Windows Server 2003 Command-Line Tools - PowerPoint PPT Presentation

johana
windows server 2003 command line tools l.
Skip this Video
Loading SlideShow in 5 Seconds..
Windows Server 2003 Command-Line Tools PowerPoint Presentation
Download Presentation
Windows Server 2003 Command-Line Tools

play fullscreen
1 / 22
Download Presentation
Windows Server 2003 Command-Line Tools
715 Views
Download Presentation

Windows Server 2003 Command-Line Tools

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Windows Server 2003 Command-Line Tools Robbie Allen Cisco Systems www.rallenhome.com

  2. Agenda • Why Use Command-Line Tools? • Microsoft Command-Line Tool Resources • Other Command-Line Tool Resources • Q/A

  3. Why Use a Command-Line over a GUI? 1. Faster than the clickity-click counterpart • View the network configuration: • ipconfig /all • Find all VBScript files in the path: • where *.vbs • Append a “1” to every file in the current directory: • forfiles -p.\ -v -c"cmd /c if not @ISDIR==TRUE ren @FILE @FNAME_WITHOUT_EXT1.@EXT"

  4. Why Use a Command-Line over a GUI? 2. In some cases you don’t have a choice • Create an entry in an Event Log • eventcreate /L Application /T Error /ID 777 /D "Error Will Robinson" • Redirect the default AD computers container to an alternate location • redircmp “ou=MyComputers,dc=rallencorp,dc=com” • Diagnose AD DNS configuration issues • dnslint /ad /s localhost /v

  5. Why Use a Command-Line over a GUI? 3. Enhances your remote management capabilities • Many of the new tools have a /S option for targeting a remote machine • systeminfo /S rallen-srv1 • With Sysinternals psexec you can even run non-remoteable utilities remotely • psexec \\rallen-srv1 cmd /k dir c:\

  6. Why Use a Command-Line over a GUI? 4. Enables you to automate common/complex tasks • Simple batch scripts just contain commands to run in sequence • Disable all inactive computer accounts and send the results in an email (2 commands) • oldcmp -report -file inactive.html -disable -b "cn=computers,dc=rallencorp,dc=com“ • blat inactive.html -to rallen@cisco.com -html

  7. Microsoft Command-Line Tool Resources • Windows Server 2003 • Windows Resource Kit • Windows Support Tools • Downloadable Tools • SFU 3.5

  8. What's New in Windows Server 2003%windir%\Help\ntcmds.chm • systeminfo – Displays detailed configuration information about a computer and its operating system • wmic – Extremely powerful command-line interface into WMI • dsadd / dsmod / dsrm / dsget / dsquery / dsmove – Set of command-line tools for querying and modifying Active Directory • netsh – Query network configuration, perform diagnostics and manage network services such as DHCP and IPSec • bootcfg – Configures, queries, or changes Boot.ini file settings • sc – Retrieves and sets information about services. Tests and debugs service programs. • schtasks – Command-line interface into the Task Scheduler service. With it you can query, add, modify and delete scheduled tasks

  9. What's New in Windows Server 2003 (cont’d) • tasklist / taskkill – Search and terminate processes • reg – Query and manipulate the Registry • redirusr / redircmp – Redirect the default users and computers containers in Active Directory • forfiles – Perform a command over several files at once • openfiles – Queries and disconnects open files • fsutil / freedisk / diskpart – File and disk configuration and query tools • eventcreate / eventquery / eventtriggers – Create and query events and event triggers • gpupdate / gpresult – Force group policies to be applied to a computer and view the results • shutdown – Log off, restart, or shut down a computer

  10. Windows Resource Kit • creatfil – Create a file of arbitrary size • diskuse – Scans a single directory, a directory tree, or an entire drive and reports the amount of space used by each user or all users • gpotool – Display info about the GPOs in a domain and check for inconsistencies across DCs • klist – Display and purge the Kerberos tickets on a computer • linkd – Create a junction point (file link) • linkspeed – Determines link speed to a remote system • moveuser – Use MoveUser after moving a user to a different domain so that the user can keep the user profile associated with the original user account • ntrights – Grant or revoke a right for a user or group of users on a local or remote computer

  11. Windows Resource Kit (cont’d) • permcopy – Copy share-level permissions from one share to another • perms – Display user access permissions for a file or directory • showacls – Enumerates access rights for files, folders • showpriv – Displays the rights assigned to users and groups • qgrep – Search a file or list of files for a specific string or pattern and return the line containing the match • robocopy – Robust file copy utility • srvcheck – Lists nonhidden shares on a computer and enumerates the ACLs for each • srvinfo – Displays information about a server, including available disk space, partition types, installed hotfixes, and the status of services

