Monday, March 30, 2015

Windows 7 Shell Commands, Utils and handy stuff

I hope you find these useful...starting from the beginning to revamp my skills,,,Windows 7 here we come...inspiration has come from these books Windows 7 Portable Command Guide: MCTS 70-680, 70-685 and 70-686 [Kindle Edition] and Windows 7 Inside Out [Kindle Edition]

Forget about Graphic User Interfaces...the real action happens in a SHELL...check this from Wikipedia....


Command-line interface(A Shell) this post will be for Microsoft Windows Systems though.



Doskey
So...kick of a command prompt and doskey will store a list of commands you have used in the current session default 50. Minimizes typos for commands you re-use..up and down arrow keys to cycle you through.

Setup Persistent Aliases & Macros in Windows Command Prompt (cmd.exe) using DOSKey


Configuring the Command Prompt (aka the command line interface- CLI)
Quickedit mode mode is damn handy for cutting and pasting in the command prompt too...check this
Boost Your Productivity with QuickEdit Mode in the Windows Command Prompt and make sure insert mode is selected or ticked too!!
To configure the command prompt

Displaying Text to Screen

Technet-Echo Command
Wikipedia-Echo


Using the ECHO command you can display the value contained in a system variable...remember to use the % symbol at the beginning and end of the variable as in the the above screen shot

Command shell overview (Windows XP) still pertinent for Windows 7 and describes using environment variables with cmd.exe. The link also describes setting and deleting your own variables too...so follow that link..!!!

A-Z List of Commands 

Applies To: Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista..May change from system to system depending on what apps, Service Packs and Resource Kits are installed.

You will need Wildcards Nothing to do with Wild Bill Hickok or what Mafia Boss was taken out while holding an Ace of Spades...these guys are useful when trying to find....STUFF...


Command Prompt: frequently asked questions


How to Read Windows Command Line Syntax


The Command shell has a help file that will list all the ommands in the OS. Just type


help


and a crriage return and the commands will be listed, you can get help with a specific command by typing 


command /?


so see what you get when you type 


ipconfig /?                            so command = ipconfig


I've seen some literature that uses the


command -?


format, but I cannot ever remember using it!! Well, for calling on a command's help file I mean. You can also try the Win7 Help and Support util, just use the search option from the start bar and start typing  Help and Support...the search results will start appearing as you type what you are searching on. In fact, it's pretty consistent in the books I have read on Win7, that it is actually easier and quicker to use search to find something than go through the menus so keep that in mind.


Folders V Directories



As the Windows environment developed directories were represented with folders.

Before windows when computers used command line shells Directories were Directories. Notice the <DIR> this is usually followed by the directory name and check out the "Directory of" section


The command prompt shows the current path when it's launched, this is effectively the first place it looks for a command when you type a command in. Such as Notepad...so if you want to launch a file in notepad type

notepad filename.txt

the system will look in the current directory for the notepad app and the file...Windows uses a special system variable called a PATH. Here you can add lists of directories/folders for windows to search for applications and files. Just type PATH in the command prompt to see what your PC path is set to.
Useful, notepad is in the C:\Windows folder, so the command prompt finds it on the path statement, configured as Windows and applications are installed.

A path can be added to the file name, 

notepad C:\folder1\durecrory2filename.txt

PC will search the local directory for the notepad app, if it's not there search the PATH variable containing lists of searchable folders to use, finds notepad in C:\windows....launches the app....now goes to C:\folder1\durecrory2filename.txt so you can edit the file

Two ways of using PATH command, notice the different output


CD Command...changes directory or the path.

Here is a cool trick to save typing in long directories paths.

Open explorer and open a command prompt
Use explorer and browse to a folder
Click and hold the folder in the left pane of explorer
Drag the folder onto the command prompt window
Click in the command prompt window
Press Home key or use the left arrow button to go to the beginning of the line and type CD and a space (Ihit the space bar once)
Press enter

Creating and Deleting Folders

MD Make Directory
MKDIR old school 

RD Remove Directory
RMDIR old scFile extensions tell operating systems what app to launch to open a filehool

Command Line Redirection
You can manipulate the screen output and save the text to files, check this link...

And you can redirect output to the windows clipboard so you can cut n paste to windows apps


So, to finish a command prompt session use EXIT take note of the switches which will be useful for scripts.

File Extensions and Associations

File extensions tell operating systems what application to open when a file is double clicked.
So if you have a file with a . docx extension the OS knows to launch Microsoft Word and open the file you just double clicked.

Most files have extensions (.txt,.docx, just to give a couple of examples) there are some files that do not have extensions such as the HOSTS file which is used for name resolution for system human friendly names to IP Addresses.

The file extension is mapped to a file type. The extension is not directly mapped to the application, instead it is mapped to the file type.

The file type is mapped to an application. The application can open the file.

Stage 1                                   Stage 2
File Extension ->File Type->Application

Command line commands for file associations are...
Assoc view and edit file extension association
If you run an Administrator level Command Prompt, you can use the Assoc command. To get all file extension associations and a list that rolls off the screen just type

assoc

see the above link for the Technet manual on the Assoc command.

Ftype view and edit the association between file type and application path and application name that will launch to open a particular file type. The application is IDd with a command string that includes the full application path and application name. To modify these settings run an administrator level command prompt. Or to view just type

ftype

again the list scrolls off the screen, use output redirection to save output to text files and you can review the settings at your leisure. 

see the above link for the Technet manual on the Ftype command.

An d from Windows7.....


