Posts Tagged ‘windows xp’

How to Set Folders View in Explorer Bar Permanently

Tuesday, October 27th, 2009

I have always hated that i need to go to View>Explorer Bar>Folders every time I need to get the folder view on the left, or even right-click>Explore. I want it there all the time. This little trick I learned from a colleague really helped me out.

First open My Computer
GoTo View>Explorer Bar>Folders
Here’s the trick to make it stick:
Now, goto Tools>Folder Options>File Types
Find the entry that is a folder icon with (none) next to it.
Click it, goto Advanced.
Click Explore
Then click Set Default

Voila! Now, every time you open an explorer window, the folder view will be on the left.

Tags: , , ,
Posted in Windows | No Comments »

Killing Processes on Server 2000 from VBScript

Thursday, October 8th, 2009

Alright, so we have a report server that has a massive SQL database and is running Server 2000 SP4. I honestly don’t know too much about it, because we have a DBA who does pretty much 90% of the maintenance/admin work on this server and the reports have nothing to do with the programs I work with. Anyway, the reports that are run export the SQL data to Excel spreadsheets. Once the report is run, the Excel process is left running. This server is already extremely old and bogged down as is, so having over a hundred instances of Excel running on it wasn’t helping. I wrote a script to check for all processes named “excel” and see how long they have been running, then kill the ones that were running for what seem to be too long of time. I had some issues, because Server 2000 does not have all of the capabilies as 2003, obviously. This script requires that you download pskill, part of the PSTools suite from SysInternals(now Microsoft). Now, while the script requires PSKill, it is able to run on server 2000/2003/2008(and 2000/xp/vista/7), so hopefully it is still useful to someone else out there. The script is below and I tried to make sure it was well-commented to help you out. Feel free to leave any suggestions/questions below. Enjoy.


''''This script requires pskill, part of the PSTools suite from SysInternals(now Microsoft). This script is assuming pskill is in your path for cmd line(generally, c:\windows(winnt on 2000/nt)\system32\)

Option Explicit
Dim strComputer, objWMIService, colProcessList, objProcess, PDate, Days, Hrs, Min, Sec, objSWbemLocator, WshShell
strComputer = "."
Set WshShell = CreateObject("wscript.shell")
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = 'Excel.exe'") ' Replace Excel with whatever the process is you're looking for.
Do
If colProcessList.Count = 0 Then ' This kills the script if the process we are looking for is not running.(also ties with last commented line for looping)
Exit Do
Else
For Each objProcess in colProcessList
If objProcess.CreationDate "" Then
PDate = Left(objProcess.CreationDate,14) ' pulls the date process started in format: yyyymmddhhmmss
Days = DateDiff("d",DateSerial(Left(PDate,4),Mid(PDate,5,2),Mid(PDate,7,2)),Date) ' find how many days process has been running
Hrs = Hour(Now) - Mid(PDate,9,2) ' find how many hours process was running, if started same day
Min = Minute(Now) - Mid(PDate,11,2) ' same but for minutes
Sec = Second(Now) - Mid(Pdate,13,2) ' same but for seconds
If Hrs > 6 Then ' This is where you specify how long the process has to have been running in order for it to be killed, so you don't kill active jobs. Change it from "Hrs" to "Min" or "Sec" for minutes or seconds. Change 6 to whatever number of units.(currently set to kill processes over 6 hours old)
WshShell.Run "pskill -t " & objProcess.ProcessId, 0, False
Else
If Days > 0 Then ' This is a failsafe to the previous "If". Since it only detects how many hours process was running, if started same day. This guarantees that it kills anything over a day old.
WshShell.Run "pskill -t " & objProcess.ProcessId, 0, False
End If
End If
End If
Next
WScript.Sleep 1000 ' wait before trying again
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process Where Name = 'Excel.exe'") ' Recheck for processes ' This makes the script keep looking until there aren't any active processes. i.e. a report is being run now, we will wait until it is done to kill the process and the script.
End If
Loop

Tags: , , , , , , , , , , ,
Posted in Windows, Windows - Scripting | No Comments »

Login Script for Everyone

Monday, September 21st, 2009

UPDATED 12/23/09: The script on the bottom is the original.  I have made a few changes to log all errors and to fix a couple glitches that come up in some environments.  Changed the syntax of the addWindowsPrinterConnection command, and made it set default printer.  Here is the new script(the original post is below):


