USB Safely remove + a whole lot more…

Ever had problems ejecting a USB device – getting an errror like “Unable to stop….”?

Well this page claim to have a utility that can assist you with this issue plus a whole lot more (like renaming USB devices, ejecting USB via command line and hot-key eject)… Sounds very promising..

http://safelyremove.com

I found this by visiting an old post here on my site, a post about a file unlocking utility.

Start / Stop services via WMI vbs

Here is how to start and stop a service via WMI calls from a .vbs;

'Start Service
strServiceName = "Alerter"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")
For Each objService in colListOfServices
    objService.StartService()
Next

'Stop Service
strServiceName = "Alerter"
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")
For Each objService in colListOfServices
    objService.StopService()
Next

WGET – download files/definitions via a script

We have a few servers that for some reason refuse to update their antimalware definitions automatically, the procedure is then to download the definition update manually and apply it, not rocket science but annoying as hell.

We use Microsoft Forefront Client Security and Microsoft is kind enough to offer a link where you can download a complete definition update file as an exe file, this will then update your antivirus – all you do is download and execute.

So I came up with the idea that if I could download this file via a script then I could apply it via a schedule during the night on the affected servers.  But how do you download a file via a schedule/script?  At first I leaned towards a VBS script, I even found a few but either they did no longer work (due to added security over the years to IE) or was painfully slow (the latter is not good when downloading a file of 45mb).  Further Googeling let me to WGET a simple commandline utility that can be scripted, and sure enough it worked like a charm

Should anyone have a similar problem then the batch/script file I made looks like this;
(Just modify the parts in red)

cls
Echo *************************************************************************
Echo  This script will download the latest forefront antimalware def
Echo  once a day for servers with update problems
Echo *************************************************************************
Echo  The file downloaded is;
Echo.
Echo  http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0×409
Echo.
echo.

del D:\Appl\msdefinitions\Definitions\mpam-fe.exe

D:\Appl\msdefinitions\wget.exe -t9 -O D:\Appl\msdefinitions\Definitions\mpam-fe.exe http://go.microsoft.com/fwlink/?LinkID=87342&clcid=0×409

More on downloading MS-Forefront definition files look here;
http://www.kanmandet.dk/?p=84

AutoIT3 – Excellent scripting tool

If you once in a while work with installing software, then you HAVE to check this out.

http://www.autoitscript.com/autoit3/scite

It is a scripting language that will make it very easy to install and modify installed software installations, it uses a very intuitive VB variant that is very easy to understand and the help is just wonderful.  One of the VERY neat features is that once you have completed your install script you simply compile it and viola you have an .exe file, thus you can simply add an install.exe file to the package you wish to distribute and the enduser do not need to have any scripting engine etc. installed, it IS neat..

So you might think, “well if its a VB vaiant, why not just make the whole thing as a VB-Script” – well you could – but have you ever tried to access files/registry etc via a VB script, well sure it is possible but the code quickly become unnessesary complex, this scripting language is straight out of the bag – copyfile( from, to) as easy as that.

The scripting engine has support for;
System variabels (eg. @StartMenu = location of startmenu, @StartMenuCommonDir = location of All users start menu etc etc.)
File management (copy / delete / move files)
Directory management (copy / delete / move directories)
Registry access (read write)
Replay keystrokes

and a whole lot more..

This is from the introduction in the help file;
Easy to learn BASIC-like syntax
Simulate keystrokes and mouse movements
Manipulate windows and processes
Interact with all standard windows controls
Scripts can be compiled into standalone executables
Create Graphical User Interfaces (GUIs)
COM support
Regular expressions
Directly call external DLL and Windows API functions
Scriptable RunAs functions
Detailed helpfile and large community-based support forums
Compatible with Windows 95 / 98 / ME / NT4 / 2000 / XP / 2003 / Vista / 2008
Unicode and x64 support
Digitally signed for peace of mind
Works with Windows Vista’s User Account Control (UAC)

Inspiration;
If you are interested I have created an uninstall script for McAfee Virus Scan and ePO agent,

you can download it here for inspiration;
http://www.kanmandet.dk/downloads/McAfee_Uninstall.au3 
or the compiled EXE version here
http://www.kanmandet.dk/downloads/McAfee_Uninstall.exe

For more on uninstalling McAfee Virus Scan and ePO please see http://www.kanmandet.dk/?p=147

Account locked out – debugging

If you are a sysadmin you have likely experienced that some odd user keep getting his/her Windows Domain Account locked out, there can be numerous reasons for this but while debugging the exact reason the user keep getting locked out and keep calling you every hour or so to be unlocked.

