Windows 2000 Administration in a Nutshell

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter begins with a quick overview of the features of the Windows 2000 operating system in each of its four flavors: Professional, Server, Advanced Server, and Datacenter Server. It finishes with my personal offerings of kudos and gripes over how Windows 2000 has been implemented.

Quarks come in six flavors (Up, Down, Strange, Charmed, Top, and Bottom), but so far, Windows 2000 only comes in four. Let's look at the features of these different flavors, starting with the lightweight Professional (which corresponds to the Up and has a mass of only .005 GeV/c2) and moving upwards to the heavyweight Datacenter Server (not yet detected, but estimated to have a mass comparable to the Top quark, or about 180 GeV/c2).

Designed to replace the earlier Windows NT Workstation 4.0 and Windows 95/98 platforms on corporate desktop computers, Windows 2000 Professional is pretty much a blend of the best features of these two earlier operating systems. Professional takes the security and stability of Windows NT and combines it with the Advanced Configuration and Power Interface (ACPI) power management and Plug and Play hardware support of Windows 95/98 to provide administrators with real reasons for tossing out their last remaining souped-up 486s and buying all new Pentium IIIs. You can use the following features to justify the purchase to your boss:

Enhanced installation methods: In addition to standard manual installations using local media or downloads from a network distribution server, Windows 2000 includes the Setup Manager Wizard (on the Windows 2000 Server compact disc in the \Support\Tools\Deploy.cab folder) to simplify creating and configuring answer files for unattended installation. Windows 2000 also includes the System Preparation Tool (also in the \Support\Tools\Deploy.cab folder), which can prepare a configured Windows 2000 Professional system for cloning using third-party disk-duplication software. A third option—if your desktop systems support the NetPC specification or a network adapter with a Pre-Boot Execution Environment (PXE) boot ROM and supporting BIOS—is to perform automated remote installations of Professional clients using the Remote Installation Services (RIS) running on Windows 2000 Server.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Quarks come in six flavors (Up, Down, Strange, Charmed, Top, and Bottom), but so far, Windows 2000 only comes in four. Let's look at the features of these different flavors, starting with the lightweight Professional (which corresponds to the Up and has a mass of only .005 GeV/c2) and moving upwards to the heavyweight Datacenter Server (not yet detected, but estimated to have a mass comparable to the Top quark, or about 180 GeV/c2).

Designed to replace the earlier Windows NT Workstation 4.0 and Windows 95/98 platforms on corporate desktop computers, Windows 2000 Professional is pretty much a blend of the best features of these two earlier operating systems. Professional takes the security and stability of Windows NT and combines it with the Advanced Configuration and Power Interface (ACPI) power management and Plug and Play hardware support of Windows 95/98 to provide administrators with real reasons for tossing out their last remaining souped-up 486s and buying all new Pentium IIIs. You can use the following features to justify the purchase to your boss:

Enhanced installation methods: In addition to standard manual installations using local media or downloads from a network distribution server, Windows 2000 includes the Setup Manager Wizard (on the Windows 2000 Server compact disc in the \Support\Tools\Deploy.cab folder) to simplify creating and configuring answer files for unattended installation. Windows 2000 also includes the System Preparation Tool (also in the \Support\Tools\Deploy.cab folder), which can prepare a configured Windows 2000 Professional system for cloning using third-party disk-duplication software. A third option—if your desktop systems support the NetPC specification or a network adapter with a Pre-Boot Execution Environment (PXE) boot ROM and supporting BIOS—is to perform automated remote installations of Professional clients using the Remote Installation Services (RIS) running on Windows 2000 Server.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Let's move on now to what's really important in this chapter: my opinion (grin). What follows is my personal expression of things I really like about Windows 2000 and why I like them. (My gripes follow in the next section, which is somewhat longer than this one.)

I must confess I like the Microsoft Management Console (MMC) and consider it a big improvement over the old Windows NT administration tools. I can add all the snap-ins I want to a single console and manage virtually anything on any machine in the network. This is cool. In addition, I can customize the console with taskpads and different views, and I would do so if I only had the time (see the beginning of Chapter 5, for a brief walk-through on how to customize MMC consoles). The one thing Windows 2000 hasn't done for me yet is provide me with more hours in the day.

