I’ve been using a routine to determine 64-bit v 32-bit workstations for some time checking the registry for the PROCESSOR_ARCHITECTURE in the HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment path. However, this was proving to be error prone. So, I just gave up that method altogether since all Windows x64 editions have a “%SystemDrive%\Program Files (x86)” directory. This makes it just a quick and easy call the folderexists method of the filesystemobject.
The only downside is that can’t be used remotely but since most of my scripts are used in local policies, this shouldn’t be an issue.
Cheers!
Private Function is64bit() Dim filesys : Set filesys = CreateObject("Scripting.FileSystemObject") Dim bln64bit : bln64bit = False If filesys.FolderExists("C:\Program Files (x86)") then bln64bit = True is64bit = bln64bit End Function
Download Script: get-bad-hosts.zip
While troubleshooting some issues on an OWA Front-End server, I went over to the security log to see if the authentication attempts were getting past this box. The problem I found was the log was so full of failed logon attempts it was difficult to filter out what I was looking for. In a twelve hour period, there were thousands of 529 events in the security log. Now, I know this is nothing new, but I found a few patterns. I manually exported the log to a CSV, parsed out all the source ip addresses and opened it up in Excel. What I found was that 98.7% of failed logon attempts were made by just four different ip addresses. (I recommend using MaxMind’s GeoIP Address Locator for help in determining where the source addresses are located.)
Continue reading »
Update 2009.04.16: At the request of a commenter, I added a couple lines to the script that will dump the output to a text file in the root of the C: drive. I also corrected a couple errors in the script.
I was tasked to get a dump of all the users in our Schema Admins, Enterprise Admins and Domain Admins for our Forest. I started thinking about it and realized a couple things. Two of the three groups reside at the forest root while the Domain Admins group exists for every domain in the forest. This meant I would need to enumerate every domain and depending on the domain, enumerate either all three groups or just one.
Continue reading »
The difficult part with managing SNMP via Group Policy is that SNMP is not installed by default. The first step is to install SNMP on all the machines you want to monitor via SNMP. This can be managed a couple ways. The simplest method that I have used is the one Zenoss recommends. If you only have a couple of machines to install SNMP on, it may be easier just to go into the Add/Remove Programs –> Add/Remove Windows Components –> Management and Monitoring Tools –> Simple Network Monitoring Protocol.
Continue reading »
