Although Microsoft's tools become more administrator-friendly with each new version of Windows, most still have limitations. An example is the venerable Shutdown utility, which Microsoft finally integrated into the OS in Windows XP and updated for Windows Server 2003. Shutdown lets you reboot, shut down, or power off a PC. However, Shutdown has limitations that make it weak for enterprise use—for example:
- Shutdown provides no testing capability. To determine whether you can shut down a system, you must actually shut it down before you run the Shutdown utility.
- Shutdown lets you specify only one computer to be shut down each time you run it.
- Shutdown doesn't let you authenticate to a remote system that requires public key infrastructure (PKI)—level security.
- Shutdown doesn't let you specify a privileged account to use for performing a shutdown.
I designed a shutdown utility—the VBScript StopComputer script—to handle enterprise-type situations that are beyond the Windows Shutdown tool's abilities. StopComputer uses the Windows Management Instrumentation (WMI) Win32_OperatingSystem class's Win32Shutdown method, which lets you shut down, reboot, or log off a computer from a script. I walk you through the StopComputer utility to give you a basic understanding of how it works and how to use it. StopComputer works with Windows 2000 and higher in the OS's shipped configuration. You can also use it with Windows NT Server 4.0 systems if you install the WMI extensions on the systems that you want StopComputer to shut down. You must have Windows Script Host (WSH) 5.6 or later installed to run the utility.
StopComputer has a few limitations. It doesn't let you directly specify logged reasons for shutdowns, and it doesn't send network messages on its own. Also, for safety reasons, you can't run the utility against the local computer (i.e., the system on which StopComputer is running). As a batch-processing script, though, StopComputer is easy to integrate with other tools that perform those tasks. Alternatively, you could customize StopComputer by adding components that provide logging (to specify reasons for shutdown) and network messaging.
StopComputer Preliminaries
First, download all the code for StopComputer at the Windows IT Pro Web site. Go to http://www.windowsitpro.com, enter InstantDoc ID 44710 in the InstantDoc ID box, then click Download the Code. Save stopcomputer.wsf and stopcomputer.cmd in the same folder. The .cmd file handles input and output redirection for the .wsf file so that you can execute the script simply by entering
stopcomputer
at the command line. You don't need to specify the .cmd extension because cmd.exe finds .cmd files before .wsf files in path searches.
Before you start using StopComputer in your organization, you'll need to prepare your users for a possible planned or emergency shutdown of their systems. Discuss administrative shutdown events with users ahead of time to avoid panic should you have to perform a mass shutdown of their systems.
You should also convey your shutdown policies to users; for example, you might perform standard shutdowns at night for security, economy, or maintenance and emergency shutdowns of Internet-accessible systems at the first sign of virus activity or a network break-in. When users are aware of shutdown policies, they're more likely to interpret a sudden loss of network access or a remote system reboot as an attempt to protect them instead of a random failure that's the IT department's fault.
Another way to prepare users for a shutdown is to perform a shutdown drill on the network. You should also activate autosave and autorecovery features in software. For example, you can set Microsoft Excel to autosave recovery information by clicking Tools, Options, Save Autorecovery. Such features dramatically reduce the likelihood of data loss even during a forced reboot with live users.
Finally—and this is crucial—warn your users when you need to shut down a critical system quickly. Send a message over the network or, at the very least, make a companywide announcement about the shutdown to your network's users.
4 Essential Actions
You can use StopComputer to perform four actions on a system: Conduct a test shutdown, reboot the computer, shut down the computer but leave it powered up, and power off the computer. To perform a test shutdown, run the Stopcomputer command with the /w (what if) switch; this lets you test whether you can perform an actual shutdown on a system.
The ability to conduct a test shutdown is important because it lets you identify problems with system access ahead of time without actually shutting down computers. For example, to conduct a test shutdown on remote servers TS01, TS02, and TS03, you'd enter the command
stopcomputer /w ts01 ts02 ts03
If the test shutdown succeeds, the command outputs on screen the system name followed by "SUCCESS"; if the test shutdown fails, the command outputs the system name followed by "FAILED" and an error code. (You can change the amount of detail in the messages by specifying either the /v+ or /v- switch, which I discuss later.)
To reboot a computer, specify the /r (reboot) switch. For example, to reboot the DC01 domain controller (DC), run the command
stopcomputer /r dc01
To shut down a computer but leave it powered up, specify the /s (shutdown) switch:
stopcomputer /s dc01
Finally, to completely power off a system, run the StopComputer command with the /p (power-off) switch:
stopcomputer /p dc01
When you specify /w to perform a test shutdown, the script ignores the /r, /s, and /p options. If you specify more than one shutdown option (/r, /s, or /p), the script alerts you to your mistake and exits.
