If you need to automate the shutdown or restart of a system, then politely asking each application to close can be problematic. If someone had an open unsaved file on the target system, the shutdown wouldn’t proceed as expected. That’s why Windows also supports forcefully shutting down a system. With the shutdown.exe command, you can specify an additional option (/f on Windows Server 2003 and /c on Windows 2000) to force all applications to close. If an application like Notepad is running, it automatically closes any unsaved files and your unsaved changes will be lost.

On the programmatic side, the Win32_OperatingSystem class supports two shutdown methods. The first one (Shutdown), performs a normal shutdown. It will not forcefully close files. The second, however, Win32Shutdown, will.

So you can perform a forceful shutdown with a command line and from a script. How about from the GUI? You sure can. Just hit Ctrl+Alt+Del on your keyboard. Using the Tab key move to the Shut Down button. Hold the Ctrl key down and click Enter. Click OK to confirm the shutdown.

One other thing that you may need to do at some point is schedule a server to reboot or shutdown at a specific time. This is sometimes needed if an entire network or data center needs to move or go down for maintenance. You could automate this job pretty quickly using a combination of the scripting solutions and the Task Scheduler, but there is another way using the command line. The at.exe command lets you schedule a task to run either locally or remotely at a specified time.

This command causes a server to shut down at 20:00 (8 P.M.) tonight:

> at \\ 20:00 shutdown.exe /s /c "Datacenter move"

This command causes the server to restart at 21:00 (9 P.M.) every Friday night:

> at \\ 21:00 /every:F shutdown.exe /r /c "Weekly restart"

Using a graphical user interface

With Windows Server 2003 and Windows 2000 you can obviously shut a machine down by going to Start > Shut Down, but I’ll describe the new graphical interface with the shutdown.exe command, which is available in Windows Server 2003.

1. From the Start menu select Run.
2. Type cmd.exe and click OK.
3. In the CMD window, type shutdown /i and hit enter.
4. Click the Add button, type the names of the server(s) you want to shut down or restart, and click OK.
5. Select whether you want to restart or shut down the server(s).
6. Enter the number of seconds to warn logged on users (or uncheck to not warn).
7. Configure the Shutdown Event Tracker options.
8. Click OK. In the CMD window, you’ll see a status message stating if the operation was successful.

Here is another option that is available from either Windows 2000 or Windows Server 2003:

1. Open the Computer Management snap-in.
2. If you want to target a remote system, right-click on the Computer Management icon in the left pane and select Connect to another computer. Enter the computer name beside Another computer and click OK.
3. Right-click on the Computer Management icon in the left pane and select Properties.
4. Click the Advanced tab.
5. Under Startup and recovery, click the Settings button.
6. Click the Shut Down button.
7. Select from the list of actions and options under Forced Closed Apps.
8. Click OK.

Using a command-line interface

The following two commands work with the Windows Server 2003 version of shutdown.exe. This shuts a server down after the 30 seconds (default wait timer):

> shutdown /m \\ /s /c "Server requires reboot due to app install"

This command restarts a server after 20 seconds:

> shutdown /m \\ /r /t 20 /c "Server is going down for repairs"

You can use the /f option to force applications to close.

On Windows 2000, the shutdown options are a little different. This command shuts down a server (in 30 seconds by default):

> shutdown \\ "Server is going down for repairs"

And this restarts (/r option) a server in 15 seconds:

> shutdown \\ /r /t:15 "Server requires reboot due to app install"

You can force all applications to close by using the /c option.

