The New Outlook.com and the Microsoft Account PaymentHub

Outlook.com Logo

While checking my RSS feeds for the night, I ran across this article describing the new Outlook.com.  As an avid user of “Live for Domains“, I was interested to see where Microsoft was going after announcing the renaming of the “Windows Live” moniker back in May.

Outlook.com

It turns out, the UI is refreshing and seems to be a new front-end for what was Hotmail and Live Mail.  It is a refreshing, minimalistic UI with a lot of white space.   Users of the preview releases of Windows 8 will notice many UI and usability similarities.  I was expecting to get a ‘preview like’ experience but that has not been the case.  I have several domains I use and have linked together.  The authentication worked like a charm and I was able to jump around my three different accounts in Outlook.com without it reverting to the old Hotmail interface (send-as working as well).

 

Outlook.com - Service Ribbon

Then I went to check out the Contacts/People interface and the Calendar.  The Calendar never loaded in Chrome so I had to revert to IE.  The Contacts/People interface had the opposite problem; it loads in Chrome just fine but not IE 10.  The Contacts/People interface matches the new UI but the Calendar has yet to be upgraded.  I

‘m sure MS will sort out these issues fairly quickly as they have already surpassed 1 million usersin the new UI.Try it now.  All it takes is a visit to Outlook.com.

Microsoft Account and PaymentHub

This is just speculation but I can see this really fitting into subscription services for Microsoft Office, Xbox games, additional e-mail and SkyDrive storage, advanced features in future releases of WebApps and more.Some people have been reporting running in the new “Microsoft Account” when logging in but this hasn’t been my experience.  However, after the switch, I went into the Outlook.com options/settings and saw a new billing tab.  I also noticed I was now at https://account.live.com/.  The link redirected to https://commerce.microsoft.com/PaymentHub/.  It appears this will handle subscriptions down the road and also function on a point system similar to Xbox Live and Bing Rewards.  It also identifies my account as a ‘US – Personal Account’ leading me to believe they may be using the same billing system used with the preview release of Office365.

Screenshots

What’s Next

With the release of Windows 8, Server 2012, Exchange 2013, Surface Tablets, Office365 Next, Sharepoint 2013, Office 2013, advancements w/ Azure IaaS and more, it is an exciting time for Microsoft.

 

C# Express – Create a Dummy or Placeholder Windows Service for Monitoring

Creating my custom service in Visual Studio

The IT ecosystem is rich with network monitoring systems (NMS). Each NMS has different capabilities, costs, and purposes in life. It is commonplace for me to come into a business that has invested in an NMS that doesn’t fit all their needs. You might ask, “What does this have to do with creating a Windows service?” Here is the scenario that brought this up.

A client has a monitoring solution for their Windows servers and some basic network up/down stats. Their internet connection had been flaky for a month or two. As we worked with their ISP, their connection continued to stay up but latency would spike and often drop packets. The monitoring never sees the link as down but the level of service is degraded and mostly unusable. The ISP can quickly reset the ports and fix the issue, but we want to know right when this happens to minimize downtime.

I setup a powershell script with the help of the team at ComputerPerformance.  This script is pretty straight forward. It uses the Test-Connection cmdlet and averages the latency to a remote host.

# Gets the average latency between you and $Server
# Using IP Addresses is recommended
$Server = "8.8.8.8"
$PingServer = Test-Connection -count 20 $Server
$Avg = ($PingServer | Measure-Object ResponseTime -average)
$Calc = [System.Math]::Round($Avg.average)
If ($Calc -gt 100 -Or $Calc -eq 0) {stop-service MyService} Else {start-service MyService}

Now, for the tricky part. How do I create a service that I can start and stop without actually impacting the underlying OS? I won’t go into the code too much but I have included the example C# source files in a zip at the bottom. I got this code from a MSDN social forum post.

To implement this, first make sure you read the forum post. You will need Visual Studio 2010 C# Express. Create a Windows Form Application and include references (Project –> Add References –> .NET) to System.Configuration.Install and System.ServiceProcess. You will need three files in your project: MyService.cs, MyServiceInstaller.cs and Program.cs. These are included in a zip at the end of this article (I also included the executable from the code if you want to test it out). You really only need to edit the MyService.cs and MyServiceInstaller.cs to match the Service’s purpose in life (and write useful event log entries). Once that is done, build the program. You will get an error on build about a “Windows Service Start Failure” as shown below. (Any developers out there know how to make this build w/o throwing the obvious error?) Just ignore the error and grab the executable from the Debug folder of the project. Place the executable somewhere safe (I use %windir%SysWOW64 in my example below).

