Archive

Archive for the ‘Windows’ Category

OldCmp Is Your Friend

April 20th, 2010

I recently found a little gem that needs listing in the Is Your Friend series.  I really appreciate single discrete tools that do a job and do it well.  OldCmp from joeware.net is a great example.  OldCmp is a command line tool to cleanup old accounts from Active Directory.  Within that function the tool has quite a strong set of features to slice and dice through the discovery and disposal of old accounts.

Here is a basic run of the tool to find and list computer accounts that haven’t been accessed in a year:

oldcmp.exe -report -age 365 -llts -sh

When working with a client I am very cautious to delete, so I would disable those accounts and move them to an Archive OU in AD:

oldcmp.exe -disable -age 365 -llts -newparent “ou=Archive,dc=xxxxxxxx,dc=local” -excldn “Archive” -safety 10

If everything looks OK with that, add the -forreal flag to actually do the work and adjust the -safety flag to a reasonable value:

oldcmp.exe -disable -age 365 -llts -newparent “OU=Archive,DC=xxxxxxxx,DC=local” -excldn “Archive” -safety 20 -forreal

If after a couple months no one has squawked about problems, it is probably safe to delete those accounts.

Once the initial disable and move to Archive is done, you can run this to find accounts that may need attention:

oldcmp.exe -report -age 180 -llts -excldn “Archive”

