Category: Windows Command-Line Administration Instant Reference

Working at the Command Line

I maintain statistics about each of my books. Lately, I’ve noticed a trend with my command line reference books. More people are sending me e-mail about Microsoft Windows Command Line Administration Instant Reference and Administering Windows Server 2008 Server Core. However, the questions are becoming more diverse and less technical. Rather than the targeted questions about administration needs, I’m getting what I think are probably power user questions as well. People see my blog posts about commands, such as FindStr, and they naturally want to know more.

Someone recently wrote to ask me about what I thought the trends regarding the command line are. Based on my statistics, I would think that administrators are continuing to use the command line and more power users are rediscovering the command line. However, basing an opinion solely on book-related e-mail isn’t always the best idea and it certainly isn’t very scientific. Statistically, the e-mail is probably skewed to some extent because people aren’t speaking in general about their feelings—they have specific questions.

So, today I come to you with a request. Could you either comment to this blog post or send me e-mail about how you use the command line, or whether you use it at all? Microsoft is doing everything it can to move people to PowerShell. You can do quite a lot with PowerShell, including writing scripts that are more robust than those you can write at the command line. In addition, there are sites, such as PowerShell.com, that cater to the needs of the PowerShell user.

Even though it would seem at first like PowerShell is the future and the command line is passé, the command line has the advantage of simplicity and long term stability. In addition, there are still more resources available for the command line than there are for PowerShell. I generally use the command line for all my needs because I simply haven’t had a need for the additional resources that PowerShell provides. Let me know your thoughts about the command line and whether you generally see PowerShell as the required replacement for it at [email protected].

 

Death of Windows XP? (Part 4)

The last post, Death of Windows XP? (Part 3), was supposed to be the last word on this topic that won’t die, but as usual, it isn’t. The hackers of the world have figured out a new an interesting way of getting around Microsoft’s plan to kill Windows XP. It turns out that you can continue to get updates if you’re willing to use a registry hack to convince Windows Update that your system is a different version of Windows that is almost like Windows XP Service Pack 3, but not quite. You can read the article, How to get security updates for Windows XP until April 2019, to get the required details.

The hack involves making Windows Update believe that you actually own a Point of Sale (POS) system that’s based on Windows XP. The POS version of Windows XP will continue to have support until April of 2019, when it appears that Windows XP will finally have to die unless something else comes along. It’s important to note that you must have Windows XP Service Pack 3 installed. Older versions of Windows XP aren’t able to use the hack successfully.

After reading quite a few articles on the topic and thinking through the way Microsoft has conducted business in the past, I can’t really recommend the registry hack. There are a number of problems with using it that could cause issues with your setup.

 

  • You have no way of knowing whether the updates will provide complete security support for a consumer version of Windows XP.
  • The updates aren’t specifically tested for the version of Windows XP that you’re using, so you could see odd errors pop up.
  • Microsoft could add code that will trash your copy of Windows XP (once it figures out how to do so).


There are probably other reasons not to use the hack, but these are the reasons that come to mind that are most important for my readers. As with most hacks, this one is dangerous and I do have a strong feeling that Microsoft will eventually find a way to make anyone using it sorry they did. The support period for Windows XP has ended unless you have the money to pay for corporate level support-it’s time to move on.

I most definitely won’t provide support to readers who use the hack. There isn’t any way I can create a test system that will cover all of the contingencies so that I could even think about providing you with any support. If you come to me with a book-related issue and have the hack installed, I won’t be able to provide you with any support. This may seem like a hard nosed attitude to take, but there simply isn’t any way I can support you.

 

Death of Windows XP? (Part 3)

Questions continue to come in from readers who are still using Windows XP despite the fact that Microsoft is only marginally supporting it. Yes, it’s the operating system that refuses to die and readers really are confused as to why Microsoft has decided to kill what is obviously a popular operating system. They’re in good company. In fact, some authors, such as John Dvorak, have gone a lot further in their negative comments regarding the demise of Windows XP. The point is that Microsoft is quite determined to force anyone they can into using Windows 8.1, whether it works for them or not. It doesn’t seem to matter that people still have perfectly usable systems that are happily running Windows XP without problem.

