Tech Off Thread

25 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Windows command line

Back to Forum: Tech Off
  • User profile image
    themaffeo

    I've got an interesting question: Is it possible to administer a Windows box solely through the command line?  Never mind the question "why would you want to" (I wouldn't)  I'm just curious if Windows has the equiv of ssh or a terminal type setup a-la Unix or Linux?

    If so, any ideas where the commands are detailed?

  • User profile image
    DrFooMod2

    You could install Cygwin which would give you SSH.  I have done it and it works fine.  The problem is thay even though Windows does have commandline tools such as netsh, it's not conducive to doing so.

    What are your underlying intentions?

  • User profile image
    Cerunan

    In a word, yes.

    You can install an SSH server like van * software's Vshell (http://www.vandyke.com/products/vshell/index.html)

    You can also use telnet (if you are so inclined). You will also need to install the resource kit, and support tools either on the station you are administering from (if it is windows based) or you have to install them on the server that you are connecting to.

  • User profile image
    themaffeo

    DrFooMod2 wrote:


    What are your underlying intentions?


    My intentions were merely acedemic.  The thought sprung from an discussion with a sys admin who had the audacity to say Windows didnt have a good remote administration tool.  I then introduced him to Terminal Services and he resigned himself to saying that GUI's were stupid, and all you really need is a command line.  That got me to thinking, even though I feel Windows' GUI is one of its strengths, does windows have a way to do all of its remote administration simply through commandline text?  Things like Stoping/restarting IIS, changing permissions, viewing activity logs would be the things i was curious about.

    I metioned SSH because I am rather unknowledgeable about the Linux/Unix world, but I though those applications were the closest to what I was asking for. (Was that assumption correct?)

  • User profile image
    themaffeo

    Never mind, I did some more answered my question - Yes, it is possible.

    Thanks for all your help - you set me in the right direction.

  • User profile image
    MattW

    I can't think of anything you can do in a GUI in Windows Server 2003 that you CANNOT do from the command line. We did a lot from the command line in 2000 but got a bunch better in 2003.

    As for SSH, download Services for Unix at http://www.microsoft.com/windows/sfu/default.asp. Then go to http://www.interopsystems.com/tools/warehouse.htm and grab OpenSSH. Or grab the source from somewhere on the net and compile it yourself....it'll take a little porting but nowhere near as much as you'd expect.

    Once SFU is installed, you could take any of your favorite perl, csh, ksh, bash, etc scripts and run them on windows. sfu is pretty slick...

  • User profile image
    Manip

    I think the main limit on administering a windows box completely with a command line is more documentation than it is capability. You say that you can do most things from the command line in W2k3 but there is no really good centralised location for documents and the community doesn't pack around the command line concept in windows so much.

  • User profile image
    gmiley

    http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/ntcmds.htm

    Also I guess if you wanted to, you could write a simple service that runs in the background listening on some specified port. On connection it asks for login information, verifies then dumps you to a cmd.exe/command.com presto you have a terminal. Use the above link to check out the various commands available to you and what they do.

  • User profile image
    Cerunan

    Manip wrote:
    I think the main limit on administering a windows box completely with a command line is more documentation than it is capability. You say that you can do most things from the command line in W2k3 but there is no really good centralised location for documents and the community doesn't pack around the command line concept in windows so much.


    I would guess that's becaue it's generally rare that you need a command line to do administative tasks.  You also don't need log in via terminal services.  If you install the administrative tools on your workstation, you can point the MMC snap-in at the target server and do your work using the GUI on your local machine.  The key concept is, you don't have to log-on to a machine to administer it, you just have to authenticate.  Why Microsoft doesn't impresss this on the general public is beyond me.

  • User profile image
    Akaina

    Running a windows box from the command line is like getting a dog to walk on two legs. That is to say, just because it's possible, doesn't mean it's the right way to do it.

    Lack of variable interpolation by the shell makes it virtually impossible to tie command line utilities togther (and NO... %1 doesn't count). Also, with CMD, there is no support for back-refrences.

    Windows forces you to write custom command line apps to get this behavior, whereas in Unix you will undoubtedly run into ambiguously open-ended utilities like grep, sed, awk, blat, cat, fork, tcpdump, top, w, ps, du (etc). All of which are dedicated to letting the user decide specifically what they want to see come out the other end.

    You want to find the number of times the word 'human' is used in War and Peace?

    1 line of code. (including the download & decompression of the book)


    You want to send an e-mail to the administrator whenever a hacked account is logged into over a certain port?

    5 lines of code.

    You want to launch your GUI automatically 13 seconds after you check your mail?

    5 lines of code.

    You want to repopulate your database if newer files have been uploaded?

    5 lines of code.

    You want to close down your FTP between 7pm and 5am on Wednesdays and open again it at 9am on a leap year?

    5 lines of code.


    Once configured, Unix systems virtually run themselves. Scripting is everything in Unix.

    And trying advanced techniques like port knocking in a windows environment is an excercise in futility.

    I heard a rumor Microsoft was going to come out with MSH to compete with everyone else on the command line. Anyone else hear about this?