DN cn sAMAccountName dNSHostName pwdLastSet pwage whenCreated accountExpires operatingSystem operatingSystemServicePack operatingSystemVersion userAccountControl
cn=nick,cn=computers,dc=americanacquisition,dc=com nick nick$ nick.americanacquisition.com 2003/06/30-14:31:51 2485 20030630183151.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=pam,cn=computers,dc=americanacquisition,dc=com pam pam$ pam.americanacquisition.com 2003/08/13-17:19:10 2441 20030514220336.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=ray,cn=computers,dc=americanacquisition,dc=com ray ray$ ray.americanacquisition.com 2003/09/08-22:00:12 2415 20030507222643.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=robin,cn=computers,dc=americanacquisition,dc=com robin robin$ robin.americanacquisition.com 2004/01/16-07:53:21 2286 20030530194013.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=vic,cn=computers,dc=americanacquisition,dc=com vic vic$ vic.americanacquisition.com 2004/01/28-10:06:01 2274 20030515201341.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=mitch,cn=computers,dc=americanacquisition,dc=com mitch mitch$ mitch.americanacquisition.com 2004/03/28-12:40:27 2213 20030514211536.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l295p-02,cn=computers,dc=americanacquisition,dc=com p3-l295p-02 p3-l295p-02$ p3-l295p-02.americanacquisition.com 2004/05/17-07:38:39 2164 20031229192353.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=barbara,cn=computers,dc=americanacquisition,dc=com barbara barbara$ barbara.americanacquisition.com 2004/06/17-07:31:12 2133 20030512143032.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=arlena,cn=computers,dc=americanacquisition,dc=com arlena arlena$ arlena.americanacquisition.com 2004/08/17-13:30:04 2071 20030514201433.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=paul2,cn=computers,dc=americanacquisition,dc=com paul2 paul2$ paul2.americanacquisition.com 2004/09/01-21:38:45 2056 20040218152927.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=p3-l295p-04,cn=computers,dc=americanacquisition,dc=com p3-l295p-04 p3-l295p-04$ p3-l295p-04.americanacquisition.com 2004/09/08-15:17:57 2049 20031229204602.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=cynthia,cn=computers,dc=americanacquisition,dc=com cynthia cynthia$ cynthia.americanacquisition.com 2004/11/12-08:54:52 1985 20040908162639.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l295p-03,cn=computers,dc=americanacquisition,dc=com p3-l295p-03 p3-l295p-03$ p3-l295p-03.americanacquisition.com 2004/11/18-15:14:28 1978 20031229200132.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=p3-l295p-01,cn=computers,dc=americanacquisition,dc=com p3-l295p-01 p3-l295p-01$ p3-l295p-01.americanacquisition.com 2005/01/03-07:53:19 1933 20031229183520.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l285s-10,cn=computers,dc=americanacquisition,dc=com p3-l285s-10 p3-l285s-10$ p3-l285s-10.americanacquisition.com 2004/12/13-18:14:47 1953 20041213221447.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4098) MBR DISABLED
cn=matt,cn=computers,dc=americanacquisition,dc=com matt matt$ matt.americanacquisition.com 2005/02/07-11:02:28 1897 20030513153031.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=chris,cn=computers,dc=americanacquisition,dc=com chris chris$ chris.americanacquisition.com 2005/02/11-02:47:43 1894 20030512150221.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=joe,cn=computers,dc=americanacquisition,dc=com joe joe$ joe.americanacquisition.com 2005/03/28-09:19:00 1849 20030507213319.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=wade2,cn=computers,dc=americanacquisition,dc=com wade2 wade2$ wade2.americanacquisition.com 2005/03/30-18:38:42 1846 20030630194946.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=wade-laptop,cn=computers,dc=americanacquisition,dc=com wade-laptop wade-laptop$ wade-laptop.americanacquisition.com 2005/01/03-10:33:13 1932 20031027210134.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=pamela,cn=computers,dc=americanacquisition,dc=com pamela pamela$ pamela.americanacquisition.com 2005/04/21-11:04:01 1824 20030513181210.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=p3-l285s-01,cn=computers,dc=americanacquisition,dc=com p3-l285s-01 p3-l285s-01$ p3-l285s-01.americanacquisition.com 2006/01/11-07:12:09 1560 20050601021813.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=katherine,cn=computers,dc=americanacquisition,dc=com katherine katherine$ katherine.americanacquisition.com 2005/06/20-09:53:38 1765 20040606184650.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4128) MBR PWD_NOT_REQD
cn=p3-l285s-11,cn=computers,dc=americanacquisition,dc=com p3-l285s-11 p3-l285s-11$ p3-l285s-11.americanacquisition.com 2006/01/13-13:17:33 1557 20050303214518.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=gateway450sx4,cn=computers,dc=americanacquisition,dc=com gateway450sx4 gateway450sx4$ gateway450sx4.americanacquisition.com 2005/08/26-08:53:12 1698 20050222201037.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=delld800-05,cn=computers,dc=americanacquisition,dc=com delld800-05 delld800-05$ delld800-05.americanacquisition.com 2007/02/01-18:40:27 1173 20050706210107.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=p3-lp2600e-01,cn=computers,dc=americanacquisition,dc=com p3-lp2600e-01 p3-lp2600e-01$ p3-lp2600e-01.americanacquisition.com 2007/12/17-09:06:40 0855 20050510165057.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4098) MBR DISABLED
cn=don,cn=computers,dc=americanacquisition,dc=com don don$ don.americanacquisition.com 2007/05/03-21:25:06 1082 20030513135530.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=thur2,cn=computers,dc=americanacquisition,dc=com thur2 thur2$ thur2.americanacquisition.com 2007/11/06-10:41:08 0895 20040715181300.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=wade,cn=computers,dc=americanacquisition,dc=com wade wade$ wade.americanacquisition.com 2006/01/13-12:44:05 1557 20040614232314.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=steve,cn=computers,dc=americanacquisition,dc=com steve steve$ steve.americanacquisition.com 2005/12/07-12:58:05 1594 20030513184927.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 2 5.0 (2195) (4096) MBR
cn=delld800-03,cn=computers,dc=americanacquisition,dc=com delld800-03 delld800-03$ delld800-03.americanacquisition.com 2007/01/14-19:54:38 1191 20050425194011.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=delld800-01,cn=computers,dc=americanacquisition,dc=com delld800-01 delld800-01$ delld800-01.americanacquisition.com 2005/11/03-05:30:45 1629 20030527161644.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=p3-l285s-06,cn=computers,dc=americanacquisition,dc=com p3-l285s-06 p3-l285s-06$ p3-l285s-06.americanacquisition.com 2007/05/03-12:40:27 1082 20041028211101.0Z 0000/00/00-00:00:00 Windows 2000 Professional Service Pack 4 5.0 (2195) (4096) MBR
cn=p3-l285s-xp,cn=computers,dc=americanacquisition,dc=com p3-l285s-xp p3-l285s-xp$ p3-l285s-xp.americanacquisition.com 2007/05/17-19:06:03 1068 20070517230603.0Z 0000/00/00-00:00:00 Windows XP Professional Service Pack 2 5.1 (2600) (4096) MBR
cn=mail,cn=computers,dc=americanacquisition,dc=com mail mail$ mail.americanacquisition.com 2007/12/30-00:12:13 0842 20071230041213.0Z 0000/00/00-00:00:00 Samba . 3.0.9-2.5-SUSE (69632) MBR NO_PWD_EXPIRE