If you look at the snip from my PC you will get the Win7 tool (Set Associations) from the breadcrumbs 


And just so you see the Win7 friendly name...for Set Association, from the windows environment....again follow the bread crumbs...


and please excuse my poor touch pad mouse skills!!!

Keep in mind that the above tool does not allow the creation of new associations. It does allow you to set an association from a program to a file type. Use Assoc command to create new associations...better still don't tinker as these are usually well handled by the OS and application installer.

File Attributes


Attrib is the command used to view a list of settings that a file has configured....aka attributes.

These can also be seen in windows explorer, select any file right click and take properties from the secondary menu. I've added the window from the ADVANCED button too...





Compress and encrypt advanced attributes cannot be used with the ATTRIB command, these are configured by COMPACT & CIPHER.

Instead of me babbling on check the ATTRIB Technet manual for the use of this command and how attributes are represented in the command prompt shell.

Please note that there is a symbolic link attribute! So...check this from Technet Symbolic Linking

Lets look at Compact Technet Manual

NOTE it only works on NTFS volumes so I don't think you can compress files and send them to someone using an Apple device...so looks like it's restricted to NTFS ONLY!!
The technet manual says it all really. Note compressed folders and files are displayed in windows explorer in Blue.

Lets look at encryption using the Cipher Technet Manual

Again dependent on NTFS volumes. NTFS has an inbuilt File Encryption System aka EFS.
Anything that is encrypted is displayed in GREEN.

NOTE files/folders can only be compressed or encrypted they cannot be both. Compression and encryption are mutually exclusive!

Copying Files

Yes, it's not all about the drag and drop in a Windows 7 explorer session!
There are three commands available in the command prompt and there has been some evolution over the years too!

The most basic of the three format is 

Copy sourcefilepath destinationfilepath

You can use this command to combine files, pay attention to the manual and do not mix file types as this may cause corruption.

The copy Technet manual says it all

NOTE when copying a file the permissions and compression attribute are inherited from the Directory/Folder it was copied to, the new parent Directory/Folder. The permissions and compression attribute never stay the same with the COPY command. The only time the attributes stay the same is when a file is MOVED.

NOTE the encryption attribute always wins. If it is already encrypted it stays encrypted. If the destination folder is encrypted then the data copied in to it gets encrypted.


Extends file and folder copying. Basic format is

Xcopy sourcefilepath destinationfilepath

and just look at all those options from the Xcopy Technet Manual.


First met this util years ago when NT40 needed a Resource Kit to get this command. Apparently part of the default Win7 build now. A contract I was on  used robocopy when decommissioning a SAN. The managers did not like the hefty price tag that EMC had quoted for extra SAN migration utils...well...that is how it was explained to me...robocopy came to the rescue and millions of files were used to slowly migrate SANs via USB hard disks...yep you read that correctly!!

A true real life case....anyway...basic syntax should not be a surprise....

Robocopy sourcefilepath destinationfilepath

Robocopy extends copying by enabling us to copy File Metadata (Wikipedia) 
Check the /copy:<CopyFlags> section of the Robocopy technet manual.
Have a look at the logging capabilities and what to do in case there is a failure during copying. As you can see it's the Arnie schwarzenegger of copying utils.

Robocopy has output too. This can be redirected to a file and can be used for reporting on activity and failures. The type of data reported are; successful copies of files and folders and the amounts copied, how many files or folders were skipped, failures if any and copy speed. Check the Robocopy Technet Manual...a must see!!

Deleting Files


DEL is just shorthand for DELETE no surprise there eh?!
Basic syntax

Del filename 

Pretty simple command really but still...check the Technet page for it, that is always a good habit to get in to..

Cabinet Files

Microsoft uses .CAB files to lump and compress files together. Used for OS and app distribution. Again I would say this is restricted to the Windows environment...not that I have tested cross platform access or anything.

The command to use is....EXPAND Technet Manual

expand /d <source>.cab [/f:* destinationfolder]
is the basic syntax to expand files from a source cab file to a destination folder. The /f
specifies the files to expand, the astrix * selects all files to expand. Make sure the destination folder exists before using expand and make sure you have the path correct so the util can find the correct directory.

File Ownership


This command is used so that Sys Admins can literally take ownership of a file and reset the file permissions as required by the customer or business unit. Used on NTFS volumes/drives, where file creators are set as owners, as an owner they can actually set their own permissions....when they get it wrong up steps the Sys Admin to save the day!!


Again, use an elevated Command Prompt session. General syntax is

Takeown /f filename

So if a system has been upgraded and there is a c:\windows.old folder lurking around taking up space unnecessarily then....use an elevated Command Prompt session and follow these steps

takeown /f c:\windows.old\* /r /a /d y

the files in the c:\windows.old will have permissions set to redundant security identifiers aka SID.
Those SIDs were generated by the previous windows install and installation process. The /r forces the takeown command to recurse through the directory and subdirectories hitting every folder and file. the /a the administrators group the required permissions  and the /d y gives a default answer of yes to any promopts...and this can take a bit of time depending on the folder structure and size

So after waiting a day for perms to rest set to Admins full access....

to be rid of the unnecessary folder..

rd /s /q c:\windows.old\

The /s specifies all subdirectories and the /q is quiet mode so suppresses prompts.

Network Drives

So, you have a network with file servers and colleagues that have the correct access level to set network folder access....what can go wrong???

