Debugging scripts, output to console

Example 1

--- Script start ---

if not exist c:\Logs md c:\Logs
net use \\sourceserver\robocopy /user:username password 1>c:\Logs\test.txt 2>&1

--- Script end ---

"1>c:\Logs\test.txt 2>&1"

"1>" To capture error output; specify a full path for the log file. If not it might end up in the System32 folder.

"2>" = re-direction in DOS Command Prompt (console)

Example 2

--- Script start ---

net use \\sourceserver\robocopy /user:username password 1> c:\output.txt 2> c:\error.txt
dir \\sourceserver\robocopy 1>> c:\output.txt 2>> c:\error.txt

--- Script end ---

Or to use one single log file:

--- Script start ---

net use \\sourceserver\robocopy /user:username password 1> c:\output.txt 2>&1
dir \\sourceserver\robocopy 1>> c:\output.txt 2>>&1

--- Script end ---


References:
http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/b591346e-3ed0-4ed1-9453-24851ebe1bb1

Schedule a robocopy task on Windows 2008 R2 (WIP)

Objective:
1. Schedule a task to copy a set of files from a DC to another DC.
2. Apply least privilege principle.

Environment:
Windows 2008 R2 (
Robocopy version on Windows 2008 R2 (XP10 aka 5.1.10.1027)

Symptoms:
Using robocopy, you will be able to copy folders from source location to destination location (folders will be created). However, files within the source folder will fail to copy.

Common errors:
1. ERROR : You do not have the Manage Auditing user right.
2. ERROR 5 (0x00000005) Copying NTFS Security to Destination Directory -instead-path-here- Access is denied.

Required Permissions:

To use the robocopy /COPYALL switch on a DC, at minimum, user account MUST BE in "Builtin\Administrators" group.

THIS CAN'T BE AVOIDED. Ref URL #4 below - "UAC operates under a dual token method where even if you have the right to have elevated access, until you request it via UAC its not provided. Once requested its a new process."

Tried to minimize security access with credentials "Builtin\Server Operators" (able to open an elevated command prompt but UAC will prompt for password) and "Builtin\Backup Operators"
However, with these credentials, during the copy process, the folders will be created successfully but files inside folders, you will hit error #2 mentioned above.


Required NTFS Permissions

1. Source location, at least read access to the files and folders
2. Destination location, "full control" to files and folders (If not you may have
3. If your destination folder is in a root folder, ie, D:\ or E:\, you will need to
3.1. Disable inheritance
3.2 Grant full control to the user that is used to run the robocopy scheduled task script

Windows 2008 R2 may not copy ACLs properly
Workaround:

1. XCOPY source_folder target_folder /I /E /X /T 
2.  ROBOCOPY source_folder target_folder /COPYALL /SECFIX /E 

References:
1. http://ss64.com/nt/robocopy.html
2. http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/292b40ec-a6b3-47db-b9ac-e7ab9aa5c913
3. http://serverfault.com/questions/419835/what-permissions-are-required-to-back-up-to-a-remote-folder
4. http://superuser.com/questions/416188/is-there-any-way-to-elevate-a-command-prompt-in-windows-7
5. http://support.simplefailover.com/KB/a5/using-robocopy-with-simple-failover.aspx
6. http://virtualmowfo.blogspot.sg/2009/07/running-scheduled-task-using-system.html

A computer that is running Windows Vista or Windows Server 2008 stops responding and hangs at the "Applying User Settings" stage of the logon process

Catch-22!!

http://support.microsoft.com/kb/2379016

In the dump file, the service control manager is trying to start up the HTTP.sys while the HTTP.sys is actually waiting on the Cryptographic service. But this Cryptographic service has not started up yet. So Cryptographic service is trying to start up to handle to request from http.sys.

But as the service control manager is starting up the http.sys and can’t handle the startup request from Cryptographic service, this cause a deadlock.

Resolution

=============

So this issue can be resolved by add dependency for the http.sys to make sure this http.sys will only try to start up itself when the Cryptographic service is up.

Step as below:

1.Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP

2.On the Edit menu, point to New, and then click Multi-string Value.

3.Type DependOnService, and then press ENTER.

4.Right-click DependOnService, and then click Modify.

5.In the Value data box, type CRYPTSVC, and then click OK.

6.Restart the computer.

Note: The reason why we used the last known good and the server was fine may because in the last known good, the Cryptographic service somehow started up earlier than usual. But we still need to take the action plan above since we never known if sometimes the Cryptographic service will start up later than http.sys again.