Well I came up with a workaround, you download a simple freeware utility called unlock.exe, and then schedule a batch job to run every 15-30 min that simply unlocks the account.  Now this is not the solution, as you really need to find the cause, but as debugging things like these can take some time and perhaps you have other pressing matters as well - then this is a fair workaround.

The batch file would look something like this;
unlock.exe . username

The unlock command also allow for listing locked accounts, and now I am thinking, maybe I could even set up some surveillance with this, creating a list of locked accounts every morning…  but that’s another story

http://www.joeware.net/freetools/tools/unlock/index.htm

Windows Update – script it

So you need to fiddle a bit with Windows Update, the reasons can be many;

1. you want to centrally initiate an update
2. you are paranoid and want to script a daily/weekly or monthly Windows Update (in case the automatic detection fail).

Well, for help on how to launch it on different remote machines I suggest you visit Dave’s Blog;
http://skatterbrainz.blogspot.com/2009/01/script-code-batch-running-wuauclt.html

A Desktop shortcut;
You could also simply create a desktop shortcut linking to

wuauclt.exe /resetauthorization /detectnow

This would force a Windows Updates detection to run upon clicking the shortcut, somewhat easier than launching the website.

The script you would need locally could look something like this;

@Echo off
Echo Stopping Windows Update Service
net stop wuauserv
Echo Starting Windows Update Service
net start wuauserv
Echo Forcing Windows Update detection
%windir%system32wuauclt.exe /detectnow

I also stumbled across some neat commands to try in case you are debugging Windows Update (update not working);
http://www.techsupportforum.com/microsoft-support/windows-xp-support/279270-automatic-update-not-started-error-1058-a.html

net stop wuauserv
del /f /s /q %windir%SoftwareDistribution*.*
net start wuauserv
wuauclt.exe /detectnow
_____________________

net stop bits
net stop wuauserv
%windir%system32
egsvr32.exe /s %windir%system32atl.dll
%windir%system32
egsvr32.exe /s %windir%system32jscript.dll
%windir%system32
egsvr32.exe /s %windir%system32msxml3.dll
%windir%system32
egsvr32.exe /s %windir%system32softpub.dll
%windir%system32
egsvr32.exe /s %windir%system32wuapi.dll
%windir%system32
egsvr32.exe /s %windir%system32wuaueng.dll
%windir%system32
egsvr32.exe /s %windir%system32wuaueng1.dll
%windir%system32
egsvr32.exe /s %windir%system32wucltui.dll
%windir%system32
egsvr32.exe /s %windir%system32wups.dll
%windir%system32
egsvr32.exe /s %windir%system32wuweb.dll
net start bits
net start wuauserv
wuauclt /resetauthorization /detectnow
_____________________________

net stop bits
net stop wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%SoftwareDistribution*.*
del /f /s /q %windir%windowsupdate.log
regsvr32 wuaueng.dll /s
net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

PPS. Vista/Win2008 users beware.
Stopping services etc under windows vista/2008/7  require the scripts to be run as an administrator.

Delete files older than data using a batch file

This post (see below) was taken from Scott’s blog and works for Vista/2003/2008, I am yet to find the cool solution for XP.

This problem has nagged at me for years.  Here is a batch command to delete files on a Windows 2003 machine.

Microsoft SMS Sender

Bit of an oldie here, and still untested with newer GSM Phones, however should you want to have SMS capability in your organization this may be a cheap way to go.