Option Explicit
Const ADS_PROPERTY_APPEND = 3 'sets the variable to Append
Const ADS_UF_NORMAL_ACCOUNT = 512
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
CONST HKEY_LOCAL_MACHINE = &H80000002
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Dim WshShell : Set WshShell = CreateObject(”wscript.shell”)
Dim strContainer, strUser, i, objRootDSE, strDisplayName, ObjFSO, objInFile, objContainer, strLine, strName, objOU, objGroup, objUser, objFile, objFile2, varDomainNC, objRoot, strText, FirstLine, arrMemberOf, Group, strFirstName, strLastName, strLine2, objOU2, objNetwork, strGroup, objConnection, objCommand, objRecordSet, objErrorLog, strComputer, colItems, objWMIService, colInstalledPrinters, strComputer2
Set objOU2 = GetObject(”LDAP://CN=users,DC=domain,DC=local”)
Set objOU = GetObject(”LDAP://ou=users,ou=indianapolis,DC=domain,DC=local”)
ObjOU.Filter= Array(”user”)
Set objGroup = objOU2.Getobject(”group”, “cn=CSRs”)
Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set objNetwork = WScript.CreateObject(”Wscript.Network”)
Set objRootDSE = GetObject(”LDAP://rootDSE”)
strComputer2 = “.”
Dim CRLF
CRLF = Chr(13) & Chr(10)

‘*************(Global Scripting) this section applies to all computers no matter what group users are in.

”default lockheed banner script
Function Ask(strAction)

Dim intButton
intButton = MsgBox(strAction, _
vbQuestion + vbYesNo, _
L_Welcome_MsgBox_Title_Text )
Ask = intButton = vbYes

End Function

MsgBox “This system is the property of this Corporation, and is intended for” & CRLF & _
“the use of authorized users only. All activities of individuals using this computer” & CRLF & _
“with or without authority, or in excess of their authority, may be monitored and recorded” & CRLF & _
“by system personnel. If any such monitoring reveals evidence of criminal activity or is in” & CRLF & _
“violation of foreign or U.S. state or federal law, such evidence may be provided to law” & CRLF & _
“enforcement officials and/or used for further legal action by this Corporation and/or the” & CRLF & _
“organization’s Information Protection group. Unauthorized use of this system is prohibited” & CRLF & _
“and may result in revocation of access, disciplinary action and/or legal action. The” & CRLF & _
“company reserves the right to monitor and review user activity, files and electronic messages.” & CRLF & _
“REMINDER: Information transmitted to a foreign person on this network may be subject ” & CRLF & _
“to applicable Export Control laws. Contact your Export Coordinator for assistance.” & CRLF & _
“(This machine is not authorized for classified processing)”, _
vbOKOnly, _
“SYSTEM USE MONITORING NOTICE – IPM-003 Banner Statement”

WshShell.Run “net use s: /delete”, 0, False
WshShell.Run “Net use s: \\server\shared /persistent:yes”, 0, False

‘*************End of global scripting

”pull local computer name for loggin info.
strComputer = objNetwork.ComputerName

”pull logon id
strUser = objNetwork.UserName

”turn logon id into container name for LDAP queries

Set objConnection = CreateObject(”ADODB.Connection”)
objConnection.Open “Provider=ADsDSOObject;”
Set objCommand = CreateObject(”ADODB.Command”)
objCommand.ActiveConnection = objConnection
objCommand.CommandText = “;(&(objectCategory=User)(samAccountName=” & strUser & “));name;subtree”
Set objRecordSet = objCommand.Execute
On Error Resume Next
strUser = objRecordSet.Fields(”name”)
On Error GoTo 0
objConnection.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
strUser = Replace(strUser, “,”, “\,”)

‘’set user to have LDAP queries run
ON ERROR RESUME NEXT
Set objUser = GetObject(”LDAP://cn=” & strUser & “,ou=users,ou=indianapolis,dc=domain,dc=local”)
If Err.Number = 0 Then

”\/\/\/\/\/\/Determine Group memberships. PLEASE NOTE: group names must be in UPPER case and the “Left(strGroup, X)”
‘ X must be the number of characters in the group name.
‘\/\/\/\/\/\/\/

arrMemberOf = objUser.GetEx(”memberOf”)

If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each Group in arrMemberOf
strGroup = UCase(Group)
strGroup = Right(strGroup, Len(strGroup) – 3)
If Left(strGroup, 2) = “IT” Then
‘*****IT group scripting

‘’set Z:IT drive
WshShell.Run “net use z: /delete”, 0, False
WshShell.Run “Net use z: \\server\it /persistent:yes”, 0, False

”Prepare to set printers
Set objWMIService = GetObject(”winmgmts:\\” & strComputer & “\root\cimv2″)

”This prevents script from stopping when mapping network printers on the server where they
”are shared from
ON ERROR RESUME NEXT

