Chapter 1. Introduction
The Windows operating system (OS) has come a long way in the last 10 years. In the early days of Windows NT, system crashes were common annoyances that users and administrators had to learn to deal with. There were few tools to manage the OS, and the ones that were available, mainly of the graphical variety, were limited in functionality and didn’t scale well. Also at that time, Microsoft was not yet serious about providing intuitive scripting interfaces or mechanisms to deploy configuration changes, which would allow administrators to automate repetitive tasks. The result was that administrators were forced to do a lot with little.
The tides changed dramatically with the release of Windows 2000, which turned out to be much more scalable and manageable. Microsoft began to improve in the management areas it had previously lacked by adding more tools and introducing several new scripting interfaces that were robust and easy to use.
But in many ways, Windows 2000 felt like a first version release of a major piece of software, which it was. Windows 2000 did a lot of things right, but there were still major gaps in terms of usability and features. Windows XP, Microsoft’s latest client OS, is a much more mature platform. It isn’t as big of an upgrade as Windows NT to Windows 2000, but Microsoft smoothed out a lot of the rough edges that were present in Windows 2000.
You can’t get all of this capability wrapped up into a single OS without some trade-offs. To be able to take full advantage of Windows XP, you have to know lots of gory technical details. You have to know how to navigate through the hundreds of dialogs and menus. You have to know which command-line utilities are available to accomplish various tasks, where to find them, and which options you should use for each utility. You have to know what scripting interfaces are available to automate tasks so you can keep your support costs low. We take it for granted, but that is a lot for any one person to know. We’ve been doing Windows system administration for nine years and we still have a difficult time recalling the correct tool or command or scripting interface for certain tasks.
And that is the purpose of this book: to be a comprehensive reference so we don’t have to waste time (and brain cells) trying to remember that WMI doesn’t have any scripting interfaces for creating or modifying pagefiles; or how to use Group Policy to run a task on a group of workstations; or how to find all of the files that are currently open on a system. This book covers installation, configuration, and maintenance duties for Windows XP, but it also covers a great deal more.
Approach to the Book
If you are familiar with the O’Reilly cookbook format that you can find in other popular books such as Active Directory Cookbook, Perl Cookbook, or Windows Server Cookbook, then the layout of this book will not be new to you. It is composed of 20 chapters, each containing 10 to 30 recipes that describe how to perform a particular task. Within each recipe are four sections: Problem, Solution, Discussion, and See Also. The Problem section briefly describes the task the recipe addresses and when you might need to use it. The Solution section contains step-by-step instructions on how to accomplish the task. Depending on the task, there could be several sets of solutions covered. The Discussion section goes into detail about the solution(s). The See Also section contains references to additional sources of information that can be useful if you still need more information after reading the discussion. The See Also section may reference other recipes, Microsoft Knowledge Base (MS KB) (http://support.microsoft.com/) articles or documentation from the Microsoft Developers Network (MSDN) (http://msdn.microsoft.com).
At Least Three Ways to Do It
People like to work in different ways. Some prefer graphical user interfaces (GUI) while others like command-line interfaces (CLI). And experienced system administrators like to automate tasks using scripts. Since people prefer different methods, and no one method is necessarily better than another, we decided to write solutions to recipes using as many of each as is available. That means instead of just a single solution per recipe, we include several using GUI, CLI, and scripting examples. That said, some recipes cannot be accomplished with one of the three methods or it may be very difficult to do with a particular method. In that case, we cover only the applicable methods.
In the GUI and CLI solutions, we use standard tools that are either provided with the operating system or available for download from Microsoft’s web site. But because there is a lot of good freeware and shareware out there, we also include a section on applicable tools you can download that can help you accomplish the task.
We took a similar approach with the scripting solutions. While one of the authors prefers Perl, we focus on VBScript due to its widespread use among Windows administrators. It is also the most straightforward from a coding perspective when using Windows Management Instrumentation (WMI) and Windows Script Host (WSH). For those familiar with other languages such as Visual Basic, Perl, and JScript, it is very easy to convert code from VBScript. For those of you who wish that all of the solutions were written with Perl instead of VBScript, you are in luck. On the book web site we’ve posted companion Perl scripts for each VBScript example. Go to http://www.rallenhome.com/books/ to download the code.
