Get all SUS or WSUS updates

So, you use SUS or WSUS to update your workstations? What if you wanted to quickly update a new system with the latest patches?

You could use a little script like this:

@echo off
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

If Windows Update 3.0 is not installed on this system you may need to run the script and wait until the system wants to reboot. Then you run the script again.

Automatically install networkprinters on a Windows server

Another day, another blog entry!

Say: you want to install all the network printers on a Windows server to a workstation. One very easy way to do this is to use KiXtart. This is a very powerful scripting tool which you can run on Windows.

Install kix32.exe in the netlogon folder and run kix32.exe printers.kix from your login script.

You need to change the following script to the printers you want to use and save the script as printers.kix into the netlogon folder:

cls
Dim $printers[10]
$printers = "\\SERVER01\Printer 1","\\SERVER01\Printer 2","\\SERVER01\Printer 3"

$X = KeyExist("HKEY_CURRENT_USER\Software\Terminator")
If not $X
$X = AddKey("HKEY_CURRENT_USER\Software\Terminator")
Endif

$Y = ReadValue("HKEY_CURRENT_USER\Software\Terminator", "1")
If not @ERROR = 0
$loop=10
while $loop > 1
DelPrinterConnections ()
$loop=$loop - 1
loop
$Y = WriteValue("HKEY_CURRENT_USER\Software\Terminator", "1", "1", "REG_SZ")
If @ERROR = 0
Endif
Endif

For Each $Element In $printers
if AddPrinterConnection ("$Element") = 0
? $Element " was installed!"
endif
Next

function DelPrinterConnections()
dim $c,$bk,$conn
$c=0
$bk="HKEY_CURRENT_USER\Printers\Connections"
$conn=enumkey($bk,$c)
while @error=0
$c=$c+1
$conn=delkey($bk+"\"+$conn)
$conn=enumkey($bk,$c)
? "Networkprinter removed..."
loop
endfunction

This script will remove all old networkprinters an install \\SERVER01\Printer 1, \\SERVER01\Printer 2 and \\SERVER01\Printer 3. It will also change a value in the registry so this script will not change anything until you want it to. This way, if a user has selected a default printer it will not be changed on every logon.

Also you could expand the script to install specific printers for specific users, workstations or even IP adress ranges.

Cool options of the FOR command

The for command allows you to do a lot of cool stuff.

This is what most people use this command for, do stuff for some files or folders in a specific location.

for /D %%v in (*.*) do echo %%v

But did you know you can use this command to interpret comma delimited (csv) files?Display input.txt line by line:

for /F %%v in (input.txt) do echo %%v

Display 3 seperate values delimited by comma's

for /F "tokens=1-3 delims=," %%v in (input.txt) do echo %%v - %%w - %%x

Display first and third value

for /F "tokens=1,3 delims=," %%v in (input.txt) do echo %%v - %%w

Skip line 1

for /F "tokens=1-3 skip=1 delims=," %%v in (input.txt) do echo %%v - %%w - %%x

Why is this cool? Well, you could use it to generate homedirs for users, share the folder and grant the right permissions like this:

@echo off
if %1v==mv goto MAKE
for /F "skip=1 tokens=1" %%v in (users.csv) do call homedir3.cmd m %%v
goto end
:MAKE
md E:\Users\%2
net share %2$=E:\Users\%2 /grant:everyone,full
cacls E:\Users\%2 /E /G %2:C
:END

This script will interpret users.csv and create homedirs for all the users in there. The file uses the same layout as you would use with AddUsers. It even skips the first line so you don't need to change anything in here. You need to save the script as homedir3.cmd as it calls itself to really do something.

Snort/Squill virtual machine

I use Snort as an IDS for some of my clients. The setup of such a system is fairly time consuming which is why I was looking for a Live CD.

But I guess a virtual machine image is just as good. I found a nice one here.

System Information for Windows

Just found a very cool tool to get system information on a Windows system: SIW. This tool displays just about anything you need to know about CPU, disk, running process, sensors, etc.

Download: SIW

Applications and encrypted volume on a USB stick

People, stop spending money on U3 USB sticks! You can just as easily create a stick with your favorite applications and an encrypted volume yourself.

PortableApps is a website that hosts a very nice menu and apps configured to run from the stick. Now you can carry your favorite computer programs along with all of your bookmarks, settings, email and more with you. Use them on any Windows computer. All without leaving any personal data behind.

After installing PortableApps you can create an encrypted volume on your stick. First you need to download the tool we're going to use: TrueCrypt

After installing TrueCrypt you need to copy the following files to the root of your memory stick:

Truecrypt.exe
Truecrypt.sys
Truecrypt Format.exe (If you want to be able to add new volumes on the move.)

