Title: Guide to Microsoft Windows Server 2003 Command Line Administration
1Guide toMicrosoft Windows Server 2003Command
Line Administration
- Chapter 4
- System Administration
2Objectives
- Perform power management tasks
- View and modify the registry
- Perform page file configuration tasks
- View and modify services
- Manage tasks and processes
- Create and perform data backups
- Monitor and optimize a system
3Viewing What Is Installed on a System
- To be a thorough systems expert, it is important
to be aware of all server components and their
functions - there are commands to display this
data - SYSTEMINFO displays system information such as
OS name and version OS configuration OS build
type processor BIOS version total / available
physical memory page file max size / available /
in use page file location domain / logon
server hotfixes - The SYSTEMINFO command can be a source of
baseline and general system information for
reference use - This system information is essential in the event
of a system rebuild (something goes wrong with
the server and the backup methods do not work
properly)
4Result of Running SYSTEMINFO
5Using SYSTEMINFO to View System Information
6Viewing What Is Installed on a System (Cont.)
- DRIVERQUERY provides a full list of drivers on
the system and shows details about them - A driver is a piece of software that is used to
bridge the gap between the operating system and a
piece of hardware, and allows the OS to
communicate with the device using standardized
protocols - DRIVERQUERY displays a table containing all of
the loaded drivers on a system, including details
such as driver filename driver description
type of memory that hosts the driver driver
installation date and time - Many drivers are associated with hardware devices
and sometimes more than one driver is needed for
a device
7DRIVERQUERY Output
8Power Management
- Power consumption and management are receiving
scrutiny throughout the computer industry - From a hardware perspective, power management has
two standards - Advanced Power Management (APM) allows the BIOS
to shut off or suspend power to certain high-use
components when a pre-configured state has been
achieved - Advanced Computer and Power Interface (ACPI) is a
newer standard that allows the OS to fully
control the power status of various components on
the system - Most current servers are ACPI compliant, which
allows for flexible power management schemes
9Power Management (Cont.)
- Windows Server 2003 is divided into power schemes
based on different power needs - Home/Office Desk - turns off the monitor after 20
minutes of non-use - Portable/Laptop - turns off the monitor after 15
minutes of non-use, and the hard disk off after
30 minutes of non-use - Presentation - Never turns anything off
- Always On - turns off the monitor after 20
minutes of non-use - Minimal Power Management - turns off the monitor
after 15 minutes of non-use - Max Battery - turns off the monitor after 15
minutes ofnon-use
10Power Management (Cont.)
- The POWERCFG command enables system power
configuration from the command line - POWERCFG /LIST displays the current power schemes
- POWERCFGs HIBERNATE option results in a
suspended state of operation in which the active
configuration is stored on the hard disk, and the
system is powered off - POWERCFG can distinguish between AC and DC
current - POWERCFG can tell when the system is running on
UPS battery power or on the normal power grid - Forcing the CPU to slow itself down is called CPU
throttling and is done in order to save
electricity
11POWERCFG Options and Arguments
12Registry
- Other than the hardware, the registry is the
single most vital component of the server - The registry is a database that contains every
setting, pointer, configuration, profile, and
policy on the system - The amount and importance of data in the registry
makes it the most important AND the most
dangerous OS object - It is sometimes necessary for system experts to
look at or modify parts of the registry to gather
data or fix problems - The registry is divided into five different
sections, called hives, which are stored in two
main files and a few smaller files a hive entry
that contains subentries is called a key - The hives are HKLM, HKCR, HKU, HKCC, and HKCU
13Registry (Cont.)
