Windows Server Cookbook | O'Reilly Media

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Windows Server operating system (OS) has come a long way in the past ten years. In the early days of Windows NT, system crashes were common annoyances that administrators had to learn to deal with. There were few tools to manage the OS, and the ones that were available, which mainly consisted of the graphical variety, were limited in functionality and didn't scale well. Also at that time, Microsoft was not yet serious about providing intuitive scripting interfaces, which would enable administrators to automate repetitive tasks. The result was that administrators were forced to do a lot with a little.

The tides changed dramatically with the release of Windows 2000, which turned out to be much more scalable and manageable. Microsoft began to improve in the management areas it had previously lacked by adding more tools and introducing several new scripting interfaces that were robust and easy to use.

But in many ways, Windows 2000 felt like a first version release of a major piece of software, which it was. Windows 2000 did a lot of things right, but there were still major gaps in terms of manageability. Windows Server 2003, Microsoft's latest server OS, is a much more mature platform. It isn't as big of an upgrade as Windows NT to Windows 2000, but Microsoft smoothed out a lot of the rough edges that were present in Windows 2000.

So what are we left with? If I had to sum it up into a single sentence: Windows Server 2003, and Windows 2000 to a lesser degree, is a sophisticated OS that has been built from the ground up to be both scalable and manageable, and supports all of the major information technology services you need to run a business or organization. The result is that administrators now have to do a lot with a lot.

You can't get all of this capability wrapped up into a single OS without some trade-offs. To be able to take full advantage of Windows 2000 Server or Windows Server 2003, you have to know lots of gory technical details. You have to know how to navigate through the hundreds of dialogs and menus. You have to know which command-line utilities are available to accomplish various specific tasks, where to find them, and which options you should use for each utility. You have to know what scripting interfaces are available to automate tasks so you can keep your support costs low. We take it for granted, but that is a lot for any one person to know. I've been doing Windows system administration for eight years and I still have a difficult time recalling the correct tool or command or scripting interface for certain tasks.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

If you are familiar with the O'Reilly Cookbook format that you can find in other popular books such as Active Directory Cookbook, Perl Cookbook, or DNS and BIND Cookbook, then the layout of this book will not be new to you. It is composed of 17 chapters, each containing 10-30 recipes that describe how to perform a particular task. Most recipes contain four sections: Problem, Solution, Discussion, and See Also. The Problem section briefly describes the task the recipe addresses and when you might need to use it. The Solution section contains step-by-step instructions on how to accomplish the task. Depending on the task, there could be up to three different sets of solutions covered. The Discussion section goes into detail about the solution(s). The See Also section contains references to additional sources of information that can be useful if you still need more information after reading the discussion. The See Also section may reference other recipes, Microsoft Knowledge Base (MS KB) (http://support.microsoft.com/) articles, or documentation from the Microsoft Developers Network (MSDN) (http://msdn.microsoft.com).

People like to work in different ways. Some prefer graphical interfaces (GUIs) while others like to work from the command-line interface (CLI). And experienced system administrators like to automate tasks using scripts. Since people prefer different methods, and no one method is necessarily better than another, I decided to write solutions to recipes using one of each. That means instead of a single solution per recipe, I include up to three solutions using GUI, CLI, and scripting examples. That said, some recipes cannot be accomplished with one of the three methods or it may be very difficult to do with a particular method. In that case, I cover only the applicable methods.

In the GUI and CLI solutions, I use standard tools that are readily accessible. There are other freeware, shareware, or commercial tools that I could have used that would have made some of the tasks easier to accomplish, but I wanted to make this book as useful as possible without requiring you to hunt down the tools or purchase an expensive software package.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

For the GUI and CLI solutions to mean much to you, you need access to the tools that are used in the examples. For this reason, in the majority of cases and unless otherwise noted, I used only tools that are part of the default operating system or available in the Resource Kit or Support Tools. There are two exceptions to this rule that I'll explain shortly.