Well you need two bits of info....the Server or remote PC and the network folder path
So you should be able to browse to a share by using the UNC path which includes both these bits of information...you can use the windows browser or internet explorer to do this

\\RemoteComputer\topfolder\secondfolder\thirdfolder

So the two

\\

define the remote computer it does not matter if it is a file server or someone's PC.
Each 

\

Separates out the next directory level and effectively browses to the resource you have access to....now save it as a favourite and it's available anytime.

Now you can map that resource to a pretend drive by using 


And the network resource will be treated like a local hard disk

You can use any drive letter you like except one that is use. That will cause a resource clash and the command will fail. Just check out your Computer from the start bar that should list the current drive letters used so you can pick a free one.

General syntax of the command

Net Use f: (f:= drive letter it will use) \\RemoteComputer\foldername

Remember as well that you can browse a server or PC by typing 

\\RemoteCompter

In a Windows or internet browser, and you should see the shares that the computer is hosting. You'll need the right access level to get in there though.


Hard Disks


Again from the Command Prompt  Shell, also needs elevated permissions for the shell session,  command syntax

Diskpart

The command prompt will change to show

diskpart>

Checkout the DiskPart Commands Technet Manual to see all the things you can do with it.
Notice at the bottom of the Technet Manual page there is a link to some Powershell commands that are relevant to disk management.


Creating Bootable OS Install CD/DVD


This command line tool is from the Windows Automated Installation Kit for Windows 7 and it unpacks the files for a 32/64 bit WinPE environment that you can burn to disk. Basically CD/DVD recording util that Supports UDF Joilet and ISO 9660

Virtual Hard Disk (VHD)

VHDs allow you to run another instance of the Win7 OS.
They tend to be quite big as it is a full OS install.
They can be treated pretty much the same as any other file and can be copied to other locations and systems. Back it up if you want a baseline copy kept.

VHDs will dual boot your system, the system will see two installs so you need to know what boot option is your real install and which is your VHD.

VHDs kinda sorta give you a lab where you can test OS patches,check software comparability and generally play around...if it goes SNAFU & FUBAR overwrite it with the backup you took of the initial VHD baseline install and start from scratch.

Use an install CD and boot as if you were installing Win7
At the local settings screen press SHIFT+F10 to launch the command prompt
Launch diskpart and use the vdisk command to create and configure your virtual disk
Looks like the maximum size is 20GB, the disk will not be formatted but the install process should take care of that and the VHD will be formatted and converted to NTFS, up until that point it will be shown as unallocated space.


Windows 7: Advanced disk and file management check this link as it advises that the Disk Management MMC snap-in can be used to configure VHDs too.

Anyway back to using the Win7 Boot CD to install an OS to a VHD. The process will automatically reconfigure the Boot Configuration Data Store. What is the BCD (SourceDaddy) this link explains it better tan me.

The automatic reconfiguration of the BCD will set the VHD as the first OS to boot to.

BCDEdit will need elevated privileges in a command prompt session.


bcdedit /v lets you view the current bcd store config. So goodbye boot.ini...Hello BCD Store...

Check the Windows Boot Loader section
Notice the line Device Partition = c:
path  \Windows\system32\winload.exe
description  Windows 7

You can see I dont have a VHD configured because I have nothing listed that points to any object that contains the string VHD such as a file extension (.vhd is used for a Virtual Hard Disk File) or device type.

Using BCDEDIT to change and modify Windows Boot Entries have a look at this link to get an idea of the process of changing BCD entries.


Defragmenting Hard Disks

What Is Disk Fragmentation?  check this link from Microsoft.

Defrag Technet Manual   You probably wont have to run this command, well with a bit of luck anyway. How So? Win7 runs it automatically as a scheduled task. I've played around with my settings on the defrag scheduled task. Again the command prompt needs administrator privilege.


Excessive fragmentation can casue disk thrashing as the disk works it's kilt off trying to read files and the system performance is...well poor!!

Looks like you need to keep 15% free space per disk installed too! Microsoft recommends 20% to optimize defrag performance. The /f or force is no longer available and in previous defrag versions would force a defrag on disks with less than 15% free space.

New Technologies File System (NTFS)

Microsoft brief History just to give you an idea how long Microsoft have been developing file systems, this link provides a brief history of the company and it's product releases. So for each OS release things developed from File Allocation Table to File Allocation Table 32 and New Technologies File System (which has several versions).

Anyhow back in the day the OS install process used fat/fat32 as part of initial disk setup so it could copy over the install files. As you created partitions you could choose what file system to use. The most secure and efficient was always going to be NTFS. So how do you get a fat/fat32 partition or disk converted to NTFS? You use the CONVERT command.


basic syntax

Convert <driveletter>: /fs:ntfs

NTFS advantages/disadvantages another gotchya is that if you want to copy a 4GB file from NTFS drive to a FAT32 drive, it will fail, the only solution is to convert the FAT32 drive to NTFS.

FAT32 vs. NTFS I seem to have a vague memory that NTFS uses 4kb clusters on the disk to store data...so FAT/FAT32 will probably use different cluster sizes...I'll keep a mental note and see if I can find info on that for later updates. For now just remember that the NTFS is the most secure and disk efficient, there are also different versions of NTFS.

How can I determine which version of NTFS I'm using? and this brings us neatly to the....

FSUTIL Technet Manual FSUtil is for advanced disk management for FAT and NTFS. NTFS automatically performs maintenance and if problems are discovered fixes them behind the scenes. But you can still query drives, you may have to do this to resolve a fault or do general reporting! Again, run in a command prompt with elevated privileges.

fsutil fsinfo drives lists local drives
fsutil fsinfo ntfsinfo c:  provides info about the NTFS being used and it tells me that the data is actuallu stored in a cluster 4096bytes which verifies my note earlier.


