RAllen Windows Server 2003 Command-Line Tools

8/3/2019 RAllen Windows Server 2003 Command-Line Tools

1/22


2/22

Agenda

Why Use Command-Line Tools?

Microsoft Command-Line Tool Resources

Other Command-Line Tool Resources

Q/A


3/22

Why Use a Command-Line over a GUI?

1. Faster than the clickity-clickcounterpart

View the network configuration: ipconfig /all

Find all VBScript files in the path: where *.vbs

Append a 1

to every file in the currentdirectory: forfiles -p.\ -v -c"cmd /c if not @ISDIR==TRUE

ren @FILE @FNAME_WITHOUT_EXT1.@EXT"


4/22


2. In some cases you dont have a choice Create an entry in an Event Log

eventcreate

/L Application

/T Error

/ID 777

/D "ErrorWill Robinson"

Redirect the default AD computers container to

an alternate location

redircmp ou=MyComputers,dc=rallencorp,dc=com Diagnose AD DNS configuration issues

dnslint /ad /s localhost /v


5/22


3. Enhances your remote management

capabilities

Many of the new tools have a /S option fortargeting a remote machine

systeminfo /S rallen-srv1

With Sysinternals psexec you can even run

non-remoteable utilities remotely psexec \\rallen-srv1 cmd /k dir c:\


6/22


4. Enables you to automate

common/complex tasks

Simple batch scripts just containcommands to run in sequence

Disable all inactive computer accounts and

send the results in an email (2 commands)

oldcmp -report -file inactive.html -disable -b

"cn=computers,dc=rallencorp,dc=com

blat inactive.html -to [email protected] -html


7/22

Microsoft Command-Line Tool Resources

Windows Server2003

Windows Resource Kit

Windows Support Tools

Downloadable Tools

SFU

3.5


8/22

What's New in Windows Server 2003

%windir%\Help\ntcmds.chm

systeminfo Displays detailed configuration informationabout a computer and its operating system

wmic Extremely powerful command-line interface into WMI

dsadd / dsmod / dsrm / dsget / dsquery / dsmove Set of

command-line tools for querying and modifying ActiveDirectory

netsh Query network configuration, perform diagnostics andmanage network services such as DHCP and IPSec

bootcfg Configures, queries, or changes Boot.ini filesettings

sc

Retrieves and sets information about services. Tests anddebugs service programs.

schtasks Command-line interface into the Task Schedulerservice. With it you can query, add, modify and deletescheduled tasks


9/22

What's New in Windows Server 2003

(contd)

tasklist / taskkill

Search and terminate processes reg Query and manipulate the Registry

redirusr / redircmp Redirect the default users andcomputers containers in Active Directory

forfiles Perform a command over several files at once

openfiles Queries and disconnects open files

fsutil / freedisk / diskpart File and disk configuration andquery tools

eventcreate / eventquery / eventtriggers Create andquery events and event triggers

gpupdate / gpresult Force group policies to be applied toa computer and view the results

shutdown Log off, restart, or shut down a computer


10/22

Windows Resource Kit

creatfil

Create a file of arbitrary size

diskuse Scans a single directory, a directory tree, or anentire drive and reports the amount of space used by eachuser or all users

gpotool Display info about the GPOs in a domain and

check for inconsistencies across DCs klist Display and purge the Kerberos tickets on a computer

linkd Create a junction point (file link)

linkspeed Determines link speed to a remote system

moveuser Use MoveUser after moving a user to a differentdomain so that the user can keep the user profile associatedwith the original user account

ntrights Grant or revoke a right for a user or group of userson a local or remote computer


11/22

Windows Resource Kit (contd)

permcopy Copy share-level permissions from one share toanother

perms Display user access permissions for a file ordirectory

showacls Enumerates access rights for files, folders

showpriv

Displays the rights assigned to users and groups qgrep Search a file or list of files for a specific string or

pattern and return the line containing the match

robocopy Robust file copy utility

srvcheck Lists nonhidden shares on a computer and

enumerates the ACLs for each srvinfo Displays information about a server, including

available disk space, partition types, installed hotfixes, andthe status of services


12/22

Windows Support Tools

System: whoami Display the username, SID, and groups of the currently

logged on user

pmon Displays several measures of processor and memory useof running processes

netdom Manages computer names, trusts, and secure channels

diruse

Displays directory size informationACLs:

acldiag Detects and reports discrepancies in ACLs of objects inActive Directory. It can also reapply a security delegation template toan ACL

xcacls Query and modify file ACLs

dsacls

Query and modify Active Directory ACLs

Network: portqry Robust port query tool

netdiag Network connectivity diagnostics tool

netcap Command-line version of Netmon


13/22

Windows Support Tools (contd)