The Resource Kits for Windows 2000 Server and Windows Server 2003 are invaluable sources of information, and provide numerous tools that aid administrators in their daily tasks. More information on the Resource Kits can be found at the following web site: http://www.microsoft.com/windows/reskits/. Some tools are freely available online, but others must be purchased as part of a Resource Kit. The Windows 2000 Support Tools, which are called the Windows Support Tools in Windows Server 2003, contain many "must have" tools for people that work with Windows Server. The installation MSI for the Windows Support Tools can be found on a Windows 2000 Server or Windows Server 2003 CD in the \support\tools directory.

Even though many of the same tools are available in both the Windows 2000 Support Tools and Windows Server 2003 Support Tools, several have been enhanced in the latter version including LDP, Dsacl, and LDIFDE.

The biggest source of tools that I use that don't come from Microsoft can be found on the Sysinternals web site: http://www.sysinternals.com/. Mark Russinovich and Bryce Cogswell have developed a suite of extremely useful tools that every Windows Server system administrator should be familiar with. These tools are free and they often come with complete source code for the tool.

Another good source of tools, especially for Active Directory, is Joe Richards' Joeware site: http://www.joeware.net/. Joe wrote many of his tools, some in executable form and others in Perl, to help in daily system administration tasks, so they are all very practical and useful. And like Sysinternals, most are free.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

A best practice for managing Windows Server systems is to create separate administrator accounts with elevated privileges, instead of letting administrators use the same user account with which they access network resources. This is beneficial because an administrator who wants to use elevated privileges must explicitly log on with his admin account instead of having the rights all the time, which could lead to accidental changes. Assuming you employ this method, you have to provide alternate credentials when using tools to administer systems unless you log on (locally or with Terminal Services) to the target machine with the admin credentials.

There are several ways to specify alternate credentials when running tools. Many GUI and CLI tools have an option to specify a user and password for authentication. If the tool you want to use does not have that option, you can use the runas.exe command instead. The following command runs the enumprop.exe command under the credentials of the administrator account in the rallencorp.com domain:

> runas /user:administrator@rallencorp.com /netonly "enumprop LDAP://dc1/
dc=rallencorp,dc=com"

Sometimes it is convenient to create a MMC console that runs under administrator privileges. In this case, simply use mmc.exe as the command to run from runas:

> runas /user:administrator@rallencorp.com /netonly "mmc.exe"

This will create an empty MMC console from which you can add consoles for any snap-in that has been installed on the local computer. This is beneficial because all of the consoles that you add will be run under that administrative account. If you don't want to type that command over and over, simply create a shortcut on your desktop and put the command as the target path. By doing this, you eliminate one of the common complaints about using alternate credentials; that is, it makes the job more tedious.

The /netonly option is necessary if the user you are authenticating with does not have local logon rights on the computer from which you are running the command, or if you want to authenticate with an account from a nontrusted domain.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Much has been said over the years about how unfriendly Windows Server is to experienced system administrators who want to automate tasks with scripts. I'm pleased to say that Microsoft has made some great strides in this area over the past three or four years so that now there are very few tasks that you cannot automate with a script.

Microsoft has developed three primary scripting interfaces over the years: WSH, WMI, and ADSI. Note that I said that these are interfaces, not languages. In generic terms, a scripting interface is just a framework for how a script calls functions or methods to perform tasks. WSH is the scripting engine that acts as the interpreter for the scripting languages that are native to Windows (i.e., VBScript and Jscript). It has an interface for doing basic scripting such as printing out to a console or displaying a dialog box, processing command-line arguments, and other basic system administration tasks such as reading and writing files and manipulating the Registry. WMI is the high-octane system management interface. With it you can query and often configure many of the components within Windows. WMI is to computers what ADSI is to Active Directory. ADSI is the primary scripting interface for querying and manipulating objects in Active Directory. You can also use it to manage local users and groups on a computer as well as the IIS Metabase.