Batch FileScripting
The time has come for automation!
There are several shells available in Windows, for now I'll get the ball rolling with simple or not so simple batch file scripting which uses native commands and shells. I wont bother writing anything myself I'll list a few online resources and you can take it from there. Let me reassure you though, automation takes you in to being a great sysadmin. Why? Well you can deliver quickly on boring repetitive tasks, with high accuracy and confidence that the results are predictable and of a terrific high quality which both you, your colleagues and managers can take on with confidence. Once you have learned batch scripting VBScript and Powershell are just another few languages you can use to automate and leverage commands,results and output format from. You may meet resistance because the initial script takes some time to develop and test, also for you to learn...anyway ignore the negative feedback that you are given, it will be from people who are jealous and dont want you to be successful...trust me on that one...I have lots of experience on that!


Windows® Command-Line Administrators Pocket Consultant (PRO-Administrator's Pocket Consultant) I always have this book on my desk as I move around contracts, William R Stanek has written some belters. This is a just such a good book. Would suggest this for any serious admin.

The easiest way to create a batch file is to use a text editor like notepad. It is very basic, and an internet search will soon report on free text editors that you can install, hit them with a run of your AV first though, just in case the installer has nefarious stuff hidden in there that you dont want on your system.

Scheduling Batch File scripts

So you have taught yourself batch file scripting. What else can you do with them?
Well you can Schedule them to run at a certain day or time...maybe even after a certain event happened on the system. Use the Task Scheduler GUI or from the command line.....


If using the Task Scheduler GUI the task can be exported to XML format and used in Group Policy..more on that later.

Managing Power Settings for client PCs
Client PCs also includes laptops. Servers should be left alone.
The command you need here is Powercfg. The command prompt only needs admin privilege when changing a setting, you should be able to view the power settings in a normal command prompt shell session.


from the Powercfg Technet Manual you can query, modify and analyze the power configuration settings.

How good is your memory?
And I mean on your PC!!
The util to test your memory chips is....MDSCHED


Note the util cause a reboot to run the tests.

Services
Services that are installed as part of the OS or from an application install can be manipulated and queried with the Service Controller command aka SC. I would suggest that you get used to this powerful command. I also suggest you browse tinterweb finding examples so that you get used to using it too, or use examples for your own inspiration.


Event Logs

The Windows Event Collector manages events in Win7.
From a single system you can collect events from several remote ones.
The single system that collects events is called the collector
The systems whose events are harvested are called the source
Both collector and source have to be configured, and make sure the WECSVC service is running.


Rebooting and Shutting down local/remote systems
Quite easy this one....


Control Panel From the Command Line

It is do-able probably best I let you read this link about the CONTROL command. Again tinterweb searches can maybe provide inspiration too.


How to get Windows Info


One of the commands I most often use. Gives pretty much a detail picture of what the system is you are querying and a bit of it's history too. This can be redirected to text files so you can build up a history of the system you are querying. Note that I have really done that too much, but...gives you a quick way of getting OS installed and Service Pack and patch list as well as system uptime.


Gives pretty detailed info about who is logged on including the Security Identifier(SID) of the account that is logged on, the SID of the groups the account is a member of and the privileges given.

MSCONFIG....follow this link Using System Configuration (msconfig) says it better than I can.

Security Management

CmdkeyTechnet Manual User names and passwords aka credentials are stored in the Credential Manager Vault. So if you are regularily logging on to web apps and site this is where the credentials are stored for auto logon. Credentials are stored in special folders called VAULTS. You have the Credential Manager GUI too to manage the vaults as well as CMDkey...up to you which one to use I guess.

Windows Update Standalone Installer


Application Installs

MSIexec Technet Manual Windows installer command line tool. Can be used to install, configure and manage apps. 

Microsoft Baseline Security Adviser

A very valuable tool for auditing systems for security vulnerabilities and is a free download from Microsoft.


I think those two links will be enough to get you started with the MBSA util note that the MBSACLI is also included in the download and is ran from the CLI or command prompt.


Networking from the Command Line

I know it's all easier to do from the GUI but you may need to do some jiggery pokerry from
the command line for testing a script that reports or updates network settings on mass Could be a ton of reasons for doing this from the Command Line...so the thing you need to know is the NETSH...I used to think of this as a black art, looks like it's been revamped for Win7 and Server 2008...so where to start?...let me put a few links in...

Troubleshooting Network Connections with Netsh old article but could be useful
.WindowsNetworking.com good place to search for articles specifically for networking, and check out their free tools in the tool section, just had a look and some pretty cool looking utils in there.

Trouble Shooting

Well the amount of times you try and do remote support and the first thing you need to know is a hostname...how do you go about getting it then?


Check System file integrity
Yep, sometimes you get your doubts that the OS installed is actually OK. Check these files with SFC


This command checks the core OS files and registry keys. It can replace any faulty file with the correct version. Use the System File Checker tool to repair missing or corrupted system files

Needs an elevated prompt. You may need the Win7 install DVD if debugging malware, especially if the malware has rewritten core files and they need replaced.


Digital Signatures

Sigverif is the util to use here check this article from The Windows Club...How to identify unsigned drivers using sigverif utility in Windows 8 / 7

This is an alternative from Sysinternals 

Check out the Sysinternals Forum and the Sysinternals Suite

Lets not forget that it could be handy to see what drivers are installed use...