”Add Printers

objNetwork.AddWindowsPrinterConnection “\\server\Xerox WorkCentre 5675 PS”
objNetwork.SetDefaultPrinter “\\server\Xerox WorkCentre 5675 PS”

‘*****End of IT
Else
If Left(strGroup, 4) = “CSRS” Then
‘*****CSR group scripting

‘*****End of CSR
Else
If Left(strGroup, 10) = “MANAGEMENT” Then
‘*****Management group scripting – NOTE: all managers are members of “Team Leads” group

‘*****End of Management
Else
If Left(strGroup, 7) = “Quality” Then
‘*****Quality scripting – NOTE: all quality are members of “TeamLeads” group

‘*****End of Quality
Else
If Left(strGroup, 10) = “TEAMLEADS” Then
‘*****Team Lead scripting

”Prepare to set printers
Set objWMIService = GetObject(”winmgmts:\\” & strComputer & “\root\cimv2″)

”This prevents script from stopping when mapping network printers on the server
”where they are shared from
ON ERROR RESUME NEXT

”Add Printers
objNetwork.AddWindowsPrinterConnection “\\server\Xerox WorkCentre 5675 PS”

‘*****End of Team Lead
End If
End If
End If
End If
End If
Next
Else
‘*****Create Error Log if groups could not be determined

Set objErrorLog = objFSO.OpenTextFile(”\\server\errors\signonerrors.txt”, ForAppending, True)
objErrorLog.WriteLine strUser & ” on ” & strComputer & ” could not be found in Active Directory on ” & Date
objErrorLog.WriteLine “The error code is ” & Err.Number
Err.Clear
End If
Else
‘*****Create Error Log for all other errors
Set objErrorLog = objFSO.OpenTextFile(”\\server\errors\signonerrors.txt”, ForAppending, True)
objErrorLog.WriteLine strUser & ” on ” & strComputer & ” had the following error: ” & Err.Number & ” on ” & Date
Err.Clear
End If

ORIGINAL POST: We have a new program in with a new domain. On our other networks, there are seperate logon scripts for pretty much every security group and they all call other scripts. With this network, i wanted to keep things simple, so this script connects to AD and checks their group membership before running the apropriate commands for each group. This particular network does not have any shares yet, and isn’t very complex, but here is the base of it. Let me know if you want to know how to add anything more to it.

Option Explicit
Const ADS_PROPERTY_APPEND = 3 'sets the variable to Append
Const ADS_UF_NORMAL_ACCOUNT = 512
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
CONST HKEY_LOCAL_MACHINE = &H80000002
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Dim WshShell : Set WshShell = CreateObject(”wscript.shell”)
Dim strContainer, strUser, i, objRootDSE, strDisplayName, ObjFSO, objInFile, objContainer, strLine, strName, objOU, objGroup, objUser, objFile, objFile2, varDomainNC, objRoot, strText, FirstLine, arrMemberOf, Group, strFirstName, strLastName, strLine2, objOU2, objNetwork, strGroup, objConnection, objCommand, objRecordSet, objErrorLog, strComputer, colItems, objWMIService, colInstalledPrinters, strComputer2
Set objOU2 = GetObject(”LDAP://CN=users,DC=arra,DC=local”)
Set objOU = GetObject(”LDAP://OU=arra-users,DC=arra,DC=local”)
ObjOU.Filter= Array(”user”)
Set objGroup = objOU2.Getobject(”group”, “cn=CSRs”)
Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set objNetwork = WScript.CreateObject(”Wscript.Network”)
Set objRootDSE = GetObject(”LDAP://rootDSE”)
strComputer2 = “.”
Dim CRLF
CRLF = Chr(13) & Chr(10)

‘*************(Global Scripting) this section applies to all computers no matter what group users are in.

”default lockheed banner script
Function Ask(strAction)

Dim intButton
intButton = MsgBox(strAction, _
vbQuestion + vbYesNo, _
L_Welcome_MsgBox_Title_Text )
Ask = intButton = vbYes

End Function

MsgBox “This system is the property of this Corporation, and is intended for” & CRLF & _
“the use of authorized users only. All activities of individuals using this computer” & CRLF & _
“with or without authority, or in excess of their authority, may be monitored and recorded” & CRLF & _
“by system personnel. If any such monitoring reveals evidence of criminal activity or is in” & CRLF & _
“violation of foreign or U.S. state or federal law, such evidence may be provided to law” & CRLF & _
“enforcement officials and/or used for further legal action by this Corporation and/or the” & CRLF & _
“organization’s Information Protection group. Unauthorized use of this system is prohibited” & CRLF & _
“and may result in revocation of access, disciplinary action and/or legal action. The” & CRLF & _
“company reserves the right to monitor and review user activity, files and electronic messages.” & CRLF & _
“REMINDER: Information transmitted to a foreign person on this network may be subject ” & CRLF & _
“to applicable Export Control laws. Contact your Export Coordinator for assistance.” & CRLF & _
“(This machine is not authorized for classified processing)”, _
vbOKOnly, _
“SYSTEM USE MONITORING NOTICE – IPM-003 Banner Statement”

