An Update on the RunAs Command

It has been a while since I wrote the Simulating Users with the RunAs Command post that describes how to use the RunAs command to perform tasks that the user’s account can’t normally perform. (The basics of using the RunAs command appear in both Administering Windows Server 2008 Server Core and Windows Command-Line Administration Instant Reference.) A number of you have written to tell me that there is a problem with using the RunAs command with built-in commands—those that appear as part of CMD.EXE. For example, when you try the following command:

RunAs /User:Administrator “md \Temp”

you are asked for the Administrator password as normal. After you supply the password, you get two error messages:

RUNAS ERROR: Unable to run – md \Temp
2: The system cannot find the file specified.

In fact, you find that built-in commands as a whole won’t work as anticipated. One way to overcome this problem is to place the commands in a batch file and then run the batch file as an administrator. This solution works fine when you plan to execute the command regularly. However, it’s not optimal when you plan to execute the command just once or twice. In this case, you must execute a copy of the command processor and use it to execute the command as shown here:

RunAs /User:Administrator “cmd /c \”md \Temp””

This command looks pretty convoluted, but it’s straightforward if you take it apart a little at a time. At the heart of everything is the md \Temp part of the command. In order to make this a separate command, you must enclose it in double quotes. Remember to escape the double quote that appears withing the command string by using a backslash (as in \”).

To execute the command processor, you simply type cmd. However, you want the command processor to start, execute the command, and then terminate, so you also add the /c command line switch. The command processor string is also enclosed within double quotes to make it appear as a single command to RunAs.

 

Make sure you use forward slashes and backslashes as needed. Using the wrong slash will make the command fail.

The RunAs command can now proceed as you normally use it. In this case, the command only includes the username. You can also include the password, when necessary. Let me know if you find this workaround helpful at John@JohnMuellerBooks.com.

 

Understanding the Maturing of the Command Line

A number of people have asked me why I’ve written several different command line reference books. The answer is that each book serves a different market. Serving reader needs is a quest of mine. As reader needs change, I also change my books to better meet those needs. The command line may seem static, but reader needs have changed over the years because of the way in which the command line is perceived and the new commands added to it.

The most popular of the set, Windows Command-Line Administration Instant Reference, provides the reader with quick access to the most commonly used commands. In addition, this book emphasize examples over documentation, so you see how to use a command, but don’t necessarily get every detail about it (only those that are used most often). This book is mainly designed to assist administrators. With this group in mind, the book also provides a good overview of batch files and scripting. The point is to provide something small that an administrator can easily carry around.

A second command line reference, Administering Windows Server 2008 Server Core, is designed to meet the needs of those who use Microsoft’s Spartan Server Core operating system. The book includes a number of special features for this audience, such as instructions on getting hard to install software to work in this environment. This is also the only book that discusses how to use Mono to overcome .NET Framework limitations in this environment. Even though the title specifies Windows Server 2008 Server Core, the book has also been tested with Windows Server 2012 Server Core. The point of this book is to allow you to get all of the speed, reliability, and security benefits of Server Core installations without all of the hassle that most administrators face.

My third command line reference, Windows Administration at the Command Line for Windows Vista, Windows 2003, Windows XP, and Windows 2000, serves the general needs of administrators and power users. This book is intended to help anyone use the command line more efficiently. It provides a little more hand holding and considerable more detail about all of the available commands than my other two books. This is also the only book that discusses PowerShell.

The PowerShell portion of this third book has received a lot more attention as of late. Microsoft is making a much stronger emphasis on this new version of the command line, so I’m glad I included it in my book. One of the strong suites of this book is that it not only discusses documented commands, but many undocumented commands as well (with the appropriate caveats, of course).

No matter which version of my command line reference you use, I’m always here to answer your questions about my books. How do you interact with the command line? Has PowerShell taken a more prominent role in the way you do your work? Let me know at John@JohnMuellerBooks.com.