Driverquery Technet Manual  check the /si switch which can be used for finding signed drivers.

View and kill processes

Tasklist Technet Manual and can be used on remote system too.

Used this a lot, the /m switch is damn handy and can provide useful info on DLLs.
just using the tasklist without any switches to get an idea of what is running..notice the headings. Image Name = Running application, PID = Process ID, Mem Usage = Memory used, probably the first three I look at before using Session Name and Session# = Session Number.

|Just a little example of the /m switch to list the modules used by a process


check out the Tasklist Technet Manual for some deep filtering to create specific queries using tasklist, and search tinterweb for examples that may inspire too.

Taskkill Technet Manual used to end processes by PID or Image name. If using PID only that PID is ended, if using Image Name and the application is open several times, then all sessions are ended. Can be used on remote systems too. Test this with several open Notepad sessions and use the image name and then the PID to see what I mean.

Networking

IPConfig should be one of your default network utils, if it's not the get using it.

IPConfig Technet Manual the link says it all..so get reading!!

IPconfig brings back a MAC Address as part of it's output but there is the getmac command too..

GETMAC Technet Manual each Network Interface Card has a unique ID provided by the Media Access Control address, aka physical address aka ethernet address. Note this can be run on remote systems and has a verbose output too see below for verbose output and notice how it gives specific info for specific installed NIC devices..


To check connectivity of devices we use the ping command

PING Technet Manual helps you quickly tell if systems are up, including networked printers and remote maintenance cards...anything with an IP can be pinged!

Basic syntax = PING hostname or PING ipaddress and if you PING 127.0.0.1 you van test the loopback on your local computer. Don't be surprised if sometimes you don't get a PING reply. Sometimes firewalls are configured to block ICMP packets which ping uses for security reasons. The util resolves IP Address to Hostnames with DNS but if a local LMHOSTS file is configured it could resolve an IP from there too.

To trace the path taken through a network tracert is the util of choice.

Basic syntax is just like ping hostname or IP can be used

Tracert hostname or Tracert ipaddress

If you are wondering why a network is slow you can use Pathping


Does a similar job to Tracert but hits each router with 100 echo requests, for testing. It can take a wee bit of time to run. Check out the Pathping manual for expansion of it's uses with switches.
Basic syntax is just like ping hostname or IP can be used

Pathping hostname or Pathping ipaddress

Name Resolution

 could be the cause of your network issue. Windows can use Domain Name System (Wikipedia) and Windows Internet Name Service (WINS) and you may want to checkout the WINS Technical Reference for now we will stick to DNS.  

Here is a link to Microsoft Windows DNS Server full technical reference.

For now the util you will need is

NSLookup Technet Manual Name Service Lookup..again keep in mind that tinternet searches can really expand your understanding of the util, keep in mind that this is also a Nix command so Unix and Linux have their own implementation of the util.

Basic syntax is again similar to ping,tracert and pathping

nslookup hostname or enter the IPaddress

So you can check if the forward lookup (nslookup hostname) matches a reverse lookup (nslookup ipaddress) if they don't match there is a potential issue!

System Recovery Tools

Boot Configuration Data Store lets the computer know how to boot up.

Technet Manual BCDedit  BCDedit can be used to view and modify the BCD Store.

Keep in mind that the BOOT.INI which was used in Windows XP and older Windows OSs is not used in Win7. All of the boot configuration data is stored in...You guesed it...The BCD Store. So the boot process has changed from older OSs so to understand how it all works in Win7 check this out...The Windows 7 Boot Process (sbsl)

So..the very basics are

BIOS (Basic Input Output System)
Launches a
Power On Self Test (POST)
when the system is turned on.
The BIOS now needs to know after passing POST the Active System Partition.
The Master Boot Record IDs the Active System Partition and starts the NTFS boot code on the MBR.
The NTFS boot code accesses the Windows Boot Manager from the BCD Store.
The Windows Boot Manager IDs which Windows Boot Loader to load.
The Windows Boot Loader can be on a different partition or on the same partition.

BCDedit can be used, without switches, to display both Windows Boot Manager and Windows Boot Loader details.

If you only have one OS installed you will only see one Windows Boot Loader section, if you have a multi boot system then you will see a Windows Boot Loader for each OS install.

As you can see from the BCDedit Technet Manual there is an extensive listing of BCDedit Commands. When working with the commands a GUID is commonly used to ID things like the Windows Boot Loader. You have to remember tyhat the CMD shell does provide cut and pasting and you may have to check the properties of the CMD shell currently in use to ensure that cut and paste and Insert are all selected or ticked. Another thing to remember is the curly brackets...the GUID includes the curly brackets...

{EveryAlphaNumericCharacterHereIsPartOfTheGUID}

If trouble shooting a system that will not boot you can use the install DVD.
Break out of the install process by pressing SHIFT+F10 where you are prompted for Language,Time,Currency Format and Keyboard info. This should launch the command prompt and you can see the BCD Store with BCDedit.

Always take a backup first, that way if things go FUBAR you can recover the original.
Use the /export switch to back up and the /import switch to restore the original. The 
/Copy and /Delete switches may be of use as you can copy Windows Boot Loader  entries, tinker and if happy with results copy the new entries to other systems or...just get rid of the evidence by deleting the garbaged entries. To select and configure a particular entry you will have to use the /Set switch. Keep in mind what I've said about the curly brackets coz a GUID number will not work with out them.


