Guide to Microsoft Windows Server 2003 Command Line Administration

1
Guide toMicrosoft Windows Server 2003Command
Line Administration

• Chapter 4
• System Administration

2
Objectives

• Perform power management tasks
• View and modify the registry
• Perform page file configuration tasks
• View and modify services
• Manage tasks and processes
• Create and perform data backups
• Monitor and optimize a system

3
Viewing What Is Installed on a System

• To be a thorough systems expert, it is important
  to be aware of all server components and their
  functions - there are commands to display this
  data
• SYSTEMINFO displays system information such as
  OS name and version OS configuration OS build
  type processor BIOS version total / available
  physical memory page file max size / available /
  in use page file location domain / logon
  server hotfixes
• The SYSTEMINFO command can be a source of
  baseline and general system information for
  reference use
• This system information is essential in the event
  of a system rebuild (something goes wrong with
  the server and the backup methods do not work
  properly)

4
Result of Running SYSTEMINFO
5
Using SYSTEMINFO to View System Information
6
Viewing What Is Installed on a System (Cont.)

• DRIVERQUERY provides a full list of drivers on
  the system and shows details about them
• A driver is a piece of software that is used to
  bridge the gap between the operating system and a
  piece of hardware, and allows the OS to
  communicate with the device using standardized
  protocols
• DRIVERQUERY displays a table containing all of
  the loaded drivers on a system, including details
  such as driver filename driver description
  type of memory that hosts the driver driver
  installation date and time
• Many drivers are associated with hardware devices
  and sometimes more than one driver is needed for
  a device

7
DRIVERQUERY Output
8
Power Management

• Power consumption and management are receiving
  scrutiny throughout the computer industry
• From a hardware perspective, power management has
  two standards
• Advanced Power Management (APM) allows the BIOS
  to shut off or suspend power to certain high-use
  components when a pre-configured state has been
  achieved
• Advanced Computer and Power Interface (ACPI) is a
  newer standard that allows the OS to fully
  control the power status of various components on
  the system
• Most current servers are ACPI compliant, which
  allows for flexible power management schemes

9
Power Management (Cont.)

• Windows Server 2003 is divided into power schemes
  based on different power needs
• Home/Office Desk - turns off the monitor after 20
  minutes of non-use
• Portable/Laptop - turns off the monitor after 15
  minutes of non-use, and the hard disk off after
  30 minutes of non-use
• Presentation - Never turns anything off
• Always On - turns off the monitor after 20
  minutes of non-use
• Minimal Power Management - turns off the monitor
  after 15 minutes of non-use
• Max Battery - turns off the monitor after 15
  minutes ofnon-use

10
Power Management (Cont.)

• The POWERCFG command enables system power
  configuration from the command line
• POWERCFG /LIST displays the current power schemes
• POWERCFGs HIBERNATE option results in a
  suspended state of operation in which the active
  configuration is stored on the hard disk, and the
  system is powered off
• POWERCFG can distinguish between AC and DC
  current
• POWERCFG can tell when the system is running on
  UPS battery power or on the normal power grid
• Forcing the CPU to slow itself down is called CPU
  throttling and is done in order to save
  electricity

11
POWERCFG Options and Arguments
12
Registry

• Other than the hardware, the registry is the
  single most vital component of the server
• The registry is a database that contains every
  setting, pointer, configuration, profile, and
  policy on the system
• The amount and importance of data in the registry
  makes it the most important AND the most
  dangerous OS object
• It is sometimes necessary for system experts to
  look at or modify parts of the registry to gather
  data or fix problems
• The registry is divided into five different
  sections, called hives, which are stored in two
  main files and a few smaller files a hive entry
  that contains subentries is called a key
• The hives are HKLM, HKCR, HKU, HKCC, and HKCU

13
Registry (Cont.)

• REGEDIT is a GUI program used to view and modify
  the registry
• REGEDIT typed from the Run line opens the
  registry editor
• Each registry key contains registry values and/or
  subkeys
• A registry value contains specific information
  subkeys are keys that exist as part of other keys
• Entries can have one of five different data
  types REG_SZ REG_BINARY REG_DWORD
  REG_MULTI_SZ REG_EXPAND_SZ
• System experts are rarely called upon to create a
  new value, but it could become necessary

14
Basic Registry Structure
15
Automatic Program Launch Within The Registry

• Much of the registry work an administrator will
  do involves applications that automatically start
  at log in
• Administrators should become familiar with all of
  the registrys system-essential programs that
  autostart
• Autostart programs are located in
  HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
  Windows \ CurrentVersion \ Run
  HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
  Windows \ CurrentVersion \ RunOnce
  HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
  Windows \ CurrentVersion \ RunOnceEx
• Vital programs such as anti-virus applications
  are often stored in the registry