For a more thorough introduction to each of these interfaces, check out Appendix A, Appendix B, and Appendix C.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

With the VBScript solutions, my intention is to provide the answer in as few lines of code as is reasonable. Since this book is not a pure programming book, I did not want to overshadow the graphical and command-line solutions by providing pages of code or detailed explanations on how to use WSH, WMI, or ADSI. If you are looking for such material, I recommend my book Active Directory Cookbook (O'Reilly) or Windows 2000 Scripting Guide by Microsoft Corporation (MSPress). The code in this book is meant to show you the basics for how a task can be automated and let you run with it. Most examples will take only minor tweaking to make them do something useful in your environment.

To make the code as simple as possible, I had to remove error checking and other features that are standard scripting best practices. Next, I'll describe how to incorporate these things into your own scripts so that you can quickly turn any code in this book into a robust script with all the trimmings.

Just as you might need to run the graphical and command-line tools with alternate credentials, you may also need to run your scripts and programs with alternate credentials. One way is to use the runas utility when you invoke a script from the command line. Another option is to use the Scheduled Tasks service to run the script under credentials you specify when creating the scheduled task. And yet another option is to hardcode the credentials in the script. Obviously this is not very appealing in many scenarios because you do not want the username and password contained in the script to be easily viewable by others. Nevertheless, at times it is a necessary evil, especially when working against multiple servers, and I'll describe how it can be done with WMI, ADSI, and ADO.

WMI

Here is example WMI code that prints the list of disk drives on a system:

strComputer = "."  ' localhost
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set objDisks = objWMI.InstancesOf("Win32_LogicalDisk")
for each objDisk in objDisks
    Wscript.Echo "DeviceID: " &  objDisk.DeviceID       
    Wscript.Echo "FileSystem: " &  objDisk.FileSystem   
    Wscript.Echo "FreeSpace: " & objDisk.FreeSpace      
    Wscript.Echo "Size: " & objDisk.Size        
    WScript.Echo ""
next

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

While it is my hope that this book provides you with enough information to perform the majority of Windows system administration tasks you are likely to do, it is not realistic to think every possible task can be covered. In fact, there are easily another five or six chapters I could have included in this book, but due to space and time considerations it was not possible for this edition. There is a wealth of additional resources and information you can find on the Internet or in a bookstore. In this section I cover some of the ones I use most frequently.

Windows Server 2003 comes with a new feature called the Help and Support Center, which is available directly off the Start menu. It is a great resource of information and it serves as the central location to obtain help information about the operating system, applications, and installed utilities.

If you have any questions about the complete syntax or usage of a command-line tool used in the book, you should first look at the help information available with the tool. The vast majority of CLI tools provide syntax information by simply passing /? as a parameter. For example:

> netsh /?

The Microsoft Help and Support web site is a great source of information and is home to the Microsoft Knowledge Base (MS KB) articles. Throughout the book I include references to pertinent MS KB articles where you can find more information on a topic. You can find the complete text for a KB article by searching on the KB number at the following web site: http://support.microsoft.com/default.aspx. You can also append the KB article number to the end of this URL to go directly to the article: http://support.microsoft.com/?kbid=.

MSDN contains a ton of information on Windows Server and programmatic interfaces such as WMI. Throughout the book, I'll sometimes reference MSDN pages in recipes where applicable. Unfortunately, there is no easy way to reference the exact page I'm referring to unless I provided the URL or navigation to the page, which would more than likely change by the time the book was printed. Instead, I provide the title of the page, which you can search for via the following site:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

There are many useful customizations you can make after installing the operating system. Some of the configuration options I cover in this chapter include setting the time and date, joining a server to a domain, configuring page files, and configuring startup and failure options. I then cover some settings that disable annoying Windows features. These aren't terribly important from a performance point of view, but are down-right necessary to reduce your frustration level when dealing with a server. Good examples of this include disabling the Manage/Configure Your Server Wizard and the Windows Server 2003 Shutdown Tracker.