Another way of viewing the BCD Store is with The System Configuration Tool, check this link


Less options but could prove handy?!



Recdisc

Creates a system recovery disc, just type

recdisc 

in a command prompt and you get 
Insert a blank CD/DVD and create the disk. You may have to tell the app what drive to use though. This will create a bootable CD/DVD with recovery tools  that can be used to try and recover the OS install.

If the OS is 64-bit and recdisc is used to create a recovery disc then this will only work on 64-bit OSs. If a 32-bit OS is used to create the recovery disc then this should be ok for use on both 32/64-bit OS installs.

Follow the on screen prompts, if you get lucky the disc will fix faults automatically.

You can start an auto-repair manually.
If trouble shooting a system that will not boot you can use the install DVD.
Break out of the install process by pressing SHIFT+F10 where you are prompted for Language,Time,Currency Format and Keyboard info. This should launch the command prompt and you can the

StartRep.exe

Located in the folder of the CD/DVD drive....\Sources\Recovery 

Chkdsk
has been around for ever.
Still a good util and can be run from the command line. Check the Technet link, it's faitly straight forward. It can be run from explorer too, but I'm old school. I always use it from the command prompt and I always check the switches with the /? switch to get the manual for the current OS installed just so I limit the potential for error.


Repair-BDE
Used to repair damaged bitlocker encrypted drives. Just make sure you have the correct recovery key and password.
Repair-BDE is unable to repair a drive that failed to complete the encryption process. It assumes anything presented to it is completely encrypted. So if bitlocker failed the encryption process then the data can only be restored from a non-encrypted backup of the original data.


So, only encrypt a drive after you have backed the data up....and if you are working in a domain environment you should be able to store recovery keys and passwords for Bitlocker encryption within the Active Directory Domain you are on. The Bitlocker Recovery Password Viewer for Active Directory can be used to view the passwords and keys.

Here is an old article which outlines the Bitlocker Viewer for Windows Vista.


Keep in mind it changes the Active Directory Database Schema...


Win7 Remote Management/Admin

Well, back in the day of working on a large industrial Campus a fella could get lost looking for a colleague/customer who says they are there but are not...or you just get lost in buildings...happens all the time!!!

Remote Desktop Connection
Enables you to connect a session to a remote system over a network.
It is not enabled by default but check this, oh and remember you may have to set a firewall rule too.


Microsoft Terminal Services Connection (MSTSC)
Below is a link to the technet manual for mstsc. Entered via the command prompt or from the RUN shortcut. Basically just launches a RDC terminal. Terminal Services have been rename to Remote Desktop Services in Win2k8R2. MSTSC is still the fella to use from the command line though and has not been renamed at all.


Microsoft Management Console
The MMC can manage the local and remote system as necessary using snap-ins.
Different snap-ins will have different firewall rules and the inbound rules may need configured. So if any errors like 

The Remote RPC Server is unavailable.

then check the firewall on the remote system. Well you might have to go to it too!
check the below pic


Some rules that may need changed are

Snap-in                  Firewall Exception
Event Viewer         Remote Event Log Management
Task Scheduler     Remote Schedule Tasks Management
Services                Remote Service Management
Disks                     Remote Volume Management
Other MMCs         File and Print Sharing

Remoting with command shells

Microsoft implemented it's version of the WS-Management Protocol (Wikipedia) and here is Microsoft Developer Network WS-Management Protocol Page. It is used to execute commands from a command line shell on a local system to a remote system. But the systems have to be configured first....


Winrm Quickconfig

is the command we are interested in here. Check out the above link for details of the process. You will get different messages if you are not on a domain


So you need to make sure you have taken steps to make sure all of this will work if you are on a workgroup standalone system.

Keep in mind that if you are on a domain a local admin account will fail to configure the winrm quickconfig.

Basic syntax

winrm -r:hostname command

so once the remote hostname is entered any command from the native command line can be executed on the remote system.

winrm -r:hostname ipconfig /all

could be run for example...


And the same thing from Powershell...


An alternative to standard Win7 remote management and utils is the Sysinternals Suite and its PSEXEC util.



The WMI Console

I suppose you could argue with Powershell that this is a bit old school. But it has been around for years so lets just hook up to the technet site.



Windows 7 Imaging

In Windows 7 the use of the Windows Imaging File Format (WIM) is used for OS deployment. It is a file based disk image format designed for deployment of Win7. A WIM file contains all the files needed for an OS install. The WIM file can include multiple images of OS installs. The best example of this could actually be the standard Win7 Installation disc itself. This include;
Windows 7 Starter
Windows 7 Home
Windows 7 Home Premium
Windows 7 Professional
Windows 7 Ultimate

So, IT Pro's can now make their own discs using the deployment tools.

Anyway here is the Windows Imaging File Format (WIM) Microsoft Paper just for some light reading.

Imagex This link can explain it better than I can...What is ImageX?

Deployment Image Servicing and Management uses a command line tool called DISM.EXE What is DISM?

Windows Deployment Services (WDS) check this link Windows Deployment Services Overview

System Centre Configuration Manager this link will say it better than I can System Center 2012 R2 Configuration Manager


But First you have to to cleans the system you have installed and remove all fingerprints,SIDs security keys etc etc...and the util you need here is Sysprep. Again a util that has been around for ages way way back to Winnt3.51.


The Security Identifier that gets created when Windows 7 is installed needs to be unique especially so when using an AD domain environment. Check the link Security Identifiers and this article by the magazine Windows IT Pro...What is a SID (Security ID)?

