Ryan asked this week:

“I have a scenario where an application starts when a particular user (generic admin account) logs on to the console. The problem is that when the same user account is also used to login to an RDP session, on the same server, the service tries to start again, and breaks…Is it possible for a logon script to recognize that it is logging on to the console? If so I could start the application from this script and not worry about it starting a second time if someone accidentally RDPs using the same account.”

I originally thought that this could be easily detected by an environment variable, or even VB Script…but it turns out that those two methods are not reliable.

The %SESSIONNAME% variable is set if you are on a terminal server. If you just RDP to the console of a workstation, or server – it is empty.

So instead, we put together a free utility called RDPDetect. It returns 1 if you are in an RDP session, and 0 if you are not. The return value can be picked up as an error level, so you can use it in a bat file like this:

@echo off
RDPDetect.exe
if ERRORLEVEL 1 goto RDP_ENABLED
if ERRORLEVEL 0 goto RDP_DISABLED
goto END
:RDP_ENABLED
echo This is a RDP Session
goto end
:RDP_DISABLED
echo This is a not a RDP Session
:END


You can find it in our download section:

IntelliAdmin Download Page

As always, it contains no spyware or adware…only freeware goodness.

It is free for commercial and personal use.

This week Nathan asks:

“Hi Steve, I hope you can help me with this one. I am trying to get a report on what programs and ports are allowed in the firewall on machines across my network. I don’t want to just enable group policy, since it might break something. If I can get a report, I can look through it and see what I am up against..”

First lets see how we can tell if the firewall is enabled. In VB Script we can use the HNetCfg.FwMgr object:

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

Wscript.Echo "Firewall enabled: " & objPolicy.FirewallEnabled

Now, how do we get a list of ports, and applications?

The objPolicy object has a property called services, we can enumerate it with a for loop like this:

Set colServices = objPolicy.Services

For Each objService in colServices
 'Output our data here
Next


The service object has many properties: The name of the service, if it is enabled or not, and more importantly it has another object called GloballyOpenPorts. This will give us a list of ports that are open for a given service:

For Each objService in colServices
 Set colPorts = objService.GloballyOpenPorts
  For Each objPort in colPorts
   'Echo stuff about our ports here
 Next
Next

The entire script can be found here – Just rename it to .vbs after downloading.

When you run it on your machine from the command line, it will spit out all the information about your firewall settings:

How can we use that script to get a collection of reports that we can look through in one place?

Start out by creating a public share on the machine where you want to save the reports.

In our example lets say it is:

\\server\report

Create a bat file that calls the above script like this:

cscript.exe FirewallReport.vbs >> \\server\report\%computername%_report.txt

Put that in the users login script, and when they logon it will create a report and save it on the public share:

That is all there is too it. Now you can just look through the reports in the shared folder and get an idea of what ports and applications are open across your network.

A few months ago I received an email from Steve in Ontario:

“…I want to round out this junk cleaning by trashing empty directories as well. I have found all sorts of approaches to this, but none are elegant. I am old-school, having started as a UNIX system programmer some … 40 years ago:-) So, I like elegant solutions, and in UNIX, this would be a simple one-line piped solution … unfortunately, I’ve been stuck on Windows for the past few decades…I’m wondering if you’ve ever tackled this, and, if so, if there’s anything you can share?”

In my arrogance I thought this would be such an easy task, and coded a utility in less than an hour. Sent it off to Steve to try, and when he emailed me back I realized how tough of a problem this is.

For example, if you were looking to remove empty directories from this structure:

c:\Folder1\Folder2\EmptyFolder1
c:\Folder1\Folder2\EmptyFolder2

It would be easy to find EmptyFolder1, and EmptyFolder2. But now that they are removed, Folder2 is empty as well. This means you need to delete the deepest paths first, and work backwards.

Lots of special cases like this, and that is what makes it much more difficult than I originally thought.

Over a few weeks, Steve was gracious enough to work with me and develop a solution that worked well.

The utility is called DelEmpty.exe, a command line tool:

Here are the options:

DelEmpty.exe OPTIONS [PATH]

-f delete files of size zero
-d delete empty directories
-v verbose mode
-c confirm mode (Shows what was deleted)
-s include sub directories
-l list what would be deleted (Will not delete)
-y delete without (y/n) prompt

So, for example, if we wanted to remove all empty folders from c:\DataFolder, including sub folders – We would call it like this:

DelEmpty.exe -d -s c:\datafolder

If you wanted it to delete them without prompting you:

DelEmpty.exe -d -s -y c:\datafolder

Better yet, if we wanted to see what it would delete before taking any action:

DelEmpty.exe -d -s -l c:\datafolder

Finally, we can also remove any files that have a zero size too using the -f option:

DelEmpty.exe -d -s -y -f c:\datafolder

Please – Please be careful with this utility. It only deletes empty files and folders, but it is always possible that you have a program that *needs* those empty folders. So make sure you throughly test before using it.