My first two posts on this topic, Death of Windows XP? and Death of Windows XP? (Part 2) should have addressed any questions that people reading my books might have. Essentially, I recommend updating to Windows 7 (for business users) or Windows 8.1 (for consumers) when your hardware begins to die of old age or your needs change.

 


I no longer have access to a Windows XP system, so I’m not able to provide support for my old Windows XP books at this point in time. If you have one of my old Windows XP books, you’ll need to use it as is. I haven’t purposely gone out of my way to orphan the books, but the technology is old and I simply don’t have the resources to provide support for these books any longer. In addition, none of my current programming books are designed for Windows XP developers.

In the meantime, you need to ensure that you get security updates. Microsoft has extended a limited level of security support until 14 July 2015 that includes malware signatures and the associated engine. You won’t receive any sort of bug fixes. In order to enhance the security of your environment, you may want to consider these changes to your system:


  • Use a browser that receives regular security upgrades, such as Chrome or Firefox (IE is a bad choice because Microsoft won’t update it).

  • Remove any software that is prone to security problems, such as Java.

  • Rely on an account with limited privileges, rather than use the Administrator account.
  • Update any application software as often as is possible.
  • Keep the number of installed applications as small as is possible.
  • Examine your system (especially your hard drive) for signs of intruders (such as unexplained processes) on a regular basis.

  • Stay offline whenever possible.

These strategies can help you out for a while, but they’re short term solutions. Eventually, you need to go offline permanently (such as when using the system to run older games) or upgrade to something newer. Please let me know whether you have any additional questions about Windows XP and how it affects support for my books at [email protected].

Death of Windows XP? (Part 2)

The fact that Windows XP, despite some pretty aggressive attack by Microsoft on its own product, is still alive isn’t in doubt. Of course, there is the matter of support to consider. Microsoft has decided not to provide any more support for Windows XP unless you’re a big company or government organization with immensely deep pockets and have a lot of cash to spend. Stories abound about the Dutch and British governments forking over huge bucks to keep their copies of Windows XP patched. Of course, the IRS is in on it too. (Microsoft begrudgingly decided to provide security updates for Windows XP until 14 July 2015 after a lot of complaining.)

My previous post on this topic, Death of Windows XP?, discussed some of the pros and cons of keeping the aging operating system around. In general, it’s a good idea to update to Windows 7 if you have equipment that can run it. Windows 8 has received a lot of negative press, especially for business needs. After working with it for a while myself, I see it as a good consumer operating system, but not necessarily something a business would want to use. Even with the updates, Windows 8 simply forces the user to work too hard to get things done in a manner that businesses would normally do them.

What surprised me this past week (and it shouldn’t have) is that some larger organizations are taking matters into their own hands. For example, if you’re a Windows XP user in China, you can get updates for your Windows XP installation from Qihoo 360. The point is that it appears that Windows XP will continue to receive patches and security updates even if Microsoft isn’t involved. This process almost reminds me of what happened to IBM when it started to drop the ball on the PC. At one time, everything revolved around IBM, but then the company made some really bad decisions and third parties had an opportunity to take control of the market (which they promptly did).

Whether you believe Windows XP is worth saving or not isn’t the issue. What the whole Windows XP scenario points out is that Microsoft is losing it’s grip on the market, even the desktop market where it once reigned supreme. What are your thoughts about Microsoft’s future? Let me know at [email protected].

 

Red Herrings

Whenever a new exploit surfaces, such as Heartbleed, and the media focuses all its attention on it, I have to wonder whether the exploit may not be a red herring—a bit of misdirection used to keep our attention focused anywhere other than it should be. It’s true that this exploit is quite terrible. It affects any server running Secure Sockets Layer (SSL) and Transport Layer Security (TSL) software based on OpenSSL, which is actually supposed to protect people engaged in confidential transactions. Supposedly, Windows and OS X servers are immune to the exploit, but these servers often rely on services offered by servers that are affected, so everyone is suspect at this point. It’s my understanding that the exploit is incredibly easy to implement and doesn’t leave any trace once the perpetrator has gone. Fortunately, there are also ways to fix the problem and most sites will likely have it fixed within a couple of days.

