The Windows Server 2003 command prompt still leads to a number of misunderstandings. Many users—and administrators—do not really take it seriously because it reminds them a lot of DOS. However, this former “DOS box” is a fully developed 32-bit command-line interpreter (or shell) with the option of using several language elements.
Especially with terminal servers, the command prompt options offer powerful system access that can also be automated, including direct shell commands as well as different scripting concepts. Scripts allow access to files, directories, printers, user accounts, security settings, and the registry. For older applications in particular and for terminal server–specific modifications of the user environment at logon, scripts are an essential tool. For this reason, it will definitely be worth the effort in some environments if terminal server administrators take the time to learn about the relevant technical basics—even if it is their first contact with programming.
At first glance, it does not seem likely that Windows Server 2003 comes with an especially powerful command and scripting language. Basically, the direct command-line language is a leftover of the historic MS-DOS batch language scope that was used to create batch-processing programs. Command-line options were greatly expanded when the Windows Script Host and the .NET Frameworks were introduced, as will be described later in this chapter. However, learning to apply these new concepts requires a substantial amount of time. In the following section, we will take a look at the standard shell commands and language elements that are important for operating a terminal server and managing its users.
Scripts are an essential concept of operating a terminal server and its applications. The most important commands for administrators that are needed at the command prompt or in a script file are listed in this table. Some of these command options must be executed by a user with administrator permissions to work properly.
Command |
Description |
---|---|
At |
Controls the scheduling of commands and programs to run at a specified time and date. |
Attrib |
Displays or modifies file attributes. |
Cacls |
Displays or modifies file access control lists (ACLs). |
Call |
Calls a batch-processing program from another batch-processing program without stopping the parent batch-processing program. The Call command also accepts labels as targets for jumps within the batch- processing logic. |
Comp |
Compares the content of two files or sets of files byte by byte. |
Date |
The Date command without parameters displays the current date and prompts you to type a new date. Using the Enter key keeps the current date. The Date command supports the /T option that displays the current date without prompting for a new date. |
Fc |
Compares two files and displays the differences between the two. |
Find |
Searches for a string of text in one or more files. |
Findstr |
Searches for patterns of text strings in files. This command uses regular expressions and has several parameters that make it very powerful. |
Net |
Command group for displaying and configuring network functions. |
Set |
Displays, sets, or deletes environment variables for the current environment settings of the opened command interpreter. |
Sort |
Reads input, sorts data, and displays the result on the screen, saves it to a file, or writes it to another device. |
Start |
Creates a new command prompt window to execute a program or command. It is also used for determining and setting the process priority of any selected program. |
Systeminfo |
Displays detailed configuration information about a computer and the operating system. |
Time |
The Time command without parameters displays the current time and prompts you to type a new time. Using the Enter key keeps the current time. The Time command supports the /T option that displays the current time without prompting for a new time. |
Type |
Displays the content of a text file. |
Xcopy |
Copies files and directories including subdirectories. With specific parameters, the Xcopy command supports the administration of security setting. |
Windows Server 2003 extensions as related to Terminal Services do not apply only to graphical tools, but also to additional command-line tools. These tools are listed and described in the following table. More detailed information can be found in the Windows Server 2003 Help and Support Center’s command-line reference A-Z.
