Apr 27, 2006
Apr 26, 2006
Apr 24, 2006
i was fiddling around with using this to issue a stop/start sequence on a service under a given condition. the stop/start stuff was pretty easy, but the response execution was a little baffling.
i found that mysterious "use windows command interpreter (not recommended)" dialog is required (i didn't put the parenthesis around not recommended. that was microsoft's doing). anyway, that's the first part. i'll get to that in a minute.
so how do you execute commands in a sequence? the answer is, i don't know. i don't know if it's possible. i don't know if it happens if you order it right. if you notice, the dialog doesn't supply an "up/down" button to move the commands around to sequence them. you'd have to create them in order. even then, does it execute this way? dunno.
the easy way around this is to use a double ampersand. so in order to stop and start the dhcp service, for example, you'd issue this command:
net stop dhcpserver && net start dhcpserver.
this will issue a stop control, wait for the command to finish successfully, then execute a start control. you can do this in a command shell and see how it runs. (more detail on conditional executions here, if you’re interested.) back to the first part, in order to execute things like this, you need that (not recommended) setting. otherwise, you'll see something like this in the event log:
believe me, i tried all kinds of ways to get this to work, including specifying a variable %windir% in the command line itself to call cmd.exe /c, specifying initial directory, putting the item directly on the command line... none of it worked. the interesting question is why the use windows command interpreter is (not recommended). according to this statement...
Microsoft Operations Manager was unable to create a process to run a batch response.
User Command: %windir%\system32\cmd.exe /c
User Arguments: "net stop dhcpserver && net start dhcpserver"
Command executed: C:\WINDOWS\system32\cmd.exe /c "net stop dhcpserver && net start...
Error details: 3:The system cannot find the path specified.
Using the Windows command interpreter is not recommended as it exposes customers to command line injection vulnerabilities whereby maliciously constructed instrumentation data could cause the execution of arbitrary code. By separating the application name from the parameters passed to it, secure invocation mitigates the command line injection vulnerability.there is no secure invocation (calling a program or procedure) when you use this method. what am i trying to say? use a batch or scripted response where possible. it's easy to do this for starting/stopping services. i suppose you could consider this an interim approach and definitely not something to use on secured machines or dmz servers.
Apr 19, 2006
displays the source and destination domain controllers, along with their delta.repadmin /showrepl
displays the source and destination pairs in comma-delimited format which is much easier to read than standard outputrepadmin /showutvdec /latency
displays the domain controller, usn value, and sorted by timerepadmin /replicate
force replication between two domain controllers
Apr 18, 2006
wmic /node:"servername" /user:"domain\username" rdtoggle where servername = "servername" call setallowtsconnections 1from inside wmic, issue this command:
/node:"servername" /user:"domain\username" rdtoggle where servername = "servername" call setallowtsconnections 1
- /node: indicates the remote server name
- /user: indicates who to grant access to
- setallowtsconnections: indicates to enable terminal services. 1 enables it. 0 disables it.
Apr 6, 2006
Apr 5, 2006
- provider name:
- provider log type: generic single-line log file
- directory: x:\test\logs
- format: generic
- file pattern: crud.log
Application Log Provider Properties: Directory Edit Allows you to specify criteria to define the files that the application log provider processes. The fields are defined as follows: Format Specifies the format of the log files in the specified directory. Directory Specifies the location of the log file. Pattern Displays the file pattern specified in the File Pattern Edit dialog. Click Add to add an application log file pattern. -------------------------------------------------------------------------------- Did you find this information useful? Please send your suggestions and comments about the documentation to firstname.lastname@example.org... no?
Apr 4, 2006
- create a wmi event provider.
- name: exc_script_processes (i named mine this because i'm just clever like that. name yours whatever you want.)
- namespace: root\cimv2
- query: select * from __instancedeletionevent within 89 where targetinstance isa 'win32_process' and targetinstance.commandline like '%cscript%mom%'
- property list:
- provider name: exc_script_processes (or the equally clever name you came up with)
- schedule: always process data
- alert: use a helpful description since wmi events are not pulled raw and do not provide much in the way of useful data.
c:\windows\system32\cscript.exe //job:momreceiver "c:\program files\ ..."since the wmi event is a notification query, it should run with a schedule of 'always process data'. anyway, looking at the rest of the query...
select * from __instancedeletionevent within 89 where targetinstance isa 'win32_process' and targetinstance.commandline like '%cscript%mom%'i broke out the query into its elements. you're probably used to interpreting wmi queries by now. for example, select * from win32_process would list all the processes that are running on a machine. in this case, however, we're querying for __instancedeletionevent which signifies when instances are ... yes ... deleted. since we're looking to find when the script processes bomb out, those instances ending, would be captured. within 89 is simply a polling interval. you have to use the within clause when a class does not have a corresponding event provider. in the "event" that it doesn't, you'll receive this error:
'within' clause must be used in this query due to lack of event providersthe where clause is stipulating a condition. targetinstance is an object created as a response to an event (the event being a deletion). with isa we're specifying what class targetinstance belongs to, that being win32_process. the last part targetinstance.commandline indicates what to look for on that command line property to consider it a match. check out this article for more information. it was extremely useful...