Scripting Overview | Microsoft Windows Server 2003 Unleashed (R2 Edition)

When a project or task involving scripting comes around, many administrators cringe at the thought. Administrators new in the IT field associate scripting with programming or creating applications. In many instances, that is the case. However, many administrators may already be using or even creating scripts although they disregard such scripts simply because they were too easy to create or did not have loops of code or fancy output. For example, many administrators create login scripts but don't consider this task to be scripting because the scripts may just be simple batch files to map network drives. If a file automatically executes several commands sequentially or simultaneously, it is a script.

Scripting should not be categorized only as programming unless the use of the script defines it that way. Scripts can be created to break down large or complicated processes into many simple tasks, such as a checklist that can be followed to step someone through the entire process. A good example of a script unrelated to computing and networking is a cooking recipe. If you follow the steps in the recipe, the result could bring a delicious meal. A script that automates the process of creating several hundred user accounts can reduce the time necessary to complete the task and also reduce human error because the input data can be read from a file as opposed to being typed manually.

IT administrators can configure a number of scripts that provide some level of automation when it comes to managing hardware, software, groups, and user accounts within an organization. Scripts can be classified in a number of ways, such as documented instruction guides, server management scripts, workstation management scripts, directory management scripts, and application management scripts. Users may also have separate configuration scripts, including logon and logoff scripts.

Documented Instruction Scripts

A documented instruction script is generally fairly basic in nature. Usually, this script is used by administrators, end users, or personnel as an instruction guide or a step-by-step script that needs to be followed to perform a task. For example, this type of script could test an application's functionality; it may also be called a quality assurance script. The following script, for example, can be used by help desk personnel to verify basic operation of the domain name system:

1.	Log on to a server or workstation with access to the network with the DNS server.
2.	Choose Start, Run.
3.	Type `cmd.exe` and click OK to open a command prompt.
4.	Type `Nslookup` and press Enter.
5.	Type `Server` followed by the name of the DNS server you want to test. For example, type `Server ns1.companyabc.com`. Then press Enter.
6.	Type in an Internet record, such as www.microsoft.com, and press Enter.
7.	If an answer is displayed, type `quit`. Then type `exit` to close the command prompt.

Although the preceding is really just a step-by-step guide, it is also a script, executed manually. It is a script that checks whether the DNS server can resolve Internet DNS records.

These types of scripts, depending on the skill levels of your staff and the scope of the document, may best be created by IT staff and then formatted, standardized, and cleaned up by a technical writer. One of the biggest factors for scripted instructions is the level of detail necessary. This detail is defined by the target audience. For example, if the preceding script were written for an administrator with a reasonable amount of knowledge with DNS, the script may simply be:

Perform a DNS lookup of an external Internet address using ns1.companyabc.com to verify Internet name resolution.

The steps here are presented so that a person who has only basic computer skills can perform the task.

Common scripts that organizations may benefit from are those that shut down and restart a server. Back in the days when remote server management was very limited, if a server crashed and the administrator was not onsite, this type of document could assist onsite personnel in completing the necessary task of rebooting the server instead of having to wait for the administrator to return.

Server Management

Server management scripts come in a few flavors. Scripts can be written to collect information stored in the Registry, on the hard drive, or in the BIOS. Information such as how long the server has been running, how much free disk space remains, and how many users are using applications and services such as file shares, printers, or terminal server sessions can be collected and analyzed. Files and printer shares can be created and configured remotely without user intervention, and NTFS permissions can be checked and updated using a script.

A script can be created to connect to a server or list of servers, and each server can be shut down, rebooted, or have a service restarted. There are really few limitations on what can be performed on a server using a script. For the most functionality when it comes to managing Windows Server 2003 systems, Microsoft Windows Management Instrumentation (WMI) may provide the most extensive functionality.

Workstation Management

Workstation management is not really different from server management in the way scripts can be used. Tasks that can be performed on workstations rather than on servers are updating security patches and restarting a number of machines. Other examples might be sending out pop-up messages to all workstations on the network that will be affected by a server that is going offline, or telling users to save data before battery backup power runs out during an extended power outage.

Scripts for User Configuration

Scripts to manage users include logon and logoff scripts primarily. Logon and logoff scripts can be used to connect and disconnect network printers and network file shares, clear out old temporary files, or save data stored in a local folder up to the server. Advanced features of logon scripts can include incorporating command-line executables and Visual Basic Script commands to connect to resources based on group membership, create email profiles, configure instant messenger settings, and record logon and logoff statistics.

Directory Administration Scripts

Directory administration scripts can perform many tasks that benefit administrators at all levels of the IT hierarchy. Script usage can include searching directories, creating user accounts, adding members to groups, and much more. To manage user objects in a directory, you can create a script to scan the directory for locked-out or disabled user accounts. Scripts can check whether new accounts were created during a certain period of time and determine which accounts they are.

Some commonly created directory administration scripts include scripts to read from files for directory imports and create output files to update separate directories. User information can be synchronized or overwritten from information stored in separate directories. Objects that commonly are synchronized between directories are user objects and properties, and group objects and their members.

Many organizations create directory scripts to give lower-level administrators and end users a way to manage and access their particular directory object or set of objects. For example, a script could be written for an employee in the Human Resources department who needed to have the ability to create user accounts and modify contact information for all existing employees in the directory. Without the benefit of scripting, this process would have to be performed by loading the administrative tools on the HR user's desktop and then training him how to create users and how to locate users using the tool. This would be a tedious alternative and would give the user access to more information than is necessary.

A better alternative would be creating a few simple scriptsone to create a user and another to find an existing user in the directory. The scripts would be used to provide an HTML or Visual Basic interface for an HR manager to update employee contact data. Only minimal data would be necessary for user creation, and several fields can be populated from that information. For example, if two required fields were Location and Department, this data could be used to determine group membership, home folder server, profile location, and logon script. To simplify looking up or editing information, you can create pull-down menus to limit the HR manager's options. As an added bonus to the user creation script, the user account could be set to require a password change at next logon.

Advantages of Scripting

This chapter focuses on automating user management, computer management, and server administration tasks. The scripting language VBScript will be used throughout this chapter along with a few other technologies, including ActiveX Data Objects (ADO) and Windows Management Instrumentation (WMI). A few advantages of using scripts to perform repetitive or tedious tasks is that human error is reduced because scripts will never skip a step or incorrectly type in data when synchronizing information, or even worse, stop a service to perform a maintenance task and forget to start it up afterward. Scripts that will be deployed to automate tasks should be completely tested in a lab environment before being deployed in a production environment.