Kix Scripting Links;f=10;t=000019.htm

Miscellaneous Batch Scripting

@ In DOS version 3.3 and later, hides the echo of a batch command. Any output generated by the command is echoed. The at-sign can be prefixed to any DOS command, program name, or batch file name within a batch file.

    examples @ {Seperates sections of the batch file without diplaying the DOS prompt.}

@echo OFF {Hides the echo off report.}
%DIGIT Replaceable batch parameters which are defined by the user when the batch is executed. The parameters are separated by spaces, commas, or semicolons.

%digit {Digit: any digit from 0 to 9. %0 has the value of the batch command as it appears on the command line when the batch is executed. %1 represents the first string typed after the batch commmand. Each occurrence of %digit is replaced by the corresponding string from the batch command line.}
    examples MYBATCH DOC A:
COPY *.%1 %2
{Copies all .DOC files in the default directory to drive A:}
%VARIABLE% Replaces the DOS environment variable name with its environment value.

%variable% {Variable: a string of uppercase characers in the environment associated with a string value. Variable is created in the environment by using SET.}
    examples %PATH% {Returns the value of PATH, the current search path, which is executable.}

echo %PATH% {Displays the value of PATH, the current search path.}

%PROMPT% {Returns the value of PROMPT, the current prompt string, which is executable.}

echo %PROMPT% {Displays the value of PROMPT, the current prompt string.}

echo The current search path is: %PATH% {Displays the message including the current search path.}

set USER=John
if %USER%= =John goto LABEL
{Since the value of USER does equal “John”, the control is transferred to the label, LABEL.}
CALL Loads and executes a batch file from within a batch file as if it were a external command. When a second batch file completes, control is returned to the calling file.

call [drive:][path]filename [batch-parameters]
Before DOS version 3.3:
command /c [drive:][path]filename [batch-parameters]
CLS Clears the video display screen, setting the cursor in the upper left-hand corner.

ECHO Controls whether commands and comments within a batch file are displayed.

echo [ON|OFF|message|.]
    examples echo {Displays echo status}

echo ON {Restores normal display activity.}

echo OFF {Halts display of DOS prompt and commands.}

echo Processing… {Displays “Processing…” on the screen.}

echo %USER% {Displays the value of USER on the screen.}

echo. {Displays a single blank line on the screen.}

echo ^L > prn {Sends an ASCII control-code (form feed) to the printer. Press <Ctrl> plus <L> to type the ^L character.}

echo Y|Del *.* {Answers the DEL “Are you sure” question automatically.}
FOR Repeats the operation of a DOS command for each member of a list. Use CALL to execute a batch file as a command.

for %%argument in (list) do command {Argument: any letter from A to Z. List: a sequence of strings separated by spaces or commas. Wildcards are allowed.}
    examples for %%d in (A,C,D) do DIR %%d *.* {Displays the directories of drives A, C, and D sequentially.}

for %%f in (*.TXT *.BAT *.DOC) do TYPE %%f {Types the contents of all .TXT, .BAT, and .DOC files in the current default directory.}

for %%P in (%PATH%) do if exist %%P*.BAT COPY %%P*.BAT C:BAT {Copies all batch files which exist in any directory on the DOS command search path into the directory C:BAT.}

for %%f in (*.PAS) do call compile %%f {Compiles all .PAS files in the current default directory.}
GOTO Transfers control within a batch file to a line identified by a label. The label must be of the form “:LABEL“.

goto LABEL
IF Tests a condition and executes a command only if the condition is TRUE. But if the NOT modifier is present, the command will be executed only if the condition is FALSE.

if [not] condition command {Condition: errorlevel number; string1= =string2; or exist filename. Command: any DOS command, batch command, batch file name, or program name.}
    examples if [not] errorlevel number command {Errorlevel: an exit code returned by a program or an external command. The following DOS commands return an exit code: BACKUP, RESTORE, FORMAT, REPLACE, and XCOPY. Number: a numerical value (integer) against which the exit code is compared. The condition is TRUE if the exit code returned by the previous program is greater than or equal to number. The condition is FALSE if the exit code is less than number.}

BACKUP C:*.* A: /s
if errorlevel 3 goto TROUBLE
{If the BACKUP command exits with a code of 3 or higher, control will be transferred to the label TROUBLE.}

if errorlevel 3 if not errorlevel 4 echo ERROR #3 occurred
if errorlevel 4 if not errorlevel 5 echo ERROR #4 occurred
{Nested if statements that determine the exact error number.}

if [not] string1= =string2 command {The condition is TRUE if both strings are identical. The comparison is case sensitive. If either string is blank, a syntax error occurs.}

if (%1)= =(LTRS) CD C:WORDLTRS {If the first parameter is LTRS, the change directory to LTRS.}

if “%1″= =”” goto ERROR {If there is no parameter, then control is transferred to label ERROR.}

if not %2X= =X DIR %2*.* {If there is a second parameter, then display all the files contained in the directory %2.}

if not “%3″= =”” if not “%3″= =”b” if not “%3″= =”B” goto BADPARAM {If there is no third parameter or if it is anything other than b or B, then go to label BADPARAM.}

if [not] exist filename command {The condition is TRUE if filename can be located. The filename can include drive and path specifications. Wildcards are allowed.}

if exist D:%1nul CD %1 {Tests for the existence of directory %1 even if it contains no files, then changes to that directory if it exists.}

if not exist A:FLASH.EXE COPY C:PROJECTSFLASH.EXE A: {Copies FLASH.EXE to drive A, but only if it doesn’t exit there already.}
PAUSE Pauses the running of a batch file and displays the message “Press any key to continue …” on the screen. If the optional message is included, it will be displayed first. Use pause to optionally terminate the batch file with <Ctrl-Break> at a safe place. The optional message is not displayed when echo is OFF, so the message must be echoed on the preceding line.