Commands to help configure Windows Server are not in short supply. In Table 2-1, I list all the command-line utilities I use in this chapter along with where each can be found.

Table 2-1: Command-line tools used in this chapter
Tool	Windows Server 2003	Windows 2000 Server	Recipes
`bootcfg`	`%SystemRoot%\system32`	N/A	2.14
`compname`	`http://www.willowhayes.co.uk/`

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

There are many useful customizations you can make after installing the operating system. Some of the configuration options I cover in this chapter include setting the time and date, joining a server to a domain, configuring page files, and configuring startup and failure options. I then cover some settings that disable annoying Windows features. These aren't terribly important from a performance point of view, but are down-right necessary to reduce your frustration level when dealing with a server. Good examples of this include disabling the Manage/Configure Your Server Wizard and the Windows Server 2003 Shutdown Tracker.

Commands to help configure Windows Server are not in short supply. In Table 2-1, I list all the command-line utilities I use in this chapter along with where each can be found.

Table 2-1: Command-line tools used in this chapter
Tool	Windows Server 2003	Windows 2000 Server	Recipes
`bootcfg`	`%SystemRoot%\system32`	N/A	2.14
`compname`	`http://www.willowhayes.co.uk/`

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to activate o r view the activation status of a Windows Server 2003 system. Microsoft requires that you activate Windows Server 2003 within 30 days of installation to validate you have a legal copy of the software.

Using a graphical user interface

From the Start menu, select All Programs → Activate Windows.
Select whether you want to activate by phone or over the Internet.

Using a command-line interface

The following command opens the Activation wizard described in the previous section:

> %systemroot%\system32\oobe\msoobe /a

There are no options that can activate the computer silently from the command line.

Using VBScript

' This code activates a Windows Server 2003 system.
' ------ SCRIPT CONFIGURATION ------
strComputer = "."
   
boolActivateOnline = True  ' If this is true, boolActivateOffline should
                           ' be false
   
boolActivateOffline = False ' If this is true, boolActivateOnline should
                            ' be false
strOfflineConfirmationCode = "1234-5678" ' if Activating offline, you need
                                         ' specify a confirmation code
' ------ END CONFIGURATION ---------
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set colWPA = objWMI.InstancesOf("Win32_WindowsProductActivation")
for each objWPA in colWPA
   WScript.Echo "Activation Settings:"
   Wscript.Echo "  Activation Required: " & objWPA.ActivationRequired
   Wscript.Echo "  Caption: " & objWPA.Caption
   Wscript.Echo "  Description: " & objWPA.Description
   Wscript.Echo "  Notification On: " & objWPA.IsNotificationOn
   Wscript.Echo "  Product ID: " & objWPA.ProductID
   Wscript.Echo "  Remaining Eval Period: " & objWPA.RemainingEvaluationPeriod
   Wscript.Echo "  Remaining Grace Period: " & objWPA.RemainingGracePeriod
   Wscript.Echo "  Server Name: " & objWPA.ServerName
   Wscript.Echo "  Setting ID: " & objWPA.SettingID
   WScript.Echo
   
   if objWPA.ActivationRequired = True then
      if boolActivateOnline = True then
         intRC = objWPA.ActivateOnline
         if intRC <> 0 then
            WScript.Echo "Error activating online: " & intRC
         else
            WScript.Echo "Successfully activated online"
         end if
      end if
   
      if boolActivateOffline = True then
         intRC = objWPA.ActivateOffline(strOfflineConfirmationCode)
         if intRC <> 0 then
            WScript.Echo "Error activating offline: " & intRC
         else
            WScript.Echo "Successfully activated offline"
         end if
      end if
   end if
next

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to configure how updates are applied using the Automatic Updates feature.

