Using findstr to simplify output

This might be an oldie to some of you but I still like it so here we go.

It is rather annoying when you receive a large output from a CLI based tool
and you need to go through it manually in an attempt to find what you are looking
for (consider an output from netstat).


By using findstr you can filter the display to provide you with the line on which the information
you are looking for is displayed. This is achieved by piping the output to findstr:



This is one example of what this tool is able to do. Keep in mind that this is a very specific (and simple)
example. findstr has many abilities and it can manipulate the output in different ways. For additional
information use ‘findstr /?’.

The new fashion – Badmouthing Vista

This is starting to get ridiculous, everywhere I look somebody is saying how much
Vista has failed. Every RSS feed I look at (even if its’ about food) screams how
miserably Vista has failed.

I have one thing to say,get over it. Find a different topic.

I don’t want to go into defending Vista or saying why it’s better. I won’t say that I
have sales information about Vista to prove that it’s selling great, I simply find it tiresome
that every Mac or Linux loving editor that has a stage feels the necessity to write an “in-depth”
article with about why Vista failed.
[I am also having bad flashbacks to 2001 (I think) when people were saying that you
don’t need more then Win2K,XP is a flashed up toy…]

This fanboy frenzy is an insult to intelligence, I have not seen one technical reason provided
by technical people as why not to use it. The reasons rotate around:

  1. It doesn’t support old drivers- sadly,it is time to replace the scanner you bought back
    in 1990.

  2. It needs stronger hardware- You don’t want to use it don’t buy new hardware. You don’t
    want to run several VM’s for your lab don’t upgrade RAM, you don’t want to play games
    don’t buy a new video card- what’s the difference?!?!?

  3. OEM manufacturers will be able to sell XP for six more month – erm,so?! What is the
    technical reason here? Maybe they aren’t ready for it? Perhaps there is a learning curve
    in adopting the OS?

Long rant,sorry about that-from someone using a number of operating systems and applications
and thinking that neither is perfect and understanding that a perfect piece of software will never

Focusing on the goal

Being involved with different projects (mostly IT and some software) my experience is that
it is very easy to lose track of what is being done and why it’s being done.

Most IT and software projects begin because someone identifies a problem. Someone points
out that there is either something missing or a better way to do things.
Once the problem is stated a solution can be devised (which in itself is not a simple process).

Once the solution is devised, it turns into a project that is broken down into smaller pieces which
in most cases are technical by nature. Based on my experience, this is the point where there is a
tendency to drop the ball. The IT designer/implementer or software developer focus only on the
technology and lose site of the goal.
In such cases there is no clear understanding of what the goal is, tasks are being carried out
since they are on a list(or for technologies sake) but there is no vision to lead the team. Deadlines
are missed and customer satisfaction is low.

Vision may be a big word that might scare off people, yet in the smallest of projects the end goal
must be clear to each and every person involved with it.

Software developers and/or IT designers/implementers tend to think that their role is to either
write code or design/implement a solution-this is where they are wrong, their role is to provide
a solution to a client. Writing code,designing a solution or implementing it, is a mean towards
an end: solving a clients problem!

Jeff Atwood wrote a great post on the subject and he also provides advice on how to prevent
this from happening.

FTP 7 for Windows 2008 (Rc0)

FTP 7 has been released and can be downloaded at:


According to the post on Robert McMurray’s blog it has the following new features:

This new FTP service incorporates many new features that enable web authors to publish content better than before, and offers web administrators more security and deployment options.

