Weekly Terminal Services Connection Report using VBS

June 29th, 2009 Wayne Zimmerman

A few weeks ago we had some state auditors come by and mention that we should review our logs for any sort of outside / vendor access. I knew that going to each server and reviewing the logs manually would be very time consuming and not really provide solid documentation that it was done. I decided that the only way to solve this problem was with a report of some nature. I fired up my trusty Crystal Reports and started to view the logs using that, once I got in to more I realized that when I added the description field of the event log it always crashed Crystal Reports. This left me going to plan B which is writing the reports from scratch using Visual Basic Scripting language.

I already knew that you can use VBS to connect to WMI (Windows Management Interface) and view different parts of the system including the event log, so I spent the morning writing the report and parsing it down to the detail that I really needed. Then I decided to take it to the next level by adding in recursion for multiple servers and also set it up to send an HTML email so it is easy to review every week. Why every week you may ask, well in looking at my event log on my domain server I noticed that I start losing Security events at about 10-14 days out since it is authorizing so much, and a weekly task is a very manageable one.

Script Configuration

  1. Configure the servers that this script will report on. Modify the Servers array for each server that needs to be checked. (Note: all servers need the same login credentials for the script to work)
  2. Find the objMessage.From field and update it with who the email is coming from
  3. Find the objMessage.To Field and update with the email address of the person who will be receiving the report, if you have multiple addresses to send to separate them with a semi-colon (;)
  4. Find the (“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “smtp-relay.waynezim.com” and update this with your SMTP server, if your server requires authentication you will need to modify this script to include that, a simple Google search should show you what needs to be changed.
  5. This script should be setup to be a scheduled task on one of your servers, the credentials used in setting up the job will be used to connect to the other servers, this account needs to exist on all servers to view the Security Event Log and make the report.
  6. To setup a scheduled task, go to your Control Panel, open Scheduled Tasks, right click New > Scheduled Task, name it, then right click and modify the Properties, Browse to where the script is saved, set the Run as at the bottom for the user that exists on all Servers and set the password. Then go to the Schedule tab and set it to Weekly and change it to run when you want it to.
?Download RemoteConnectionsReport.vbs
Dim objWMI, objEvent ' Objects
Dim strComputer ' Strings
Dim intEvent, intNumberID, intRecordNum, colLoggedEvents
'--------------------------------------------
' Server List to Parse Logs
Dim Servers(5)
Servers(0) = "server1"
Servers(1) = "server2"
Servers(2) = "server3"
Servers(3) = "server4"
Servers(4) = "server5"
Servers(5) = "server6"
'--------------------------------------------
' Email Body Heading
HTMLMsg = "<html><body><h3>Remote Desktop Connections from " & cDate(Now() - 7) & " to " & cDate(Now()) & "</h3>"
HTMLMsg = HTMLMsg & "<table border=1><tr><td><b>Computer Name</b></td><td><b>Logon Type</b></td><td><b>Remote IP</b></td><td><b>Date / Time</b></td><td><b>User</b></td></tr>"
'--------------------------------------------
' Next section creates the file to store Events
' Then creates WMI connector to the Logs
 
'Range Variable - Out of Loop for Common Report Time
WeekAgo = cDate(Now() - 7)
 
'Start Each Computer Loop
For Each strComputer in Servers
' --------------------------------------------
' Set your variables for Events Loop
intEvent = 1
intRecordNum = 1
 
Set objWMI = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
Set colLoggedEvents = objWMI.ExecQuery _
("Select * from Win32_NTLogEvent Where Logfile = 'Security' AND EventCode = 528 AND TimeWritten > '" & WeekAgo & "'")
' -----------------------------------------
' Next section loops through ID properties
intEvent = 1
	For Each objEvent in colLoggedEvents
 
	HTMLMsg = HTMLMsg & "<tr><td>" & objEvent.ComputerName & "</td>"
	LogonType = RTrim(Mid(objEvent.Message,InStr(objEvent.Message,"Logon Type:")+12,2))
	If LogonType = 2 Then HTMLMsg = HTMLMsg & "<td>Interactive</td>" End if
	If LogonType = 3 Then HTMLMsg = HTMLMsg & "<td>Network</td>" End if
	If LogonType = 4 Then HTMLMsg = HTMLMsg & "<td>Batch</td>" End if
	If LogonType = 5 Then HTMLMsg = HTMLMsg & "<td>Service</td>" End if
	If LogonType = 7 Then HTMLMsg = HTMLMsg & "<td>Unlock</td>" End if
	If LogonType = 8 Then HTMLMsg = HTMLMsg & "<td>Network using Clear Text</td>" End if
	If LogonType = 9 Then HTMLMsg = HTMLMsg & "<td>New Credentials</td>" End if
	If LogonType = 10 Then HTMLMsg = HTMLMsg & "<td>Remote Interactive</td>" End if
	If LogonType = 11 Then HTMLMsg = HTMLMsg & "<td>Cached Interaction</td>" End if
 