- REGEDIT is a GUI program used to view and modify
the registry - REGEDIT typed from the Run line opens the
registry editor - Each registry key contains registry values and/or
subkeys - A registry value contains specific information
subkeys are keys that exist as part of other keys - Entries can have one of five different data
types REG_SZ REG_BINARY REG_DWORD
REG_MULTI_SZ REG_EXPAND_SZ - System experts are rarely called upon to create a
new value, but it could become necessary
14 Basic Registry Structure
15Automatic Program Launch Within The Registry
- Much of the registry work an administrator will
do involves applications that automatically start
at log in - Administrators should become familiar with all of
the registrys system-essential programs that
autostart - Autostart programs are located in
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
Windows \ CurrentVersion \ RunOnce
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
Windows \ CurrentVersion \ RunOnceEx - Vital programs such as anti-virus applications
are often stored in the registry
16 Creating a New Registry Entry Using REGEDIT
17Looking at the Registry
- Consider REGEDIT to be the primary method of
viewing the registry and its entries - However, there are registry commands that allow
for quick modification and information gathering
in situations in which the user knows exactly
what they are looking for - These commands do not allow a view of the entire
registry at the command prompt, but it is
possible to view the contents of an entire hive - REG QUERY ltKEYORHIVENAMEgt displays the entries
and first-level subkeys for the specified key or
hive - There are abbreviations used for specifying the
hive name so there is no need to type the entire
name when querying
18 Hive Name Abbreviations
19Using REG QUERY to Determine the Contents of HKCC
20Manipulating the Registry
- Registry changes are best done using REGEDIT
- Programmers and application installation routines
often make registry changes through routine
scripts, or through .reg files, which are text
files containing a registry entry - .reg files behave like batch files in that they
can be run from the command line - but they
contain no commands - .reg files are created by an administrator
specifically for the registry and contain only
registry keys and entries - It is important to back up keys and hives before
editing, and it is important to backup the
registry often - REG COPY, REG EXPORT, REG IMPORT, REG SAVE, REG
RESTORE commands provide registry editing
21Page File Optimization
- Page files are annex or overflow areas for RAM
- A page file (also called a swap file) is required
by Windows Server 2003 and should be optimized
for best performance - Every system contains at least one page file
- Because the page file acts as a copy of RAM, the
system refers to the data within the page file as
RAM, with no considerations for hard disk speed
and data transfer rate - To optimize the performance of the page file and
the system, first take a look at the current
configuration of the page file using the
PAGEFILECONFIG / QUERY command - For documentation purposes, PAGEFILECONFIG has a
formatted output option (table, list, or comma
delimited)
22Current Page File Configuration
23Changing the Page File Configuration
- Changing the page file configuration
- Windows Server 2003 automatically determines the
optimal size for the page file it begins at a
particular initial size, and it automatically
grows as the need arises - If manually adjusting the size of the page file,
set the initial size somewhere between 1.5 and 3
times the RAM - PAGEFILECONFIG /CHANGE changes the existing page
file according to the sizes specified - Moving page files
- If the current system has two disks, it is best
to store the page file on the disk that does not
contain the system files - PAGEFILECONFIG CREATE and PAGEFILECONFIG DELETE
allow users to create and delete page files
24 Changing the Size of the Page File
25Services
- Services are among the few programs that can
automatically start when the system boots - Services stay in the background, monitor for
certain events, and once those events occur, they
perform specific tasks - Services are unique in that they start as soon as
the server is running, and not when a user logs
on - Learn about services by using the Windows service
utility Start menu, All Programs, Administrative
Tools, Services - Service names come in two parts the display name
and the keyname, which is the actual name of the
service - SC QUERY displays a list of all services the
ltKEYNAMEgt option displays the entries associated
with that keyname
26Workstation Service and Its Dependencies
27Starting and Stopping a Service
- When troubleshooting a performance problem, it
may be necessary to alter the way a service runs - SC START ltKEYNAMEgt SC STOP ltKEYNAMEgt SC PAUSE
ltKEYNAMEgt SC CONTINUE ltKEYNAMEgt all allow for
service adjustments - SC CONFIGURATION ltSERVICENAMEgt STARTBOOT
SYSTEM AUTO DEMAND DISABLED configures the
specified service to start on boot, when the
system kernel is loaded, automatically with
logon, manually, or not at all
28Converting a Program into a Service
- SC CREATE ltKEYNAMEgt BINPATHltEXEFILEgt TYPESHARE
STARTAUTO instructs the system to start the
program (EXEFILE) as a service without requiring
an active logon
29 Using SC CREATE to Create a Service
30The TASKLIST Command
- Task Manager is a GUI tool that is used to
display and control active processes and tasks - Task manager is normally accessed by pressing
CtrlAltDel and navigating to the Task Manager
button - Five tabs reside in the Task Manager window
Applications Processes Performance Networking
Users - The TASKLIST command is used to display all of
the current tasks (or processes) on the system - TASKLIST displays system processes, programs,
subprograms, and services that are currently on
the server - TASKLIST is the command prompt equivalent of Task
Manager, but it only deals with processes
31Using TASKLIST to Display All Running Tasks
32Stopping a Task Manager Process
- From the command prompt, it may be necessary to
stop a process so as to restore order to the
system - Stopping a process or application with Task
Manager can forestall a complete system hang-up,
but the same can be done from the command prompt
with greater reliability - Task Manager is a process in and of itself, and
if the system is on its way to failure, the
command prompt may be the most effective way to
shut off an offending process - The TASKKILL command allows for stopping a
process or application from the command prompt - TASKKILL /IM ltPROCESSNAMEgt stops PROCESSNAME
33Using TASKKILL
34Data Backup
- The NTBACKUP utility is used to perform system
backups in both GUI and command environments - When run from the command prompt or Run line,
NTBACKUP launches the GUI tool running it with
certain command options runs the program from the
command line - An issue when backing up OS data is that XCOPY
cannot be used for files that are in use at the
time of the copy this fact typically leads to
the use of backup programs instead - NTBACKUP can backup an object called the system
state - a group of files that comprise the
system - NYTBACKUP also includes automation features where
it can backup specific files that are selected
immediately,or it can backup those files as a
backup job
35Data Backup (Cont.)
