Партнерка на США и Канаду по недвижимости, выплаты в крипто
- 30% recurring commission
- Выплаты в USDT
- Вывод каждую неделю
- Комиссия до 5 лет за каждого referral
The syntax for the Netdom. exe utility is as follows:
netdom command object [/D:domain] [options]
NOTE
This command should be used only by the most knowledgeable system administrator. We recommend that you use the graphical Active Directory snap-in tools while gaining familiarity with Windows Server 2003 domains. The options available for this utility are expansive. If you use it, refer to the published information supplied for the Netdom Resource Kit Support Tool.
NLTEST. EXE—NETWORK DOMAIN TEST
The Nltest. exe utility identifies domain controllers and trust relationships. It can also be used to force a shutdown and to synchronize Windows NT 4.0 user accounts. The syntax is as follows:
nltest [option] ...
PMON. EXE—PROCESS MONITOR
The Pmon. exe tool launches the Process Monitor, which examines processes to identify problems like memory leaks. Chapter 2 has more information on process monitoring.
PVIEWER. EXE—PROCESS VIEWER
The Pviewer. exetool launches the Process Viewer. It is used to view processes and identify problems such as memory leaks. See Chapter 2 for more information on process monitoring.
REPADMIN. EXE—REPLICATION DIAGNOSIS TOOL
The Repadmin. exe command-line utility permits the administrator to view the replication topology (also called RepsFrom and RepsTo) from each domain controller and can be used to manually create the replication topology. The syntax is as follows:
repadmin command arguments [/u:[domain\]user /pw:{password|*}]
Table A.88. Nltest. exe Parameters | |
Option | Description |
/SERVER:ServerName | Directs nltest to a specified remote computer. |
/QUERY | Verifies the health of the named Servername domain controller. |
/REPL | Forces a partial replication on the local system or the Servername. |
/SYNC | Forces a full replication on the local system or the Servername. |
/SC_QUERY:DomainName | Verifies the secure channel. |
/SC_RESET:DomainName | Resets the secure channel between Windows 2003 computers. |
/DCLIST:DomainName | Lists all domain controllers—Windows 2000/.NET, PDC, and BDC. |
/TRANSPORT_NOTIFY | Notifies of a new transport. |
/USER:UserName | Displays user account attributes. |
/LOGON_QUERY | Outputs the cumulative number of logon attempts. |
/PARENTDOMAIN | Identifies the parent domain. |
/BDC_QUERY:DomainName | Identifies all domain BDCs and their current state of replication. |
/SHUTDOWN:Reason [Seconds] | Shuts down in the specified time period. |
/SHUTDOWN_ABORT | Aborts the shutdown command. |
Here command represents one of the commands listed in Table A.89, and arguments specifies the command's arguments.
REPLMON. EXE—REPLICATION MONITOR
The Replmon. exe utility launches the graphical Replication Monitor snap-in tool, which provides a view of Active Directory replication status and topology. It can also be used to force replication, as discussed in Chapter 6.
RSDIAG. EXE—REMOTE STORAGE DIAGNOSIS TOOL
The Rsdiag. exe command-line utility is used to view diagnostic information about jobs, managed NTFS volumes, removable media, and other remote storage data (see Table A.90). The syntax is
rsdiag [/c jobname] [/d filetype fullpath&filename] [/e errorcode]
[/i] [/j [jobname]] [/m] [/r [/f]] [/s] [/t] [/v [driveletter]]
[/x queuedrecall] [/w fullpath&filename]
SDCHECK. EXE—SECURITY DESCRIPTOR CHECK UTILITY
The Sdcheck. exe command-line tool outputs the security descriptor for any Active Directory object stored (see Table A.91). This descriptor contains the object's ACL.