Using a graphical user interface

To configure Automatic Updates locally on a system, do the following:

Open the System applet in the Control Panel.
Select the Automatic Updates tab.
Check the box beside Keep my computer up to date to enable Automatic Updates.
Once you have done that, the radio buttons under Settings will become active. Select how you want to be notified about new updates and whether you want to automatically install them.
Click OK when you are done.

To configure Automatic Updates using Group Policy, do the following:

Open the Group Policy Management Console.
In the left pane, navigate to the group policy object (GPO) you want to modify.
Right-click the target GPO and select Edit.
In the left pane of the Group Policy Object Editor, expand Computer Configuration → Administrative Templates → Windows Update.
In the right pane, double-click the setting you want to configure.

Using a command-line interface

The following commands enable Automatic Updates to automatically download new updates and notify when installation is ready to proceed:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to prevent a user from running Windows Update or Automatic Updates.

Using a graphical user interface

Open the Group Policy Management Console.
In the left pane, navigate to the GPO you want to modify.
Right-click the target GPO and select Edit.
In the left pane of the Group Policy Object Editor, expand User Configuration → Administrative Templates → Start menu and Taskbar.
In the right pane, double-click Remove links and access to Windows Update (for Windows Server 2003) or Disable and Remove Links to Windows Update (for Windows 2000).
Select Enable and click OK.

Using a command-line interface

To disable Windows Update for all users who haven't logged in previously, run the following command:

> reg add HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /t
REG_DWORD /v NoWindowsUpdate /d 1

To disable Windows Update for the user who is currently logged on, run the following command:

> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /t REG_
DWORD /v NoWindowsUpdate /d 1

Using VBScript

' This code disables Windows Update in the .Default profile.
' ------ SCRIPT CONFIGURATION ------
strComputer = "."
' ------ END CONFIGURATION ---------
const HKEY_USERS = &H80000003
strKey = ".DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
objReg.SetDwordValue HKEY_USERS, strKey, "NoWindowsUpdate", 1
WScript.Echo "Windows Update disabled in .Default profile"

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to install or uninstall a Windows Component.

Using a graphical user interface

From the Control Panel , open the Add or Remove Programs applet.
Click on Add/Remove Windows Components.
Click on the component you are interested in.
If there are subcomponents, the Details button will become active. Click on it. Check the box beside the components you want to install. When you are done, click OK.
Click Next. At this point the component(s) will be installed.
Click Finish to close the screen.

Using a command-line interface

Create an answer file using a text editor, such as notepad.exe. Here is an example answer file that would install the DNS Server service:

[netoptionalcomponents]
dns=1

See the Discussion section for more on answer files.

Next, run the sysocmgr utility with following parameters (assuming you named the answer file c:\comp_install.txt):

> sysocmgr /i:%windir%\inf\sysoc.inf /u:c:\comp_install.txt

The sysocmgr utility has additional options for suppressing dialog boxes (/x and /q). For the complete list of sysocmgr options, run

sysocmgr
/?

from a command line.

Using VBScript

Unfortunately, there are no scripting interfaces for installing Windows Components. However, you can run the sysocmgr command from the previous section directly within a batch script (

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to push an application or service pack to a group of users or computers using group policy.

Using a graphical user interface

Open the Group Policy Management snap-in.
In the left pane, navigate to the GPO you want to modify. Left-click on it and select Edit.
If you want to publish an application to computers the GPO applies to, expand Software Settings under Computer Configuration. If you want it to apply to users, expand Software Settings under User Configuration.
Right-click Software installation and select New → Package.
Enter the UNC path of the location of the MSI installation file (even if it resides on a local drive on the domain controller.
Select the MSI file and click Open.
Select Assigned if you want this application to be installed automatically on each client the GPO applies to. Select Published if you want this application to be downloaded and made available to be installed via an Add/Remove Programs applet if the client chooses to install it (this option is only available for the User Configuration section of a GPO).
Click OK.

