Often, even if you are logged on as a user which belongs to the local Administrators group, you may have to open a command prompt (or other program) as “administrator.” Simply right-click the shortcut (Start, All Programs, Accessories, Command Prompt) and select Run As Administrator.
Applies to:
You can restart IIS and disable Reliable Restart using the command prompt and Iisreset.exe. See the following command-line usage and parameters.
iisreset [computername]
/RESTART Stop and then restart all Internet services.
/START Start all Internet services.
/STOP Stop all Internet services.
/REBOOT Reboot the computer.
/REBOOTONERROR Reboot the computer if an error occurs when starting, stopping, or restarting Internet services.
/NOFORCE Do not forcefully terminate Internet services if attempting to stop them gracefully fails.
/TIMEOUT:val Specify the timeout value (in seconds) to wait for a successful stop of Internet services. On expiration of this timeout the computer can be rebooted if the /REBOOTONERROR parameter is specified. The default value is 20s for restart, 60s for stop, and 0s for reboot.
/STATUS Display the status of all Internet services.
/ENABLE Enable restarting of Internet Services on the local system.
/DISABLE Disable restarting of Internet Services on the local system.
iisreset /restart
Have you ever wanted a quick and easy way to know how long your Windows 7 (or Vista or Windows 2008 server) system has been running? When it was last restarted or rebooted? There are a few easy ways this can be done, most from the Windows command line. So open a Windows command prompt and choose the one that works best for you. (Most of these commands work with Windows XP, Windows 2003, 2000, etc. See notes below for specifics.)
From a command prompt window run the following (the ‘S’ in ‘Statistics’ must be capitalized):
net statistics workstation | find "Statistics"
You can shortcut it as well using:
net stats work | find "Stat"
Result:
Or ever shorter use either of the following:
net stats work
netstats work |more
systeminfo | find "System Boot Time"
Result:
You can use the following on XP, Windows 2003 and earlier (however this will give only the length of uptime and not the system boot time):
systeminfo | find "Up Time"
wmic OS Get LastBootUpTime
cscript c:windowssystem32eventquery.vbs /fi "ID eq 6005" /l system
Over the years I have found system event log event 6005, “The Event log service was started.” to be the the most consistent entry after a computer restarts, even from a power outage, BSOD or other event. This command will also give you a history of system startups listed in the System event log.
Just like with anything there are many ways to skin this cat, so choose your favorite one (or two to double-check data) and go for it.
Within a couple hours of Amazon’s announcement of the availability of Windows 2008 machine images (AMI’s) on their EC2 (Elastic Compute Cloud) platform a few days ago I had to give it a try – see my previous post, “Amazon EC2 Now Offers Windows Server 2008 – Finally!”
I used RightScale to locate and launch a Windows 2008 instance.
Now that I know the AMI (ami-5a07e533) I can easily launch instances in the future from the command line using Amazon’s command line tools:
ec2-run-instances ami-5a07e533 -n 1 -g <group1> -g <group2> -g <group3> -k <My AWS Key> -t m1.small -z us-east-1a
Once it was up and running I got the administrator password in ElasticFox, launched RD & went to work checking it out and setting it up to suit my needs.
Here are a couple things I noticed:
Windows 2003 small instance: 720 hour/mo. * $.12 = $86.40 per month.
Windows 2008 small instance: 720 hour/mo. * $.12 = $86.40 per month + $36 (to make up for the lost disk space) = $122.40 per month, or 30% more.
Of course I had to check the Windows Update status & found it needed 14 “recommended” or critical updates, which I promptly installed. Probably 1/2 of these were release two days ago by Microsoft on Patch Tuesday. But even still I hoped the image would have been a little more up-to-date.
While the updates were downloading and installing I tweaked my desktop a little so it would be setup the way I like.
Another feature Amazon announced recently, “Booting From Amazon EBS,” is being used by the Windows 2008 instances. This is what enables the larger system partition, or “C” drive. This also enables the ability to “shutdown” the instance, then you can start it back up at a later time & it will pick up where it left off. While the machine is shutdown you won’t be charged for computing resources time, but you will still be charged for the EBS volume(s) on which the server is based.