    BTW:
    If you really need a GUI, why use Terminal Services when VNC works for Unix AND Windows (granted a little choppy sometimes)?

  • User profile image
    themaffeo

    Thanks again all for the comments - you've been very helpful.

    One comment though:

    Akaina- There are several reasons to use terminal services over VNC in my opinion:

    1) Why create another service on you computer?
    2) All sessions (not just password) are powerfully enctypted
    3) Virtually 0 lag.  I've been able to program through Terminal Services many times, including the use of Intellisense.
    4) New Session.  VNC views the current desktop, Terminal services allows me to work on a box without worying if someone else is using it.


  • User profile image
    Akaina

    1) Because it has a small footprint and it works everywhere. I can even take remote control of my PDA in a browser window. All you need is a browser that runs Java. It's also free.

    2) You can run VNC over a secure shell tunnel or SSL.

    3) You guys definitely have them beat on speed and friendliness, but the administration of VNC is 1 screen and pretty easy to configure.

    4) That is a great feature. I am typically the only person who needs to control my box though.


    If I had to do development remotely I would definitely prefer Terminal Services over VNC.

  • User profile image
    Cerunan

    Akaina wrote:
    Running a windows box from the command line is like getting a dog to walk on two legs. That is to say, just because it's possible, doesn't mean it's the right way to do it.

    Lack of variable interpolation by the shell makes it virtually impossible to tie command line utilities togther (and NO... %1 doesn't count). Also, with CMD, there is no support for back-refrences.

    Windows forces you to write custom command line apps to get this behavior, whereas in Unix you will undoubtedly run into ambiguously open-ended utilities like grep, sed, awk, blat, cat, fork, tcpdump, top, w, ps, du (etc). All of which are dedicated to letting the user decide specifically what they want to see come out the other end.

    all of which are also available for windows including the unix shells, should you desire them
    Akaina wrote:

    You want to find the number of times the word 'human' is used in War and Peace?

    1 line of code. (including the download & decompression of the book)


    You want to send an e-mail to the administrator whenever a hacked account is logged into over a certain port?

    5 lines of code.

    You want to launch your GUI automatically 13 seconds after you check your mail?

    5 lines of code.

    You want to repopulate your database if newer files have been uploaded?

    5 lines of code.

    You want to close down your FTP between 7pm and 5am on Wednesdays and open again it at 9am on a leap year?

    5 lines of code.


    Once configured, Unix systems virtually run themselves. Scripting is everything in Unix.
    and if you don't script it, even considering the aforementioned tasks is an exercise in futility
    Akaina wrote:

    And trying advanced techniques like port knocking in a windows environment is an excercise in futility.
    I've never tried it but there appears to be python and perl implementations, so they should work under windows
    Akaina wrote:

    I heard a rumor Microsoft was going to come out with MSH to compete with everyone else on the command line. Anyone else hear about this?





    BTW:
    If you really need a GUI, why use Terminal Services when VNC works for Unix AND Windows (granted a little choppy sometimes)?

  • User profile image
    Charles

    Anyone out there using windows services for unix?  

  • User profile image
    spod

    This came up in a previous thread over in the coffee house...

    Reproduced from the thread here..
    http://channel9.msdn.com/ShowPost.aspx?PostID=1577#1577


    ----

    Re: One of the million reasons why Windows sucks (religious) #
    Friday, Apr 9, 2004 4:52 PM Reply Quote

    We have certainly done a bad job of this in the past.  We have focused on GUIs for simple administration and SDKs for complex administration and not paid enough attention to the command line.  Mea Culpa. Mea Culpa.

    WE ARE FIXING THIS.  (That is the great thing about MSFT - we are incapable of sustained error.  OK OK, sometimes it takes us 25 years before we fix things but still - we eventually get them fixed.  Smiley )

    We started to fix this in XP and W2K3 by adding 61 new commands.  That was great and it moved the ball forward but what was still missing was the rich programmatic shell/scripting language and the rich domain-independent utilities. 

    That is now fixed by being able to use the free download of Services For Unix (SFU) which gives you all the UNIX shells and utilities.  SFU provides great UNIX compatiblity and interoperability.  Great stuff - check it out.  Use it early, use it often.

    We are also working on the next generation of command line scripting tools which will leapfrog the capabilities current tools.  This is the MONAD project offically known as the MSH Command Shell.  Most Unix guys blanch when I say that there is a better way to do things but then agree after they hear me out and see the demo.  The topic is too vast to cover in one posting but what you can do is to check out the DECK I presented at the PDC at: http://download.microsoft.com/download/3/8/1/38198a72-294d-46c3-93ba-faee5cf85d00/ARC334.ppt . 

    Here is the elevator pitch:
    MSH is as
       Interactive and Composable as ksh or bash
       Programmable as Perl or Phython
       Production-oriented as VMS DCL or AS400 CL
    And it makes accessing management information as easy as accessing files.

    You can also get a copy of the new shell from http://betaplace.com/" target="_blank"> http://betaplace.com .  You'll need a passport account and then login with the name "mshPDC" (case matters).  You'll get access within 24-48 hours.

    Please investigate and give it a try and throw rocks.  I think you'll like it but I'm most interested in finding out where we got it wrong and what we need to do to get it right. 