Is Your Friend, Windows

Hyper-V Server and a UPS

February 17th, 2010

Microsoft’s Hyper-V Server 2008 R2 can be a great hypervisor choice for a small business with just one or two servers.  In this environment though the common power protection scheme is going to be a single, direct-connected UPS with a USB signaling cable.  In this scenario we need to be able to safely shutdown the hypervisor and guests before power gives out.

I claim no original thoughts here, but I did want to preserve a link to a good answer I found and have implemented.  The original thread is here on the Technet Forums.

First create ups-shutdown.vbs and load it with:

set wmi = GetObject(“winmgmts:{impersonationLevel=impersonate,(Shutdown)}!\\.\root\cimv2″)
set batteryColl = wmi.ExecQuery(“select * from Win32_Battery”)
set osColl = wmi.ExecQuery(“select * from Win32_OperatingSystem”)

while true
for each battery in batteryColl
battery.Refresh_
if battery.batteryStatus = 1 and battery.EstimatedChargeRemaining <= 40 then
for each os in osColl
os.Win32Shutdown 1
next
end if
next
wscript.Sleep 15000
wend

Schedule this to run at startup using the Task Scheduler.  (Connect from another machine and set this up.)

Next create ups-monitor.ps1 and insert:

# Initialize Variables
# Shutdown threshold at 50% of remaining UPS capacity
$threshhold = 40
$interval = 60
$OnBattery = 0
$Event = 0

$hostname = hostname

# Create SMTP client
$Server = “mail.xxxxxxxxxxxx.com”
$Port = 25
$Client = New-Object System.Net.Mail.SmtpClient $Server, $Port

$Client.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials

$To      = “admin@xxxxxxxxxxxx.com”
$From    = “hyperv@yyyyyyyyyyyy.com”

# Loop on Battery Query
while (1)
{
$bat = get-wmiobject -class CIM_Battery -namespace “root\CIMV2″
$batstatus = $bat.batterystatus
$batcapacity = $bat.estimatedchargeremaining
$timetoshutdown = $bat.estimatedruntime/2

if ($batstatus -eq 1)
{
$Event = 1
$OnBattery = 1
# “On Battery”

$Subject = “Utility Power Failure: {0} is running On UPS Battery” -f $hostname
$Body   = “UPS at {0} % remaining capacity, approximately {1} minutes before {2} shutdown.” -f $batcapacity, $timetoshutdown, $hostname

if ($batcapacity -lt ($threshhold +5) )
{
$Body = “Shutdown imminent at {0} %, with ” -f $threshhold + $Body
}

}

elseif (($batstatus -eq 2) -and ($OnBattery -eq 1))
{
$Event = 1
$OnBattery = 0
# “Power Restored”

$Subject = “Utility Power Restored to {0}.” -f $hostname
$Body   = “Battery at {0} % capacity. UPS charging… ” -f $batcapacity
}

if ($Event -eq 1) # Create mail message
{
$Event = 0
$Message = New-Object System.Net.Mail.MailMessage $From, $To, $Subject, $Body
$Message.Priority = [System.Net.Mail.MailPriority]::High
try {
$Client.Send($Message)
# “Message sent successfully”
}
catch {
“Exception caught in UPS_Monitor.ps1″
}
}

sleep $interval
}

Change the mail server, to and from address, and you’re in business.

Create ups-monitor.cmd with the following:

powershell -command c:\path\to\your\script\ups-monitor.ps1

Again using Task Scheduler, schedule ups-monitor.cmd to run at startup, and you’re set.

Make sure you have your VMs set to save at shutdown and autostart, and then go pull the plug on that UPS just to make sure things work to your liking.