 

Limitations of the FindStr Utility

Readers have noted that I use the FindStr utility quite often. This utility is documented in both Windows Command-Line Administration Instant Reference and Administering Windows Server 2008 Server Core (and also appears a host of my other books). At the time I wrote that documentation, I had no idea of how much comment this particular utility would generate. I’ve written a number of posts about it, including Accessing Sample Database Data (Part 3), Understanding Line-, Token-, and String-Based Command Line UtilitiesUsing the FindStr Utility to Locate Errors in Visual Studio, and Regular Expressions with FindStr. It might be possible that people think that this utility is infallible, but it most certainly has limits. Of course, the FindStr utility is line-based and I’ve already documented that limitation. However, it has other limitations as well.

The most important limitation you must consider is how FindStr works. This utility works with raw files. So, you can use it to look inside executable files and locate those produced by a specific organization as long as the file contains unencrypted data. When an executable relies on obfuscation or other techniques to render the content less viewable by competitors, the strings that you normally locate using FindStr might become mangled as well—making them invisible to the utility. In practice, this particular problem rarely happens, but you need to be aware that it does happen and very likely will happen when the executable file’s creator has something to hide (think virus).

Another problem is that FindStr can’t look inside archives or other processed data. For example, you can’t look inside a .ZIP file and hope to locate that missing file. You might initially think that there is a way around this problem by using the functionality provided in Windows 7 and newer versions of Windows to look inside archive files and treat them as folders. However, this functionality only exists within Windows Explorer. You can’t open a command prompt inside an archive file and use FindStr with it.

Recently, a reader had written me about his Office installation. Previously, he had used FindStr to locate specific files based on their content—sometimes using content that wasn’t searchable in other ways. This feature suddenly stopped working and the reader wondered why. It turns out that .DOC files are raw, while .DOCX files are archives. Change the extension of a .DOCX file to .ZIP and you’ll suddenly find that your ZIP file utilities work great with it. Old Office files work well with FindStr—new files only work if you save them in .DOC format.

Another reader wrote to ask about network drives. It seems that the reader was having a problem locating files on a network drive unless the drive was mapped. This actually isn’t a limitation, but you do have to think about what you want to do. Let’s say you’re looking for a series of .DOC files on the C drive (with a shared name of Drive C) of a server named WinServer in the WinWord folder that contain the word Java in them. The command would look like this: FindStr /m /s “Java” “\\WinServer\Drive C\WinWord\*.doc”. When using network drives, you must include the server name, the share name, the path, and the file specification as part of the command. Otherwise, FindStr won’t work. What I have found though is that FindStr works best with Windows servers. If you try to use it with another server type, you might experience problems because FindStr won’t know how to navigate the directory structure.

There is a real limit on the length of your search string. Another reader wrote with this immense search string and wondered why FindStr was complaining about it. The utility appears to have a search string length limit of 127 characters (found through experimentation and not documented—your experience may differ). The workaround is to find a shorter search string or to perform multiple searches (refining the search by creating a more detailed file specification). If you can’t use either workaround, then you need to write an application using something like VBScript to perform the task.

These are the questions that readers have asked most about. Of course, I want to hear your question about limitations as well. If you encounter some strange FindStr behavior that affects my book’s content in some way, please be sure to write at John@JohnMuellerBooks.com.

 

Installing and Managing Third Party Products

Most of my books make recommendations about third party products that you can use to enhance your computing experience. Each of these products is tested during the writing process, but without any of the add-on applications that may come with the product. For example, if I test a Windows enhancement product, I don’t test the toolbar that comes with that product. So, it’s important to realize that the advice you obtain in the book doesn’t include those add-on features.

