Windows 2000 Server Auto-Reboot Script

I'm running a legacy network app on an antiquated server OS(Win2k Web Server) running off-site. The app is a commercial(i.e. I don't have the source) product that's been discontinued by the developer but my company is still reliant on it because there's no better product in the marketplace for this extremely niche product. The problem is that it crashes every few days and always at the worst times(weekends,3am etc) and I have to log into the server via RDC and reboot the server and manually restart the app once the server comes back up. The server does nothing but host this app. I've tried it on win2k3 and it still crashes so a change of OS won't help.

I'm trying to automate this server to reboot and then restart the app when it finds that the app has died. I have a method of detecting when this app has died and have the ability to run any kind of script/exe at that time. The app cannot run as a service(I've tried like heck to get this working but there's no chance). It's got to run on the desktop of the RDC user and there's no way around this because I need to interact with it on the desktop frequently. So:

1: Recognize when the app is dead(done) 2: Reboot the server automatically when this is done (simple, done) 3: When the server finishes rebooting open this app on the RDC desktop of an admin level user.

My formal question is: How do I do #3?

Any advice would be extremely welcome and appreciated.


I'm going to say what others have said, but a little differently, as I've done this very thing with a couple of god-awful programs (both of which are polling programs for time clocks-- what is it with programs that poll time clocks being sucky crap?):

  • Logon to the server computer as the user who will run the application. Set the user's screensaver to be secure (i.e. require a password). You should probably use "blank screen" to save CPU.

  • Place shortcuts to your script to start the application and test for its "aliveness" into the "All Users" "Startup" group. (Be sure that your script gives the application ample time to actually start before checking whether it's "dead".)

  • Grab a copy of "nircmd" from http://www.nirsoft.net/utils/nircmd2.html and throw it into the %SystemRoot%\System32 directory (or anywhere, really). Add a shortcut to the "All Users" "Startup" group to call:

    %SystemRoot%\system32\nircmd.exe screensaver

  • Add the following registry values, substituting in the appropriate username and password.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    AutoAdminLogon - REG_SZ - 1
    DefaultUsername - REG_SZ - Set to user name to logon with
    DefaultPassword - REG_SZ - Set to password to logon with
    DefaultDomain - REG_SZ - Set to either local machine's name if a local account is used to logon, or domain's name if a domain account is used to logon.
    ForceAutoLogon - REG_SZ - 1
  • Modify the permission on the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key (using REGEDT32) to remove the "Power Users" and "Users" groups from the ACL on that key. (I just tested this on a W2K machine, and it does not disrupt the autologon). This will prevent the plaintext password from being read by a limited-access user on the box.

At this point, the computer will boot and automatically logon as the user you've specified, start the application and your "deadness" script, and immediately go into a locked screensaver. The key being held during boot won't stop the auto-logon (but, since this is off-site, hopefully they keyboard / mouse are secured anyway).

If you can run it on W2K3, you can use the "/admin" or "/console" argument on the Remote Desktop client (depending on which version you have-- do a "/?" to see) to connect to the console session. You will need to logon with the same username and password used by the autologon account, and anybody w/o that username and password won't be able to connect to the console session.

If you have to stick to running it on W2K, install something like VNC so that you can take remote control of the console session. If you do use VNC, be sure to modify the permission on the registry key where the machine VNC configuration is stored (HKEY_LOCAL_MACHINE\Software\ORL\Winvnc for older versions, other places for newer versions) to remove "Users" and "Power Users" from the key's ACL. This will prevent limted-access users from reading the VNC password hash, which can easily be reversed back into the VNC password.

That's how I'd do it.


The key here is security - in short you aren't going to have any if you follow these instructions.

Steps are: 1. Auto-login. 2. Run a (cmd) batch file that kicks off your program when you login.

For auto-login - just use TweakUI - it's just a bunch of registry files, but TweakUI is the best way to write these nicely.

For the batch file, just write a cmd file that runs your program and put it in the "Start up" folder in the "All users" directory.

There will be more sophisticated ways of doing this, but this low-tech mechanism will work but will 100% compromise security of the server!

Mike