Windows Server 2003 Command-Line Tools

Robbie Allen Cisco Systems www.rallenhome.com

Agenda
Why Use Command-Line Tools? Microsoft Command-Line Tool Resources Other Command-Line Tool Resources Q/A

Why Use a Command-Line over a GUI?

1. Faster than the clickity-click counterpart

View the network configuration:

ipconfig /all where *.vbs

Find all VBScript files in the path:

Append a 1 to every file in the current directory:

forfiles -p.\ -v -c"cmd /c if not @ISDIR==TRUE ren @FILE @FNAME_WITHOUT_EXT1.@EXT"

Why Use a Command-Line over a GUI?

2. In some cases you dont have a choice

Create an entry in an Event Log

eventcreate /L Application /T Error /ID 777 /D "Error Will Robinson"

Redirect the default AD computers container to an alternate location

redircmp ou=MyComputers,dc=rallencorp,dc=com dnslint /ad /s localhost /v

Diagnose AD DNS configuration issues

Why Use a Command-Line over a GUI?

3. Enhances your remote management capabilities

Many of the new tools have a /S option for targeting a remote machine
systeminfo /S rallen-srv1

With Sysinternals psexec you can even run non-remoteable utilities remotely
psexec \\rallen-srv1 cmd /k dir c:\

Why Use a Command-Line over a GUI?

4. Enables you to automate common/complex tasks

Simple batch scripts just contain commands to run in sequence

Disable all inactive computer accounts and send the results in an email (2 commands)
oldcmp -report -file inactive.html -disable -b "cn=computers,dc=rallencorp,dc=com blat inactive.html -to [email protected] -html

Microsoft Command-Line Tool Resources

Windows Server 2003 Windows Resource Kit Windows Support Tools Downloadable Tools SFU 3.5

What's New in Windows Server 2003

%windir%\Help\ntcmds.chm
systeminfo Displays detailed configuration information about a computer and its operating system wmic Extremely powerful command-line interface into WMI dsadd / dsmod / dsrm / dsget / dsquery / dsmove Set of command-line tools for querying and modifying Active Directory netsh Query network configuration, perform diagnostics and manage network services such as DHCP and IPSec bootcfg Configures, queries, or changes Boot.ini file settings sc Retrieves and sets information about services. Tests and debugs service programs. schtasks Command-line interface into the Task Scheduler service. With it you can query, add, modify and delete scheduled tasks

What's New in Windows Server 2003 (contd)

tasklist / taskkill Search and terminate processes reg Query and manipulate the Registry redirusr / redircmp Redirect the default users and computers containers in Active Directory forfiles Perform a command over several files at once openfiles Queries and disconnects open files fsutil / freedisk / diskpart File and disk configuration and query tools eventcreate / eventquery / eventtriggers Create and query events and event triggers gpupdate / gpresult Force group policies to be applied to a computer and view the results shutdown Log off, restart, or shut down a computer

Windows Resource Kit

creatfil Create a file of arbitrary size diskuse Scans a single directory, a directory tree, or an entire drive and reports the amount of space used by each user or all users gpotool Display info about the GPOs in a domain and check for inconsistencies across DCs klist Display and purge the Kerberos tickets on a computer linkd Create a junction point (file link) linkspeed Determines link speed to a remote system moveuser Use MoveUser after moving a user to a different domain so that the user can keep the user profile associated with the original user account ntrights Grant or revoke a right for a user or group of users on a local or remote computer

Windows Resource Kit (contd)

permcopy Copy share-level permissions from one share to another perms Display user access permissions for a file or directory showacls Enumerates access rights for files, folders showpriv Displays the rights assigned to users and groups qgrep Search a file or list of files for a specific string or pattern and return the line containing the match robocopy Robust file copy utility srvcheck Lists nonhidden shares on a computer and enumerates the ACLs for each srvinfo Displays information about a server, including available disk space, partition types, installed hotfixes, and the status of services

Windows Support Tools

System:
whoami Display the username, SID, and groups of the currently logged on user pmon Displays several measures of processor and memory use of running processes netdom Manages computer names, trusts, and secure channels diruse Displays directory size information