  12. Windows Support Tools System: • whoami – Display the username, SID, and groups of the currently logged on user • pmon – Displays several measures of processor and memory use of running processes • netdom – Manages computer names, trusts, and secure channels • diruse – Displays directory size information ACLs: • acldiag – Detects and reports discrepancies in ACLs of objects in Active Directory. It can also reapply a security delegation template to an ACL • xcacls – Query and modify file ACLs • dsacls – Query and modify Active Directory ACLs Network: • portqry – Robust port query tool • netdiag – Network connectivity diagnostics tool • netcap – Command-line version of Netmon

  13. Windows Support Tools (cont’d) Active Directory: • dcdiag – Domain controller diagnostics tool • dsastat – Compare trees of two DCs and get object count report • nltest – Domain controller, trust and netlogon query tool • movetree – Move objects within a domain or to a different domain • repadmin – Advanced replication diagnostics tool DNS: • dnscmd – One stop shop for managing the MS DNS server • dnslint – Helps diagnose common DNS resolution issues (MS KB 321045)

  14. Downloadable Tools (http://download.microsoft.com) • GPMC – Suite of group policy management tools which includes several VBS scripts that can be used from the command-line • mbsacli – Security analyzer • adtest – Active Directory load-generation tool that simulates client transactions • dsrevoke – Views and removes permissions in Active Directory • dsde – Part of the DSML for Windows installation; query, import and export from AD using LDAP or DSML • subinacl – Robust ACL query and modification tool

  15. SFU 3.5 • Available for free now: http://tinyurl.com/yv969 • Contains many popular UNIX tools: • ksh • ls • wc • vi • cat • cron / crontab • grep / egrep / fgreg • head / tail • cp / mv / rm • ps • top • And many more…

  16. Other Command-Line Tool Resources • Sysinternals • Joeware • Miscellaneous

  17. Sysinternals (http://www.sysinternals.com/) • handle – Display the files and folders a process has open • listdlls – Display the DLLs that has a process has loaded or the processes that are using a particular DLL • netstatp – View open ports and the processes and protocols associated with them • sdelete – “Securely” delete files • adrestore – Enumerate and restore deleted objects in AD • junction – Similar to linkd; creates junction points (i.e., file/folder links)

  18. Sysinternals (PS Tools) • PsExec – Execute processes remotely • PsFile – Show open files remotely • PsGetSid – Display the SID of a computer or a user • PsKill – Kill processes by name or process ID • PsInfo – List information about a system • PsList – List detailed information about processes • PsLoggedOn – See who's logged on locally and via resource sharing • PsLogList– Dump event log records • PsPasswd – Changes account passwords • PsService – View and control services • PsShutdown – Shuts down and optionally reboots a computer • PsSuspend – Suspends processes • PsUptime – Shows you how long a system has been running since its last reboot

  19. Joeware (http://www.joeware.net/) • adfind – Robust and flexible AD query utility (the best around) • oldcmp – Find old computer accounts and disable or delete them • unlock – Find and unlock locked out accounts • adqueueloop – Similar to repadmin /queue but includes the number of items in the inbound queue and shows the top item in the queue • getuserinfo – net user on steroids • secdata – Retrieve security-related data about users from AD • memberOf – Retrieve a user’s group membership from AD (shows nested group membership) • sectok – Displays the SID and token (including all sids/names of groups that token contains) of a user • cpau – Similar to runas, but lets you specify a password as an option

  20. Miscellaneous • blat – Sends the contents of a file in an e-mail using SMTP (http://www.interlog.com/~tcharron/blat.html) • dig – Advanced DNS query utility (http://pigtail.net/LRP/dig/) • whois – Query the whois database (http://pigtail.net/LRP/dig/) • setacl – Modify the ACL (DACL and SACL) on files, the registry, services, printers, and shares (http://setacl.sourceforge.net/) • compname – Dynamically generate and set the computer name based the serial number, system GUID, MAC address, IP address, date, DNS name, or a random element (http://www.willowhayes.co.uk/) • Other sites: • http://www.optimumx.com/download/ • http://www.systemtools.com/free_frame.htm

  21. Q/A • Thank you for your time! • Email: rallen@cisco.com

  22. At a Bookstore Near You • My Books • Active Directory Cookbook (Oct 2003) • Active Directory, 2nd Edition (Apr 2003) • DNS on Windows Server 2003 (Dec 2003) • Windows Server Cookbook (Summer 2004) • Windows XP Cookbook (Fall 2004) • Other O’Reilly Books Coming Out Soon: • Windows Server Hacks (Apr 2004) • Exchange Server Cookbook (Fall 2004) • Securing Windows Server 2003 (Summer 2004) • Managing Windows Server 2003 (Summer 2004)