Archive for May 2, 2010

In most network environments, it’s a good idea to document the reasons for shutting down or restarting computers. With unplanned shutdowns, you can document the shutdown in the computer’s system log by expanding the syntax to include the following parameters:

/e /c "UnplannedReason" /d MajorCode:MinorCode

where /C “UnplannedReason” sets the detailed reason (which can be up to 127 characters in length) for the shutdown or restart, and /D MajorCode:MinorCode sets the reason code for the shutdown. Reason codes are arbitrary, with valid major codes ranging from 0 to 255 and valid minor reason codes ranging from 0 to 65,535. Consider the following example:

shutdown /r /e /m \\Mailer1 /c "System Reset" /d 5:15

In this example, you are restarting MAILER1 and documenting the reason for the unplanned restart as a “System Reset” using the reason code 5:15.

With planned shutdowns and restarts, prefix the reason codes with p: to indicate a planned shutdown, as shown here:

/e /c "PlannedReason" /d p:MajorCode:MinorCode

For instance, consider the following code:

shutdown /r /e /m \\Mailer1 /c "Planned Application Upgrade" /d p:4:2

With remote systems, you need to specify the UNC name or IP address of the system you want to shut down or restart using the /M parameter. Thus, the basic syntax for shutdown, restart, and cancel delayed shutdown become

Shutdown remote system:

shutdown /s /t ShutdownDelay /l /f /m \\System

Restart remote system:

shutdown /r /t ShutdownDelay /l /f /m \\System

Cancel delayed shutdown of remote computer:

shutdown /a /m \\System

In this example, MAILER1 is restarted after a 30-second delay:

shutdown /r /t 30 /m \\Mailer1

In this example, the system with the IP address 192.168.1.101 is restarted immediately and running applications are forced to stop running:

shutdown /r /f /m \\192.168.1.101

On a local system, you can manage shutdown and restart using the following commands:

Shutdown local system:

shutdown /s /t ShutdownDelay /l /f

Restart local system:

shutdown /r /t ShutdownDelay /l /f

Cancel delayed shutdown of local computer:

shutdown /a

where /T ShutdownDelay is used to set the optional number of seconds to wait before shutdown or restart, /L optionally logs off the current user immediately, and /F optionally forces running applications to close without warning users in advance. In this example, the local system is restarted after a 60-second delay:

shutdown /r /t 60

As an administrator, you’ll often have to start, stop, or pause Windows services. The related SC commands and their syntaxes are

Start a service:

sc start ServiceName

Pause a service:

sc pause ServiceName

Resume a paused service:

sc continue ServiceName

Stop a service:

sc stop ServiceName

where ServiceName in each case is the abbreviated name of the service you want to work with, such as

sc start w3svc

As with all SC commands, you can also specify the name of the remote computer whose services you want to work with. For example, to start the w3svc on MAILER1, you would use the following command:

sc \\Mailer1 start w3svc

The state listed in the results should show START_PENDING. With stop, pause, and continue you’ll see STOP_PENDING, PAUSE_PENDING, and CONTINUE_PENDING respectively as well. If an error results, the output states FAILED and error text is provided to describe the reason for the failure in more detail. If you are trying to start a service that is already started, you’ll see the error

An instance of the service is already running.

If you are trying to stop a service that is already stopped, you’ll see the error

The service has not been started.

To delete subkeys and values from the Windows registry, use REG delete. REG delete has several different syntaxes. If you want to delete a subkey and all subkeys and entries under the subkey, use the following syntax:

reg delete KeyName

where KeyName is the name of the subkey you want to delete. Although the subkey path can include the UNC name or IP address of a remote computer, a remote source subkey can use only the HKLM or HKU root keys. Consider the following example:

reg delete \\Mailer1\HKLM\SYSTEM\CurrentControlSet\Services\DNS2

Here you delete the DNS2 subkey and all subkeys and entries under the subkey on MAILER1.

If you want to limit the scope of the deletion, specify that only a specific entry under the subkey should be deleted using the following syntax:

reg delete KeyName /v ValueName

where KeyName is the name of the subkey you want to work with and ValueName is the name of the specific entry to delete. As before, the subkey path can include the UNC name or IP address of a remote computer. However, a remote source subkey can use only the HKLM or HKU root keys. In this example, you delete the Description entry for the DNS2 subkey on MAILER2:

reg delete \\Mailer2\HKLM\SYSTEM\CurrentControlSet\Services\DNS2 /v 
Description

Using REG copy, you can copy a registry entry to a new location on a local or remote system. The basic syntax for REG copy is

reg copy KeyName1 KeyName2

where KeyName1 is the path to the subkey you want to copy and KeyName2 is the path to the subkey destination. Although the subkey paths can include the UNC name or IP address of a remote computer, REG copy is limited in scope with regard to which root keys you can use when working with remote source or destination keys, as follows:

  • A remote source subkey can use only the HKLM or HKU root keys.
  • A remote destination subkey can use only the HKLM or HKU root keys.

In the following example, you copy the DNS subkey on the local system to the DNS subkey on MAILER2:

reg copy HKLM\SYSTEM\CurrentControlSet\Services\DNS
    \\Mailer2\HKLM\SYSTEM\CurrentControlSet\Services\DNS

By adding the /S parameter, you can copy the specified subkey as well as all subkeys and key entries under the specified subkey. In this example, the DNS subkey and all related subkey and values are copied:

reg copy HKLM\SYSTEM\CurrentControlSet\Services\DNS
    \\Mailer2\HKLM\SYSTEM\CurrentControlSet\Services\DNS /s

If values exist at the destination path, REG copy will prompt you to confirm that you want to overwrite each existing value. Press Y or N as appropriate. You can also press A to overwrite all existing values without further prompting.


To add subkeys and values to the Windows registry, use REG add. The basic syntax for creating a key or value is

reg add KeyName /v ValueName /t DataType /d Data

where KeyName is the name of the key you want to examine, ValueName is the subkey or key value to create, DataType is the type of data, and Data is the actual value you are inserting. That seems like a lot of values, but it is fairly straightforward. Consider the following example:

reg add HKLM\SYSTEM\CurrentControlSet\Services\DNS /v DisplayName
/t REG_SZ /d “DNS Server”

Here, you add a key value called DisplayName to the DNS key in the registry. The key entry is a string with the “DNS Server” value. Note the double-quotation marks. The quotation marks are necessary in this example because the string contains a space.

When you set expandable string values (REG_EXPAND_SZ), you must use the caret (^) to escape the percent symbols (%) that designate the environment variable you use. Consider the following example:

reg add HKLM\SYSTEM\CurrentControlSet\Services\DNS /v ImagePath
/t REG_EXPAND_SZ /d ^%SystemRoot^%\System32\dns.exe

Here, you enter ^%SystemRoot^% so that the SystemRoot environment variable is properly entered and interpreted.

When you set non-string values, you don’t need to use quotation marks, as shown in this example:

reg add HKLM\SYSTEM\CurrentControlSet\Services\DNS /v ErrorControl
/t REG_DWORD /d 0x00000001