|
|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
| News | See also | Reference | Recommended Links | Tutorials and Articles | SFU | Microsoft Registry tools |
|
|
|
|
| File Name: | WindowsXP-KB838079-SupportTools-ENU.exe |
| Version: | SP2 |
| Date Published: | 8/10/2004 |
| Language: | English |
| Download Size: | 4.7 MB |
You should probably use the Windows Server 2003 Support Tools instead, as they are newer than the XP ones and include a few new tools.
This document contains important information that is not included in the online Help for the Microsoft® Windows® Support Tools for Microsoft Windows® XP Professional, including information not available from other sources about setting up the Windows Support Tools for Microsoft Windows XP Professional. Also included are very important corrections and new information related to the Windows Support Tools and documentation.
Setup for Support Tools Software
Tools Documented But Not Installed In This Release
Installing from the Command Prompt
Bitsadmin.exe (BITS Administration Tool)
Httpcfg.exe (HTTP Configuration Tool)
Ipseccmd.exe (IPSec Configuration Tool)
Dumpchk.exe (Dump Check Utility)
Rasdiag.exe (RAS Diagnostics Tool)
Activate.exe (Production Activation Tool)
The Windows Support Tools for Microsoft Windows XP Professional are intended for use by Microsoft support personnel and experienced users to assist in diagnosing and resolving computer problems. For individual tool descriptions, see the Windows Support Tools online tool documentation (Suptools.chm).
The Windows Support Tools for Microsoft Windows XP Professional are located in the \Support\Tools folder on the Windows XP Professional CD. The \Support\Tools folder contains a Windows Installer file (suptools.msi), which installs the Support Tools utilities and tools on your computer's hard drive.
Note
The Application Compatibility Toolkit does not install with the Support Tools.
Important
These tools have not been localized: they are written and tested in English only. Using these tools with a different language
version of Microsoft Windows XP Professional might produce unpredictable results.
The following tools are documented in the Support Tools help file (Suptools.chm) but are not installed in this release.
The following tools install when the Complete checkbox is selected during setup. However, these tools are not documented in a separate Help file. For most command-line tools, you may type /? (for example, apmstat /?) at the command prompt for syntax help. You can also find additional documentation for some tools in the individual tool release notes within this document. This release note documentation is more recent then the documentation in the help file.
The following tools install when the Complete checkbox is selected during setup. However, the Help for these tools contains the Windows 2000 version and is not included in Suptools.chm. The help for these tools can be launched from the help menu option of the tools or it can also be launched from the command line by typing the help file name directly.
The following scripts install when the Complete checkbox is selected during setup. Help is not included for these scripts. For more information, see the Iadstools.doc and Clonepr.doc files.
The Windows Support Tools for Microsoft Windows XP Professional can be installed only on a computer running the Windows XP Professional operating system. They cannot be used to upgrade Microsoft® Windows NT® or Windows® 2000 Support Tools installed on Microsoft Windows NT or Windows 2000, respectively.
To install the Windows XP Professional Support Tools
Important
It is highly recommended that you remove all previous versions of Support Tools, including beta versions of the Windows
Support Tools for Microsoft Windows XP Professional, before running the Support Tools installation program.
If the Setup program finds an older version of Support Tools, it opens a dialog box with Add/Remove and Remove
all (default) options. If you select Remove all, Setup automatically uninstalls Support Tools. If you select
Add/Remove, you can manually uninstall Support Tools.
Note
In the unlikely event that your computer pauses for a few minutes during installation while the Setup window is displaying
"publishing product information," please be patient. The Setup program will continue shortly and will finish installing
the Support Tools.
The Setup program installs Windows Support Tools files onto your hard disk. A typical installation requires 4 megabytes (MB) of free space.
As it installs the Support Tools, Setup:
Some tools require separate or additional setup besides the steps described earlier. For more information about each of these tools and others with additional requirements, as well as a complete list of the tools, see the online Help file (Suptools.chm).
Note
On the Windows XP Professional CD, most tools are compressed into cabinet (.cab) files. You cannot run executable files,
call other binaries, or open documentation directly from .cab files. Before you run a tool that you have not installed by
using the Support Tools Setup, you must first extract all executable files and dependencies for a tool from the .cab file
on the CD to your hard drive.
Be aware also that for some tools, the Support Tools Setup or the tool's own Setup program performs other installation procedures,
such as making changes in the registry. You might not be able to run these tools even if you extract all their files from
the .cab; first install them with the Support Tools Setup or the tool's own Setup program.
You can install the Windows Support Tools for Microsoft Windows XP Professional from the command prompt. If necessary, you can also use the /qb option to install or uninstall in silent mode, which requires no further interaction from the user.
The following table lists the command-line options for installing from the command prompt.
| Option | Parameters | Meaning |
|---|---|---|
| /i | FullPath\suptools.msi [/qb] |
Installs or configures. /qb performs unattended installation (optional). |
| /f | [ReinstallModes] FullPath\suptools.msi | Repairs a previous installation. |
| /a | FullPath\suptools.msi | Admin Installation. Installs on the network. |
| /x | FullPath\suptools.msi | Uninstalls. |
| /l | [i|w|e|f|a|r|u|c|m|p|+]FullPath\LogFile | Specifies path to log file. The flags indicate what information to log.
i – Status messages. w – Nonfatal warnings. e – All error messages. f – List of replaced files. a – Startup of actions. r – Action-specific records. u – User requests. c – Initial UI parameters. m – Out of memory. p – Terminal properties. + – Append to existing file. |
For example, to install Support Tools in the current directory, insert the Windows XP Professional CD in your CD-ROM drive and type the following at the command prompt:
msiexec /i CDDriveLetter:\support\tools\suptools.msi
where:
CDDriveLetter: is the letter indicating the CD-ROM drive (for example, d:).
msiexec /i CDDriveLetter:\support\tools\suptools.msi /qb
The following section covers release note information for individual Windows XP Professional tools. When using a tool, make sure to also check the online Help (Suptools.chm) for more information.
