SCRIPT – Computer Inventory

Posted on 26 November, 2012 by Bastiaan van Leeuwen

The Computer Inventory Script enumerates Hardware, OS, System, Processor, Memory, Disk, and Network information and neatly organizes it in an Excel file. I’ve provided Version 2 of the script that allows you to choose a number of computer resources; all computers in the domain, all servers in the domain, computers from a list maintained in a text file, and the ability manually pick a computer. Version 2 of the PowerShell script also allows you to send credential information should you wish to logon the remote computer with an alternative user account. This is helpful for DMZ servers as well as stand alone servers that are not members of your domain.

source: http://www.powershellpro.com/why-i-no-longer-hate-writing-documentation/614/

[wpdm_file id=78]

Active Directory Users and Computers Saved Queries

Posted on 20 November, 2012 by Bastiaan van Leeuwen

source: http://myitforum.com/cs2/blogs/rcrumbaker/archive/2008/08/07/active-directory-users-and-computers-saved-queries.aspx

Right Click on Saved Queries and Choose New and then Query.

Name the Query accordingly and then click on Define Query…

Then Find the Custom Search and click on the Advanced tab.

Paste each of these in the <add criteria from above to this list> area and then click OK.

Locked Out Users

(&(&(&(&(objectCategory=person)(objectClass=user)(lockoutTime:1.2.840.113556.1.4.804:=4294967295)))))

Dial In Access

(&(&(&(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)))))

Disabled User Accounts

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

No Expiring Accounts

(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536))

Active Accounts

(&(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)))

Hidden Mailboxes

(&(objectCategory=person)(objectClass=user)(msExchHideFromAddressLists=TRUE))

Windows 2000 SP4

(&(&(&(objectCategory=Computer)(operatingSystem=Windows 2000 Professional)(operatingSystemServicePack=Service Pack 4))))

Windows XP SP3

(&(&(&(&(&(&(&(objectCategory=Computer)(operatingSystem=Windows XP Professional)(operatingSystemServicePack=Service Pack 3))))))))

Vista SP1 Machines

(&(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=Windows Vista*)(operatingSystemServicePack=Service Pack 1)))))

All Workstations

(sAMAccountType=805306369)

2003 Servers Non-DCs

(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2003*)))

2003 Servers – DCs

(&(&(&(samAccountType=805306369)(primaryGroupID=516)(objectCategory=computer)(operatingSystem=Windows Server 2003*))))

Server 2008

(&(&(&(&(samAccountType=805306369)(!(primaryGroupId=516)))(objectCategory=computer)(operatingSystem=Windows Server 2008*))))

Backup en restore windows FSRM Quotas

Posted on 2 November, 2012 by Bastiaan van Leeuwen

To get a list of quota’s in a text file: dirquota q l > all_quotas.txt

To backup the complete quota database first stop the FSRM services, copy the SRM directory and restart the FSRM services. To be able to copy the SRM directory you need rights on the System Volume Information directory.

1. Stop the FSRM services

net stop srmSvc
net stop srmReports
net stop quota
net stop Datascrn

2. Copy SRM for the disk you want to a backup folder, or restore them from a backup folder

3. Start the FSRM services

net start Datascrn
net start quota
net start srmReports
net start srmSvc

Profile Changes in Windows Vista and Windows Server 2008 and beyond

Posted on 31 October, 2012 by Bastiaan van Leeuwen

Windows Vista and Windows Server 2008 introduce a number of new user profile paths and environment variables that differ from earlier versions of Windows and these changes may have an impact on scripts such as logon scripts and application install scripts. Most scripts should work correctly – VBScript scripts that use system functions to find folder paths should work as expected, however batch scripts that use environment variables or hard codes scripts will require modifications. Here’s a short run down of the changes.