The exploit is an eye opener for users who have grown complacent about Internet use over the years. Most of the articles I read about Heartbleed don’t even address the user, but the user is the real loser. It’s the user’s information that is gone forever without a trace and the user who will likely bear the brunt of the financial problems caused by Heartbleed. Even if a company is forced to pay some sort of compensation to the user for the loss of information, the compensation will never fully repay the user for the inconvenience and loss of reputation that such an exploit causes. Unfortunately, the user continues to pay a price long after the exploit is forgotten in the form of lost opportunities and an inability to make use of certain services due to a loss of reputation caused by the exploit.

However, I began this post by talking about red herrings—the misdirection often found in the plot of detective novels. I find it interesting that this bug was introduced in December 2011 and is only now making headlines. This means that Heartbleed was a usable, viable means of grabbing information surreptitiously for over two years. It makes me think that there must be other kinds of exploits of this sort that nefarious individuals are currently using to grab every last bit of information possible about you. All the media attention on this one particular exploit is taking the spotlight off those other exploits. Perhaps Heartbleed has outlived its usefulness and was actually made visible by the hacker community on purpose for the purpose of hiding the true activities of these individuals. Of course, there is no way of knowing.

What all this leads me to believe is that individuals must exercise good judgement when engaging in online activities of any sort. No one will fix your credit report or reputation once ruined and counting on the financial community to make amends simply won’t work. These people are rich for a reason—they know how to hold onto their money (as in, you won’t get any). In addition, software is always going to contain errors because programmers are human, so you must count on future exploits every bit as bad (or potentially worse) than Heartbleed. With this in mind, consider taking these suggestions to moderate your online behavior and make it a little more safe.

 

  • Use strong passwords that are easy to remember so you don’t have to write them down.
  • Change your password relatively often (every month or two works pretty well).
  • Use different passwords on every site you visit.
  • Never engage in transactions of any sort with any organization you don’t know.
  • Rely on a single credit card for financial transactions and never use the credit card for any other purpose (better yet, rely on an online-specific financial aid such as PayPal).
  • Don’t expose more information about yourself than necessary.


There are other ways in which you can protect yourself, but if you follow these few techniques, you can avoid a considerable number of security issues. The point is that Heartbleed is a scary exploit and there are probably a hundred other exploits, just as scary, already in play out there. Someone will always want your information and just handing it over to them seems like a bad idea, so take steps to personally keep your information secure. Let me know your thoughts about security red herrings at [email protected].

 

Death of Windows XP?

There have been a lot of stories in the trade press about Windows XP as of late. A number of readers have written to ask about the aging operating system because they’re confused by stories from one side that say everyone is sticking with Windows XP and stories from the other that say people are abandoning it. Windows XP is certainly one of the longest lasting and favored operating systems that Microsoft has produced, so it’s not surprising there is so much confusion about it.

Microsoft is certainly putting a lot of effort into getting rid of the aging operating system and for good reason—the code has become hard to maintain. Development decisions that seemed appropriate at the time Windows XP was created have proven not to work out in the long run. Of course, there are monetary reasons for getting rid of Windows XP as well. A company can’t continue to operate if no one buys new product. It must receive a constant influx of funds to stay in business, even a company as large as Microsoft. In short, if you’re Microsoft and you want to stay in business, rather than service what has become an unreliable operating system, you do anything it takes to move people in some other direction.

On the other side of the fence are people are are simply happy with the operating system they have today. The equipment they own is paid for and there isn’t a strong business reason to move to some other platform until said equipment breaks. The reliability of computer equipment is such today that it can last quite a long time without replacement. Theoretically, based on reliability alone, it’s possible that people will continue to use Windows XP for many more years. I have such as system setup to hold my movie database and to play older games I enjoy, but I don’t network it with any other equipment and it definitely doesn’t have access to the Internet.