pause [message]
    examples pause {Displays “Press any key to continue …”.}

pause < nul {Waits with no comment.}

pause Do you want to continue? {Displays “Do you want to continue?” with “Press any key to continue …” on the next line.}
REM Adds remarks to a batch file.

rem [remark]
    examples @rem {Hides the remark from display.}
SET Set will view the DOS environment or create, change, or delete environment values.

set [variable=[value]] {Variable: a string of characters, unbroken by spaces, which are converted to uppercase letters in the environment. Value: a string of characters, case specific, associated with variable.}
    examples set {Display the entire DOS environment.}

set USER=John {Sets the value of USER to the string, “John”.}

set USER= {Removes USER from the environment.}

set PATH=C:;C:DOS {Sets C:;C:DOS as the current search path.}

set PATH=%PATH%;C:TEST {Appends ;C:TEST to the current search path.}
SHIFT Shifts any parameter on the command line one position to the left. Use SHIFT to refer to multiple parameters by one name or to use more than ten parameters on a single command line.

    examples :LOOP
COPY %1 A:
if not (%1)==() goto LOOP
{Beginning with the first parameter, all the parameters listed on the command line are iterated and a file, the value of the parameter, is copied to A:.}

command > nul {Redirects command output to oblivion.}

command > file {Redirects command output to file.}

command >> file {Appends command output to file.}

command < file {Redirects file output to command.}

PATH {Displays “PATH=” followed by the value of PATH, the current search path.}

PATH directories {Sets directories as the current search path.}

PATH = directories {Sets directories as the current search path.}

PATH; {Disables extended command searching and confines the searching to the default directory.}

PROMPT {Resets the prompt string to its default, $n$g.}

CD {Displays the current directory and its path.}

. {Represents the default directory (If PATH=D:;C:SYS;C:. then current directory will be searched after D: and C:SYS).}

.. {Represents the parent of the default directory (C:TOOLSWPLTRS.DOC is the same as ..WPLTRS.DOC).}

%% {A literal “%”.}
Other Resources


Manipulating Registry from a Batch file

Manipulating Registry from a Batch file

REGEDIT /S addsome.REG                Adds registry settings from a file

REGEDIT /E d:pathfilename.REG "HKEY_XXXXWhatever Key"   Exports a a registry hive to file

Example of a registry import file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]

Deleting a registrykey

[-HKEY_CURRENT_USERDummyTree]      Deletes the entire tree DummyTree

[HKEY_CURRENT_USERDummyTree]       Deletes ValueToBeRemoved from DummyTree


Enable SSH

On Cisco Pix

hostname host

ssh <ip> <mask> outside
ssh <ip> <mask> inside
ssh timeout 30

ca generate rsa key 1024
show ca mypubkey rsa
ca save all

On Cisco ASA

hostname host

ssh <ip> <mask> outside
ssh <ip> <mask> inside
ssh timeout 30

crypto key generate rsa modulus 1024

FSMO Roles

FSMO (Flexible Single Master Operations)

Two good reasons for investigating FSMO

a) Curiosity to know how this Single master operation works

b) To know what to do if you lose one of the 5 vital roles.

Background information

For most Active Directory operations, Windows 2003 uses the multiple master model.  The benefit is you can add a computer, or change a user’s password on any domain controller.  For example, if you have three domain controllers, you can physically create a new computer in the NTDS.dit database on any of the three.  Five minutes later, the new computer object will be replicated to the other two domain controllers.

Technically, the multiple master model uses a change notification mechanism.  Occasionally problems arise with duplicate operations, and as a result orphaned objects appear in the ‘LostAndFound’ folder.  The point of FSMO is that a few operations are deemed so critical that only one domain controller can carry out that process.  Emulating a PDC is the most famous example of such a Single Master Operation; creating a new child domain would be another example.

In FSMO, the Flexible word simply means that you can move the role to a more suitable domain controller.

The five FSMO roles are:

  1. PDC Emulator – For NT 4.0 BDC’s.  But also for synchronizing time and creating group policies.
  2. RID Master – Each object must have a globally unique number.  The RID master makes sure each domain controller issues unique numbers when you create objects like users.
  3. Infrastructure Master – Responsible for checking Universal group membership in multiple domain forests.
  4. Domain Naming Master – Ensures that each child domain has a unique name.
  5. Schema Master – Operations that involve expanding user properties e.g. Exchange 2000 adds the mailbox property to users.

Three of the FSMO roles (1-3) are held in each domain, whilst two (4-5) are unique to the entire forest.

Changing the FSMO rolesFSMO Roles

RID, PDC, Infrastructure (1. 2. and 3.)

You can plan a switch of Operation Master by using the Change button in the diagram right, taken from Active Directory Users and Computers, Right Click Domain, Properties, Operations Masters.

Domain Naming Master (4.)

To see the Domain Naming Master (4), check out Active Directory Domains and Trusts, Operations Master..

Schema Master (5.)

The Schema Master (5) is the most difficult FSMO to find.

1) Register the Schema Snap with this command: RUN regsvr32 schmmgmt.dll;

2) Run MMC, Add Remove Snap-in, Add Active Directory Schema

3) Select Active Directory Schema, Right Click, Operations Master.

If you ever run DCPROMO to demote a domain controller, watch out for a check box that says ‘This is the last domain controller in the domain’.  If that box is UNchecked the wizard will automatically move any FSMO roles to another domain controller.


If you find problems with domain controller connections timing out then:

a) Check DNS settings on the TCP/IP properties.

b) Check that all the FSMO servers are up and running.

c) Try this need command using NetDom:
    netdom query fsmo.

d) If you need a copy of netdom, check here.