Some useful (batch) scripts

Last updated: 01.09.2025

Most of the scripts are used in daily work and are well tested. Some of them are less tested. They all may have bugs or just work in some specific environment or are useful just for specific tasks.

If mainly copy-and-pasted from somewhere else, it should have been noted in the script or the description.

Use them at your own risk without any warranty.

Some/Most change registry values or other system settings.
So use them at your own risk, read them carefully beforehand, make backups of your system/registry before using them or test them on a VM.

Mostly there are pure batch scripts, some are ps1 some are py.

For questions and bug reports feel free to open an issue.

Contents

• blitzDingser/
• crypto/
• edge/
• explorer/
• firewall
• hyper-v/
• pdb/
• Visual Studio/
• Win11/
• WinDbg/
• WinPE/
• Windows Features/
• addBinShellCtxtMenuEntry
• cleanUpdateFolder
• createBootStick
• createIso
• createVHD
• deleteExploitProtectionSettings
• deleteFilesLT
• deleteShortcutPostfix
• disableCoInstallers
• disableCopilot
• disableErrorReporting
• disableIpV6
  • ps1
• disableSearchSuggestions
• disableServices
• disableSuperFetch
• disableTasks
• disableTelemetry
• enableNumLock
• enableLsaPpl
• enableVBS
• enableWinUpdateOptions
• filesize
• Get Windows product key
• Get Pid
• initSystem
• iterate
• killProcess
• listDriveLetters
• listFilesGt
• poweroff
• queryService
• reboot
• RemoveApps
• RemoveOneDrive
• RemoveOptionalFeatures
• Rename
• setDNS
• setIp
• startNtProg
• copyright, credits & contact

blitzDingser/

Some useful blintzDings scripts to clean up log entries or other stuff.
blitzdingser/README.md

crypto/

Some crypto related scripts.
crypto/README.md

edge/

Some edge related scripts.
edge/README.md

explorer/

Set useful explorer settings.
explorer/README.md

firewall/

Firewall settings.
fw/README.md

hyper-v/

Some hyper-v related scripts.
hyper-v/README.md

Pdb/

Some pdb scripts.
pdb/README.md

Visual Studio/

Some Visual Studio related scripts.
visualstudio/README.md

Win11/

Some Windows 11 related scripts.
win11/README.md

WinDbg/

Some WinDbg related scripts.
windbg/README.md

WinPE/

Some WinPe related scripts to create, change or init an image.
winpe/README.md

Windows Features/

Scripts to add Windows professional features to non professional builds.
windowsFeatures/README.md

addBinShellCtxtMenuEntry

Add binary to right click context menu.

Usage

Usage: %prog_name% /p ^<path^> /l ^<label^> [/pb ^<params^>] [/pa ^<params^>] [/d] [/v] [/h]

Options:

• /p Path to the binary. Must not have spaces at the moment!
• /l Label to show up in the context menu.
• /d Delete entry specified by /l label.
• /pb Additional parameters before the file.
• /pa Additional parameters after the file.
• /v Verbose mode.
• /h Print this.

cleanUpdateFolder

Clean/Delete the windows 11 update folder

$ cleanUpdateFolder.bat

createBootStick

Creates a bootable usb stick out of an iso file.

Usage

$ createBootStick.bat /if ^<path^> [/mount^|/extract^|/source] [/ul X] [/v]

Options:

• /if Path to input iso file or folder.
• /ul Desired drive letter of boot usb stick. Default: X.

Modes:

• /mount Mounting mode: Mounts the iso file and copies its contents over to the usb drive.
• /extract Extracting mode: Uses 7z to extract the contents of the iso file and copies them over to the usb drive. (7z has to be installed and available in the PATH/current environment.)
• /source Source mode: Uses a path to an already extracted iso and copies them over to the usb drive.

Other:

• /v More verbose mode.