Create a TrueCrypt volume in the root of your memory stick, using TrueCrypt Format. I've named this volume data.tc, but you can choose another name. (Make sure you change the autorun.inf as well) Now edit autorun.inf in the root of your memory stick:

[Autorun]
label=My Stick

action=Start PortableApps
open=PortableApps\PortableAppsMenu\PortableAppsMenu.exe
icon=PortableApps\PortableAppsMenu\PortableAppsMenu.exe

action=Mount TrueCrypt Volume
open=truecrypt /v data.tc /lz /q /a /m rm /e

shell=mounttc
shell\mounttc=&Mount
shell\mounttc\command=truecrypt /v data.tc /lz /q /a /m rm /e

shell=dismounttc
shell\dismounttc=&Dismount
shell\dismounttc\command=truecrypt /dz /q

shell=runtc
shell\runtc=Run &TrueCrypt
shell\runtc\command=truecrypt

DVR2WMV alternative...

I use a Windows XP MCE PVR at home and is nice! but the video format Microsoft (DVR-MS) does not play on other media players like XBMC.

To solve this I used to run a little script that would use DVR2WMV to transcode all the files in the Recorded TV folder to WMV and remove the DVR-MS files. This was causing more and more issues, like sound dropping out and files becoming corrupt.

To solve the problem I looked into some other tools and found AutoDVRconvert on the "The Green Button" forums, and this tools seems to do the trick. It can do conversion to WMV and MPG. Not only does this tool work better, it also seems to run much faster, 5 minutes for an hour of video.

The install was causing some problems for me, and the documentation was not very clear so I'll explain.

1. Download AutoDVRconvert
2. Extract all the files to the Recorded TV folder, in my case "D:\Recorded TV"
3. Run register filters.bat in the Recorded TV folder
4. Start AutoDVRconvert and set up an input and output folder

You could configure AutoDVRconvert to delete the original if the conversion was succesful, I'm only going to do this when I am sure everything works fine.

High five!

Dial GPRS connection if no LAN is available

Yes, I know. You could use a commercial tool to acomplish the following: dial a GPRS connection whenever no LAN (Or WLAN) is available. I decided to brew my own little script to do this.

The VB script dials the RAS connection "GPRS" when the connection with the name "Local Area Connection" is not connected to a network. The script does not check if this LAN connects to the internet.

Dim Shell, Hell, GPRS

Set Shell = CreateObject("WScript.Shell")
strComputer = "."
GPRS = "0"

Do
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_NetworkAdapter Where NetConnectionID = 'Local Area Connection'")

For Each objItem in colItems
If objItem.NetConnectionStatus = 7 Then
If GPRS = "0" Then
' Wscript.Echo "LAN verbinding verbroken! Status: " & objItem.NetConnectionStatus
Shell.Run ("rasdial GPRS")
GPRS = "1"
End if
Else
If GPRS = "1" Then
' Wscript.Echo "LAN verbinding actief! Status: " & objItem.NetConnectionStatus
Shell.Run ("rasdial GPRS /DISCONNECT")
GPRS = "0"
End if
End if
Next
Wscript.Sleep 10000
Loop Until Hell="Freezes over!"

Devide your screen with GridMove

Wide monitors are cool, and very useful. You can, for instance, run Word on the main part of your screen and run Messenger in a small part to the side of the screen. (Like a sidebar)

GridMove is a free (Uh... Donationware) tool that allows you to do this quickly and easily.

http://jgpaiva.donationcoders.com/gridmove.html

Try it!

Rewrite EventID.net links (GreaseMonkey)

First things first, the script...

// ==UserScript==
// @name EventID.Net
// @include http://www.eventid.net/*
// ==/UserScript==

var allmskblinks,
thismskblink;
allmskblinks = document.evaluate(
'//a[@href="/subscribersonly.asp?feature=marticle"]',document,null,XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE,null);
for (var i = 0; i < thismskblink =" allmskblinks.snapshotItem(i);" href =" 'http://support.microsoft.com/kb/'+thismskblink.firstChild.nodeValue;

This script will allow you to click through the Mxxxxx links in EventID.net. You need to install the script in Greasemonkey for Firefox.

Firefox download: www.getfirefox.com
Greasemonkey download: greasemonkey.mozdev.org
Installing this script: http://greasemonkey.mozdev.org/using.html

You can download the script here.

Offline files hell

Man... Windows Briefcase sucked but Offline files isn't much better. Anyways... the tool you want is CSCCMD, part of the Windows 2003 RK. Download This enables you to move an offline folder to a new server, delete offline folders whicht don't work anymore and much more. You can find more info on this site: http://blogs.msdn.com/jonathanh/archive/category/6957.aspx
Btw.

I'm using ViceVersa (http://www.tgrmn.com/) for a lot of my clients now and this works great. You might also want to try Microsofts free SyncToy. If you know of better alternative please post in the comments!

