For Better, and for MUCH Better – using a FOR Loop to run the same command against multiple computers

If you administer more than, say, 3 computers in your network, you’ve probably wanted to perform some operation against all of them in quick fashion. For example, you may get a frantic call some morning from your IT manager that goes something like this:

IT Manager: “I just got a call from my friend Bob, one of their users has just infected their network with the ReallyNastyPayload_WithAStupidName virus. He’s telling me that it targets the SuperExposed service on all Windows Servers, and that we need to shut it down ASAP! How long would it take you to do that?”

You: “That will take me about 10 min. I’ll let you know when I’m done.”

IT Manager: “Really? But we have 200 servers!! How can you get it done so fast?!”

You: “It’s kind of like magic, but I’ll explain later. Oh, and I’ll also want to discuss that raise I mentioned last week.”

IT Manager: “Okay, but are you really sure you can do this? I mean, I don’t want to tell anyone we’re covered unless you’re sure.”

You: “Don’t worry, I’ve done this before, it’ll be a piece of cake.”

IT Manager: “Man, Bob is going to think I’m so cool …”

You: “You know, now it’s going to be fifteen minutes till I’m done because we’re spending so much time on the phone.”

IT Manager: <Click> (hangs up phone)

Now you open a command prompt and you change to the directory where you have a plain text file with each of your servers on a separate line, which you created using the steps found here. Then you crack your knuckles and prepare to run a command against all of your servers which will stop and disable the SuperExposed service.

For our example, we’ll use the sc.exe command line utility, I think it’s part of the Windows Resource Kit. To disable the SuperExposed service on machine GIMLI, you’d run the following: sc.exe \\GIMLI config SuperExposed start= disabled (NOTE the space between the = sign and ‘disabled’, make sure it’s there or this command won’t work).To then stop the service after it’s been set to disabled, you’d run the following: sc.exe \\GIMLI stop SuperExposedAfterwards, just to make sure all is well, you can query for the status of the service with: sc.exe \\GIMLI queryex SuperExposed

So, how to do this against your list of 200 servers? Here’s where the beauty of the for loop comes into play.

  • create a plain text file that contains each server name one its own line in the file (server.ini, for example). See here for an example of how to create this file in an environment with Active Directory.
  • open up a command prompt and cd to the directory containing server.ini
  • type the following command:
    • for /f %i in (server.ini) do sc.exe \\%i config SuperExposed start= disabled

What’s happening in that last step is that %i becomes a variable in which each line of server.ini is stored one time while the command following ‘do’ is executed, replacing %i at the time of execution with the current server name from server.ini.So, your basically running ‘sc.exe \\SERVER config SuperExposed start= disabled’ – where SERVER gets replaced over and over one value at a time as you loop through the server.ini file.

There’s a lot more you can do with for loops, just run ‘for /?’ from a cmd prompt and read up.

For this example, you’d want to follow the above for loop with the next one to stop the targeted service on all nodes:

  • for /f %i in (server.ini) do sc.exe \\%i stop SuperExposed

And then, to query all servers and validate that the service is stopped, you’d do the following:

  • for /f %i in (server.ini) do sc.exe \\%i queryex SuperExposed >> report.txt

Adding the ‘>> report.txt’ causes the output of each command in the for loop to be appended to the report.txt file. So afterwards, you can open it up and examine it, and then send it as an attachment in an Email to your manager.

Don’t forget to follow up about that raise, too.