Command |
Description |
---|---|
Change logon |
Uses the following parameters to enable or disable client session logons and displays the current logon status. This utility is useful for system administration. The abbreviation for this command is Chlogon. |
Change port |
Changes the mapping logic for serial ports to be compatible with MS- DOS applications. The abbreviation for this command is Chgport. |
Change user |
Uses the following parameters to change the mapping of .ini files and the registry for the current user during application installation. The abbreviation for this command is Chguser. |
Flattemp |
Enables or disables a common (flat) temporary folder (temp mapping). |
Logoff |
Terminates a user session. |
Msg |
Sends a message to one or more users. |
Query process |
Displays information about the processes of all user sessions on a terminal server. This command includes parameters for further specification of the desired information, such as process ID, user name, session name, session ID, program, or server name. |
Query session |
Displays information about the sessions running on a terminal server. This command includes parameters for further specification of the desired information, such as user name, session name, session ID, program, or server name. |
Query termserver |
Lists all terminal servers running on the network. This command includes parameters for further specification of the desired information, such as server name or domain. |
Query user |
Displays information about the users logged on to a terminal server. This command includes parameters for further specification of the desired information, such as user name, session name, session ID, program, or server name. |
Query winsta |
Same as the Query session command. |
Reset session |
Resets a user session to initial values. This command includes parameters for further specification of the desired information, such as session name, session ID, or server name. |
Rwinsta |
Same as the Reset session command. |
Shadow |
Allows the monitoring of the terminal server session of another user. This command includes parameters for further specification of the desired information, such as session name, session ID, or server name. All information displayed on the shadowed computer session is also displayed on the target computer. |
Tscon |
Attaches the client or user to an existing terminal server session. |
Tsdiscon |
Disconnects the client or user session from the terminal server. |
Tskill |
Terminates a selected process using its process ID or its name in combination with the server name and the session ID. Administrators can use this command for all processes; users can use it only for their own processes. |
Tsprof |
Copies the configuration information of a Terminal Services user to the configuration data of another user. You can also use the Tsprof command to update a user’s profile path. |
Tsshutdn |
Allows an administrator to shut down the terminal server in a controlled manner. After starting Tsshutdn, no programs can be executed anymore. The session of the user who started Tsshutdn is still active, but all session information will have read-only permissions. |
In particular, commands starting with Query are able to transfer many functions of the Terminal Services Administration graphical tool to the command line. (See Chapter 4.)
Regrettably, the command-line language at the Windows Server 2003 command prompt provides only a few options for dynamic responses and structured programming. The basic elements a script developer might use within a simple language syntax are as follows:
The For command The For command executes a command for each file that is part of a set of files.
The Goto command In a batch-processing program, the Goto command invokes a jump to a tagged line. The tag is identified by a colon (:). When the script finds the tag, it processes the commands following in the subsequent line.
The If command The If command processes expressions with conditions in a batch-processing program.
The language syntax also includes command symbols and filter commands. Redirection symbols (for instance, >, <, or >>) determine where the command obtains its information and where the information will be sent. By default, Windows Server 2003 receives input from the keyboard and sends output to the monitor. However, sometimes it can be advantageous to redirect input or output to a file or a printer. For instance, a directory list can be redirected from the monitor to a file.
Filter commands help with sorting, viewing, and selecting individual parts of the command. Information generated through a filter command is divided, extracted, or resorted. Windows Server 2003 contains three filter commands: More, Find, and Sort.
Note? |
Please see the Windows Server 2003 Help and Support Center command-line reference for detailed information on command-line or batch-processing programs. |
The following examples take the command prompt’s language syntax to solve seemingly simple tasks. These are usually related to the runtime environment of terminal servers.
In this example, a file is created with a dynamic name that relates to date and time. This type of file is often used for saving log data.
@echo off for /f "tokens=1,2, delims= " %%i in (‘date /t’) do (set day=%%i) & (set date=%%j) for /f "tokens=1 delims= " %%k in (‘time /t’) do set time=%%k for /f "tokens=1,2,3 delims=/" %%l in (‘@echo %date%’) do set file1=%%l_%%m_%%n for /f "tokens=1,2 delims=:" %%p in (‘@echo %time%’) do set file2=%%p_%%q set filename=%day%-%file1%-%file2%.log @echo Command1 > %filename% @echo Command2 >> %filename%
Lines 2 and 3 create the day, date, and time variables from the current date and time. Lines 4 and 5 use the result to create the file1 and file2 variables that replace the special characters / and : with _ to improve legibility. Line 6 creates the final file name: Filename.log, representing a summary of day, file1, and file2. The last two lines are examples for redirecting commands to the target file.
With this script, the weakness inherent to the language syntax of command-line scripts is obvious: the solution to a relatively simple problem is very complicated. Language elements are evidently not suitable for easy processing of dynamic information.
One of the most frequent terminal server requirements is creating logon scripts, often used for linking network shares or printers to a user session. It might also be necessary to write user-specific values to the registry database. Unfortunately, the options for these tasks are not very comprehensive in batch-processing scripts. Usually, the logon logic is set up around the Net command. Additional functions can be implemented only through additional command-line tools (for example, from the Windows Server 2003 Resource Kit).
Listing 7-2 shows a simple logon script.
if not exist u:\. net use u: \\fileserver\%username% /user:%username% cscript login.vbs
So how is the logon script linked to the user account? The Active Directory Users and Computers tool handles the domain user, and the local user account is handled by Computer Management. On the Profile tab of the selected user account, a relative path (for example, employee\sales.cmd) is entered as the logon script.