I love the idea that I can remotely administer Windows 2000 servers from a 486 running Windows 95 with the Terminal Services Client installed. I was ready to toss out my old hardware or donate it to the Linux community until I found out I could breathe new life into old hardware by running Terminal Services on my network. Now if only I could run it from my Palm Pilot using a wireless modem while flying at 28,000 feet to the Bahamas . . .

Finally, a real directory service for Microsoft Windows! NT just didn't cut it with its one-way trusts and flat domain namespace. Active Directory lets you build real enterprise-level networks with hierarchical structure that facilitates distributed management through delegation and Group Policy. And it's simple to install and get going, although any real implementation requires careful planning so you won't have to trash it later and start from scratch.

Active Directory Service Interface (ADSI) is a standard set of interfaces for accessing and manipulating information in a directory, as in Active Directory. Using ASDI, you can write scripts to automatically manage users, groups, computers, services, shares, print queues, and just about anything else on Windows 2000. Great stuff!

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

As we've seen above, Windows 2000 has many new features that make it useful for system administrators. But it's not perfect, and this section gives me a chance to voice a few complaints—and use my sense of humor a bit!

Groups in Windows NT were confusing: global groups were supposed to be used for organizing users together, whereas local groups were intended for managing the access users had to resources such as shared folders and printers. You could circumvent this however by assigning permissions directly to global groups or even individual users if you liked. Though local groups could contain global groups, they couldn't contain other local groups, and global groups could contain neither local nor global groups.

Have groups been simplified in Windows 2000? Just the opposite. There are now three types of groups that can be used to manage domain users and control their access to resources:

Domain local groups: Similar to but not quite the same as local groups in Windows NT
Global groups: Similar to but not quite the same as global groups in Windows NT
Universal groups: Something entirely new to Windows 2000

With more groups come more rules for using them. The membership and nesting rules for groups in Windows 2000 are complex and differ depending on whether you are running in native mode (domain controllers are all running Windows 2000) or mixed mode (support for downlevel Windows NT domain controllers).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Although this book is intended not as a tutorial but as a quick desktop reference, I've included a brief chapter here to help existing Windows NT administrators quickly orient themselves to working with Windows 2000. We're all in a hurry these days—especially those of us who manage computer networks—and I want to provide you with some suggestions and tips to get you going quickly. More information on the concepts, tasks, tools, and utilities discussed here can be found in the chapters of Part II, of this book.

If you are familiar with the Windows NT administrative tools, you may be thrown off base initially by the Windows 2000 administrative tools, which are almost entirely new tools with very few holdovers. Table 2.1 through Table 2.3 help you bridge the gap between the old platform and the new. The correspondence between tools and utilities on the two platforms is unfortunately not one-to-one, so notes are added where necessary to indicate differences. The base Windows NT platform used here includes Service Pack 4 with Internet Explorer 4 installed and Active Desktop enabled. The reference point here for the Windows 2000 tools list is Start → Programs, Start → Settings, or Start → Programs → Administrative Tools, depending on the program.

Table 2.1 lists the Windows NT administrative tools, which you may already be familiar with, and their new Windows 2000 counterparts.

Table 2.1: Administrative Tools in Windows NT and Windows 2000
Windows NT Tool	Windows 2000 Tool(s)
Administrative Wizards	No real counterpart, but Administrative Tools

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

If you are familiar with the Windows NT administrative tools, you may be thrown off base initially by the Windows 2000 administrative tools, which are almost entirely new tools with very few holdovers. Table 2.1 through Table 2.3 help you bridge the gap between the old platform and the new. The correspondence between tools and utilities on the two platforms is unfortunately not one-to-one, so notes are added where necessary to indicate differences. The base Windows NT platform used here includes Service Pack 4 with Internet Explorer 4 installed and Active Desktop enabled. The reference point here for the Windows 2000 tools list is Start → Programs, Start → Settings, or Start → Programs → Administrative Tools, depending on the program.

Table 2.1 lists the Windows NT administrative tools, which you may already be familiar with, and their new Windows 2000 counterparts.

