Originally Published: Tuesday, 3 October 2000 Author: Chris Campbell
Published to: enhance_articles_sysadmin/Sysadmin Page: 1/1 - [Printable]

Linux and Windows NT 4.0: Basic Administration - Part II

Administrative tasks in Windows NT are strikingly similar to the same tasks in Linux. This comes as little surprise, as one of Microsoft's first ventures had been Xenix, a Unix clone. Xenix eventually evolved into SCO Unices (Incidentally, SCO was partially owned by both Microsoft and Novell). Later, Microsoft worked with IBM on the project that split to become OS/2. Windows NT played a role in this, as well..

   Page 1 of 1  

Administrative tasks in Windows NT are strikingly similar to the same tasks in Linux. This comes as little surprise, as one of Microsoft's first ventures had been Xenix, a Unix clone. Xenix eventually evolved into SCO Unices (SCO was partially owned by both Microsoft and Novell). Later, Microsoft worked with IBM on the project that split to become OS/2. Windows NT played a role in this, as well.

As we saw in the last article, and will witness to a greater degree here, the Windows NT 4.0 Resource Kit is almost absolutely necessary to make Windows NT managable for the administrator. Incidentally, it's in the Resource Kit that most of the similarities to Linux/Unix are found.

Task Manager

In Windows NT, the task manager may be found by pressing CTRL-ALT-DEL. This presents a window with three tabs: Applications, Processes and Performance. Applications show the friendly name of the user-executed applications. This is commonly used to 'End Task' when a windows application locks up. Sometimes, even that doesn't work. Under the 'Processes' tab, the 'End Process' button is more effectual, but it requires knowing how the system refers to the application. This crypticness, as well as scrolling through the entire list of running processes, makes ending a process here somewhat cumbersome. Also, here's where you can set the priority of the task. This would be done by right-clicking on the process and selecting the 'Set Priority' button. It gives the options of Low, Medium, High and Realtime. This function did not work in the earlier releases of Windows NT.

Applications launched from command line, however, do have the ability to have their priority set from the start.


START /LOW <Application to be Run>

Here, a difference in speed can definitely be perceived. There are other options to the command that may be seen by typing "start /?".

Other command line options exist in Windows NT for process management, and they all come with the Windows NT Resource Kit.

  • pstat - creates list of processes running
  • kill - allows the command line termincation of a process
  • pview - Launches a GUI tool

At this point, an interesting trend has seemed to have surfaced. The most useful and effective tools that work with Windows NT 4.0 are installed with Resource Kit, and all hail directly back to their Unix-based relatives.

To list the processes running in Linux, the command would be ps. Switches on the command can delegate what information is displayed. By piping the output through grep, such as:

#ps -ax | grep {function name}

This will display all of the current processes relating to the function indicated, and in a format remarkably similar to the Resource kits pstat output, Listing PID (Process ID), etc. Notably, piping the output through grep in Windows NT should be possible, as grep also comes with the Resource Kit. The results aren't always reliable. However, Windows NT does have a native form of grep called findstr.

The kill command is direct plagiarism of Unix.

kill <PID>

In Linux, the kill command is a lot more flexible, with the abilities not just to terminate a process, but to force a restart, or even just a re-read of a configuration file. This is application dependent, and not all applications honor kill -HUP. It is this ability that avoids the Windows habit of having to reboot every time a system level change is made. This is more often due to NT not being able to dynamically change DLLs that are in use and to adjust its network configuration on the fly. The longer the server is functional and on the network, the better a server it is.

The various types of signals to be sent are too numerous to be listed here, but can be found by typing:

#man kill

Priority of the process may be changed in Linux with the nice and renice commands with the processes importance being scaled -20 to +19, Values lower than zero cause the process to execute faster -- more accurately, it allows the process to grab more of the CPUs time -- where higher than zero acts in reverse. These commands aren't just limited to individual processes:

renice {-20 to +19} {PID}

Renice can alter all processes by user or by a process group.

renice {-20 to +19} -u {Username}

Finally, an important note for Windows NT administrators. Where in Windows NT, typing CTRL-ALT-DEL brought us to the task manager, this key combination in Linux would restart the computer in an abrupt manner. In Linux, file locations are controlled by units called inodes. These units contain file size and location information. Among other problems, dropping a Linux box improperly can cause a situation where inodes are in a state of being written. This may cause incomplete information resulting in both data loss and disk issues.