However, it’s important to take a step back at this point and discuss why the product includes an add-on in the first place. Just like you, the product vendor has bills to pay and must obtain money from somewhere to pay them. An important concept to remember when working with computers is that free doesn’t exist. Typically, product vendors who offer free products will do so by paying for them in one of these ways:

  • Advertisements: Advertising comes in many forms, not just banner ads. Marketing types constantly come up with new ways to advertise products and induce you to buy them. A developer can obtain payment from advertisements in several ways, such as referral fees.
  • Product Add-ons: A developer can provide the means to install other products with the product that you’re installing. The company who provides the additional product sponsors the free product that you’re using.
  • Marketing Agreements: The application collects information about you and your system when you install it and the developer sells this information to marketing companies.
  • Value-added Products: The free product that you’re using is just a sample of some other product that the developer provides. If you like the free product, the developer is hoping that you’ll eventually purchase the full-fledged product.
  • Government Grants: A developer creates a product after obtaining a grant from the government. You pay for the product through your taxes.
  • Sponsorship: A larger company supports a developer’s work to determine whether the idea is marketable or simply the seed of something the larger company can develop later. You pay for the product through higher prices when you buy something from the larger company.

There are other methods that developers use to get paid for their work, but the bottom line is that they get paid. Whenever you see free, your mind should say, “This product doesn’t cost money, but there is some other price.” You need to decide whether you’re willing to pay the price the developer is asking. In the case of a government grant, you’ve already paid the price.

When you install a free product, you must watch the installation routine carefully. In almost every case, you must opt out of installing add-on products that the free product supports. So, you have to read every screen carefully because these opt-out check boxes are usually small and hard to see. The developer really isn’t pulling a fast one—just trying to earn a living. Make sure you clear any check boxes you see for installing add-on products if you don’t want that product on your machine. The reason I don’t discuss these check boxes in my books is that they change constantly. Even if I were to tell you about the check boxes that appeared at the time I installed the free product, your experience is bound to be different.

Of course, you might accidentally install one of these add-ons, an add-on that you really didn’t want. In this case, you must locate the product in the list of products installed on your system, such as the Programs and Features applet of the Control Panel for Windows users. The product name won’t be straightforward, but a little research will help you find it. Simply uninstall the add-on product. However, it’s always better to avoid installing something you don’t want to begin with, rather than remove it later, because few applications uninstall cleanly (even those from larger vendors such as Microsoft).

Unfortunately, there isn’t much I can do to help you when you install an add-on product. I do have some experience with the third party product in my book, but I won’t know anything about the add-on product. You need to contact the developer of the third party product to ask for advice in removing it from your system. This may seem like I’m passing the buck, but the truth is that the add-on products change all the time and there simply isn’t any way I can keep up with them all. When in doubt, don’t install a product, rather than being sorry you installed it later. Let me know your thoughts on third party products at John@JohnMuellerBooks.com.

 

Creating Links Between File Extensions and Batch Files

A couple of weeks ago I wrote a post entitled, “Adding Batch Files to the Windows Explorer New Context Menu” that describes how to create an entry on the New context menu for batch files. It’s a helpful way to create new batch files when you work with them regularly, as I do. Readers of both Administering Windows Server 2008 Server Core and Windows Command-Line Administration Instant Reference need this sort of information to work with batch files effectively. It wasn’t long afterward that a reader asked me about creating links between file extensions and batch files. For example, it might be necessary to use a batch file to launch certain applications that require more information than double clicking can provide.

This example is going to be extremely simple, but the principle that it demonstrates will work for every sort of file extension that you can think about. Fortunately, you don’t even need to use the Registry Editor (RegEdit) to make this change as you did when modifying the New menu. The example uses this simple batch file named ViewIt.BAT.

@Echo Processing %1
@Type %1 | More
@Pause

Notice that the batch file contains a %1 entry that accepts the filename and path the Windows sends to it. You only receive this single piece of information from Windows, but that should be enough for many situations. All you need to do then is create a reasonably smart batch file to perform whatever processing is necessary before interacting with the file. This batch file will interact with text (.TXT extension) files. However, the same steps work with any other file extension. In addition, this isn’t a one-time assignment—you can assign as many batch files as desired to a single file extension. Use these steps to make the assignment (I’m assuming you have already created the batch file).

