NTUserInfo.vbs is a script based on Ralph Montgomery’s NTUser.wsf file. It gives a good summary about a user account, including user name, description, password status, and more. I have made a number of changes, including the ability to copy the results to the clipboard using IE. Rename from .txt to .vbs. New version 10/23/2009 allows entry of user name by samaccount name or UPN. This entry was originally posted on March 23, 2009. The new (3/3/13) alternative version, NTUserInfo_IE.vbs outputs to IE instead of a MSGBox. This way you can copy the information to your clipboard.
A lot of folks have been asking me why I haven’t written any PowerShell scripts. The answer is that I am pretty good at vbscript, and I couldn’t find anything that I wanted to do that I couldn’t do with vbscript.
Last week I spent some time waiting for a computer to reboot. I used ping -t to watch the replies, and then waited until I could use the Remote Desktop Connection (RDC) to connect using RDP. I thought to myself, “self — you sure have spent a lot of time waiting for systems to come up”. RDP2.ps1 is a PowerShell script that does the tedious watching for you. It will wait for both the system and the remote access interface to come up, and then will launch the RDC to the computer. You can run it interactively, or with the command line:
./rdp2.ps1 computername[:port] -WaitForReboot
The port is an option for nonstandard ports. -WaitForReboot does just that. If the system is still up when you launch the script, it will wait for it to reboot.
Like many first scripts, this is largely based on someone else’s work, see: http://poshtips.com/2013/02/12/check-rdp-availability-using-watch-rebootstatus-script/. I made a large number of changes in addition to launching the RDC. For those of you who have spent a lot of time with PowerShell, I am open to suggestions on how to make the code more elegant.
If you haven’t ever run a PowerShell script, you will find it is already installed on your Vista or later machine, and on Windows 2008/R2 servers. You must set the execution policy:
Revision note 3/4/2012: I have updated the script to make the MsgBox SystemModal — which is required for it to have focus.
The SysInternals ShareEnum.exe program relies on the NETBIOS browser list and chokes in very large domains. I wanted a program which let me to audit share permissions with greater flexiblity.
ShareEnum.wsf is an alternative to ShareEnum.exe. It relies on WMI to enumerate share permissions. The WMI share security decoding was written by Chris Wolf and found in a 2006 article at redmondmag.com.
The script can read your list from Active Directory, and it can also process a list of files. It ignores admin shares, and optionally ingnores print$ shares. I recommend that you run it with elevated rights from an administrator’s workstation with Excel installed. If Excel is installed, it will write the report to an XLS file. If Excel is not installed, it will write to a tab delimited text file. If you choose a single computer, the information will be written to an IE based display window.
The WSF file is an interesting format, as it permits you to have multiple “job” files. I use it here to separate the front end from the working code. Rename the file from ShareEnum_wsf.txt to ShareEnum.wsf.
In a very large environment, getting a list and keeping track of SQL installs may be come problematic. I wanted a way to track down all SQL installs, for licensing, management and security. When you install SQL, it creates a Service Principal Name (SPN) in Active Directory.
I took a script which created a list of SQL installations by looking at SPNs, and then added the information I wanted to collect. DomainSQLServerReport.vbs does the following: 1) Gets list of SQL SPN servers from AD. 2) Ping the list. 3) If there is a reply then try to connect to the SQL server using integrated authentication to query version and SQL instances.
If you are a Domain Admin, and if integrated authentication is enabled, you will get a lot of data this way. You will also find your AD to be littered by unused SPNs, which you can delete (see, for example instructions here).
If you run this from a desktop with Excel installed, you will have a nicely formatted log file. If no Excel is installed, you will have a tab delimited log.
I have been writing HTA files for a years as a way to improve the appearance of some of my scripts. MSDN has a good article from May of 2011 about the power and utility of HTA files. After moving to Windows 7 x64, I was disappointed to find that one of my favorite HTA files, Scriptomatic, had quit working. Scriptomatic is a Microsoft utility that writes WMI code. Unfortunately when running Scriptomatic I got this error on line 177, character 4: “Could not complete the operation due to error 80041003”. If you look at the code the line is: Set objWMIService = GetObject(“winmgmts:\\” & _strWMISource & “\” & strNameSpace) If you look up the error you find that it is WBEM_E_ACCESS_DENIED, “Current user does not have permission to perform the action.” If you search this problem with Scriptomatic in Google, you will find a slew of answers concluding that your only choice is to run the tool as an administrator. This is true with the code as is, but I thought it would be more interesting to fix the problem, which is ultimately an error handing issue. Scriptomatic tries to enumerate all of WMI. An ordinary user cannot access all of WMI, so it fails with a permission error. My version of Scriptomatic (Fixed_Scriptomatic.hta) adds error handling so an ordinary user can enumerate classes where there is permission to do so. Why do this? I have another project where an ordinary user uses an HTA to get computer information. I wanted to make sure that there would be no problems. My version of Scriptomatic adds error handling. I have commented all of my changes. If you are uneasy, then I suggest you download the original file and compare. If you run my fixed version as an ordinary user, it will take a really long time to open. On my system, a full two minutes. But the resulting list will be good for the current user’s credentials. Note that HTA files run best from the local computer.
(Update: 1–24–12. Fixed the embarrasing lack of a link to the file)
Users ought not keep files on their desktops. (It is okay for admins, as we understand the risks). If you are about to do an upgrade, or just want a reminder, then FilesOnDesktop_Agent.vbs is for you. This will pop up a window with a list of files and a dire warning about data loss. If you have XP with the Agent installed, then Merlin will appear to get their attention. Run it in the logon script or a startup script.
The code fragment (scriptlet) which I have been using to pick a folder was written in 2002 based on code by Richard Mueller. My code was inelegant, and awful. It didn’t work too well in XP, and was worse still in Windows 7. I have been writing a script that needed a folder picker, and decided to revist the issue. Nine years of experience makes a big difference. The resulting bit is NewBrowseForFolder.vbs. This one works better than others because it has code to detect when what you are selecting resolves to a pathname. I tested this in XP, Windows 7 (32 bit) and 2008 R2 (64 bit) without problems.