Allows administrators to manage the Background Intelligent Transfer Service (BITS), a background file transfer service and queue manager in Microsoft® Windows Server™ 2003 and Microsoft® Windows® XP. Requests to BITS are submitted by an application and the files can be transferred in a throttled manner such that the interactive user is not affected by the bandwidth consumed. Requests are placed in a queue until the files are transferred, at which time the requesting application is invoked and notified of the completion.
bitsadmin [/rawreturn] [{/wrap | /nowrap}] Parameter
Choose a Parameter from the Parameters section:
{/help | /?}
Displays command line usage.
/list [/allusers] [/verbose]
Lists transfer jobs. The /allusers parameter lists jobs for all users on the system. The /verbose parameter provides detailed information about jobs.
/monitor [/allusers] [/refresh Seconds]
Monitors the copy manager. The /allusers parameter monitors the copy manager for all users on the system. The /refresh parameter reacquires copy manager data in the specified time interval in seconds.
/reset [/allusers]
Deletes all jobs in the manager. If run by an administrator with the /allusers parameter, all jobs are deleted. If run by a normal user, only the jobs owned by the user are deleted.
/transfer Name [type][/priority Priority][/aclflags Flags] RemoteURL LocalName
Transfers one or more files, which are each specified by Name. The type can be /Download or /Upload. The default is /Download. The /priority parameter, by means of the Priority variable, sets the priority for the specified file transfer. The Priority can be FOREGROUND, HIGH, NORMAL, or LOW. The /aclflags parameter, by means of the Flags variable, sets the address control list (ACL) flags. The Flags variable can be one or more of the values in the following table:
| Value | Description |
| O | owner |
| G | group |
| D | DACL |
| S | SACL |
For example, /aclflags OGDS copies all ACL parts. RemoteURL specifies the file's source location. LocalName specifies the file's name on the local target computer. Multiple URL/file pairs can be specified.
/create [type] DisplayName
Creates a job and assigns DisplayName to it. The type can be /Download, /Upload, or /Upload-Reply.
/info Job [/verbose]
Displays information about the specified Job. The /verbose parameter provides detailed information about the job.
/addfile Job RemoteURL LocalName
Adds a file to the specified Job. RemoteURL specifies the file's source location. LocalName specifies the file's name on the local target computer.
/addfileset Job TextFile
Adds multiple files to the specified Job. Each line of TextFile lists a file's remote name and local name, separated by spaces. A line beginning with '#' is treated as a comment. After the file set is read into memory, the contents are added to the job.
/addfilewithranges Job RemoteURL LocalName RangeList
Similar to /addfile, but BITS reads only selected byte ranges of the URL. RangeList is a comma-delimited
series of length and offset pairs, for example 0:100,2000:100,5000:eof instructs BITS
to read 100 bytes starting at offset zero, 100 bytes starting at offset 2000, and the remainder of the URL starting
at offset 5000.
/replaceremoteprefix Job OldPrefix NewPrefix
The prefixes of all files whose URLs begin with OldPrefix are changed to NewPrefix.
/listfiles Job
Lists the files in the specified Job.
/suspend Job
Suspends the specified Job. The job will not be scheduled to run again until the /resume parameter is run.
/resume Job
Queues the specified Job to the list of jobs enabled for transfer.
/cancel Job
Deletes the specified Job.
/complete Job
Completes the specified Job and makes the files available for the destination directory. This is normally run after the job moves to the transferred state.
/gettype Job
Retrieves the job type of the specified Job.
/getaclflags Job
Retrieves the ACL propagation flags for the specified Job.
/setaclflags Job ACLFlags
Sets the ACL propagation flags for the specified Job. ACLFlags is a string of one or more of the following flags as shown in the following table:
| Value | Description |
| O | owner |
| G | group |
| D | DACL |
| S | SACL |
For example, /setaclflags OGDS sets all the ACL propagation flags.
/getbytestotal Job
Retrieves the size of the specified Job.
/getbytestransferred Job
Retrieves the number of bytes transferred for the specified Job.
/getfilestotal Job
Retrieves the number of files in the specified Job.
/getfilestransferred Job
Retrieves the number of files transferred for the specified Job.
/getcreationtime Job
Retrieves the job creation time for the specified Job.
/getmodificationtime Job
Retrieves the job modification time for the specified Job.
/getcompletiontime Job
Retrieves the job completion time for the specified Job.
/getstate Job
Retrieves the job state for the specified Job.
/geterror Job
Retrieves detailed error information for the specified Job.
/getowner Job
Retrieves the job owner for the specified Job.
/getdisplayname Job
Retrieves the display name for the specified Job.
/setdisplayname Job DisplayName
Sets the DisplayName for the specified Job.
/getdescription Job
Retrieves the job description for the specified Job.
/setdescription Job Description
Sets the description for the specified Job.
/getpriority Job
Retrieves the priority of the specified Job.
/setpriority Job Priority
Sets the priority for the specified Job.
/getnotifyflags Job
Retrieves the notify flags for the specified Job.
/setnotifyflags Job NotifyFlags
Sets the notify flags for the specified Job.
/getnotifyinterface Job
Determines if notify interface is registered for the specified Job.
/getminretrydelay Job
Retrieves the retry delay, in seconds, for the specified Job.
/setminretrydelay Job RetryDelay
Sets the RetryDelay, in seconds, for the specified Job.
/getnoprogresstimeout Job
Retrieves the no progress time-out, in seconds, for the specified Job.
/setnoprogresstimeout Job Timeout
Sets the no progress Timeout, in seconds, for the specified Job.
/geterrorcount Job
Retrieves an error count for the specified Job.
/setproxysettings Job usage
Sets the proxy usage for the specified Job. The usage choices are shown in the following table:
| Value | Description |
| PRECONFIG | Use the owner's IE defaults. |
| AUTODETECT | Turn on auto-detection of the proxy. |
| NO_PROXY | Do not use a proxy server. |
| OVERRIDE | Must be followed by an explicit proxy list and a proxy bypass list. NULL or "" can be used as an empty proxy bypass list. |
/getproxyusage Job
Retrieves the proxy usage setting for the specified Job.
/getproxylist Job
Retrieves the proxy list for the specified Job.
/getproxybypasslist Job
Retrieves the proxy bypass list for the specified Job.
/takeownership Job
Takes ownership of the specified Job.
/setnotifycmdline Job ProgramName ProgramParameters
Sets a program to execute for notification of the specified Job. ProgramName can be NULL. ProgramParameters are optional and can be NULL.