So Sysprep cleans away all uniqueness from an OS installed on a PC. Next use either WDS or ImageX to capture the image and ultimately deploy the image. Sysprep can only be run on a fresh installed Win7 PC, it will fail on an upgraded OS from say Vista->Win7...so just go for the pain and do a format and rebuild of a PC to get the image you want to deploy...back anything up that you need first.

Sysprep is GUI-fied and the GUI can be launched from...

C:\ windows\ system32\ sysprep\ sysprep

How Sysprep Works is probably the best place to be for learning Sysprep.

The Windows® Automated Installation Kit (AIK) for Windows® 7 ensures that you have access to the deployment tools you need. You will need to launch the Deployment Tools Command Prompt as this prompt has the path statement configured so that you can access the deployment tools without changing the system environment variables. Make sure you are using an elevated administrator level in the Deployment Tools Command Prompt.

What you get using the Deployment Tools Command Prompt...a pre-configured shell with paths set automatically launch 

Imagex
DISM
Windows System Image Manager check Windows System Image Manager Technical Reference
Volume Activation Management Tool check Use the Volume Activation Management Tool there is a whole section on this in Technet see Volume Activation for Windows 8.1 for the latest and greatest on VAMT. 

There is a lot in the WAIK, stuff for developers, whitepapers, help documentation and extra tools.


There appears to be two versions of DSIM. One is in the C:\Windows\System32 folder by default but the one installed by the Deployment Tools Command Prompt is larger and makes me think there are more features (not explored that yet)

The USMT can be launched from C:\ Program Files\ Windows aik\ Docs\ chms. There are sample answer files that you can use for a baseline to start  your own deployments. Check the links above for Windows System Image Manager.

Using ImageX

Choose a reference computer
Build it and configure it
Sysprep the reference computer to remove all uniqueness

Now we need to boot the reference computer without launching the OS. To do this we need the Windows Pre installation Environment so check this Walkthrough: Create a Bootable Windows PE RAM Disk on UFD check the menus on the left of this page and you'll see there is a section for making bootable CD/DVD too.

Copy over all the recommended utils to the USB drive, ImageX is one of them and this is what you are going to use to copy the sysprepped image from the reference system.

ImageX Capture an Image technet procedure for image capturing. There are extra things that you can do too.
Splitting an Image for when the WIM is just too big and needs split across multiple discs
Mount and Modify an Image  and Append a Volume Image to an Existing Image whenever you feel image maintenance is necessary on the Windows Imaging File System..after all that you may need to
Apply an Image at some point

ImageX Command-Line Options and there is a /delete switch too.

ImageX Technical Reference just for completeness

Deployment Image Service Management Tool

DISM.exe is basically used for offline image maintenance.
Offline Image maintenance just means the image is extracted from a WIM file, updated and compressed back to a WIM file aka MOUNTING a WIM file.

Online servicing is the OS is booted,maintenance carried out and then sysprepped and a new image captured.

Images can be mounted ysing the syntax

dism /mount-wim /wimfile:path /index:number /mountdir:path

Mounting an image can take a few minutes, but dism provides a dynamic status bar showing progress as it mounts the image. Figure 21-2 Mounting an Image with dism
The mounted folder can be used in windows explorer and for all intent and purposes acts just like a normal windows folder. check the mounted folder in windows explorer by selecting

c:\mountdir 

folder, assuming you have used the C: drive as a mount point but any drive letter can be used. If you want to use a network share you need to have a drive mapped to that network share.


should get you through everything that is needed.

There are switches that you need to know to save the modified WIM. Checkout

DISM /?


Dism /online /Get-Drivers /?
/Get-Drivers can be used to view and manipulate drivers in an image.

Stands to reason that ther will be a /remove-driver option too
dism /online /remove-driver /?

and working with packages dism /online /get-packages /?
dism /online /get-packageinfo /?
                                           dism /online /get-apppatchinfo /?
dism /online /get-apppatches /?
                                           dism /online /add-package /?
                                          dism /online /remove-package /?
Feature names must be entered using the exact case.
If the exact case is not used, the commands will fail. 
In other words if you’re trying to disable all games and you use
inboxgames instead of InboxGames, the command will fail
Keep in mind that you are going to use these to query offline WIM files so have a good look at the text in the helpfiles as these will show you how to enter the WIM offline file and path.

Since we are dealing with images, apps and the patches that they need you will need to use Microsoft Internet Explorer and browse to Microsoft®Update Catalog so you can get what you need.

To get a featute....dism /online /get-features /?
dism /online /get-featureinfo /?

dism /online /enable-feature /?
dism /online /disable-feature /?
So you may have to modify an image
dism /online /get-currentedition /?

dism /online /get-targeteditions /?
dism /online /set-edition /?
dism /online /set-productkey /?

And at some point you have to save or discard changes and unmount the WIM file.....

dism /commit-wim /?
dism /unmount-wim /?
Notice the commit and discard switches for the unmount commaThethnd, so use commit to save and discard to throw changes away, it's as you see fit!!!

Windows PE

The commands used in the Windows 7 Pre-Install Environment are not part of a regular Win7 OS build.

Wpeutil Command-Line Options use this to run commands within WinPE. Check the link for further details. Remember this is ONLY available in WinPE!!!!
Drvload Command-Line Options loads drivers when booted in WinPE you can specify multiple INF files, but check this link first. If you are loading particular hard drive drivers you may need to rescan the drives before the new driver engages the new drive. So check diskpart rescan and the command line options.