Where to Find the Tools
For the GUI and CLI solutions to mean much to you, you need access to the tools that are used in the examples. For this reason, in the majority of cases and unless otherwise noted, we used only tools that are part of the default operating system or available in the Resource Kit or Support Tools.
The Windows Server 2003 and Windows 2000 Resource Kit tools can be installed on Windows XP and provide numerous utilities that aid administrators in their daily tasks. More information on the Resource Kit can be found at the following web site: http://www.microsoft.com/windows/reskits/. Some of the Resource Kit tools are free; for others you must buy the Resource Kit.
Windows Support Tools also includes many “must have” tools for people who work with Windows XP. The installation MSI for the Windows Support Tools can be found on an XP CD in the \support\tools directory.
Running Tools with Alternate Credentials
A best practice for managing Windows XP systems is to create separate administrator accounts and grant them elevated privileges, instead of letting administrators use their normal user account that they use to access network resources. This is beneficial because an administrator who wants to use elevated privileges has to log on explicitly through an admin account instead of having privileges all the time, which could lead to accidental changes. With the separate account method, the administrator would need alternate credentials to use tools to administer systems unless he or she logged on (locally or with Terminal Services) to the target machine using admin credentials.
There are several ways to specify alternate credentials when running tools. Many GUI and CLI tools have a user and password authentication option. If the tool you want to use does not have that option you can use the runas.exe command instead. The following command runs the enumprop.exe command under the credentials of the administrator account in the rallencorp.com domain:
> runas /user:firstname.lastname@example.org /netonly "enumprop LDAP://dc1/ dc=rallencorp,dc=com"
> runas /user:email@example.com /netonly "mmc.exe"
This will create an empty MMC console from which you can add consoles for any snap-in that has been installed on the local computer. This is beneficial because all of the consoles that you add will be run under that administrative account. If you don’t want to type that command over and over, simply create a shortcut on your desktop and put the command as the target path. By doing this you eliminate one of the common complaints about using alternate credentials, that is, it makes the job more tedious.
/netonly option is
necessary if the user you are authenticating with does not have local
logon rights on the computer from which you are running the command,
or if you want to authenticate with an account from a non-trusted
There is another option for running MMC snap-ins or any GUI program with alternate credentials. Click on the Start menu and browse to the tool you want to open, hold down the Shift key, and then right click on the tool. If you select Run As, you will be prompted to enter alternate credentials with which to run the tool.
A Brief Word on Windows Scripting
Much has been said over the years about how unfriendly the Windows OS is to experienced power users and system administrators who want to automate tasks with scripts. We’re pleased to say that Microsoft has made some great strides in this area over the last four or five years so that now there are very few tasks that you cannot automate with a script.
Microsoft has developed three primary scripting interfaces over the years: WSH, WMI, and ADSI. Note that we said that these are interfaces, not languages. In generic terms, a scripting interface is just a framework for how a script calls functions or methods to perform tasks. WSH is the scripting engine that acts as the interpreter for the scripting languages that are native to Windows (i.e., VBScript and Jscript). It has an interface for doing basic scripting such as printing out to a console or displaying a dialog box, processing command-line arguments, and other basic system administration tasks such as reading and writing files and manipulating the Registry. WMI is the high octane system management interface. With it you can query and often configure many of the components within Windows. WMI is to computers what ADSI is to Active Directory. ADSI is the primary scripting interface for querying and manipulating objects in Active Directory. You can also use it to manage local users and groups on a computer as well as the IIS Metabase.
Where to Find More Information
While it is our hope that this book provides you with enough information to perform the majority of Windows system administration tasks you are likely to do, it is not realistic to think every possible task can be covered. In fact, there are easily another five or six chapters we could have included in this book, but due to space and time considerations it was not possible for this edition. There is a wealth of additional resources and information you can find on the Internet or in a bookstore. In this section we cover some of the ones we use most frequently.