/getnotifycmdline Job
Returns the command line for job notification of the specified Job.
/setcredentials Job Target Scheme Username Password
Adds credentials to the specified Job. The Target can be either SERVER or PROXY. The Scheme can be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT.
/removecredentials Job Target Scheme
Removes credentials from the specified Job. The Target can be either SERVER or PROXY. The Scheme can be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT.
/util [/setieproxy Account usage] [/conn ConnectionName]
Note: This option requires Administrator account status.
Sets the Internet Explorer proxy settings for the system Account of the user. If ConnectionName is not specified, settings are applied to the default network connection. The Account can be LOCALSYSTEM, NETWORKSERVICE, or LOCALSERVICE. The usage choices are shown in the following table:
| Value | Description |
| NO_PROXY | Specify direct connection (Do not use a proxy server). |
| AUTODETECT | Turn on auto-detection of the proxy. |
| MANUAL_PROXY | Use an explicit proxy list and bypass list. Must be followed by a proxy list and a proxy bypass list (comma-delimited). NULL or "" can be used as an empty proxy bypass list. |
| AUTOSCRIPT | Specify a script to be run during proxy auto-discovery. AUTOSCRIPT must be followed by a URL indicating the script location. |
Use ConnectionName (the name in quotes) to indicate the network connection to which the new proxy settings should be applied. If you do not specify ConnectionName, the default connection is used (this is usually the LAN connection). Use /conn /? for a list of possible connection names.
Some examples are:
· bitsadmin /util /setieproxy localsystem AUTODETECT
· bitsadmin /util /setieproxy networkservice NO_PROXY
· bitsadmin /util /setieproxy localsystem MANUAL_PROXY proxy1:80 ""
· bitsadmin /util /setieproxy localsystem MANUAL_PROXY pxy1,pxy2,pxy3 NULL
· bitsadmin /util /setieproxy networkservice AUTOSCRIPT http://server/get.as
· bitsadmin /util /setieproxy networkservice NO_PROXY /conn "XYZ Dialup"
/util [/getieproxy Account] [/conn ConnectionName]
Retrieves the Internet Explorer proxy settings for the system Account of the user. If ConnectionName is not specified, settings are applied to the default network connection. The Account can be LOCALSYSTEM, NETWORKSERVICE, or LOCALSERVICE. Use ConnectionName (the name in quotes) to indicate the network connection to which the new proxy settings should be applied. If you do not specify ConnectionName, the default connection is used (this is usually the LAN connection). Use /conn /? for a list of possible connection names.
/util [/version] [/verbose]
Displays the version of BITS currently active on the system. The /verbose parameter is used for printing additional information useful for troubleshooting.
/util [/repairservice] [/force]
Note
· This option requires Administrator account status.
Attempts to repair a malfunctioning BITS service by inspecting some of the service configuration settings. If repairing the settings does not clear the errors in starting the BITS service, use the /force parameter to delete and re-create the BITS service.
Caution
· It is not possible to undo the changes made by this option. Use this command carefully.
The following options are valid for /Upload-reply jobs only:
/getreplyfilename Job
Gets the path of the file containing the server reply.
/setreplyfilename Job Path
Sets the path of the file containing the server reply.
/getreplyprogress Job
Returns the size and progress of the server reply.
/getreplydata Job
Retrieves the server reply data in hexadecimal format.
The following options can be placed before the command:
/rawreturn
Returns data suitable for parsing. Strips new line characters and formatting from the output. This parameter can be used with the /create and /get* parameters.
/wrap
Wraps output to fit in a command window.
/nowrap
Does not wrap output to fit in a command window.
Note
· Windows Updates
BITS is often erroneously confused with Windows Update service because Windows Update service uses Background Intelligent Transfer Service by default.
· Network Throttling
BITS regulates the transfer rate to minimize impact on user interactivity, such as a job sent to a network printer or Web pages viewed in Internet Explorer.
· Customized APIs
BITS is exposed to programmers by a set of Application Program Interfaces (APIs). For more information about using BITS programmatic interfaces, see the Using Windows XP Background Intelligent Transfer Service (BITS) with Visual Studio .NET topic on the MSDN Library Web site (http://go.microsoft.com/fwlink/?linkid=8124).
To create a job, type:
bitsadmin /create myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Created job {2DC7527D-C7A8-444C-84A9-D772E79D4B37}.To find out the type of job for myjob, type:
bitsadmin /gettype myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. DOWNLOADTo find out the size of a job, type:
bitsadmin /getbytestotal myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. 236To find out how the number of bytes of the job have already been transferred, type:
bitsadmin /getbytestransferred myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. 106To find out how many files are in a job, type:
bitsadmin /getfilestotal myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. 3To find out how many files have been transferred by a job, type:
bitsadmin /getfilestransferred myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. 1To find out when a job was created, type:
bitsadmin /getcreationtime myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. 6/3/2003 10:49:02 AMTo find out when a job was last modified, type:
bitsadmin /getmodificationtime myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. 6/3/2003 10:49:02 AMTo find out whether and when a job has completed, type:
bitsadmin /getcompletiontime myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. WORKINGThe myjob job has not yet completed.
To find out a job's state, type:
bitsadmin /getstate myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. SUSPENDEDTo find out which user owns a job, type:
bitsadmin /getowner myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. DOMAINMAIN\smithjTo find out the display name for a job, type:
bitsadmin /getdisplayname myjob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. myjobNote
· Using DisplayName as the argument for the job will work only if there is one job in the queue with this display name. Otherwise, Bitsadmin will return an error. If this happens, the GUID must be used.
