I’ve been using a routine to determine 64-bit v 32-bit workstations for some time checking the registry for the PROCESSOR_ARCHITECTURE in the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment path. However, this was proving to be error prone. So, I just gave up that method altogether since all Windows x64 editions have a “%SystemDrive%\Program Files (x86)” directory. This makes it just a quick and easy call the folderexists method of the filesystemobject.
The only downside is that can’t be used remotely but since most of my scripts are used in local policies, this shouldn’t be an issue.
Cheers!
Private Function is64bit() Dim filesys : Set filesys = CreateObject("Scripting.FileSystemObject") Dim bln64bit : bln64bit = False If filesys.FolderExists("C:\Program Files (x86)") then bln64bit = True is64bit = bln64bit End Function
Due to some software requirements, there was a need to get JRE 1.5.0_09 rolled out across our enterprise. The requirements were pretty straight forward:
- Only install on client operating systems (Windows 2000, Windows XP, Windows Vista and Windows 7)
- Detect the versions of Java installed. If 1.5.0_09 is installed, exit. If 1.5.0_08 or less was installed, install this version. If it has a newer version, do nothing.
The best way of determining the Java versions is to look in %program files%. On 64-bit machines, this is “C:\program files (x86)\Java”. On 32-bit, this is “C:\program files\Java”. The script accounts for this.
I wanted to post this because several of the functions used are very useful. The share hosting the jre runtime needs to have wide open read-only access so the Local System account can access share (Domain Computers). This script can then be applied to machine accounts in group policy as a startup script. If you want to test this, just comment out line 111.
Cheers!
Download Compressed (.zip) script
'====================================================== ' VBScript Source File ' NAME: Java Runtime Environment Installation ' AUTHOR: Andrew J Healey ' DATE : 2010.07.15 ' COMMENT: This script will install the jre references based on processor, existing ' installations, and operating system. This script is to be run at startup ' under the Local System account. No user interaction is required for ' this script to work properly. '====================================================== Option Explicit If isClientOperatingSystem = False Then wscript.quit Dim jreVerMajor, jreVerMinor Dim strCommand, strPathToInstall, strInstallFile, strArguments '============== BEGIN CONFIGURATION SECTION ================= jreVerMajor = "jre1.5.0_" 'As string jreVerMinor = 9 'As Integer for <> operations strPathToInstall = "\\servername\Software\Java\" 'Point to share \\servername\share\folder\ strInstallFile = "jre-1_5_0_09-windows-i586-p.exe" strArguments = "/s /v /qn ADDLOCAL=jrecore,extra IEXPLORER=1 REBOOT=Suppress JAVAUPDATE=0 SYSTRAY=0 WEBSTARTICON=0" strCommand = strPathToInstall & strInstallFile & " " & strArguments '============== END CONFIGURATION SECTION ================= If checkForJRE(jreVerMajor, jreVerMinor) = False Then Call InstallJava(strCommand) End If Private Function checkForJRE(ByVal jreVerMajor, ByVal jreVerMinor) Dim jrePath Dim blnMajorFound : blnMajorFound = False Dim blnMinorFound : blnMinorFound = False If is32bit Then jrePath = "C:\Program Files\Java\" Else jrePath = "C:\Program Files (x86)\Java\" End If On Error Resume Next Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject") Dim objFolder : Set objFolder = objFSO.GetFolder(jrePath) Dim colSubfolders : Set colSubfolders = objFolder.Subfolders Dim objSubfolder For Each objSubfolder in colSubfolders If Left(objSubfolder.Name,Len(jreVerMajor)) = jreVerMajor Then blnMajorFound = True If CInt(Right(objSubfolder.Name,2)) >= jreVerMinor Then blnMinorFound = True End If End If Next If Err.Number <> 0 