The following table lists the old profile path and the corresponding new path under Windows Vista/Windows Server 2008:

OLD PATH	NEW PATH
Documents and Settings	Users
Documents and Settings\Default User	Users\Default
Documents and Settings\All Users\Application Data	ProgramData
Documents and Settings\All Users\Start Menu	ProgramData\Microsoft\Windows\Start Menu
Documents and Settings\All Users\Templates	ProgramData\Microsoft\Windows\Templates
Documents and Settings\{username}\Local Settings\Application Data	Users\{username}\AppData\Local
N/A	Users\{username}\AppData\LocalLow
Documents and Settings\{username}\Application Data	Users\{username}\AppData\Roaming
Documents and Settings\{username}\Cookies	Users\{username}\AppData\Roaming\Microsoft\Windows\Cookies
Documents and Settings\{username}\NetHood	Users\{username}\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Documents and Settings\{username}\PrintHood	Users\{username}\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Documents and Settings\{username}\Recent	Users\{username}\AppData\Roaming\Microsoft\Windows\Recent
Documents and Settings\{username}\SendTo	Users\{username}\AppData\Roaming\Microsoft\Windows\SendTo
Documents and Settings\{username}\Start Menu	Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu
Documents and Settings\{username}\Templates	Users\{username}\AppData\Roaming\Microsoft\Windows\Templates
N/A	Users\{username}\Contacts
Documents and Settings\{username}\Desktop	Users\{username}\Desktop
Documents and Settings\{username}\My Documents	Users\{username}\Documents
N/A	Users\{username}\Downloads
Documents and Settings\{username}\Favorites	Users\{username}\Favorites
N/A	Users\{username}\Links
Documents and Settings\{username}\My Documents\My Music	Users\{username}\Music
Documents and Settings\{username}\My Documents\My Pictures	Users\{username}\Pictures
N/A	Users\{username}\Saved Games
N/A	Users\{username}\Searches
Documents and Settings\{username}\My Documents\My Videos	Users\{username}\Videos
Documents and Settings\All Users	Users\Public
Documents and Settings\All Users\Desktop	Users\Public\Desktop
Documents and Settings\All Users\Documents	Users\Public\Documents
Documents and Settings\All Users\Favorites	Users\Public\Favorites
Documents and Settings\All Users\Documents\My Music	Users\Public\Music
Documents and Settings\All Users\Documents\My Pictures	Users\Public\Pictures
Documents and Settings\All Users\Documents\My Videos	Users\Public\Videos

Folders to take note of here are the folders in the All Users path. Many older applications that use out of date methods to resolve system folders, will resolve paths under \ProgramData when looking for common locations. For example the common desktop may be resolved as \ProgramData\Desktop, however this is actually a junction point for \Users\Public\Desktop. A DIR /A:H listing in \ProgramData folder reveals the following junction points:

PATH	POINTS TO
ProgramData\Application Data	ProgramData
ProgramData\Desktop	Users\Public\Desktop
ProgramData\Documents	Users\Public\Documents
ProgramData\Favorites	Users\Public\Favorites
ProgramData\Start Menu	ProgramData\Microsoft\Windows\Start Menu
ProgramData\Templates	ProgramData\Microsoft\Windows\Templates

These junction points should offer backward compatibility for older applications, however I have found that some of my installation scripts are not cleaning up shortcuts from the public desktop as expected.

There are also differences in environment variables between the new version of Windows and the older versions. Windows Server 2003 and below define the following variables relating to profiles:

ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\aaron\Application Data HOMEPATH=\Documents and Settings\aaron TEMP=C:\DOCUME~1\aaron\LOCALS~1\Temp TMP=C:\DOCUME~1\aaron\LOCALS~1\Temp USERPROFILE=C:\Documents and Settings\aaron

Windows Vista and Windows Server 2008 define the same variables while adding a couple more.

ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\aaronp\AppData\Roaming HOMEPATH=\Users\aaronp LOCALAPPDATA=C:\Users\aaronp\AppData\Local ProgramData=C:\ProgramData PUBLIC=C:\Users\Public TEMP=C:\Users\aaronp\AppData\Local\Temp TMP=C:\Users\aaronp\AppData\Local\Temp USERPROFILE=C:\Users\aaronp

In practice, I’ve found that scripts that reference locations such as %ALLUSERSPROFILE%\Desktop, are not performing actions as intended and will have to be updated to use %PUBLIC% instead. Certainly something that requires more investigation.

UPDATE: Microsoft have an excellent reference document that details the profile changes in Windows Vista and how roaming profiles should managed in a Windows Vista environment. Check it out for more information that what I’ve listed here:

Managing Roaming User Data Deployment Guide

source: http://blog.stealthpuppy.com/windows/profile-changes-in-windows-vistalonghorn-server/

How to completely remove Symantec Antivirus (without entering password)

Posted on 23 October, 2012 by Bastiaan van Leeuwen

CleanWipe Utility

The cleanwipe utility is used to completely remove Symantec Antivirus and Symantec Endpoint Protection products.
To obtain Cleanwipe please contact Symantec Technical support.