To add a file to a specified job, type:
bitsadmin /addfile myJob http://myserver/myfile.ext
c:\myFile.ext
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Added http://myserver/myfile.ext -> c:\myFile.ext to job.Note
To resume a job, type:
bitsadmin /resume myJob
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Job resumedTo delete all jobs in the manager, type:
bitsadmin /reset
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. {A305C29C-2247-42A6-918E-C575280CE885} canceled.{6F2D447C-712E-4674-9FAE-42DBFAD071A8} canceled.{0B8068F6-2572-4932-AE12-CD58DA78912E} canceled.3 out of 3 jobs canceled.To list the transfer jobs, type:
bitsadmin /list
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. {A305C29C-2247-42A6-918E-C575280CE885} job1 SUSPENDED 0 / 0 0 / 0{6F2D447C-712E-4674-9FAE-42DBFAD071A8} job2 SUSPENDED 0 / 0 0 / 0{0B8068F6-2572-4932-AE12-CD58DA78912E} job3 SUSPENDED 0 / 0 0 / 0Listed 3 job(s).To delete a specified job, type:
bitsadmin /cancel job1
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Job canceledTo run a series of operations such as /create /addfile /resume /list /complete, type:
bitsadmin /create /addfile /resume /list /complete
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Created job {9CFB8267-72BA-4725-A487-8CB1A9390637}. bitsadmin/addfile job1 http://bitsnet/downloads/50mb.zip c:\temp\50mb.zip
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Added http://bitsnet/downloads/50mb.zip -> c:\temp\50mb.zip to job. bitsadmin/resume job1
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Job resumed. bitsadmin/list
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. {9CFB8267-72BA-4725-A487-8CB1A9390637} job1 TRANSFERRING 0 / 1 2000 / 50189685Listed 1 job(s). bitsadmin/list
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. {9CFB8267-72BA-4725-A487-8CB1A9390637} job1 TRANSFERRED 1 / 1 50189685 / 501896Listed 1 job(s). bitsadmin/complete
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Invalid number of arguments. bitsadmin/complete job1
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Job completed. bitsadmin/list
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. Listed 0 job(s).To run /list /allusers /verbose, type:
bitsadmin /list /allusers /verbose
The following output is displayed:
BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. GUID: {134E18A6-FC4B-46AC-A7E9-B7A7D59C84BE} DISPLAY: test TYPE: DOWNLOAD STATE: SUSPENDED OWNER: DOMAIN1\joe PRIORITY: NORMAL FILES: 0 / 1 BYTES: 0 / UNKNOWN CREATION TIME: 9/13/2002 12:47:10 PM MODIFICATION TIME: 9/13/2002 12:47:13 PM COMPLETION TIME: UNKNOWN NOTIFY INTERFACE: UNREGISTERED NOTIFICATION FLAGS: 3 RETRY DELAY: 600 NO PROGRESS TIMEOUT: 1209600 ERROR COUNT: 0 PROXY USAGE: PRECONFIG PROXY LIST: NULL PROXY BYPASS LIST: NULL DESCRIPTION: JOB FILES: 0 / UNKNOWN WORKING http://www.microsoft.com -> c:\ms NOTIFICATION COMMAND LINE: none Listed 1 job(s). BITSADMIN version 2.0 [ 5.1.2600.2096 ]BITS administration utility.(C) Copyright 2000-2003 Microsoft Corp. {134E18A6-FC4B-46AC-A7E9-B7A7D59C84BE} canceled. 1 out of 1 jobs canceled. XOX
Manages the HTTP application programming interface (API). Httpcfg can be used to perform many of the tasks associated with Web server administration. The HTTP API enables applications to communicate over HTTP without using Internet Information Services (IIS). Applications can register to receive HTTP requests for particular URLs, receive HTTP requests, and send HTTP responses. The HTTP API includes SSL support so applications can also exchange data over secure HTTP connections without depending on IIS. It is also designed to work with I/O completion ports.
httpcfg {set | query | delete} {ssl | query | iplisten} [-i Ip:Port] [-h SSL Hash] [-g "{GUID}"] [-c StoreName] [-m CheckMode] [-r RevocationFreshness] [-x UrlRetrievalTimeout] [-t SslCtlIdentifier] [-n SslCtlStoreName] [-f Flags] [-u {http://URL:Port/ | https://URL:Port/}] [-a ACL]
Action commands are set, query, and delete. These commands are followed by a set of arguments ssl, urlacl, and iplisten, which are known as store arguments. Depending on the value of the action command and the store argument, different parameters are then available. For example, the set ssl command can take a different set of parameters from the query ssl command.
set
Creates a configuration record that contains the values specified by the ssl, urlacl, or iplisten argument. This record is then added to the HTTP API configuration store. The call fails if a record with the specified values already exists. To change a given configuration record, you must first delete it, and then recreate it by using set with the updated value(s).
query
Retrieves one or more HTTP API configuration records.
delete
Deletes the specified information, such as IP addresses or SSL certificates, from the HTTP API configuration store, one record at a time.
ssl
Depending on the action command used, adds (set), queries, or deletes SSL certificate meta-information. Such meta-information is maintained by the HTTP API in a metastore, and is used to locate certificates for certificate exchange during HTTPS sessions.
urlacl
Depending on the action command used, adds (set), queries, or deletes namespace reservations. The HTTP API allows administrators to reserve URI namespaces and protect them with Access Control Lists (ACLs), so that only specified HTTP API clients can use them.
iplisten
Depending on the action command used, adds (set), queries, or deletes Internet Protocol (IP) addresses in the IP Listen List. If this list is present, the HTTP API listens only to addresses on the list.
If you use the following action command and store argument combination:
httpcfg set ssl
you can use the following parameters:
-i Ip:Port
The -i parameter takes a string that specifies the IP-Address:port combination. This serves as the record key identifying the SSL certificate being added. When using set ssl, the -i parameter is required.
-h SSL Hash
The -h parameter takes a string of hexadecimal digits specifying the Thumbprint hash of the certificate being added. This is not a required parameter. However, the SSL connection will fail if the hash is invalid.
-g "{GUID}"
The -g parameter takes a string representing a Globally Unique Identifier (GUID) that identifies the application that added the certificate. In the case of Httpcfg, the GUID must be generated by the user. The enclosing quotation marks and curly braces are required; the -g parameter will not work without them. For more information about generating GUIDs, see Generating Interface UUIDs (http://go.microsoft.com/fwlink/?LinkId=9682) on the Microsoft Developer Network (MSDN).
-c StoreName
The -c parameter takes a string that specifies the name of the store where the certificate being added resides. If no string is specified, the name "MY" is used by default.
-m CheckMode
The -m parameter takes a string containing one or more numbers representing flags that determine the default mode for checking the certificate. The numbers can consist of one or more of the following flag values:
· 1 - Client certificate will not be verified for revocation.
· 2 - Use cached client certificate revocation.
· 4 - Enable revocation freshness time.
· 65536 - No usage check.