Using VBScript

' This code shuts a server down.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = ""   ' e.g., rallen-srv01
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
 for each objOS in colOS
    intRC = ObjOS.Shutdown( )
    if intRC <> 0 then
       WScript.Echo "Error attempting to shutdown server: " & intRC
    else
       WScript.Echo "Shutting down server..."
    end if
 next

' This code forcefully shuts a server down.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = ""   ' e.g., rallen-srv01
 intFlag = 1 + 4    ' Flag for forceful shut down
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
 for each objOS in colOS
    intRC = ObjOS.Win32Shutdown(intFlag)
    if intRC <> 0 then
       WScript.Echo "Error attempting to shutdown server: " & intRC
    else
       WScript.Echo "Shutting down server..."
    end if
 next

' This code reboots a server.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = ""   ' e.g. rallen-srv01
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
 for each objOS in colOS
    intRC = ObjOS.Reboot( )
    if intRC <> 0 then
       WScript.Echo "Error attempting to reboot server: " & intRC
    else
       WScript.Echo "Rebooting server..."
    end if
 next

You need to reboot the system for the changes to take effect after performing one of the following.

Using a graphical user interface

1. Open the Registry Editor (regedit.exe) and connect to the target machine.
2. In the left pane, expand HKEY_LOCAL_MACHINE > SOFTWARE > Policies > Microsoft > Windows NT.
3. If there is no subkey called Reliability, create it by right-clicking Windows NT, selecting New Key, and typing Reliability.
4. Right-click Reliability and select New > DWORD Value.
5. In the right pane, type ShutdownReasonOn and hit enter. Leave the default value set to 0.

You can also disable Shutdown Tracker using group policy. The settings for it are located in Computer Configuration > Administrative Templates > System > Display Shutdown System Tracker.

Using a command-line interface
The following command disables the Shutdown Tracker:

> reg add "\\\HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Reliability" /v
 ShutdownReasonOn /t REG_DWORD /d 0

Using VBScript

' This code disables the Shutdown Tracker from running.
 ' ------ SCRIPT CONFIGURATION ------
 intEnable = 0      ' 0 = disable; 1 = enable screen
 strComputer = "."  ' e.g., rallen-srv01
 ' ------ END CONFIGURATION ---------
 const HKLM = &H80000002
 strKeyPath = "SOFTWARE\Policies\Microsoft\Windows NT\Reliability"
 set objReg = GetObject("winmgmts:\\" & strComputer & _
                        "\root\default:StdRegProv")
 intRC1 = objReg.CreateKey(HKLM,strKeyPath)
 intRC2 = objReg.SetDwordValue(HKLM, strKeyPath, "ShutdownReasonOn", intEnable)
 if intRC1 <> 0 or intRC2 <> 0 then
    WScript.Echo "Error setting registry value: " & intRC
 else
    WScript.Echo "Successfully disabled shutdown tracker"
 end if

Don’t get me wrong, I think the Shutdown Tracker is a very useful feature. In fact, I’m glad Microsoft added it, but it can be annoying on test systems that you want to restart or shut down frequently. After Shutdown Tracker runs, it creates event 1074 in the System event log. Here is an example:

Event Type:    Information
 Event Source:    USER32
 Event Category:    None
 Event ID:    1074
 Date:        10/11/2003
 Time:        6:50:42 PM
 User:        rallen-w2k3\administrator
 Computer:    RALLEN-W2K3
 Description:
 The process Explorer.EXE has initiated the restart of computer RALLEN-W2K3 on behalf
 of user RALLEN-W2K3\Administrator for the following reason: Other (Planned)
  Reason Code: 0x85000000
  Shutdown Type: restart
  Comment: Just installed a hotfix.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/
 events.asp.
 Data:
 0000: 00 00 00 85               ...

You can even customize Shutdown Tracker if you want. You can create your own shutdown reasons. There are eight by default. All it takes is some more registry changes. See MS KB 293814 for more information.

A setting in the registry controls whether this screen is displayed by default. When a user logs on for the first time, the subkeys and values in the HKEY_USERS\.DEFAULT key are copied to HKEY_USERS\, which is the same as HKEY_CURRENT_USER for the currently logged on user. Under the .DEFAULT key, the Software\Microsoft\Windows NT\CurrentVersion\srvWiz value dictates if the Configure/Manage Your Server screen displays at logon. A value of 0 disables the screen from displaying and 1 enables it. If you set it to 0 before any user logs on to the system, that screen will never display.