Table A.89. Repadmin. exe Parameters | |
Option | Description |
/u:[domain\]user | Sets an optional user as the administrator. |
/pw:{password|*} | Sets the password for the alternative administrator set with the /u option. |
/sync name-context DestDC DSA_UUID [/force] [/async] [/full] [/addref] [/allsources] | Starts the replication with following options: /force— overrides the normal replication schedule. /async— starts the replication but does not wait for the replication event to complete. /full— forces a full replication of all objects. /addref— Adds a notification entry for this destination if one does not exist. /allsources— Syncs the destination with all sources instead of just one. |
/showreps [Naming_Context] [DSA [SourceDCUUID]] [/verbose] [/unreplicated] [/nocache] | Outputs the replication partners. |
/showmeta Object_DN [DSA] [/nocache] | Shows the metadata for Active Directory objects. |
/? | Outputs all optional commands. |
The syntax for Sdcheck. exe utility is as follows:
sdcheck Server Object [-dumpSD] [-dumpAll] [-debug] [[-domain:
DomainName] - user: UserName - password: Password] [/?]
SECEDIT COMMAND
secedit /refreshpolicy has been replaced with gpupdate (see page 769).
Analyzes security settings comparing settings in the specified database with the systems current security settings. The results may be viewed in the Security Configuration and Analysis snap-in. The syntax is
secedit /analyze /db filename. sdb [/cfg filename] [/overwrite]
[/log filename] [/quiet]
Configures local security policy settings by applying the stored database settings. The syntax is
secedit /configure /db filename [/cfg filename ] [/overwrite]
[/areas area1 area2...] [/log filename] [/quiet]
Table A.90. Rsdiag. exe Parameters | |
Option | Description |
/c jobname | Cancels the specified job. |
/d filetype fullpath&filename | Converts the database to a text file. The file type identifies the source file type from among the following (fullpath&filename must include the full path): e— Engine database f— File System Agent database a— File System Agent collection n— Engine collection s— Subsystem collection |
/i | Identifies the version data. |
/j [jobname] | Specifies the job to be output. If not specified, all jobs are output. |
/m | Displays the volumes that can be managed. |
/s | Outputs physical storage information. |
/t | Loads the trace files. |
/v [driveletter] | Displays extended information about the specified drive. |
Table A.91. Sdcheck. exe Parameters | |
Option | Description |
-dumpSD | Outputs the security descriptor of the specified object only. |
-dumpSD | Outputs the security descriptor of the object and its parents. |
-domain: DomainName | Specifies the domain for the object. |
-user: UserName | Specifies a user other than the one currently logged on. |
-password: Password | Identifies the password for the specified user. |
Export security settings stored in the database. The syntax is
secedit /export [/DB filename] [/tablename] [/CFG
filename] [/areas area1 area2...]
[/log filename] [/quiet]
Import a security template into the named database. The syntax is
secedit /import /db filename. sdb /cfg filename. inf [/overwrite]
[/areas area1 area2...]
[/log filename] [/quiet]
Validates security temple syntax. Enter
secedit /validate filename
Creates a rollback template with respect to a configuration template. When applying a configuration template to a computer, you have the option of creating rollback template which, when applied, resets the security settings to the values before the configuration template was applied. The syntax is
secedit /GenerateRollback /CFG filename. inf /RBK
SecurityTemplatefilename. inf [/log Rollbackfilename. inf] [/quiet]
Option | Qualifier | Description |
/db | filename | Database used to perform the security configuration. |
/overwrite | Filename | Database is deleted prior to importing the security template. Without this parameter, security settings are accumulated into the database, giving priority to template settings where conflicts occur. |
/areas | area1 area | Security setting areas to be applied to the system. If not specified, all security settings defined in the database are applied to the system. To configure multiple areas, separate each area by a space. The following areas are supported: SECURTY POLICY, GROUP_MGMT, USER_ RIGHTS, REGKEYS, FILESTORE, and SERVICES. |
/log | filename | File to log the status of the configuration process. The default file isscesrv. log is located in the %windir%\security\logs directory. |
/quiet | Configuration takes place without prompting the user. | |
/CFG | filename | Security template name. |
/RBK | filename | Rollback template name. |
SIDWALK. EXE—SID WALK
The Sidwalk. exe command-line utility takes a mapping file as input and scans its ACLs in the Registry, file system, file and print shares, and local group membership. The mapping file can be used for Sidwalk conversion on multiple computers.