The final question now is where to save the logon script physically on the file system. For domain users, the starting point for the relative logon path is located under %Systemroot%\SYSVOL\sysvol\<Domainname>\scripts on the server that handles authentication. For local users, the %Systemroot%\System32\Repl\Imports\scripts folder handles this task. It should be shared under the name of netlogon for all users. If the local folder does not exist yet, it is recommended that you create it exactly under the path described earlier.
Note? |
Users and server operators should have permissions only to read and execute in folders with logon scripts. Full access is recommended for administrators only. |
The last example is an analysis script that can be executed on a terminal server after an installation. The script archives many settings that are saved in text files. The analysis script can be executed again at a later time. The corresponding script results allow easy comparisons between installation statuses.
The analysis script performs the following tasks:
Creating a log file called Inspect.log
Writing date and time in Inspect.log
Logging the system information with the Systeminfo command
Logging the network configuration with the Ipconfig command
Logging the IP network statistics with the Netstat command
Logging the NetBIOS over TCP/IP statistics using different options of the Nbtstat command
Logging the routing table with the Netstat command
Logging the ARP cache for name resolution using the Arp command
Logging the network environment using different options of the Net command
Logging Terminal Services using different options of the Query command
The script can be supplemented by analyses relating to the registry (Regedit /e), the file structure of selected directories (Dir /s /o:n), or the security of directory trees (Cacls).
Note? |
The display of a text message in the command prompt can be suppressed by adding >NUL: 2>&1 to a command. >NUL: represents the redirection of the default output to the null device, that is, into nothing. 2>&1 directs all error output to the default output that points to the null device. As a result, neither default output nor error messages of the corresponding command are displayed. |
@echo off echo Processing system inspection... echo System Inspection > %temp%\inspect.log date /t >> %temp%\inspect.log time /t >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ Systeminfo ] --- >> %temp%\inspect.log systeminfo >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ IP Configuration ] --- >> %temp%\inspect.log ipconfig /all >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ Netstat ] --- >> %temp%\inspect.log echo [ netstat -e -s ] >> %temp%\inspect.log netstat -e -s >> %temp%\inspect.log echo [ netstat -a ] >> %temp%\inspect.log netstat -a >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ Nbtstat ] --- >> %temp%\inspect.log echo [ nbtstat -a %computername% ] >> %temp%\inspect.log nbtstat -a %computername% >> %temp%\inspect.log echo [ nbtstat -c ] >> %temp%\inspect.log nbtstat -c >> %temp%\inspect.log echo [ nbtstat -n ] >> %temp%\inspect.log nbtstat -n >> %temp%\inspect.log echo [ nbtstat -r ] >> %temp%\inspect.log nbtstat -r >> %temp%\inspect.log echo [ nbtstat -S ] >> %temp%\inspect.log nbtstat -S >> %temp%\inspect.log echo [ nbtstat -s ] >> %temp%\inspect.log nbtstat -s >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ Routing ] --- >> %temp%\inspect.log netstat -r >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ ARP Cache ] --- >> %temp%\inspect.log arp -a >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ Net Command ] --- >> %temp%\inspect.log echo [ net accounts ] >> %temp%\inspect.log net accounts >> %temp%\inspect.log echo [ net config server ] >> %temp%\inspect.log net config server >> %temp%\inspect.log echo [ net use ] >> %temp%\inspect.log net use >> %temp%\inspect.log echo [ net session ] >> %temp%\inspect.log net session >> %temp%\inspect.log echo [ net view ] >> %temp%\inspect.log net view >> %temp%\inspect.log echo. >> %temp%\inspect.log echo --- [ Terminal Services ] --- >> %temp%\inspect.log echo [ query termserver ] >> %temp%\inspect.log query termserver >> %temp%\inspect.log echo [ query session ] >> %temp%\inspect.log query session >> %temp%\inspect.log echo [ query user ] >> %temp%\inspect.log query user >> %temp%\inspect.log echo [ query process ] >> %temp%\inspect.log query process * >> %temp%\inspect.log echo. >> %temp%\inspect.log echo System inspection finished >> %temp%\inspect.log echo. echo System inspection finished
Note? |
You probably wonder why you should bother with these quite obsolete batch script concepts at all. The answer lies with the compatibility scripts that are described in the following section. It is hard to believe, but despite the availability of much more advanced scripting technologies, those scripts are still based on the batch-processing mechanisms described in this section, even on Windows Server 2003. |