Sometimes shutdowns don't work as intended. A hung application can halt the shutdown process, as can an open and unattended user session that has unsaved data. If you need to force applications to close, you can run the StopComputer command with the /f (force) switch, which forces a system to shut down without notifying any applications that are running. For example, to force a shutdown of two terminal servers, TS1 and TS2, you'd run the command
stopcomputer ts1 ts2 /s /f
Options Galore
StopComputer's option switches let you perform shutdowns in different ways. Figure 1 lists these options. Like most batch-processing tools, StopComputer uses as input data either command-line parameters (e.g., computer names) that you specify to be shut down or, if you don't enter any parameters, the standard input stream (e.g., a text file containing a list of computer names). For example, if you want to forcibly shut down some computers and enter the names interactively, you'd issue the command
stopcomputer /s /f
After you enter the command, you'll see a blank line under it. Here, you can start typing in the names of the computers you want to shut down, pressing Enter after each one. When you're finished entering names, simply press Ctrl+C twice to exit the script.
Alternatively, you can run the command against a saved list of computers. For example, the kiosks.txt file contains the names of kiosks you need to power off late on Friday. To use StopComputer to power off the kiosks contained in the kiosks.txt list, run the command
stopcomputer /p /f < kiosks.txt
Even better, if you have a tool that generates a filtered computer list and sends it to standard output, you can feed this tool straight into StopComputer. Suppose you have a script—Getwebservers.cmd—that dynamically generates a list of your public Web servers, and you want to forcibly reboot these Web servers. To do so, run the command
getwebservers | stopcomputer/r /f
Handling Permissions
If you have the commendable habit of running in an account with limited privileges, the Shutdown utility won't work without wrapping it through runas.exe (i.e., using the Runas command to execute the Stopcomputer command). Even worse, if you have some isolated systems with distinct accounts and passwords, you can't handle their shutdowns remotely at all; you face yet another penalty for using good security practices.
The StopComputer script accommodates permissions restrictions to a degree. For example, if your current account lacks sufficient privileges to shut down a remote system, you can still perform the shutdown by specifying the username and password of the user whose system you want to shut down. To do so, run the StopComputer command and specify the /u (username) switch followed by the username and password of the user whose remote system you want to shut down, in the format username:password, like this:
stopcomputer /u alibaba:sesame
Security-conscious systems administrators might not approve of this method, which displays username and password information to anyone who happens to be passing by your computer screen. If you're concerned about revealing your password, you can simply enter only the username on the StopComputer command; StopComputer then prompts you to enter a password that isn't displayed.
Controlling Output and More
Console command output for StopComputer varies depending on how you intend to view or use the results. By default, if the script successfully accesses a system, StopComputer prints the computer name to standard output followed by the word "SUCCESS". If computer access or shutdown fails, StopComputer writes the computer name to standard error followed by the word "FAILED" and the error code that the OS returned. Listing 1 shows the error-handling portion of the StopComputer script. You can often look up the meanings of short error codes by running the command
net helpmsg
If you want to display the full message text displayed during system shutdown attempts, you can specify the /v+ (verbose) switch on the StopComputer command. StopComputer then appends available error descriptions to all messages that are displayed on screen.
If you want to stop the script from displaying the SUCCESS or FAILED message, specify the /v- (nonverbose) switch. Doing so tells StopComputer to print succeeding systems to standard output and failing systems to standard error. Be aware that if you specify the /v- switch, you won't be able to visually identify which systems StopComputer has successfully shut down and which shutdowns have failed; if neither standard error nor standard output is redirected to another command or a file, both will appear merely as bare names in the console window.
Two more options are worth mentioning because you might want to tweak them. The /a (authentication) switch lets you specify the WMI authentication level as a number from 0 to 6. StopComputer uses the Pkt (4) authentication level to ensure that it will always work against Windows XP and newer systems, which have more stringent security.
The /d (delay) switch specifies a delay time in seconds between each call to shut down a remote system; by default, StopComputer allows a 2-second delay. The delay gives you time to you halt the script (by pressing Ctrl+C) if you see a mistake (e.g., an incorrect system name) after you've executed the StopComputer command.
A Powerful Tool
StopComputer extends the usefulness of the Windows Shutdown utility by enabling you to shut down multiple systems remotely. Additionally, StopComputer lets you perform test shutdowns on systems, a capability you'll find useful for preparing for future shutdowns and anticipating potential problems before a forced emergency shutdown. You can enhance StopComputer to report the reasons for shutdowns and send network messages to users or let the user simply type "Quit" to exit interactive mode instead of having to press Ctrl+C twice. However you choose to use StopComputer, you'll surely find that it's a practical addition to your administrator's toolkit.
End of Article
)
)
Register
Wayne Geils January 20, 2005