1 / 22

Windows Server 2003 Command-Line Tools

Windows Server 2003 Command-Line Tools Robbie Allen Cisco Systems www.rallenhome.com Agenda Why Use Command-Line Tools? Microsoft Command-Line Tool Resources Other Command-Line Tool Resources Q/A Why Use a Command-Line over a GUI? 1. Faster than the clickity-click counterpart

johana
Télécharger la présentation

Windows Server 2003 Command-Line Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003 Command-Line Tools Robbie Allen Cisco Systems www.rallenhome.com

  2. Agenda • Why Use Command-Line Tools? • Microsoft Command-Line Tool Resources • Other Command-Line Tool Resources • Q/A

  3. Why Use a Command-Line over a GUI? 1. Faster than the clickity-click counterpart • View the network configuration: • ipconfig /all • Find all VBScript files in the path: • where *.vbs • Append a “1” to every file in the current directory: • forfiles -p.\ -v -c"cmd /c if not @ISDIR==TRUE ren @FILE @FNAME_WITHOUT_EXT1.@EXT"

  4. Why Use a Command-Line over a GUI? 2. In some cases you don’t have a choice • Create an entry in an Event Log • eventcreate /L Application /T Error /ID 777 /D "Error Will Robinson" • Redirect the default AD computers container to an alternate location • redircmp “ou=MyComputers,dc=rallencorp,dc=com” • Diagnose AD DNS configuration issues • dnslint /ad /s localhost /v

  5. Why Use a Command-Line over a GUI? 3. Enhances your remote management capabilities • Many of the new tools have a /S option for targeting a remote machine • systeminfo /S rallen-srv1 • With Sysinternals psexec you can even run non-remoteable utilities remotely • psexec \\rallen-srv1 cmd /k dir c:\

  6. Why Use a Command-Line over a GUI? 4. Enables you to automate common/complex tasks • Simple batch scripts just contain commands to run in sequence • Disable all inactive computer accounts and send the results in an email (2 commands) • oldcmp -report -file inactive.html -disable -b "cn=computers,dc=rallencorp,dc=com“ • blat inactive.html -to rallen@cisco.com -html

  7. Microsoft Command-Line Tool Resources • Windows Server 2003 • Windows Resource Kit • Windows Support Tools • Downloadable Tools • SFU 3.5

  8. What's New in Windows Server 2003%windir%\Help\ntcmds.chm • systeminfo – Displays detailed configuration information about a computer and its operating system • wmic – Extremely powerful command-line interface into WMI • dsadd / dsmod / dsrm / dsget / dsquery / dsmove – Set of command-line tools for querying and modifying Active Directory • netsh – Query network configuration, perform diagnostics and manage network services such as DHCP and IPSec • bootcfg – Configures, queries, or changes Boot.ini file settings • sc – Retrieves and sets information about services. Tests and debugs service programs. • schtasks – Command-line interface into the Task Scheduler service. With it you can query, add, modify and delete scheduled tasks

  9. What's New in Windows Server 2003 (cont’d) • tasklist / taskkill – Search and terminate processes • reg – Query and manipulate the Registry • redirusr / redircmp – Redirect the default users and computers containers in Active Directory • forfiles – Perform a command over several files at once • openfiles – Queries and disconnects open files • fsutil / freedisk / diskpart – File and disk configuration and query tools • eventcreate / eventquery / eventtriggers – Create and query events and event triggers • gpupdate / gpresult – Force group policies to be applied to a computer and view the results • shutdown – Log off, restart, or shut down a computer

  10. Windows Resource Kit • creatfil – Create a file of arbitrary size • diskuse – Scans a single directory, a directory tree, or an entire drive and reports the amount of space used by each user or all users • gpotool – Display info about the GPOs in a domain and check for inconsistencies across DCs • klist – Display and purge the Kerberos tickets on a computer • linkd – Create a junction point (file link) • linkspeed – Determines link speed to a remote system • moveuser – Use MoveUser after moving a user to a different domain so that the user can keep the user profile associated with the original user account • ntrights – Grant or revoke a right for a user or group of users on a local or remote computer

  11. Windows Resource Kit (cont’d) • permcopy – Copy share-level permissions from one share to another • perms – Display user access permissions for a file or directory • showacls – Enumerates access rights for files, folders • showpriv – Displays the rights assigned to users and groups • qgrep – Search a file or list of files for a specific string or pattern and return the line containing the match • robocopy – Robust file copy utility • srvcheck – Lists nonhidden shares on a computer and enumerates the ACLs for each • srvinfo – Displays information about a server, including available disk space, partition types, installed hotfixes, and the status of services

