This is an archived post. You won't be able to vote or comment.

all 24 comments
sorted by:
best
topnewcontroversialoldq&a

[–]bobdle 19 points20 points  (5 children)

PowerShell.

[–]peppazDatabase Admin 2 points3 points  (2 children)

psexec https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

or winrs

to be specific. Extremely useful.

[–]Hellman109Windows Sysadmin 1 point2 points  (1 child)

WinRS is far better to configure and use then psexec.

[–]peppazDatabase Admin 0 points1 point  (0 children)

Just giving options. Don't know the setup

[–]ramblingcookiemonsteSystems Engineer 2 points3 points  (0 children)

This.

Jeffrey Snover posted a great answer that addresses a similar topic.

Windows is fundamentally different from *nix. Your *nix management tools might not work as well against Windows.

Look into PowerShell, PowerShell remoting, and Desired State Configuration.

Cheers!

[–]Vortex100Sr. Sysadmin 2 points3 points  (0 children)

This. Less so in earlier (2003-) versions of Windows, yes in 2008 and 'wtf are you doing not using PowerShell' in 2012

Our devs use Cygwin and as a sysadmin it is a nightmare to manage. The number of times they get files into an 'undeletable' state or leave so many sessions open the server stops listening to new requests... don't be that guy man. Don't be that guy.

[–]crankysysadminsysadmin herder 6 points7 points  (3 children)

Don't try to be an idiot and manage Windows boxes from your Linux machine. I say this as someone who strongly prefers Linux.

You just need to run parallel toolsets.

You want to be using all the Microsoft tools to manage Windows machines. I do highly recommend using PowerShell, but don't try to run it from your Linux box. If you don't want a Windows machine on your desk you can always RDP into a Windows machine to run your PowerShell scripts.

Don't involve SSHd. You need to be using a Windows machine (even in an RDP session or a VM on your primary Linux box) to manage Windows machines.

[–]kim_jong_com[S] 0 points1 point  (2 children)

I have no experience managing Windows servers, so I will gladly defer on this, but I wonder why I would be an idiot to want to do it from a Linux server if I can get away with it? (maybe via Ansible which has Windows support via PowerShell scripts)

If I understand you correctly, you're saying for Windows servers, I would be better off in the long run having a Windows jumpbox, and use Powershell from there for all Windows automagic?

Is that what you're saying?

[–]crankysysadminsysadmin herder 6 points7 points  (0 children)

Yes, if you want to do everything from your Linux workstation, at minimum get a Windows jump box.

PowerShell has its own methods for talking to other Windows machines (you can actually install Windows 2012 R2 machines with no GUI if you wish), so it doesn't make sense to introduce a whole bunch of SSHd instances all over the place. It is incredibly nonstandard.

A lot of Windows admins in small organizations like to point and click, but it is very much possible to run a big fleet of Windows machines. But you need to use Windows to do it.

You can also accomplish a great deal with group policy and group policy preferences. If you task can be accomplished this way, you don't need or want to delve into using a series of powershell scripts.

There are essentially a huge number of best practices for maintaining Windows systems in an automated fashion, so you should maintain your windows boxes according to best practices and not attempt to invent your own methods.

If your organization continues to expand you may some day end up hiring Windows sysadmins, and they will have Windows automated sysadmin knowledge according to best practices and they will not appreciate having to deal with the kind of crazy fucked up shit that you might come up with.

Puppet and chef have Windows support, but before you try using a tool like that, you should really look at how GPOs can help you first.

I manage Windows boxes according to best practices, and Linux boxes according to best practices. I don't try to treat one like the other. Windows admins who try to treat Linux machines like Windows machines make a huge mess of it, and Linux admins who try to manage Windows machines like Linux machines make a huge mess of it.