  1. Right-click any text file in Windows Explorer and choose Open With from the context menu.
  2. Click Choose Default Program from the list of options. You see the Open With dialog box shown here.
    Link01
  3. Clear the Always Use the Select Program to Open this Kind of File option.
  4. Click Browse. You see the Open With dialog box.
  5. Locate and highlight the batch file you want to use to interact with the text file (or any other file for that matter) and click Open. You see the batch file added to the Open With dialog box.
  6. Click OK. You see the batch file executed on the selected file as shown here.
    Link02

At this point, you can right-click any file that has the appropriate extension and choose the batch file from the Open With menu. The batch file will receive the full path to the file as shown in this example. It can use the information as needed to configure the environment and perform other tasks, including user interaction. Let me know your thoughts on linking file extensions to batch files at John@JohnMuellerBooks.com.

 

Adding Batch Files to the Windows Explorer New Context Menu

Administrators are always looking for ways to perform tasks faster. Most administrators have little time to spare, so I don’t blame them for looking for new techniques. One of the ways in which administrators gain a little extra time is to automate tasks using batch files. Both Administering Windows Server 2008 Server Core and Windows Command-Line Administration Instant Reference provide significant information about creating and using batch files to make tasks simpler. However, a number of readers have asked how to make creating the batch files faster by adding batch files to the Windows Explorer New context menu. That’s the menu that appears when you right click in Windows Explorer. It contains items such as .TXT files by default, but not .BAT (batch) files.

Being able to right click anywhere you’re working and creating a batch file would be helpful. Actually, the technique in this post will work for any sort of file you want to add to that menu, not just batch files, but the steps are specific to batch files.

 

  1. Open the Registry editor by typing RegEdit in the Search Programs and Files field of the Start Menu and clicking on the RegEdit entry at the top of the list.
  2. Right click the HKEY_CLASSES_ROOT\.bat key and choose New | Key from the context menu. You’ll see a new key added to the left pane.
  3. Type ShellNew and press Enter.
  4. Right click the new ShellNew key and choose New | String Value from the context menu. You’ll see a new string value added to the right pane.
  5. Type NullFile and press Enter. Your Registry Editor display should look like the one shown here.
    NewBatchFile01

At this point, you should be able to access the new entry in Windows Explorer. Right click anywhere in Windows Explorer and choose the New context menu. You should see the Windows Batch File entry shown here:

NewBatchFile02

Selecting this entry will create a blank batch file for you in the location you selected. All you need to do is open the file and begin editing it. What other sorts of time saving methods do you find helpful in working with batch files? Let me know at John@JohnMuellerBooks.com.

 

Exercise Care When Synching to External Time Sources

I read with interest an article by Mary Jo Foley recently entitled, “Microsoft offers guidance on Windows Server Year 2000 time-rollback issue.” It seems that the time source at USNO.NAVY.MIL experienced a problem and rolled back the clocks on a number of servers to the year 2000 during the evening of November 19th. I wouldn’t have wanted to be one of the administrators who had to fix that problem, especially if there were time-sensitive processes running at the time. Can you imagine the effect on applications such as billing? Of course, the effects are devastating for time-sensitive server features such as Active Directory.

If your organization has a single server that relies on a single time source for synching purposes, it probably isn’t possible to detect this sort of problem immediately, unless you have a human being observing the synching process. Given that administrators love automation, having someone physically sync the server won’t happen in most cases. However, good advice in this case is not to sync to the time server every day—sync only on days when someone will be there to monitor the servers. At least the administrator can quickly react to errant updates of the sort mentioned in the article.

Larger installations with multiple servers could possibly set up multiple time servers and use an application to monitor them. When the servers are out of sync, the application can notify the administrator about the issue. It’s also possible to use the W32Tm utility to perform time monitoring or to compare the time settings of two systems using a strip chart.

Actually, it’s a bad idea to sync to the time server at times when an administrator isn’t available to monitor the system, such as during the middle of the night or a holiday. The best option is to sync the server immediately before the staff arrives in the morning or immediately after they leave at night, when an administrator is available to quickly fix the problem. My personal preference is to include the W32Tm utility in a batch file that runs when I start my system in the morning. This batch file syncs all of the systems on the network at a time when I’m specifically watching to see the results. Both Administering Windows Server 2008 Server Core and Windows Command-Line Administration Instant Reference provide information on how to use this utility to perform a wide variety of time-related tasks.