From many perspectives, reports of the death of Windows XP are likely premature. The latest statistics still place the Windows XP market share above 27 percent. Even when Microsoft’s support goes away on April 8th, many third party vendors will continue to support Windows XP. What Microsoft’s end of support means is that you won’t get any new drivers for new hardware or upgrades to core operating system features. However, you can still get updates to your virus protection and Windows XP will continue to operate with your existing hardware.

For most people, the question of whether to keep Windows XP around hinges around the simple question of whether the operating system still fulfills every need. If this is the case, there really isn’t any reason to succumb to the fear mongering that is taking place and move to something else. However, once your equipment does start to break down or you find that Windows XP doesn’t quite fit the bill any longer, try moving along to something newer.

As to the essential question about the level of Windows XP support I’m willing to provide for my books, it depends on the book. My system no longer has development software on it because developers have moved on to other platforms. So, if you ask me programming questions about Windows XP, I’m not going to be able to help you. To some extent, I can offer a little help with user-level support questions for a few of my older books. However, I won’t be able to cover issues that my support system doesn’t address any longer, such as connecting to a network or the Internet. In sum, even though I can offer you some level of support in many cases, I can’t continue to provide the full support I once did. Let me know about your Windows XP book support questions at [email protected].

 

Your Security is an Illusion

I receive a number of queries about security from administrators and users every month, and many of these questions have links to all sorts of security issues that have occurred recently-everything from National Security Agency (NSA) spying to the Target security breach (incidentally, a number of other businesses have been attacked in the same manner). The fact of the matter is that books such as Administering Windows Server 2008 Server Core, Microsoft Windows Command Line Administration Instant Reference, and Windows 8 for Dummies Quick Reference have been telling you all along that security is a matter of vigilance-that software will never do the job alone. Even so, readers keep sending requests for some sort of magic bullet that will allay all their fears and make the task of security automatic.

Maintaining a reasonably secure system is a matter of observing personal, data, and system-wide best practices, something that SeedboxCo.net could help with if you’re unsure about how to go about it. Many other authors have listed these best practices in the past, but here are some of the techniques that people fail to use most often:

  • Use complex passwords that are easy to remember so you don’t need to write them down-consider using a passphrase whenever possible.
  • Change your password reasonably often and don’t rely on the same set of passwords all the time.
  • Keep your passwords secret so that no one else can abuse them.
  • Encrypt your data.
  • Perform local data backups regularly.
  • Ensure your applications remain updated with the latest security fixes.
  • Update your system as needed to ensure it provides a full set of modern security features.
  • Install security applications that check the incoming and outgoing flow of data, and block anything that looks remotely dangerous.
  • Check your system regularly for any files, folders, software, or other items that look out of place.


This list doesn’t even include some of the common user foibles, such as opening e-mail from parties they don’t know. In addition, none of these techniques are automated. You have to perform the manually in order to get the benefits they provide. Yes, it’s true that some of the techniques are automated once you start them, but you still have to start them. For example, installing security software will automatically monitor the data flow on your system, but you still have to install the security software manually.

Even with all of these security measures in place, someone who is truly determined can break into your system. You should simply count on it happening at some point, even if you’re incredibly careful. When a security breach does occur, you need to have a contingency plan in place.

Any good contingency plan will include a method of evaluating the damage caused by the security breach. You need to know just what was compromised and what the fallout of the compromise will be. Make sure that you are open and honest with your customers at this time as failure to do so can lead to other consequences. Silencing employees who speak out is even worse – you don’t want to juggle a legal fight with a whistleblower lawyer at the same time as cleaning up a data breach – so remain open to conversation at this time. Even individuals experience fallout from security breaches, such as identity theft. Once the damage is evaluated, you need a method for fixing the problems it has caused. In some cases, you may actually have to format the drive and start from scratch, which is where that data backup is going to become critical.