Bundling an Instance Backed by Amazon EBS
One common use case is the desire to make a point‐in‐time copy of the contents of the root device so that another instance could boot off of that image. Images are typically created for backup purposes or to make clones of the existing instance. Previously, this process on Linux required you to create an image of your instance on the instance itself and no APIs were available to assist. On Windows, there was an API that you could call to create an image of the instance, but had to make another subsequent call to register the AMI. Now, there is one API for both Linux/UNIX and Windows that allows you to bundle your AMI backed by Amazon EBS and register it.
After setting up and playing with my new EC2 Windows 2008 server for a while I shut it down so I could start it up in the future when I’m ready to dive a little deeper into it. Right now it’s costing me $3 a month to sit there – not bad.
All in all I’m glad Amazon finally supports Windows 2008 & it seems to function just fine. My existing tools, from ElasticFox, to RightScale, to Amazon Command Line Tools, all work with Windows 2008 without any upgrade or modification, which is a definite plus. I was a little disappointed my small instance has 320GB less storage than a small Linux or Windows 2003 instance, which means I’ll have to pay $32/mo. more to get that back – the more I think about it I’m a lot disappointed about the hidden price increase.
The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file’s on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete (Secure Delete) is such an application.
You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever. Note that SDelete securely deletes file data, but not file names located in free disk space.
Using SDelete
SDelete is a command line utility that takes a number of options. In any given use, it allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. SDelete accepts wild card characters as part of the directory or file specifier.
Usage: sdelete [-p passes] [-s] [-q]
sdelete [-p passes] [-z|-c] [drive letter]
| -c | Zero free space (good for virtual disk optimization). |
| -p passes | Specifies number of overwrite passes. |
| -s | Recurse subdirectories. |
| -q | Don’t print errors (quiet). |
| -z | Cleanse free space. |
Securely deleting a file that has no special attributes is relatively straight-forward: the secure delete program simply overwrites the file with the secure delete pattern. What is more tricky is securely deleting Windows NT/2K compressed, encrypted and sparse files, and securely cleansing disk free spaces.
Compressed, encrypted and sparse are managed by NTFS in 16-cluster blocks. If a program writes to an existing portion of such a file NTFS allocates new space on the disk to store the new data and after the new data has been written, deallocates the clusters previously occupied by the file. NTFS takes this conservative approach for reasons related to data integrity, and in the case of compressed and sparse files, in case a new allocation is larger than what exists (the new compressed data is bigger than the old compressed data). Thus, overwriting such a file will not succeed in deleting the file’s contents from the disk.
To handle these types of files SDelete relies on the defragmentation API. Using the defragmentation API, SDelete can determine precisely which clusters on a disk are occupied by data belonging to compressed, sparse and encrypted files. Once SDelete knows which clusters contain the file’s data, it can open the disk for raw access and overwrite those clusters.
Cleaning free space presents another challenge. Since FAT and NTFS provide no means for an application to directly address free space, SDelete has one of two options. The first is that it can, like it does for compressed, sparse and encrypted files, open the disk for raw access and overwrite the free space. This approach suffers from a big problem: even if SDelete were coded to be fully capable of calculating the free space portions of NTFS and FAT drives (something that’s not trivial), it would run the risk of collision with active file operations taking place on the system. For example, say SDelete determines that a cluster is free, and just at that moment the file system driver (FAT, NTFS) decides to allocate the cluster for a file that another application is modifying. The file system driver writes the new data to the cluster, and then SDelete comes along and overwrites the freshly written data: the file’s new data is gone. The problem is even worse if the cluster is allocated for file system metadata since SDelete will corrupt the file system’s on-disk structures.
The second approach, and the one SDelete takes, is to indirectly overwrite free space. First, SDelete allocates the largest file it can. SDelete does this using non-cached file I/O so that the contents of the NT file system cache will not be thrown out and replaced with useless data associated with SDelete‘s space-hogging file. Because non-cached file I/O must be sector (512-byte) aligned, there might be some left over space that isn’t allocated for the SDelete file even when SDelete cannot further grow the file. To grab any remaining space SDelete next allocates the largest cached file it can. For both of these files SDelete performs a secure overwrite, ensuring that all the disk space that was previously free becomes securely cleansed.