Table 2.1: Administrative Tools in Windows NT and Windows 2000
Windows NT Tool	Windows 2000 Tool(s)
Administrative Wizards	No real counterpart, but Administrative Tools → Configure Your Server lets you perform some high-level administration tasks
Backup	Accessories → System Tools → Backup
Disk Administrator	Computer Management → Storage → Disk Management
DHCP Manager	Computer Management → Services and Applications → DHCP

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Chapter 4 through Chapter 7 of this book form a quick desktop reference that lets you look up a concept, task, console or snap-in, utility, or command and quickly find what you're looking for. Nevertheless, for readers who are either brilliant, impatient, or have nothing better to do, the remainder of this chapter contains a potpourri of things about Windows 2000 that advanced administrators will want to know to get the most out of it and avoid the pitfalls. Wherever possible, I've drawn comparisons to similar aspects of Windows NT administration and included cross-references to Chapter 4, and Chapter 4, in Part II of this book. I've also arranged the sections below in alphabetical order according to topic to help you find useful information more quickly.

Setting account policy—such as password and account lockout restrictions—was easy in Windows NT using the User Manager for Domains administrative tool. In Windows 2000 you must use Group Policy (or the Domain Security Policy located in Administrative Tools on a domain controller) if you are in a domain environment, and you must configure the appropriate settings of a domain GPO for your domain. See Group Policy in Chapter 4 and Chapter 4 for more information.

For many companies Active Directory is the raison d'être for migrating their Windows NT networks to Windows 2000, but implementing it successfully takes careful planning and training of IT staff. For information on planning and implementation, see the following articles in Chapter 4: Active Directory, domain, domain controller, forest, global catalog, and tree. Don't forget that to use Active Directory means you must use TCP/IP and implement DNS servers on your network. See DNS and TCP/IP in Chapter 4 for more information.

If you're just starting out with Windows 2000, these are the two most important administrative tools to get familiar with:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

As described in the preface, this chapter begins the alphabetical reference portion of the book and covers the underlying terms and concepts relating to Windows 2000 Server and its administration. Before looking up how to perform a particular administrative task in Active Directory, you may first want to read the background information on the topic in this chapter.

Concepts are listed here alphabetically and are cross-referenced with articles in this and other chapters where appropriate. I've tried to facilitate learning while avoiding too much repetition; I decided the best way to do this was probably to center explanations of key Windows 2000 concepts in main articles, while briefly defining subsidiary concepts and cross-referencing them to the main articles. For example, simple volume , mirrored volume , spanned volume , and other concepts relating to Windows 2000 disk technologies are defined briefly under their own headings and cross-referenced to the main article disks where a detailed explanation of these concepts and how they relate to each other is provided.

Sometimes, however, it seemed better instead for me to reverse this procedure. For example, making the article user account cover all types of Windows 2000 user accounts would require too lengthy an article, so instead the article user account has only a brief definition of the concept of a user account, along with cross-references to fuller articles like domain user account, local user account, and built-in user account. Another reason for sometimes adopting this approach was because different MMC snap-ins are used to administer local and domain user accounts, and since these topics would therefore need to be separated in Chapter 4 it seemed logical also to do this in this chapter.

Whichever way the information is organized here, cross-references are included to guide the reader through the material. The form of these cross-references is to use a number in parenthesis to indicate the destination chapter; for example, disks refers to the article entitled disks in Chapter 4.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

account lockout

A security feature that prevents a user from logging in for a time interval after a threshold number of failed logon attempts.

See Also

Group Policy

Active Directory

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter covers the basic tasks and procedures relating to Windows 2000 Server and its administration. When looking up a particular administrative task to perform in this chapter, you can use the cross-references at the end of each article to find background information on related topics in this and other chapters in Part II.

Tasks are listed here alphabetically according to "topic." This means that to find information on how to share a printer, you would first look up the topic printer in this chapter. Within the topic printer you will then find a list of procedures that can be performed on printers, and these procedures are themselves listed in alphabetical order within the topic. For example, for the topic printer the procedures (tasks) you can follow are outlined as follows:

Add a Printer
    Installing a Printer for a Local Print Device
    Installing a Printer for a Network-Interface Print Device
    Making a Connection to a Print
Configure Clients for Printing to a Printer
Configure Permissions for a Printer
Configure Properties of a Printer
    General
    Sharing
    Ports
    Advanced
    Security
    Device Settings
Find a Printer
Manage a Printer Using a Web Browser
Pause a Printer
Redirect a Printer
Share a Printer
Use a Printer Offline

Note that some procedures have subprocedures outlined under them. In this case, the subprocedure Section under the procedure Section is a cross-reference to the procedure Section later in the topic. (Main procedures are identified using headers separate from secondary procedures for easier lookup.)

