Managing Printers from the Command Line

I came across this handy way to manage printers from the command line. This makes it really easy to add, delete or change printers from logon scripts and batch files.

rem /y makes printer default

rundll32 printui.dll,PrintUIEntry /in /n file://server/printername
rundll32 printui.dll,PrintUIEntry /in /n file://server/nextprintername /y

If you're wondering what else you can do with the printui.dll, just enter the following at the command line to bring up the command reference, as shown above:

rundll32 printui.dll,PrintUIEntry /?

Good stuff!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

New PowerShell Scriptomatic

For those of you who are familiar with the the WMI Scriptomatic tool (and those of you who aren't), check out this awesome new version for Windows PowerShell -- The PowerShell Scriptomatic!

This tool will have you writing PowerShell scripts like a pro with absolutely NO experience. Imagine the fun you'll have deleting all the user accounts in the domain without having to write a single line of code yourself! Well, errr, maybe that was a bad example.

Actually, this really is a great tool to use to create PowerShell scripts without having to know the classes and objects necessary to access. Just select the WMI namespace and WMI class to access, and the PowerShell Scriptomatic will generate the correct PowerShell code. Then use this code to experiment with or add to other snippets. Brilliant!

It's great for those new to PowerShell and seasoned veterans who are just plain lazy.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Windows Core GUI Configurator

This totally rocks!!!

Guy Teverovsky, an MVP for Windows Server - Directory Services in Isreal, wrote a GUI application that helps you configure a Windows 2008 Server Core installation without having to go to the dark place.

While I still recommend you thoroughly know and understand how to configure server core from the command line (after all, this isn't going to be installed on every server core installation you come across), this certainly makes it easy.

Download it here.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Enable RDP Remotely on XP Computers

In a previous article I explained how to enable Remote Desktop access on a remote computer.

I've noticed that these steps do not work on Windows XP computers. It turns out that you need to set two registry keys:

• HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections should be changed from 1 to 0 (zero)
• HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections should be changed from 1 to 0 (zero)

The first setting enables the RDP protocol on the computer to listen on TCP port 3389. The second setting allows users to login via Remote Desktop. Both settings go into effect immediately and do not require a restart.

Note: If the second setting is not changed to 0 you will get a logon message saying, "Unable to log you on because of an account restriction." You will also get this same logon message if you attempt to logon via RDP with an account that has a blank password. The account you use must have a password to logon using Remote Desktop.

I wrote a batch file that will easily enable or disable Remote Desktop on a remote machine. The syntax is: RDP [computername] [ON | OFF]. Copy the code below and save it as RDP.BAT somewhere in your system path (I use C:\Windows).

---Begin Code---

@echo off
SET RemoteComputer=%1
SET RemoteComputer=%RemoteComputer:\=%
if /i "%2"=="on" goto EnableRDP
if /i "%2"=="off" goto DisableRDP
goto Syntax

:EnableRDP
REG ADD "\\%RemoteComputer%\HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /t REG_DWORD /d 0 /f
if ERRORLEVEL==1 goto Error
REG ADD "\\%RemoteComputer%\HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
echo.
echo Remote Desktop has been enabled on %RemoteComputer%
goto End

:DisableRDPREG ADD "\\%RemoteComputer%\HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /t REG_DWORD /d 1 /f
if ERRORLEVEL==1 goto Error
REG ADD "\\%RemoteComputer%\HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
echo.
echo Remote Desktop has been disabled on %RemoteComputer%
goto End

:Error
echo.
echo ======================================================================
echo Make sure the remote computer is online and you have sufficient rights
echo to modify its registry.
echo ======================================================================
echo.

:Syntax
echo.
echo RDP enables or disables Remote Desktop on a remote computer
echo Visit http://www.expta.com for details
echo.
echo RDP [computername] [ON ^| OFF]
echo.
echo ON - Disable RDP on the remote computer
echo OFF - Enable RDP on the remote computer
echo.

:End
SET RemoteComputer=

---End Code---

Note that if Group Policy is configured to disable Remote Desktop (Computer Configuration Administrative Templates Windows Components Terminal Services Allow users to connect remotel using Terminal Services) the HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections setting will revert back to 1 after a Group Policy refresh.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Automatically Reset the FTP Service in Windows Server 2008

One of the more popular tips I've posted is, "How to automatically reset the FTP service," in Windows Server 2003. This tip is useful for public FTP sites where bad guys are trying to hack in, usually using a dictionary attack.