On NTFS drives SDelete‘s job isn’t necessarily through after it allocates and overwrites the two files. SDelete must also fill any existing free portions of the NTFS MFT (Master File Table) with files that fit within an MFT record. An MFT record is typically 1KB in size, and every file or directory on a disk requires at least one MFT record. Small files are stored entirely within their MFT record, while files that don’t fit within a record are allocated clusters outside the MFT. All SDelete has to do to take care of the free MFT space is allocate the largest file it can – when the file occupies all the available space in an MFT Record NTFS will prevent the file from getting larger, since there are no free clusters left on the disk (they are being held by the two files SDelete previously allocated). SDelete then repeats the process. When SDelete can no longer even create a new file, it knows that all the previously free records in the MFT have been completely filled with securely overwritten files.
To overwrite file names of a file that you delete, SDelete renames the file 26 times, each time replacing each character of the file’s name with a successive alphabetic character. For instance, the first rename of “foo.txt” would be to “AAA.AAA”.
The reason that SDelete does not securely delete file names when cleaning disk free space is that deleting them would require direct manipulation of directory structures. Directory structures can have free space containing deleted file names, but the free directory space is not available for allocation to other files. Hence, SDelete has no way of allocating this free space so that it can securely overwrite it.
Download SDelete
(47 KB)
I opened my email this morning and much to my pleasure I found this announcement from Amazon:
Amazon EC2 Now Offers Windows Server 2008
Starting today, Amazon EC2 now offers Microsoft Windows Server 2008 and Microsoft SQL Server® Standard 2008 instances in all Amazon EC2 Regions. This new announcement extends Amazon EC2’s existing Microsoft-based offerings that include Windows Server 2003 and SQL Server 2005 instances. Like all services offered by AWS, Amazon EC2 running Windows Server or SQL Server offers a low-cost, pay-as-you-go model with no long-term commitments and no minimum fees. Please visit the Amazon EC2 service page for more information on using Amazon EC2 running Windows
It’s about time!
Of course, I had to give it a try. I accessed my account with Elasticfox and browsed through the images, but didn’t immediately find a Windows 2008 image, so I headed over to RightScale, found what I was looking for and immediately launched an instance. I launched it through RightScale (which I do sometimes anyway) because I was in a hurry to get to a meeting and didn’t see the AMI ID. So I started it and headed to my meeting while it spun up.
Now that I know the AMI (ami-5a07e533) I can launch instances in the future from the command line using Amazon’s command line tools:
ec2-run-instances ami-5a07e533 -n 1 -g <group1> -g <group2> -g <group3> -k <My AWS Key> -t m1.small -z us-east-1a
Once it was up and running I got the administrator password in ElasticFox, launched RD & went to work checking it out and setting it up to suit my needs.
Here are some of the things I noticed:
Of course I had to check the Windows Update status & found it needed 14 “recommended” or critical updates, which I promptly installed. Probably 1/2 of these were release two days ago by Microsoft on Patch Tuesday. But even still I hoped the image would have been a little more up-to-date.
While the updates were downloading and installing I tweaked my desktop a little so it would be setup the way I like.
Next I bundled the instance and shut it down. I used RightScale for the bundling because their interface is easy to use and does it all in one step. Now I have my own “customized” image to start from when I’m ready to work with Windows 2008 on Amazon EC2 in the future.
All in all I’m glad Amazon finally supports Windows 2008 & it seems to function just fine. My existing tools, from ElasticFox, to RightScale, to Amazon Command Line Tools, all work with Windows 2008 without any upgrade or modification, which is a definite plus. I was a little disappointed my small instance has 320GB less storage than a small Linux or Windows 2003 instance, which means I’ll have to pay $32/mo. more to get that back – the more I think about it I’m a lot disappointed about the hidden price increase.
Although Microsoft continues to expand PowerShell with more capability, the command prompt has not been left behind in Windows Server 2008. In fact, with this latest Windows Server release, the command prompt gains some capability, including a tool that allows administrators to add or remove features on a Windows Server 2008 installation with servermanagercmd.exe, which replicates some of the functionality from the Windows Server 2008 Server Manager. Through the use of various command line options, you can quickly and easily add or remove features and roles to or from your server.
The command requires a parameter indicating the action that you wish to perform and, for some parameters, additional information such as which features you want to manage. The list below outlines some of the parameters available with servermanagercmd.