16
Creating a New Registry Entry Using REGEDIT
17
Looking at the Registry

• Consider REGEDIT to be the primary method of
  viewing the registry and its entries
• However, there are registry commands that allow
  for quick modification and information gathering
  in situations in which the user knows exactly
  what they are looking for
• These commands do not allow a view of the entire
  registry at the command prompt, but it is
  possible to view the contents of an entire hive
• REG QUERY ltKEYORHIVENAMEgt displays the entries
  and first-level subkeys for the specified key or
  hive
• There are abbreviations used for specifying the
  hive name so there is no need to type the entire
  name when querying

18
Hive Name Abbreviations
19
Using REG QUERY to Determine the Contents of HKCC
20
Manipulating the Registry

• Registry changes are best done using REGEDIT
• Programmers and application installation routines
  often make registry changes through routine
  scripts, or through .reg files, which are text
  files containing a registry entry
• .reg files behave like batch files in that they
  can be run from the command line - but they
  contain no commands
• .reg files are created by an administrator
  specifically for the registry and contain only
  registry keys and entries
• It is important to back up keys and hives before
  editing, and it is important to backup the
  registry often
• REG COPY, REG EXPORT, REG IMPORT, REG SAVE, REG
  RESTORE commands provide registry editing

21
Page File Optimization

• Page files are annex or overflow areas for RAM
• A page file (also called a swap file) is required
  by Windows Server 2003 and should be optimized
  for best performance
• Every system contains at least one page file
• Because the page file acts as a copy of RAM, the
  system refers to the data within the page file as
  RAM, with no considerations for hard disk speed
  and data transfer rate
• To optimize the performance of the page file and
  the system, first take a look at the current
  configuration of the page file using the
  PAGEFILECONFIG / QUERY command
• For documentation purposes, PAGEFILECONFIG has a
  formatted output option (table, list, or comma
  delimited)

22
Current Page File Configuration
23
Changing the Page File Configuration

• Changing the page file configuration
• Windows Server 2003 automatically determines the
  optimal size for the page file it begins at a
  particular initial size, and it automatically
  grows as the need arises
• If manually adjusting the size of the page file,
  set the initial size somewhere between 1.5 and 3
  times the RAM
• PAGEFILECONFIG /CHANGE changes the existing page
  file according to the sizes specified
• Moving page files
• If the current system has two disks, it is best
  to store the page file on the disk that does not
  contain the system files
• PAGEFILECONFIG CREATE and PAGEFILECONFIG DELETE
  allow users to create and delete page files

24
Changing the Size of the Page File
25
Services

• Services are among the few programs that can
  automatically start when the system boots
• Services stay in the background, monitor for
  certain events, and once those events occur, they
  perform specific tasks
• Services are unique in that they start as soon as
  the server is running, and not when a user logs
  on
• Learn about services by using the Windows service
  utility Start menu, All Programs, Administrative
  Tools, Services
• Service names come in two parts the display name
  and the keyname, which is the actual name of the
  service
• SC QUERY displays a list of all services the
  ltKEYNAMEgt option displays the entries associated
  with that keyname

26
Workstation Service and Its Dependencies
27
Starting and Stopping a Service

• When troubleshooting a performance problem, it
  may be necessary to alter the way a service runs
• SC START ltKEYNAMEgt SC STOP ltKEYNAMEgt SC PAUSE
  ltKEYNAMEgt SC CONTINUE ltKEYNAMEgt all allow for
  service adjustments
• SC CONFIGURATION ltSERVICENAMEgt STARTBOOT
  SYSTEM AUTO DEMAND DISABLED configures the
  specified service to start on boot, when the
  system kernel is loaded, automatically with
  logon, manually, or not at all

28
Converting a Program into a Service

• SC CREATE ltKEYNAMEgt BINPATHltEXEFILEgt TYPESHARE
  STARTAUTO instructs the system to start the
  program (EXEFILE) as a service without requiring
  an active logon

29
Using SC CREATE to Create a Service
30
The TASKLIST Command

• Task Manager is a GUI tool that is used to
  display and control active processes and tasks
• Task manager is normally accessed by pressing
  CtrlAltDel and navigating to the Task Manager
  button
• Five tabs reside in the Task Manager window
  Applications Processes Performance Networking
  Users
• The TASKLIST command is used to display all of
  the current tasks (or processes) on the system
• TASKLIST displays system processes, programs,
  subprograms, and services that are currently on
  the server
• TASKLIST is the command prompt equivalent of Task
  Manager, but it only deals with processes

31
Using TASKLIST to Display All Running Tasks
32
Stopping a Task Manager Process

• From the command prompt, it may be necessary to
  stop a process so as to restore order to the
  system
• Stopping a process or application with Task
  Manager can forestall a complete system hang-up,
  but the same can be done from the command prompt
  with greater reliability
• Task Manager is a process in and of itself, and
  if the system is on its way to failure, the
  command prompt may be the most effective way to
  shut off an offending process
• The TASKKILL command allows for stopping a
  process or application from the command prompt
• TASKKILL /IM ltPROCESSNAMEgt stops PROCESSNAME

