Sometimes you get a panicked call saying, “I got a message saying my computer will reboot in 5 minutes”. StopSCCMRestart.cmd allows you to abort the reboot on a local or remote machine. It works by killing the SMSCliUI.exe task. The task will be eventually restarted, but this should give your user a chance to reboot at a more convenient time.
The SysInternals ShareEnum.exe program relies on the NETBIOS browser list and chokes in very large domains. I wanted a program which let me to audit share permissions with greater flexiblity.
ShareEnum.wsf is an alternative to ShareEnum.exe. It relies on WMI to enumerate share permissions. The WMI share security decoding was written by Chris Wolf and found in a 2006 article at redmondmag.com.
The script can read your list from Active Directory, and it can also process a list of files. It ignores admin shares, and optionally ingnores print$ shares. I recommend that you run it with elevated rights from an administrator’s workstation with Excel installed. If Excel is installed, it will write the report to an XLS file. If Excel is not installed, it will write to a tab delimited text file. If you choose a single computer, the information will be written to an IE based display window.
The WSF file is an interesting format, as it permits you to have multiple “job” files. I use it here to separate the front end from the working code. Rename the file from ShareEnum_wsf.txt to ShareEnum.wsf.
I got a message from a datacenter recently. They were looking for a server. Apparently the location information was mis-recorded (or forgotten). They asked me whether I could make the computer beep so it could be located. The DOS bell is CTRL-G. Typing CTRL-G (ASCII 7) was easy in DOS days, but is a little challenging in Windows land. I solved this by dusting off the WordPerfect Editor (see post here). The resulting batch file beep.cmd loops the bell until you break or close the window.
You can also create a file from the command line with the bell:
copy con bell.bat
@echo off
echo ^G
^Z
They found the server pretty quickly.
In a very large environment, getting a list and keeping track of SQL installs may be come problematic. I wanted a way to track down all SQL installs, for licensing, management and security. When you install SQL, it creates a Service Principal Name (SPN) in Active Directory.
I took a script which created a list of SQL installations by looking at SPNs, and then added the information I wanted to collect. DomainSQLServerReport.vbs does the following: 1) Gets list of SQL SPN servers from AD. 2) Ping the list. 3) If there is a reply then try to connect to the SQL server using integrated authentication to query version and SQL instances.
If you are a Domain Admin, and if integrated authentication is enabled, you will get a lot of data this way. You will also find your AD to be littered by unused SPNs, which you can delete (see, for example instructions here).
If you run this from a desktop with Excel installed, you will have a nicely formatted log file. If no Excel is installed, you will have a tab delimited log.
Getting a list of the local administrators is a routine security task. A popular way to do this is with EnumLocalGroup.vbs, a script written by Richard Mueller. I found that this has some error handling issues, especially where you have the problem of a nested group which creates a recursion loop.
EnumAdmins.vbs is my version of this file. Enumeration failures are logged. It only runs locally.
One of the questions that is frequently asked in a large organization is, “Who uses computer XYZ123?”. Many tools will report the current user, but the current user may or may not be the the person who usually works on a given computer. The current user for the computer you are logged on logged onto to fix is probably not the name you want.
In pre-Windows 7 days, I used to pull the user information from the registry location HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName. I recently found out that this has been moved to HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser for Windows 7.
Unfortunately when I went looking in the new location, there was nothing there. The missing LastLoggedOnUser was a weird problem. After some Google search time I found that if you use a GPO entry to clear the last username then LastLoggedOnUser is not populated.
I then spent some time with WMI, and found some interesting information is available in Win32_NetworkLoginProfile. I ended up writing two scripts: LastUserLogon.vbs gets the last user for a computer, and TopComputerUsers.vbs (pulled, see below) which collects the top 5 interactive logons for a computer. Both let you copy the data to the clipboard if Word is installed, otherwise the information can be output to notepad.
The TopComputerUsers script is interesting because WMI contains a count of user logons, and I use a disconnected recordset to sort the user information by number of logons. The LastUserLogon gives you a subset of the information from TopComputerUsers, and can help you determine whether a given computer is underutilized.
Both will work on local or remote computers. Both take a computer name as an argument. And both scripts tell you who the current user is.
Name resolution problems are a plague for system administrators. If you think you are working on ComputerA but instead are working on ComputerB much gnashing of teeth may result. In our environment we have NetBIOS and FQDNs to resolve. The correct name, of course, is the one in the registry.
NameResolution.wsf checks the registry, FQDN and NBTName for computers. Any name mismatches are noted. This is an example of a WSF front end that I wrote. The front end lets you run the script against a single file name, a list of files typed, a file of computer names, or a list from AD. When you run it against more than one computer it is multi-threaded. The results are written to a file on your desktop. I had some strange issues with the .Run and .Exec methods for wshShell on a Windows 7 x64 system. These returned “file not found” when I tried to run NBTSTAT. I rewrote the script to use the WMI Win32_Process create method instead. (Later I discovered that this was related to an old version of PrimalScript.)
Soon I will post a script to fix PTR errors.
Bad Behavior has blocked 90 access attempts in the last 7 days.