The table below provides you with a complete list of the components installable using the servermanagercmd command. The first column is the overall feature name. For some features, roles, or services, there are multiple components available. The second column of the table gives you a complete list of all subcomponents while the third column is the identifier to use with the -install or -remove parameter.
| Role / Service or Main Feature | R/S/F Name | Installatiom command |
| DHCP Server | DHCP Server | DHCP |
| Print Services | Print Server | Print-Services |
| Internet Printing | Print-Internet | |
| LPD Service | Print-LPD-Service | |
| Terminal Services | Terminal Services | Terminal-Services |
| Terminal Server | TS-Terminal-Server | |
| TS Licensing | TS-Licensing | |
| TS Gateway | TS-Gateway | |
| TS Web Access | TS-Web-Access | |
| TS Session Broker | TS-Session-Broker | |
| Active Directory Domain Services | AD | N/A |
| Active Directory Domain Controller | ADDS-Domain-Controller | |
| Identity Management for UNIX | ADDS-Identity-Management | |
| Server for Network Information Service | ADDS-NIS | |
| Password Synchronization | ADDS-Password-Sync | |
| DNS Server | DNS | |
| File Services | File Services | N/A |
| Distributed File System (DFS) | FS-DFS | |
| DFS Namespace | FS-DFS-Namespace | |
| DFS Replication | FS-DFS-Replication | |
| File Server Resource Manager | FS-Resource-Manager | |
| Services for Network File System | FS-NFS-Services | |
| Windows Search Service | FS-Search-Service | |
| Windows Server 2003 File Services | FS-Win2003-Services | |
| File Replication Service | FS-Replication | |
| Indexing Service | FS-Indexing-Service | |
| Web Server | Web Server (IIS) | Web-Server |
| Internet Information Services | Web-WebServer | |
| Common HTTP Features | Web-Common-Http | |
| Static Content | Web-Static-Content | |
| Default Document | Web-Default-Doc | |
| Directory Browsing | Web-Dir-Browsing | |
| HTTP Errors | Web-Http-Errors | |
| HTTP Redirection | Web-Http-Redirect | |
| Application Development | Web-App-Development | |
| ASP.NET | Web-Asp-Net | |
| .NET Extensibility | Web-Net-Ext | |
| ASP | Web-ASP | |
| CGI | Web-CGI | |
| ISAPI Extensions | Web-ISAPI-Ext | |
| ISAPI Filters | Web-ISAPI-Filter | |
| Server Side Includes | Web-Includes | |
| Health and Diagnostics | Web-Health | |
| HTTP Logging | Web-Http-Logging | |
| Logging Tools | Web-Log-Libraries | |
| Request Monitor | Web-Request-Monitor | |
| Tracing | Web-Http-Tracing | |
| Custom Logging | Web-Custom-Logging | |
| ODBC Logging | Web-ODBC-Logging | |
| Security | Web-Security | |
| Basic Authentication | Web-Basic-Auth | |
| Windows Authentication | Web-Windows-Auth | |
| Digest Authentication | Web-Digest-Auth | |
| Client Certificate Mapping Authentication | Web-Client-Auth | |
| IIS Client Certificate Mapping Authentication | Web-Cert-Auth | |
| URL Authorization | Web-Url-Auth | |
| Request Filtering | Web-Filtering | |
| IP and Domain Restrictions | Web-IP-Security | |
| Performance | Web-Performance | |
| Static Content Compression | Web-Stat-Compression | |
| Dynamic Content Compression | Web-Dyn-Compression | |
| Management Tools | Web-Mgmt-Tools | |
| IIS Management Console | Web-Mgmt-Console | |
| IIS Management Scripts and Tools | Web-Scripting-Tools | |
| Management Service | Web-Mgmt-Service | |
| IIS 6 Management Compatibility | Web-Mgmt-Compat | |
| IIS 6 Metabase Compatibility | Web-Metabase | |
| IIS 6 WMI Compatibility | Web-WMI | |
| IIS 6 Scripting Tools | Web-Lgcy-Scripting | |
| IIS 6 Management Console | Web-Lgcy-Mgmt-Console | |
| FTP Publishing Service | Web-Ftp-Publishing | |
| FTP Server | Web-Ftp-Server | |
| FTP Management Console | Web-Ftp-Mgmt-Console | |
| Active Directory Federation Services | ADFS | None |
| Federation Service | ADFS-Federation | |
| Federation Service Proxy | ADFS-Proxy | |