	IPlen = InStr(InStr(objEvent.Message,"Source Network Address:")+24,objEvent.Message,"	") - InStr(objEvent.Message,"Source Network Address:") - 28
	RemoteAddress = RTrim(Mid(objEvent.Message,InStr(objEvent.Message,"Source Network Address:")+24,IPlen))
	HTMLMsg = HTMLMsg & "<td>" & RemoteAddress & "</td>"
	EventTime = Mid(objEvent.TimeWritten, 5, 2) & "/" & Mid(objEvent.TimeWritten, 7, 2) & "/" & Mid(objEvent.TimeWritten, 1, 4) & " " & Mid(objEvent.TimeWritten, 9, 2) & ":" & Mid(objEvent.TimeWritten, 11, 2) & "." & Mid(objEvent.TimeWritten, 13, 2)
	HTMLMsg = HTMLMsg & "<td>" & EventTime & "</td>"
	HTMLMsg = HTMLMsg & "<td>" & objEvent.User & "</td></tr>"
	intRecordNum = intRecordNum +1
	IntEvent = intEvent +1
 
	Next
Next
 
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "Remote Connections Report: " & cDate(Now())
objMessage.From = "root@waynezim.com"
objMessage.To = "waynezim@waynezim.com"
objMessage.HTMLBody = HTMLMsg
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp-relay.waynezim.com"
'Server port (typically 25)
objMessage.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
'==End remote SMTP server configuration section==
 
objMessage.Send
WScript.Quit

Report Preview
If you need help decoding what Logon Type really means check out this great article.

remote-connection-report-preview

How to Setup a Legal Notice Before Login in Group Policy

June 19th, 2009 Wayne Zimmerman

A few days ago I was tasked with setting up a notice to users before the actually log on to the computer to notify them that if they use this computer they agree to blah.. blah.. blah legal stuff. To solve this, I decided that this would be good to see on every computer we have in the organization so I added it to the Default Domain Policy, but this can be applied to users or computers at any level you see fit. This is a very easy setting that may also substitute for signing the computer usage agreements every year.

    legal-notice-group-policy-settings

  1. Open up your Group Policy Management Console (gpmc.msc)
  2. Go to the Group Policy Object in your domain, right click on Default Domain Policy and select Edit…
  3. Once the Group Policy Editor is up, using the treeview on on the left go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
  4. To edit the title of the windows change: Interactive logon:Message title for users attempting to log on
  5. To edit the message text change: Interactive Logon:Message text for users attempting to log on

The Past Few Weeks

June 14th, 2009 Wayne Zimmerman

The past few weeks have been quite busy for me. I spent about a week in Washington DC seeing the sights and enjoying the freedoms that our country provides. While there I found out that I had a ticket to the Indy 500 once I got back. So I took another day off work to road trip it up to Indy, which really wasn’t that bad since we had several drivers. The race was awesome it is just amazing how fast those cars can actually go, we were in turn 4 and watched several cars pound the wall just in front of our seats. Unfortunately, I got back to town to find that my dads lung cancer had made him take a turn for the worst, i didn’t get to share my experience at Indy with him but knowing what a race fan he was i know it wouldn’t have wanted me it on his account. I did get to say my goodbyes and spend a bit more time with him, he passed away early that Wednesday morning. I appreciate everyone’s well wishes the family is doing fine.

I have spend the last week or so working on my studying for my Linux+ certification which I hope to take at the beginning of next month. I hope this will diversify my IT knowledge and allow me not to be lost or have to Google every command when trying to do things on a Linux system. I have already watched the CBT Nuggets videos and now have moved into TestOut in depth study material which I should be able to finish by the end of the week.

Also, I joined Livestrong.com’s The Daily Plate program which is a food and exercise journal that will help keep track of what you do and how much you eat so you can hopefully lose weight. My sister has been doing it for a bit and Jen and I decided that we should give it a shot, if nothing else it gives you some statistics of how good you eat compared to what activities you do. So far I have noticed that the food database is quite extensive because I was able to add my Freebirds burrito by size and each component. The activity database is just as extensive which includes sleeping, mowing the lawn, washing the car, working one computer, watching tv and any other activity you can think of. It also uses your height and weight to estimate how much you should eat and includes activities in to it, it is pretty neat you should at least sign up and check it out.