Using a graphical user interface

The following directions disable the screen for the currently logged on user only. See the command-line solution for how to disable it for all users by default.

For Windows Server 2003:

1. From the Start menu, select All Programs Administrative Tools Manage Your Server.
2. At the bottom lefthand corner of the screen, check the box beside Don’t display this page at logon.

For Windows 2000:

1. From the Start menu, select Programs Administrative Tools Configure Your Server.
2. At the bottom of the screen, uncheck the box beside Show this screen at startup.

Using a command-line interface

Run the following command against a Windows Server 2003 or Windows 2000 machine to prevent the Manage/Configure Your Server screen from displaying for all users:

> reg add "\\\HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\
 Setup\Welcome" /v srvwiz /t REG_DWORD /d 0

If a user logged in before you set the previous registry value, then you’ll need to run this command to disable it for the logged-in user (note: this command must be run locally):

> reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Setup\Welcome\srvWiz"
 /ve /t REG_DWORD /d 0

Using VBScript

' This code disables the
  Manage/Configure Your Server screen for all users
 ' (this only applies to users that have not logged in yet)
 ' ------ SCRIPT CONFIGURATION ------
 intEnable = 0                 ' 0 = disable screen; 1 = enable screen
 strComputer = ""  ' name of target server
 ' ------ END CONFIGURATION ---------
 const HKU   = &H80000003
 strKeyPath  = ".DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\" & _
               "Setup\Welcome"
 strValue = "srvwiz"
 set objReg = GetObject("winmgmts:\\" & strComputer & _
                        "\root\default:StdRegProv")
 intRC = objReg.SetDwordValue(HKU, strKeyPath, strValue, intEnable)
 if intRC <> 0 then
    WScript.Echo "Error setting registry value: " & intRC
 else
    WScript.Echo "Successfully disabled screen"
 end if

' This code disables the Manage/Configure Your Server screen for
 ' the currently logged on user.
 ' ------ SCRIPT CONFIGURATION ------
 intEnable = 0   ' 0 = disable screen; 1 = enable screen
 strComputer = "."
 ' ------ END CONFIGURATION ---------
 const HKCU   = &H80000001
 strKeyPath   = "Software\Microsoft\Windows NT\CurrentVersion\" & _
               "Setup\Welcome\srvWiz"
 set objReg = GetObject("winmgmts:\\" & strComputer & _
                        "\root\default:StdRegProv")
 intRC = objReg.SetDwordValue(HKCU, strKeyPath, "", intEnable)
 if intRC <> 0 then
    WScript.Echo "Error setting registry value: " & intRC
 else
    WScript.Echo "Successfully disabled screen"
 end if

It is a good idea to pay attention to the uptime on your servers to make sure their availability jives with what you think it should be. Perhaps a server rebooted due to a blue screen or even worse, because another administrator (or attacker!) did something they shouldn’t have. Looking at system uptime is the poor man’s availability monitor. You may even want to create a script that runs at system startup on your servers, which can serve as a notification mechanism anytime your servers reboot.

Using a command-line interface

All three of the following commands display the system uptime:

> psinfo \\ | findstr Uptime
 > srvinfo \\ | findstr /c:"Up Time"
 > systeminfo /s  | findstr /c:"Up Time"

Using VBScript

' This code prints system uptime for a host.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = "."   ' e.g., rallen-srv01
 ' ------ END CONFIGURATION ---------
 set objWMIDateTime = CreateObject("WbemScripting.SWbemDateTime")
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colOS = objWMI.InstancesOf("Win32_OperatingSystem")
 for each objOS in colOS
    objWMIDateTime.Value = objOS.LastBootUpTime
    Wscript.Echo "System Up Time: " & objWMIDateTime.GetVarDate
 next

