Whenever I am doing large sweeps of the network that require connecting to a large number of workstations (e.g. file copy, wmi query, etc.), I prefer to check to see if I can even see the system. This avoids waiting for (WMI) timeouts and also aids in troubleshooting failures. If the file copy failed, why? Well, if I can’t ping it or it can’t be resolved, I would like to know right away and move on to the next host.
Of course, there are a couple downsides to this method. It does add overhead to the script because it too has a timeout. However, depending on the purpose of the script, this may be acceptable for the flexibility you gain. The other caveat is that the systems you run this against must allow ICMP on their local firewall or the script will just ignore them and move on to the next host.
There are several methods for pinging hosts but I’ve found this to be the most reliable since it works against any system that allows ICMP, even Linux or Macs. This is adapted from Richard Mueller’s ping script. This method will return three possible values: “Online”, “No Ping Reply”, or “No DNS/WINS Entry”. You can also tweak the ping command options to your liking.
Here is an example of how to call the function:
Dim computers(2), computer, pingable
computers(0) = "pc-100.domain.local"
computers(1) = "pc-200.domain.local"
comptuers(2) = "pc-300.domain.local"
For Each computer In computers
Select Case IsConnectible(computer)
wscript.echo computer & " is online"
Case "No Ping Reply"
wscript.echo computer & " is offline or firewall blocks ICMP"
Case "No DNS/WINS Entry"
wscript.echo computer & " cannot be found in DNS/WINS"
Case "Host Unreachable"
wscript.echo computer & " is unreachable"
Here is the function:
Private Function IsConnectible(ByVal strComputer)
' Uses ping.exe to check if computer is online and connectible.
' Adapted from http://www.rlmueller.net/Programs/Ping1.txt
Dim objShell, objExecObject, strText
Set objShell = CreateObject("Wscript.Shell")
' use ping /? to find additional values for ping command; see -n and -w
Set objExecObject = objShell.Exec("%comspec% /c ping -n 2 -w 750 " & strComputer)
Do While Not objExecObject.StdOut.AtEndOfStream
strText = strText & objExecObject.StdOut.ReadLine()
If InStr(strText,"could not find host") > 0 Then
IsConnectible = "No DNS/WINS Entry"
ElseIf (InStr(strText,"Reply from ") > 0) And (InStr(strText,": bytes=") > 0) Then
IsConnectible = "Online"
ElseIf InStr(strText,"Destination host unreachable") > 0 Then
IsConnectible = "Host Unreachable"
IsConnectible = "No Ping Reply"
Microsoft has released the Windows 8 Developer Preview. This download is a full version of the pre-beta Windows 8 build and is chock full of disclaimers regarding its stability. Needless to say, I had to download it and give it a shot. The download (2.8GB to 4.8GB) can be found linked off the front page of the Windows Dev Center. I decided to download the full version with all the Metro development goodness though there is a lighter version without all the developer tools.
The Windows 8 Preview Guide (PDF) is pretty impressive. It is a nice, clean overview of Windows 8. Of course, the net is going to be saturated with info in just a few days now that it is publicly available. I also highly recommend checking out the Build Keynote which provides some of the eye candy you can look forward to.
I wasn’t as surprised to see ARM support as Microsoft has made it clear it was coming. I was surprised to see a 32-bit version for download. I suppose it might be a bit lighter weight (at .8GB < the x64 version) for those just wanting to pull it up in a VM to give it test run.
I was excited when I saw the Live Connect technical preview (site doesn’t work w/ Chrome) until I realized it is only the SDK.
I’ve been using a routine to determine 64-bit v 32-bit workstations for some time checking the registry for the PROCESSOR_ARCHITECTURE in the HKLMSYSTEMCurrentControlSetControlSession ManagerEnvironment path. However, this was proving to be error prone. So, I just gave up that method altogether since all Windows x64 editions have a “%SystemDrive%Program Files (x86)” directory. This makes it just a quick and easy call the folderexists method of the filesystemobject.
The only downside is that can’t be used remotely but since most of my scripts are used in local policies, this shouldn’t be an issue.
Private Function is64bit()
Dim filesys : Set filesys = CreateObject("Scripting.FileSystemObject")
Dim bln64bit : bln64bit = False
If filesys.FolderExists("C:Program Files (x86)") then bln64bit = True
is64bit = bln64bit
Download Script: get-bad-hosts.zip
While troubleshooting some issues on an OWA Front-End server, I went over to the security log to see if the authentication attempts were getting past this box. The problem I found was the log was so full of failed logon attempts it was difficult to filter out what I was looking for. In a twelve hour period, there were thousands of 529 events in the security log. Now, I know this is nothing new, but I found a few patterns. I manually exported the log to a CSV, parsed out all the source ip addresses and opened it up in Excel. What I found was that 98.7% of failed logon attempts were made by just four different ip addresses. (I recommend using MaxMind’s GeoIP Address Locator for help in determining where the source addresses are located.) Read More
Download Script: AD-Admin-Audit
Update 2011.06.21: I found a missing line in this script keeping it from running. I fixed that in the code below. I also added a downloadable zip file with the script to help with the formatting issues caused when copying and pasting directly from the site.
Update 2009.04.16: At the request of a commenter, I added a couple lines to the script that will dump the output to a text file in the root of the C: drive. I also corrected a couple errors in the script.
I was tasked to get a dump of all the users in our Schema Admins, Enterprise Admins and Domain Admins for our Forest. I started thinking about it and realized a couple things. Two of the three groups reside at the forest root while the Domain Admins group exists for every domain in the forest. This meant I would need to enumerate every domain and depending on the domain, enumerate either all three groups or just one. Read More
The difficult part with managing SNMP via Group Policy is that SNMP is not installed by default. The first step is to install SNMP on all the machines you want to monitor via SNMP. This can be managed a couple ways. The simplest method that I have used is the one Zenoss recommends. If you only have a couple of machines to install SNMP on, it may be easier just to go into the Add/Remove Programs --> Add/Remove Windows Components --> Management and Monitoring Tools --> Simple Network Monitoring Protocol. Read More