You can use group policy to install applications, hotfixes, and service packs on servers. The preferred method for installation is to use Microsoft Installer files, but you can also use something called a ZAW down-level application package (ZAP) file to do non-MSI-based installations (for example, using

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to view the system properties of a server. These properties include operating system version, system manufacturer and model, processors, memory, and logon domain to name a few.

Using a graphical user interface

From the Start menu, select All Programs (or Programs on Windows 2000) → Accessories → System Tools → System Information.

You can also get some system information by going to Start → Run. Type WinVer and click OK.

If you want to view the installed hardware on a machine, go to Start → Run. Type devmgmt.msc and click OK.

Using a command-line interface

There are numerous ways to get system information from the command line. You can run the new Windows Server 2003 utility, systeminfo.exe against Windows 2000, Windows XP, or other Windows Server 2003 systems. Use the /s option to run the command against a remote server as in this example:

> systeminfo /s <ServerName>

The srvinfo.exe utility, which is available in the Windows Server 2003 and Windows 2000 Resource Kits, can also retrieve system information remotely. It displays a list of installed services, service packs, and hotfixes.

> srvinfo \\<ServerName>

Lastly, the Sysinternals psinfo.exe tool retrieves similar information for a local or remote system. The tool has options for viewing hotfixes (-h option), software (-s option), and disk volume (-d option) information.

> psinfo -h -s -d \\<ServerName>

Using VBScript

' This code prints system information similar to the systeminfo command.
' ------ SCRIPT CONFIGURATION ------
strComputer = "."   ' e.g. rallen-srv01
' ------ END CONFIGURATION ---------
   
set dicProductType = CreateObject("Scripting.Dictionary")
dicProductType.Add 1, "Workstation"
dicProductType.Add 2, "Domain Controller"
dicProductType.Add 3, "Standalone Server"
  
set objWMIDateTime = CreateObject("WbemScripting.SWbemDateTime")
  
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
for each objOS in colOS
   Wscript.Echo "Host Name: " & objOS.CSName
   Wscript.Echo "OS Name: " & objOS.Caption
   Wscript.Echo "OS Version: " & objOS.Version & " Build " & objOS.BuildNumber
   Wscript.Echo "OS Manufacturer: " & objOS.Manufacturer
   Wscript.Echo "OS Configuration: " & dicProductType.Item(objOS.ProductType)
   Wscript.Echo "OS Build Type: " & objOS.BuildType
   Wscript.Echo "Registered Owner: " & objOS.RegisteredUser
   Wscript.Echo "Registered Organization: " & objOS.Organization
   Wscript.Echo "Product ID: " & objOS.SerialNumber
   objWMIDateTime.Value = objOS.InstallDate
   Wscript.Echo "Original Install Date: " & objWMIDateTime.GetVarDate
   objWMIDateTime.Value = objOS.LastBootUpTime
   Wscript.Echo "System Up Time: " & objWMIDateTime.GetVarDate
   Wscript.Echo "Windows Directory: " & objOS.WindowsDirectory
   Wscript.Echo "System Directory: " & objOS.SystemDirectory
   Wscript.Echo "BootDevice: " & objOS.BootDevice
   Wscript.Echo "System Locale: " & objOS.Locale
   Wscript.Echo "Time Zone: " & "GMT" & objOS.CurrentTimezone
   Wscript.Echo "Total Physical Memory: " & _ 
                round(objOS.TotalVisibleMemorySize / 1024) & " MB"
   Wscript.Echo "Available Physical Memory: " & _
                 round(objOS.FreePhysicalMemory / 1024) & " MB"
   Wscript.Echo "Page File: Max Size: " & _
                 round(objOS.TotalVirtualMemorySize / 1024) & " MB"
   Wscript.Echo "Page File: Available: " & _
                 round(objOS.FreeVirtualMemory / 1024) & " MB"
next
   
