1. Associating a Folder to a Drive with the Subst Utility
The Subst utility is one
that just about anyone can use. It makes a directory look like a new
drive to a user. In fact, this effect shows itself in Windows Explorer,
so the Subst utility has a lasting impact on your system. This utility
uses the following syntax:
SUBST [drive1: [drive2:]path]
SUBST drive1: /D
The following list describes each of the command line arguments.
drive1
Specifies the drive to substitute for the directory specification you provide. The default is the current drive.
drive2
Specifies the drive that contains the directory for substitution. The default is the current drive.
path1
Specifies the absolute or relative path to substitute. The default is the current directory.
/D
Terminates the directory substitution. You can also terminate the substitution using Windows Explorer.
The Subst utility
performs a task that you can't perform within the Windows GUI. It makes
directories easily accessible to users. Instead of digging through the
directory hierarchy, the user can access the directory using a drive
letter. In addition, you can use the Subst utility to equalize all
systems on a network, even if the various machines have different drive
configurations. For example, you could set all machines to use Drive X
as the word processing directory. The Subst utility can also make
network reconfigurations invisible to the user. If you set Drive X as
the word processing drive, it doesn't matter where the actual directory
appears on the network and you can move it around at will. Here's an
example of the Subst utility used to redirect the G:\Windows directory to the L drive.
Subst L: G:\WINDOWS
2. Displaying a Directory Structure with the Tree Utility
If you've ever tried to get a
complete picture of the directory structure of your hard drive using
Windows Explorer, you know the task is tough. Windows Explorer focuses
on helping you perform tasks, so it tends to focus your attention on a
specific set of directories on the hard drive. In fact, the default
settings actually hide many directories from view. The Tree utility
hides nothing. It's easy to become quite overwhelmed by the amount of
information it provides. This utility uses the following syntax:
TREE [drive:][path] [/F] [/A]
The following list describes each of the command line arguments.
drive
Specifies the drive to examine. The default is the current drive.
path
Specifies the absolute or relative path to examine. The default is the current directory.
/F
Displays the filenames in each directory as well as the directory names.
/A
Displays the output using standard ASCII characters, rather than extended ASCII characters that have a graphical appearance.
One of the best reasons to
use the Tree utility is to explore your drive looking for places to
clean out old information. This utility can also help you locate hidden
directories and even provide a certain level of virus detection because
most virus writers are counting on you to use Windows utilities to
explore the hard drive. The fact that you can run this utility from the
recovery console means that you can even use it to explore the drive for
rootkits—a particularly nasty form of virus that actually hides itself
from view when Windows is operating.
|
Rootkits are
particularly dangerous viruses because you don't even know you have one.
They hide by using the operating system to trick you into not seeing
the folders that store the executables. The rootkit writer doesn't want
you to know the rootkit is in place, so don't expect a rootkit to do
anything odd or strange. In fact, unlike common viruses, rootkits often
go out of their way not to use your system to propagate because that
action would expose them. Because of the level of integration a rootkit
requires with the operating system, even removing a rootkit is going to
cause problems because now your system is compromised at a low level. |
3. Managing the Volume Shadow Service with the VSSAdmin Utility
The VSSAdmin utility
lets you view the status of the VSS, which is a method of providing a
backup copy of Windows. This utility uses the following syntax:
VSSAdmin list shadows [/set={shadow copy set guid}]
VSSAdmin list writers
VSSAdmin list providers
VSSAdmin list volumes
VSSAdmin resize storage /For=ForVolumeSpec /On=OnVolumeSpec
[/MaxSize=MaxSizeSpec]
The following list describes each of the command line arguments.
/set={shadow copy set guid}Determines which shadow copy set to list based on the GUID provided as input.
shadows
Lists all of the shadow copies on the system grouped by GUID.
writers
Displays a list of
shadow volume writers on the system. Common shadow writers include
Internet Information Server (IIS), Windows Management Interface (WMI),
and Microsoft Data Engine (MSDE). The information includes the writer
name in human-readable form, writer identifier as a GUID, the writer
instance identifier as a GUID, and the current writer state.
providers
Displays
the current VSS provider information. This information includes the
provider name, provider type, provider identifier as a GUID, and the
version number.
volumes
Displays a list of volumes eligible for shadow copies. In general, you can shadow any permanent hard drive on the system.
The new resize storage
mode lets you change the amount of storage set aside for shadow copies
on the specified volume. The following list describes each of the
command line arguments.
/For=
ForVolumeSpecDefines the volume for which you want to provide a shadow copy.
/On=
OnVolumeSpecDefines the volume that will hold the shadow copy. This volume must be different from the /For argument volume.
/MaxSize=
MaxSizeSpecSpecifies the maximum
size of the shadow copy. If you don't specify this value, then the
shadow copy can be as large as the free space on the shadow drive. The
minimum shadow copy size is 300 MB. You may include any of the following
size definitions: KB, MB, GB, TB, PB, and EB. If you don't specify a
size, then VSSAdmin assumes that you supplied the value in bytes.