  • Integration with IIS 7.0: IIS 7.0 has a brand-new administration interface and configuration store, and the new FTP service is tightly integrated with this new design. The old IIS 6 metabase is gone, and a new configuration store that is based on the .NET XML-based *.config format has taken its place. In addition, IIS 7.0 has a new administration tool, and the new FTP server plugs seamlessly into that paradigm.
  • Support for new Internet standards: One of the most significant features in the new FTP server is support for FTP over SSL. The new FTP server also supports other Internet improvements such as UTF8 and IPv6.
  • Shared hosting improvements: By fully integrating into IIS 7.0, the new FTP server makes it possible to host FTP and Web content from the same site by simply adding an FTP binding to an existing Web site. In addition, the FTP server now has virtual host name support, making it possible to host multiple FTP sites on the same IP address. The new FTP server also has improved user isolation, now making it possible to isolate users through per-user virtual directories.
  • Extensibility and custom authentication: The new FTP server supports developer extensibility, making it possible for software vendors to write custom providers for FTP authentication. Microsoft is using this extensibility feature to implement two new methods for using non-Windows accounts for FTP authentication for IIS Managers and .NET Membership.
  • Improved logging support: FTP logging has been enhanced to include all FTP-related traffic, unique tracking for FTP sessions, FTP sub-statuses, additional detail fields in FTP logs, and much more.
  • New supportability features: IIS 7.0 has a new option to display detailed error messages for local users, and the FTP server supports this by providing detailed error responses when logging on locally to an FTP server. The FTP server also logs detailed information using Event Tracing for Windows (ETW), which provides additional detailed information for troubleshooting.

Set permissions on a specific service (Windows)

[There are two types of service permissions,permission used by the service an permissions set to
control the service. This post deals with permissions that apply when manipulating a service]

In my opinion, messing around with the permissions of a specific service is not a good idea,
solving the problem you are dealing with in a different manner might be a better idea.

In some cases, and since it is possible, you can set permissions on specific services. This might
come handy when you have to allow someone control of a specific service.

Setting permissions on specific services can be achieved by using the sc command (if you read on,
you will notice that it is not a simple task). The sc command has two parameters for this task:

  1. sdshow – Displays the security descriptor for a specific service
  2. sdset – Changes the security descriptor for a service

Viewing the security descriptor of a service

To view a security descriptor of a service use the following syntax:

sc sdshow serviceName

In the following example I am viewing the security descriptor of the DHCP service on my server:

Sounds simple enough, yet as you can see the security descriptor is not as friendly as we would like it to be.


Deciphering the security descriptor

The security descriptor, as displayed by sc sdshow, is formatted according the Security Descriptor Definition
Language (SDDL).

The descriptor will usually be divided into two parts:

  1. Prefix of S: – System Access Control List (SACL),controls auditing (not covered in this post)
  2. Prefix of D: – Discretionary ACL (DACL),controls permissions


Each section, inside the parenthesis, represent a specific entry (security/auditing).
Inside the parenthesis, the user account and the correct permissions are specified.


The first letter represents Allow (A) the opposite of Deny which would be represented by a (D).
Each pair of letters represents a specific permission:
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
RC – READ_CONTROL – read the security descriptor on this service.

Additional permissions:
RP – SERVICE_START – start the service
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service

The last two letters define the security principal assigned with these permissions (a SID or well known
AU – Authenticated Users

Possible aliases:

“AO” Account operators
“RU” Alias to allow previous Windows 2000
“AN” Anonymous logon
“AU” Authenticated users
“BA” Built-in administrators
“BG” Built-in guests
“BO” Backup operators
“BU” Built-in users
“CA” Certificate server administrators
“CG” Creator group
“CO” Creator owner
“DA” Domain administrators
“DC” Domain computers
“DD” Domain controllers
“DG” Domain guests
“DU” Domain users
“EA” Enterprise administrators
“ED” Enterprise domain controllers
“WD” Everyone
“PA” Group Policy administrators
“IU” Interactively logged-on user
“LA” Local administrator
“LG” Local guest
“LS” Local service account
“SY” Local system
“NU” Network logon user
“NO” Network configuration operators
“NS” Network service account
“PO” Printer operators
“PS” Personal self
“PU” Power users
“RS” RAS servers group
“RD” Terminal server users
“RE” Replicator
“RC” Restricted code
“SA” Schema administrators
“SO” Server operators
“SU” Service logon user

Lets look at another example:

A – Allow
CC – SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration
DC – Delete All Child Objects
LC – SERVICE_QUERY_STATUS – ask the SCM for the service’s current status
SW – SERVICE_ENUMERATE_DEPENDENTS – list dependent services
RP – Read all properites
WP – SERVICE_STOP – stop the service
DT – SERVICE_PAUSE_CONTINUE – pause / continue the service
LO – SERVICE_INTERROGATE – ask the service its current status
CR – SERVICE_USER_DEFINED_CONTROL – send a service control defined by the service’s authors
SD – Delete
RC – READ_CONTROL – read the security descriptor on this service.
WD – Modify permissions
WO – Modify owner
BA- Built-in administrators

Wow-that wasn’t simple,not to mention somewhat boring…


Setting permissions

To set permissions use the following syntax:
sc <server> sdset <service name> <SD in SDDL format>

There two parts that may be somewhat problematic here, using the correct SDDL syntax and obtaining the SID
for the security principal who is to be awarded the permissions.