There are several settings you can configure to control what happens after a system crash. By default, when a system crashes, it writes the contents of memory to a debug file in the system root called memory.dmp. This file will be one of the first things Microsoft asks for if you open a support case about the crash (see MS KB 314103 for more information). After the debug file is written, an event is written to the System Event log and, if configured, an administrative alert is sent to the administrator of the system. See MS KB 310490 for more on configuring administrative alerts. Lastly, the system automatically reboots. You may want to give some thought about this last option because I’ve seen more than one case where a system continuously reboots itself because it experienced the failure during system startup. Also, if you automatically reboot and are not closely monitoring your systems, there could be sporadic undetected crashes.

Using a graphical user interface

1. From the Control Panel, open the System applet.
2. Select the Advanced tab.
3. Under Startup and Recovery, click the Settings button.
4. All of the system failure options are located under the System Failure heading. Modify the settings as necessary.
5. Click OK until all of the windows are closed.

Using a command-line interface

The system failure and recovery options are stored in the registry. You can view the current settings by enumerating the HKLM\SYSTEM\CurrentControlSet\Control\CrashControl subkey:

> reg query \\\HKLM\SYSTEM\CurrentControlSet\Control\CrashControl

On Windows Server 2003, you can also use the wmic utility to view these settings:

> wmic /node: recoveros list /format:list

To modify these settings, use either the reg add command (on Windows 2000) or the wmic command (on Windows Server 2003). Next, I’ll show some examples using wmic.

To disable admin alerts after failure, do the following:

> wmic recoveros set SendAdminAlert = False

To disable automatic reboot after failure, do the following:

> wmic recoveros set AutoReboot = False

To not write any information to a memory dump file after failure, do the following:

> wmic recoveros set DebugInfoType = 0

To set the mini-dump directory to d:\minidumps (only available with Windows Server 2003), do the following:

> wmic recoveros set MiniDumpDirectory = d:\minidumps

To set the location of the dump file to D:\Dump\Mem.dmp, do the following:

> wmic recoveros set DebugFilePath = D:\Dump\Mem.dmp

To not overwrite an existing dump file, do the following:

> wmic recoveros set OverwriteExistingDebugFile = 0

Using VBScript

' This code displays the current failure and recovery settings.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = "."  ' e.g., rallen-srv01
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colRecoveryConfig = objWMI.InstancesOf("Win32_OSRecoveryConfiguration")
 for each objConfig in colRecoveryConfig
     Wscript.Echo objConfig.Name
     Wscript.Echo "  Auto reboot: " & objConfig.AutoReboot
     Wscript.Echo "  Debug File Path: " & objConfig.DebugFilePath
     Wscript.Echo "  Debug Type: " & objConfig.DebugInfoType
     Wscript.Echo "  Expanded Debug File Path: " & objConfig.ExpandedDebugFilePath
     Wscript.Echo "  Kernel Dump Only: " & objConfig.KernelDumpOnly
     Wscript.Echo "  Overwrite Existing: " & objConfig.OverwriteExistingDebugFile
     Wscript.Echo "  Send Admin Alert: " & objConfig.SendAdminAlert
     Wscript.Echo "  Write Debug Info: " & objConfig.WriteDebugInfo
     Wscript.Echo "  Write to System Log: " & objConfig.WriteToSystemLog
 next

' This code modifies the system failure and recovery settings.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = "."  ' e.g., rallen-srv01
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colRecoveryConfig = objWMI.InstancesOf("Win32_OSRecoveryConfiguration")
 for each objConfig in colRecoveryConfig
     Wscript.Echo objConfig.Name

   ' Uncomment the settings you want to modify:
     ' objConfig.AutoReboot = True
     ' objConfig.DebugFilePath = "d:\dumps\memory.dmp"
     ' objConfig.DebugInfoType = 1  ' Only available on W2K3
     ' objConfig.KernelDumpOnly = False
     ' objConfig.MiniDumpDirectory = "d:\minidumps" ' Only available on W2K3
     ' objConfig.OverwriteExistingDebugFile = True
     ' objConfig.SendAdminAlert = True
     ' objConfig.WriteDebugInfo = True
     ' objConfig.WriteToSystemLog = True

    objConfig.Put_
 next
 WScript.Echo "Successfully modified settings."