| Web Agents | ADFS-Web-Agents | |
| Claims-aware Agent | ADFS-Claims | |
| Windows Token-based Agent | ADFS-Windows-Token | |
| Active Directory Lightweight Directory Services | Formerly ADAM | ADLDS |
| Application Server | Application Server | Application-Server |
| Application Server Core | AS-AppServer-Core | |
| Web Server Support | AS-Web-Support | |
| COM+ Network Access | AS-Ent-Services | |
| TCP Port Sharing | AS-TCP-Port-Sharing | |
| Windows Process Activation Service Support | AS-WAS-Support | |
| HTTP Activation | AS-HTTP-Activation | |
| Message Queuing Activation | AS-MSMQ-Activation | |
| TCP Activation | AS-TCP-Activation | |
| Named Pipes Activation | AS-Named-Pipes | |
| Distributed Transaction Support | AS-Dist-Transaction | |
| Incoming Remote Transactions | AS-Incoming-Trans | |
| Outgoing Remote Transactions | AS-Outgoing-Trans | |
| WS-Atomic Transaction Support | AS-WS-Atomic | |
| Active Directory Certificate Services | Active Directory Certificate Services | N/A |
| Certification Authority | ADCS-Cert-Authority or AD-Certificate | |
| Online Certificate Status Protocol | ADCS-Online-Cert | |
| Fax Server | Fax Server | Fax |
| Network Policy and Access Services | Network Policy and Access Services | NPAS |
| Network Policy Server | NPAS-Policy-Server | |
| NPAS Routing and Remote Access Services | NPAS-RRAS-Services | |
| Remote Access Service | NPAS-RRAS | |
| Routing | NPAS-Routing | |
| Health Registration Authority | NPAS-Health | |
| Windows Deployment Services | Windows Deployment Services | WDS |
| Hyper-V | Hyper-V | Hyper-V |
| Failover Clustering | Failover Clustering | Failover-Clustering |
| Network Load Balancing | Network Load Balancing | NLB |
| Desktop Experience | Desktop Experience | Desktop-Experience |
| .NET Framework 3.0 Features | .NET Framework 3.0 Features | NET-Framework |
| .NET Framework 3.0 | .NET Framework 3.0 | NET-Framework-Core |
| XPS Viewer | XPS Viewer | NET-XPS-Viewer |
| Windows Communication Foundation Activation Components | Windows Communication Foundation Activation Components | NET-Win-CFAC |
| HTTP Activation | HTTP Activation | NET-HTTP-Activation |
| Non-HTTP Activation | Non-HTTP Activation | NET-Non-HTTP-Activ |
| Windows System Resource Manager | Windows System Resource Manager | WSRM |
| Wireless Networking | Wireless Networking | Wireless-Networking |
| Windows Server Backup | Windows Server Backup | Backup |
| WINS Server | WINS Server | WINS-Server |
| Remote Assistance | Remote Assistance | Remote-Assistance |
| Simple TCP/IP Services | Simple TCP/IP Services | Simple-TCPIP |
| Telnet Client | Telnet Client | Telnet-Client |
| Telnet Server | Telnet Server | Telnet-Server |
| Subsystem for UNIX-based Applications | Subsystem for UNIX-based Applications | Subsystem-UNIX-Apps |
| RPC over HTTP Proxy | RPC over HTTP Proxy | RPC-over-HTTP-Proxy |
| SMTP Server | SMTP Server | SMTP-Server |
| LPR Port Monitor | LPR Port Monitor | LPR-Port-Monitor |
| Storage Manager for SANs | Storage Manager for SANs | Storage-Mgr-SANS |
| BITS Server Extensions | BITS Server Extensions | BITS |
| Message Queuing | Message Queuing | MSMQ |
| Message Queuing Services | MSMQ-Services | |
| Message Queuing Server | MSMQ-Server | |
| Directory Service Integration | MSMQ-Directory | |
| Message Queuing Triggers | MSMQ-Triggers | |
| HTTP Support | MSMQ-HTTP-Support | |
| Multicasting Support | MSMQ-Multicasting | |
| Routing Service | MSMQ-Routing | |
| Windows 2000 Client Support | MSMQ-Win2000 | |
| Messaging Queue DCOM Proxy | MSMQ-DCOM | |
| Windows Process Activation Service | Windows Process Activation Service | WAS |
| Process Model | WAS-Process-Model | |
| .NET Environment | WAS-NET-Environment | |
| Configuration APIs | WAS-Config-APIs | |
| Windows Internal Database | Windows Internal Database | Windows-Internal-DB |
| BitLocker Drive Encryption | BitLocker Drive Encryption | BitLocker |