It requires a compatible phone (and cable) and then you can fire off scripts (or commandlines) to send sms messages.  Seem easy enough, but sadly I don’t have a data cable to the old Nokia phone in our storage room

Do let me know if you try it and it works

http://www.microsoft.com/globaldev/outreach/dnloads/smssender.mspx

SMSSender.msi

Update:
I finnally had the chance to test this (I had no data cable for my cell phone), anyway it is all very straight forward until you try to send an sms from command line, this will fail with a message like this “there is no device previously used by SMS sender…….”.

Unfortunately the SMS sender software has a bug that causes it NOT to write your choice from the GUI to registry ,  so you need to enter the device name manually to registry.

The keyname is;
HKEY_CURRENT_USER\Software\Microsoft\SMSSender
The key is a sting;
DeviceName
And the value is the name of your device/cell phone (as displayed in the GUI)
eg. “Nokia 6230i USB Modem” (without quotes)

once this is done you can send command line sms’s (as shown below P=phone number M=message L=Log message);

C:\Program Files\Microsoft SMS Sender>smssender.exe /p:12345678 /m:"Hello World" /l

There are more details plus some C++ code for semi implementation into your own software here (it’s a rather basic launch routine for the exe file);

http://veskokolev.blogspot.com/2009/07/how-to-send-sms-under-windows-using.html

One problem with the SMS sender software if you use it in scripting, it will once the SMS is send bring up a message window telling you that the sms was send succesfully, now this is not that practical it this actually ‘halts’ thr process until the message window is closed (the above C++ code will as I can see solve this by killing the window afterwards).  Another issue, ONLY ONE sms can be send at the time, if you try to send several SMS’s in a row the software will fail – guess that is logical enough but not that practical if the script that sends the sms can somehow be called several times at nearly the same time..

Aparantly there also exists an Outlook 2003/2007 extention (MOSA) that will do something similar vai Outlook, I have not had time to test this but as it’s also from Microsoft it should work just as well or maybe even better(however this requires Outlook);
http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=240080b4-986e-4afb-ab21-3af2be63508b&displayLang=en

Creating and using a custom Policy file (adm template)

So you for some reason or other need a custom GroupPolicy template (.adm template) to set some strange setting for some odd software.

You can use a Policy.ADM file to set custom registry values either for your own pc (may seem like a bit overkill) or more likely for your domain.

Well I have created a few of these back in the good old NT4 days and it was not all that difficult once you got the hang of it, and thus when I had the need again lately I was confident I could get it to work without too much of a hassle.

I was wrong :-/

Ok, creating a simple policy.adm file is easy;

And if you enter a keyname like;
”SoftwarePoliciesMicrosoftwhatever”

Things will work brilliantly, however lets say you want to change some obscure value for the adobe reader!?  This is outside the “Policies” section of the registry.. things will look like this when you enter the GPM MMC console.

This is where I lost my temper and started cursing at my monitor, see again once I put “Policies” in the keyname everything worked like a charm (but my setting was NOT in the Policy region of the registry)..

So Google to the rescue, it would seem that things have changed since the good old Poledit days, and that you need to do a bit of editor tweaking to get those ‘dirty’ settings available under NT4+ systems now-er-days.

Here is the secret;

 
View, Filtering, “Only show policy settings that can be fully managed”..

Once this is done you can see everything – just like in the good old days

Also it’s worth noting the other filter settings, I did not even know they existed, now you can actually limit your view to only those settings that are set, and this DO make it a lot easier to overlook the more complex policies.

Good luck making your new policies its easy as pie you know..

Links;
http://episteme.arstechnica.com/eve/forums/a/tpc/f/12009443/m/645000852731/inc/-1
http://www.windowsecurity.com/articles/ADM-Template-Repository.html
http://technet.microsoft.com/en-us/library/cc738443.aspx

MRT – the shortcut to Malicious Software Removal Tool

So you would like to run MSRT manually (the Microsoft Malicious Software Removal Tool, the one that comes once a month from Microsoft via Windows Updates and cleans different infections from your pc), well as written in an earlier post http://www.kanmandet.dk/?p=463 you can download a version straight from Microsoft, however it turns out there is an even easier method, simply go to your “start menu”, select “Run” and enter “MRT” and hit enter..

There is even the option to launch it with parameters so you could schedule it to run at regular intervals if you would like.

.