‘*************End of global scripting

”pull local computer name for loggin info.
strComputer = objNetwork.ComputerName

”pull logon id
strUser = objNetwork.UserName

”turn logon id into container name for LDAP queries

Set objConnection = CreateObject(”ADODB.Connection”)
objConnection.Open “Provider=ADsDSOObject;”
Set objCommand = CreateObject(”ADODB.Command”)
objCommand.ActiveConnection = objConnection
objCommand.CommandText = “;(&(objectCategory=User)(samAccountName=” & strUser & “));name;subtree”
Set objRecordSet = objCommand.Execute
On Error Resume Next
strUser = objRecordSet.Fields(”name”)
On Error GoTo 0
objConnection.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing

‘’set user to have LDAP queries run
Set objUser = GetObject(”LDAP://cn=” & strUser & “,ou=arra-users,dc=arra,dc=local”)

”\/\/\/\/\/\/Determine Group memberships. PLEASE NOTE: group names must be in UPPER case and the “Left(strGroup, X)”
‘ X must be the number of characters in the group name.
‘\/\/\/\/\/\/\/

arrMemberOf = objUser.GetEx(”memberOf”)

If Err.Number E_ADS_PROPERTY_NOT_FOUND Then
For Each Group in arrMemberOf
strGroup = UCase(Group)
strGroup = Right(strGroup, Len(strGroup) – 3)
If Left(strGroup, 2) = “IT” Then
‘*****IT group scripting

‘’set Z:IT drive
WshShell.Run “net use z: /delete”, 0, False
WshShell.Run “Net use z: \\indarradc04\it”, 0, False

”Prepare to set printers
Set objWMIService = GetObject(”winmgmts:\\” & strComputer & “\root\cimv2″)

”This prevents script from stopping when mapping network printers on the server where they
”are shared from
ON ERROR RESUME NEXT

”Add Printers
objNetwork.AddWindowsPrinterConnection(”\\indarradc03\Xerox WorkCentre 5675 PS”)

‘*****End of IT
Else
If Left(strGroup, 4) = “CSRS” Then
‘*****CSR group scripting

‘*****End of CSR
Else
If Left(strGroup, 10) = “MANAGEMENT” Then
‘*****Management group scripting – NOTE: all managers are members of “Team Leads” group

‘*****End of Management
Else
If Left(strGroup, 10) = “TEAM LEADS” Then
‘*****Team Lead scripting

”Prepare to set printers
Set objWMIService = GetObject(”winmgmts:\\” & strComputer & “\root\cimv2″)

”This prevents script from stopping when mapping network printers on the server
”where they are shared from
ON ERROR RESUME NEXT

”Add Printers
objNetwork.AddWindowsPrinterConnection(”\\indarradc03\Xerox WorkCentre 5675 PS”)

‘*****End of Team Lead
End If
End If
End If
End If
Next
Else
‘*****Create Error Log if groups could not be determined

Set objErrorLog = objFSO.OpenTextFile(”\\indarradc04\errors\signonerrors.txt”, ForAppending, True)
objErrorLog.WriteLine strUser & ” on ” & strComputer & ” could not be found in Active Directory on ” & Date
Err.Clear
End If

Again, let me know if you need help modifying/adding anything for your own use.

**UPDATE(9/25)**

Changed the
WshShell.Exec(”net use…”)
lines to
WshShell.Run “net use…”, 0, False

This allows us(and does it already) to set any outside commands or scripts(in this case mapping drives, but can call bat files or whatever) to run invisibly(the 0), and “False” says to continue with the rest of the script immediately, True would mean to wait for the outside command to complete before continuing. This site has the details.

Run Method(Windows Script Host)

Tags: , , , , , , , , , ,
Posted in Windows, Windows - Scripting | No Comments »

Java Remote Install via GPO and Permissions

Monday, June 29th, 2009

Alright, so we had some training that needed the latest Java(6u14) to work.  I extracted the .msi and pushed it out by GPO by doing the following:

Download the version you want from: http://java.com/en/download/manual.jsp

Install Java to the machine you are using.  Once done, go to

C:\documents and settings\<your username>\application data\sun\java\jre<version> folder.

In this folder, there is an msi and a file called data1.cab.  Copy this to a file share accessible by the clients.