There is no magic bullet when it comes to security. Over the years I’ve searched, in vain, for a magic bullet and it isn’t even possible to conceive of one. Therefore, it’s the user and administrator who are best prepared for the eventuality of spying and security breaches that are in the best position to handle it later. Let me know your thoughts on security at [email protected].

Understanding the Maturing of the Command Line

A number of people have asked me why I’ve written several different command line reference books. The answer is that each book serves a different market. Serving reader needs is a quest of mine. As reader needs change, I also change my books to better meet those needs. The command line may seem static, but reader needs have changed over the years because of the way in which the command line is perceived and the new commands added to it.

The most popular of the set, Windows Command-Line Administration Instant Reference, provides the reader with quick access to the most commonly used commands. In addition, this book emphasize examples over documentation, so you see how to use a command, but don’t necessarily get every detail about it (only those that are used most often). This book is mainly designed to assist administrators. With this group in mind, the book also provides a good overview of batch files and scripting. The point is to provide something small that an administrator can easily carry around.

A second command line reference, Administering Windows Server 2008 Server Core, is designed to meet the needs of those who use Microsoft’s Spartan Server Core operating system. The book includes a number of special features for this audience, such as instructions on getting hard to install software to work in this environment. This is also the only book that discusses how to use Mono to overcome .NET Framework limitations in this environment. Even though the title specifies Windows Server 2008 Server Core, the book has also been tested with Windows Server 2012 Server Core. The point of this book is to allow you to get all of the speed, reliability, and security benefits of Server Core installations without all of the hassle that most administrators face.

My third command line reference, Windows Administration at the Command Line for Windows Vista, Windows 2003, Windows XP, and Windows 2000, serves the general needs of administrators and power users. This book is intended to help anyone use the command line more efficiently. It provides a little more hand holding and considerable more detail about all of the available commands than my other two books. This is also the only book that discusses PowerShell.

The PowerShell portion of this third book has received a lot more attention as of late. Microsoft is making a much stronger emphasis on this new version of the command line, so I’m glad I included it in my book. One of the strong suites of this book is that it not only discusses documented commands, but many undocumented commands as well (with the appropriate caveats, of course).

No matter which version of my command line reference you use, I’m always here to answer your questions about my books. How do you interact with the command line? Has PowerShell taken a more prominent role in the way you do your work? Let me know at [email protected].

 

Limitations of the FindStr Utility

Readers have noted that I use the FindStr utility quite often. This utility is documented in both Windows Command-Line Administration Instant Reference and Administering Windows Server 2008 Server Core (and also appears a host of my other books). At the time I wrote that documentation, I had no idea of how much comment this particular utility would generate. I’ve written a number of posts about it, including Accessing Sample Database Data (Part 3), Understanding Line-, Token-, and String-Based Command Line UtilitiesUsing the FindStr Utility to Locate Errors in Visual Studio, and Regular Expressions with FindStr. It might be possible that people think that this utility is infallible, but it most certainly has limits. Of course, the FindStr utility is line-based and I’ve already documented that limitation. However, it has other limitations as well.

The most important limitation you must consider is how FindStr works. This utility works with raw files. So, you can use it to look inside executable files and locate those produced by a specific organization as long as the file contains unencrypted data. When an executable relies on obfuscation or other techniques to render the content less viewable by competitors, the strings that you normally locate using FindStr might become mangled as well—making them invisible to the utility. In practice, this particular problem rarely happens, but you need to be aware that it does happen and very likely will happen when the executable file’s creator has something to hide (think virus).

Another problem is that FindStr can’t look inside archives or other processed data. For example, you can’t look inside a .ZIP file and hope to locate that missing file. You might initially think that there is a way around this problem by using the functionality provided in Windows 7 and newer versions of Windows to look inside archive files and treat them as folders. However, this functionality only exists within Windows Explorer. You can’t open a command prompt inside an archive file and use FindStr with it.