Bring local network printers to your terminal server

So you have got a local network printer (Jetdirect, LPD, IP printing) which you would like to use on your terminal server? Here's a quick and dirty solution.

Enable File and printer sharing Share the local network printer Create a local printer on a free LTP port, say LPT3:, with the same drivers as the local network printer Open a command box and type net use LPT3: \\computername\sharename Test to see if the printer is added in your terminal server You need to be an admin on the terminal server to install new drivers. The "net use" should be persistent but if it doesn't work you might want to add a script in your startup folder.

Graphical Login in VNC

This creates a VNC server that does not require authentication for VNC. After connecting a loginbox is displayed so multiple users can login to their desktop on this server. This procedure is heavyly based on this site: http://linuxreviews.org/howtos/xvnc/

First you need to install and configure xinetd and allow xinetd to listen to external calls: open /etc/xinetd.conf Make the line a comment by adding a # in front of it: only_from = localhost

Open /etc/X11/xdm/xdm-config find DisplayManager.requestPort :0 and comment it out by inserting a ! at the beginning of the line.

The user nobody must have a valid shell assigned when using xdm. You will only get a gray screen when connecting to xdm if nobody has the default /bin/false set.

usermod -s /bin/bash nobody

Edit kdmrc

[Xdmcp]
Enable=true
Willing=/etc/X11/xdm/Xwilling
Xaccess=/etc/X11/xdm/Xaccess
Port=177

[X-*-Core]
AllowShutdown=None
AllowRootLogin=false

Optional: Edit /etc/X11/xdm/Xaccess and uncomment the line '* #any host can get a login window by removing the single quote '.

It is better to use 192.168.0.* or 127.0.0.1 than * for security.

Cut & paste the following lines to your /etc/services:

services.txt
vnc-1024x768x16 5900/tcp

Create a file called /etc/xinetd.d/xvncserver

service vnc-1024x768x16
{
protocol = tcp
socket_type = stream
wait = no
user = nobody
server = /usr/bin/Xvnc
server_args = -inetd -query localhost -once -geometry 1024x768 -depth 16
}

Restart xinetd
/etc/init.d/xinetd restart

Start or restart the gdm/kdm/xdm service
/etc/init.d/xdm restart

You might want to enable xdm auto start, save this text as /etc/rc.d/init.d/xdm:

[XDM]
#!/bin/sh

# chkconfig: 234 60 60
# processname: /usr/X11R6/bin/xdm
# config: /etc/X11/xdm/xdm-config

# source function library
. /etc/rc.d/init.d/functions

[ -x /usr/X11R6/bin/xdm ] exit 0

prog=/usr/X11R6/bin/xdm

RETVAL=0

start () {
echo -n $"Starting $prog: "
# start daemon
daemon $prog
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/xdm
return $RETVAL
}

stop () {
echo -n $"Stopping $prog: "
killproc $prog
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/xdm
return $RETVAL
}

restart () {
stop
start
RETVAL=$?
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
RETVAL=$?
;;
restart)
restart
;;
condrestart)
[ -f /var/lock/subsys/xdm ] && restart :
;;
reload)
echo -n $"Reloading $prog: "
killproc $prog -HUP
RETVAL=$?
echo
;;
*)
echo $"Usage: $0 (startstoprestartcondrestartreloadstatus)"
RETVAL=1
esac

exit $RETVAL
[/XDM]

Exchange Administrator Permissions

If you are running an Exchange server and you need to manage users' mailboxes or need to run backups you will want to have full access to the users' mailboxes. In Exchange 5 or earlier you did this with the option "Show permissions page on all objects". In Exchange 2000 and 2003 the easiest way to do this is as follows:

1. Open regedit
2. Browse to HKCU\Software\Microsoft\Exchange\ExAdmin
3. Add Add a "ShowSecurityPage" DWORD value with a value of 1 to

Now you can remove the deny permissions on the organisation for the administrator, domain admins and exchange admins.

Office Administrative Installs

Real men don't click, or so I'm told, so why install Office by hand? You can deploy Office on a network by using a MSI install.

First make an administrative install point on your server by running setup.exe /a from the CD. It will ask you for a location to put the install and user and serial number details.

Now you want to include the latest servicepacks, download the FULL SP from the Microsoft site and extract the file: Office2003SP2....exe /C /T:D:\Temp. (Of course you need to change D:\Temp to the location you want to use.)

Install the update by running this command: msiexec /p D:\Temp\MAINSP2ff.msp /a "D:\MSI\Office 2003 NL\PRO11.MSI" SHORTFILENAMES=TRUE /qb

More details here: http://www.svrops.com/svrops/documents/officeupdate.htm

Welcome!

Hi, and welcome to my little place on the web. I am an IT professional and I desperately needed a place to put things I figured out earlier.