Master and Command Line
Using the Windows GUI is fine—if you want to go slow. Learn to use the command line and move into the administration fast lane.
If GUI and the command-line interface (CLI) were professional wrestlers, GUI would be a hugely muscled, masked warrior who enters the ring accompanied by "GUI the Hero" theme music. CLI stands in the opposite corner, looking grim and puny. GUI is the obvious crowd
favorite, but when the bell rings, there's little doubt about who will prevail. CLI is clever, nimble and knows how to break all the holds GUI brings to bear. Two minutes into the first round, GUI is pinned for the count.
As it turns out, a Windows server running Windows Server 2003 has nearly all the CLI utilities needed to do everyday administrative chores. You rarely need to use a terminal server client or one of those fancy-schmantzy Adminpak workstation tools. Just keep an open console prompt on your desktop and follow along as I show you some of my favorite administrative utilities.
Configuring a Comfortable CLI Environment
If you spend lots of time at the console window, you might as well make things comfortable for yourself. Open a console window, then right-click the upper left corner (or the title bar) and select Defaults from the flyout menu. Don't select the Properties option. Any changes you make using this option are only applied to console windows with the same name in the title bar.
You'll want to cut and paste quickly from the command line to graphical utilities, so enable the QuickEdit mode as shown in Figure 1. (This option is enabled by default in Windows 2000 Server, but not in Windows 2003.) QuickEdit requires a mouse to do copy-and-paste operations, but you can minimize the number of steps. Click and hold the left mouse button at the start of a block of text, highlight the block, then release the left mouse button and right-click anywhere in the highlighted text to place it in the clipboard. (If you need to use the keyboard, press the Alt key, tap the space bar, press E-M to start marking, hold down the Shift key, move the cursor to the end of the line, then press Enter.)
|Figure 1. Enabling QuickEdit mode facilitates cut-and-paste operations between the command line and graphical utilities.
In the same window, select the Fonts tab and shift from raster fonts to Lucida Console fonts and choose a size that's comfortable to read but puts as many characters as possible on a single line. Select the Layout tab and set the Window Size to a width and height that makes maximum use of your screen. For example, on my 1400x1050 laptop display, I use a 12 point font with a 170x70 setting for the console window so it covers the display completely.
Click "OK" in the console Properties window to save your changes. Close the console window and open a new one to see the new default settings. Enter a command or two, then press F7. This lists the last 100 commands you've issued in that console session. Select an item from the list to perform the command again. Pressing F3 displays the last command you entered.
You'll want to enable automatic name completion, so you can type the first few characters of a long directory or file name, then press the Tab key to cycle through all the matching items in the folder. This option is enabled by default in Windows 2003 and XP. Win2K uses the asterisk key, which is not as flexible as the Tab key. Enable automatic name completion with the Tab key by entering a couple of Registry changes using the reg command as follows:
reg add "hklm\software\microsoft\command processor" /v CompletionChar
/t REG_DWORD /d 0x9 /f
reg add "hklm\software\microsoft\command processor" /v PathCompletionChar
/t REG_DWORD /d 0x9 /f
Shifting From CLI to GUI and Back
If you want to open a My Computer GUI window from the command line, simply enter:
The focus of the window is set to the current folder. Similarly, if you find an executable in Explorer you want to run from a command prompt, just drag the icon to a console window. The command line populates with the full path to the executable. Just press Enter and you're off to the races.
A faster alternative to this
drag-and-drop trick is to install the CMDHere.inf utility from the Resource Kit. This places a CMD Prompt Here item in the property menu for a folder. To install the utility, simply right-click the icon and select Install from the flyout menu. You could also follow the instructions in Knowledge Base 320148, "Start a Command Prompt in a Folder in Windows 2000."
Send the output of a CLI utility to a file using the ">" operator to store it for future use. For example, the "netdiag /v" command outputs a lengthy and detailed report on the status of all network interfaces. Pipe the output to a file as follows:
netdiag > netdiag.txt
If you write technical documentation, it's often handy to shove the output of a CLI utility directly into the clipboard so you can paste the results directly into a word processor document. Windows 2003 has a utility called Clip that you can use in XP (but not Win2K) to capture screen information into the clipboard. The syntax is:
netdiag | clip
Managing User and Group Accounts
It pays to build a script to create new user accounts so you can easily populate the account attributes without typing a lengthy set of command-line arguments. To quickly create an account for testing, you can't beat the NET USER command. Here's the syntax:
net user testuser1 Pass%5Word /add /domain
The NET USER command has other command-line switches for adding a full name, home directory path and so on, but it unfortunately places the user account in the default User container. You probably want to create your accounts in a specific Organizational Unit (OU). For this you can use the DSADD command in Windows 2003. (If you manage a Win2K domain from an XP desktop, you can use DSADD to manage Active Directory accounts.)
Here's a DSADD command that creates an account for a user named Mickey Mouse in an OU named Phoenix in a domain called Company.com:
dsadd user "cn=Mickey Mouse,ou=Phoenix,dc=Company,dc=com"
-samid mmouse -disabled no -pwd *
This creates the account, enables it and prompts you to enter and confirm the user's password. The DSADD command is also useful for creating OUs, groups, contacts and other objects. You can change object settings with DSMOD, move the object to a new OU with DSMOVE and delete the object with DSRM.
Managing Local Services
To see the running processes on a local machine, don't open Task Manager. Use TASKLIST. (In Windows 2000, use TLIST). To include the process owner and CPU utilization in the listing, use TASKLIST /v. I also like TASKLIST /svc because it shows top-level executables and the services running under them. Figure 2 shows an example.