ACLs:
acldiag Detects and reports discrepancies in ACLs of objects in Active Directory. It can also reapply a security delegation template to an ACL xcacls Query and modify file ACLs dsacls Query and modify Active Directory ACLs

Network:
portqry Robust port query tool netdiag Network connectivity diagnostics tool netcap Command-line version of Netmon

Windows Support Tools (contd)

Active Directory: dcdiag Domain controller diagnostics tool dsastat Compare trees of two DCs and get object count report nltest Domain controller, trust and netlogon query tool movetree Move objects within a domain or to a different domain repadmin Advanced replication diagnostics tool DNS: dnscmd One stop shop for managing the MS DNS server dnslint Helps diagnose common DNS resolution issues (MS KB 321045)

Downloadable Tools (http://download.microsoft.com)

GPMC Suite of group policy management tools which includes several VBS scripts that can be used from the command-line mbsacli Security analyzer adtest Active Directory load-generation tool that simulates client transactions dsrevoke Views and removes permissions in Active Directory dsde Part of the DSML for Windows installation; query, import and export from AD using LDAP or DSML subinacl Robust ACL query and modification tool

SFU 3.5
Available for free now: http://tinyurl.com/yv969 Contains many popular UNIX tools: ksh ls wc vi cat cron / crontab grep / egrep / fgreg head / tail cp / mv / rm ps top

And many more

Other Command-Line Tool Resources

Sysinternals Joeware Miscellaneous

Sysinternals (http://www.sysinternals.com/)
handle Display the files and folders a process has open listdlls Display the DLLs that has a process has loaded or the processes that are using a particular DLL netstatp View open ports and the processes and protocols associated with them sdelete Securely delete files adrestore Enumerate and restore deleted objects in AD junction Similar to linkd; creates junction points (i.e., file/folder links)

Sysinternals (PS Tools)

PsExec Execute processes remotely PsFile Show open files remotely PsGetSid Display the SID of a computer or a user PsKill Kill processes by name or process ID PsInfo List information about a system PsList List detailed information about processes PsLoggedOn See who's logged on locally and via resource sharing PsLogList Dump event log records PsPasswd Changes account passwords PsService View and control services PsShutdown Shuts down and optionally reboots a computer PsSuspend Suspends processes PsUptime Shows you how long a system has been running since its last reboot

Joeware (http://www.joeware.net/)
adfind Robust and flexible AD query utility (the best around) oldcmp Find old computer accounts and disable or delete them unlock Find and unlock locked out accounts adqueueloop Similar to repadmin /queue but includes the number of items in the inbound queue and shows the top item in the queue getuserinfo net user on steroids secdata Retrieve security-related data about users from AD memberOf Retrieve a users group membership from AD (shows nested group membership) sectok Displays the SID and token (including all sids/names of groups that token contains) of a user cpau Similar to runas, but lets you specify a password as an option

Miscellaneous
blat Sends the contents of a file in an e-mail using SMTP (http://www.interlog.com/~tcharron/blat.html) dig Advanced DNS query utility (http://pigtail.net/LRP/dig/) whois Query the whois database (http://pigtail.net/LRP/dig/) setacl Modify the ACL (DACL and SACL) on files, the registry, services, printers, and shares (http://setacl.sourceforge.net/) compname Dynamically generate and set the computer name based the serial number, system GUID, MAC address, IP address, date, DNS name, or a random element (http://www.willowhayes.co.uk/) Other sites: http://www.optimumx.com/download/ http://www.systemtools.com/free_frame.htm

Q/A
Thank you for your time! Email: [email protected]

At a Bookstore Near You

My Books

Active Directory Cookbook (Oct 2003) Active Directory, 2nd Edition (Apr 2003) DNS on Windows Server 2003 (Dec 2003) Windows Server Cookbook (Summer 2004) Windows XP Cookbook (Fall 2004) Windows Server Hacks (Apr 2004) Exchange Server Cookbook (Fall 2004) Securing Windows Server 2003 (Summer 2004) Managing Windows Server 2003 (Summer 2004)

Other OReilly Books Coming Out Soon: