Windows Server 2003 boasts more than 60 new command-line tools, which should satisfy the demands of all the administrators?including ourselves?who've been screaming for better command-line support for years. Why the emphasis on command-line administration of an operating system named "Windows?" Command-line tools are easier to use remotely through low-bandwidth, low-overhead interfaces such as Telnet. Command-line tools are also the enabling tools behind automated administration because the tools can be used in batch files to automate repetitive tasks. Most of the new command-line tools even provide a special /S parameter, which forces the tool to run against a remote server. That's a huge benefit for centralized administration.
One exciting new tool is the WMI command line. WMI is based on the Common Information Model (CIM) and defines a hierarchical namespace for managing Windows-based systems. You can use WMI to do everything from querying free drive space to restarting the computer. WMI even includes extensions into Active Directory, making it a complete management solution. Unfortunately, until now, WMI was accessible only to developers working in a language such as Visual Basic or VBScript; the command-line tool makes WMI accessible to all administrators. The tool also provides aliases to the WMI namespace, which enables mere mortals to keep track of the exceedingly complex WMI classes and attributes. That said, WMI is still not a tool for the faint of heart, although it provides exceptionally flexible access for administrators who want to write scripts to help manage their environments.
The command-line tool Wmic can run in interactive mode. Simply type Wmic from a command-line prompt to start the tool. You can also run the tool in noninteractive mode by supplying command-line parameters that tell it what you want it to do. Enter Wmic /? to see the usual command-line help menu.
TipThe command-line tool isn't installed by default; the first time you run it, Windows Server 2003 installs it for you. If you plan to use the tool on your servers, take the time to execute it at least once to get it properly installed. |
Figure 13.2 shows an example of Wmic output. The input command was Wmic Sysdriver, which asks the tool to query information about all system drivers and their statuses (started or not). The alias Sysdriver maps to the Win32_SysDriver portion of the WMI namespace. This is a WMI query; other Wmic commands enable you to change the state of the system, such as setting a driver to disabled or stopping it.
With such power, you might be wondering how secure WMI is. WMI includes limited security capabilities, essentially giving all members of the local Administrators group full control over WMI and all other users read-only permissions on their local computers. Domain administrators are usually members of the local Administrators group, allowing them to remotely manage WMI on any computer in the domain. You can change permissions only by adding users to the Administrators group or by authorizing them in WMI itself, a fairly complicated process. For more information on WMI security, consult Windows Server 2003's Help and Support Center.
CautionWMI exists not only on Windows Server 2003, but also on Windows 2000, Windows NT, and Windows 9x systems. Windows 9x systems grant full control over WMI to all local users, although you can set permissions for remote WMI usage. Also note that WMI checks security only when you initially connect to it; if you change permissions while a user is still connected, your changes do not take effect until the user disconnects. Also, WMI security is service-wide, affecting all WMI access, not just access through Wmic. |
Ready for a rundown of Windows Server 2003's new tools? Table 13.1 lists them in alphabetical order.
Name |
Description |
---|---|
Adprep |
Prepares Windows 2000 domains and forests for an upgrade to Windows Server 2003 by extending the Active Directory scheme to include new classes and attributes. |
Bootcfg |
Enables you to modify the Boot.ini file. |
Choice |
Enables your batch files to display a menu of choices and to control the batch files' operation based on the choice selected. Choice enables you to create multipurpose batch files without hard coding difficult-to-remember command-line parameters. |
Clip |
Redirects command-line output to the Windows clipboard, enabling you to paste the output into other applications, such as Notepad. |
Defrag |
Provides complete control over Windows's built-in disk defragmentation tool. |
Diskpart |
Manages disks, partitions, and volumes. Especially useful for creating batch files that configure new computers to meet corporate standards. |
Dsadd |
Adds computers, contacts, groups, OUs, or users to a directory, such as Active Directory. |
Dsget |
The companion to Dsadd, this tool displays attributes of directory objects. |
Dsmod |
Modifies existing directory objects in a directory such as Active Directory. |
Dsmove |
Moves directory objects to a new location, provided the move can be accomplished by contacting a single domain controller. Also renames objects without moving them. |
Dsrm |
Removes objects from a directory. |
Eventcreate |
Creates custom events in one of Windows's various event logs. Useful for logging events from within a batch file to track success or failure. |
Eventquery |
Lists events from a particular event log. |
Freedisk |
Enables you to create batch files that check for free disk space before performing an operation. |
Fsutil |
Manages reparse points, sparse files, volume mounting, and volume extensions. |
Getmac |
Retrieves the MAC addresses of network adapters. |
Gpresult |
Displays the resultant set of policies (RSoP) for a user or computer that is applying group policy objects. |
Inuse |
Replaces locked operating system files. |
Iisback |
Creates and manages backup copies of the IIS metabase and schema. Fantastic for quickly backup up the metabase of remote IIS computers to a centralized backup repository. |
Iiscnfg |
Imports and exports portions of the IIS metabase. This is a great tool for consistently configuring IIS machines: Back up portions of the metabase from a master machine, and import them to the others. |
Iisftp |
Manages FTP sites on IIS servers. |
Iisftpdr |
Manages virtual directories under IIS FTP sites. |
Iisvdir |
Manages virtual directories under IIS Web sites. |
Iisweb |
Manages Web sites on IIS servers. |
Logman |
Manages and schedules performance counter and event trace log collections on remote servers. |
Nlb |
Manages network load balancing (NLB). Also, Nlbmgr provides similar control for entire NLB clusters. |
Openfiles |
Displays and disconnects open files. |
Pagefileconfig |
Configures the system paging file. |
Perfmon |
Opens System Monitor configured with the settings from a Windows NT 4.0 Performance Monitor settings file. |
Prncnfg |
Configures printers. |
Prndrvr |
Manages the printer drivers installed on a server. |
Prnjobs |
Manages the jobs associated with a printer. |
Prnmngr |
Manages printer connections. |
Prnport |
Manages TCP/IP printer ports. |
Prnqctl |
Prints test pages, pauses and resumes printers, and clears printer queues. |
Relog |
Extracts performance counters from performance counter logs into various text formats or into SQL Server databases. |
Rss |
Enables Remote Storage. |
Sc |
Manages service information and tests and debugs service software. |
Schtasks |
Command-line interface to the Task Scheduler. Replaces the At command, which is also included in Windows Server 2003. |
Setx |
Sets local or remote environment variables. |
Shutdown |
Shuts down the local or a remote computer. This utility was always a Resource Kit favorite and is now in the base operating system. |
Systeminfo |
Displays basic system information. |
Takeown |
Takes ownership of files. |
Taskkill |
Replaces the Resource Kit Kill and Pkill utilities, which end a running process. |
Tasklist |
Replaces the Plist and Tlist Resource Kit utilities, which list running processes. |
Typeperf |
Writes performance data to the command-line window in a text format. Incredibly useful from within the SAC because SAC doesn't support graphical applications such as System Monitor. |
Waitfor |
Synchronizes batch files running on multiple computers. |
Whoamii |
Lists the current domain name, computer name, username, group names, logon ID, and privileges. |
WMIC |
WMI command-line interface, which we've discussed in the previous section. |
For more information on managing IIS, see Chapter 7, "Internet Information Services," p. 101.
For more information on NLB, see "Network Load Balancing," p. 207.
For more information on printing enhancements, see "File Sharing," p. 135.
Keep in mind that most of these tools support the new /S switch, which enables you to run the tool against a remote Windows Server 2003 computer. Simply add /S computername to the command line. Some additional command-line tools, such as Forfiles, have specific uses within batch files; check out Windows Server 2003's Help and Support Center for a complete list of available command-line tools.