Go to GPMC and add  a new GPO, go to Computer Settings>Software Settings>Software Installation>Right click and add new.  Put in the UNC to the msi file(the cab must be in the same directory as the msi btw).  Then set any permissions you want by going to the properties after it is added.

This is the basic way to get Java to install via GPO.  We had one issue, where the training application needed users to have admin rights to the Java folder for the training to run.  Here is what I did for that.

First, make sure you have PSExec installed on the machine you ware working on.

Run a command psexec \\<remote machine name> echo y| cacls “c:\program files\java” /g “<domain>\domain users”:f

This grants any domain users on the machine have /f(full access) to the java folder.  The echo y| is piped in because, cacls command doesnt have a switch to automatically answer y/n to confirm.  this pipes in the y after you run the command.

There is a great program out there for modifying settings in MSI files.  It’s called orca.  you can get it here. Once installed you can do a ctrl+f to find settings and change them.  Some googling may be needed to find what values things need to be set to, but this is one that I do with Java to make it not prompt users for updates constantly.

In orcca, open the jre<version> msi and go to Property table(left column) and find AutoUpdateCheck in the right side.  Change the value to 0(zero).  Then save the msi.  For more options, you can find info on sun’s website and just by looking through the msi in orca.  A lot of the options are selfexplanatory, but there is the ability to go way more in depth than I currently know how, as well.

Tags: , , , , , , , , , , , , ,
Posted in Windows - Group Policy | No Comments »

How to Modify Registry Settings via Batch File(or DOS promt) OR Making WSUS work

Wednesday, June 24th, 2009

The need for this came about recently at my new job.  The place has no patch management software in place and is incredibly far behind and failing compliance in their security audits.  I threw in a WSUS server, thinking it would be fairly easy since I had done it before in new environments without ever having a hitch.  Well, let me tell you, this was no picnic.  There were previously 4 seperate WSUS servers for different OUs… Stupid.  Anyway, it took me some time to remove the GPOs and remnants of the ols SUS servers.  They hadn’t been used in over 4 years and none of the current staff knew they ever existed anyway.

I cleaned everything up(or so I thought), and installed WSUS clean on our utility server(running Server 03).  synchronized with Microsoft and approved all critical updates.  I put in a GPO on the domain linked to the OUs containing anything that wasn’t a server, since I wasn’t up for going through checking server updates and they don’t have a test environment.  (There are well over 100 servers here, I don’t want to patch them all with a faulty patch and lose my job in less than a month)… Aanyway, only about 20/500 PCs joined, I tried everything from PSEXECing gpupdate /force, remotely installing the newest windows update client, and a couple other things.  nothing was working.  I went over the Group Policies dozens of times.  Why wasn’t it working?  I still have yet to figure it out, but I do have a workaround.

The settings for the clients that I wanted were as follows:

WSUS Server http://wsus:8530

Download and install every thrusday at 11pm

The registry keys for these settings are at:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

and

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

This is what I put in the .bat file:


reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUServer /t reg_sz /d "http://wsus:8350" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v WUStatusServer /t reg_sz /d "http://wsus:8350" /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v UseWUServer /t reg_dword /d 1 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v AUOptions /t reg_dword /d 4 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t reg_dword /d 0 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallDay /t reg_dword /d 5 /f
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /v ScheduledInstallTime /t reg_dword /d 23 /f

I set the script to run at Computer startup via GPO, and voila, They are all joining.  Now I need to figure out the cause of all my pain.  Here are a couple more resources that may help with other questions.  Leave a comment if you have any questions and I’ll do my best to answer it.

MS-DOS “REG” command help

Automatic Updates Registry Values

Tags: , , , , , , , , , , , , , , ,
Posted in Windows - Registry, Windows - Scripting | 3 Comments »

VBScript/GPO to Change Network Speed/Duplex settings

Thursday, June 4th, 2009

OK, so I have a project where there is a system in place to monitor user desktops and it is getting a 1 second lag.  I Can’t give much more detail than that, but the manufacturers of the software recommended setting the network speed of all servers/clients in the environment to 100M/Full.  This is only affecting a portion of our network and all of our equipment is GB/Full.  There are 80 users and 4 servers that need these changes made.  I needed a way to automate this switch to those particular machines, so I turned to VBscript and GPO.

