580 likes | 763 Views
WSV350. A Power Tools Treasury: great tools that many folks haven't yet met (or don't know well enough). Presented by Mark Minasi help@minasi.com. Where The Treasury Came From. Since late 1997, I've written a monthly column first called "This Old Resource Kit" and later "Windows Power Tools"
E N D
WSV350 A Power Tools Treasury:great tools that many folks haven't yet met (or don't know well enough) Presented by Mark Minasi help@minasi.com
Where The Treasury Came From • Since late 1997, I've written a monthly column first called "This Old Resource Kit" and later "Windows Power Tools" • In it, I try to find a utility program that most people don't know, or perhaps don't know in enough detail to know a trick or two in • I've done this several times before, so consider this "volume 4" • I've listed the ones I've covered before at the end of the talk so if you like, you can look into them
Topics • Robocopy recipes • Wiping disks • Wrangling licensing with SLMGR • FOR once, FOR now, FOR ever! • Scriptable power configuration with powercfg • Partition Magic's replacement, Diskpart
Topics • Emailing from the command line • Automatic, scheduled event log archiving with wevtutil • Watching your tickets with KLIST • A SteadyState replacement: SteadierState • Old faithfuls: a list of tools from past talks to look into
Robocopy • Even if you've heard of this… • In short, it is a fast, reliable, flexible tool for bulk file copies, whether across networks or within systems • It has, however, a very frightening syntax and so many pass it up, which is a shame • It's an even bigger shame as robocopy is in WinPE as well and thus is a welcome tool in repair/deployment scenarios
Robocopyuses • Simple block file transfers • Built to be scheduled • Can be set up to automatically compare two copies of a set of files/folders and keep them in sync • You can control the bandwidth it uses • You can control its processor intensity • Bypasses common file/folder permission problems
Robocopybasic copying • robocopysourcedirdestdirfilespec • ex: robocopy c:\files e:\destfiles • This will copy all files at the top level of c:\files to e:\destfiles, creating the e:\destfiles folder if necessary • robocopy c:\files e:\destfiles *.txt • Same, but only text files
Robocopyadd copying folders • add /s to copy subdirectories but only copies ones with files in them • add /e to copy all subdirectories, even the empty ones • add /lev:number to only copy the top number folder levels from the source • /mov to move, not copy
Robocopyadd the "robo" • Moving big blocks of data often gets stopped for some reason • /z = "if it fails, try it again in 30 seconds… one million times… until it works" • /b = "if it fails because the admin lacks access to a file or two, get sneaky and use the backup privilege" • /zb = both /b and /z • /r:n= change "milllion" /w:n = change 30s
Robocopykeeping two folders identical • The /mir ("mirror") option will • Scan the source and destination folders • Locate any folders on the destination that are no longer on the source and delete them on the destination • Locate files/folders changed or new on the source (relative to the destination) and update the destination • add /sec /secfix to keep NTFS ACLS synced
Robocopy"I don't understand why it's doing what it's doing…" • Join the club!<grin> • The answer is to get verbose logging • add /v /log:filespec • TechNet magazine also published a free GUI for it; search "Utility Spotlight Robocopy" and you'll find it
Robocopyrepeating something once I have it right: jobs • You can create a file with an ".rcj" extension, or let Robocopy do it for you with the /save option, like • robocopy c:\src e:\dest /mir /save:myjob • You can then re-do the command with • robocopy /job:myjob • Even create new ones • robocopy /job:myjob /secfix /save:job2
Robocopyspeeding things up • If you find that you're moving data along but not maxing out the system RAM, CPU or disk-wise, create more than one thread with /mt:numthreads. Manual says it can go to 128, I use 16… example with large file: • robocopy c:\files x:\ boot.wim /mt:16 • Here, I have a big file, know the permissions are okay, but want things to get speedy • That's about one quarter of what Robocopy can do but I can't spend more time on it… but start using it and you'll become a fan
Wiping Disks • So… how do you wipe volumes before discarding them? (I'll use E: in my examples) • If using Bitlocker, try this (it's instantaneous): • manage-bde –forcerecovery e: • These will take longer: • format e: /p:numberofpasses • format e: /p:3 • format e:, and then type • cipher /w:e:\