Then chechForJRE = True Exit Function End If If blnMajorFound = False And blnMinorFound = False Then checkForJRE = False Else checkForJRE = True End If On Error GoTo 0 Set objSubfolder = Nothing Set colSubfolders = Nothing Set objFolder = Nothing Set objFSO = Nothing jrePath = Empty blnMajorFound = Null blnMinorFound = Null jreVerMajor = Empty jreVerMinor = Empty End Function Private Function is32bit() 'Get processor architecture; do not use remotely const HKEY_LOCAL_MACHINE = &H80000002 Dim oReg,strKeyPath,strValueName Dim strValue On Error Resume Next Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv") strKeyPath = "SYSTEM\CurrentControlSet\Control\Session Manager\Environment" strValueName = "PROCESSOR_ARCHITECTURE" oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue If Err.Number <> 0 or strValue = "x86" Then is32bit = True Else is32bit = False End If Err.Clear On Error GoTo 0 Set oReg = Nothing strKeyPath = Empty strValueName = Empty End Function Private Function InstallJava(ByVal strCommand) On Error Resume Next Dim objWshShell, intRC Set objWshShell = WScript.CreateObject("WScript.Shell") intRC = objWshShell.Run(strCommand, 0, True) If intRC <> 0 Or Err.Number <> 0 Then InstallJava = "Failed" Else InstallJava = "Success" End If On Error GoTo 0 Set objWshShell = Nothing intRC = Empty End Function Private Function isClientOperatingSystem() Dim objWMIService, objItem, colItems Dim strOS On Error Resume Next ' WMI Connection to the object in the CIM namespace Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") ' WMI Query to the Win32_OperatingSystem Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem") ' For Each... In Loop (Next at the very end) For Each objItem in colItems strOS = objItem.Caption Next If InStr(strOS,"Windows 7") <> 0 Or InStr(strOS,"XP") <> 0 Or InStr(strOS,"2000 Professional") <> 0 Or InStr(strOS,"Vista") <> 0 Then isClientOperatingSystem = True Else isClientOperatingSystem = False End If If Err.Number <> 0 Then isClientOperatingSystem = False strOS = Empty Set objItem = Nothing Set colItems = Nothing Set objWMIService = Nothing On Error GoTo 0 End Function
Online donations are up (http://www.jakesfund.com/). Please forward to as many people as possible. Please help spread the word.
There isn’t a lot one can say to make sense of this situation. Corporal Waggoner and his family need the help of you and all the others who have worn the uniform. Jake returned from Iraq in March 2007 and soon became married. Shortly after, his wife gave birth to healthy baby girl, Bella. A couple months ago, the biopsy results for a tumor in his brain came back. Jacob Waggoner was given six to twelve months to live. At the same time Jake got the news, the father of a beautiful little girl found out he was to become a father again.
Anybody who has served with Jake knows he is a fighter. Jake is taking steps to fight this tumor so that he can see his child born and spend as much quality time with his family as possible. He is on a strict regimen of medications. His seizures and migraine headaches are slowing down as he cleanses his body. His diet of only organic foods has been helping his quality of life.
The reality however, is that Jake and his family needs our help. The medications are expensive. Organic food has more than doubled his grocery bill. And, he is unable to work due to his medications and seizures.
Please help Jake and his family in their time of need. You can read more about Jake on a website that was setup to aid in the fundraising: http://www.jakesfund.com/. Donations can also be made at any Bank of America. Just reference the account “the Waggoner Trust Fund”.
We have also added a Facebook group and Twitter account to help spread the word:
http://www.facebook.com/group.php?gid=388178191647
Thank you for spreading the word and helping a Veteran of this great country.