Figure 2. The Tasklist /svc command lists services running under
various processes. (Click image to view larger version.)
Once you find the name of a service using Tasklist, you can stop and start the service using the NET START and NET STOP commands. For example, to stop the Browser service, enter:
net stop browser
The SC utility has more features for controlling services. You can use SC to stop, start or change the status of a service. SC is a full replacement for the Services.msc console. For example, to stop then disable the Browser service, enter:
sc stop browser
sc config browser start= disabled
(In the second line, the space after the "start= " entry is deliberate. You'll get a syntax error if you don't have a space.)
A more powerful tool for managing services and just about anything else on a Windows server or desktop is the Windows Management Instrumentation Console (WMIC). Here's an example that uses WMIC to get a quick list of the running processes:
wmic process list brief
The first time you launch WMIC, it spends a while configuring itself. After that, it launches very quickly. You can use WMIC to get information from remote servers. For example, to get a process list from server named W2K3-S1, enter:
wmic /node:w2k3-s1 process list brief
To get a quick list of running services (in contrast to the processes that host them), enter:
wmic /node:w2k3-s1 service where state="running" list brief
To see if the W3SVC (World Wide Web service) is running on a Web server:
wmic /node:w2k3-s1 service where name="w3svc" list full
If the State entry for the W3SVC service indicates it has stopped, use WMIC to start the service using this syntax:
wmic /node:w2k3-s1 service where name="w3svc" call startservice
WMIC uses terms like "process" and "service" as aliases for WMI classes Win32_Process and Win32_Service. To see a list of available aliases, enter "wmic /?" and use the alias as a parameter for WMIC. For example, to see the status of the drives on a local machine, enter:
wmic diskdrive list full
One FOR Command for All
It's common to change settings on remote servers using the Computer Management console. The console packs a lot of functionality into a single MMC interface, but it takes a long time to load and needs several mouse clicks to get to the useful information. It's also difficult to get a complete, simple-to-use printout from the Computer Management console. You can get a full listing of all current system statistics printed in comma delimited format using the SYSTEMINFO command as follows:
systeminfo /fo csv > systeminfo.csv
The "/fo csv" switch tells Systeminfo to format the output in a single, comma-delimited line item. This may seem simplistic, but here's where your command-line knowledge pays off. The extended batch language in Windows has a command called FOR that lets you quickly create looped commands. For example, the following statement loops through each line in a text file called Serverlist.txt, runs Systeminfo to get the statistics for the designated server, and stores the result as individual lines in a comma-delimited file.
for /f %i in (c:\serverlist.txt) do
systeminfo /s %i /fo csv /nh >> systeminfo.csv
The "f" switch tells FOR to loop through the designated file and assign each line to a variable called "%i." (The letter choice is arbitrary.) The double angle brackets (>>) tell SYSTEMINFO to append each output line to the target file, rather than overwriting the file each time. The result is a spreadsheet that contains a comprehensive set of parameters for every server in the list. You can get a quick file of server names in your network by piping the result of the NET VIEW command to a file:
net view /domain:company > c:\serverlist.txt
Use a text editor to remove the extraneous entries from the file, then feed it to the FOR command. Unfortunately, NET VIEW simply queries the Browser database, which is not authoritative. If you want a truly comprehensive list of servers within a domain, turn to AD. Assuming you put your server objects in a separate OU, you can dump the contents of the OU to a comma-delimited file using the Csvde utility. Here's an example that dumps the Common Name (CN) of each object in an OU called Server:
csvde -d ou=servers,dc=company,dc=com -l cn -f serverlist.csv
The resulting spreadsheet has two columns, one with the full Distinguished Name (which you can delete) and one with the bare flat name of the servers, which you can then use as an input to the FOR command.
Managing Local Network Configuration
Windows has a phalanx of little CLI tools for listing various network configuration items, but the utility with the most comprehensive set of features is the Network Shell, or Netsh. I use this gem all the time. For example, consider what it takes to change the static IP of a server using GUI tools. It takes a grand total of eight mouse clicks just to get to the TCP/IP Properties window, then several more clicks and keystrokes to set the address and the gateway and still more clicks to save the changes. Here's the same operation done with a single command:
netsh interface ip set address local static 192.168.0.100
255.255.255.0 192.168.0.254 0
The sequence of numbers in the expression is "Address, Mask, Gateway and Interface Metric." The word "local" refers to the first word of the default network interface name, "Local Area Connection." If you have two or more network interfaces, you'll need to spell out the entire name. I recommend shortening the names to something like NET1, NET2 and so on. You can also use Netsh to change the DNS and WINS interface configuration. The following lines configure the default "Local Area Connection" interface with a primary and secondary DNS server and a primary and secondary WINS server:
netsh interface ip set dns local
netsh interface ip add dns local 192.168.0.2
netsh interface ip set wins local static 192.168.0.5
netsh interface ip add wins local 192.168.0.6
You can use Netsh to quickly and easily change the settings for Windows 2003 and XP network bridges, the Windows Firewall, Remote Access Services (RAS) and LAN routing. You can also dump the entire set of network settings for all interfaces to a flat file to import to another server or back to the same server after it has been rebuilt.
The Netsh utility exists on Win2K, but the Windows 2003 and XP versions have a nifty Diag option that lets you do quick-and-dirty troubleshooting, like pinging every server configured to be a DNS, WINS, Proxy or Gateway along with any server configured in Outlook Express as a mail and news server.
If you've spent most of your career using GUI tools, it takes a while to get accustomed to CLI utilities. Once you master them, though, you'll spend a lot less time doing grunt work. That will give you the free time you need to use your GUI tools for something valuable, like playing the latest version of Halo.