No system is an island - Using Windows And Tech Step By Step

Since time immemorial (days when system admins used to wear Ties and kept 3-4 ballpoint pens in their shirt pockets....nostalgic 60's),command prompt has been there although the boxes then were huge mainframes and systems were unix or unix variants.

Many system administrators who manage Windows environment dont leverage the full power of Windows command prompt.One big argument that Unix admins have with Windows folks is the shell functionality in *nix systems.
With the release of Monad (Powershell),Microsoft has come up with something akin to *nix shell.However,without Powershell too,Windows command prompt is quite powerful although its features are not widely known.

Lets try to do something with just the command prompt in Windows,I will be using only Windows XP command prompt to demonstrate some tasks.

Say,I need to see which services are running on my XP box just using the command prompt.(I know you can go to run>services.msc and do stuff,but lets try to be lazy).

I do the following :

C:\>tasklist/svc

Image Name PID Services
========================= ====== ====================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1036 N/A
csrss.exe 1080 N/A
winlogon.exe 1108 N/A
services.exe 1152 Eventlog, PlugPlay
lsass.exe 1164 Netlogon, PolicyAgent, ProtectedStor
SamSs
ibmpmsvc.exe 1364 IBMPMSVC
ati2evxx.exe 1392 Ati HotKey Poller
svchost.exe 1412 DcomLaunch, TermService
svchost.exe 1488 RpcSs
.................................... Output omitted for brevity.

As seen,tasklist is very very useful if used properly.The above thing can also be done using pslist which is a part of PsTools suite but this is the in-built functionality which we are leveraging.
Lets filter the above output,I just want to see the svchost.exe process instances.I do the following :

C:\>tasklist/svc|find "svchost.exe"

This is what I get.

C:\>ts, RemoteRegistry, WebClient

"find" in CLI is what "grep" is in *nix boxes [powershell in Windows uses objects instead of text manipulation in *nix shells].
Filtering output using find is useful everywhere,especially when piped with netstat.Like I want to see what ssh connections I am having to and from my box,I type this:

C:\>netstat -ano|find "22"
Output is :
TCP AVP-XP:1229 AVP-XP.myworld.local:0 LISTENING
TCP AVP-XP:4195 apache.myworld.local:22 ESTABLISHED

Lets try some other cool stuff from our beloved CLI.
I urgently need to see all the device drivers on the box,only have a command prompt with me....thats enough to do the job :

C:\driverquery

This is the output :

Module Name Display Name Driver Type Link Date
============ ====================== ============= =====================
abp480n5 abp480n5 Kernel 8/18/2001 2:21:59 AM
ACPI Microsoft ACPI Driver Kernel 8/4/2004 11:37:35 AM
ACPIEC Microsoft Embedded Con Kernel 8/18/2001 2:27:55 AM
ADIHdAudAddS ADI UAA Function Drive Kernel 1/31/2006 8:49:33 PM
adpu160m adpu160m Kernel 5/30/2001 2:48:22 PM
AEAudioServi AEAudio Service Kernel 6/8/2005 2:23:44 AM
aec Microsoft Kernel Acous Kernel 10/1/2004 10:30:21 PM
..................... Output omitted for brevity

This is a long long list,lets try to get it in some human readable form.

Fear not,driverquery supports the export of the output to table/list/csv format [and they say Windows is purely point and click :) ]

To get the output in csv :

C:\driverlist/fo csv >> c:\driverinfo.csv

You wont see any output since we are redirecting the output to a csv file named driverinfo which is created at the root drive.

I have explained some of the not-so-common tasks that can be done when you are using command prompt.Will get to some really neat stuff like managing network operations of a box using only Windows command prompt sometime later.

Hope this brings some sense in using command prompt in Windows..it ain't that useless you see?

Peace.

The 3 essential phases every system administrator goes through :

Reflect
Repent
Reboot

This is the Taoism of systems admin :

Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

Quite true when you have Windows boxes to take care of,and even more true when you in some form of mental state apply GPOs that you should not have applied in the first place.
The place where I was previously working,I saw the 3Rs in action.Here is the story for all those who are interested,others can reboot their systems.

It was 3 AM and got a call from production floor that user boxes (all Windows)were stuck...cant seem to do any damn thing.Same for other departments.Didnt take a genius to figure out what had happened.
Most of the folks kept their stuff on network shares on a file and print server and...the server rebooted(Windows 2000 server,3AM....getting something here?)
Apparently it was set to download and restart after updates were applied automatically.
Next day,when the fun had died down,some folks realised that the GPO for server should not have been modified(reflect and repent).
It was an interesting night though-paging everyone and getting calls from them as early as 6AM.

For people who are as lazy as I am,you can reboot or shutdown any windows box using the shutdown command in windows.Checkout various switches :shutdown/?

Personally,I reboot my box using :
shutdown -r -t 0 (this will restart it immediately).
Put it in a batch file and have fun...especially if you use psexec and run this on a remote console.

Sorry for the long story on 3Rs,I thought this was applicable to all areas of systems administration.
Will write something more sensible in my next post when I get the mood to do so.

Peace.