Active Directory:

dcdiag Domain controller diagnostics tool

dsastat Compare trees of two DCs and get objectcount report

nltest

Domain controller, trust and netlogon query tool movetree Move objects within a domain or to a

different domain

repadmin Advanced replication diagnostics tool

DNS:

dnscmd

One stop shop for managing the MS DNSserver

dnslint Helps diagnose common DNS resolutionissues (MS KB 321045)


14/22

Downloadable Tools (http://download.microsoft.com)

GPMC Suite of group policy management tools whichincludes several VBS scripts that can be used from thecommand-line

mbsacli Security analyzer

adtestActive Directory load-generation tool that

simulates client transactions

dsrevoke Views and removes permissions in ActiveDirectory

dsde

Part of the DSML forWindows installation; query,import and export from AD using LDAP or DSML

subinacl Robust ACL query and modification tool


15/22

SFU 3.5

Available for free now: http://tinyurl.com/yv969 Contains many popular UNIX tools:

ksh

ls

wc vi

cat

cron / crontab

grep / egrep / fgreg

head / tail cp / mv / rm

ps

top

And many more


16/22

Other Command-Line Tool Resources

Sysinternals

Joeware

Miscellaneous


17/22

Sysinternals (http://www.sysinternals.com/)

handle Display the files and folders a process has open

listdlls Display the DLLs that has a process has loadedor the processes that are using a particular DLL

netstatp View open ports and the processes andprotocols associated with them

sdelete Securely delete files

adrestore Enumerate and restore deleted objects in AD

junction Similar to linkd; creates junction points (i.e.,

file/folder links)


18/22

Sysinternals (PS Tools)

PsExec

Execute processes remotely PsFile Show open files remotely

PsGetSid Display the SID of a computer or a user

PsKill Kill processes by name or process ID

PsInfo List information about a system

PsList

List detailed information about processes PsLoggedOn See who's logged on locally and via resource

sharing

PsLogList Dump event log records

PsPasswd Changes account passwords

PsService

View and control services PsShutdown Shuts down and optionally reboots a computer

PsSuspend Suspends processes

PsUptime Shows you howlonga system has been runningsince its last reboot


19/22

Joeware (http://www.joeware.net/)

adfind Robust and flexible AD query utility (the best around)

oldcmp Find old computer accounts and disable or deletethem

unlock Find and unlock locked out accounts

adqueueloop Similar to repadmin /queue but includes the

number of items in the inbound queue and shows the top itemin the queue

getuserinfo net useron steroids

secdata Retrieve security-related data about users from AD

memberOf Retrieve a users group membership from AD

(shows nested group membership) sectok Displays the SID and token (including all sids/namesof groups that token contains) of a user

cpau Similar to runas, but lets you specify a password asan option


20/22

Miscellaneous

blat

Sends the contents of a file in an e-mail using SM

TP(http://www.interlog.com/~tcharron/blat.html)

digAdvanced DNS query utility (http://pigtail.net/LRP/dig/)

whois Query the whois database(http://pigtail.net/LRP/dig/)

setacl

Modify the ACL (DACL and SACL) on files, theregistry, services, printers, and shares(http://setacl.sourceforge.net/)

compname Dynamically generate and set the computername based the serial number, system GUID, MAC address,IP address, date, DNS name, or a random element(http://www.willowhayes.co.uk/)

Other sites:

http://www.optimumx.com/download/

http://www.systemtools.com/free_frame.htm


21/22

Q/A

Thank you for your time!

Email: [email protected]


22/22

At a Bookstore Near You

My Books Active Directory Cookbook (Oct 2003)

Active Directory, 2nd Edition (Apr2003)

DNS on Windows Server2003 (Dec 2003)

Windows Server Cookbook (Summer2004) Windows XP Cookbook (Fall 2004)

OtherOReilly Books Coming Out Soon: Windows Server Hacks (Apr2004)

Exchange Server Cookbook (Fall 2004) Securing Windows Server2003 (Summer2004)

Managing Windows Server2003 (Summer2004)

RAllen Windows Server 2003 Command-Line Tools

Documents

Transcript of RAllen Windows Server 2003 Command-Line Tools