Here is the script I used:


Option Explicit
Const HKEY_LOCAL_MACHINE = &H80000002
Const ForReading = 1

CheckAllNICS

Sub CheckAllNICS
Dim objFSO : Set objFSO = WScript.CreateObject(”Scripting.FileSystemObject”)
Dim InputFile, ArrayFile, i
InputFile=”localhost”

ArrayFile = Split(Trimws(InputFile),vbcrlf)

For i = 0 To UBound(Arrayfile)
If IsOnline(Arrayfile(i)) Then
IdentifyNIC(Arrayfile(i))
Else
WScript.Echo ArrayFile(i) & “,OFFLINE”
End If
Next
End Sub

Sub IdentifyNIC(strComputer)
Dim objReg
Dim blnNicFound
Dim strKeyPath,arrSubKeys,subkey,strValue
On Error Resume Next
blnNicFound = True
Set objReg = GetObject(”winmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\default:StdRegProv”)
If Err Then
WScript.Echo strComputer & “,ERROR READING REGISTRY”
Exit Sub
Else
strKeyPath = “System\Currentcontrolset\Control\Class\{4D36E972-E325-11CE-BFC1-08002be10318}”
objReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

For Each subkey In arrSubKeys

objReg.GetStringvalue HKEY_LOCAL_MACHINE, strKeyPath & “\” & subkey,”DriverDesc”, strValue
Select Case strValue
Case “3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)”
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case “Broadcom NetXtreme 57xx Gigabit Controller”, “Broadcom NetXtreme Gigabit Ethernet”
CheckDuplexValue strKeyPath & “\” & subkey, “RequestedMediaType”, strComputer, strValue
Set strIntel = “false”
Exit Sub
Case “Broadcom NetXtreme Gigabit Ethernet”
CheckDuplexValue strKeyPath & “\” & subkey, “RequestedMediaType”, strComputer, strValue
Set strIntelA = “false”
Exit Sub
Case “HP NC7781 Gigabit Server Adapter
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case “HP NC7782 Gigabit Server Adapter
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case “Intel(R) 82540EM Based Network Connection”, “Intel(R) PRO/100 VE Network Connection”, “Intel(R) 82566DM-2 Gigabit Network Connection”, “Intel(R) PRO/100 VM Network Connection”, “Intel(R) PRO/1000 EB Network Connection with I/O Acceleration”, “Intel(R) PRO/1000 MT Network Connection”
CheckDuplexValue strKeyPath & “\” & subkey, “SpeedDuplex”, strComputer, strValue
Set strIntel = “true”
Exit Sub
Case “Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller”
CheckDuplexValue strKeyPath & “\” & subkey, “ConnectionType_A”, strComputer, strValue
Exit Sub
Case “NVIDIA nForce Networking Controller”
CheckDuplexValue strKeyPath & “\” & subkey, “ForceSpeedDpx”, strComputer, strValue
Exit Sub
Case “Realtek RTL8139C+ Fast Ethernet NIC”
WScript.Echo “** CHECK DUPLEX SETTING MANUALLY **”
Exit Sub
Case Else
blnNicFound = False
End Select
Next

If Not blnNICFound Then
WScript.Echo “Unknown NIC on ” & strComputer
End If

End If
End Sub

‘ON INTEL 4 = 100/FULL, ALL OTHERS 6 = 100/FULL, 0 = AUTO FOR EVERY KNOWN NIC

Sub CheckDuplexValue (strDuplexSettingKeyPath,strDuplexSettingSubKey,strComputer,NICType)
Dim strValue
Dim objReg : Set objReg = GetObject(”winmgmts:{impersonationLevel=impersonate}!\\” & strComputer & “\root\default:StdRegProv”)
objReg.GetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, strValue
If strValue <> 6 Then
objReg.SetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, “6″
objReg.GetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, strValue
‘WScript.Echo strComputer & “,” & NICType & “,” & strDuplexSettingSubKey & “,” & strValue
End If
If strIntel = “true” Then
objReg.SetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, “4″
objReg.GetStringValue HKEY_LOCAL_MACHINE, strDuplexSettingKeyPath, strDuplexSettingSubKey, strValue
‘WScript.Echo strComputer & “,” & NICType & “,” & strDuplexSettingSubKey & “,” & strValue
End If

End Sub

Private Function trimWS(sTxt)
Dim oRE : Set oRE = New RegExp
oRE.Pattern = “(^\s+)|(\s+$)”
oRE.Global = True
trimWS = oRE.Replace( sTxt, “” )
End Function

Function IsOnline(PCName)
Dim objItem
Dim objPing : Set objPing = GetObject(”winmgmts:{impersonationLevel=impersonate}”)._
ExecQuery(”select * from Win32_PingStatus where address = ‘” & PCName & “‘”)

For Each objItem in objPing
If IsNull(objItem.ReplySize) Then
IsOnline = False
Else
IsOnline = True
End If
Next

End Function

So, basically, you need to find the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}001

This is for any NIC on Windows XP.