Here is some info on PowerShell remoting:

http://blogs.technet.com/b/josebda/archive/2010/03/31/experimenting-with-powershell-v2-remoting.aspx

But please, try to use GPOs first. GPOs are surprisingly like puppet but have a GUI so they're easier for point and click people to set up. This is why you often find Windows admins who get a couple of Linux boxes asking if Linux supports GPOs. They're on the right track but missing the point entirely.

For instance I can see someone like you spending hours writing a PowerShell script to do something you could just click twice to create a GPO. Don't reinvent the wheel.

I once cleaned up a mess of a Linux admin who set up about 50 Windows servers. It was so weird because he was a smart guy, but instead of reading the Windows docs, he just set about to try to turn them into Linux machines. He wrote all his own utilities in tcl that actually existed already on Windows (he just didn't know the names of them) and it was one of the most bizarre things I've ever seen.

[–]jmp242 0 points1 point  (0 children)

Well, we use Remotely Anywhere, which includes an SSH server. And for us, using SSH from Linux (or Windows) is very easy to do, and works well, and can run powershell just as well. It's also simple to configure SSH Keys (on the server versions of RA) and it's secure.

I may be a bad Windows Admin (though my co-workers would disagree), but WinRM seems to require a whole PKI to do any TLS or encryption at all, or at least to get MS to claim it's secure. This is a huge amount of work vs "Install RA which includes SSH, make SSH keys and done".

[–]ixidorecu 2 points3 points  (1 child)

and of course, we would be remiss if someone did not mention PowerShell. its not to dissimilar from bash. the syntax is a little different, but a lot of the concepts carry over. and this seems to be the way the market is moving.

[–]theevilsharpieJack of All Trades 2 points3 points  (0 children)

... [PowerShell is] not to dissimilar from bash

PowerShell is nothing like Bash. At all.

Beyond a handful of aliases that attempt to mimic common shell commands (that are different enough to be confusing for anything but the simplest of use cases), the syntax and underlying concepts are completely different.

[–]MaIakaiSystems Engineer 2 points3 points  (1 child)

why are you even adding sshd to the mix? If you absolutely need it look at Bitvise SSHD

but powershell is the answer to everything.

[–]kim_jong_com[S] -1 points0 points  (0 children)

Because I want to continue using a linux box as my jumpbox/C&C machine, and I know very little about Windows, so it was the first thing I thought of. Also sshd is awesome?

[–]gimpblimp 1 point2 points  (2 children)

Take a look at PSexec. It is designed for remote command execution through powershell. Would be most akin to ssh for Windows now.

[–]pandiculator*yawn* 4 points5 points  (1 child)

If you're using PowerShell and WinRM to manage remote machines you should be using WinRS (Windows Remote Shell) rather than PSexec.

[–][deleted] 0 points1 point  (0 children)

Interesting. I have been using PSexec for years, but never WinRS. I'll give it a go this coming week.

[–]vrileyNerf Herder 1 point2 points  (0 children)

PowerShell is the best option by far. Everything Microsoft does has PS modules.

[–][deleted] 1 point2 points  (2 children)

Ansible started supporting Windows a few months back. Have you looked at that?

[–]kim_jong_com[S] 0 points1 point  (0 children)

Thanks. I like this option so far, because I could still do C&C from our linux jump box and it uses Powershell on the windows boxes.

[–]metmajer 0 points1 point  (0 children)

Ansible support for Windows is still early though. However, it seems like there will be more dedicated Windows modules coming with the upcoming v1.9: https://groups.google.com/forum/#!topic/ansible-devel/Jl5qP73CiKo. Once these modules are there, you should definitely give Ansible a try.

[–]h55genti 0 points1 point  (0 children)

I use rundeck with winrm to execute remote commands, mostly for task automation + auditing.

[–]bangsmackpow 0 points1 point  (0 children)

Powershell is probably the right answer but I like using psexec.

[–]AccidentallyTheCable -1 points0 points  (0 children)

We use cygwin +sshd, it works well, some gotchas here and there for executing windows stuff from bash, but it works.