33
Using TASKKILL
34
Data Backup

• The NTBACKUP utility is used to perform system
  backups in both GUI and command environments
• When run from the command prompt or Run line,
  NTBACKUP launches the GUI tool running it with
  certain command options runs the program from the
  command line
• An issue when backing up OS data is that XCOPY
  cannot be used for files that are in use at the
  time of the copy this fact typically leads to
  the use of backup programs instead
• NTBACKUP can backup an object called the system
  state - a group of files that comprise the
  system
• NYTBACKUP also includes automation features where
  it can backup specific files that are selected
  immediately,or it can backup those files as a
  backup job

35
Data Backup (Cont.)

• NTBACKUP can also take advantage of a files
  archive bit to allow more flexibility in how data
  is backed up
• There are five different ways to back up files
  based on the archive bit normal copy
  incremental differential daily
• Server administrators traditionally back up data
  to external tape drives as part of their disaster
  recovery program

36
Tape Backup Limitations

• Tape backup has some limitations the tapes can
  wear out they are expensive tape backup
  activity takes a long time
• An advanced technology type of backup is called
  remote storage, where tape backup is centralized
  by allowing servers to first back up their data
  to a centralized network location before backing
  up to tape

37
Backup Frequency and Timing

• Tape backups are not performed every night
  because of the fact that they take time and the
  longer they take, the more likely the backup will
  encounter an open user file
• Because of the inaccuracy of open file backups,
  reduce the possibility of a backup continuing
  through the night into normal working hours full
  tape backups take a long time
• In addition, full tape backups typically consume
  more than one tape and require a person to change
  tapes
• Due to all of the associated issues and costs
  involved, full tape backups are usually scheduled
  to run on a weekly or monthly basis

38
Working with NTBACKUP

• The best way to handle data backups using
  NTBACKUP is to first use the GUI version to
  select files, create jobs, designate tape or
  media pools, and then automate the backup by
  creating a schedule within NTBACKUP
• One reason why placing the NTBACKUP command in a
  batch file is a good idea is that NTBACKUP cannot
  back up nonsystem files that are in use a way
  around this is to use the SC command to stop the
  running program, run NTBACKUP, and then use SC to
  restart the program
• Running SC in this way is a perfect reason to use
  a batch file, which can then be automated using
  AT or the Scheduled Tasks Windows tool

39
NTBACKUP Command Generated by the NTBACKUP GUI
Program
40
Using NTBACKUP GUI to Back Up the System State to
the C Drive
41
Monitoring and Optimization

• Monitoring and optimization are important parts
  of system administration
• Monitoring is a process in which a system is
  regularly checked for problems in normal
  operations
• Optimization is the process of fine-tuning a
  systems performance to its optimal capacity
• When a system begins to slow down or behave
  erratically, programs such as Event Viewer and
  Performance Monitor are used to determine exactly
  where the problem is

42
Event Viewer

• Event Viewer is a utility that tracks application
  and system messages, alerts, and errors
• The Performance Tool is used to monitor ongoing
  activities in specific areas of hardware and
  software performance

43
Event Viewer (Cont.)

• There are ways to add events to the GUI-based
  Event Viewer from the command line
• The EVENTCREATE command will allow the creation
  of an event message that appears as the result of
  an action that occurs in a batch routine
• EVENTCREATE /L APPLICATION /SO ltADMINISTRATOR or
  APPLICATION NAMEgt /T ERROR WARNING
  INFORMATION /ID ltEVENT IDgt /D ltDESCRIPTIONgt
  creates an event in Event Viewers application
  log with ADMINISTRATOR or APPLICATION NAME as the
  title, an event type of ERROR, WARNING, or
  INFORMATION, the specified EVENT ID, and the
  DESCRIPTION

44
Event Created using EVENTCREATE
45
Additional Commands

• Other administrative commands and tools
• The boot.ini file is an important system file
  that the system uses to determine which hard
  disks, partitions, and operating systems will be
  booted
• The BOOTCFG command is used to view and modify
  the boot.ini file it can be used on remote
  systems as wellBOOTCFG /QUERY displays the boot
  and OS sections of the boot.ini file
• The INUSE command is used to replace a bad or
  corrupt file with a good file without disrupting
  service or functionality INUSE ltREPLACEMENTFILEgt
  ltCORRUPTFILEgt replaces the CORRUPTFILE with the
  REPLACEMENTFILE

46
Chapter Summary

• There are several ways to administer systems from
  the command window
• Use commands to determine and document the
  physical contents of the server and the software
  that is installed on it
• GUI counterparts of the commands do not allow you
  to document and list a full inventory of the
  servers contents

47
Chapter Summary (Cont.)

• Modified configuration commands allow for
  automation of the functions, and also are
  valuable in emergency situations when the GUI
  interface for Windows Server 2003 is unavailable
  you can boot to a command prompt during boot
• When the main interface locks up, you can open a
  command window from the Task Manager

48
Command Summary