Next, we need to install the service. You can install the service using the SC command in Windows. In this example, I used the name “lattest” as the service name and defined the display name as well. You can find more information on the SC.exe command here. Note: those spaces after the equals (=) sign are required when using the SC command.  Here is the code I used to install this service on Server 2008 R2:

sc create lattest binpath= "C:WindowsSysWOW64MyService.exe" displayname= "Latency Test" start= auto

At this point, your script can be setup to run as a scheduled task to start or stop the service depending on the conditions you set. You can point your NMS to monitor the service and you can sleep peacefully at night knowing you are proactively monitoring the issue.

If this is temporary in nature and you want to remove the service, just remove it from your NMS, delete the service and executable and remove your scheduled task. The service can be removed by running:

sc delete lattest

Here is the code from the Visual Studio Project: MyService.zip

Retrieving Password from Application Pool

I came across an undocumented app the other day. For a number of reasons, we needed to restore the password but it wasn’t documented anywhere. Luckily, the service account was setup in an app pool. In IIS 7.0 or 7.5, APPCMD can be used to recover the password. In 6.0, adsutil.vbs can be used.

cscript.exe /nologo adsutil.vbs GET W3SVC/AppPools/AppPoolName/WAMUserPass

However, I wanted to write my own little script. Having a little tidbit makes it easy to reuse later for other clients. For example, I could search AD for SPNs starting with “HTTP”, loop through each of their app pools and document the username and passwords for all service accounts used in this fashion. So, here is the little tidbit I threw together.

Option Explicit

Call GetAppPoolUserAndPass("localhost", "ApplicationPoolName")

Private Sub GetAppPoolUserAndPass (byVal strComputer, byVal strAppPool)
	Dim appPool
	On Error Resume Next
	Set appPool = GetObject("IIS://" & strComputer & "/w3svc/AppPools/" & strAppPool)
	If Err Then
		wscript.echo "Error connecting to " & chr(34) & strAppPool & chr(34) & " on " & strComputer
	Else
		wscript.echo strAppPool & vbTab & appPool.WAMUserName & vbTab & appPool.WAMUserPass
	End If
	On Error GoTo 0
End Sub

Here is an example of just what I mentioned above. YMMV but this should discover IIS boxes and report all the accounts used in their app pools. Note: Pools using built-in accounts will show up with blank passwords; this is normal; the password isn’t actually blank.

Option Explicit

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Determine DNS domain name.
Dim objRootDSE, strDNSDomain
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Dim adoCommand, adoConnection
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Build Query
Dim strBase, strFilter, strAttributes, strQuery
strBase = ""
strFilter = "(servicePrincipalName=HTTP*)" 'Search for SPN starting w/ HTTP (case insensitive)
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Dim adoRecordset
Set adoRecordset = adoCommand.Execute

If (adoRecordset.EOF = True) Then
    Wscript.Echo "No SPNs Found matching HTTP*"
    Wscript.Quit
End If

Wscript.Echo "Computer Name" & vbTab & "AppPool Name" & vbTab & "User Name" & vbTab & "User Password"

Do Until adoRecordset.EOF
    Call GetApplicationPools(adoRecordset.Fields("name").Value & "." & strDNSDomain)
    adoRecordset.MoveNext
Loop
adoRecordset.Close

' Clean up.
adoConnection.Close

Private Sub GetApplicationPools (byVal strComputer)
	Dim objWMIService, colItems, objItem
	
	On Error Resume Next
	Set objWMIService = GetObject("winmgmts:{authenticationLevel=pktPrivacy}\" & strComputer & "rootmicrosoftiisv2")
	Set colItems = objWMIService.ExecQuery("Select * from IIsApplicationPoolSetting")
	If Err Then
		wscript.echo "Error connecting to " & strComputer
	Else
		For Each objItem in colItems
			Wscript.Echo strComputer & vbTab & objItem.Name & vbTab & objItem.WAMUserName & vbTab & objItem.WAMUserPass
		Next
	End If
End Sub

The Power of Scripting: Finding Morto.A

Here I go on another vbScript tutorial.  You might ask why I’m not doing this in powershell yet and it is simple: I still run into 2003 and XP environments. Oh yeah, and this works. I don’t care what scripting language I’m writing in if it gets the job done; you shouldn’t either. My $0.02. If you want to download this script, click here: Morto.A Detection Script.