-r RevocationFreshness
The -r parameter takes a string of numbers that specify the revocation freshness time for the certificate. Revocation freshness represents the number of seconds after which to check for an updated certificate revocation list (CRL). If this value is absent or zero, the new CRL is updated only when the previous one expires.
-x UrlRetrievalTimeout
The -x parameter takes a string of numbers representing the time-out interval, in milliseconds, for retrieving a certificate revocation list from the remote URL.
-t SslCtlIdentifier
The -t parameter takes a string that specifies an SSL control identifier, which restricts the group of certificate issuers to be trusted. This group must be a subset of the certificate issuers trusted by the computer being administered.
-n SslCtlStoreName
The -n parameter takes a string containing the name of the store in which to look up the control identifier specified by the -t parameter.
-f Flags
The -f parameter takes a string containing a number that controls how client certificates are handled. This number can consist of one or more of the following values:
· 1 - Use DS Mapper.
· 2 - Negotiate client certificate.
· 4 - Do not route to raw ISAPI filters.
If you use the following action command and store argument combination:
httpcfg query ssl
you can use the following parameter:
-i Ip:Port
The -i parameter takes a string that specifies the IP and Address:port combination. This serves as the record key identifying the SSL certificate being queried. If this parameter is omitted, then the query returns all records in the SSL store.
If you use the following action command and store argument combination:
httpcfg delete ssl
you can use the following parameter:
-i Ip:Port
The -i parameter takes a string specifying the IP and Address:port combination. This serves as the record key identifying the SSL certificate to be deleted. When using delete ssl, the -i parameter is required.
If you use the following action command and store argument combination:
httpcfg set urlacl
you can use the following parameters:
-u {http://URL:Port/ | https://URL:Port/}
The -u parameter takes a string containing a fully qualified URL that will serve as the record key for the reservation being made. When using set urlacl, the -u parameter is required.
-a ACL
The -a parameter takes a string containing an Access Control List in the form of a Security Descriptor Definition Language (SDDL) string. When using set urlacl, the -a parameter is required.
If you use the following action command and store argument combination:
httpcfg query urlacl
you can use the following parameter:
-u URL
The -u parameter takes a string containing a fully qualified URL that identifies the reservation being queried. If no string is specified, the query returns all reservations in the store.
If you use the following action command and store argument combination:
httpcfg delete urlacl
you can use the following parameter:
-u URL
The -u parameter takes a string containing a fully qualified URL that identifies the reservation to be deleted. When using delete urlacl, the -u parameter is required.
If you use the following action command and store argument combination:
httpcfg set iplisten
you can use the following parameter:
-i Ip:Port
The -i parameter takes a string specifying the IP address to be added to the IP-Listen List. This can be either an IPv4 or IPv6 address. When using set iplisten, the -i parameter is required.
If you use the following action command and store argument combination:
httpcfg query iplisten
you can use the following parameter:
-i Ip:Port
The -i parameter takes a string specifying the exact IP address to be queried. If absent, the query returns all addresses in the store.
If you use the following action command and store argument combination:
httpcfg delete iplisten
you can use the following parameter:
-i Ip:Port
The -i parameter takes a string specifying the IP address to be deleted from the IP-Listen List. This can be either an IPv4 or IPv6 address. When using delete iplisten, the -i parameter is required.
The -a parameter takes a string in the form of the Security Descriptor Definition Language (SDDL). The SDDL string defines the format that is used by the 'httpcfg set urlacl -a' command. The SDDL also defines string elements for describing information in the components of a security descriptor.
For more information, see the Security Descriptor Definition Language topic on the MSDN Library Web site (http://go.microsoft.com/fwlink/?LinkId=9541).
For more information about how Httpcfg corresponds to the HTTP API, see Using the HTTP API Configuration Tool on the MSDN Library Web site (http://go.microsoft.com/fwlink/?LinkId=9550).
The httpcfg.exe commands return a standard WIN32 API error code. A return value of 0 means that the command completed successfully. For more information about WIN32 API error codes, see the Event Logging topic on the MSDN Library Web site (http://go.microsoft.com/fwlink/?LinkId=9643).
This group of examples shows how to add, show, and delete a certificate in the SSL store.
· Adding an SSL Certificate to the Store
In the following example, the user uses the httpcfg set ssl command
with the -i, -h, and -g parameters to specify the IP address, Thumbprint hash, and GUID, respectively,
for the certificate being added.
httpcfg set ssl -i 10.0.0.1:80 -h 2c8bfddf59a4a51a2a5b6186c22473108295624d -g "{2bb50d9c-7f6a-4d6f-873d-5aee7fb43290}"
After running the command, Httpcfg displays the following text on the screen to confirm the command completed without an error (error code of 0).
HttpSetServiceConfiguration completed with 0.· Viewing Certificates in the SSL Store
In this example, the user first uses the httpcfg query ssl command
with the -i parameter, specifying an IP address in order to view the meta-information for a particular certificate.
After viewing the meta-information, the user uses the httpcfg query ssl
command without the -i parameter, to view all certificates in the store.
httpcfg query ssl
IP : 10.0.0.13:80 Hash : 2c8bfddf59a4a51a2a5b6186c22473108295624d Guid : {2bb50d9c-7f6a-4d6f-873d-5aee7fb43290} CertStoreName : (null) CertCheckMode : 0 RevocationFreshnessTime : 0 UrlRetrievalTimeout : 0 SslCtlIdentifier : (null) SslCtlStoreName : (null) Flags : 0------------------------------------------------------------------------------ IP : 10.0.0.1:80 Hash : 2c8bfddf59a4a51a2a5b6186c22473108295624d Guid : {2bb50d9c-7f6a-4d6f-873d-5aee7fb43290} CertStoreName : (null) CertCheckMode : 0 RevocationFreshnessTime : 0 UrlRetrievalTimeout : 0 SslCtlIdentifier : (null) SslCtlStoreName : (null) Flags : 0------------------------------------------------------------------------------· Deleting a Certificate from the SSL Store
In this example, the user types httpcfg delete ssl with the required
-i parameter to delete the associated certificate record from the SSL store.
httpcfg delete ssl -i 10.0.0.1:80
Httpcgf then displays the following text to the screen, verifying that the command completed successfully (error code of 0).