The syntax for this utility is as follows:
sidwalk profile_file [profile_file...] [/t] [/f [path]] [/r] [/s] [/p]
[/g] [/l file] [/?]
Table A.92. Sidwalk. exe Parameters | |
Option | Description |
/l file | Creates a converter file as named. |
/f [path] | Scans all directories unless the path is set, then only the subtree directories are scanned. |
/g | Scans local groups. |
/p | Scans shared printers. |
/r | Scans the Registry. |
/s | Scan all shares. |
/t | Performs a test or dry run. |
Table A.93. Tlist. exe Parameters | |
Option | Description |
-m pattern | Lists all processes with associated DLLs. |
-p processname | Outputs the PID for the specified process. |
-s | Outputs the services associated with a process. |
-t | Outputs a process tree. |
SNMPUTILG. EXE—SNMP UTILITY TOOL
The Snmputilg. exe utility invokes the graphical SNMP Utility Tool and is used in conjunction with the older SNMP Browser Tools (Snmputil. exe.) to manage SNMP network elements.
TLIST. EXE—TASK LIST VIEWER
The Tlist. exe command-line utility lists currently executing processes (tasks) and outputs information such as the process identification number (PID) and process name. Its syntax is
tlist [pid] [pattern] [-m pattern] [-p processname] [-s] [-t]
POSTSCRIPT
This appendix provides an overview of the most frequently used utilities available under Windows 2000 and Windows Server 2003. Our selection was based on feedback from system administrators who reviewed early versions of the book. A special note of appreciation is made to Ellen Beck Gardner for her help in compiling the command descriptions.
Glossary
Account lockout
Based on the lockout security policy, a user will be denied access, or locked out, after a predefined number of failed logon attempts. The duration of the lockout is also set in the lockout security policy.
ACE (access control entry)
An entry in the access control list (ACL) that includes a security ID (SID) and an access rights list. When the SID is matched, access rights are granted or denied.
ACL (access control list)
An object's owner controls whether access to the object is allowed or disallowed. For this purpose, each object has an ACL that comprises access control entries (ACE). Also known as the discretionary access control list (DACL), the ACL is the portion of the security descriptor that enforces permissions associated with an object. (The other components of the security descriptor are the object's creator [otherwise known as its owner], its group [a POSIX compliance element that relates to the "primary group"], and the system access control list, or SACL, which regulates auditing.)
ACPI (Advanced Configuration and Power Interface)
An industry power management specification used by Windows 2000 Plug and Play hardware management.
ACS (Admission Control Service)
The part of the Quality of Service (QoS) network management feature that defines who shares shared network resources and how they are used. It also regulates subnet bandwidth.
Active Directory services
Microsoft Corporation's advanced directory service that is shipped with Windows 2000 Server versions. See Chapters 5 and 6 for information about directory concepts and Active Directory's capabilities.
Active partition
The partition from which the operating system starts; it must be the primary partition on a basic disk. On Windows 2000 systems, the active partition can also be the system volume. If Windows 2000 is dual-booted with earlier Microsoft operating systems, all start-up files for both operating systems must reside on the active partition.
ActiveX
An umbrella term for Microsoft technologies that permit applications developers to create Web-interactive content.
Adapter card
A printed circuit board or hardware chip set that permits network connections between computers. Also known as a network card.
Address
A DNS resource record that maps the domain name to an IP address.
Address classes
Three levels of address class exist based on IP numbers: A, B, and C. For additional information, see Chapter 12.
Address pool
The group or collection of scoped addresses available for license by a DHCP Server.
Address Resolution Protocol (ARP)
As part of the TCP/IP suite, this protocol provides resolution between IP and MAC addresses.
Administrator
As defined by Windows 2000, a member of the Administrators group, with full control over a specific computer or domain.
ADSI (Active Directory Service Interface)
An API that permits applications on Windows 9x, Windows NT, and Windows 2000 to interface with networked directory services.