| Multipath I/O | Multipath I/O | Multipath-IO |
| Internet Storage Naming Server | Internet Storage Naming Server | ISNS |
| Removable Storage Manager | Removable Storage Manager | Removable-Storage |
| TFTP Client | TFTP Client | TFTP-Client |
| SNMP Services | SNMP Services | SNMP-Services |
| SNMP Service | SNMP-Service | |
| SNMP WMI Provider | SNMP-WMI-Provider | |
| Services for Network File System | Services for Network File System | NFS-Services |
| Internet Printing Client | Internet Printing Client | Internet-Print-Client |
| Peer Name Resolution Protocol | Peer Name Resolution Protocol | PNRP |
| Connection Manager Administration Kit | Connection Manager Administration Kit | CMAK |
| Remote Server Administration Tools | Remote Server Administration Tools | RSAT |
| Role administration tools | RSAT-Role-Tools | |
| Active Directory Certificate Services Tools | RSAT-ADCS | |
| Active Directory Domain Services Tools | RSAT-ADDS | |
| Active Directory Domain Controller Tools | RSAT-ADDC | |
| Server for NIS Tools | RSAT-SNIS | |
| Active Directory Lightweight Directory Services Tools | RSAT-ADLDS | |
| Active Directory Rights Management Services (AD RMS) Tools | RSAT-RMS | |
| DHCP Server Tools | RSAT-DHCP | |
| DNS Server Tools | RSAT-DNS | |
| Fax Server Tools | RSAT-Fax | |
| DFS Management Console Tools | RSAT-DFS-Mgnt-Con | |
| File Server Resource Manager Management Console Tools | RSAT-FSRM-Mgnt | |
| Hyper-V Tools | RSAT-Hyper-V | |
| Services for Network File System Tools | RSAT-NFS-Admin | |
| File Services Tools | RSAT-File-Services | |
| Network Policy and Access Services Tools | RSAT-NPAS | |
| Health Registration Authority Tools | RSAT-HRA | |
| Network Policy Server Tools | RSAT-NPS | |
| Print Services Tools | RSAT-Print-Services | |
| Web Server (IIS) Tools | RSAT-Web-Server | |
| Terminal Services Tools | RSAT-TS | |
| TS RemoteApp Tools | RSAT-TS-RemoteApp | |
| TS Gateway Tools | RSAT-TS-Gateway | |
| TS Licensing Tools | RSAT-TS-Licensing | |
| UDDI Services Tools | RSAT-UDDI | |
| Feature administration tools | RSAT-Feature-Tools | |
| BitLocker Drive Encryption Tools | RSAT-BitLocker | |
| BITS Server Extensions Tools | RSAT-BITS-Server | |
| Failover Clustering Tools | RSAT-Clustering | |
| Network Load Balancing Tools | RSAT-NLB | |
| SMTP Server Tools | RSAT-SMTP | |
| Windows Deployment Services Tools | RSAT-WDS | |
| WINS Server Tools | RSAT-WINS | |
| Hyper-V Tools | RSAT-Hyper-V | |
| Windows PowerShell | Windows PowerShell | PowerShell |
| Group Policy Management | Group Policy Management | GPMC |
| Quality Windows Audio Video Experience | Quality Windows Audio Video Experience | Qwave |
servermanagercmd -install TS-TerminalServer
Terminal Services options
Windows 2008 Servers supports license management from the command line, using slmgr.vbs. With it you can see how much time you have left on an eval, add or uninstall licenses and much more. The name of the tool is actually Windows Software Licensing Management Tool. It is a visual basic script used to configure licensing on any Windows 2008 Server – either the full version or the core version. To see what slmgr.vbs can do, you can simply open a Windows command prompt (with cmd.exe) and type:
slmgr.vbs /?
Figure 1: Help window for slmgr.vbs
This displays a help window that will show you all the slmgr.vbs options. Here are the various tasks you can perform with slmgr.vbs:
Here are some examples of how Windows 2008 slmgr.vbs can be used.
If you are evaluating Windows Server 2008, you should know that license activation is not required. An evaluation version of Windows Server 2008 will work for 60 days. While many admins do not know it, you can “re-arm” that evaluation period for another 60 days, three times over. Thus, you could evaluate Windows 2008 Server for a total of 240 days, or about 8 months.