HttpDeleteServiceConfiguration completed with 0.This group of examples shows how to add, remove, and view URL ACL combinations in the urlacl store.
· Adding a URL ACL Combination to the urlacl Store
httpcfg set urlacl -u http://woodgrovebank.com:443/ -a "O:DAG:DAD:(A;;GRGX;;;DA)(A;;GA;;;BA)"
HttpSetServiceConfiguration completed with 0.· Viewing All of the URLs that have been Assigned an ACL
httpcfg query urlacl
URL : http://woodgrovebank.com:443/ ACL : O:DAG:DAD:(A;;GXGR;;;DA)(A;;GA;;;BA)------------------------------------------------------------------------------ URL : http://woodgrovebank.com:80/ ACL : O:DAG:DAD:(A;;CCDC;;;SY)(A;;CCDC;;;DA)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;6da8a4ff-0e52-11d0-a286-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;;;;AU)S:(AU;SAFA;CCDCSWWPSDWDWO;;;WD)------------------------------------------------------------------------------· Deleting a URL ACL Combination from the urlacl Store
httpcfg delete urlacl -u http://woodgrovebank.com:80/
HttpDeleteServiceConfiguration completed with 0.This group of examples show how to add, delete, and list IP address in the iplisten store.
· Adding an IP Address to the iplisten Store
httpcfg set iplisten -i 10.0.0.1:80
HttpSetServiceConfiguration completed with 0.· Viewing All of the IP Addresses on which the HTTP API is Listening
httpcfg query iplisten
IP : 10.0.0.1:80------------------------------------------------------------------------------ IP : 10.0.0.13:80------------------------------------------------------------------------------· Shows the Result of Deleting a Record from the iplisten Store
httpcfg delete iplisten -i 10.0.0.1:80
HttpDeleteServiceConfiguration completed with 0.XOX
Configures Internet Protocol Security (IPSec) policies in a directory service or in a local or remote registry. Ipseccmd is a command-line alternative to the IP Security Policies Microsoft Management Console (MMC) snap-in. Ipseccmd has six modes: dynamic mode, static mode, show mode, set mode, import mode, and export mode.
You can use Ipseccmd dynamic mode to add anonymous rules to the existing IPSec policy by adding them to the IPSec security policies database. The rules added will be present even after the IPSEC Services service is restarted. The benefit of using dynamic mode is that the rules you add coexist with domain-based IPSec policy. Dynamic mode is the default mode for Ipseccmd.
· To add a rule, use the following syntax:
ipseccmd [\\ComputerName] -f FilterList [-n NegotiationMethodList] [-t TunnelAddr] [-a AuthMethodList] [-1s SecurityMethodList] [-1k MMRekeyTime] [-1e SoftSAExpirationTime] [-soft] [-confirm] [{-dialup | -lan}]
· To delete all dynamic policies, use the following syntax:
ipseccmd -u
\\ComputerName
Specifies the computer name of a remote computer to which you want to add a rule.
-f FilterList
Required for first syntax. Specifies one or more filter specifications, separated by spaces, for quick mode security associations (SAs). Each filter specification defines a set of network traffic affected by this rule.
-n NegotiationMethodList
Specifies one or more security methods, separated by spaces, for securing traffic defined by the filter list.
-t TunnelAddr
Specifies the tunnel endpoint for tunnel mode as either an IP address or a DNS domain name.
-a AuthMethodList
Specifies one or more authentication methods, separated by spaces.
-1s SecurityMethodList
Specifies one or more key exchange security methods, separated by spaces.
-1k MMRekeyTime
Specifies main mode SA rekey settings.
-1e SoftSAExpirationTime
Specifies the expiration time for soft SAs in seconds.
-soft
Enables soft SAs.
-confirm
Specifies that a confirmation prompt appears before the rule or policy is added.
{-dialup | -lan}
Specifies whether the rule applies only to remote access or dial-up connections or whether the rule applies only to local area network (LAN) connections.
-u
Required for the second syntax. Specifies that all dynamic rules are deleted.
/?
Displays help at the command prompt.
· Ipseccmd cannot configure rules on computers running Windows 2000.
· If you do not specify the \\ComputerName parameter, the rule is added to the local computer.
· If you use the \\ComputerName parameter, you must use it before all the other parameters, and you must have administrator permissions on the computer to which you want to add the rule.
· For the -f parameter, a filter specification is one or more filters that are separated by spaces and is defined by the following format:
SourceAddress/SourceMask:SourcePort=DestAddress/DestMask:DestPort:Protocol
o SourceMask, SourcePort, DestMask, and DestPort are optional. If you omit them, the mask of 255.255.255.255 and all ports are used for the filter.
o Protocol is optional. If you omit it, all protocols are used for the filter. If you specify a protocol, you must specify the port or precede the protocol with two colons (::). (See the first example for dynamic mode.) The protocol must be the last item in the filter. You can use the following protocol symbols: ICMP, UDP, RAW, or TCP.
o You can create mirrored filters by replacing the equals sign (=) with a plus sign (+).
o You can replace SourceAddress/SourceMask or DestAddress/DestMask with the values in the following table.
| Value | Description |
| 0 | My address or addresses |
| * | Any address |
| DNSName | DNS domain name. If the DNS name resolves to multiple addresses, it is ignored. You can specify DNS, WINS, DHCP, or GATEWAY. The security policy database (SPD) dynamically replaces these specifications with the associated addresses set on the computer. |
o You can enable the default response rule by specifying the filter specification of default.
o You can specify a permit filter by surrounding the filter specification with parentheses. You can specify a blocking filter by surrounding the filter specification with brackets ([ ]).
o If you are using Internet address class-based subnet masks (the subnet masks are defined along octet boundaries), you can use wildcard notation to specify subnet masks. For example, 10.*.*.* is the same as 10.0.0.0/255.0.0.0 and 10.92.*.* is the same as 10.92.0.0/255.255.0.0.