It is a free utility, and you can get it from our download page:

IntelliAdmin Download Page

As always, there is no spyware, adware – only IntelliAdmin Goodness.

I got a question from Murali:

“Suppose if I have a 100+ work group machines in the same network how can I run a script remotely against them? I would like to enter a range of IP address for my selection”

This is a tough one since Workgroup computers (Systems not joined to a domain) are not configured to allow this. This means we need to make sure:

-All the computers have the same administrator username and password

-File and printer sharing is opened in the firewall

-On Windows XP systems, simple file sharing must be disabled

Finally, none of the systems can be the “Home” edition of windows.

Why? Because Microsoft removes some network functionality that would make our task impossible.

Here are a few good guides on getting file and printer sharing open:

Windows XP File And Printer Sharing

Vista / 2008 File And Printer Sharing

Windows 7 / 2008 R2 File And Printer Sharing

OK, Now that we got that covered, how do we get our list of computers in the script?

First, our script will take two arguments – the starting IP address, and the ending IP address. Then it will loop through all the ip addresses between them.

We do this by pulling each octet of the IP:

IPList = Split(StartIP, ".")

iS1 = cint(IPList(0))
iS2 = cint(IPList(1))
iS3 = cint(IPList(2))
iS4 = cint(IPList(3))

Then we run it through a for loop that calls a function for each IP we calculate. In the script I built, I called it ExecuteAction. For a test, I simply put an echo statement:

Function ExecuteAction(HostName)
WScript.Echo "Host: " & HostName
End Function

Running it from the command line you can see it listed all of the IP addresses in the range I gave it (10.10.10.7 – 10.10.10.15):

So now we have a script that can enumerate our IP addresses. Just change the body of “ExecuteAction” and it will run against the range of IP addresses you provide.

You can get a copy of my script from here:

EnumerateIP.dat

Just make sure to rename it to .vbs after downloading

We just released Remote Control 5.1. One of the toughest to build (for us), but most interesting additions to this version is the ability to jump into a remote desktop session.

What does this mean?

Lets say you have a user that is logged into your terminal server, and you need to help them with something. Usually you would need to use the Microsoft Shadow program:

If you have ever used it, you know it is a pain to use. Especially if you have a user on the phone waiting for help.

With Remote Control 5.1, you can connect to the machine, and just pick the user account from a drop down list:

Even better, on Windows 7, XP, or Vista machines you can see those remote desktop sessions too. This is not even possible with the tools provided by MS.

We also had to work real hard to fix an issue that has been around for a while.

If you have fast user switching enabled on XP:

Sometimes you would get a blank screen when connecting to the machine. The same is true on 2003 (and XP) if you use Remote Desktop to connect to it with the /console flag. Why?

It is because of a bug in a Windows API call. We fought and fought with this. Even contacted MS. They replied that it was not going to be fixed in those versions of windows…but it did work in Vista/2008/Windows 7

Our solution? We re-created the MS API inside our code, and fixed the bug. So now if you have fast user switching turned on, or someone has used RDP – you won’t get a blank screen.

Recently it has become common for users to have more than one monitor.

In previous versions of Remote Control, all the monitors were shown in one big window:

Many times, it is really hard to work this way. So we gave you the ability to show all monitors, or select an individual monitor to control:

I know some of you have quite a few computers you remote into all the time. A new feature in the viewer lets you position each one where you want them, and it will remember the next time you connect:

That feature is not enabled by default, so go into the viewer settings if you want to turn it on.

And finally, we have done a considerable amount of work improving performance. We tested on all types of slow and intermittent internet connections to make it snappy in every type of situation.

Take it for a spin by downloading the trial from here:

http://www.intelliadmin.com/setupex.exe

Microsoft has released a public beta of Windows Server 8. You can get a free copy from here:

http://www.microsoft.com/en-us/server-cloud/windows-server/v8-default.aspx

It can’t run in most virtual environments, so if you are going to try it out…you will probably need a physical machine.

The first thing I noticed – There is no start menu:

While digging around I found this point very frustrating. I kept clicking that empty space on the far left of the task bar. I can bet if they leave it this way, there will be third party solutions to bring it back

Because the start menu is missing, everything is accomplished through the server manager. This new interface is quite powerful. How many times have you jumped on a server and need to stop and start a particular service right away?

You can easily drill down to a service just by typing its name:

As you can see, I was testing our Remote Control – and thankfully it works perfect under this beta of Windows 8.