1. From the Control Panel, open the System applet.
2. Select the Advanced tab.
3. Under Startup and Recovery, click the Settings button.
4. Under the System Startup heading, you can modify the default operating system and the amount of time the system waits before loading the default OS.
5. To change additional startup options on Windows Server 2003, you can click the Edit button to modify the boot.ini file.
6. Click OK until all of the windows are closed.

Using a command-line interface
Windows Server 2003 includes a new tool called bootcfg.exe (also available with Windows XP) that lets you examine and modify the system startup options (including boot.ini) from the command line. To get a list of the current startup options, run bootcfg without any parameters:

> bootcfg

The following command changes the timeout setting for the default OS option to 15 seconds:

> bootcfg /timeout 15

The following command adds the /DEBUG and /SOS options to the OS option defined by ID 2 (which you can see by running bootcfg without any options):

> bootcfg /Raw "/DEBUG /SOS" /A /ID 2

For the complete list of bootcfg options, run bootcfg /? from the command line.

The Edit button is available only on Windows Server 2003. If you want to modify the boot.ini file on Windows 2000, you’ll have to use the procedures described next in the command-line solution.

Since Windows 2000 doesn’t come with the bootcfg utility, you have to modify the boot.ini file directly. First, make the file editable:

> attrib %SystemDrive%\boot.ini -h -r -s

Then edit the file:

> edit %SystemDrive%\boot.ini

And finally, make the file read-only and hidden again:

> attrib %SystemDrive%\boot.ini +h +r +s

Using VBScript

' This code displays the system startup settings.

' ------ SCRIPT CONFIGURATION ------

strComputer = "."  ' e.g., rallen-srv01

' ------ END CONFIGURATION ---------

set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

set colCompSys = objWMI.InstancesOf("Win32_ComputerSystem")

for Each objCompSys in colCompSys

    WScript.Echo "Startup Delay: " & objCompSys.SystemStartupDelay

    for each strOption in objCompSys.SystemStartupOptions

       WScript.Echo "Operating System: " & strOption

    next

next

' This code sets the startup delay to 10 seconds.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = "."  ' e.g., rallen-srv01
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colCompSys = objWMI.InstancesOf("Win32_ComputerSystem")
 for Each objCompSys in colCompSys
     WScript.Echo "Startup Delay Before: " & objCompSys.SystemStartupDelay
     objCompSys.SystemStartupDelay = 10
     objCompSys.Put_
     WScript.Echo "Startup Delay After: " & objCompSys.SystemStartupDelay
 next

You can configure where the information should be positioned in the background, you can use any background color or wallpaper you want, and you can even choose to configure whether only Terminal Services users should see it or whether it should be available to anyone that logs on.

Using a graphical user interface

1. Open the Sysinternals BGInfo program on the target server.
2. The default configuration information is displayed. You can modify it directly or select a new setting in the Fields box and click the Add button. You can also create your own custom settings by clicking the Custom button.
3. Click the Background button to customize the background color or bitmap.
4. Click the Position button to customize where the BGInfo is displayed on the desktop.
5. Click the Desktops button to configure the desktops where you want this information displayed. You can put it only on your desktop, on all console users’ desktops, or on Terminal Services user’s desktop.
6. Click the Preview button to see what the new background would look like.
7. Click the Apply button to commit the changes.