As for the site, I have been trying post pictures from all these great places i have been recently. I have only had moderate success as you can tell from the front page. I will also be putting up a few articles about virutalization and more of the general IT stuff that I have been working on. If you have any ideas for posts i should do just put it in a comment and I will see if I can make it happen.

How to Remotely Import and Export Registry Settings with Multiple Computers

June 9th, 2009 Wayne Zimmerman

Following up to my article about different ways you can manage your computers remotely, I wrote about modifying the registry across the network and explained how that could simply your IT world. Now I am going to show you a neat trick that can save you from running around and changing different registry keys on every computer, and let your fingers do the walking for you.

The Microsoft Registry Editor is one of the most powerful applications in the Windows system, mostly because it controls all the other settings for all the other programs installed on the computer. Even better is the fact that it will allows you to import and export even when you are accessing the computer across the network. For my example here I will be exporting system settings for Adobe Acrobat Reader and importing them on another machine. This would be the same process for any other application or system preference that is stored in the registry.
registry-export

  1. Open up the registry editor by going to Start > Run and typing regedit then press OK
  2. To open up another machines registry just go to File > Connect Network Registry… You can open several computers registry all at the same time. You will need to open all the computers registry to be able to import the registry settings.
  3. Now browse to the key that you would like to Export, then right in the treeview on the left, right click and select Export. Now save it some where like your desktop where you can easily find it again. This makes a .reg file that you can import to your computer or others.
  4. Now go to your File menu and select Import, it will prompt you for the location of the file then press Open on the dialog box. Then it will show you a selection of the several PCs registry that you have open, you can select one or as many computers as you would like to import the registry setting to, it will import it to the same location you exported it from. Depending on the number of computers you selected you should get as many confirmations that it was imported correctly.

registry-import-mutiple-computersIt’s that simple and you have now updated registry settings for several computers without having to leave the comfort (or discomfort) of your desk chair. This is perfect to update any setting that is stored in the registry and is constant across all the workstations. Now remember admins, work smart not hard.

The Hidden Cost of Dropbox

June 8th, 2009 Wayne Zimmerman

dropboxTo start off, I love Dropbox, it is a great service that allows you to sync 2GB to the cloud for free. It also allows you to share files with your friends and post files to a webserver so you can send it in an IM or email and they can see your file. It works great for small files and large a like, I have found it to be fast and reliable. Unfortunately it isn’t really free. I’m not talking about the premium you can pay to get more space, I’m talking about the cache files that it saves. I understand that all this data is saved across many other workstations on the internet which forms the cloud. This is great and I’m sure it saves them tons of money not having to pay for bandwidth and cloud storage at like S3, however… 12 GB of cache files on my computer is a bit unacceptable.

I noticed this when I was looking at my C drive wondering man why so low and I have not installed anything new or downloaded anything of significant size, and that’s when I found it 12GB of files in my C:\Documents and Settings\\Application Data\Dropbox\cache folder. This is the equivalent of sharing 12GB file so you can have like 2GB this just doesn’t make since. I have been using Dropbox for several months and just now noticed the cache but I would hope it would clean it up every once and a while. I understand they need multiple copies in the cloud for speed and reliability but this is a bit extreme. Also this large amount of data as it becomes.. is in the wrong directory, at least from a business perspective because trying to sync 12GB of Dropbox files takes a while when this data really doesn’t need to be part of a roaming profile. I understand that this isn’t it’s primary use, but it probably should be part of Local Settings\Application Data instead so it doesn’t follow you around in a roaming profiles environment.

I would like to make this point clear though, none of this would stop me from using Dropbox, it is a great free file sharing application, I will just watch those cache files and delete them once and a while.

How to Deploy Microsoft Office 2007 using Group Policy

June 5th, 2009 Wayne Zimmerman

Every few years you get the opportunity to update to that new fresh version of Microsoft Office, but you defiantly do not want to go computer to computer uninstalling the old and installing the new version. In the past you have just been able to create an MST and deploy it in group policy, this is not the case anymore. Microsoft is trying to push the System Management Server for most the large corporate environments, however I work at a place where spending money is not so much a popular topic, it is better to solve the problem withe the stuff you already have. Since you can’t make a MST to push out Microsoft Office 2007 customized you get a fancy XML file to play with to customized your installation so you can include things like Product Key, Organization, Display Levels of Installer, Accept the EULA, and which parts of Microsoft Office to install. This XML file is very unfriendly because it is very hard to determine the proper syntax or options since the Microsoft documentation is well… lacking to say the least. Other important things to note, this can only be deployed to as part of a Group Policy for a Computer. It will remind you of this if you try to add the MSI to the Users Group Policy. Microsoft also recommends that you don’t deploy this in large networks because of effects on the bandwidth required to install over the network cannot be managed like they can with System Management Server.