A had to do a little cleanup on a network from the Morto.A worm.  The first thing I wanted to do was find out how bad things were.  They were reporting a DDOS across their LAN (mostly 3389) and a lot of other issues.  It as obvious we were going to need to rebuild a few systems but we wanted to get a grasp out of what the damage was.  This were generally working: logons, shares, etc.

I’m not going to go over what we did on the firewall or local network but discuss a quick script I threw together to scan the network for infected systems.  The trick was this network had multiple domains and several computers that weren’t even domain joined.

So, I put my automation hat on and threw together a script I will outline below.  I split this into sections to help you see how you can use scripting to piece together a complicated job in simple tasks.  It is pretty basic.  I start by defining what I want to do:

Problem statement: I need to check every computer in each domain for infection of the Morto.A worm.  I can split this into three distinct steps:

  1. For Each Domain
  2. Get Each Computer
  3. Check for Morto.A

For Each Domain

This is pretty simple.  There are advanced techniques for finding all the domains in a forest or reading from a text file or even a spreadsheet.  I like to keep it simple and just create an array.

Dim arrDomains
arrDomains = Array("domain1.domain.local", "domain2.domain.local", "domain3.domain.local")
For Each Domain in arrDomains
	Call ComputersAll(Domain)
Next

Get Each Computer

Now, I need to build the “ComputersAll” sub-routine.  I call this in the domain script by passing each domain in DNS format.  I used DNS domains in my example on purpose (you could use the DistinguishedName format “dc=domain1,dc=domain,dc=local” but I prefer DNS names for this purpose).  By default, each computer in that domain is going to register itself in DNS (assuming you set it up properly).  I want to get the computer name out of AD and append the dns domain name.  Once that is done, I want to use my “IsConnectible” script to check and make sure it is online.  If it pings, I should be able to carry out my business and find out if it is infected.

The real magic is in the lines: strBase, strAttrs and strFilter.  strBase sets the search base to the domain you sent the sub-routine.  It isn’t going to go outside this domain for its search but it will search the whole domain due to its use of subtree.  The search a specific OU, you have to use the DN format and that is out of scope of this article.  The strAttrs is pretty straight forward.  This is an array of attributes you want returned.  You could do DNSDomainName but some clients set this improperly.  It is safe to assume (in most cases) that the name and the domain name comprise the DNS domain name.  The strFilter isn’t doing much but may look complex.  Basically, it is looking for computers in AD that aren’t disabled.

The other things to pay attention to is the line after

Do Until ADORecordSet.EOF

.  This checks first if the computer is on the network through my “IsConnectible” script.  It passes the FQDN by appending “.” and the domain name to the name attribute from the query.

Const adUseClient = 3
Private Sub ComputersAll(byVal strDomain)
	Set adoCommand = CreateObject("ADODB.Command")
	Set adoConnection = CreateObject("ADODB.Connection")
	adoConnection.Provider = "ADsDSOObject"
	adoConnection.cursorLocation = adUseClient
	adoConnection.Open "Active Directory Provider"
	adoCommand.ActiveConnection = adoConnection

	strBase   =  ";"
	strFilter = "(&(objectClass=computer)(!userAccountControl:1.2.840.113556.1.4.803:=2));"
	strAttrs  = "name;"
	strScope  = "subtree"
	strQuery = strBase & strFilter & strAttrs & strScope
	adoCommand.CommandText = strQuery
	adoCommand.Properties("Page Size") = 5000
	adoCommand.Properties("Timeout") = 30
	adoCommand.Properties("Cache Results") = False