Recently, a reader had written me about his Office installation. Previously, he had used FindStr to locate specific files based on their content—sometimes using content that wasn’t searchable in other ways. This feature suddenly stopped working and the reader wondered why. It turns out that .DOC files are raw, while .DOCX files are archives. Change the extension of a .DOCX file to .ZIP and you’ll suddenly find that your ZIP file utilities work great with it. Old Office files work well with FindStr—new files only work if you save them in .DOC format.

Another reader wrote to ask about network drives. It seems that the reader was having a problem locating files on a network drive unless the drive was mapped. This actually isn’t a limitation, but you do have to think about what you want to do. Let’s say you’re looking for a series of .DOC files on the C drive (with a shared name of Drive C) of a server named WinServer in the WinWord folder that contain the word Java in them. The command would look like this: FindStr /m /s “Java” “\\WinServer\Drive C\WinWord\*.doc”. When using network drives, you must include the server name, the share name, the path, and the file specification as part of the command. Otherwise, FindStr won’t work. What I have found though is that FindStr works best with Windows servers. If you try to use it with another server type, you might experience problems because FindStr won’t know how to navigate the directory structure.

There is a real limit on the length of your search string. Another reader wrote with this immense search string and wondered why FindStr was complaining about it. The utility appears to have a search string length limit of 127 characters (found through experimentation and not documented—your experience may differ). The workaround is to find a shorter search string or to perform multiple searches (refining the search by creating a more detailed file specification). If you can’t use either workaround, then you need to write an application using something like VBScript to perform the task.

These are the questions that readers have asked most about. Of course, I want to hear your question about limitations as well. If you encounter some strange FindStr behavior that affects my book’s content in some way, please be sure to write at [email protected].

 

Changes to the Start Command Functionality

Sometimes a change command line command occurs and no one really notices for a while, except that there is some oddity in the way the command executes. This is how I recently figured out a change to the Start command. Some update Microsoft provided changed the way it worked, but I have no idea of which one.

I have a batch file in the Startup folder that automatically loads all the sites I use in my favorite browser when I start my system in the morning. The old command looked like this:

Start "C:\Program Files (x86)\Mozilla Firefox\Firefox" "http://antwrp.gsfc.nasa.gov/apod/"

This command starts a copy of Firefox and loads Astronomy Picture of the Day (APOD) for me. The interesting thing is that the command continued to work, despite the change in the Start command functionality. What changed was the fact that the command window didn’t go away once the sites were all loaded. The command window would remain in place until I closed the browser. I’ve had a lot of other things to worry about, so all I did was minimize the command window and let it disappear after I had looked over my sites in the morning.

Notice how the command is in quotes. This is a necessity because there are spaces in the command, so it won’t execute if you don’t place it in quotes. After some investigation, it turns out that the new behavior is treating the command as the Title argument for Start, rather than as the command. The Start command was opening the site based on the URL argument alone. Just why the command window wasn’t closing is something I haven’t figured out yet.

Recently I decided it was time to work out the problems with the Start command because I wanted to use Chrome to load some sites (in addition to those loaded by Firefox) and Chrome wasn’t loading them. The sites were all loading in Firefox. So, I wandered over to TechNet to see what Microsoft has to say on the Start command and that’s when I noticed that the documentation had been updated on April 17, 2012—about the time I started experiencing my little problem (it does sometimes take forever for me to get the time needed to fix an issue).

After thinking through the command for a little while and trying a few alternatives at the command line, I finally came up with a new command for the batch file. Here is the result:

Start /D"C:\Program Files (x86)\Mozilla Firefox\" Firefox.exe "http://antwrp.gsfc.nasa.gov/apod/"

The new version of the command uses the /D command line switch to specify the path to the command. There is nothing new about the /D command line switch—you simply didn’t need to use it in the past to get the desired result from the Start command. Notice that the command now includes the full executable name and extension. The argument appears after the command as before. Now the command executes properly and the command window closes after all the sites are loaded.

Make sure you use this new information when working with either Administering Windows Server 2008 Server Core and Windows Command-Line Administration Instant Reference to ensure you get the desired results from the examples. Also let me know about any issues you encounter with commands in either book at [email protected].