Remarks

On UEFI you just need a (FAT32) stick with an \EFI\BOOT\bootx64.efi file.

createIso

Creates an iso image of a folder.
Requires an "oscdimg.exe" from the Assessment and Deployment Kit (ADK).

Usage

$ createiso.bat /i input\dir /o output\file.iso [/v] [/h]

Options:

• /i Path to input directory.
• /o Path to output file.
• /v Verbose mode.
• /h Print help.

createVHD

Creates a vhd.

Usage

$ createVHD.bat /v "c:\ve\disk.vhd" [/s 1] [/t fixed|expandable][/f ntfs|fat|fat32] [/lbl "the label"] [/l V]

Options:

• /v (Fully qualified) path to the new vdisk.vhd
• /s (Maximum) size of the vhd in MB. Defaults to 10.
• /t Tpye of the vhd. Static size (fixed) or dynamic size (expandable). Defaults to fixed.
• /f Format of the vhd: ntfs|fat|fat32]. Defaults to ntfs.
• /lbl A string label for the vhd. Defaults to "the label"
• /l The letter of the volume of the (mounted) vhd. Defaults to V.

deleteExploitProtectionSettings

Delete exploit protection settings

Iterates "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" and confirms deletion for each entry.

Usage

$ deleteExploitProtectionSettings

After each listed entry there is a choice between

• continue (C)
• delete the entry (D)
• inspect the entry to get further info like the file path (I)
• or quit the iteration (Q)

deleteFilesLT

Delete all files in a directory with file size less than a minimum.

Usage

$ deleteFilesLT /d <targetPath> /m <minSize> /t <fileType> [/r] [/v] [/h]

Options:

• /d Target directory.
• /m Minimum file size in bytes. All files below the minimum file size will be deleted.
• /t File type filter. I.e. "log"
• /r Iterate dir recursively.
• /c Checking mode. Don't delete files, just print, what would be deleted, if this flag would not have been set.
• /v Verbose mode.

disableCoInstallers

Blocking Windows driver co-installer applications
https://www.bleepingcomputer.com/news/microsoft/how-to-block-windows-plug-and-play-auto-installing-insecure-apps/

$ disableCoInstallers.bat

disableCopilot

Disable Windows 11 copilot. At least some of it.

$ disableCopilot.bat

disableErrorReporting

Disable Windows error reporting by adding a "Disabled" key to the registry.

$ disableErrorReporting.bat

disableIpV6

ps1

Disable/enable IpV6 support on all or specified adapters

ps> disableIpv6.ps1 [<mode>] [<name>]

Options:

• mode: Disable ("disable"), enable ("enable") or list ("list") specified adapters. Default: disable
• name: Specify an adapter name. Default: "*", i.e. all adapters.

disableSearchSuggestions

Disable Windows search suggestions in start menu search.

$ disableSearchSuggestions.bat

disableServices

Disable a predefined list of services you might not need to be running. Alternatively a specific service name can be targeted.

The list should be checked and adjusted before running the script.

Uses sc manager by default. Can fail some time due to access restrictions. Using the registry keys is less restricted.

$ disableServices.bat [/c|/d|/e] [/reg|/sc] [/n] [/v] [/h]

Actions:

• /c : Check the service(s).
• /d : Disable the service(s).
• /e : Enable the service(s).

Options:

• /n : Name a specific arbitrary target.
• /reg : Use registry to overwrite service start setting.
• /sc : Use sc service manager to manage service start setting (default).

Other:

• /v: More verbose.
• /h: Print this.

Remarks:
The default targets can be listed with /h. There are some not default known other targets listed as well.

Enabling the services will set them to autostart (2), which might not be their original value.

disableSuperFetch

Disable Prefetch/Superfetch by adding registry entries.

$ disableSuperFetch.bat [/d <value>] [/c] [/v]

Options:

• /d Set registry values to this number. Default: 0 = disable.
• /c Check registry entry.
• /v Verbose mode

disableTasks

Disable a predefined list of tasks you might not need to be running. Alternatively a specific task name can be targeted.