Network Share Setup

  1. Copy your entire Microsoft Office 2007 disk out to a network share that is readable by any user in your domain.
  2. Browse to the Enterprise.WW folder or Pro.WW folder in your deployment network share.
  3. Now Find or Create the config.xml file, scroll down and you can see a sample of mine at the bottom of this post. This is the key file that you will be modifying to customize your deployment of Microsoft Office 2007

Customizing the Microsoft Office 2007 deployment using config.xml
This is where all the magic happens if that is what you want to call it. There is several lines in this file I will try to hit the most important ones that you will need to use. At the bottom of the post you will be able to find the copy my config.xml file that I used for my deployment.

  • <Display Level="full" CompletionNotice="yes" SuppressModal="no" AcceptEula="yes" /> – These options have to do with how setup is displayed to the user.
    Display Level can be set to None, Basic or Full by default it is Full. Full: shows the entire setup to the user and allow them to modify options along the way. Basic: shows a welcome screen, Product Key if not included in config.xml file, EULA if not accepted, progress bar and Completion if allowed.
    CompletionNotice can bet set to Yes or No and is No by default and it will give a final screen showing that it had finished or not.
    SuppressModal can be Yes or No and is No by default and will suppress errors if set to Yes.
    AcceptEula can be set to Yes or No and is No by default, this makes the user accept the license agreement have to accept the EULA if set to No. I would strongly suggest setting this to Yes to save your users the trouble.
  • <PIDKEY Value="xxxxxxxxxxxxxxxxxxxxxxxxx" /> – This is where you insert your product key.
    If you DisplayLevel is set to Basic or None and you enter a product key it will automatically accept the EULA for the installation reguardless of what AcceptEula is set to.
  • <COMPANYNAME Value="My Cool Company" /> – Allows you to modify the organization field for the software registration
  • <OptionState Id="ACCESSFiles" State="Local" Children="force" /> – These lines help determine which parts of Microsoft Office 2007 will be installed. The ID element varies depending on what version of Office you are installing. The State option allows you to determine if you want to install this portion of Office or not. It can be set to Absent, which will not install it, Advertise, which will install on first use, Local, which will install it item, or default which will do the Microsoft default action for the element. The option Children is specific to the ID and if set to force will install all sub items, I prefer this that way you don’t ever have to worry about dependence or special features some user might want to use.
  • <Setting Id="RemovePrevious" Value="ACCESSFiles,EXCELFiles,OUTLOOKFiles,PPTFiles,PubPrimary,WORDFiles" /> – This is an important line if you are wanting it to replace or uninstall the current version of Microsoft Office that is installed like Office 2003 or XP during the installation of Microsoft Office 2007.

Adding the MSI to Group Policy
This next step is very simple as you need to go to the Group Policy that will be in charge of installing Office 2007. Now open up your Group Policy Managment Console and select the GP you plan to use to deploy office, then right click and select edit. Now use the Tree on the Left to browse to Computer Configuration > Software Settings > Software Installation and right click on Software Installation and select New > Packageā€¦ It will now prompt you with an open dialog box, go and select the MSI in the Office deployment directory for Enterprise it is called EnterpriseWW.msi. That’s it! Now just be sure to apply that Group Policy to the correct workstations and you will be good to go. The workstations should get the new version of Office 2007 next time it is restarted. You may want to test deploy it to a few machines to make sure everything goes smoothly.