Using a graphical user interface

1. From the Control Panel, open the System applet.
2. Select the Advanced tab.
   1. On Windows Server 2003:
      1. Under Performance, click the Settings button.
      2. Click the Advanced tab.
      3. Under Virtual memory, click the Change button.
      4. You’ll see a list of all volumes and any page files that have been configured on them. To modify the size of an existing page file, highlight the drive the page file is on, modify the Initial size and/or Maximum size, and click Set. You can also select System managed size to let the system control the size of the page file. To add a new page file, select a drive that currently does not have a page file and select either Custom size or System managed size. If you select the former, enter the Initial size and Maximum size. Click Set when you are done. A performance tip is to set the initial size the same as the maximum size to reduce unnecessary I/O operations.
   2. On Windows 2000:
      1. Click the Performance Options button.
      2. Click the Change button.
      3. You’ll see a list of all attached disks and any page files that have been configured on them. To modify the size of an existing page file, highlight the drive the page file is one, modify the Initial size and/or Maximum size, and click Set. To add a new page file, select a drive that currently does not have a page file, enter the Initial size and Maximum size, and click Set.

Using a command-line interface

Page file information is stored in the registry, so you can use the reg.exe command to display current settings:

> reg query "\\\HKLM\System\CurrentControlSet\Control\Session Manager\
 Memory Management" /v PagingFiles

For Windows Server 2003, you can also use the systeminfo.exe command to display page file usage:

> systeminfo | findstr Page

The list of page files is stored in a REG_MULTI_SZ value called PagingFiles in the registry. By using the reg add command you can overwrite the current settings in PagingFiles and specify the page files you want. This command configures only one page file on the system located at d:\pagefile.sys:

> reg add "\\\HKLM\System\CurrentControlSet\Control\Session Manager\
 Memory Management" /v PagingFiles /t REG_MULTI_SZ /d "d:\pagefile.sys 580 1024"

The first number after d:\pagefile.sys is the initial size in megabytes for the page file and the second number is the maximum size.

This command causes there to be two page files, one on the C: drive and the other on the D: drive:

> reg add "\\\HKLM\System\CurrentControlSet\Control\Session Manager\
 Memory Management" /v PagingFiles /t REG_MULTI_SZ /d "C:\pagefile.sys 512 1024\0D:\

pagefile.sys 512 1024\0"

You’ll need to reboot for the changes to take effect.

Using VBScript

' This code displays the current page files on the system.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = "."
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colPF = objWMI.InstancesOf("Win32_PageFileUsage")
 for each objPF in colPF
    Wscript.Echo objPF.Name
    Wscript.Echo "  Initial Size: " & objPF.AllocatedBaseSize
    Wscript.Echo "  Max Size: " & objPF.CurrentUsage
    WScript.Echo "  Peak Usage: " & objPF.PeakUsage
    WScript.Echo
 next

You cannot change the size of a Page file with the Win32_PageFileUsage class (or any other WMI class), you can only retrieve a page file’s properties.

There are two types of memory on computers: random access memory (RAM) (or physical memory) and virtual memory. RAM is stored on specialized chips and is very fast, whereas virtual memory is stored on hard drives and is comparatively slow. On Windows systems, paging files are used to allocate space for virtual memory.

The operating system uses RAM when possible, but when the limits of RAM are exceeded it turns to virtual memory. When the system needs to make room in RAM (e.g., when you open a new application), it pages out the most infrequently used sections of RAM to virtual memory. That means the system has to perform disk reads and writes during this process. Your goal with virtual memory should be to configure the paging files so that they are big enough to handle virtual memory demands and can be accessed quickly.

In fact, your page file configuration can have a significant impact on system performance. When the Windows operating system is first installed, a page file is created (called pagefile.sys) on the drive the operating system is installed on. As I mentioned in the Problem section, you should consider moving this page file to a separate drive so that there isn’t a lot of contention for disk I/O when the system needs to access virtual memory. An even better practice is to create two page files. It is a good idea to have a page file on a non-system partition, but you may still want a page file on the system partition to handle memory dumps. If there is no page file on the system drive and a system crash (blue screen) occurs, the system will not be able to write out a memory dump that can be used to troubleshoot the crash. Windows uses the page file on the least busy partition, so it should primarily use the non-system partition page file for virtual memory. It is also worth noting that you shouldn’t bother with creating two page files unless you have at least two disks. Creating multiple paging files on the same disk doesn’t buy you much in terms of performance.