If you happened to be affected by this issue, make sure you read the Microsoft blog post entitled, “Fixing When Your Domain Traveled Back In Time, the Great System Time Rollback to the Year 2000.” Even if you have already fixed the problem, the information in the article is useful because it helps define the problem and provides some useful information for avoiding the problem in the future. The vast majority of servers affected by this problem have Windows 2003 installed without time jump protection enabled. I’d actually like to hear if someone has encountered something odd in this particular circumstance so that I get a better feel how this problem manifested itself in the real world.

How do you work through time-related issues in your organization? Have you ever encountered a problem of this sort with your system? Let me know your thoughts at John@JohnMuellerBooks.com.

 

Talking Technical with Non-technical Audiences

Communication has always been key to any sort of technical activity, but the need to communicate efficiently is greater today than ever before. The fact that early developers were successful despite having limited communication skills is more due to the fact that early users were also technical (so they shared the same frame of reference), rather than the superiority of the application environment at the time. In fact, applications are a form of communication specific to computers, but until recently, most developers didn’t view them in that light.

The days of the solo developer working in a darkened room and subsisting on a diet of pizza and soda are gone. Applications today have to appeal to a broad range of people—most of whom have no technical skills and have no desire whatsoever to develop such skills. The complex application environment means that developers must possess the means to articulate abstract coding issues in a concrete and understandable manner to people who view their computers as appliances. In addition, developers now commonly work as part of a team that includes non-developer members such as graphics designers. In short, if you don’t know how to tell others about your ideas and the means you plan to use to implement them, your ideas are likely going to end up on the junk heap. That’s why I wrote, “10 Reasons Development Teams Don’t Communicate” for SmartBear Blog.

The problems that developers experience today have more to do with limited communication skills, than technical ability. It’s quite possible to write amazing applications without developing the skills to communicate the concepts and techniques demonstrated in the applications to others. In fact, the stereotype of the geek is funny, in part, because it has a basis in fact. Schools don’t spend much time teaching those with technical skills how to communicate effectively and the graduates often struggle to understand the basis for miscommunication, even amongst peers. Schools will eventually catch up and begin teaching developers (and other technical disciplines) strong communication skills, but in the meantime, developers and other members of the technical professions will need to rely on articles such as mine to obtain the information needed to communicate clearly.

A successful developer now needs to listen to others actively—to be able to repeat the goals others have for an application in terms that the listener understands. In addition, the developer needs to know how to communicate well in both written and oral forms. The transition between the abstract world of code and the concrete world of the typical user is something that a developer needs to practice because there are no books that adequately address the topic today. To keep costs to a minimum, developers must accomplish communication tasks within a limited time frame and without error. In short, there is a significant burden on the developer today to create an environment in which users, administrators, management, devops, and other interested parties can communicate both needs (required application features) and wants (nice-to-have application features) in a way that the developer can interpret and turn into a functioning application.

What sorts of communication issues have you faced as a developer or other technical specialist? Do you often find that people look at you quizzically and then proceed as if they understand (but you can tell they don’t)? Let me know your thoughts about communication issues at John@JohnMuellerBooks.com.

 

Saving Data to the Cloud

Cloud computing is here—no doubt about it. In fact, cloud computing offers the only viable way to perform certain tasks. Certainly, large organization can’t get by without using cloud computing to keep the disparate parts of their organization in communication. However, I’ve been unimpressed with saving data to the cloud for a number of reasons:

  • Someone could easily obtain access to confidential information.
  • The data is inaccessible if my Internet connection is down.
  • A cloud vendor can just as easily lose the data as I can.
  • The vendor doesn’t have a vested interest in protecting my data.
  • Just about anyone with the right connections could seize my data for just about any reason.