The Line “DriverDesc” is the Driver name, it much match one of the names in the script above(I left the settings for all the various, to help ease the pain a bit).  Most Drivers will either have a DWORD for “RequestedMediaType”(Broadcom) or “SpeedDuplex”(Intel).  You will have to test to find for others, refer to the script if it helps.  The Registry values to set all cards to auto is “0″(zero), for ALL NICs.  to set to 100/Full, its 6(broadcom) or 4(intel).  adjust the script to meet your needs.

Then, I first tried to call the script from the user’s normal logon file: a batch script.  this would have worked, except users need admin rights to run vbscripts.  Since this is a high security environment, that was not an option.  So I linked a GPO to the OU for the computers I needed the settings changed on.  The GPO was:

Computer Configuration>Windows Settings>Scripts>Startup.  Simply put the path to the script and have the users reboot their machines.  When the machines come up, all pcs will be at the correct speed.

Leave a comment if you have any questions.  I would be glad to go more in depth about how the script works, if anyone cares to know.

Tags: , , , , , , , , ,
Posted in Windows - Group Policy, Windows - Scripting | No Comments »

Uninstalling Trend Micro Client/Server Security without a Password or Why are Some Consultants Pricks

Monday, May 4th, 2009

So, I have been working with a new client recently.  They switched from another IT vendor with a “lack of communication skills”.  The other provider would never tell them if they were going to reboot the server, did not provide ANY antivirus, on the server or clients, and several other issues that I don’t really care about(seem personal).  During the transition, I told my client to request all passwords from their previous vendor(PIX fw password, domain admin, local admin pw if different, and pw to wireless router)  The vendor gave the domain administrator password up(although they had some GPO’s restricting it from adding new users and other things because they used custom admin accounts instead), but “didn’t remember”  the Cisco PIX pw.  Either they really are a horrible IT provider or they are assholes… you choose.  Although this really isn’t as uncommon as I wish it was, I had having to dick with resetting passwords and trying to pry information out of people.  Anyway, before the April 1 Conficker was supposed to hit, they had provided them with a free trial of Trend’s newest worry-free small business client/security.  I thought this was a huge sign that the vendor was trying, since they didnt have av for the previous 2 years and the event viewer was flooded with errors and the clients just though IT didnt work altogether.  Shortly after this 30-day trial was installed, the transition was made.  I ordered the client Symantec Endpoint Protection 11.0 (MR4) w/ SEPM (my preferred av).  I went to install the new av and realized, since they never had av before, I had not had my clients ask for an uninstall password for the av.  I called the company and asked them for the uninstall password.  Of course, they “forgot” this password as well…

Off I go on one of my favorite tasks: removing av from an entire office without a management console to expedite or a password to even do it remotely fast on each machine.  First, I decided to take it off of the server and put SEPM on the server.  I wanted to make sure the server was taken care of first.  I used this page to take care of it.  Worked ok, except when the server came back online, it could not pick up a network connection.  Of course it is set with a static IP.  I tried WinSockFix, which I would not recommend to use on a server, but by the time i used it, I was somewhat desperate.  I checked all services.  Removed some updates that I had known to cause issues before on SBS 2003(951746 and 951748, if ipsec service wont start and these were recently installed, remove and reboot.  they cause issues on sbs 03 and kill networking).  Finally, downloaded the newest drivers for the nic from dell and moved over on my flash drive.  installed them, with no effect, so I rolled back the driver and… it worked.  That was my dumb ass not reallizing right off the bat to just reinstall the driver.  We all make mistakes I guess.  Anyway, I got SEP and SEPM on the server, but now had to uninstall trend from all of the clients.  What a nightmare.  It isn’t a big company, but I didn’t want to go through and kick anyone off of their machines unnecessarily and have to manually do each machine.  Here’s what I did to remove trend from the clients:

First, remote registry service must be running on the clients and you must be using a domain administrator account. By default, remote registry is enabled on XP.  Here is what to do:  to allow uninstall of clients without a password, you can modify with regedit and connect to remote computer, but if working with multiple machines, I use multi-remote registry change.  The trial version does everything you need, but only 10 clients at a time.  This is worth it for me to save some cash.  i had multiple pcs, but not enough to pay for the product, although i may purchase it now, just to support the company in hopes of a tool for vista.  select the client computers and modify the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.\Allow Uninstall

change the value to 1.

(do a “replace” in multi remote changing value from 0 to 1)

Now, we are able to uninstall the application without the password.  We need the path to the uninstaller for Trend. This is found by going to the

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ WINDOWS\CURRENT VERSION\UNINSTALL

registry key and looking for the subkey dealing with uninstalling trend client\server.  I only put this section in, because you can find the manual uninstall for any application this way.  I have the path for trend’s for you already, though.