Regarding the size of the page files, the general rule of thumb is to have at least 1.5 times the amount of RAM, which is the default configuration. So if you had 1 GB of RAM, you should have at least a 1.5-GB paging file. The largest any one page file can be on a single disk is 4 GB.

Another issue to consider if security is a concern for you is clearing the paging files during system shutdown. Some applications write sensitive information, such as passwords, to RAM. If that data gets paged out to virtual memory, it can end up in a page file. That information can remain in the page file for a considerable amount of time (even after reboot) until that space is needed for something else. While the page files are protected by the operating system, it is possible (although not very easy, mind you) for an attacker that has gained control over the system to read that file and any data within it. The solution for this is to clear the page files whenever the system shuts down. To enable this you need to modify a registry setting and reboot the computer. See MS KB 182086 for more information.

Using a graphical user interface
The System Managed option I described in the graphical solution is only available in Windows Server 2003. It is a new feature that lets the system determine how big the page file needs to be. It is a good practice to use this setting unless you have a very good reason not to do so.

Using a command-line interface
Be careful when configuring the page files from the command line. Thoroughly test your command before trying it on a production system. The last thing you want to do is mess up the page files on your systems!

Using VBScript
None of the WMI classes allow you to configure the page files directlyyou can only view them. If you need to do it programmatically, your best bet would be to use the Registry WMI provider to set the corresponding registry values for page files as I described in the command-line solution.

For example, let’s say you wanted to view the NetLogon log file on a remote system. After you log on to the system, you have to locate the file. On your computer it is located in C:\WINNT\Debug, but that directory might not exist on the remote computer. You then perform a search for the file and find it is located in D:\Windows\Debug. If you used environment variables, finding the file would have been a lot easier. On your machine, the Debug directory lives in the C:\WINNT directory, which is the default system root path. On the remote server it was D:\Windows. The default system root directory on Windows Server 2003 is \Windows, but since it is on the D: drive in this case, that means whoever installed the OS chose a nondefault drive (which is fine). Regardless of where the system root is, the SystemRoot environment variable defines this path for us. By simply enclosing SystemRoot in percent signs (%), we could have found our file much quicker (%systemroot%\debug\netlogon.log).

Using a graphical user interface

1. From the Control Panel, open the System applet.
2. Select the Advanced tab.
3. Click the Environment Variables button.
4. Click the New button under the User variables or System variables box depending on whether you want to create an environment variable that is visible only to the currently logged-on user or system-wide.
5. Enter the variable name and value and click OK until all windows are closed.

The new variable(s) will not be available in any CMD windows that are currently open. You’ll need to close and reopen any CMD sessions in which you want to use the new variable(s).

Using a command-line interface

To view environment variables, run the set command. You can also view a subset of environment variables by running set and specifying the first letters of the variable(s). This command displays all environment variables that begin with USER:

> set user

You can use the wmic utility to print environment variables on a remote system:

> wmic /node:"" environment list full

You can print the value of an environment variable using echo:

> echo %systemroot%

To set an environment variable for use in the current CMD session, use the set command. The following command sets the FOOBAR environment variable:

> set FOOBAR=test

FOOBAR will be valid only for the life of the CMD session you set it in. If you need to create a permanent environment variable, use setx.exe:

> setx FOOBAR test

Just as with set, you will not be able to use the new variable in any CMD sessions you had open before creating it (other than the one in which it was created).