The list should be checked and adjusted before running the script.

Uses schtasks.

$ disableTasks.bat [/c|/d|/e] [/n] [/v] [/h]

Actions:

• /c : Check the task(s).
• /d : Disable the task(s).
• /e : Enable the task(s).

Options:

• /n : Name a specific arbitrary target.

Other:

• /v: More verbose.
• /h: Print this.

Remarks:
The default targets can be listed with /h.

Disabling a task will also stop it.

disableTelemetry

Too be extended Windows telemetry disabling script.
Writes to some known registry entries.

enableNumLock

Enable numlock.

Usage

$ enableNumLock.bat

enableLsaPpl

Enable LSA (Local Security Authority) protection running as PPL (Protected Process Light). Protects from dumping passwords (hashes) with Mimikatz for example.

Usage

$ enableLsaPpl.bat [/d|/e] [/p <path>]

Remarks:
Disabling it is not as easy as deleting the registry key (if secure boot is enabled). In this case, the value is stored in an NVRAM variable and the registry key becomes meaningless after the reboot. Therefore, this complicated steps have to be followed:
https://www.microsoft.com/en-us/download/details.aspx?id=40897

The script tries to do it automatically with the /d option. Nonetheless the required Local Security Authority (LSA) Protected Process Opt-out tool has to be downloaded first.

Links

https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/credentials-protection-and-management

enableVBS

Enable Virtualization-based Security (VBS).

Usage

$ enableVBS.bat [/e] [/d] [/l] [/u] [/f] [/c] [/r] [/v] [/h]

Options:

• /d: Disable protection: enabledVirtualizationBasedSecurity, RequirePlatformSecurityFeatures, HypervisorEnforcedCodeIntegrity, CredentialGuard.
• /e: Enable protection: enabledVirtualizationBasedSecurity, RequirePlatformSecurityFeatures, HypervisorEnforcedCodeIntegrity, CredentialGuard.
• /l: Lock protection settings: DeviceGuard, HypervisorEnforcedCodeIntegrity.
• /u: Unlock protection settings: DeviceGuard, HypervisorEnforcedCodeIntegrity.

Modifiers:

• /f: Required Platform Security features flags:
  1=Secure Boot (default),
  2=DMA.
  The flags can be added/or'ed together.
  Core Isolation will only work, if the required features are active. So if /f 1 is set, but secure boot is not enabled (Bios settings), core isolation won't be activated.

Other:

• /c: Check current registry values and event log.
• /r: Reboot system with confirmation prompt.
• /h: Print this.
• /v: verbose mode.

Info
CredentialGuard will only be "licensed" in Windows Enterprise or Windows Education Editions. Otherwise it will start with a "WinInit" Event 13:
"Credential Guard was started and will protect LSA credentials."
But after that there occurs an "Lsa (LsaSrv)" warning 6147: "Credential Guard is configured to run, but is not licensed. Credential Guard was not started." Even though it is shown as running in the registry and msinfo32 app.

Disabling an uefi locked VBS system requires some Windows efi driver (SecConfig.efi) to be booted with, to disable the locked vbs system. Just setting the registry values to 0 does not work. So when disabling and unlocking a locked system (/d /u), after reboot there will be two bios prompts, that ask for disabling VBS and Credential guard. At least on a Windows 11 this lasts only until reboot, if Hyper-V (the feature) is activated. Then VBS activates itself again somehow.

Links

https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs
https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-hvci-enablement
https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity

enableWinUpdateOptions

Enable Windows update option

Usage

$ enableWinUpdateOptions.bat

Change value inside script

• 2 – To notify for download and notify for install
• 3 – To auto download and notify for install
• 4 – To auto download and schedule the install
• 5 – To allow local admin to choose setting

Filesize

Print file size of one or more files

Usage

$ filesize.bat <file> ...