Agent
A computer or network device that runs SNMP (the Simple Network Management Protocol) and provides information about its location and configuration.
API (Application Programming Interface)
A routine that can be called by an application to carry out requests of other applications or the operating system. An example is the display-handling routines available from the Win32 API.
AppleTalk
The default network protocol for Apple Macintosh computer systems. Windows 2000 Server provides connectivity to AppleTalk clients.
Asymmetric encryption
A system of encryption that uses mathematically related public and private encryption keys. The private key remains confidential; the public key is passed out freely. To encrypt a message, a sender uses the receiver's public key. The receiver can then decrypt the message with the corresponding private key.
Asynchronous communication
Transmission of data at irregular intervals. Start and stop bits signal when each character has been received.
ATM (asynchronous transfer mode)
A communication protocol that transmits fixed-length 53-byte packets. It is generally viewed as a rapid method of data communication.
Attribute
In terms of files, designation of a file as read-only, archival, encrypted, or compressed. In terms of Active Directory schema, definition of the features of the object class.
Auditing
A means of tracking the activities of system and user behavior.
Authentication
The process of matching a user's logon name and password against Windows 2000 security files. For standalone computers, it is carried out on the local system. For network logon, it is conducted by an Active Directory domain controller.
Authoritative restore
A form of object resolution used by the Backup tool in which specified objects are replaced.
Backup media pool
Defined by the Backup tool, the hardware devices dedicated to storage.
Backup Operators
A predefined user group whose members have authority to perform backup of data regardless of the object's attribute.
Bandwidth
In digital communications terms, the bits-per-second (bps) transfer rate. In analog communications, a range between high and low frequencies.
Basic disk
The hard drive that contains the primary partition, extended partitions, and logical drives. It can also access MS-DOS.
Basic volume
A storage method used by Windows NT 4.0 or earlier systems.
Batch program
A form of a text-based (ASCII) script that invokes other applications or batch programs. It uses the extension. cmd or. bat.
BDC (Backup Domain Controller)
Used by Windows NT Server 4.0 or earlier as a subordinate domain controller to the Primary Domain Controller, the BDC contains read-only copies of information such as the domain's security account manager (SAM). It is used in a Windows 2000 domain when the domain is configured in mixed mode.
BIND (Berkeley Internet Name Domain)
A version of DNS ported to most variants of UNIX.
BIOS (basic input/output system)
The system used in personal computers to check hardware, for basic operating system startup, and to initiate data communications. It is stored in Read-Only Memory (ROM).
Bit (binary digit)
The smallest unit of information used by personal computers. It is expressed as a 1 or 0 to designate true or false.
Bits per second (bps)
A measure of communication speed based on character transfer. A character is defined as 8 bits. In a typical asynchronous environment, an additional start and stop bit is added.
Boot
The process of starting or resetting a computer's operating system.
Boot files
Files required to initiate a Windows 2000 operating system, for example, Ntldr and .
Boot logging
A process that occurs automatically with system startup and saves information regarding boot activities. It is stored in the root directory as an ASCII file called Ntldr. txt.
Boot partition
The location of Windows 2000 operating system and support files. It has to be located in the same partition used for initial booting that contains Ntldr and .
BOOTP (Bootstrap Protocol)
Part of the TCP/IP used by diskless workstations or devices like network printers.
Browser
An application that interprets HTTP communications and displays HTML output from the Internet or an intranet.
Built-in groups
Shipped by default with Windows 2000 to incorporate a standard set of rights, these groups are provided so that rights can be easily applied to user accounts.
CA (certification authority)
The issuer of digital certificates or the corporate authority that establishes and verifies public keys. See Chapter 10 for additional information about the public key infrastructure and Microsoft's implementation of CA.
Cache
A local store of data commonly used by programs like DNS.
Callback number
Defined by the end user or the administrator, the number the server will call to connect with a remote client. It is often used for roaming users who want to limit hotel toll costs while connected to the home office server.
Canonical name
An object's distinguished name that is output without LDAP attribute tags such as DC= or CN=.
CDFS (Compact Disk File System)
A protected-mode file system used for CD-ROM storage and access.