In the following example, I would like to allow a user (erozman) to be able to start and stop the DHCP service.The following
steps will be taken:

  1. Obtain the user’s SID (using a short script)
  2. Format the SDDL correctly
  3. Apply the permissions
  4. Verify the process

As you can see in the following screenshot, I have opened CMD running as ‘’ ,and when I attempt
to stop the DHCP service I am denied since I do not have permissions.


To obtain a specific user’s SID I use the following script(replace the account and domain with your own):
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)

Set objAccount = objWMIService.Get _
Wscript.Echo objAccount.SID

I find it comfortable to receive the SID at the command prompt and not in a window as it is easier to copy and paste
– this is achieved by changing the default script host to cscript:


After obtaining the user’s SID we can format the SDDL correctly:

Then we run the SC command:

Several things to note here: you need to make sure to prefix the SDDL entries with (D:) which sets the DACL and
you need to make sure that you include all entries that you want in the DACL since the whole DACL will be replaced.
This last point is extremely important, if you only use the “new” entry you might actually “lock” yourself out as the
current entries in the DACL will be wiped out.

Now,lets see if ‘erozman’ can stop the DHCP service:


As you can see from the screenshot we have successfully provided ‘erozman’ with the permissions to stop and start
the services. The screenshot also shows that he can not pause the service (we have not provided him with the permission
to do so…).


Simpler ways to do this (alternatives)

There are a couple of alternatives that can be used to change permissions on services:

  1. Security Templates
  2. SWSC – (check out the ACL switch)

In my opinion there should be a simpler (intuitive) method through which permissions for a specific service could be set. The
alternatives are a possible solution, yet they aren’t as simple as they should be(and why should there be alternatives,why
shouldn’t the original resolve the problems?).

Gathering Performance data from the command line

When troubleshooting a performance issue it may be beneficial to gather performance data from
the command line in several cases:

  1. You may want to avoid logging on to the server directly
  2. You may have a problem with using the GUI of performance monitor
  3. You may want to export the information to a text file or to a database

To gather performance data from the command line the typeperf command can be used, it can tap
into the counters that can be used with perfmon providing the information on the command line.

The syntax is relatively simple (it can be viewed as a path to a specific counter):

typeperf \\computer\Object(_instance)\Counter

Monitoring processor usage on a system called ‘CORE’:

typeperf \\core\performance(_total)\% Processor Time


Monitoring the available amount of memory:

typeperf “Memory\available mbytes”


To gather information from several sources at once, specify the paths separated by a space:

typeperf “Memory\available mbytes” “\\dc01\Processor(_total)\% Processor Time” \\CORE\Processor(_total)\% Processor Time



Another way of specifying source is by using a file (in this case specify each source on a new line). The syntax is:

typeperf -cf filename



If you do not specify an output location, the system assumes that you want the data to be placed onscreen, yet
the output can be saved to a file using the binary format, comma-delimited and tab-delimited formats.
The syntax is:

typeperf -cf filename -o outputFile -f[bin|csv|tsv]


Another thing that might be of interest is the ability to specify the number of samples and the intervals at which
the samples are taken-both can be set by using the following syntax:

typeperf -cf filename -o outputFile -f[bin|csv|tsv] -si [interval mm:ss] -sc [number of samples] 



For additional information please visit:

ISA Server 2006 Supportability Update package

The ISA Server 2006 Supportability Update package provides ISA Server 2006 with the functionality that was introduced in ISA Server 2004 Service Pack 3. This functionality includes the following:

•Improvements to the ISA Server Management console. These improvements include a new Troubleshooting node.

•Improved log viewing functionality.

•Additional log filter functionality.

•Diagnostic logging. Over 200 new diagnostic logging events are provided.

•Integration with Microsoft ISA Server Best Practices Analyzer Tool.