Filter examples
To create mirrored filters to filter TCP traffic between Computer1 and Computer2, type:
Computer1+Computer2::TCP
To create a filter for all TCP traffic from the subnet 172.31.0.0/255.255.0.0, port 80, to the subnet 10.0.0.0/255.0.0.0, port 80, type:
172.31.0.0/255.255.0.0:80=10.0.0.0/255.0.0.0:80::TCP
To create a mirrored filter that permits traffic between the local IP address and the IP address 10.2.1.1, type:
(0+10.2.1.1)
· For the -n parameter, one or more negotiation policies are separated by spaces and follow one of the following forms:
o esp[EncrypAlg,AuthAlg]RekeyPFS[Group]
o ah[HashAlg]RekeyPFS[Group]
o ah[HashAlg]+esp[EncrypAlg,AuthAlg]RekeyPFS[Group]
where EncrypAlg can be none, des, or 3des, AuthAlg can be none, md5, or sha, and HashAlg can be md5 or sha.
o The configuration esp[none,none] is not supported.
o The sha parameter refers to the SHA1 hash algorithm.
o The Rekey parameter is optional, and it specifies the number of kilobytes (indicated by placing a K after the number) or the number of seconds (indicated by placing an S after the number) that precede a rekeying of the quick mode SA. To specify both rekey parameters, separate the two numbers with a slash (/). For example, to rekey the quick mode SA every hour and after every 5 megabytes of data, type:
3600S/5000K
o The PFS parameter is optional, and it enables session key perfect forward secrecy. By default, session key perfect forward secrecy is disabled.
o The Group parameter is optional, and it specifies the Diffie-Hellman group for session key perfect forward secrecy. For the Low(1) Diffie-Hellman group, specify PFS1. For the Medium(2) Diffie-Hellman group, specify PFS2. For the High(3) Diffie-Hellman group, specify PFS3. By default, the group value for session key perfect forward secrecy is taken from the current main mode settings.
o If you do not specify negotiation policies, the default negotiation policies are the following:
§ esp[3des,sha]
§ esp[3des,md5]
§ esp[des,sha]
§ esp[des,md5]
· If you omit the -t parameter, IPSec transport mode is used.
· For the -a parameter, one or more authentication methods are separated by spaces and are in one of the following forms:
o preshare:"PresharedKeyString"
o kerberos
o cert:"CAInfo"
The PresharedKeyString parameter specifies the string of characters of the preshared key. The CAInfo parameter specifies the distinguished name of the certificate as displayed in the IP Security Policies snap-in when the certificate is selected as an authentication method for a rule. The PresharedKeyString and CAInfo parameters are case-sensitive. You can abbreviate the authentication method by using the first letter: p, k, or c. If you omit the -a parameter, the default authentication method is Kerberos.
· For the -1s parameter, one or more key exchange security methods are separated by spaces and defined by the following format:
EncrypAlg-HashAlg-GroupNum
where EncrypAlg can be des or 3des, HashAlg can be md5 or sha, and GroupNum can be 1 for the Low(1) Diffie-Hellman group, 2 for the Medium(2) Diffie-Hellman group, or 3 for the High(3) Diffie-Hellman group. If you omit the -1s parameter, the default key exchange security methods are 3des-sha-2, 3des-md5-2, des-sha-1, and des-md5-1.
· For the -1k parameter, you can specify the number of quick mode SAs (indicated by placing a Q after the number) or the number of seconds (indicated by placing an S after the number) to rekey the main mode SA. To specify both rekey parameters, you must separate the two numbers with a slash (/). For example, to rekey the main mode SA after every 10 quick mode SAs and every hour, type:
10Q/3600S
If you omit the -1k parameter, the default values for main mode rekey are an unlimited number of quick mode SAs and 480 minutes.
If you omit the -1e parameter, the expiration time for soft SAs is 300 seconds. However, soft SAs are disabled unless you include the -soft parameter, which then sets the value to the main mode lifetime.
· The -confirm parameter allows confirmation before setting policy and is available for dynamic mode only.
· The -dialup parameter is optional and sets policy on addresses of dial-up adapters. The -lan parameter is optional and sets policy on addresses of LAN adapters. If you specify neither the -dialup parameter nor the -lan parameter, the rule applies to all adapters.
To create a rule that uses the Authentication Header (AH) with MD5 hashing for all traffic to and from the local computer, type:
ipseccmd -f 0+* -n ah[md5]
To create a tunnel rule for traffic from 10.2.1.1 and 10.2.1.13 by using the tunnel endpoint 10.2.1.13, with AH tunnel mode by using the SHA1 hash algorithm, with master key perfect forward secrecy enabled, and with a confirmation prompt for the rule before it is created, type:
ipseccmd -f 10.2.1.1=10.2.1.13 -t 10.2.1.13 -n ah[sha] -1p -c
To create a rule on the computer named corpsrv1 for all traffic between the computers named corpsrv1 and corpsrv2, by using the combination of both AH and Encapsulating Security Payload (ESP), with preshared key authentication, type:
ipseccmd \\corpsrv1 -f corpsrv2+corpsrv1 -n ah[md5]+esp[des,sha] -a p:"corpauth"
Creates named policies and named rules. You can also use static mode to modify existing policies and rules, provided they were originally created with Ipseccmd. The syntax for static mode combines the syntax for dynamic mode with parameters that enable it to work at a policy level.
ipseccmd DynamicModeParameters -w Location -p PolicyName[:PollInterval] -r RuleName [{-x | -y}] [-o]
DynamicModeParameters
Required. Specifies a set of dynamic mode parameters for an IPSec rule as described earlier.
-w Location
Required. Specifies that the policies and rules are written to the local registry, a remote computer's registry, or to persistent storage.
-p PolicyName[:PollInterval]
Required. Specifies the name of the policy and how often, in minutes, the policy is checked for changes. If PolicyName contains any spaces, use quotation marks around the text (that is, "Policy Name").
-r RuleName
Required. Specifies the name of the rule. If RuleName contains any spaces, use quotation marks around the text (that is, "Rule Name").
[{-x | -y}]
Optional parameters. The -x parameter requires the -p option and specifies that the local registry policy is assigned. The -y parameter specifies that the local registry policy is unassigned.
-o
Specifies that the rule or policy should be deleted.
/?