Once the utility has been obtained please follow these instructions:

This utility can be run on Windows 2000, Windows XP (32 and 64 bit), and Windows Server 2003 (32 and 64 bit.)

Warnings:
Do not run this utility on Windows NT, Windows 9x, or Windows Me.
Do not run this utility on systems that have Symantec AntiVirus 8.x or below installed.

You cannot select individual applications to remove.

CleanWipe may remove LiveUpdate.

CleanWipe will remove Virus Definitions if you select Yes to "Do you want to do a detailed MSI Product Code registry search?...", even when selecting No to "If Virus Defs remain after uninstalling Symantec products do you want to uninstall the Virus Defs?". If you have other Symantec applications that use the VirusDefs folder, it is recommended that you make backup copy of the VirusDefs folder before running the CleanWipe tool. The VirusDefs folder is located under C:\Program Files\Common Files\Symantec Shared\

When using the CleanWipe utility, please be aware that it removes the following products and components from the computer:

Alert Management Server
Firewall Administrator
Quarantine Console
Quarantine Server
Symantec AntiVirus (Version 9.x and above)
Symantec AntiVirus Corporate Edition
Symantec Client
Symantec Client Firewall
Symantec Client Security
Symantec Endpoint Protection
Symantec Endpoint Protection Manager
Symantec LiveUpdate
Symantec Network Access Control
Symantec Sygate Enterprise Protection
Symantec System Center
Symevent

If you have other Symantec applications on the computer that depend on any of the applications listed above, those applications may not function properly. The customer may need to re-install the missing applications after running CleanWipe.

Note: The zip file is password protected.
Un-Zip Password: symantec

1. Extract the file to a new folder in a convenient location, such as the Desktop, using the un-zip password provided above.
2. Browse to the new folder and execute the utility by double clicking 'CleanWipe.exe'
3. Follow the on-screen instructions.

The utility runs in verbose mode and will ask you about the components you want uninstalled.

Note: If the CleanWipe utility fails to remove Symantec Endpoint Protection, please proceed through the manual uninstall procedure for the version of the product you have installed.

You can find the manual uninstall instructions in the following document:

Title: How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions
Solution ID: 2007073018014248
Document URL:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007073018014248

Title: 'Manual uninstallation documents for Symantec Client Security products'
Solution ID: 2002031914291648
Document URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002031914291648

[wpdm_file id=77]

Windows Server 2012 – Configure DHCP for Failover

Posted on 29 September, 2012 by Bastiaan van Leeuwen

DHCP failover overview

In Windows Server® 2008 R2, there are two high availability options available for DHCP Server deployment. Each of these options is associated with some challenges.

DHCP in a Windows failover cluster. This option places the DHCP server in a cluster with an additional server configured with the DHCP service that assumes the load if the primary DHCP server fails. The clustering deployment option uses a single shared storage. This makes the storage a single point of failure, and requires additional investment in redundancy for storage. In addition, clustering involves relatively complex setup and maintenance.
Split scope DHCP. Split scope DHCP uses two independent DHCP servers that share responsibility for a scope. Typically 70% of the addresses in the scope are assigned to the primary server and the remaining 30% are assigned to the backup server. If clients cannot reach the primary server then they can get an IP configuration from the secondary server. Split scope deployment does not provide IP address continuity and is unusable in scenarios where the scope is already running at high utilization of address space, which is very common with Internet Protocol version 4 (IPv4).

DHCP failover in Windows Server 2012 enables administrators to deploy a highly resilient DHCP service to support a large enterprise without the challenges of the options discussed earlier. The main goals of the feature are the following:

Provide DHCP service availability at all times on the enterprise network.
If a DHCP server is no longer reachable, the DHCP client is able to extend the lease on its current IP address by contacting another DHCP server on the enterprise network.

The DHCP server failover feature provides the ability to have two DHCP servers provide IP addresses and option configuration to the same subnet or scope, providing for continuous availability of DHCP service to clients. The two DHCP servers replicate lease information between them, allowing one server to assume responsibility for servicing of clients for the entire subnet when the other server is unavailable. It is also possible to configure failover in a load-balancing configuration with client requests distributed between the two servers in a failover relationship.

