windows | Andrew Healey

IsConnectible: My vbScript Ping Method

By andrew on September 15, 2011

Whenever I am doing large sweeps of the network that require connecting to a large number of workstations (e.g. file copy, wmi query, etc.), I prefer to check to see if I can even see the system. This avoids waiting for (WMI) timeouts and also aids in troubleshooting failures. If the file copy failed, why? Well, if I can’t ping it or it can’t be resolved, I would like to know right away and move on to the next host.

Of course, there are a couple downsides to this method. It does add overhead to the script because it too has a timeout. However, depending on the purpose of the script, this may be acceptable for the flexibility you gain. The other caveat is that the systems you run this against must allow ICMP on their local firewall or the script will just ignore them and move on to the next host.

There are several methods for pinging hosts but I’ve found this to be the most reliable since it works against any system that allows ICMP, even Linux or Macs. This is adapted from Richard Mueller’s ping script. This method will return three possible values: “Online”, “No Ping Reply”, or “No DNS/WINS Entry”. You can also tweak the ping command options to your liking.

Here is an example of how to call the function:

Dim computers(2), computer, pingable
computers(0) = "pc-100.domain.local"
computers(1) = "pc-200.domain.local"
comptuers(2) = "pc-300.domain.local"
For Each computer In computers
	Select Case IsConnectible(computer)
		Case "Online"
			wscript.echo computer & " is online"
		Case "No Ping Reply"
			wscript.echo computer & " is offline or firewall blocks ICMP"
		Case "No DNS/WINS Entry"
			wscript.echo computer & " cannot be found in DNS/WINS"
		Case "Host Unreachable"
			wscript.echo computer & " is unreachable"
	End Select
Next

Here is the function:

Private Function IsConnectible(ByVal strComputer)
	' Uses ping.exe to check if computer is online and connectible.
	' Adapted from http://www.rlmueller.net/Programs/Ping1.txt
	Dim objShell, objExecObject, strText
	Set objShell = CreateObject("Wscript.Shell")
	
	' use ping /? to find additional values for ping command; see -n and -w
	Set objExecObject = objShell.Exec("%comspec% /c ping -n 2 -w 750 " & strComputer)
	Do While Not objExecObject.StdOut.AtEndOfStream
		strText = strText & objExecObject.StdOut.ReadLine()
	Loop
	
	If InStr(strText,"could not find host") > 0 Then
		IsConnectible = "No DNS/WINS Entry"
	ElseIf (InStr(strText,"Reply from ") > 0) And (InStr(strText,": bytes=") > 0) Then
		IsConnectible = "Online"
	ElseIf InStr(strText,"Destination host unreachable") > 0 Then
		IsConnectible = "Host Unreachable"		
	Else
		IsConnectible = "No Ping Reply"
	End If
End Function

Microsoft Releases Windows 8 Developer Preview

By andrew on September 13, 2011

Microsoft has released the Windows 8 Developer Preview. This download is a full version of the pre-beta Windows 8 build and is chock full of disclaimers regarding its stability. Needless to say, I had to download it and give it a shot. The download (2.8GB to 4.8GB) can be found linked off the front page of the Windows Dev Center. I decided to download the full version with all the Metro development goodness though there is a lighter version without all the developer tools.

The Windows 8 Preview Guide (PDF) is pretty impressive. It is a nice, clean overview of Windows 8. Of course, the net is going to be saturated with info in just a few days now that it is publicly available. I also highly recommend checking out the Build Keynote which provides some of the eye candy you can look forward to.

I wasn’t as surprised to see ARM support as Microsoft has made it clear it was coming. I was surprised to see a 32-bit version for download. I suppose it might be a bit lighter weight (at .8GB < the x64 version) for those just wanting to pull it up in a VM to give it test run.

I was excited when I saw the Live Connect technical preview (site doesn’t work w/ Chrome) until I realized it is only the SDK.

vbScript: Quickly determine architecture

By andrew on July 20, 2010

I’ve been using a routine to determine 64-bit v 32-bit workstations for some time checking the registry for the PROCESSOR_ARCHITECTURE in the HKLMSYSTEMCurrentControlSetControlSession ManagerEnvironment path. However, this was proving to be error prone. So, I just gave up that method altogether since all Windows x64 editions have a “%SystemDrive%Program Files (x86)” directory. This makes it just a quick and easy call the folderexists method of the filesystemobject.

The only downside is that can’t be used remotely but since most of my scripts are used in local policies, this shouldn’t be an issue.

Cheers!

Private Function is64bit()
	Dim filesys : Set filesys = CreateObject("Scripting.FileSystemObject")
	Dim bln64bit : bln64bit = False
	If filesys.FolderExists("C:Program Files (x86)") then bln64bit = True
	is64bit = bln64bit
End Function

Part 1: Blocking Bad Hosts – Finding Them, Easily

By andrew on December 21, 20096 Comments

Download Script: get-bad-hosts.zip

While troubleshooting some issues on an OWA Front-End server, I went over to the security log to see if the authentication attempts were getting past this box. The problem I found was the log was so full of failed logon attempts it was difficult to filter out what I was looking for. In a twelve hour period, there were thousands of 529 events in the security log. Now, I know this is nothing new, but I found a few patterns. I manually exported the log to a CSV, parsed out all the source ip addresses and opened it up in Excel. What I found was that 98.7% of failed logon attempts were made by just four different ip addresses. (I recommend using MaxMind’s GeoIP Address Locator for help in determining where the source addresses are located.) Read More

vbScript – List All Members Of Sensitive Groups: Schema, Enterprise and Domain Admins

By andrew on March 13, 200938 Comments

Download Script: AD-Admin-Audit
Update 2011.06.21: I found a missing line in this script keeping it from running. I fixed that in the code below. I also added a downloadable zip file with the script to help with the formatting issues caused when copying and pasting directly from the site.

Update 2009.04.16: At the request of a commenter, I added a couple lines to the script that will dump the output to a text file in the root of the C: drive. I also corrected a couple errors in the script.

I was tasked to get a dump of all the users in our Schema Admins, Enterprise Admins and Domain Admins for our Forest. I started thinking about it and realized a couple things. Two of the three groups reside at the forest root while the Domain Admins group exists for every domain in the forest. This meant I would need to enumerate every domain and depending on the domain, enumerate either all three groups or just one. Read More

SNMP In A Windows Environment

By andrew on March 12, 2009

The difficult part with managing SNMP via Group Policy is that SNMP is not installed by default. The first step is to install SNMP on all the machines you want to monitor via SNMP. This can be managed a couple ways. The simplest method that I have used is the one Zenoss recommends. If you only have a couple of machines to install SNMP on, it may be easier just to go into the Add/Remove Programs –> Add/Remove Windows Components –> Management and Monitoring Tools –> Simple Network Monitoring Protocol. Read More