Since the CTRL-ALT-DEL response is almost automatic in Windows NT, the sequence must be trapped to avoid such complications. Typically this is done automatically in Linux. If it isn't, here's how to do it.

Edit /etc/inittab.

Add the following line:

ca:12345:ctrlaltdel:/sbin/shutdown -r now

This will set the command string to still shutdown the machine, but in a controlled manner. Other configurations can be used to reroute the commands to do nothing or to display warning files. The portion of the line /sbin/shutdown would be replaced with a path pointing to a file to perform the desired function.

Disk Administration:

Disk Administration in Windows NT is done through the Windows NT Disk administrator:


Here, the existing disks on the machine can be seen. Non-partitioned disk space is visible as grey, where existing partitions are signified with colours depending on the type of partition.

Basic Partitions=Blue
Volume Sets=Yellow
Stripe Sets=Green
Mirror Set=Purple

Partions are created by selecting empty drive space with the mouse. Press CTRL to hold for multiple selections. Then from 'Partition' or 'Fault Tolerance,' select the type of configuration desired. Next, right click and 'commit changes now.' At this point the partition can be formatted, or if a mirror was selected, the Server will need to reboot and synchronize.

RAID configurations with Windows NT done through software are often painfully slow, and are suggested for use only if no other options exist. Also, Windows NT sometimes seems to 'forget' the drive letter assignments to larger drives, causing the letter to undergo manual reassignment every time the server reboots.

As in DOS, the fdisk command may also be used from a boot disk, but is only useful for FAT partitions less than 2 gigs in size. If 'Large Drive Support' is selected, fdisk assumes that the partition will be formatted with FAT32, which cannot be read with Windows NT. So much for backward compatibility.

For basic partition creation, Linux has a pleathora of disk tools, the most basic of which is fdisk:

fdisk <harddrive device name. ex. /dev/hda>

A numerical menu is presented with the fdisk options. After selecting to create a new partiton, the partition size and type are then chosen. Linux uses types 82 and 83, but can see many, many more, including NTFS Volume Sets. Full NTFS support is still in progress.

This command line operation is typically done in the Linux setup using a GUI tool. Mandrake's diskdrake is one such tool, which is very functional and quite similar to the Disk Administrator in Windows NT. This can be launched from a Mandrake Linux's shell by typing:


Clicking on an empty partition and clicking create will give a prompt to create a new volume. The list of the volume types here is limited. The list displayed shows:

  • Linux Native
  • Linux Swap
  • Win98 FAT32
  • ReiserFS
  • Linux RAID

Linux RAID can be selected, as well as ReiserFS. ReiserFS is a Journaling File System, reminiscent of JFS in HP/UX. Interestingly enough, Microsoft propaganda claims that Linux has no Journaling File System. The opposite is true. A Journaling File System, by the way, is an advanced form of redundancy where all file system activity is logged in case of accidents. It is rumoured that ReiserFS makes Linux even faster than using the current ext2 filesystem.

By toggling to advanced mode prior to clicking create, multitudes of file system options are displayed in the volume types. Both Linux RAID and Linux Logical Volume Manager can be found. Linux Logical Volume Manager is also a relative of an HP/UX product, LVM. The Linux Logical Volume Manager project is still in progress and is located at http://linux.msede.com/lvm/. As of this writing, the LVM has petitioned to be included in the kernel, but is not included yet. Some Linux flavors have included it for a bit. SuSE, for instance, has included the software since Suse 6.3.

The Linux kernel supports the RAID functions of appending and stripping. Mirroring is available too, but must be added with a separate package.

The RAID functions must be compiled into the kernel as: "Multiple Devices Driver Support". These tools may be already compiled into the kernel; we will briefly go over them here. Re-compiling the kernel is a more advanced administrative activity and will not be covered at this time.

The RAID configuration is stored in the file /etc/mtab. The format will look like:

meta-device RAID Mode Disk Partition 1 Disk Partition 1

/dev/md0 linear /dev/hdb1 /dev/hdc1

That's when we are using partition 1 on the second hard drive and partition one on the third drive to create a linear volume.

To add the configuration into the kernel, type:

#mdadd -a
#mdrun -a

mdadd adds to the kernel, and mdrun starts the metadisk

This has created md0 (Meta Disk) 0.