DHCP failover in Windows Server 2012 provides support for a maximum of two DHCP servers, and the failover relationship is limited to IPv4 scopes and subnets. Network nodes using Internet Protocol version 6 (IPv6) typically determine their own IPv6 address using stateless IP auto configuration. In this mode, the DHCP server delivers only the DHCP option configuration, and the server does not maintain any lease state information. A high availability deployment for stateless DHCPv6 is possible by simply setting up two servers with identical option configuration. Even in a stateful DHCPv6 deployment, the scopes do not run under high address utilization, which makes split scope a viable solution for high availability.

DHCP failover architecture

Administrators can deploy DHCP servers running Windows Server 2012 as failover partners in either hot standby mode or load sharing mode.

Hot standby mode

In hot standby mode, two servers operate in a failover relationship where an active server is responsible for leasing IP addresses and configuration information to all clients in a scope or subnet. The secondary server assumes this responsibility if the primary server becomes unavailable. A server is primary or secondary in the context of a subnet. For instance, a server that has the role of a primary for a given subnet could be a secondary server for another subnet.

Hot standby mode of operation is best suited to deployments where a central office or data center server acts as a standby backup server to a server at a remote site, which is local to the DHCP clients (ex: hub and spoke deployment). In such deployments, it is undesirable to have a remote standby server service any clients unless the local DHCP server becomes unavailable. The figure below is an example of a hub and spoke deployment.

Load sharing mode

In a load sharing mode deployment, which is the default mode of operation, the two servers simultaneously serve IP addresses and options to clients on a given subnet. The client requests are load balanced and shared between the two servers.

The load sharing mode of operation is best suited to deployments where both servers in a failover relationship are located at the same physical site. Both servers respond to DHCP client requests based on the load distribution ratio configured by the administrator. See the following example.

Load sharing in a single site with multiple subnets

In the following example, two DHCP servers simultaneously provide IP addressing to clients on multiple subnets.

for more information and setting up an DHCP failover, see: http://technet.microsoft.com/en-us/library/hh831385.aspx

IBM Storage replace Disk

Posted on 28 September, 2012 by Bastiaan van Leeuwen

If you replace a disk in an IBM Storage, such as a DS4700 and the disk is not rebuilding and is instead a new disk. You can set the disk as a replacement disk with the following command:

replace drive [85,12] replacementDrive=85,12;

To put the hot spare which was in use back to a hot spare, use the following command:

set drive [0,1] hotSpare=TRUE

This can be done in the Main storage manager view. Highlight the system, right mouse click and choose “Execute Script …”. Put in the commands and select “Tools” –> “Verify and Execute”.

Your initial lun will rebuild and your hot spare will fall back to the hot spare.

Get Server Uptime Using WMI

Posted on 28 September, 2012 by Bastiaan van Leeuwen

Retrieve Server Uptime

Uses the WMI to pull system uptime with WMI timeouts, it will useful when remote WMI not responding.

I have used it for a few hundred servers and it works fine. The initial test-connection uses only 1 ping, so that it can go through a large list of servers very easily.

If you found any bug then report to [email protected]

# Writer = Ritesh Parab; fb.com\parab.ritesh   
# File Name = Get-uptime 1.2 
# WMI Query time function added {Thanks to Technet forum} 

cls                                              
$erroractionpreference = "SilentlyContinue" 
# Helper Function - convert WMI date to TimeDate object 
function WMIDateStringToDate($Bootup) { 
 [System.Management.ManagementDateTimeconverter]::ToDateTime($Bootup) 
} 

