Posts Tagged ‘WMI’

Finding Rarely Used Computers On Your Network

Saturday, February 13th, 2016

I support a number of hospitals.  Many of these have very large facilities, where the placement of computers was originally done by a space planner or others trying to make an educated guess about how and where people would be working.  Frequently we find that there are computers which are unused or only rarely used.  Efficient use of the machines requires that you identify these systems and reallocate them to be used where they are needed most.

There are a lot of ways to try to get at this information, for example, working with the information collected by SCCM, but you may not be collecting what is needed.  I wanted to create a multi-threaded script which collected the list of users from AD, pinged the list, then recorded the most recent logon which was not done by the local administrator account.

Get-UnusedComputers.ps1 uses Get-WMIObject to find the local path of each of the user profiles. Because the “lastwritten” attribute is updated when you log on, I sort the files by that date to determine the most recent logon. The results are exported to your desktop in a CSV file.

Script Text

Win32_ReliablityRecords, PowerShell and ScriptoMatic

Friday, January 3rd, 2014

I was reviewing my blog stats today and found a link from a site in UK to my version of ScriptoMatic.hta.  I have upgraded my home laptop to 8.1, and decided to see whether it still works (it does).  If you launch the “fixed” ScriptoMatic as an ordinary user, it takes a very long time to load.  But after it did, I found that it worked just fine.  I began reviewing the WMI classes listed, and found one that I had not noticed before, Win32_ReliablityRecords. This class, introduced in Windows 7,  gives you a list of failed installs, system hangs, and application crashes in an easy to read format.

Scriptomatic created a nice vbScript to enumerate the class.  I coded Get-ReliablityRecords.ps1 in PowerShell with one-third the lines including comments.  It has only basic parameters.  You may choose a remote computer and a limit on the records returned.

USB Monitor for Removable Drives

Wednesday, April 7th, 2010

Having users plug USB drives into their systems can be a portal for malware into your network and data exiting from your network.  There are sophisticated programs that allow you to block and monitor endpoint security, such as Lumension’s Sanctuary.  If you don’t have that in your budget, you can still monitor and detect insertion of USB drives onto your computers.  USBMonitor.vbs is a highly configurable script that can send you email alerts when a user inserts a drive.  The alert will have the user’s name, the device they inserted and the time it happened.  The script can also generate an annoying beep that persists as long as the drive is inserted.  Users get a pop-up window with a message telling them to remove the drive.  You can permit certain devices to be used by all users, by all users at a certain workstation, or by a single user.  This way you can say that Bob can use a camera, or all users may use an approved IronKey.

Email is sent to the administrator via SMTP.  Take time to read the comments, which should guide you to the required edits for this to work in your environment.   Version 4 (4/7/10) adds options for exiting the program for servers and administrators, and reporting if endpoint security software is working.  It also can dismount the drive using the freeware USB Disk Ejector program, which may be downloaded here: http://quick.mixnmojo.com/usb-disk-ejector.  If you need assistance implementing this in your environment, send me an email.

Tags: USB+Monitor