Help and Support Center
Windows XP comes with a new feature called the Help and Support Center, which is available directly off the Start menu. It is a great resource of information and it serves as the central location to obtain help information about the operating system, applications, and installed utilities.
If you have any questions about the complete syntax or usage of
a command-line tool we use in the book, you should first take a look
at the help information available with the tool. The vast majority of
CLI tools provide syntax information by simply passing
/? as a parameter. For example:
> netsh /?
Microsoft Knowledge Base (MS KB)
The Microsoft Help and Support web site is a great source of information and is home to the Microsoft Knowledge Base (MS KB) articles. Throughout the book we include references to pertinent MS KB articles where you can find more information on a topic. You can find the complete text for a KB article by searching on the KB number at the following web site: http://support.microsoft.com/default.aspx. You can also append the KB article number to the end of this URL to go directly to the article: http://support.microsoft.com/?kbid=.
Microsoft Developers Network (MSDN)
MSDN contains a ton of information on Windows XP and programmatic interfaces such as WMI. Throughout the book we’ll sometimes reference MSDN pages in recipes where applicable. Unfortunately, there is no easy way to reference the exact page we’re referring to unless we provided the URL or navigation to the page, which would more than likely change by the time this book is printed. Instead, we provide the name of the title of the page, which you can use to search on via the following site: http://msdn.microsoft.com/library/.
- Microsoft Windows XP Home Pages - http://www.microsoft.com/windowsxp/
This site is the starting point for Windows XP information provided by Microsoft. It contains links to whitepapers, case studies, and tools.
- Microsoft Webcasts - http://support.microsoft.com/default.aspx?scid=fh;EN-US;pwebcst
Webcasts are on-demand audio/video technical presentations that cover a wide range of Microsoft products. There are numerous webcasts related to Windows XP technologies that cover such topics as installing service packs, configuring home networking, and troubleshooting startup and shutdown problems.
- Google - http://www.google.com/
Google should be one of your primary starting points for locating information. Google is often quicker and easier to use to search the Microsoft web sites (e.g., MSDN) than the search engines provided on those sites.
- MyITForum - http://www.myitforum.com
The MyITForum site has very active online forums for various Microsoft technologies. It also has a large repository of scripts.
- LabMice - http://www.labmice.net/
The LabMice web site contains a large collection of links to information on Windows XP including MS KB articles, whitepapers, and other useful web sites.
- Robbie Allen’s Home Page - http://www.rallenhome.com/
One of the author’s personal web sites, which has information about the books he’s written and links to download the code contained in each (including this book).
- Microsoft Technet Script Center - http://www.microsoft.com/technet/community/scriptcenter/default.mspx
This site contains a large collection of WSH, WMI, and ADSI scripts.
Many of the Windows XP related Microsoft newsgroups are very active and have one or more of Microsoft’s Most Valuable Professionals (MVPs) actively responding to questions. If you have a question and can’t find an answer, try posting to the pertinent newsgroup.
These are general-purpose Windows XP newsgroups:
Here are some of the newsgroups that cover a specific Windows XP technology:
These are the scripting-related newsgroups:
If you have a question about a particular topic, a good starting point is to search the newsgroups using Google Groups (http://groups.google.com/). Just like Google’s web search engine, Google’s group search engine is an invaluable resource.
- Windows IT Pro Magazine - http://www.windowsitpro.com/
This is a general-purpose monthly magazine for system administrators who support Microsoft products. The articles contributed by industry experts are informative and provide unique insight into common issues system administrators face.
- Windows Scripting Solutions - http://www.winnetmag.com/WindowsScripting/
This is a useful monthly newsletter that covers all aspects of scripting in the Windows environment. You’ll see a little bit of everything in this newsletter.
- Security Administrator - http://www.winnetmag.com/WindowsSecurityIndex.cfm
Security is an important part of any system administrator’s job these days. With this news letter you’ll be able to stay abreast of the latest Windows security issues.