As a consequence, I’ve continued to back by system up to DVDs and store some of these DVDs off-site. It’s an imperfect solution and I’ve often considered using the cloud as a potential secondary backup. However, when I saw the news today about Megaupload and the fact that the data people have stored there is safe for possibly two more weeks, I started reconsidering any use of cloud backup.

Just look at what has happened. The federal government has seized data from the site and then shut it down, making the user’s data inaccessible to them. If someone who uses that service for backup is having a bad day with a downed system, it just got worse. Now their data has become inaccessible to them. There isn’t any means of recovering it until someone decides to make it accessible again.

If the data does become accessible again, the users have two weeks in which to download everything and find another place to store it. Losing the personal mementos is bad enough, but to lose confidential information on top of that (think accounting data) makes the loss terrifying indeed. There is also that federal possession of everyone’s data for use in court no less. Now everyone will potentially know everything that people have stored on Megauploadthe good, the bad, and the ugly.

Of course, everyone is talking about what this means, but personally, I go along with John Dvorak in thinking that this incident gives cloud storage the huge black that it rightfully deserves. These services promise much, but I can’t see how they can possibly deliver it all. Yes, there are advantages to using cloud backup, such as the benefits of off-site storage that is outside of your location so that if an extreme disaster strikes, you should theoretically have your data stored in a safe location. Of course, there is also the convenience factor, assuming that you have an Internet connection that’s fast enough to make such backup of an entire system practical.

Cloud computing is going to remain a part of the computing environment from now on, but I think cloud backup has a lot further to go before anyone should trust it as a primary means of data storage. What are your thoughts about cloud backup? Let me know at John@JohnMuellerBooks.com.

Using Assoc and FType to Create a New Type

On page 74 of Windows Command-Line Administration Instant Reference, I describe how to add an Open command to an existing file type, txtfile. The txtfile type already appears in the registry, so adding a new command to it is relatively straightforward. However, what happens if you want to create an entirely new type—one that doesn’t currently exist in the Registry?

Before you can do anything, you need to open an Administrator command prompt because Vista, Windows 7, and anything else newer won’t let you make the required registry changes with a standard account. Follow these steps in order to open an administrator command prompt.

 

  1. Choose Start > All Programs > Accessories.
  2. Right click the Command Prompt icon and choose Run As Administrator from the context menu. You’ll see a User Account Control dialog box.
  3. Click Yes. You’ll see a new command prompt open. However, instead of the usual title bar entry, you’ll see Administrator: Command Prompt. In addition, instead of opening to your personal user folder, the prompt will display C:\Windows\system32>. If you don’t see these differences, then you haven’t opened an administrator command prompt.


Let’s say you want to include a new file extension and it’s associated type. For example, you might want to create a .RIN file extension and associate it with a type of RINFile. Once you create this association, you may want to use Notepad to open the file. In order to perform this task, you need to use two different utilities as shown in the following steps.

 

  1. Type Assoc .RIN=RINFile and press Enter. You’ll see, “.RIN=RINFile” appear at the command line. This command creates a .RIN file extension entry in the Registry as shown here.
    AssocFType01
  2. Type FType RINFile=%SystemRoot%\Notepad.exe %1 and press Enter. Notice that you don’t enclose the command in double quotesit will fail if you do. You’ll see, “RINFile=C:\Windows\Notepad.exe %1” (or something similar) appear at the command line. This command creates the RINFile association in the Registry as shown here.
    AssocFType02
  3. Create a new .RIN file on your hard drive. You don’t have to do anything with it, just create the file.
  4. Double click the new .RIN file. Windows will open the file using Notepad.


This technique works with any file extension and association you want to create. In fact, you could easily create a batch file to patch user configurations where the file associations have become damaged in some way. The big thing to remember is that this is always a two-step process when the file extension doesn’t already exist or the association is new. Use the Assoc utility to create a link between any file extension and it’s association and the FType utility to create the association itself. Let me know if you have any questions about this technique at John@JohnMuellerBooks.com.