With the Windows Server 2003 version of setx (which comes with the OS), you can even set new environment variables on a remote server:

> setx FOOBAR test /s  /u  /p
 

Using VBScript

' This code prints the environment variables.
 ' ------ SCRIPT CONFIGURATION ------
 strComputer = "."
 ' ------ END CONFIGURATION ---------
 set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 set colVars = objWMI.InstancesOf("Win32_Environment")
 for each objVar in colVars
    WScript.Echo objVar.Name & ": " & objVar.variableValue & _
                 " (" & objVar.Username & ")"
 next

' This code shows how to expand an environment variable.
 set objShell = CreateObject("WScript.Shell")
 WScript.Echo objShell.ExpandEnvironmentStrings("%systemroot%\notepad.exe")

' This code creates a new system environment variable called FOOBAR.
 ' ------ SCRIPT CONFIGURATION ------
 strVarName = "FOOBAR"
 strVarValue = "Foobar Value"
 strComputer = "."
 ' ------ END CONFIGURATION ---------
 set objVarClass = GetObject("winmgmts:\\" & strComputer & _
                             "\root\cimv2:Win32_Environment")
 set objVar = objVarClass.SpawnInstance_
 objVar.Name = strVarName
 objVar.VariableValue = strVarValue
 objVar.UserName = ""
 objVar.Put_
 WScript.Echo "Created environment variable " & strVarName

> nltest /server:<ComputerName> /sc_query:<DomainName>

The following command resets the secure channel for a computer:

> nltest /server:<ComputerName> /sc_reset:<DomainName>

The following solutions describe how to reset a computer account.

Using a graphical user interface

• Open the Active Directory Users and Computers snap-in.
• If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
• In the left pane, right-click on the domain and select Find.
• Beside Find, select Computers.
• Type the name of the computer and click Find Now.
• In the Search Results, right-click on the computer and select Reset Account.
• Click Yes to verify.
• Click OK.
• Rejoin the computer to the domain.

Using a command-line interface

You can use the dsmod.exe utility to reset a computer’s password. You will need to rejoin the computer to the domain after doing this.

> dsmod computer  "<ComputerDN>" -reset

Another option is to use the netdom.exe command, which can reset the computer so that you do not need to rejoin it to the domain.

> netdom reset <ComputerName> /Domain <DomainName> /UserO <UserUPN> /PasswordO *

Using VBScript

‘ This code resets an existing computer object’s password to the ‘ initial default. You’ll need to rejoin the computer after doing this. set objComputer = GetObject(“LDAP://<ComputerDN>“) objComputer.SetPassword “<ComputerName>”

Every member computer in an Active Directory domain establishes a secure channel with a domain controller. The computer’s password is stored locally on the machine in the form of a Local Security Authority (LSA) secret and also in Active Directory with the computer’s account. The NetLogon service on the computer uses this password to establish the secure channel with a domain controller. If for some reason the LSA secret and computer password become out of sync, the computer will no longer be able to authenticate in the domain. The nltest /sc_query:<DomainName> and nltest /sc_verify:<DomainName> commands can query a computer to verify its secure channel is working. Here is sample output from the nltest /sc_query command when things are working:

Flags: 30 HAS_IP  HAS_TIMESERVTrusted DC Name \\dc1.rallencorp.comTrusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

If its secure channel is failing, you’ll need to reset the secure channel. If that doesn’t work, you’ll need to reset the computer account. Here is sample output when things are not working or if you are logged in with cached credentials:

Flags: 0Trusted DC NameTrusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS

The command completed successfully

To reset the computer, set the computer account password to the name of the computer. This is the default initial password for new computers. Every 30 days Windows 2000 and newer systems automatically change their passwords in the domain. After you’ve set the password, you’ll need to rejoin the computer to the domain since it will no longer be able to communicate with a domain controller due to unsynchronized passwords. However, the netdom reset command will try to reset the password on both the computer and in Active Directory. If successful, you won’t have to manually rejoin the computer to the domain. Unfortunately, the actions executed by netdom reset cannot be done either from the GUI or from VBScript.