“C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe”

Now, we know how to uninstall it, but to remotely run the uninstaller, we need a tool called psexec.  This is part of the PsTools Suite from sysinternals(now microsoft).  Use the psexec command from the command prompt like so:

psexec \\computer_name "C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"

Now it will uninstall from that machine.  You could make a quick batch file to have it run through every machine on the domain doing this, but I dont feel like writing that out here.  leave a comment if you want more detail.  Anyway, there is no restart required for this uninstall, so you are good to install whatever new AV you have…  next time, brute forcing a Pix 501 because jerks won’t give you passwords.

Tags: , , , , , , , , , ,
Posted in Antivirus, Linux - Scripting, Security, Windows | 5 Comments »

Watchguard SSL VPN – updated 5/14(see bottom)

Wednesday, April 15th, 2009

So, we tend to use Firebox (http://www.watchguard.com) firewall appliances quite a bit at the company I work for.  When I first started this job, I was very skeptical of their abilities, but I focused more on the server side of things and not routing or advanced firewalling.  Lately, though, I have been forced to become more familiar with them and I must say, I like them more and more all the time.  One of the most used features of the Watchguards is their Mobile User VPN.  Well, I never before messed with AD authentication in the Firebox, I always just set up users in the FireboxDB.  I also foudn out that licensing for SSL VPN users is 20:1 to MUVPN users… way more bang for your buck.  SSL VPN only works(to my knowledge) with 750 or higher models.  Basically anything using WSM.  Here’s a quick little tutorial:

Once connected to your Firebox, open the Policy Manager.

First, we need to setup AD authentication.  Go to Setup>Authentication>Authentication Servers.  Go to Active Directory tab and check Enable Active Directory server.  Put in the IP of a domain controller in your environment.  This DC MUST be a global catalog server.  Set the port to 3286(GC port).  Search Base must be in format: dc=business,dc=local (for AD domain business.local).  You should be done here, there are other optional settings and you can configure a secondary DC to use, but this will work for now, just copy these settings over for the secondary.  Click OK and go back to the Policy Manager.

ad

At the top, go to the VPN menu > Mobile > SSL

Select the box to Activate SSL VPN, then choose authentication type.  For this snippet, I am only doing Active Directory authentication because I find it the most useful for my clients.

Next, put in your public IP/domain name in the box that says “Please type or select IP or domain name for SSL VPN  users to connect to”.  If you have multiple external IPs assigned to this device, you can do a backup, but that’s personal preference and I don’t see too much of an advantage since they are most likely the same WAN block from the same ISP.

Then, just select the resources they will have access to and the IPs they will be using.  The VPN users’ IPs should not be on the same subnet as your internal networks(trusted, optional, or any others).

vpn

In the Advanced tab, choose your encryption (I use SHA1-3DES since it is the most secure, but a litlle lower speed).

Here is one thing to note.  I always change the Port to 444.  No matter where I go, port 443(default SSL) is already in use.  Changing this helps prevent conflicts.  I can’t think of anything that uses 444 by default off the top of my head and I haven’t seen any conflicts, yet.

For DNS and WINS servers, be sure you use your AD domain name(i.e. business.local) and at least one DC for the DNS(preferably the same as the one from authentication).

ssl2

Click OK.  Go ahead and save the configuration changes to the Firebox and you’re done as far as configuration goes.  For users to connect, they will need to download a small client(don’t worry it’s tiny and it’s easier for an idiot to get than google toolbar) from https://yourpublicipordomain.com:4100/sslvpn.html.  They will need to use their AD information to log into this site.  They will be prompted to download a windows client or mac client.  Yes, this works with Windows 2000, XP, Vista, 7 beta, OS X 10.x.  At least, it has for me; I’m not sure what Watchguard is claiming.  Anyway, once it’s downloaded, the client sits in the task bar and, when clicked, will pop up a username/password screen.  AD information will log them in and you don’t have to worry.  If it ever starts having issues or Watchguard updates the firmware for your Firebox(which they’re always doing) and it causes an issue, the client is designed to be able to simply go back and re-download/install.  No unistalls or tweaks.

Hope this helps someone out there.

updated 4/16:  FYI, the SSL VPN client is not compatible with any 64-bit OS’s

updated 5/14 CRITICAL NOTE:

I forgot to put an absolutely critical key step into this and I apologize to all.  Watchguard, by default looks for a security group in AD to approve users.  in AD, go to security groups and add a group “SSLVPN-Users”.  Then add whoever will be using the VPN to the group, if it is everyone, then just add domain users.

secgroupadd

Tags: , , , , , ,
Posted in Firewalls, Watchguard | 2 Comments »