even if you seem to be able to create files there, it won't let you do things like configurations shared between users
- so programs shouldn't count on sharing data here
- some programs may use this for install-time configurations stuff and afterwards treat it as read-only - but others do not
- something you would consider 'supporting data' might frankly be here or in Program files (in fact, Program Files might have more refined ACLs more aware of installers)
User profile stuff
%USERPROFILE%
%HOMESHARE% (and the related %HOMEDRIVE% and %HOMEPATH% (which should always be directly appended?))
- HOMESHARE is comparable to USERPROFILE
- HOMESHARE is set later than USERPROFILE[1]
- isn't necessarily the same as %USERPROFILE%
- This can get messy to understand. For example, in one AD-managed setup I used,
- %HOMESHARE% points to a \\network path that contains all my files, and the contents of %USERPROFILE% are not synchronized
- %USERPROFILE% is a mostly-empty directory tree on the local disk (presumably because windows says this directory has to exist?)
- ...yet many (but not all) entires within that USERPROFILE are actually junctions to the path that HOMESHARE points to
- in a way that is very hard to explain to non-nerds. For example, DIR is a Documents that is local, a My Documents that is is a junction - and that explorer also shows as Documents (without the My)
- (note: you can see the presence of junctions e.g. using DIR /A, or mostly them with /AL)
AppData (under %USERPROFILE%\AppData)
- data required by applications, like configuration, caches, etc.
- there is little keeping you from putting those elsewhere under %USERPROFILE%, but it's generally here, and on network installs there are more notes -- see the notes below for the split into Local, Roaming, and LocalLow
- %APPDATA% seems to expand to %USERPROFILE%\AppData\Roaming (has since Vista? Was it always to Roaming, though?)
- %LOCALAPPDATA% expands to %USERPROFILE%\AppData\Local (since when?)
AppData's Local, Roaming, and LocalLow
- Local is for things that should not roam with the user, even if it could
- e.g. most program caches
- Roaming classically only did anything for people in Domain environments
- Since Windows 8, windows might synchronize between different MS logins (verify)
- LocalLow - The idea of "Low integrity environments" is to make it easier to have a location to distrust -- or rather, makes it easier to set up rules/filters for that set of software, letting you restrict them to all but a few directories. This is mainly aimed at browsers, because they are a common attack vector.
- in practive, LocalLow may point to the same folder as Local, or may not.
- https://helgeklein.com/blog/internet-explorer-in-protected-mode-how-the-low-integrity-environment-gets-created/
Notes:
- I've seen programs choose to install completely to AppData (typically \Local), presumably to avoid requiring admin rights for an install
- Roaming and Local only serve different function if Roaming is actually synchronized (or remote-mounted?)
- if no syncing (or remote-mounting?) is going on, Roaming is really just Local as well
- it's probably a good idea for programs to make the local/roaming distinction, just in case the system you run it on does
Known Folders, Special Folders
CSIDL
Unsorted
Scripting notes
cmd, bat
Arguments, path transforms
In a script,
%0 is the executable %1 the first argument, %2 the second argument, etc.
There is some extra syntax. In the below,
- d is drive
- p is the path (without drive)
- n is the filename (without drive or path, or file extension)
- x
- s changes the above to 8.3 style filenames
- ~ means remove quotes(verify)
Which can be combined, so e.g. if I create a script to demonstrate, its output might be:
C:\foo>test.bat bar.txt ====0==== %0 C:\foo\test.bat %~0 C:\foo\test.bat %~d0 C: %~p0 \foo\ %~nx0 test.bat %~dp0 C:\foo\ %~dpnx0 C:\foo\test.bat ====1==== %1 bar.txt %~1 bar.txt %~d1 C: %~p1 \foo\ %~nx1 bar.txt %~dp1 C:\foo\ %~dpnx1 C:\foo\bar.txt
Notes:
- %~dp0 can be really useful, when you want to refer to files (or other executables) in the same directory as the script you are running.
- %0, %1 and so on are values as they are handed in, so might be relative or absolute paths (or UNCs).
- Say, when dragging bar.txt onto foo.bat in windows, I got:
%0 "C:\foo\test.bat" %~0 C:\foo\test.bat ...and... %1 C:\foo\bar.txt %~1 C:\foo\bar.txt
- works on UNCs, then looking something like:
%0 "\\DOM\Pers$\Homes\Me\test.bat" %~0 \\DOM\Pers$\Homes\Me\test.bat %~d0 \\ %~p0 DOM\Pers$\Homes\Me\ %~nx0 test.bat %~dp0 \\DOM\Pers$\Homes\Me\ %~dpnx0 \\DOM\Pers$\Homes\Me\test.bat
Powershell
sysadmin/coder angle
...focusing on things useful for sysadmins, makeshift installers batch-scripts, and such.
cmd.exe
Perhaps best known for getting a command line window from Start menu → Run... or Windows-R, then styping cmd.exe
Can also be useful for batch scripts. Then often used with /c, meaning 'close after the specified command is done'
start, start.exe
There is a START command (usable in cmd.exe windows, batch scripts, and such) that is a more flexible way of running things, can for example start without creating a window, start it minimized.
Note that the title argument is required, so if you don't care about a title, specify ""
There are third-party tools that imitate the command, often to avoid having a visible cmd.exe window (e.g. installers, login scripts, CD/USB autorun)
- start.exe
(Note: as with any common tool, there is malware that overwrites them)
rundll32.exe
regsvr32.exe