- NTBACKUP can also take advantage of a files
archive bit to allow more flexibility in how data
is backed up - There are five different ways to back up files
based on the archive bit normal copy
incremental differential daily - Server administrators traditionally back up data
to external tape drives as part of their disaster
recovery program
36Tape Backup Limitations
- Tape backup has some limitations the tapes can
wear out they are expensive tape backup
activity takes a long time - An advanced technology type of backup is called
remote storage, where tape backup is centralized
by allowing servers to first back up their data
to a centralized network location before backing
up to tape
37Backup Frequency and Timing
- Tape backups are not performed every night
because of the fact that they take time and the
longer they take, the more likely the backup will
encounter an open user file - Because of the inaccuracy of open file backups,
reduce the possibility of a backup continuing
through the night into normal working hours full
tape backups take a long time - In addition, full tape backups typically consume
more than one tape and require a person to change
tapes - Due to all of the associated issues and costs
involved, full tape backups are usually scheduled
to run on a weekly or monthly basis
38Working with NTBACKUP
- The best way to handle data backups using
NTBACKUP is to first use the GUI version to
select files, create jobs, designate tape or
media pools, and then automate the backup by
creating a schedule within NTBACKUP - One reason why placing the NTBACKUP command in a
batch file is a good idea is that NTBACKUP cannot
back up nonsystem files that are in use a way
around this is to use the SC command to stop the
running program, run NTBACKUP, and then use SC to
restart the program - Running SC in this way is a perfect reason to use
a batch file, which can then be automated using
AT or the Scheduled Tasks Windows tool
39 NTBACKUP Command Generated by the NTBACKUP GUI
Program
40Using NTBACKUP GUI to Back Up the System State to
the C Drive
41Monitoring and Optimization
- Monitoring and optimization are important parts
of system administration - Monitoring is a process in which a system is
regularly checked for problems in normal
operations - Optimization is the process of fine-tuning a
systems performance to its optimal capacity - When a system begins to slow down or behave
erratically, programs such as Event Viewer and
Performance Monitor are used to determine exactly
where the problem is
42Event Viewer
- Event Viewer is a utility that tracks application
and system messages, alerts, and errors - The Performance Tool is used to monitor ongoing
activities in specific areas of hardware and
software performance
43Event Viewer (Cont.)
- There are ways to add events to the GUI-based
Event Viewer from the command line - The EVENTCREATE command will allow the creation
of an event message that appears as the result of
an action that occurs in a batch routine - EVENTCREATE /L APPLICATION /SO ltADMINISTRATOR or
APPLICATION NAMEgt /T ERROR WARNING
INFORMATION /ID ltEVENT IDgt /D ltDESCRIPTIONgt
creates an event in Event Viewers application
log with ADMINISTRATOR or APPLICATION NAME as the
title, an event type of ERROR, WARNING, or
INFORMATION, the specified EVENT ID, and the
DESCRIPTION
44Event Created using EVENTCREATE
45Additional Commands
- Other administrative commands and tools
- The boot.ini file is an important system file
that the system uses to determine which hard
disks, partitions, and operating systems will be
booted - The BOOTCFG command is used to view and modify
the boot.ini file it can be used on remote
systems as wellBOOTCFG /QUERY displays the boot
and OS sections of the boot.ini file - The INUSE command is used to replace a bad or
corrupt file with a good file without disrupting
service or functionality INUSE ltREPLACEMENTFILEgt
ltCORRUPTFILEgt replaces the CORRUPTFILE with the
REPLACEMENTFILE
46Chapter Summary
- There are several ways to administer systems from
the command window - Use commands to determine and document the
physical contents of the server and the software
that is installed on it - GUI counterparts of the commands do not allow you
to document and list a full inventory of the
servers contents
47Chapter Summary (Cont.)
- Modified configuration commands allow for
automation of the functions, and also are
valuable in emergency situations when the GUI
interface for Windows Server 2003 is unavailable
you can boot to a command prompt during boot - When the main interface locks up, you can open a
command window from the Task Manager
48Command Summary