Menu

dkwt manual

Dirk Krause
← Previous ↑ Home → Next

dkwt — List Windows users, groups, printers…

Synopsis

dkwt _command_ [_options_]

Description

The dkwt / dkwtadm program has the following functionality

  • List local users
  • List local groups
  • List local printers
  • Schedule print job file to Windows print queue
  • Modify environment variables.

For classroom PCs the programs can perform cleanup operations on machine boot and user login.

The dkwtadm.exe program is the same as dkwt.exe except it has a built-in manifest to ask for administrator permissions at startup.

Options

Command Option Purpose
users Show users.
-l Long (detailed) output.
-s Short output. Options -l and -s are mutually exclusive.
groups Show groups.
-l Long (detailed) output.
-s Short output. Options -l and -s are mutually exclusive.
printers Show print queues.
-l Long (detailed) output.
env Modify environment.
-s Modify system environment. The default is to modify the current users environment.
Administrative privileges are required to modify the system environment.
-e Use REG_EXPAND_SZ type when creating new registry values. This option is ignored when modifying existing registry values.
-u name Unset variable by deleting the registry value specified by name.
-i name value Insert, make sure the named variable contains file/directory value. Insert at start of registry value if the path is not yet listed.
-a name value Append, make sure the named variable contains file/directory value. Append at end of registry value if the path is not yet listed.
-d name value Delete the file/directory specified as value from the variable. If the variable is empty after removal, remove the registry entry.
boot Cleanup up during machine boot process, requires dkwt.conf configuration file.
-t Test mode, do not perform cleanup actions, just show what to do.
login Cleanup and preparations on user login, requires dkwt.conf configuration file.
-t Test mode, do not perform cleanup actions, just show what to do.
logout Cleanup on user logout, requires dkwt.conf configuration file.
-t Test mode, do not perform cleanup actions, just show what to do.
shutdown Cleanup on machine shutdown process, requires dkwt.conf configuration file.
-t Test mode, do not perform cleanup actions, just show what to do.
cleanup‑profiles
clp		 Manually clean up profile directories.
keep Temporarily disable cleanup until after next user login.
unkeep Resume normal cleanup operation.

Classroom features (automatic cleanup)

Classroom situation

For PCs in a classroom we can make the following assumptions:

  • User accounts and groups are managed centrally, using Windows domain, AD or any other mechanism.
    There are no normal user accounts locally on the PCs, only the administrator account and some accounts predefined by Windows or other software (i.e. service accounts for anti-virus updates…).
     
  • A file server is available, each user has a home directory on the server.
    Users save valuable data into that home directory on the file server.
     
  • Typically all users in a PC classroom log in and out at the same time (start and end of a lecture).

We do not want to store user profiles on the server for the following reasons:

  • From a lecturer's point of view the largest part of the user profile has nothing to do with the lectures. Storing complete user profiles on the server would waste TBs for web browser cache…
    Although there is a blacklist mechanism to exclude subdirectories from profile synchronization we don't want to use that. Maintaining a blacklist means never-ending trouble.
     
  • The simultaneous login and logout of many users would generate load peaks on the server significantly higher than average load.

So we decide to use the following policies for data storage:

  • In the group policies we allow local user profiles only. Profile synchronization to server is disabled.
     
  • During the lectures users work with data either in a public directory (i.e. c:\user or c:\temp or c:\lecture) or in their user profile.
     
  • At the end of the lecture valuable data from public directories or user profile is moved to the home directory on the server or to personal media (i.e. USB stick or portable hard disk).
    This might seem inconvenient at first but ensures users learn one of the most important things for each software: Where is my data stored?
     
  • Users are encouraged to remove any file they created on the local hard disk (after saving it, of cause) before leaving the computer.

Cleanup on Windows Vista and above

The account running the boot, logon, logoff and shutdown scripts on Windows Vista and above does not have sufficient privileges to delete user profile directories. That's technical progress.
Additionally the directory structure in user profiles is … There are symbolic links to parent and/or child directories, even programs shipped with Windows have problems to handle that. I.e. when using icacls.exe on a user profile there are problems with "infinite" loops finished by buffer size restrictions or invalid handle conditions.

So we do not apply any changes to user profiles from boot, logon, logoff or shutdown scripts, we just clean up the public directories.