Procedures are shown as a series of steps separated by arrows ( → ) in what I call "gestalt menus." Steps are usually described concisely and are understood best when sitting at a Windows 2000 machine to follow along. For example, the procedure for sharing a printer is described as:

Start → Settings → Printers → right-click on printer → Sharing → Shared As → <share_name>

which when working through it at the computer is obviously understood to mean:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Active Directory

Back up Active Directory, create objects in Active Directory, move an object to a different container within Active Directory, publish a shared folder, shared printer, or application in Active Directory, and restore Active Directory.

Procedures

This article contains procedures for several tasks involving Active Directory, which do not fit easily elsewhere in this chapter. For more information about creating, configuring, and managing different Active Directory objects and other entities, see the following articles elsewhere in this chapter:

computer
domain
domain controller
group
OU
site
trust

Back Up Active Directory

See Backup in Chapter 6, for information about this procedure.

Create Objects Within Active Directory

Open the Active Directory Users and Groups console → right-click a domain, container, or OU → New → select type of object to create

For more information on creating different objects, see computer, group , and printer elsewhere in this chapter.

Move an Object to a Different Container Within Active Directory

Open the Active Directory Users and Computers console

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter begins with a tutorial on the Microsoft Management Console (MMC). You will learn how to create new administrative tools or consoles by adding or removing snap-ins and how to work effectively with consoles. Although you can perform most Windows 2000 Server administrative tasks without ever creating and configuring your own custom MMC console, it's a good idea to learn these skills as custom consoles can simplify administration when you have many servers or when administration is distributed between different members of a team.

After this comes the main part of this chapter, an alphabetical reference guide to the standard Windows 2000 Server administrative tools and the various snap-ins that can be installed in the MMC to create custom consoles. These consoles and snap-ins are cross-referenced to Chapter 4, for background information on the concepts involved, to Chapter 4, for descriptions of how to perform specific administrative tasks using them, and to other chapters in Part II, of this book as applicable.

Windows 2000 Server administration is based largely upon a software framework called the Microsoft Management Console (MMC). The MMC is an application that in itself has no administrative functionality, but in which other software components called snap-ins can be installed and utilized. These snap-ins each provide basic administrative functionality for some component or aspect of Windows 2000 Server. When one or more snap-ins are installed in the MMC, the result is called a console .

Windows 2000 Server includes a number of preconfigured consoles and utilities called administrative tools. These tools can be launched by shortcuts found in the Administrative Tools program group or in Administrative Tools in the Control Panel. Table 5.1 shows the default set of administrative tools installed during Typical Setup on a Windows 2000 Server computer configured in the role of a member server.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Windows 2000 Server administration is based largely upon a software framework called the Microsoft Management Console (MMC). The MMC is an application that in itself has no administrative functionality, but in which other software components called snap-ins can be installed and utilized. These snap-ins each provide basic administrative functionality for some component or aspect of Windows 2000 Server. When one or more snap-ins are installed in the MMC, the result is called a console .

Windows 2000 Server includes a number of preconfigured consoles and utilities called administrative tools. These tools can be launched by shortcuts found in the Administrative Tools program group or in Administrative Tools in the Control Panel. Table 5.1 shows the default set of administrative tools installed during Typical Setup on a Windows 2000 Server computer configured in the role of a member server.

While most administrative tools in Windows 2000 Server are implemented as MMC consoles, a few of the administrative tools listed in Table 5.1 through Table 5.3 are implemented differently: as wizards, dialog boxes, Windows applications, or command-line utilities. The two terms administrative tool and console are thus not exactly synonymous, even though in common usage they are often treated as such. See Table 5.4 for a list of these nonconsole administrative tools.

Table 5.1: Default Set of Administrative Tools on a Windows 2000 Member Server
Administrative Tool	Function
Component Services

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Because a default set of administrative tools is installed when you install Windows 2000, I decided to cover two types of items in this alphabetical reference section:

Snap-ins: Snap-ins are identified in this reference section by PP. By adding a snap-in to a new (blank) console, you can give the console the desired administrative functionality. For example, by adding the Disk Management snap-in to a new console, you can create a console that can be used exclusively to administer disks. Similarly, by adding a snap-in to an existing console, you can add the additional administrative functionality of that snap-in to the console. The snap-ins listed here are common for Windows 2000 administration. Some of these are only available when certain optional components of Windows 2000 Server are installed, and these are appropriately identified when this is the case.