Wrangling Licensesan evil, but a necessary one… • Slmgr.vbs lets you script or quickly access a lot of things about Win 7 licensing • First, tell the system to use the command-line scripting engine • cscript //h:cscript • Then slmgr commands, like • slmgr–xpr • (shows remaining time before grace period expires)
What SLMGR Can Do • slmgr –rearm gives you 30 (Win 7)/60 (2008 R2) more days' grace period • slmgr –dli, -dlv return licensing info • slmgr –upkremoves a product key • slmgr –ipkkey installs a product key • slmgr –atoactivates Windows 7 • slmgr –skmskmsservernameoripport# activates with KMS location information, e.g. • slmgr –skms kms1.bigfirm.com
FORthe original Windows power tool • Most folks hate scripting, but know that one of the beauties of scripting is that it lets you take one simple command and tell the computer to re-do it "x" times, or under some conditions, or something like that • FOR lets you do that in several ways – by the numbers, with the contents of a file, with the contents of a folder, and more
FOR and Files • Ever worked with a CLI program that didn't take wild cards? FOR can help • for %a in (searchitem) do (something with %a) • Example: my own chml tool can't take wildcards, like chml b*.txt, but this would work: • for %a in (b*.txt) do (chml %a)
FOR by the Numbers: /L • Suppose I needed 500 test user accounts • I can create one user account like this: • net user user001 swordfish /add • But 499 more? That's where FOR helps • for /L %i in (1,1,500) do (net user user%i swordfish /add)
For and File Contents: /F • Remember the first example being able to have Windows re-execute an app over and over but to feed it a different file every time? • That only let us specify files with wildcards • Now take it a step further with for /f, which lets us get more refined with lists of filenames rather than just wildcard patterns
For /F Example • I was looking over a few hundred pictures but didn't have my usual tools (Lightroometc). • So basically I was just flipping through the pictures with one window and typing the names of the good ones in a Notepad window and the excellent ones in another Notepad window (I had very little screen space and so couldn't have a bunch of Explorer windows open)
For /F Example • Ultimately I wanted to copy just good pictures and the excellent pictures into another folder • This command did it: • for /f %i in (c:\pix\good.txt c:\pix\great.txt) do copy c:\newpics\%i c:\keepers
Seize the Power(cfg) • Powercfg is a power-related CLI tool that made its debut in XP SP2 and has changed significantly in Vista and then Windows 7 • Big uses: • Set power profiles from the CLI, simplifying deployment and changes • Control power things that you can't get to from the GUI • Diagnose sleep-related disorders • Smoke out power-suckers
Powercfg and Power Setup • To choose a particular power profile ("balanced," "max savings," etc), use • powercfg –setactiveGUID-of-power-scheme • You can get the GUIDs with • powercfg -list
Powercfg and Hibernation • Ever notice that you can't really control sleep and hibernation in Vista and Win 7?
Powercfg and Hibernation • Run "powercfg –h on" and you'll get the power to control hibernation again
Powercfg and Laptops • Ever had a laptop that can't seem to sleep, or wakes up at undesired and unpleasant times? Find out why it woke: • powercfg –lastwake • Find out what's not working that should be to let you get max power savings: • powerfg -energy
VHD Resize As you probably know, VHDs are the way that Microsoft packages the imaginary hard drives that virtual machines need on MS's VM management tools (VMWare uses VMDKs, in contrast) You may also know that with Win 7/R2, VHDs aren't just for VMs, as they can be attached to physical systems
VHD Resize Sometimes it'd be convenient to be able to compact or expand a VHD This wasn't really possible pre-Hyper-V, but do you really want to fire up a Hyper-V server just to resize a VHD? The easier way is to learn a bit of diskpart
What You Need Assume we've got a VHD named "test.vhd" It must be an expandable VHD…fixed VHDs cannot be shrunk, as it's really just a compaction The diskpart command is "compact vdisk" You can enlarge either fixed or expandable VHDs, in contrast Diskpart command is "expand vdisk"
To Shrink First, select the vhd to give it the focus: diskpart select vdisk file=e:\test.vhd Then compact it with compact vdisk: compact vdisk
To Expand Again, select: diskpart select vdisk file=e:\test.vhd Now use "expand vdisk maximum=dddd" expand vdisk maximum=1000