To format and mount the new metadisk, type:

#mke2fs /dev/md0
#mount /dev/md0 /Volume1

Next, we set the metadisk to be remounted at start-up. Add to /etc/rc.d/rc.boot:

mdadd -a
mdrun -a

And then add the mount information as above to /etc/fstab. /etc/fstab configuration will be reviewed more in depth in a later article with NFS and SMB concepts.

Hopefully, the RAID process will be simplified to the degree of the Windows NT Disk Administrator with the addition of the complete Linux Logical Volume Manager. For some users, the command line, even in limited use, is difficult.

Event Viewer and System Logs

In Windows NT, all system logs are kept in the event viewer and through the event viewer may be dumped to file and cleared. Log setting are maintained here, at least as to what events to log. Some individual applications, unless causing system issues or deliberate log entries, maintain their own logs. The interface for the event viewer is not bad, but only local area network logs can be reliably viewed, and only one at a time. This is acceptable for smaller networks, but for larger NT networks this can be cumbersome. The following resource command allows us to combat this issue:

dumpel -f {filename} -l {logtype} -c -s {Servername}

Here is a script for a retrieving server log files on a local lan, and combining them into one big file. This job can be timed to run and mail the resulting log to an administrator's address or even have the log results piped to a secure administrative website so that the administrator can see his log files from anywhere. Note: There is no inherent commandline mechanism in Windows NT. An additional script would be required to do this.

@echo off
del server.lst
echo Servers: >> server.lst
echo Retrieving Server Log files . . .
Echo Local Machine >> server.lst
Echo Local Machine
dumpel -f c:\temp\logs\local.sys -l system -c >> daily.log
dumpel -f c:\temp\logs\local.sec -l security -c >> daily.log
dumpel -f c:\temp\logs\local.app -l application -c >> daily.log
echo Server_01
echo Server_01 >gt; server.lst
dumpel -f c:\temp\logs\Server_01.sys -l system -c -s Server_01 >> daily.log
dumpel -f c:\temp\logs\Server_01.sec -l security -c -s Server_01 >> daily.log
dumpel -f c:\temp\logs\Server_01.app -l application -c -s Server_01 >> daily.log
echo Server_02
echo Server_02 >> server.lst
dumpel -f c:\temp\logs\Server_02.sys -l system -c -s Server_02 >> daily.log
dumpel -f c:\temp\logs\Server_02.sec -l security -c -s Server_02 >> daily.log
dumpel -f c:\temp\logs\Server_02.app -l application -c -s Server_02 >> daily.log

And so on. . .

One other Event Log tool in also included in Resource Kit:


This utility can force a log entry from command line. This would be useful to log the results of a timed process, for instance.

In Linux, the system logs, and even most of the application logs are kept in /var/logs. This is a very convenient way to keep everything in the same place. Being as Linux has telnet (remote command line) capability, it is very easy for an administrator to telnet in from remote. It could also theoretically be scripted to combine logs (presumably the interesting or at least most recent parts filtered via grep) and E-mail or display via the web. In Linux it is possible to email from the shell, as well:

cat {Filename} | mail {email address}

It is also relatively common just to have a process that copies log files to an NFS mount on another Linux box, putting a copy of all log files in a centralized place. In this scenario, if a server should go down (providing it is not the server that is the log repository), an administrator can check the last log entry and have an idea as to the issue before the downed server is even touched.

License Manager:

Windows NT License manager provides a quick way to maintain a record of licenses and monitor the network for license compliance. The views available are for Purchase History, Products View (Microsoft Products), Clients (per seat) and Server browser. This is an excellent method of keeping track of the legality of your network. It probably provides a good reference for if/when the Software Piracy Association (SPA) knocks down the door to cart you away and/or fine the organization for being in arrears on licenses.

With Linux and software for Linux, licensing is mostly GPL - GNU Public License or a variant thereof (http://www.gnu.org/philosophy/license-list.html#SoftwareLicenses) and is Open Source. Beyond a pure financial benefit, this benefits the Administrator by saving the time that would be spent purchasing and keeping track of licenses as well as any worries should licensing be in arrears. The Administrator can concentrate on the truest aspect of his vocation: The system itself.

Chris Campbell is a big fan of computers, Linux, and Stanley Kubrick. Last night, the Linux.com Editor-in-Chief watched him down an entire container of Kozy Shack chocolate pudding. Chris is the Project Manager of the sysadmin section, and he can be E-mailed at soup@linux.com.

   Page 1 of 1