In regular intervals someone needs to log in as administrator and run

dkwtadm cleanup-profiles

Cleanup on Windows XP

During user logout we use the logoff script to change permissions to public directories and the user profile: Full access is granted to the System user and to the Everyone role.
The dkwt.exe program runs icacls.exe or cacls.exe to do so.

Now we attempt to remove the user profile and the contents of the public directories. Typically this will fail for some files which are still in use, i.e. the file containing the HKCU registry hive.
The dkwt.exe program first attempts to delete files/directories using internal routines. If these routines fail the

RD /S /Q "directory"
DEL /Q /F "file"

commands are run.

To remove artefacts which were not deleted during logout we attempt again on system shutdown, on boot and on each user login.
In the system boot script there is the best chance to delete artefacts.

On a user login the profile directory of the user currently logging in is excluded from the attempts to remove user profiles.

Procedure for automatic cleanup

Be carefully, cleaning up means deleting data! Configuration errors might result in loss of data!

Create a dkwt.conf file (see below).

Test the dkwt.conf file!

Create a system startup script containing the

dkwt boot

command.

Create a user logon script containing the

dkwt login

command.

Create a user logoff script containing the

dkwt logout

command.

Create a system shutdown script containing the

dkwt shutdown

command.

Special situation: system programming lectures:
If you teach system programming — i.e. building drivers for hardware — the system might crash or hang so you need a reset/reboot.
You should take the following precautions against loss of data when testing self-made drivers:

Create a registry key HKEY_LOCAL_MACHINE\Software\DKrause\Shared\dkwt and grant the Everyone or INTERACTIVE user or role full access to that key.
Teach your students to use

dkwt keep

before running any test.

Before logging out normally they should run:

dkwt unkeep

The "dkwt keep" command sets a DWORD named "keep" in the above registry key. If this DWORD is set to a not-0 value no cleanup is done by dkwt. So if there is any problem the user can reboot the machine (either normally or using the reset button) and login again without loosing data.
The DWORD is removed at the end of the next "dkwt"login", so at next "dkwt logout" normal cleanup will happen.

Exit status

0 on success, all other status codes indicate an error.

Configuration

If the dkwt.exe file resides in "C:\Program Files\Krause\bin" the recommended directory for dkwt.conf is "C:\Program Files\Krause\etc\dktools-site". Create the directory if it does not yet exist.

Example file:

[options]
system user     =       System
everyone user   =       Jeder
print jobs      =       local   lp@printserver

[public]
c:\temp

[profiles C:\Users]
All Users
Default User
Public
Administrator
SophosSAUL-XY0
sshd_server
Section Option Value Purpose
[options] General setup.
system user Username User name of the "System" user, optional, default: detect automatically.
everyone user Username User name of the "Everyone" user, optional, default: detect automatically.
print jobs List of print queues to cleanup, LPRng print queues specified by queue@host, "local" for all local print queues.
[public] Section containing public writeable directories, one per line. Each of these directories is cleaned up automatically.
[profiles] Full path name Parent directories where all user profile directories are placed. Each line in the section contains one subdirectory name not subject to automatic cleanup by:
dkwt cleanup-profiles

All directories you don't want to be deleted during 
dkwt cleanup-profiles

must be listed here. Make sure to include the profile directories of all systems accounts in the list.

After creating or modifying the file, run

dkwt boot -t
dkwt login -t
dkwt logout -t
dkwt shutdown -t

to see the files/directories to delete.

Restrictions

The program is only available on Windows platforms.

Notes

This program uses DK libraries version 3.

Examples

List all users, long listing

dkwt users -l

List all groups

dkwt groups

List all printers, long listing

dkwt printers -l

Send file x.prn to default printer

dkwt print x.prn

Add directory to users PATH variable

dkwt env -a PATH C:\MyDirectory

Remove directory from users PATH variable

dkwt env -d PATH C:\MyDirectory

Add directory to system PATH variable

dkwtadm env -s -a PATH C:\MyDirectory

Remove directory from system PATH variable

dkwtadm env -s -d PATH C:\MyDirectory

Profiles cleanup on Windows Vista and above

Make sure your dkwt.conf file is up to date, the [profiles] section must list the name of all profile directories to keep.

Run

dkwtadm cleanup-profiles
← Previous ↑ Home → Next

Related

Wiki: dkwt

MongoDB Logo MongoDB