Partition/Volume Resize • To shrink (or enlarge) a partition/volume, start diskpart and select the partition/volume • Then you can either tell diskpart how much to shrink the volume with the command • shrink desired=megabytes minimum=megabytes • Or find out how far it could shrink the volume: • shrink querymax • Just "shrink" shrinks it as much as possible
Volume Extension • Similar syntax • extend just extends the current volume as far as it can go on this disk • extend size=megabytes extends it as far as specified • You can also go to Disk Manager, right-click on a partition/volume and do the same things from the GUI
Mklink: Symbolic Links • Lets you make Windows think that a file share is a subdirectory • Helps if you run out of letters or need to "lie" to Windows, leading it to believe that a share is actually a local folder • mklink /d c:\myphotos \\S2\photos • Makes Windows think the share \\S2\photos is a local folder "c:\myphotos"
Automating Email Notifications • Many's the time that I've cooked up a batch file or some other scheduled task and wished that I could have it email me when done • So how to tell your system to e-mail you from a command line? • Heck, if you've got an SMS phone, then you could even have it text you • Answer: blat, from www.blat.net
Blat • Command-line SMTP client; example: • blat - -body “Event ID 763 happened!” –server mail.bigfirm.com –to mark@mmco.com –f noone@bigfirm.com –subject “Event 763 alert” –u joe –pw swordfish • The "blat - -body" is no typo
More Blat • The –u and –pw assume that your SMTP server needs logons; BLAT supports GSSAPI so it can do secure logons to Microsoft and other SMTP servers • Free download • Even includes the source • You can pre-store most of the parameters in the Registry • And if you're using PowerShell (you should!), there's send-mailmessage
Schedule-able Event Logging • wevtutil does a number of things and is CLI and so can be scheduled • To back up and clear a log, use • wevtutil cl logname /bu:filetobackupto • example: • wevtutil cl Security /bu:\\s1\centralELbackups\01012001.evtx
Extract a Critical Summary • Command to get all "critical "or "events" from the System log • wevtutilqe System "/q:*[System [(Level=1 or Level=2)]]" /f:text • Demystified, that's • wevtutilqelogname "q:xpathquery" /f:text • (You need /f:text because the default is XML. No, I have no idea why…)
Creating Xpath Query Strings • Ready for the good news: you don't have to create Xpath strings… Event Viewer will do it for you • Go to the Event Viewer GUI and use the GUI tool to create the "give me Error or Critical stuff" query: right click the log, choose Filter Current Log and use the check boxes and text fields to create the query
You'll see something like this: • Now click the "XML" button…
Now take the stuff between "Select" and "/Select," pop it into the "/q:" part and you've got your command • (Take the output, blat it to your phone….)
KLIST • A big security concern nowadays is, "did Kerberos or NTLM log me on?" • KLIST is the quick and easy answer • If KLIST returns no data, you were logged on with NTLM • If it shows you your Kerberos tickets, you were logged on with Kerberos
WHOAMI • Very useful tool for smoking out "why can't I…" sorts of issues • To test • Open a command prompt • Run whoami /all /fo list > mysec.txt • Run the app • If it fails, look in mysec.txt for your privileges and group memberships… you have what you need to figure out why it failed
SteadierState • Many of us have public-access computers (school labs, libraries, etc) • Need a fast way to un-do whatever the public user did • Microsoft used to offer a free utility called "SteadyState" to accomplish that, but doesn't any longer • If you're using Windows 7 Enterprise or Ultimate, I've created a (free) similar tool • www.steadierstate.com
Thanks! • I hope I showed you at least one neat new power tool • I'd love to hear about your favorites, feel free to drop me a line • I'm at help@minasi.com • Don’t forget the evaluations • Thanks for attending!
Related Content: Reference • As I've discussed many tools in the past, here's a list that quickly points you to some of the terrific power tools I've discussed in past talks in case you've never heard of them before • Google Bing them or drop me a line if you need to know more
Tools To Know • Repadmin: complete CLI control/diagnostic for solving AD replication problems • Repadmin /experthelp reveals even more • Netdom renames computers, joins/unjoins, resets domain connections, lots more • Delprof deletes user profiles • Csvde creates AD users en masse • Tokensz tracks if your user token can't fit in Kerberos