roy ashbrook

it's depressing to me how many people that i run into today that have an excrutiatingly limited knowledge about the command line in windows, and yet they are considered experts on the platform. that aside, i figured i would share a couple of very simple uses.

something people ask a lot is what domain groups they are in. you can run 'net user %username% /domain' from the command line to see what domain groups you are in. it does cut off the names if they are too long, so the ad tools are better or using vbscript to query, but this is quick and easy for general use. there are other uses for this command, but this is the one i use the most often. you can replace %username% with anyone in the domain's ids to view this info. there are some limitations, but it's useful.

another thing that comes up in minor administration tasks is the ability to add a bunch of people at once. you can of course use this with the gui, but if you are already at the command line, you could do something like this on the machine:

net localgroup somegroup /add

net localgroup somegroup user1 user2 user3 user4 user5 /add

the above commands will add somegroup as a localgroup and then add users 1 through 5 to that localgroup. you can add local users or domain users (via domain\user) or domain groups.

if it was a sql box, you could then osql locally and run some commands to add them as some role.

CREATE LOGIN [%whatever your machien name is%\%whatever your local group name is%] FROM WINDOWS WITH DEFAULT_DATABASE=[tempdb]
EXEC master..sp_addsrvrolemember @loginame = N'%whatever your machien name is%\%whatever your local group name is%', @rolename = N'sysadmin' (or whatever role you want to give them)

there you go. how to add a local group, a bunch of users, and even set them up in sql as some role in like 2 minutes from the command line without waiting for stupid computer manager or sql mgmt studio to open. =)

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

System.Security.SecurityExceptions will always be … well some kind of security problem ;)

Running .net exes over the network requires different .net perms. You can see the perms an assembly requires using permcalc from the .net sdk. It used to be called… I think permview.

You can run caspol –rs[g/p] %path to assembly% to see some info on the permissions. G will show you the groups it belongs to in the gac, P will list the permissions.

From: xxxxxxxxxxxxxxx
Sent: Thursday, July 17, 2008 5:40 PM
To: Ashbrook, Roy
Subject: question

Whats up roy… any idea why I’m getting this error xxxxxxxxxxxx

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\WINNT>\\server\dotnetapp.exe

Unhandled Exception: System.Security.SecurityException: That assembly does not a

llow partially trusted callers.

   at System.Security.CodeAccessSecurityEngine.ThrowSecurityException(Assembly a

sm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, Secur

ityAction action, Object demand, IPermission permThatFailed)

   at ....

"fairness is a concept that was invented so that children and idiots could participate in arguments"

 -- Scott Adams