Displays help at the command prompt.
o For the -w parameter, the Location is either reg to specify the registry of the local computer or a remote computer, or pers to specify persistent storage. With reg, if you specified \\ComputerName, the policy is written to the remote computer's registry.
o For the -p parameter, if a policy with this name already exists, the rule you specify is added to the policy. Otherwise, a policy is created with the name you specify. The PollInterval parameter is optional and specifies when IPSec should check for policy updates, for example, when there are changes to assigned DNS servers. If you specify an integer for PollInterval, the polling interval for the policy is set to that number of minutes. If you do not specify PollInterval, the polling interval defaults to 480 minutes.
o For the -r parameter, if a rule with that name already exists, the rule is modified to reflect the parameters you specify in the command. For example, if you include the -f parameter for an existing rule, only the filters of that rule are replaced. If no rule exists with the name you specify, a rule with that name is created.
o For the -o parameter, all aspects of the specified policy are deleted. Do not use this parameter if you have other policies that point to the objects in the policy you want to delete.
o Static mode usage differs from dynamic mode usage in one respect. When you use dynamic mode, you indicate permit and blocking filters in FilterList, which you identify by using the -f parameter. When you use static mode, you indicate permit and blocking filters in NegotiationMethodList, which you identify by using the -n parameter. In addition to the parameters described for NegotiationMethodList under dynamic mode, you can also use the block, pass, or inpass parameters in static mode. The following table lists these parameters and descriptions of their behavior.
| Parameter | Description |
| block | The rest of the policies in NegotiationMethodList are ignored, and all of the filters become blocking filters. |
| pass | The rest of the policies in NegotiationMethodList are ignored, and all of the filters become permit filters. |
| inpass | Inbound filters allow initial communication to be unsecured, but responses are secured using IPSec. |
To create a policy named Default Domain Policy with a 30-minute polling interval in which policy changes are written to persistent storage, with a rule named Secured Servers for traffic between the local computer and computers named SecuredServer1 and SecuredServer2, and by using Kerberos and preshared key authentication methods, type:
ipseccmd -f 0+SecuredServer1 0+SecuredServer2 -a k p:"corpauth" -w pers -p "Default Domain Policy":30 -r "Secured Servers"
To create and assign a local policy named Me to Anyone, with a rule named Secure My Traffic, by using a mirrored filter for any traffic to the local computer, and by using a preshared key as the authentication method, type:
ipseccmd -f 0+* -a p:"localauth" -w reg -p "Me to Anyone" -r "Secure My Traffic" -x
Displays data from the IPSec policies database.
ipseccmd [\\ComputerName] show {{[gpo] | [filters]
\\ComputerName
Specifies by name the remote computer for which you want to display data.
show
Required. Specifies that Ipseccmd must run in show mode.
gpo
Displays static policy assignment information.
filters
Displays main mode and quick mode filters.
policies
Displays main mode and quick mode policies.
auth
Displays main mode authentication methods.
stats
Displays statistics about Internet Key Exchange (IKE) and IPSec.
sas
Displays main mode and quick mode security associations (SAs).
all
Displays data provided by all of the parameters except /?.
/?
Displays help at the command prompt.
o Ipseccmd does not display IPSec data for computers running Windows 2000.
o If you do not use the \\ComputerName parameter, information about the local computer is displayed.
o If you use the \\ComputerName parameter, you must use it before all the other parameters, and you must have administrator permissions on the computer for which you want to display information.
To display the main mode and quick mode filters and policies for the local computer, type:
ipseccmd show filters policies
To display all IPSec information for the remote computer Server1, type the following command:
ipseccmd \\Server1 show all
Sets configuration parameters for IPSec.
ipseccmd [\\ComputerName] set [{logike | dontlogike}]
\\ComputerName
Specifies by name the remote computer for which you want to have configuration parameters set.
set
Required. Specifies that Ipseccmd must run in set mode.
logike
Turns on Internet Key Exchange (IKE) logging.
dontlogike
Turns off IKE logging.
/?
Displays help at the command prompt.
To turn off IKE logging on the local computer, type:
ipseccmd set dontlogike
To turn on IKE logging on the computer named server2, type:
ipseccmd \\server2 set logike
Imports or exports policy data files (files containing an .ipsec extension).
ipseccmd [\\ComputerName] [{import | export}] Location FileName
\\ComputerName
Specifies by name the remote computer from which you want to import policy data, or to which you want to export policy data.
{import | export}
Required. Specifies that Ipseccmd must run in import or export mode.
Location
Required. Specifies that the policy data is read from or written to the local registry, a remote computer's registry, or to persistent storage.
FileName
Required. Specifies the name of the file to import from or export to. If an export file name does not specify the .ipsec extension, the extension is automatically appended.
/?
Displays help at the command prompt.
o The Location is either reg to specify the registry of the local computer or a remote computer, or pers to specify persistent storage. If you use reg and you specify \\ComputerName, the policy is read from or written to the remote computer's registry.
To export policy data to persistent storage, type:
ipseccmd export pers persistent.ipsec
To import policy data from the file named server1.ipsec on the computer named server1, type:
ipseccmd \\server1 import reg server1.ipsec
Enables administrators to verify that a crash dump (user mode:user.dmp or kernel mode:memory.dmp) has been created correctly. It also provides options for performing some dump file analysis without using a debugger.
Note
This tool is not documented in the Help for Support Tools (Suptools.chm).
Collects diagnostic information about remote services and places that information in a file. Administrators can use this tool to work with Product Support Services to troubleshoot remote connection issues by taking a snapshot of the configuration data and capturing an attempted remote connection.
Note
This tool is not documented in the Help for Support Tools (Suptools.chm).
See Activate.doc for more information on the automatic product activation tool.
Note
This tool is not documented in the Help for Support Tools (Suptools.chm).
The following table describes major online documents available with the Windows Support Tools for Microsoft Windows XP Professional
| Document | Description |
|---|---|
| Suptools.chm | Documentation for Windows Support Tools for Microsoft Windows XP Professional, describing the required files, syntax, and other usage issues, along with examples for using these tools. |
The SOFTWARE supplied in the Program Files\Support Tools directory is not supported under any Microsoft standard support program or service. You can, however, report issues and bugs by sending e-mail to [email protected]. Microsoft will, at its sole discretion, address issues and bugs reported in this manner, and responses are not guaranteed.
The SOFTWARE (including instructions for its use and all printed and online documentation) is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the SOFTWARE and documentation remains with you.
In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the SOFTWARE be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the SOFTWARE or documentation, even if Microsoft has been advised of the possibility of such damages.
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: March 12, 2019