Also from the above referenced thread, you can check the battery condition using powershell with this:

PS$ get-wmiobject -class CIM_Battery -namespace “root\CIMV2″

Have fun.

Hyper-V, Virtualization, Windows Server 2008

Windows Server Backup WBAdmin

February 14th, 2010

I was just setting up a Hyper-V Server 2008 R2 box and wanted to get backup running to an external drive.  I installed the Windows Server Backup role via the Core Configurator tool, but then the backups need to be configured and run via the wbadmin command line tool.

This command line reference for wbadmin was helpful so I wanted to mark it in case I need it again in the near future.

Hyper-V, Virtualization, Windows

How to Benefit from Microsoft’s Mistake

December 2nd, 2008

In late October, Microsoft released a software patch to address a problem in Windows operating systems.  Every month Microsoft releases new software patches on the second Tuesday of the month, aka Patch Tuesday.  For most companies Patch Tuesday is followed by Reboot Wednesday which is when the most important of these updates are installed and  systems rebooted.  In larger companies, Patch Tuesday is the beginning of a process to prioritize, test, and stage these updates as needed.

So what’s the big deal about October?  Microsoft released an out-of-cycle patch (MS08-067) for Windows on October 23rd, nine days after Patch Tuesday.  Typically patches are queued up until the next second Tuesday, but this one was so important that Microsoft released it immediately.  The urgency about this patch was directly related to the potential damage that could be caused by the flaw it fixes.  In theory the flaw could be exploited by a worm that would blow through networks like wildfire, causing severe damage along the way.

To be fair, Microsoft’s mistake was the flaw in Windows; their handling of the situation has been very good.

How can you benefit from this?  It’s now over a month past the release of this patch, and it’s time to look at how your business handled the situation.  You can use this event as one method to evaluate your overall IT posture.  If you are in management, this may require digging in with the technical folks to get the details.  Specifically, look at the following areas:

  • Awareness
    • When – When did your organization first become aware this out-of-cycle patch had been released?  Was it within hours, days, a week, or more?
    • How – This is important.  How did your company learn about this?  Was it picked up from active reading of email, blogs, news?  Was it just luck that someone noticed it, or do you have an active process to stay informed?
  • Attention
    • Did this event garner the proper amount of attention from the proper people?  If awareness was high, but the appropriate people were so busy “putting out fires” that they didn’t get to it for a week, you have a problem.
  • Application
    • How quickly was this patch applied?  Given the unplanned nature of it, did this patch take longer than normal to go from awareness to actually being installed?
  • Audit
    • Has the installation of this patch been audited?  You need to know that the patch was actually installed.  Setting a patch management system to deploy the patch isn’t enough.  You must be able to verify that computers have actually installed the patch, and have a plan to deal with any problems.

Take a look at how your business responded.  Use this opportunity to identify any shortcomings and work to fix them.  Oh, and if you look around and see that this was handled well, give your IT people the credit they deserve.

Commentary, Other, Security, Windows

Windows Server 2008 in VMWare

April 9th, 2008

I just loaded up Windows Server 2008 into a VM under VMWare Server. I’ve installed one VM as a full load of the OS, and I’m preparing to install a second VM as the “server core” load of 2008 (basically no GUI). To my surprise, it’s gone very well so far. There was only one snafu, and that was easily fixed with a trip to the Google oracle. When the VM first came up, it had no recognized network card. To get a working NIC, add the following to your .vmx file:

ethernet0.virtualDev = “e1000″

Restart the VM, and you’re off to the races.

VMWare, Windows, Windows Server 2008

DST Issues

February 21st, 2007

If you don’t know, the coming change in the start of daylight savings time (DST) may pose quite a problem for some. Because the date of the change has moved up by four weeks this year, Windows doesn’t know the correct date to shift without patching. Microsoft has released a patch for Windows 2003 and Windows XP, but there is no public patch for Windows 2000 because it has passed the end of its support life.

Now, what does this mean for YOU?

Well, if you deploy no patches to any systems, it means things will work but that for four weeks your clocks will be off by an hour. Sort of a pain, but not a show stopper.