# Main script 
$Computer = Get-Content "c:\Servers.txt" 

foreach ($system in $Computer) { 
$rtn = Test-Connection -ComputerName $system -Count 1 -BufferSize 16 -Quiet 
         IF($rtn -match 'True') { 
        $NameSpace = "Root\CIMV2" 
        $wmi = [WMISearcher]"" 
         $wmi.options.timeout = '0:0:15' #set timeout to 10 seconds 
         $query = 'Select * from Win32_OperatingSystem' 
         $wmi.scope.path = "\\$system\$NameSpace" 
         $wmi.query = $query 
          Try{ 
          $wmiresult = $wmi.Get() 
          #    $wmiresult 
            foreach ($wmioutput in $wmiresult){ 
               $Bootup = $wmioutput.LastBootUpTime 
               $LastBootUpTime = WMIDateStringToDate($Bootup) 
               $now = Get-Date 
               $Uptime = $now - $lastBootUpTime 
               $d = $Uptime.Days 
               $h = $Uptime.Hours 
               $m = $uptime.Minutes 
               $ms= $uptime.Milliseconds 
               $a = "$System Up for: {0} days, {1} hours, {2}.{3} minutes" -f $d,$h,$m,$ms 
               Write-Host "$a" -ForegroundColor Green 
                 } 
              } 
        Catch { 
                  Write-host "WMI not available on : $System" -ForegroundColor Red 
                Write-Output "WMI failed on $system because : $_" | Out-File "d:\failed.txt" -Force -Append  
          } 
        } 
        else{ 
            write-host "$system Offline" -ForegroundColor DarkRed 
            Write-Output "$system Offline" | Out-File 'd:\wintech\Get-Uptime\failed.txt' -Force -Append  
        } 
    }

http://gallery.technet.microsoft.com/scriptcenter/Get-Server-Uptime-Using-WMI-15aaa8ac

Determine when each user in the domain last logged on.

Posted on 21 September, 2012 by Bastiaan van Leeuwen

Run the following powershell script to determine the last logon date from the AD users.

Output will be written to c:\users.txt

# PSLastLogon.ps1
# PowerShell script to determine when each user in the domain last
# logged on.
#
# ----------------------------------------------------------------------
# Copyright (c) 2011 Richard L. Mueller
# Hilltop Lab web site - http://www.rlmueller.net
# Version 1.0 - March 16, 2011
#
# This program queries every Domain Controller in the domain to find the
# largest (latest) value of the lastLogon attribute for each user. The
# last logon dates for each user are converted into local time. The
# times are adjusted for daylight savings time, as presently configured.
#
# You have a royalty-free right to use, modify, reproduce, and
# distribute this script file in any way you find useful, provided that
# you agree that the copyright owner above has no warranty, obligations,
# or liability for such use.

Trap {"Error: $_"; Break;}
$file = "c:\users.txt"
$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Domain = [ADSI]"LDAP://$D"
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"

$Searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Searcher.PropertiesToLoad.Add("lastLogon") > $Null

# Create hash table of users and their last logon dates.
$arrUsers = @{}

# Enumerate all Domain Controllers.
ForEach ($DC In $D.DomainControllers)
{
    $Server = $DC.Name
    $Searcher.SearchRoot = "LDAP://$Server/" + $Domain.distinguishedName
    $Results = $Searcher.FindAll()
    ForEach ($Result In $Results)
    {
        $DN = $Result.Properties.Item("distinguishedName")
        $LL = $Result.Properties.Item("lastLogon")
        If ($LL.Count -eq 0)
        {
            $Last = [DateTime]0
        }
        Else
        {
            $Last = [DateTime]$LL.Item(0)
        }
        If ($Last -eq 0)
        {
            $LastLogon = $Last.AddYears(1600)
        }
        Else
        {
            $LastLogon = $Last.AddYears(1600).ToLocalTime()
        }
        If ($arrUsers.ContainsKey("$DN"))
        {
            If ($LastLogon -gt $arrUsers["$DN"])
            {
                $arrUsers["$DN"] = $LastLogon
            }
        }
        Else
        {
            $arrUsers.Add("$DN", $LastLogon)
        }
    }
}

# Output latest last logon date for each user.
$Users = $arrUsers.Keys
ForEach ($DN In $Users)
{
    $Date = $arrUsers["$DN"]
    "$DN;$Date" | Out-File $file -Append
}

Original script (without export to file) from: http://www.rlmueller.net/PowerShell/PSLastLogon.txt

Configuring DNS for a KMS host

Posted on 11 September, 2012 by Bastiaan van Leeuwen

If you have multiple KMS servers in your domain, or want to add an other KMS server from outside the domain, just ad an SRV entry in your DNS.

Name	Setting
Name	_vlmcs._tcp
Type	SRV
Priority	0
Weight	0
Port	1688
Hostname	FQDN of KMS Host

With the priority you can add a preferred server. If you choose a higher number for the kms record, this record comes after the record with “0”.

Source: http://technet.microsoft.com/en-us/library/ff793405.aspx

FAQ

Frequently Asked Questions

Author Archives: Bastiaan van Leeuwen