Certificate
A certificate binds an encryption key with encrypted data. Certificates are digitally signed by certificate authorities.
CGI (Common Gateway Interface)
A server-based script that initiates services, it is commonly used in association with Web services.
Child domain
Part of a domain hierarchical tree. It shares the domain namespace, Global Catalog, and schema with all other domains in the tree. For example, if the child domain is called "sales" in the domain, its name is sales. .
Child object
An object nested within a parent object.
Client
Any system connected to or requesting services from another computer. That other computer is known as a server. At any given time, a computer can be a client or a server.
Cluster
A group of computers that share a workload and perform redundant fault tolerance. If a member of a cluster fails, another member will assume the workload in a process known as failover.
Cluster Services
The software component that manages cluster functions.
Cluster-aware application
Applications that conform to the cluster API. Not all applications are designed to work in a cluster environment. For additional information, see Chapter 17.
COM (Component Object Model)
The programming model that permits object interoperability and reusability. Theoretically, COM components can be used by different applications and within varied operating system environments. Microsoft's Object Linking & Embedding (OLE) and ActiveX are based on COM. DCOM (Distributed Component Object Model) is the network variant of COM.
Command prompt
The character-based window in which supported MS-DOS utilities and certain scripts such as batch files are run.
Common groups
The list of groups accessible from the Start menu that are common to all users.
Communication port
The port that permits single-bit asynchronous data transmission. Also known as the serial port.
Community name
The name used to group SNMP devices.
Compact Disk File System (CDFS)
A 32-bit protected-mode file system used for compact disks.
Computer account
Created by the domain administrator, the account that identifies a unique computer in the domain.
CPU time
The total processor time in seconds used by a process.
CPU usage
The percentage of the CPU that is being used. It is shown in the Task Manager.
CRC (cyclical redundancy check)
Checks for errors in data transmission. Each transmission includes data and extra (redundant) error-checking values. CRC is used by communications protocols such as XMODEM and Kermit.
Cryptographic Service Provider (CSP)
Code that performs authentication, encoding, and encryption services. It creates and destroys keys and their utilization. Windows-based applications gain access through the CryptoAPI.
DACL (discretionary access control list)
The part of an object's security descriptor that defines who has permission to use, or is specifically denied access to, an object.
DDE (dynamic data exchange)
A Microsoft implementation of Interprocess Communication (IPC) that permits DDE-enabled applications to share data.
Device driver
A code that communicates between Windows 2000 and hardware such as a modem, network card, and printer. Without it, a device is not recognized by Windows 2000. The Hardware Compatibility List (HCL) lists device drivers shipped with Windows 2000. Other drivers must be obtained from the hardware manufacturer.
Device Manager
Interfacing within the Executive, or kernel, mode of Windows 2000, it is an administrative tool used to control computer devices. It lists device properties and performs updates and further configuration.
Dfs (distributed file system)
The system of shared folders located on different servers that are linked into a single namespace, permitting transparent access to shared folders regardless of their location on the network.
Dfs link
The link from the Dfs root to shared folders or other Dfs roots.
Dfs root
A container for Dfs files and links.
DHCP (Dynamic Host Configuration Protocol)
An industry-standard networking protocol that provides TCP/IP-based networks with the ability to dynamically assign Internet Protocol (IP) addresses and eliminate address conflicts for the defined IP number range.
Dial-up connection
A connection that permits communication from a computer or network through telephone exchanges. It can be made through a modem, ISDN line, or X.25 network.
Differential backup
A backup of all files that have been added or modified since the last scheduled full or incremental backup. It does not set the Archival attribute, thereby marking the files as having been backed up.
Digital signature
The security method that binds the identity of a user to a file or object.
Digital Signature Standard (DSS)
A cryptographic standard that uses the Digital Signature Algorithm (DSA) to generate and verify signatures and SHA-1 as its message hash algorithm. DSA is a public-key cipher used to create digital signatures. It is not employed for data encryption.
|
Из за большого объема этот материал размещен на нескольких страницах:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
