IsConnectible: My vbScript Ping Method

When­ev­er I am doing large sweeps of the net­work that require con­nect­ing to a large num­ber of work­sta­tions (e.g. file copy, wmi query, etc.), I pre­fer to check to see if I can even see the sys­tem. This avoids wait­ing for (WMI) time­outs and also aids in trou­bleshoot­ing fail­ures. If the file copy failed, why? Well, if I can’t ping it or it can’t be resolved, I would like to know right away and move on to the next host.

Of course, there are a cou­ple down­sides to this method. It does add over­head to the script because it too has a time­out. How­ev­er, depend­ing on the pur­pose of the script, this may be accept­able for the flex­i­bil­i­ty you gain. The oth­er caveat is that the sys­tems you run this against must allow ICMP on their local fire­wall or the script will just ignore them and move on to the next host.

There are sev­er­al meth­ods for ping­ing hosts but I’ve found this to be the most reli­able since it works against any sys­tem that allows ICMP, even Lin­ux or Macs. This is adapt­ed from Richard Mueller’s ping script. This method will return three pos­si­ble val­ues: “Online”, “No Ping Reply”, or “No DNS/WINS Entry”. You can also tweak the ping com­mand options to your lik­ing.

Here is an exam­ple of how to call the func­tion:

Dim computers(2), computer, pingable
computers(0) = "pc-100.domain.local"
computers(1) = "pc-200.domain.local"
comptuers(2) = "pc-300.domain.local"
For Each computer In computers
	Select Case IsConnectible(computer)
		Case "Online"
			wscript.echo computer & " is online"
		Case "No Ping Reply"
			wscript.echo computer & " is offline or firewall blocks ICMP"
		Case "No DNS/WINS Entry"
			wscript.echo computer & " cannot be found in DNS/WINS"
		Case "Host Unreachable"
			wscript.echo computer & " is unreachable"
	End Select
Next

Here is the func­tion:

Private Function IsConnectible(ByVal strComputer)
	' Uses ping.exe to check if computer is online and connectible.
	' Adapted from http://www.rlmueller.net/Programs/Ping1.txt
	Dim objShell, objExecObject, strText
	Set objShell = CreateObject("Wscript.Shell")
	
	' use ping /? to find additional values for ping command; see -n and -w
	Set objExecObject = objShell.Exec("%comspec% /c ping -n 2 -w 750 " & strComputer)
	Do While Not objExecObject.StdOut.AtEndOfStream
		strText = strText & objExecObject.StdOut.ReadLine()
	Loop
	
	If InStr(strText,"could not find host") > 0 Then
		IsConnectible = "No DNS/WINS Entry"
	ElseIf (InStr(strText,"Reply from ") > 0) And (InStr(strText,": bytes=") > 0) Then
		IsConnectible = "Online"
	ElseIf InStr(strText,"Destination host unreachable") > 0 Then
		IsConnectible = "Host Unreachable"		
	Else
		IsConnectible = "No Ping Reply"
	End If
End Function

Microsoft Releases Windows 8 Developer Preview

Microsoft has released the Win­dows 8 Devel­op­er Pre­view.  This down­load is a full ver­sion of the pre-beta Win­dows 8 build and is chock full of dis­claimers regard­ing its sta­bil­i­ty.  Need­less to say, I had to down­load it and give it a shot.  The down­load (2.8GB to 4.8GB) can be found linked off the front page of the Win­dows Dev Cen­ter.  I decid­ed to down­load the full ver­sion with all the Metro devel­op­ment good­ness though there is a lighter ver­sion with­out all the devel­op­er tools.

The Win­dows 8 Pre­view Guide (PDF) is pret­ty impres­sive.  It is a nice, clean overview of Win­dows 8.  Of course, the net is going to be sat­u­rat­ed with info in just a few days now that it is pub­licly avail­able.  I also high­ly rec­om­mend check­ing out the Build Keynote which pro­vides some of the eye can­dy you can look for­ward to.