The snap-ins covered here are the ones used for day-to-day administration of Windows 2000-based networks. Each article describes, where possible, the basic purpose and functionality of the snap-in, general configuration options, and a typical console tree for a console with the snap-in installed in it, and cross references to concepts in Chapter 4 and tasks in Chapter 4 that involve the snap-in.
Administrative tools: Administrative tools are identified in this alphabetical reference by H. Windows 2000 Server has a preconfigured set of consoles and utilities to enable you to perform common administrative tasks. These tools can be accessed from the Start menu using Start → Programs → Administrative Tools. Note that while most of these administrative tools are implemented as MMC consoles, a few of them are not implemented this way. These are only mentioned here and then cross-referenced to further information found in Chapter 6.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This chapter covers miscellaneous utilities and GUI elements of Windows 2000. In particular, the following items are covered in this chapter:

All the Control Panel utilities, although some of them are covered only briefly since they are only of peripheral interest to administrators.
Some of the Start menu shortcuts, particularly from the Accessories program group and its various subgroups. User-oriented utilities such as Paint and games such as Solitaire are omitted.
All of the standard desktop elements, including the taskbar and icons such as My Computer and My Network Places.

In general, new or useful features of these items are emphasized, while familiar or tangential features are overlooked. Items are cross-referenced where appropriate to other chapters in Part II.

Many of the utilities listed in this chapter can also be run from the command line or Run box. For example, Accessibility Options can be run by:

Command interpreter → control access.cpl

Start → Run → control access.cpl

Accessibility Options

Configures the accessibility features of Windows 2000.

To Launch

Start → Settings → Control Panel → Accessibility Options

Command interpreter

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Accessibility Options

Configures the accessibility features of Windows 2000.

To Launch

Start → Settings → Control Panel → Accessibility Options

Command interpreter → control access.cpl

Description

Accessibility Options opens a property sheet with five tabs to configure Windows 2000 for easier use by individuals with various types of physical impairments. The key features on these tabs are as follows:

Keyboard

Enables StickyKeys, FilterKeys, and ToggleKeys:

StickyKeys: Executes simultaneous keystrokes such as Ctrl-Alt-Del by pressing one key at a time. Once enabled, this feature is turned on or off by pressing the Shift key five times in succession.
FilterKeys: Configures Windows to ignore brief or repeated keystrokes. Once enabled, this feature is turned on or off by depressing the Right Shift key for eight seconds.
ToggleKeys

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Although the main way of administering Windows 2000 Server is through the GUI-based Microsoft Management Console, many administrative tasks can be performed using the command line instead. This chapter describes important commands and utilities that can be accessed from the Windows 2000 command prompt. These commands can be used interactively from the command line or can be scheduled for use in batch files to perform various administrative tasks.

A large number of these commands are the same as those in Windows NT, though sometimes new switches or options have been added to enhance their functionality. In addition, there are some commands and utilities in this chapter that are new to Windows 2000 and are indicated as such. However, this chapter is not intended as a tutorial in using the command line. The reader is assumed to be familiar with basic DOS commands, such as dir and copy, and with creating simple batch files.

The entries in this chapter are also cross-referenced to the other chapters in Part II, of this work. For example, if you look up the net print command in this chapter, you may find cross-references such as the following:

To understand how printing works in Windows 2000, look up printer in Chapter 4.
For detailed instructions about adding and configuring printers, managing printers through a web browser, or any other administrative task involving printers, look up printer in Chapter 4.
To stop the print spooler because of a corrupt job in the queue, you can use Services in Computer Management, an MMC console described in the article Services in Chapter 5.
To learn how to configure printers using the Printers folder in the Control Panel, see Printers in Chapter 6.

The Windows 2000 commands listed in this chapter are grouped into the following five categories:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Windows 2000 commands listed in this chapter are grouped into the following five categories:

General commands
Net commands
Netshell commands
TCP/IP commands
Miscellaneous commands

The Netshell (netsh) commands are a major addition to Windows 2000, which enable command-line administration of DHCP, DNS, Routing and Remote Access, and WINS services. Administrators upgrading from Windows NT may want to familiarize themselves with these carefully.

Commands are grouped according to category and are cross-referenced when necessary. Command-line switches and options are explained, and examples are given to help illustrate their use.

Many additional command-line utilities are available in the Windows 2000 Server Resource Kit from Microsoft Press. Despite the number of pages (almost 8,000) and weight (23 lbs!) of the resource kit, it is well worth buying because of the additional utilities included in it.