	Set adoRecordset = adoCommand.Execute

	If adoRecordset.RecordCount > 0 Then
		' wscript.echo "Computers for " & strDomain & ": " & adoRecordset.RecordCount
		' Loop through every single computer in the domain
		adoRecordset.MoveFirst
		Do Until adoRecordset.EOF
			If IsConnectible(adoRecordset.Fields("name").Value & "." & strDomain) = "Online" Then Call DetectMorto(adoRecordset.Fields("name").Value & "." & strDomain)
			adoRecordset.MoveNext
		Loop
	End If
	adoRecordset.Close
	adoConnection.Close
End Sub

Check For Morto.A

This is the tricky part. I used several sources and found two distict characterisitcs of this work:

  1. C:windowssystem32sens32.dll
  2. HKLMSystemWPA
    1. Key: sr
    2. Value: Sens

So, I need to check and see if a file and registry key exists in order to detect if the machine is infected.  There are a couple of caveats with this: 1) when checking if a file exists, the default response is true on error, 2) you need local admin rights to query the c$ share, and 2) the registry check relies on the remote registry service.  To overcome these caveats, we put error checking in.  If an error occurs, it assumes a manual check is needed.  We do this to err on the side of caution.  Of course, on a large network, this isn’t desirable.  Feel free to contact me if you need more advanced help.  Here is the sub-routine I came up with to do all of the above.  It is mean and nasty and isn’t exactly the kind of finesse I prefer but, it works…

First, I try writing a temp file (and deleting it if it succeeds). If that works, I should be able to detect if the file exists and connect to the remote registry. However, perhaps you are an admin that is paranoid and disables the remote registry service. Well, it will still detect an error and tell you to check manually. Of course, if you don’t have admin rights, it will also tell you to check remotely.

Private Sub DetectMorto(byVal strComputer)
	' Detects morto via several methods...
	Dim blnInfected : blnInfected = False
	
	
	' Requires admin rights to properly detect. Check for rights
	Dim objFSO : Set objFSO = CreateObject("Scripting.FileSystemObject")
	On Error Resume Next
	Dim TempFile : Set TempFile = objFSO.CreateTextFile("\" & strComputer & "c$WINDOWStempfile.deleteme", True)
	TempFile.WriteLine("This is a test.")
	TempFile.Close
	Set TempFile = Nothing
	objFSO.DeleteFile("\" & strComputer & "c$WINDOWStempfile.deleteme")	
	If Err Then bnlInfected = "Error"
	Err.Clear
	On Error GoTo 0
	
	' Check for registry key placed by Morto...
	Dim strKeyPath, strEntryName, objReg, strValue
	strKeyPath = "SYSTEMWPA"
	strEntryName = "sr"
	On Error Resume Next
	Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "rootdefault:StdRegProv")
	objReg.GetStringValue HKEY_LOCAL_COMPUTER, strKeyPath, strEntryName, strValue

	If Err Then blnInfected = "Error"
	If strValue = "Sens" Then blnInfected = True
	
	' Check for file indicating morto infection
	Dim strMortoSens32
	strMortoSens32 = "\" & strComputer & "c$WINDOWSsystem32Sens32.dll"
	If objFSO.FileExists(strMortoSens32) Then blnInfected = True
	
	' If the Infected flag is set, it is infected...
	If blnInfected = True Then
		wscript.echo "*******MORTO INFECTION: " & strComputer
	ElseIf blnInfected = "Error" Then
		wscript.echo "Error (Check Manually): " & strComputer
	Else
		wscript.echo "Clean: " & strComputer
	End If
End Sub

Conclusion

So, I have taken several scripts and thrown them together to find a solution. I can reuse this for anything. Perhaps I want to use vbscript to find computers with a certain file on their hard drive. I can reuse this by just tweaking the Morto sub-routine.

Microsoft Releases Windows 8 Developer Preview

Microsoft has released the Windows 8 Developer Preview.  This download is a full version of the pre-beta Windows 8 build and is chock full of disclaimers regarding its stability.  Needless to say, I had to download it and give it a shot.  The download (2.8GB to 4.8GB) can be found linked off the front page of the Windows Dev Center.  I decided to download the full version with all the Metro development goodness though there is a lighter version without all the developer tools.

The Windows 8 Preview Guide (PDF) is pretty impressive.  It is a nice, clean overview of Windows 8.  Of course, the net is going to be saturated with info in just a few days now that it is publicly available.  I also highly recommend checking out the Build Keynote which provides some of the eye candy you can look forward to.