set colCS = objWMI.InstancesOf("Win32_ComputerSystem")
for each objCS in colCS
   Wscript.Echo "System Manufacturer: " & objCS.Manufacturer
   Wscript.Echo "System Model: " & objCS.Model
   Wscript.Echo "System Type: " & objCS.SystemType
   WScript.Echo "Domain: " & objCS.Domain
   Wscript.Echo "Processor(s): " & objCS.NumberofProcessors & _
                " Processor(s) Installed."
next
   
intCount = 0
set colProcs = objWMI.InstancesOf("Win32_Processor")
for each objProc in colProcs
   intCount = intCount + 1
   Wscript.Echo vbTab & "[" & intcount & "]: " & _
                objProc.Caption & " ~" & objProc.MaxClockSpeed & "Mhz"
next
   
set colBIOS = objWMI.InstancesOf("Win32_BIOS")
for each objBIOS in colBIOS 
   Wscript.Echo "BIOS Version: " & objBIOS.Version
next

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to set the system time, date, and time zone.

Using a graphical user interface

From the Control Panel, open the Date and Time applet. This can also be accomplished by double-clicking the clock on the system tray or running timedate.cpl from the command line.
You can configure the year, month, day, and time on the Date & Time tab and the time zone on the Time Zone tab.
On Windows Server 2003, you can configure clock synchronization (Network Time Protocol (NTP) settings) from the Internet Time tab if the system is not part of a domain. If it is member of a domain, then the clock is synchronized automatically from an Active Directory domain controller.

Using a command-line interface

The following commands set the time to 11:02 p.m. and the date to November 1, 2005:

> time 23:02:00
> date 11/01/2005

The date format may vary depending on your locale.

Run this command to display the current date, time, and time zone:

> date /t & time /t & w32tm -tz

You can use this command to display time zone information from the registry:

> reg query \\<ServerName>\HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation

This command sets the SNTP server list:

> net time /setsntp:<ServerList>

For example:

> net time /setsntp:mytime.rallencorp.com,time.windows.com

This command queries the SNTP server:

> net time /querysntp

This command forces the local system to sync its time from the time source:

> net time /set

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to configure the host name for a server.

Using a graphical user interface

From the Control Panel, open the System applet.
Select the Computer Name tab (or Network Identification on Windows 2000).
Click the Change button (or Properties on Windows 2000).
Enter the new name in the Computer name field.
If the computer is a member of the domain, you will be prompted for credentials to use for renaming the account in the domain unless you are logged in with a domain administrator account.
Click OK.
Click OK to confirm that you'll need to restart (this won't actually restart the computer).
Click OK again.
Click Yes if you want to restart now or No to restart later.

Using a command-line interface

Use this command to display the current computer name:

> hostname

The compname.exe utility, which is available from http://www.willowhayes.co.uk/, can also display the current computer name:

> compname /s

But this command can also do a whole lot more. This changes a computer's name:

> compname /c <NewServerName>

The truly powerful feature of compname is its ability to name a system based on certain variables (or what it calls templates). You can name a computer based on its serial number, UUID, MAC address, and date, among other things. The following example changes a computer name to contain its serial number at the end:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to join a server to an Active Directory domain so that users in the domain can access resources on the server.

Using a graphical user interface

Log onto the computer you want to join and open Control Panel → System applet.
Click the Computer Name tab.
Click the Change button.
Under Member of, select Domain.
Enter the domain you want to join and click OK.
You may be prompted to enter credentials that have permission to join the computer.
Reboot the computer.
Note that the tabs in the System applet vary between Windows 2000, Windows XP, and Windows Server 2003.

Using a command-line interface

The following command joins a computer to a domain:

> netdom join <ComputerName> /Domain <DomainName> /UserD <DomainUserUPN> 
/PasswordD * /UserO <ComputerAdminUser> /PasswordO * /Reboot

The last character in the /UserO and /PasswordO options is the letter O, not the number 0.

