New file-parsing capabilities spawn opportunities
I've noticed two positive health indicators for the future of command-shell scripting. The first is the number of new third-party tools that I'm seeing on the market, and the second is that many of these tools contain built-in parsing capabilities for input files. Those of us who have mastered the use of the For command to parse input files and call commands might not think these built-in capabilities are crucial, but at least utility developers are finally understanding that we don't always use their tools against one node but often against hundreds or even thousands of nodes.
What other less-obvious advantages might you realize by having input-file parsing built into a tool? I can think of a big one. If you're using Task Scheduler to schedule tasks, you now have another option: Instead of launching a script that calls a tool, you can go to your task's Properties sheet and place commands directly on the Run line. It's possible that even after you stop a scripted task in Task Scheduler, a process that launched with the script might continue working until you discover it and kill it. When you stop a task that's directly specified on the Run line—such as the BeyondExec (beyond-execv2.exe) tool that I talk about in this article—it gets killed. (The only possibility of a run-on process would be one launched on a remote machine that continues until completion.)
I recently stumbled onto seven great command-line tools at Beyond Logic (http://www.beyondlogic.org). You might find all these utilities to be useful additions to your command-shell toolkit, but I want to devote the bulk of this article to BeyondExec, the company's remote process-spawning and shutdown tool. To view the tool's online Help, run the standard command
The online Help reveals some cool switch options, as you can see in Table 1, page 12.
To understand this tool's capabilities, let's dive into some sample code to get familiar with its shutdown features. Suppose you have an environment in which you need to lock down workstations at night. But some users have disabled their password screensavers or have increased the screensaver's delay time because the default setting inconvenienced them. (Such actions can expose a PC to a security breach should an unauthorized user happen upon the node and use the logged-in user's security context to access unauthorized data.) You also have a few users who tend to work late to complete special projects. To accomplish your goal of locking all workstations—but to also give users who are still working a 2-minute cancellation option if they're still online—you come up with the following code:
(Be sure you type the entire command on one line.) With the -g switch, you've specified an input list, and with the -d switch you've specified an action parameter—in this case, LockWorkstation. You could choose Hibernate, Logoff, PowerOff, Reboot, Shutdown, or Suspend, so you have much flexibility in specifying what you want to occur on the remote workstation. The -m switch specifies the user message, and the -l switch specifies the length of time (in seconds) to display the message. If the -l switch is omitted, the default delay is 60 seconds.
If you want to prevent users from canceling your action, you can override the default setting of displaying a Cancel button by using the -x switch to shade that option. If a targeted workstation is already in a locked state, the Logout, Reboot, and Shutdown actions won't function correctly unless you also use the -f switch, which forces applications to terminate. However, the Hibernate and Suspend actions will function correctly on a locked workstation.
Have you ever needed to trigger a reboot or shut down a single computer or group of remote computers without having to install a remote client on your target computers? The following command demonstrates how easy it is to do so. This sample command reboots the machines specified in the serverlist.txt file. In this example, the delay time is longer than the default 60 seconds (-l), applications are forced to close (-f), and the user is prevented from canceling the reboot action (-x)
If you're planning to use Task Scheduler locally to perform regular reboots or shutdowns on a few nodes, you might take a moment to consider a smaller Beyond Logic tool for this task. Shutdown.exe, the company's small (44KB), single-node shutdown tool, provides a simplified subset of BeyondExec's features. Just be sure to examine the switch options closely because they differ slightly from those of the full-function BeyondExec tool.
Now, let's look at BeyondExec's process-spawning features. As Microsoft begins to introduce more and more commands that you can execute both locally and remotely, we might find that we don't need these types of process-spawning tools as much, but for now they remain important utilities in our scripting toolkits.
Whenever I talk about launching processes on remote machines, I remember my old favorite utility, Sysinternals' PsExec, which is easily obtainable from http://www.sysinternals.com/ntw2k/freeware/psexec.shtml. I've often used PsExec to launch scripts or utilities on remote machines. You might ask why you need a second tool for the same job if you already have one that works. The reason I like to investigate tools that perform similar functions is that sometimes small nuances can make one tool better for a given task.
PsExec can send commands to a list but also to an entire domain of computers, and it can prioritize remote processes. Unlike PsExec, BeyondExec can send shutdown commands combined with installation commands, making it perfect for service packs and hotfixes that require reboots after completion. Also, in some cases, you might find—as I did—that McAfee antivirus software detects PsExec as a malicious program, whereas McAfee lets BeyondExec work unimpeded. So, for many reasons, you don't want to get too comfortable with just one utility. Always test new options.
Here's a code sample for using BeyondExec to perform a Windows 2000 Service Pack 4 (SP4) installation:
This code uses a combination of BeyondExec switches (-g, -c, -d, -f, and -m) and Microsoft service pack switches (-q, -n, and -z). The -c switch copies the SP4 executable to the target computer. As for the service pack switches, the -q switch runs the installation in quiet mode, the -n switch prevents the backup of files for uninstallation, and the -z switch prevents the system from rebooting following the service pack installation. Instead of allowing the service pack to dictate the reboot, the BeyondExec tool can perform a more graceful reboot by letting you issue an appropriate user message.
This message gives the user time to cancel the reboot if he or she is still using the PC, but communicates the need for a later reboot. Computers that are online but not in use would receive the service pack installation and would reboot. Computers that are offline could receive a Wake-On-LAN (WOL) packet to bring them online before the installation begins. Of course, when you're dealing with a crucial system modification such as a service pack or hotfix installation, you should carefully test the remote-installation tool options and service pack or hotfix switches you plan to use before you roll them out to production systems.
For more information about BeyondExec, see the Beyond Logic Web site at http://www.beyondlogic.org/consulting/remoteprocess/BeyondExec.htm. Be sure to refer to that documentation along with the aforementioned Help before attempting to implement the tool.
Other Cool Tools
In addition to BeyondExec and Shutdown.exe, Beyond Logic offers five more freeware utilities, which I list here for your information. These tools are designed to run locally, and they have few, if any, switch options to configure. I don't have space to give them a lot of coverage, but they're all interesting and deserving of honorable mentions.
Keeping up with all the newest tools is difficult but can be quite rewarding. In this article, I've reviewed the syntax for the remote-execution and shutdown tool BeyondExec. I've also taken a quick look at several other tools from Beyond Logic. These are certainly tools that you'll want to add to your scripting toolkit. By continuing to address the needs of systems administrators, developers validate the health and popularity of command-shell scripting.
|TABLE 1: BeyondExec Switch Options|
|-u||Provide an account name with administrator rights on the remote machine.|
|-p||Provide a password for the above account.|
|-s||Use the System account.|
|-i||Allow the process to interact with the desktop.|
|-t||Terminate the process after the specified number of seconds.|
|-q||Specifiy priority. Options are AboveNormal, BelowNormal, HighPriority, Idle, Normal, and Realtime.|
|-c||Copy the file to a remote computer before executing (default security).|
|-c||sCopy the file to a remote computer before executing (set security).|
|-w||Don't wait for the process to finish; return immediately.|
|-b||Bypass remote driver checks (assumes driver is already running).|
|-d||Take down computer. Options are Hibernate, LockWorkstation, Logoff, PowerOff, Reboot, Shutdown, and Suspend.|
|-f||Force applications to terminate.|
|-m||Display message to user.|
|-l||Display message for the specified number of seconds (default is 60 seconds).|
|-x||Prevent user from canceling shutdown (shaded button).|
|-n||Ignore computers in use.|
|-g||Use multiple computers specified by a group file.|
|-r||Stop and remove the BeyondExec driver on remote computers.|