Doing the same thing in Windows Server 2008 is slightly different and has an important caveat - It will not work with the Microsoft FTP Publishing Service for IIS 7.0 yet. It will work fine if you use the standard FTP Publishing Service, included on the Windows Server 2008 DVD.

As in my original post, create a batch file named C:\Scripts\ResetFTPService.bat, as follows:

net stop msftpsvc
ping -n 10 127.0.0.1
net start msftpsvc

The batch file stops the FTP service, pings the loopback adapter 10 times to create a 10 second pause, and starts the FTP service again. Stopping the FTP service causes the hacker's session to be dropped immediately. Since no one can connect for 10 seconds, this creates a form of "tarpitting", making it too expensive to continue the attack.

To make the script run automatically on the correct event, use the Windows Server 2008 Task Manager:

• Right-click Task Manager (under Configuration in Server Manager) and select Create a Basic Task


• Name the task, "Reset FTP Service" and click Next


• Choose When a specific event is logged as the Task Trigger, click Next


• Select Log: System, Source: IIS-FTP, and Event ID: 100. Click Next


• Select Start a program and click Next


• Enter C:\Scripts\ResetFTPService.bat for the Program/script and click Next


• Click the checkbox for Open the Properties dialog for this task when I click Finish and then click Finish


• In the Properties window select Run whether user is logged on or not and Run with highest privileges


• Click OK


• Enter the User name and Password for running this task

This causes the ResetFTPService.bat batch file to run whenever an event ID 100 with source IIS-FTP is logged in the System event log.

Remember, this will not work with the Microsoft FTP Publishing Service for IIS 7.0 because this service strangely does not log failed logon attempts to the event log. I've posted a request to the IIS7 team for this functionality.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Create a Saved Query that Displays Group Members

Saved Queries in Active Directory Users and Computers (ADUC) allow you to create simple or advanced LDAP queries against the Active Directory that can be saved, reused and edited. Examples might be a query displaying all locked out users in the domain or all the users who have a mailbox on a particular Exchange server and have the word "Manager" in their title.

A client I worked with needed a query that displayed all the members of a certain (large) group. This would allow him to select all the users at once and move their mailboxes to another server.

Try as he might, he couldn't get the query to display the group's members. It turns out this is because the group name must be entered using its distiguished name. Here's how to do it:

• Use ADSIEdit.msc (in the Windows Support Tools) and navigate to the group


• View the properties of the group to reveal the distinguishedName attribute value and copy it to the clipboard (shown above)


• Open ADUC, right-click Saved Queries and select New query


• Enter a name for your query, "Accounting Group Members"


• Click the Define Query button


• Select Users, Contacts, and Groups from the Find: dropdown list


• Click the Advanced tab


• Click Field User Member of


• With the condition of "is (exactly)", paste the group's distinguishedName into the Value field and click Add


• Click OK twice to complete the query

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

The Games have begun!

The Microsoft 2008 Scripting Games begin today!

Be sure to log in and download your Competitor’s Pack, review the events, take a look at the challenges and prizes.

Good luck!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Append Operations on Large Files

My team and I were discussing the time it takes for append operations to perform on large files, such as log files. Some suggested that the operation will take longer the larger the file becomes. Others thought the size of the file has no bearing.

I decided to create an experiment. I created a 3.5GB log file using a script and renamed the log file so as to remove any possibility of caching. I ran another script that appended a single line to the logfile. It appended the new line in less than 1 second.

Next, I copied the 3.5GB logfile to a remote server (took 3 minutes to copy), renamed it and tested again. Again, it took less than one second to append a new line. I had another user do the same test from his workstation with the same result.

Conclusion: File size has no bearing on the length of append operations.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

2008 Scripting Games

February 15 - March 3, 2008

The third annual Scripting Games are coming to the Microsoft Script Center February 15 – March 3, 2008. Mark your calendars now, this will be the biggest scripting competition of the year.

I won my very own Dr. Scripto bobblehead doll at last year's TechEd in Orlando. I can't wait to compete for a matching set!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Tell Which Users Have an ActiveSync Partnership

It's always good to know who is using the technology we support. I have a customer who needed to know which users were utilizing Windows Mobile devices to access their Exchange servers.


Here's a one-liner PowerShell command that reports which users have ActiveSync partnerships configured in Exchange 2007:

Get-CASMailbox WHERE {$_.HasActiveSyncDevicePartnership} SELECT identity

In Exchange 2003, it's not quite that simple. The ActiveSync partnership is stored in a hidden folder within the user's Exchange mailbox. This folder can be exposed using mfcmapi (the Microsoft Exchange Server MAPI Editor).

Mailboxes do not have the hidden Microsoft-Server-ActiveSync folder by default. Once an ActiveSync partnership has been configured from the user's Windows Mobile device, the following folder structure is created under the Root Container:


Note that PocketPC may show as SmartPhone, depending on the device used.

While mfcmapi can view the Root Container structure for an individual maibox, this is not feasible for a multi-user enterprise. I contacted Microsoft PSS for a solution, but they said there was no way to do this programmatically. Fortunately, I found this excellent vbscript written by Glen Scales that does exactly what I was looking for.

Here's an example of the output that the script produces:

Viola! Just what the doctor ordered!

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Restart Script, Part Deux

In a previous post I listed a batch file that will restart a given service, either on the local machine or a remote one. I rewrote the script to include processing for multiple computers. Simply create a file named "computers.txt" in the folder where you run RESTART.BAT from. Add each remote computer, one per line, to the computers.txt file.

Syntax for RESTART.BAT is: RESTART [\\Computer -OR- COMPUTERS.TXT] ServiceName

@echo off
If "%1" == "" Goto Syntax
If "%1" == "?" Goto Syntax
If "%1" == "/?" Goto Syntax
If "%2" == "" Goto RunLocal
If /I "%1" == "computers.txt" Goto RunMultiple
Goto RunRemote

:RunMultiple
FOR /F "tokens=1" %%i in (computers.txt) do Call :MRunRemote %%i %2
Goto End

:MRunRemote
echo %1 Find "\\" > nul
If %ERRORLEVEL% == 1 Goto Syntax
echo.
echo Working on %1...
sc %1 query %2 Find "."
If %ERRORLEVEL% == 0 Goto :End
sc %1 qc %2 Find "DISABLED" > nul
If %ERRORLEVEL% == 0 echo The requested restart is not valid for this service. & Goto :End

:MStopLoop
echo The %2 service is stopping...
sc %1 stop %2 > nul find "started" > nul
If %ERRORLEVEL% == 0 Goto :MStopLoop
echo The %2 service was stopped successfully.
echo.
echo The %2 service is starting...

:MStartLoop
sc %1 start %2 find "running" > nul
If %ERRORLEVEL% == 0 Goto :MStartLoop
echo The %2 service was started successfully.
Goto :EOF

:RunRemote
echo %1 Find "\\" > nul
If %ERRORLEVEL% == 1 Goto :Syntax
sc %1 query %2 Find "."
If %ERRORLEVEL% == 0 Goto :End
sc %1 qc %2 Find "DISABLED" > nul
If %ERRORLEVEL% == 0 echo The requested restart is not valid for this service. & Goto :End

:StopLoop
echo The %2 service is stopping...
sc %1 stop %2 > nul find "started" > nul
If %ERRORLEVEL% == 0 Goto :StopLoop
echo The %2 service was stopped successfully.
echo.
echo The %2 service is starting...

:StartLoop
sc %1 start %2 find "running" > nul
If %ERRORLEVEL% == 0 Goto :StartLoop
echo The %2 service was started successfully.
Goto :End

:RunLocal
net stop %1 & net start %1
Goto :End

:Syntax
echo.
echo Stops and starts a service on the local or remote computer(s).
echo.
echo Syntax: RESTART [\\Computer -OR- COMPUTERS.TXT] ServiceName
echo.
echo COMPUTERS.TXT is a list of computers to run against. The file must exist
echo in the same working directory. Each computer must begin with \\ and be on
echo its own line.

:End
echo.

Please let me know if you find this useful.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

How to Enable Remote Desktop from a Remote Machine

[Note: Also see my other article that explains how to enable Remote Desktop for Windows XP computers]

Have you ever tried to connect to a server or workstation via RDP, but can’t because Remote Desktop isn’t enabled? Here’s how you can enable Remote Desktop remotely.

The following procedures assume that you have administrator rights on the target machine.

1. Run Regedit
   
2. Select File Connect Network Registry
   
3. Enter the name of the remote computer and click OK
   
4. At the bottom of the registry tree you will see two hives appear for the remote machine: HKEY_LOCAL_MACHINE and HKEY_USERS
   
5. Navigate to HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
   
6. Double-click fDenyTSConnections in the right-hand pane and change the value from 1 to 0

Another way to accomplish the same task is by using WMIC, the WMI command line utility in Windows 2000, XP, Vista and 2003 Server. Here’s the one line command:

wmic /node:TargetComputer PATH Win32_TerminalServiceSetting WHERE AllowTSConnections=0 CALL SetAllowTSConnections 1

The command above is not case sensitive, by the way.

Note that neither of these methods require a restart of the remote machine, however I have seen it sometimes take a minute to take affect. Remember, patience is a virtue. :)

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Automatically Reset the FTP Service

[Click here for a Windows Server 2008 version of this article]

A client of mine utilizes the Microsoft FTP service in Windows Server 2003 IIS 6.0 on a public web server.

Unfortunately, the FTP service is notoriously insecure since it transmits passwords in plain text. It also does not offer any way to block brute force or dictionary attacks. Because of this, the client was seeing multiple failed logins from the Administrator account, several times per second. These show up as warnings in the System event log from the MSFTPSVC source with event ID 100. Since I always rename the Administrator account as a standard best practice, it was obvious these attempted logins were coming from an attacker.

Windows Server 2008 will offer Secure FTP (or FTP over SSL) as a separate download for IIS7, which will be the first major improvement to the protocol since it was developed. But being that my client is running Windows 2003, this isn't an option.

The solution I used involves the Windows EventTriggers utility. I created a batch file named C:\Scripts\ResetFTPService.bat, as follows:

net stop msftpsvc
ping -n 10 127.0.0.1
net start msftpsvc

The batch file stops the FTP service, pings the loopback adapter 10 times to create a 10 second pause, and starts the FTP service again. Stopping the FTP service causes the hacker's session to be dropped immediately. Since no one can connect for 10 seconds, this creates a form of "tarpitting", making it too expensive to continue the attack.

To make the script run automatically on the correct event, I use EventTriggers as follows:

eventtriggers /CREATE /TR "Reset FTP Service" /TK C:\Scripts\ResetFTPSVC.bat /L System /EID 100 /SO MSFTPSVC /RU ""

This causes the ResetFTPService.bat batch file to run whenever an event ID 100 with source MSFTPSVC is logged in the System event log. The /RU switch causes the task to run under the Local System account, which has the rights necessary to run unattended.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Restart Services from the command line

Here's a handy batch file I wrote that stops and starts a service on the local or remote computer from the command line. You must have administrator rights on the target computer for the batch file to run properly.

@echo off
if "%1" == "" Goto Syntax
if "%1" == "?" Goto Syntax
if "%1" == "/?" Goto Syntax
if "%2" == "" Goto RunLocal

:RunRemote
echo %1 Find "\\" > nul
If %errorlevel% == 1 Goto Syntax
sc %1 query %2 Find "."
If %errorlevel% == 0 Goto End
sc %1 qc %2 Find "DISABLED" > nul
If %errorlevel% == 0 echo The requested restart is not valid for this service. & Goto End

:StopLoop
echo The %2 service is stopping...
sc %1 stop %2 > nul find "started" > nul
If %errorlevel% == 0 Goto Loop
echo The %2 service was stopped successfully.
echo.
echo The %2 service is starting...

:StartLoop
sc %1 start %2 find "running" > nul
If %errorlevel% == 0 Goto StartLoop
echo The %2 service was started successfully.
Goto End

:RunLocal
net stop %1 & net start %1
Goto End

:Syntax
echo.
echo Stops and starts a service on the local or remote computer.
echo.
echo Syntax: RESTART [\\Computer] ServiceName

:End
echo.

Copy the text above into Notepad and save it in your Windows folder as "Restart.bat".

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email

Ping Multiple Computers Until They're Up

Here's a short VBScript I wrote that I used for an Windows 2003 R2 implementation last night. It quickly pings a group of computers in rapid succession.

First, create a list of computers using Notepad and save it to a file named Computer.lst. Next, copy the script below to the same folder.

The script will loop through the list of computers, pinging each one with a small packet and tell you whether it's up or down. The script will loop continuously through the list until all computers are up.

Set ws = WScript.CreateObject("WScript.Shell")
Set fs = CreateObject("Scripting.FileSystemObject")

Do
    downComputers = 0
    Set f = fs.OpenTextFile("Computer.lst", 1, True)
    Do While NOT f.AtEndOfStream
    compName = f.ReadLine
    If ws.Run("ping -n 1 -l 1 " & compName, 0, True) = 0 Then
       WScript.Echo compName & " is UP"
    Else
       WScript.Echo compName & " is DOWN"
       downComputers = downComputers + 1
    End If
    Loop
    f.Close
    WScript.Echo "Unreachable computers: " & downComputers
    WScript.Echo
Loop Until downComputers = 0

This works well when you have a group of computers all rebooting at the same time. One of these days I'll recode this into an HTM application with pretty green and red lights.

---

Subscribe to my feed  

Subscribe to The EXPTA {blog} by Email