There are other dashboard controls just like this for events, performance, rolls and features, and even a best practices analyzer.

All the tools you would use in day to day administration are conveniently located on the tools menu of the server manager:

They are making changes to explorer too. Commonly accessed items are available right from the folder view:

Accessing the properties of a folder can now be done in one click:

When I first opened task manager I was shocked:

I thought “That’s it?” What are they doing?!?

But I was pleasantly surprised when I clicked the “More Details” button:

On another tab, they have beautiful performance graphs:

The users tab is great, it shows performance, memory usage by user:

It would really help when you are trying to figure out who is hogging all the resources on the Terminal Server

I can imagine a lot will change before the final release, but it is worth checking out to see where Microsoft is headed with the next version of Windows.

Got a question from Matthew this week:

“I was wondering if you guys have a script that could determine what OU a user is a member of…sort of an if then else clause, If a member of “Said Group” then do this, Else End If…”

Good question Matthew. This turns out to be more difficult than it sounds. The reason: To determine this we need to setup an LDAP query that selects the OU, and then loops through all the users to see if the current user is a member.

The LDAP query looks like this:

LDAP://{DOMAIN} WHERE objectCategory='organizationalUnit' and ou='{OU NAME}'


Once the VBScript runs the query, we simply loop through the results and look for our account name. If it is there, then we have a match.

To use the script, simply open it up and go to the bottom. You will see these lines:

if IsMember("Testers") then
 Wscript.Echo "This user is a member of the OU"
else
 Wscript.Echo "This user is not a member of the OU"
end if


Just change “Testers” to the OU you want to see if the current user is a member of, and you can have your script take different actions based on their current membership (Map drives, add printers, etc).

Get the script from here:

http://www.intelliadmin.com/IsOUMember.dat

Remember to rename it to .vbs after downloading.

Recently a flaw has been found in Remote Desktop (Otherwise known as Terminal Services).

It allows an attacker to execute code on your computer by just sending a specialized packet to the RDP service.

If you have any machines with RDP turned on, you should get your systems patched right away.

More details can be found here:

PC World: MS Issues Urgent Patch

There are a few things you can do to make sure your computers are secure:

-Run automatic updates on your machine and make sure you have all of the latest patches installed

-If you have a bigger network, you could use our Network Administrator to force automatic updates on all your machines

-For even better security, turn off Remote Desktop totally! You can do this with Network Administrator too

-Use the free tool from MS to assess the patch situation on your network: MBSA Free Download

There is already an exploit in the wild, so you need to make sure you get your stuff patched, and locked down asap

I have an old laptop that I always take with me on trips. I finally decided to get a new one – it was just getting too slow.

Last weekend I was going to my brother’s place up north. The problem was, he was out of town and I really wanted to use his wireless when I got there.

So instead of bothering him for the key, I was able to pull the old wireless keys from that clunky old laptop.

I did it using a free tool from http://www.nirsoft.net called WirelessKeyView:

It is a simple tool that will scan the registry for all the wireless networks you have ever joined, and show you a list of passwords.

It can pull WPA, WEP keys, and will even show you both the password and the hex key for the password.

The latest version can be found here:

http://www.nirsoft.net/utils/wireless_key.html

Best of all it is free for commercial and personal use.

This week we got a question from Mark:

“Hi Steve,

I just inherited a network of about 50 computers. I noticed that many of them have all kinds of shared folders. I am trying to do some cleanup and lock-down. Wondering if you have a nice script to remove all shares, except the administrative shares like $ipc, $admin, and $c”

Good question Mark. I got just the thing for you in VB Script.

Lets start out with a script that will list all of your shares, except those admin shares:

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

For each objShare in colShares
 if (objShare.Type=0) then
  WScript.Echo "Share: (" & objShare.Name & ")"
 end if
Next


The above script will query WMI for our shares, and by looking at the type we can tell if they are admin shares – non admin shares will always have a type of zero.

Now, what do we need to change so it will delete?

We simply need to call the ‘delete’ verb on the shared folder object:

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
'Select our list of shares on the system

For each objShare in colShares
 if (objShare.Type=0) then
  WScript.Echo "Deleting Share (" & objShare.Name & ")"
  if objshare.delete then
   WScript.echo "Error Deleting Share"
  end if
 end if
Next


If the delete verb returns a non-zero value it means there was an error deleting the share.

If you want to run this on Windows 7, or Vista you will need to make sure it is in the “Computer Logon Script” (Not the user) of group policy, or it will fail – it needs the privileges to delete.

Please be careful with this one. Test, Test, Test before adding that delete command!

Get the full script from here (Rename to .vbs):

DeleteAllShares.dat