  12. Windows Support Tools System: • whoami – Display the username, SID, and groups of the currently logged on user • pmon – Displays several measures of processor and memory use of running processes • netdom – Manages computer names, trusts, and secure channels • diruse – Displays directory size information ACLs: • acldiag – Detects and reports discrepancies in ACLs of objects in Active Directory. It can also reapply a security delegation template to an ACL • xcacls – Query and modify file ACLs • dsacls – Query and modify Active Directory ACLs Network: • portqry – Robust port query tool • netdiag – Network connectivity diagnostics tool • netcap – Command-line version of Netmon

  13. Windows Support Tools (cont’d) Active Directory: • dcdiag – Domain controller diagnostics tool • dsastat – Compare trees of two DCs and get object count report • nltest – Domain controller, trust and netlogon query tool • movetree – Move objects within a domain or to a different domain • repadmin – Advanced replication diagnostics tool DNS: • dnscmd – One stop shop for managing the MS DNS server • dnslint – Helps diagnose common DNS resolution issues (MS KB 321045)

  14. Downloadable Tools (http://download.microsoft.com) • GPMC – Suite of group policy management tools which includes several VBS scripts that can be used from the command-line • mbsacli – Security analyzer • adtest – Active Directory load-generation tool that simulates client transactions • dsrevoke – Views and removes permissions in Active Directory • dsde – Part of the DSML for Windows installation; query, import and export from AD using LDAP or DSML • subinacl – Robust ACL query and modification tool

  15. SFU 3.5 • Available for free now: http://tinyurl.com/yv969 • Contains many popular UNIX tools: • ksh • ls • wc • vi • cat • cron / crontab • grep / egrep / fgreg • head / tail • cp / mv / rm • ps • top • And many more…

  16. Other Command-Line Tool Resources • Sysinternals • Joeware • Miscellaneous

  17. Sysinternals (http://www.sysinternals.com/) • handle – Display the files and folders a process has open • listdlls – Display the DLLs that has a process has loaded or the processes that are using a particular DLL • netstatp – View open ports and the processes and protocols associated with them • sdelete – “Securely” delete files • adrestore – Enumerate and restore deleted objects in AD • junction – Similar to linkd; creates junction points (i.e., file/folder links)

  18. Sysinternals (PS Tools) • PsExec – Execute processes remotely • PsFile – Show open files remotely • PsGetSid – Display the SID of a computer or a user • PsKill – Kill processes by name or process ID • PsInfo – List information about a system • PsList – List detailed information about processes • PsLoggedOn – See who's logged on locally and via resource sharing • PsLogList– Dump event log records • PsPasswd – Changes account passwords • PsService – View and control services • PsShutdown – Shuts down and optionally reboots a computer • PsSuspend – Suspends processes • PsUptime – Shows you how long a system has been running since its last reboot

  19. Joeware (http://www.joeware.net/) • adfind – Robust and flexible AD query utility (the best around) • oldcmp – Find old computer accounts and disable or delete them • unlock – Find and unlock locked out accounts • adqueueloop – Similar to repadmin /queue but includes the number of items in the inbound queue and shows the top item in the queue • getuserinfo – net user on steroids • secdata – Retrieve security-related data about users from AD • memberOf – Retrieve a user’s group membership from AD (shows nested group membership) • sectok – Displays the SID and token (including all sids/names of groups that token contains) of a user • cpau – Similar to runas, but lets you specify a password as an option

  20. Miscellaneous • blat – Sends the contents of a file in an e-mail using SMTP (http://www.interlog.com/~tcharron/blat.html) • dig – Advanced DNS query utility (http://pigtail.net/LRP/dig/) • whois – Query the whois database (http://pigtail.net/LRP/dig/) • setacl – Modify the ACL (DACL and SACL) on files, the registry, services, printers, and shares (http://setacl.sourceforge.net/) • compname – Dynamically generate and set the computer name based the serial number, system GUID, MAC address, IP address, date, DNS name, or a random element (http://www.willowhayes.co.uk/) • Other sites: • http://www.optimumx.com/download/ • http://www.systemtools.com/free_frame.htm

  21. Q/A • Thank you for your time! • Email: rallen@cisco.com

  22. At a Bookstore Near You • My Books • Active Directory Cookbook (Oct 2003) • Active Directory, 2nd Edition (Apr 2003) • DNS on Windows Server 2003 (Dec 2003) • Windows Server Cookbook (Summer 2004) • Windows XP Cookbook (Fall 2004) • Other O’Reilly Books Coming Out Soon: • Windows Server Hacks (Apr 2004) • Exchange Server Cookbook (Fall 2004) • Securing Windows Server 2003 (Summer 2004) • Managing Windows Server 2003 (Summer 2004)

More Related