Get Windows product key

Read LastBiosKey from HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ClipSVC\Parameters

Usage

$ getProductKey.bat

Get Pid

Get pid of a running process

Usage

$ getPid.bat <name>

initSystem

Set some Windows privacy and security related settings for setting up a system. Some are still missing.

Not yet well documented what it's actually setting. Will surely be done in the near future.

Usage

$ settings.bat 

Remarks

Has to be run as Admin.

If the targeted user and admin user are different, the required user id has to be set manually at set user_sid= with the sid output by $ whoami /user and the following for loop has to be deleted. user_name is not required.

Defender settings are possibly guarded by the Tamper Protection and will fail.

iterate

Iterate files in a directory and execute a command with optional parameters.

Usage

$ iterate.bat [/d path] [/c command] [/a1 args1] [/a2 args2] [/r] [/s] [/v]

Options:

• /d: The directory to iterate. Default "."
• /c: An optional command to execute. Will be executed as "command args1 %file% args2".
• /a1: Optional arguments to command. Will be executed as "command args1 %file% args2".
• /a2: Optional arguments to command. Will be executed as "command args1 %file% args2".
• /r: Iterate directories recursively.
• /s: Stepping mode. Requires confirmation before processing a file.

Other:

• /h: Print this.
• /v: verbose mode.

killProcess

Kill a process by name or pid.

Usage

$ killProcess.bat [/p <pid>] [/n <name>] [/c] [/k] [/d] [/h]

Options:

• /p: Process id.
• /n: Process name.
• /c: Check <name> in tasklist to get its pid.
• /k: Kill provided <pid> or <name>.
• /d: Delete and kill the target <name>.
• /h: Print this.

listDriveLetters

List used and unused drive letters

Usage

$ listDriveLetters.bat

listFileGt

PowerShell
List files in a directory greater than a value.

Usage

ps> listFilesGt.ps1 <Path> <MinSize> [<Unit>] [<Recursive>]

Options:

• -Path: Directory path to list.
• -MinSize: Minimum Size to list.
• -Unit: Optional Unit: Bytes (B) [default], KiloBytes (K), MegaBytes (M), GigaBytes (G)
• -Recursive: Iterate given directory Path recursively. (Optional)

poweroff

Power machine off.
Wrapper for shutdown -s -t 0

Usage

$ poweroff.bat

queryService

Query services (HKLM\System\CurrentControlSet\Services) by name.

Usage

$ queryService.bat <name> [/s] [/e] [/v] [/h]

Options:

• /s Iterate key recursively.
• /e Exactly match name.
• /v Verbose mode.
• /h Print this.

reboot

Reboot machine. Wrapper for shutdown -r -t 0

Usage

$ reboot.bat

RemoveApps

Remove some preinstalled windows apps.

Usage

ps> removeApps.ps1 [<mode>] [<name>] [-Confirm]

Params

• -Mode: "remove" (default) or "check".
• -Name: If provided, only the given <name> will be handled. Wildcards are supported.
• -Confirm: Skip confirmation and just remove without asking.

Examples

# Remove all apps in the list with confirmation
ps> removeApps.ps1 

# Remove all apps in the list already confirmed
ps> removeApps.ps1 -Confirm

# Check all apps in the list
ps> removeApps.ps1 check

# Check app with name XboxSpeechToTextOverlay
ps> removeApps.ps1 check *XboxSpeechToTextOverlay*

Remarks

Removing "Microsoft.XboxGameCallableUI_xxx" or another Xbox package may throw some "0x80070032" error. Checking the installed apps and then manually removing the remaining "Microsoft.XboxSpeechToTextOverlay" and "Microsoft.Xbox.TCUI" and maybe more solved the issue and "Microsoft.XboxGameCallableUI" was gone too.

ps> removeApps.ps1 check 
ps> [removeApps.ps1 check *XboxSpeechToTextOverlay*]
ps> removeApps.ps1 remove *Microsoft.Xbox.TCUI*
ps> removeApps.ps1 remove ...

RemoveFeatures

Remove some Windows Features.

Usage

ps> RemoveFeatures.bat [c|cx|r|a] [/n <name>]

Params

-/a : Add the feature(s). -/c : Check the feature(s) state. -/cx : Check the feature(s) complete info. -/l : List all capabilities. -/r : Remove the feature(s).

Examples

# Remove all features in the list
ps> RemoveFeatures.bat /r

# Check the state of all features in the list
ps> RemoveFeatures.ps1 [/c]

# Remove a specific features 
ps> RemoveFeatures.bat /r /n MicrosoftWindowsPowerShellV2

RemoveOneDrive

Remove OneDrive and related data.

• Kills the OneDrive process
• Runs the OneDriveSetup uninstaller
• removes registry settings
• removes related folders

Usage

$> removeOneDriver.bat

RemoveOptionalFeatures

Remove some optional features.

Usage

ps> RemoveOptionalFeatures.bat [c|cx|r|a] [/n <name>]

Params

-/a : Add the feature(s). -/c : Check the feature(s) state. -/cx : Check the feature(s) complete info. -/l : List all capabilities. -/r : Remove the feature(s).

Examples

# Remove all optional features in the list
ps> RemoveOptionalFeatures.bat /r

# Check the state of all optional features in the list
ps> RemoveOptionalFeatures.ps1 [/c]

# Check full info of all optional features in the list
ps> RemoveOptionalFeatures.ps1 /cx

# Remove a specific optional features 
ps> RemoveOptionalFeatures.bat /r /n App.StepsRecorder

Rename

Rename a list of files with a common pattern.

Usage

$ rename.bat /f <files> /p <pattern> [/r <replacement>] [/t] [/v] [/h]

Options:

• /f File pattern to iterate.
• /p Rattern to replace.
• /r Replacement. Defaults to empty string.
• /t Test mode. Just showing the potential renaming happening, not actually renaming.

Other:

• /v Verbose mode
• /h Print help

Example

# convert all .txt file in %tmp% to .bin files
$ rename.bat /f %tmp%\*.txt /p .txt /r .bin

# remove all .bck parts of file names
$ rename.bat /f %tmp%\*.bck.txt /p .bck

setDNS

Set dns server and alternative of a network device.

Usage

$ setDNS.bat /d <dnsIp> [/n <name>] [/a <altIp>] [/6] [/c] [/l] [/v] [/h]

Options:

• /d The preferred DNS server ip address as dotted string.
• /a The alternative DNS server ip address as dotted string.
• /n The interface name. Default: "Ethernet". If name does not work (Element not found), try replacing the name with the index found with /l.
• /c Validate the settings.
• /6 Set ip version to ipv6.
• /l List interfaces.
• /v Verbose mode

setIp

Set ip, mask and gateway of a network device.

Usage

$ setIp.bat /i <ip> /g <gateway> [/m <mask>] [/n <name>] [/c] [/l] [/v]

Options:

• /i IP
• /g Gateway
• /m Network mask. Default: 255.255.240.0
• /n The interface name. If name does not work (Element not found), try replacing the name with the index found with /l.
• /l List interfaces
• /c List interface configuration
• /v Verbose mode

shortcutPostfix

Disable appending a " - Shortcut" to each newly created shortcut.

Usage

$ shortcutPostfix.bat

startNtProg

Start program as system user Nt Authority.
Wrapper for psexec -i -s -d <target> <params>.
Uses the Sysinternals Tool psexec and expects it to be found in %PATH%.

Usage

$ startNtProg.bat [/h]

Options:

• /t The target application. Defaults to cmd.
• /p Params to that application.

Other:

• /v Verbose mode.
• /h Print this.

copyright, credits & contact

Published under GNU GENERAL PUBLIC LICENSE.