Win7 Command Line Install

Setup.exe is in the root folder of the Win7 OS CD/DVD and if the disk does not automatically run then if the CD/DVD can be browsed, just type 

setup.exe (remember the /?)

and that should launch the install GUI. Keep this in mind, could be useful if the media has been copied to a network share or USB drive.

Examples

Setup /unattend:FileNameAndPath
Tells the setup process to use an answer file for autoconfiguration, just specify the file name or path to a share or drive.

Setup /installfrom:PathToInstallSource
Specify a WIM file to use as the install source. The default is the SOURCES folder on the media, but you may have a specific image for a system or you may want to change the install between 32-bit and 64-bit install files?

Setup /wdsdiscover 
Faitly obvious, this discovers WDS servers and reports them back.

Setup /wdsdiscover /wdsserver:wdsservername
Selects the server that the previous command reported back, when selecting a WDS server the /wdsdiscover switch is still needed.

Setup /tempdrive:driveletter
No need for the : after you have entered the drive letter. Just changes where the OS install process puts temp install files while install is being ran. Maybe important for a small capacity netbook which cannot handle the file expansion.

As previously mentioned the setup can be automated somewhat...instead of me rabbitting on about that read this Microsoft link


The Software Licensing Manager is a VBScript that helps you manage licsening. Again Microsoft has a comprehensive manual on their website, see the link below for the correct use of SLMGR.exe


Migrating User Data.

There is a database that contains computer user files and settings. This is called a Migration Store. This link should help understand the Migration Store Database.


Migration Store does not include application deployments. It does include apploication settings. So if the same apps exist on the new OS install the settings will be maintained. If the apps do not exist...well it just wont deploy them.

What you can do is...

Migrate user accounts, either by selecting accounts or taking the lot. This includes the profile for each user account.

Email files like Outlook PST files can be migrated.

Multimedia, pics,music and videos can be migrated in bulk or by individual file selection.

Then you can chose sundry folders to analyze for data to migrate.

Migration Methods

Windows Easy Transfer you can use an easy transfer cable,USB drive, any other type of external drive,or a network connection. It's quite time consuming so probably best used for homers and the odd individual task. Not really an enterprise solution is the point. Basically it's a transfer wizard. Make sure you run the same versions on the target and source systems. You'll see the download options off the link too.

Next util is the User State Migration Tool. Probably best I dont say too much but instead post the 


And here is an article I had a quick look at too and thought it was quite good.


Windows XP has no upgrade path to Win7. Makes the understanding of the migration utils more important. Both in the home and enterprise environments where fresh Win7 OS installs are now enforced, due to a lack of an upgrade path from XP, so that data and settings can be retained.

The two scenarios where the migration utils will be used is a PC Refresh where the same PC that a user has will be formatted and rebuilt with a fresh Win7 OS install. The second is a PC Replacement where the users PC is swapped out for a brand new PC with a freshly built Win7 OS Install.

I think the links provide enough info to get user migration sorted....I'll leave it there as Microsoft say it better than I can.

Powershell

Powershell is the new object oriented command shell that MIcrosoft supplies as default from Win2k8. Initially it was released as part of Exchange 2007. I've been teaching myself it for ages and I dont think you can become an expert on it. The reasons for this is that anyone or any enterprise can create commands for the shell. The name Microsoft gave the commands in Powershell is Commandlets or CMDLETs....

Vendors can produce their own cmdlets from anything from server remote access cards to VMWare and other virtualization products. 

My previous blog post Powershell 2.0 gives a few pointers on where to get started. Any search on the Tinterweb will provide electronic and physical media that you can buy as well as online tutorials...so go on...man up...or woman up...get out there and start learning it. Command Shells are where the real admins live for sure.

Group Policy

Group Policy is part of the native OS in a standalone Win7 build. It is  also part of the Windows Server OS builds and is expanded even further with Windows Active Directory.

It is there to provide central management of client/server,user accounts, and application environments, just to name a few things that it can do.

If you want to become an expert...Group Policy: Fundamentals, Security, and the Managed Desktop Paperback could be a good purchase...I'll let you decide for yourself.

Microsoft can say it better than I can 


Command line commands you will be using pretty often in Win7 are


GPresult and GPupdate.

GPresult


any text that appears to scroll to fast on screen can be redirected to a text file so always redirect the output if you need to sit and go through the results for a while. So gpresult lets you see what has been applied to the PC.

GPupdate

You may need to manually update the Group Policy set on a PC, especially if there has been an update and it has not found it's way to the PC you are working on. So check out the GPupdate command.

And that is probably about it really from a client OS point of view...I'll update as I find things out.....Good Luck!!!


Under Construction.................

Problem Steps Recorder
Cracking util that can help in recording faults from the customer side of things and from a Support point of view be used to record a procedure that can be sent to the customer base.


Doing Labs and Exam Prep
So...you need a ton of equipment to do labs? Well I went this route....


And I bought a mini server too, to install it on


I also bought a 1TB hdd and a 16GB memory kit. The reason for this purchase is that these servers can be stacked, they have a 4 disk bay, they have iLO cards(you may need licenses, I have not looked in to that yet) and have a small footprint. I thought about the Intel Next Unit of Computing product range but I heard these may over heat or atleast get hot enough to cause some concern...but you can check them out yourself.
















































9 Things You Should Know About Windows 7 



No comments:

Post a Comment