A whole different paradigm in programmatic administration of Windows 2000 is afforded by a tool called the Windows Scripting Host (WSH), which allows scripts to be executed from either the desktop or the command line. WSH can be used for either interactive or batch scripting of administrative tasks. The scripting engine supports VBScript and JScript and is extensible to support other scripting languages such as Perl and REXX. Since knowing a scripting language is a prerequisite of using WSH, this tool is not covered here and is better suited to a book of its own.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

These commands are used to perform various administrative tasks. Many of these commands will be familiar to administrators who have worked with Windows NT. I've skipped many familiar commands such as dir and cd, as the reader is likely to be familiar with these. I've concentrated instead on commands of special interest to administrators, commands new to Windows 2000, and commands whose syntax has been updated in Windows 2000.

at

Schedules jobs (commands or programs) to run on a computer at a specified time and date. It can also be used to display the currently scheduled jobs.

Syntax

at [\\computername] [ [id] [/delete] | [/yes] ]
at [\\computername] time [/interactive] [/every:date[,...] | 
next:date[,...] ] command

Options

none: Displays scheduled jobs.
\\ computername: Specifies the name of the remote computer on which the job is run. (If omitted, the job executes on the local computer.)
id: Is the identification number assigned to the scheduled job.
/delete: Removes a job from the list of scheduled jobs. (If

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This group of commands is used to manage Windows 2000 networking services, user and group accounts, file sharing, printing, and so on.

net

Allows command-line administration of certain aspects of network connectivity and security.

Syntax

net [option]

Options

Net.exe must be used with one of the following options to give it a specific focus:

accounts: Manages password and logon requirements for user accounts
computer: Adds or removes computer accounts from the domain
config: Displays whether Server and Workstation services are running and configures these services
continue: Continues paused services
file: Displays a list of shared files that are open and closes them

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

This group of commands is a major addition to Windows 2000 and enables command-line administration of networking services such as DHCP, DNS, Routing and Remote Access, and WINS. Netshell (netsh.exe) is a command-line scripting tool that can administer these services on local or remote computers in both interactive and batch mode. It functions by providing a shell from which you can enter different contexts for administering each service. Contexts are provided by helper DLLs, which extend Netshell's functionality by providing service-specific command sets. Some contexts have subcontexts as well, which are described later in this section.

Netshell supports two kinds of commands:

Global commands: These can be run within any context and provide general functionality to the shell.
Context-specific commands: These are commands specific to a given context (see later in this section).

The various contexts and subcontexts that are currently supported by Netshell (more may be added later in the next version of Windows 2000) include the following:

AAAA

Configures the AAAA component that is used by both Routing and Remote Access and Internet Authentication Service

DHCP

Configures DHCP servers

Server: Subcontext for configuring a specific DHCP server

Interface

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

These commands are used for administering various aspects of TCP/IP and for interoperability with Unix machines in a heterogeneous networking environment. There have been relatively few changes to these commands from Windows NT to Windows 2000.

arp

Resolves IP addresses into media access control (MAC) addresses and caches them for reuse.

Syntax

arp -s IPaddress 
                     MACaddress [interfacenumber]
arp -d IPaddress [interfacenumber]
arp -a [IPaddress] [-N interfacenumber]

Options

-a [ IPaddress ]: Resolves the specified IP address into its associated MAC address by querying the Address Resolution Protocol (ARP) cache on the local machine. (If no address is specified, then all cached IP-to-MAC address mappings are displayed.)
-g [ IPaddress ]: Same as -a.
-N interfacenumber: Specifies the network adapter whose ARP cache is to be queried. (Each network adapter has its own ARP cache on a multihomed machine.) Use arp -a to determine the number of each interface. If arp is used without

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Listed here are some additional Windows 2000 utilities that can be run from the command line for administrative purposes.

csvde

Stands for Comma Separated Value Directory Exchange, a utility for bulk import/export of data between comma-delimited (CSV) text files and Active Directory. Csvde can be used to create multiple user accounts, groups, computers, printers, or other AD objects in a single batch operation.

Syntax

csvde options

Options

Csvde options are either export-specific, import-specific, or general in nature. There are also options for how credentials are specified for accessing AD.

General Options

-c string1 string2: Replaces all occurrences of string1 with string2 (used to change the distinguished name of objects when importing data from one domain to a different domain).
-f filename: Indicates name of import/export file.
-i: Switches to import mode (the default is export mode).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Table of Contents