I was­n’t as sur­prised to see ARM sup­port as Microsoft has made it clear it was com­ing.  I was sur­prised to see a 32-bit ver­sion for down­load.  I sup­pose it might be a bit lighter weight (at .8GB < the x64 ver­sion) for those just want­i­ng to pull it up in a VM to give it test run.

I was excit­ed when I saw the Live Con­nect tech­ni­cal pre­view (site does­n’t work w/ Chrome) until I real­ized it is only the SDK.

vbScript: Quickly determine architecture

I’ve been using a rou­tine to deter­mine 64-bit v 32-bit work­sta­tions for some time check­ing the reg­istry for the PROCESSOR_ARCHITECTURE in the HKLM­SYS­TEM­Cur­rent­Con­trolSet­Con­trolSes­sion Man­agerEn­vi­ron­ment path. How­ev­er, this was prov­ing to be error prone. So, I just gave up that method alto­geth­er since all Win­dows x64 edi­tions have a “%SystemDrive%Program Files (x86)” direc­to­ry. This makes it just a quick and easy call the folderex­ists method of the filesys­te­mob­ject.

The only down­side is that can’t be used remote­ly but since most of my scripts are used in local poli­cies, this should­n’t be an issue.

Cheers!

Private Function is64bit()
	Dim filesys : Set filesys = CreateObject("Scripting.FileSystemObject")
	Dim bln64bit : bln64bit = False
	If filesys.FolderExists("C:Program Files (x86)") then bln64bit = True
	is64bit = bln64bit
End Function

Part 1: Blocking Bad Hosts - Finding Them, Easily

Down­load Script: get-bad-hosts.zip

While trou­bleshoot­ing some issues on an OWA Front-End serv­er, I went over to the secu­ri­ty log to see if the authen­ti­ca­tion attempts were get­ting past this box. The prob­lem I found was the log was so full of failed logon attempts it was dif­fi­cult to fil­ter out what I was look­ing for. In a twelve hour peri­od, there were thou­sands of 529 events in the secu­ri­ty log. Now, I know this is noth­ing new, but I found a few pat­terns. I man­u­al­ly export­ed the log to a CSV, parsed out all the source ip address­es and opened it up in Excel. What I found was that 98.7% of failed logon attempts were made by just four dif­fer­ent ip address­es.  (I rec­om­mend using Max­Mind’s GeoIP Address Loca­tor for help in deter­min­ing where the source address­es are locat­ed.) Read More

vbScript - List All Members Of Sensitive Groups: Schema, Enterprise and Domain Admins

Down­load Script: AD-Admin-Audit
Update 2011.06.21: I found a miss­ing line in this script keep­ing it from run­ning. I fixed that in the code below. I also added a down­load­able zip file with the script to help with the for­mat­ting issues caused when copy­ing and past­ing direct­ly from the site.

Update 2009.04.16: At the request of a com­menter, I added a cou­ple lines to the script that will dump the out­put to a text file in the root of the C: dri­ve. I also cor­rect­ed a cou­ple errors in the script.

I was tasked to get a dump of all the users in our Schema Admins, Enter­prise Admins and Domain Admins for our For­est. I start­ed think­ing about it and real­ized a cou­ple things. Two of the three groups reside at the for­est root while the Domain Admins group exists for every domain in the for­est. This meant I would need to enu­mer­ate every domain and depend­ing on the domain, enu­mer­ate either all three groups or just one. Read More

SNMP In A Windows Environment

The dif­fi­cult part with man­ag­ing SNMP via Group Pol­i­cy is that SNMP is not installed by default. The first step is to install SNMP on all the machines you want to mon­i­tor via SNMP. This can be man­aged a cou­ple ways. The sim­plest method that I have used is the one Zenoss rec­om­mends. If you only have a cou­ple of machines to install SNMP on, it may be eas­i­er just to go into the Add/Remove Pro­grams --> Add/Remove Win­dows Com­po­nents --> Man­age­ment and Mon­i­tor­ing Tools --> Sim­ple Net­work Mon­i­tor­ing Pro­to­col. Read More