I wasn’t as surprised to see ARM support as Microsoft has made it clear it was coming.  I was surprised to see a 32-bit version for download.  I suppose it might be a bit lighter weight (at .8GB < the x64 version) for those just wanting to pull it up in a VM to give it test run.

I was excited when I saw the Live Connect technical preview (site doesn’t work w/ Chrome) until I realized it is only the SDK.

Installing Exchange 2010 Service Pack 1 Fails At Mailbox Role: Database is mandatory on UserMailbox.

In a recent incident, an Exchange server had a complete volume failure during testing. Exchange 2010 was reinstalled but when installing Service Pack 1, it failed upgrading the Mailbox Role. Upon reviewing the log, I found the following line:

Database is mandatory on UserMailbox. Property Name: Database

The error doesn’t explain the problem very well but it is basically saying that there is a UserMailbox without a database, which should never happen. The failure of the volume and subsequent reinstall of 2010 left the arbitration mailboxes (and one or two user mailboxes) orphaned. Most of the suggestions to resolve this problem list doing things like deleting the system mailboxes and running “setup.com /PrepareAD”. After looking around, I was able to parse together a few other options and find a fix.

First, do a search in AD for the System mailboxes and make sure they exist in AD. (If they do not exist, check out this blog.)The three mailboxes are:

  • Discovery – SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}
  • Message Approval – SystemMailbox{1f05a927-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (where x is a random number)
  • Federated E-mail – FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042

Next, check out the status of their mailboxes:

Get-Mailbox –Arbitration

For this client, their Discovery and Message Approval mailboxes spat out error messages:

WARNING: The object XXXXXXXX.XXXXX/Users/SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} 
has been corrupted, and it's in an inconsistent state. The following validation errors happened:
WARNING: Database is mandatory on UserMailbox.

The fix is a lovely, one-line powershell. It won’t do anything without prompting you first. To verify it fixes the issue after you run it, take the first half of the command (get-mailbox -arbitration) and run that again to confirm they are online and okay.

Get-Mailbox -Arbitration | Set-Mailbox -Arbitration –Database "Mailbox Database XXX"

Hopefully this saves somebody from causing a bigger mess than necessary. After running this, I was able to install Service Pack 1 just fine. YMMV.

Edit: I found the DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852} was orphaned as well. To fix this mailbox, I just ran the following PoSH.

Get-Mailbox -Identity "DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}" | Set-Mailbox –Database "Mailbox Database XXX"

Exchange 2007+: Aliases have invalid data

Twice in the past two weeks, I have come across Exchange 2003 to Exchange 2007 migrations which went uncompleted. In both cases, I received the following error(s) when trying to view the properties of a recipient with spaces in its alias or when viewing the properties of the offline address book:

  • The properties on have invalid data. If you click OK, default values will be used instead and will be saved if you do not change them before hitting Apply or OK on the property page. If you click cancel, the object will be displayed read-only and corrupted values will be retained. The following values have invalid data: Alias.
  • WARNING: Object has been corrupted and it is in an inconsistent state. The following validation errors have been encountered: WARNING: is not valid for Alias.
  • Set- : is not valid for Alias.

Here is a screenshot of the error:

Exchange 2003 would allow an administrator to put spaces in the Alias attribute. That poses a problem for 2007 which is strict about the characters it allows in this attribute. In Exchange 2007 the following characters are considered valid: Strings formed with characters from a to z (uppercase or lowercase), digits from 0 to 9, !, #, $, %, &, ‘, *, +, -, /, =, ?, ^, _, `, {, |, } or ~. But, no spaces.

Going through you recipients one by one is a daunting task. Here is some code to automate this cleanup. Once you take care of this, you shouldn’t run into it again since the tools in Exchange 2007 won’t let you make the same mistake.