  • User profile image
    Michael Elsdoerfer

    Charles wrote:
    Anyone out there using windows services for unix?  


    I used it a while ago just to get a richer shell, but since I got my fingers on the MSH Preview I don't use it anymore.

  • User profile image
    Jeremy W

    I love how Unix guys, and even Windows guys, are completely unaware that there is a shell programming environment for Windows. Fully featured, including remote admin tools, COM interop, registry and API access, everything.

    www.kixtart.org

    In the last week we've updated IE, rolled out the new ZENAgent and upgraded all 2K and XP machines to point to our local SUS server.

    As an example, here's the code for the SUS Script:

    <pre>;Sus.kix
    ;This kix file will check the OS and detect compatability with the SUS update. If the update is
    ;required it will apply the appropriate registry keys.

    Break ON
    CLS

    ;variable declaration
    Dim $r, $comp, $computer, $os, $oper, $domain, $ResultsINI, $val1, $val2, $regAU, $regWU, $exclude, $ConfigINI

    $ResultsINI = 'C:\susres.ini'            ;this stores the output of the results
    $ConfigINI = 'C:\susconfig.ini'
    $regAU = \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    $regWU = \HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    $exclude = Split(ReadProfileString($ConfigINI,'Exclude',''),Chr(10))
    $domain = NTHSC
    $placeholder = " "
    Call "ping.kix"
    Call "osid.kix"
    Call "netview2.kix"
    Call "comnetview.kix"

    For Each $computer In comnetview();netview2($domain,1)
        $comp = Split($computer,",")[0]
        If AScan($exclude, $comp) = -1
        If InStr("$comp", "shakesxp") ;<---------------------change the group here!
            ? "Working on: " + $comp
    ;        If Ping($comp, 0, 4) 
            If Ping($comp)=1
                $os = OSID($comp)                         ;get the operating system info on the enumerated PC
                $oper = Left($os[1], 5)                     ;there were some trailing zeros on some of the names, this gets rid of it
                ? "OS : " + $oper                        ;this is the print out info
                If (($oper = "Win2k") OR ($oper = "WinXP"))     ;check the os of the PC against SUS compatability
                    If KeyExist("\\" + $comp + $regAU)
                        $val1 = ReadValue("\\" + $comp + $regWU,"WUServer")
                        $val2 = ReadValue("\\" + $comp + $regAU,"ScheduledInstallTime")
                        If ($val1 = "http://HSCXNTNS0012" AND  $val2 = "20")
                            $r = WriteProfileString($ResultsINI,$comp,'Already Added',@DATE + " " + @TIME)   
                            ? "No need to update"
                        Else
                            $r = WriteValue("\\" + $comp + $regAU,"RescheduleWaitTime","60","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regAU,"NoAutoRebootWithLoggedOnUsers","1","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regAU,"NoAutoUpdate","0","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regAU,"AUOptions","4","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regAU,"ScheduledInstallDay","0","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regAU,"ScheduledInstallTime","10","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regAU,"UseWUServer","1","REG_DWORD")
                            $r = WriteValue("\\" + $comp + $regWU,"WUServer","http://HSCXNTNS0012","REG_SZ")
                            $r = WriteValue("\\" + $comp + $regWU,"WUStatusServer","http://HSCXNTNS0012","REG_SZ")
                            $r = WriteProfileString($ResultsINI,$comp,'SUS Updated',@DATE + " " + @TIME)
                            ? "Sus Updated"
                        EndIf
                    Else
                        $r = WriteValue("\\" + $comp + $regAU,"RescheduleWaitTime","60","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regAU,"NoAutoRebootWithLoggedOnUsers","1","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regAU,"NoAutoUpdate","0","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regAU,"AUOptions","4","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regAU,"ScheduledInstallDay","0","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regAU,"ScheduledInstallTime","10","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regAU,"UseWUServer","1","REG_DWORD")
                        $r = WriteValue("\\" + $comp + $regWU,"WUServer","http://HSCXNTNS0012","REG_SZ")
                        $r = WriteValue("\\" + $comp + $regWU,"WUStatusServer","http://HSCXNTNS0012","REG_SZ")
                        $r = WriteProfileString($ResultsINI,$comp,'SUS ADDED',@DATE + " " + @TIME)
                        ? "Sus did not exist, added"
                    EndIf
                Else
                    $r = WriteProfileString($ResultsINI,$comp,'SUS Incompatable',@DATE + " " + @TIME)
                    ? "Incompatable with SUS."
                EndIf
            Else
                ? $comp + " no longer available."
               
            EndIf                                
            ? "---------------------"
        Else
            $r = WriteProfileString($ResultsINI,$comp,'Skipped',@DATE + " " + @TIME)       
            ? $comp + " skipped."
        EndIf
        Else
        ? "-->" + $comp + " on exclude list."
        EndIf
    Next</pre>

    I've never had any problems with KiX. It's not a Microsoft product, but it was strong enough to be included in the NT4 Option Pack.

  • User profile image
    Akaina

    None of that code is executed by the commandline, so you may as well be writing in QBasic with some extended library functions.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.