Using VBScript

' This code joins a server to a domain.
' ------ SCRIPT CONFIGURATION ------
strComputer     = "<ComputerName>"      ' e.g. joe-xp
strDomain       = "<DomainName>"        ' e.g. rallencorp.com
strDomainUser   = "<DomainUserUPN>"     ' e.g. administrator@rallencorp.com
strDomainPasswd = "<DomainUserPasswd>

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to test the secure channel of a server in a domain.

The following command tests the secure channel for a computer:

> nltest /server:<ComputerName> /sc_query:<DomainName>

The following command resets the secure channel for a computer:

> nltest /server:<ComputerName> /sc_reset:<DomainName>

The following solutions describe how to reset a computer account.

Using a graphical user interface

Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, right-click on the domain and select Find.
Beside Find, select Computers.
Type the name of the computer and click Find Now.
In the Search Results, right-click on the computer and select Reset Account.
Click Yes to verify.
Click OK.
Rejoin the computer to the domain as I described in Recipe 2.5.

Using a command-line interface

You can use the dsmod.exe utility to reset a computer's password. You will need to rejoin the computer to the domain after doing this.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to view the current environment variables or create new ones.

Using a graphical user interface

From the Control Panel, open the System applet.
Select the Advanced tab.
Click the Environment Variables button.
Click the New button under the User variables or System variables box depending on whether you want to create an environment variable that is visible only to the currently logged-on user or system-wide.
Enter the variable name and value and click OK until all windows are closed.

The new variable(s) will not be available in any CMD windows that are currently open. You'll need to close and reopen any CMD sessions in which you want to use the new variable(s).

Using a command-line interface

To view environment variables, run the set command. You can also view a subset of environment variables by running set and specifying the first letters of the variable(s). This command displays all environment variables that begin with USER:

> set user

You can use the wmic utility to print environment variables on a remote system:

> wmic /node:"<ServerName>" environment list full

You can print the value of an environment variable using echo:

> echo %systemroot%

To set an environment variable for use in the current CMD session, use the set command. The following command sets the FOOBAR environment variable:

> set FOOBAR=test

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

You want to configure the page files on a system. It is a common practice to move the default page file stored on the system root drive (typically C:) to a different disk to improve performance. The page files and system drive are frequently accessed by the operating system and separating them on different disks can improve performance. You may also want to increase the size of the page file or spread your page file across multiple volumes based on the needs of your system.

Using a graphical user interface

From the Control Panel, open the System applet.
Select the Advanced tab.

On Windows Server 2003:
1. Under Performance, click the Settings button.
2. Click the Advanced tab.
3. Under Virtual memory, click the Change button.
4. You'll see a list of all volumes and any page files that have been configured on them. To modify the size of an existing page file, highlight the drive the page file is on, modify the Initial size and/or Maximum size, and click Set. You can also select System managed size to let the system control the size of the page file. To add a new page file, select a drive that currently does not have a page file and select either Custom size or System managed size. If you select the former, enter the Initial size and Maximum size. Click Set when you are done. A performance tip is to set the initial size the same as the maximum size to reduce unnecessary I/O operations.
On Windows 2000:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|

Table of Contents

WMI

Using a graphical user interface

Using a command-line interface

Using VBScript

Using a graphical user interface

Using a command-line interface

Using a graphical user interface

Using a command-line interface

Using VBScript

Using a graphical user interface

Using a command-line interface

Using VBScript

Using a graphical user interface

Using a graphical user interface

Using a command-line interface

Using VBScript

Using a graphical user interface

Using a command-line interface

Using a graphical user interface

Using a command-line interface

Using a graphical user interface

Using a command-line interface

Using VBScript

Using a graphical user interface

Using a command-line interface

Using a graphical user interface

Using a command-line interface

Using a graphical user interface