Clean up mailboxes:

Get-Mailbox | Where {$_.Alias -like "* *"} | ForEach-Object {Set-Mailbox $_.Name -Alias:($_.Alias -Replace " ","")}

Clean up public folders:

Get-PublicFolder | Where {$_.Alias -like "* *"} | ForEach-Object {Set-PublicFolder $_.Name -Alias:($_.Alias -Replace " ","")}
Get-PublicFolder -Identity "" -Recurse -ResultSize Unlimited | Foreach { Set-PublicFolder -Identity $_.Identity -Name $_.Name.Trim()}

Clean up contact objects:

Get-MailContact -ResultSize unlimited | foreach {$_.alias = $_.alias -replace 's|,|.'; $_} | Set-MailContact
Get-Contact | Where {$_.Alias -like "* *"} | ForEach-Object {Set-Contact $_.Name -Alias:($_.Alias -Replace " ","")}

Clean up distribution groups:

Get-DistributionGroup | Where {$_.Alias -like "* *"} | ForEach-Object {Set-DistributionGroup $_.Name -Alias:($_.Alias -Replace " ","")}

Check for any objects that still throw errors:

Get-PublicFolder | findstr "Warning"
Get-Contact -resultsize unlimited | findstr "Warning"
Get-Mailbox -resultsize unlimited | findstr "Warning"
Get-DistributionGroup -resultsize unlimited | findstr "Warning"

Rebuild your address lists:

Set-AddressList "All Users" -IncludedRecipients MailboxUsers
Set-AddressList "All Groups" -IncludedRecipients Mailgroups
Set-AddressList "All Contacts" -IncludedRecipients MailContacts
Set-AddressList "Public Folders" -RecipientFilter {RecipientType -eq "PublicFolder"}
Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}

Microsoft IT Environment Health Scanner

It's essentially a server for business.
It's essentially a server for business.
Most people have a fear of taking their vehicle to the mechanic for even the simplest tasks just to find out they need their transfunctioner adjusted because of wear to the driver’s side steering widget.  For many in the SMB market, that same fear can be found in their technology investments.  “Did that last IT guy wrap our SQL server in duct tape and tie it to the web server with shoe string?”  The reality is often not that bad, but it can be unsettling not knowing.

The first thing I want to check when preparing any SMB (or large scale Enterprise) for a project is the overall health of their environment.  I typically use a few custom scripts, the invaluable tools from Joeware and Sysinternals, plus a few others offered by various vendors to collect the data for analysis.  The standard services are checked, like DNS, DHCP, WINS (ugh), Exchange, AD, NTP, Group Policy, CAs, etc. for overall health and misconfigurations.  Even with the rich ecosystem of tools, this process can be time consuming so I am always looking for ways to streamline the process.

It seems a lot of others were looking for a quick method as well; at least one that can get a quick assessment of whether you are dealing with a disaster or limited pieces to fix.  The Microsoft Essential Business Server runs a check on the environment to assess its health before installation.  From this Microsoft Technet blog, “[the EBS team] noticed that Preparation Wizard was widely used, not just by customers who were deploying EBS, but anyone with Active Directory in their network who wanted to verify the health of their environment.” This gave birth to the Microsoft IT Environment Health Scanner in the summer of 2009.

This free tool does the basic checks I’m going to do anyway but it gives that quick assessment that often tells me whether I need to dig further. Microsoft’s download page states:

When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:

  • Configuration of sites and subnets in Active Directory
  • Replication of Active Directory, the file system, and SYSVOL shared folders
  • Name resolution by the Domain Name System (DNS)
  • Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
  • Health of the domain controllers
  • Configuration of the Network Time Protocol (NTP) for all domain controllers

Whether you have a small Microsoft IT environment or are Enterprise large, this tool is great for catching those things often overlooked during setup or changes or misconfigured. Download link: Microsoft IT Environment Health Scanner.

vbScript: Tweaking Power Settings (disabling hibernate and standby)

As is often the case in IT, when you need to push out that software package or migrate that computer to a new domain, it isn’t on the network.  This has come up several times in the past year and I wanted to share my solution.  Now, this isn’t the “greenest” solution because this will ensure your clients never go into a power saving mode.  However, it can be a temporary fix for a project.  It can also be adapted to force standby or hibernate at specific thresholds.

While Windows 7 and Vista make this task simple, XP is still a reality in most enterprises and SMB’s and therefore, must be taken into account.  The script below does just that.  Some additional examples can be found at the US Government’s Energy Star website.

Note: Copying the script from the webpage may cause formatting issues.  You can download the script here: tweak-power-settings.vbs
Read More