What if you do deploy patches but may not be reliably reaching 100% of your systems? That is a problem. If you are like some small businesses I deal with, the servers are updated regularly (if not immediately), but the clients may or may not be. In this scenario, your servers will shift DST on March 11th like they should. Any unpatched workstations will not shift, and those stations will not be able to login to an Active Directory domain because of the embedded time stamps in Kerberos authentication. Uh oh. Problem. This is further compounded by the fact that there is no official Microsoft update for Windows 2000.

So, what are you to do? Here are some thoughts on how to handle this:

  • Patch! – Any Windows 2003 or XP machines should be getting Microsoft patches via Automatic Update. In this way, they should get patched to know about the change.
  • WSUS – Now, given the advice to patch, I will confess that I don’t like to allow an entire network of clients to go to Microsoft for updates. I would recommend the deployment of Microsoft’s WSUS (Windows Server Update Services). This will give you positive control over what patches are deployed, when they are deployed, and how they are deployed. Even better, it gives you a picture of which systems have received which patches.
  • Manual patching – For Windows 2000 it seems you have two options that I know of: pay Microsoft for the Windows 2000 patch (since it’s outside its support life) or roll your own. Without going off on a rant, let’s just say I would prefer to solve this myself rather than pay Mr. Bill any more $$.

I spent a few minutes of research and a few more of script development and have gotten what should be a working solution for patching Windows 2000 (and XP too). Now bear in mind the standard disclaimers: This is barely tested code. Your mileage may vary. Actual use of this code may cause abdominal pains and other unpleasant side effects. In other words, like any code you get off the internet, test the snot out of this before using it. That being said, this solution has both a .reg registry file and a .vbs script for deployment. This is specific to the Eastern time zone, although it would be trivial to change the one registry entry to apply to a different time zone.

Here is the .reg file contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Eastern Standard Time]
“TZI”=hex:2c,01,00,00,00,00,00,00,c4,ff,ff,ff,00,00,0b,00,00,00,01,00,02,00,00,\
00,00,00,00,00,00,00,03,00,00,00,02,00,02,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\ServerGuys\Patches\DST2007]
@=”True”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
“StandardStart”=hex:00,00,0b,00,01,00,02,00,00,00,00,00,00,00,00,00
“DaylightStart”=hex:00,00,03,00,02,00,02,00,00,00,00,00,00,00,00,00

As with any .reg file you could deploy this in a number of ways. One of my favorite ways to reach out and touch my clients is via a login script. Here is a script that will deploy this patch. Two notes: Obviously you don’t need the HKLM\Software\ServerGuys key in the .reg file for the DST patch; it’s used in the following code. Also, I know this is poor code, but it was quick to write and seems to work.

‘=============================
‘ Domain Login.vbs
‘=============================
On Error Resume Next

‘Get a reference to the WSH Network object
set WSHNetwork = CreateObject(“WScript.Network”)

‘Get a reference to the WSH Shell object
set WSHShell = CreateObject(“WScript.Shell”)

‘Windows DST 2007 Patch
‘======================
if fn_RegKeyExists(“HKLM\Software\SII\Patches\DST2007″) then
if WshShell.RegRead(“HKLM\Software\SII\Patches\DST2007\”) <> “True” then
WSHShell.Run “regedit /s \\SERVER\SHARE\DST-2007.reg”
end if
else
WSHShell.Run “regedit /s \\SERVER\SHARE\DST-2007.reg”
end if

‘=============================
‘ Functions
‘=============================
Function fn_RegKeyExists(ByVal sRegKey)
fn_RegKeyExists = True
sRegKey = Trim (sRegKey)
If Not Right(sRegKey, 1) = “\” Then
sRegKey = sRegKey & “\”
End If

On Error Resume Next
WSHShell.RegRead “HKEYNotAKey\”
sDescription = Replace(Err.Description, “HKEYNotAKey\”, “”)

Err.Clear
WSHShell.RegRead sRegKey
fn_RegKeyExists = sDescription <> Replace(Err.Description, sRegKey, “”)
On Error Goto 0
End Function

This script is just a slicing out of the relevant pieces from a rather large login script I use, but it should point you in the right direction.

See a problem? Have a beef? Feeling abdominal pains? Shoot me an email and tell me what you think: charles@serverguys.com.

Security, Windows