You can re-arm this evaluation of Windows 2008 using slmgr.vbs. To do this, just type:
slmgr.vbs –rearm
Figure 2: Results after rearming your Win 2008 evaluation copy for another 60 days.
To see how much time you have left in your current evaluation period, just type:
slmgr.vbs –xpr
Figure 3: Results of xpr command, showing the date and time that the license grace period for Win 2008 expires.
Microsoft has a knowledgebase document on how to automatically extend the evaluation of licensing with a script. By implementing this script, you could use Windows Server 2008 for the full 240 days without having to do anything. For more information on that, please see Microsoft KB 948472.
To get more detailed information than just the expiration date (given by the xpr command), you can use the dli or dlv options. Here is what their output looks like:
Figure 4: slmgr.vbs –dli output showing license information.
As you can see in the –dli option output, there is more information on the version of Win 2008 you are running, the license status, time renaming (down to the second), and all about the key management server.
Figure 5: slmgr.vbs –dlv output showing detailed license information
With the –dlv option, there is even more detailed information about the current state of your licenses.
In Windows Server Core, with only a command prompt, you are forced to use slmgr.vbs to activate your Core server from the command line. Thus, it is much more critical to know how to use slmgr.vbs if you are using Windows Server Core. Still, every Admin, in my opinion, should know the basics of using it.
Let’s assume that you entered a product key during the installation of Windows 2008 Server Core. To activate your OS, just type:
slmgr.vbs –ato
If you do not have networking configured, or you get another error, you will get a window that says something like this:
Figure 6: Error from slmgr license activation
If you did not enter a product key during the install process, you can enter one with slmgr.vbs at the command line with:
slmgr.vbs –ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
From there, you can attempt the auto activation again.
Figure 7: Successful activation of Windows 2008 with slmgr.vbs
If you are successful you should see the “product activated successfully” window, as displayed in Figure 7.
Just enter the machinename, username, and password between the slmgr command and the options, like this:
slmgr.vbs <ServerName> administrator <Password> -xpr
In Internet Information Services 7 Microsoft changed the default log files location.
IIS 7 Log files location
%SystemDrive%inetpublogsLogFiles
IIS 6 Log files location
%windir%System32LogFiles
The new FTP Publishing Service 7.5 has been rewritten for Windows Server 2008 and lot of new futures and additions included. (Integration with IIS 7, FTP over SSL (from v7.0), Improved Logging, etc..)
Prerequisites
1. Internet Information Services 7.0 installed.
2. Windows Server 2008 or Vista.
3. Download FTP Publishing Service 7.5
4. Create a folder for FTP Publishing Service and allow Full access for Administrators
In case we want to add access to specific backup user we can use the following command”
Permissions:
R Read
W Write
C Change (write)
F Full control
Installation
Before installing FTP Publishing Service 7.5 over IIS 7.0 be sure that you uninstall any previous versions of FTP Publishing Service.
Creating the Certificate
After the installation finishes we open Internet Information Services 7.0 Manager and we select Server Certificates to create a self-signed SSL certificate. Another option is to create a certificate request to process with a 3rd party SSL provider which is recommended for production systems as they are from a trusted root.
Click on Create Self-Signed Certificate…
Specify a certificate name and click OK:
Creating the FTP Site
Right click the Sites node in the tree and click Add FTP Site…
On the Add FTP Site wizard add the FTP site name and select the path we created in the prerequisites and click Next.
On the next page of the wizard we click the Require SSL option and we choose our SSL Certificate then we click Next.
On the next page of the wizard we select Basic for Authentication and on Allow access to we select specified users and we define our backup ftp account with read and write permissions then we click on Finish. In case we want to allow anonymous ftp connections select Anonymous authentication and on Permissions we select the Read.
Configure the Firewall
If we are behind a firewall we should configure the FTP Firewall Support under Internet Information Services Manager and configure our firewall ports to accept passive connections on the ports we specify. In case we want to use dynamic port range under Data Channel Port Range we enter port range “0-0?.
Configure the FTP Client (FileZilla for example)
Configure FTP Client to connect to our FTP Site using FTP over explicit TLS/SSL.
Troubleshooting
In case you get “534 Local policy on server does not allow TLS secure connections.” error this is because we need to select an SSL certificate at the Server Level.