Comm Platoon, H&S Co, 4th LSB
I was asked to get a baseline for generating reports within AD. The two important pieces of information which were required to generate these reports were the ip address and FQDN of each domain controller. The script would then connect to each individual system to gather data. While I was at it, I added the MAC Address just to see what other pieces of data would be useful out of the Win32_NetworkAdapterConfiguration class.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | #Enter the fqdn of your forest/domain $fqdn = "fully.qualified.domain.name" #Create Empty HashTable $ht = New-Object psobject | Select FQDN, MACAddress, IPAddress #Enumerate Domain Controllers $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$fqdn) $dclist = [System.DirectoryServices.ActiveDirectory.DomainController]::findall($context) ForEach ($strComputer in $dclist) { #Get IP Info of each DC $colItems = GWMI -cl "Win32_NetworkAdapterConfiguration" -name "root\CimV2" -comp ` $strComputer.name -filter "IpEnabled = TRUE" ForEach ($objItem in $colItems){ $ht.FQDN = $strComputer $ht.MACAddress = $objItem.MacAddress $ht.IPAddress = $objItem.IpAddress } $ht } |
I was recently asked to get a quick report of all Windows 7 computers within a multi-domain AD forest. After banging my head into the keyboard for a while, I finally figured it out. The script below should do the trick.
Also, if you use the OperatingSystemVersion attribute, you will find that Server 2008 R2 shares version “6.1 (7600)”. So, the best way to find Windows 7 only, is to search for “Windows 7*” with the wildcard character against the OperatingSystem attribute. That will ensure all Windows 7 versions are returned and will exclude Server 2008 R2 from your results.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #Get Domain List $objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $DomainList = @($objForest.Domains | Select-Object Name) $Domains = $DomainList | foreach {$_.Name} #Act on each domain foreach($Domain in ($Domains)) { Write-Host "Checking $Domain" -fore red $ADsPath = [ADSI]"LDAP://$Domain" $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath) $objSearcher.Filter = "(&(objectCategory=Computer)(operatingSystem=Windows 7*))" $objSearcher.SearchScope = "Subtree" $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) { $Computer = $objResult.GetDirectoryEntry() $Computer.DistinguishedName } } |
In part two, I showed you how to use the Local Security Policy GUI to block the bad guys. There were a lot of pretty pictures for those tha
t prefer the GUI. In this version, I’ll show you how to accomplish the same thing from the command line. This is my preferred method. It is much simpler to automate and explain.
By following the steps below, you will be able to create a new policy and manage the filter lists and actions. The goal here will be to put all these pieces together into a nice tidy package that is fully automated.
Continue reading »
In part two, I want to show how you can quickly setup an ipsec policy to block the bad hosts you identified in part one. While many methods can be used to block hosts, using the Local Security Policy (secpol.msc) and ipsec is a simple method which can be fully automated.
By following the steps below, you will be able to create a new policy and manage the filter lists and actions. In part three, I will explain how this can be done from the command line for all you CLI warriors. This tutorial should be accurate for: Windows XP, Vista, 7 and Server 2003, 2008, 2008R2 (possibly even 2000)
Continue reading »
Download Script: get-bad-hosts.zip
While troubleshooting some issues on an OWA Front-End server, I went over to the security log to see if the authentication attempts were getting past this box. The problem I found was the log was so full of failed logon attempts it was difficult to filter out what I was looking for. In a twelve hour period, there were thousands of 529 events in the security log. Now, I know this is nothing new, but I found a few patterns. I manually exported the log to a CSV, parsed out all the source ip addresses and opened it up in Excel. What I found was that 98.7% of failed logon attempts were made by just four different ip addresses. (I recommend using MaxMind’s GeoIP Address Locator for help in determining where the source addresses are located.)
Continue reading »
Download Script: move-pst-to-network.zip
So, my buddy (and former co-worker) called me yesterday for some help with a script he put together. His script checked the local profile in Outlook for any PST files that were stored locally. If it found any, it would them move them to the users home space. We tried and tried to get the script to work properly but it never seemed to work 100%. Being that he is a good friend and this would be useful at work, I decided to take the work he had put in and get the thing working.
Continue reading »
NOOO!!!! Not my O!
Okay, okay. I know you are expecting another brain-dead response to Go_gle’s recent doodle. However, I am sick of it and I want to debunk several of the pages that say they have solved the mystery. Here are a few interesting events:
Continue reading »