Resources

?Download config.xml
<Configuration Product="Enterprise">
 
<Display Level="full" CompletionNotice="yes" SuppressModal="no" AcceptEula="yes" />
 
	<!-- <Logging Type="standard" Path="%temp%" Template="Microsoft Office Enterprise Setup(*).txt" /> -->
 
<PIDKEY Value="xxxxxxxxxxxxxxxxxxxxxxxxx" />
 
	<!-- <USERNAME Value="Customer" /> -->
 
<COMPANYNAME Value="My Organization" />
 
	<!-- <INSTALLLOCATION Value="%programfiles%\Microsoft Office" /> -->
 
	<!-- <LIS CACHEACTION="CacheOnly" /> -->
 
	<!-- <SOURCELIST Value="\\server\Apps\Office2007" /> -->
 
	<!-- <DistributionPoint Location="\\server\Apps\Office2007" /> -->
 
<OptionState Id="ACCESSFiles" State="Local" Children="force" />
<OptionState Id="EXCELFiles" State="Local" Children="force" />
<OptionState Id="GrooveFiles" State="Absent" />
<OptionState Id="OneNoteFiles" State="Local" Children="force" />
<OptionState Id="OUTLOOKFiles" State="Local" Children="force" />
<OptionState Id="PPTFiles" State="Local" Children="force" />
<OptionState Id="PubPrimary" State="Local" Children="force" />
<OptionState Id="WORDFiles" State="Local" Children="force" />
<OptionState Id="XDOCSFiles" State="Local" Children="force" />
<OptionState Id="SHAREDFiles" State="Local" Children="force" />
<OptionState Id="TOOLSFiles" State="Local" Children="force" />
 
<Setting Id="RemovePrevious" Value="ACCESSFiles,EXCELFiles,OUTLOOKFiles,PPTFiles,PubPrimary,WORDFiles" />
 
 
 
	<!-- <Setting Id="Reboot" Value="IfNeeded" /> -->
 
	<!-- <Command Path="msiexec.exe" Args="/i \\server\share\my.msi" QuietArg="/q" ChainPosition="after" Execute="install" /> -->
</Configuration>

How to Remove Old Cached Roaming Profiles from Workstations

June 3rd, 2009 Wayne Zimmerman

Earlier this year I was tasked with cleaning up the workstations on our network to help reduce the amount of time needed for our daily virus scan to complete. One of the issues I took on was cleaning up old cached profiles from the use of roaming profiles. This was not something I wanted to do manually for the 150 PCs that we have across our building, so I made a script that would look for profiles that had not been modified in the last 90 days and wasn’t a system account (localservice, networkservice, default user, all users). Also, an advantage of using a script to do this is it can produce a report of what it will remove without actually doing it. That way you can be sure that you are not deleting things that you do want to keep.

This script does depending on file and print sharing being turned on for the workstation so the script can access the administrative shares on each computer. It does make the assumption that your profiles are saved in the default windows location C:\Documents and Settings\%username% and that you are the administrator for the domain.

Configuration

  1. Be sure to update the LDAP string 'LDAP://OU=workstations,DC=subdomain,DC=domain,DC=com' to match your Active Directory structure. The script needs to know where all the workstation are in Active Directory
  2. Find objConnection.Open "DomainController" and modify the put your Domain Controller in place of DomainController
  3. Find OldProfile objRecordSet.Fields("Name").Value, "C:\deletedprofiles.csv" and modify the filename to save the file where you and and named what you want, just be sure to leave the extension as CSV so it will open properly with your spreadsheet application.
  4. Most Importantly – Comment out fsoFolder.DeleteFolder objSubfolder, TRUE if you just want a report of what it will delete when run, if not it is currently setup to remove the unwanted profiles
?Download RemoveOldCachedProfiles.vbs
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "shs-login"
 
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, Location from 'LDAP://OU=workstations,DC=subdomain,DC=domain,DC=com' " _
        & "Where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
	OldProfile objRecordSet.Fields("Name").Value, "C:\deletedprofiles.csv"
    objRecordSet.MoveNext
Loop
 
Sub OldProfile(strComputer, strFilename)
	On Error Resume Next
	Set StdOut = WScript.StdOut
 
	Set objFSO = CreateObject("scripting.filesystemobject")
	Set logStream = objFSO.opentextfile(strFilename, 8, True)
 
	Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
	If Err.Number Then
	      logStream.writeline(strComputer & ",Offline")
	      Err.Clear
	Else
		On Error Resume Next
		Set objShell = CreateObject("Shell.Application")
		Set fsoFolder = CreateObject("Scripting.FileSystemObject")
 
		root = "\\" & strComputer &"\C$\Documents and Settings"
 
		Set objFolder = fsoFolder.GetFolder(root)
		Set colSubfolders = objFolder.Subfolders
 
			For Each objSubfolder in colSubfolders
				If (lcase(objSubfolder.Name) <> "localservice" AND lcase(objSubfolder.Name) <> "networkservice"_
					AND lcase(objSubfolder.Name) <> "default user" AND lcase(objSubfolder.Name) <> "all users") then
 
						If (DateDiff("D", objSubfolder.DateLastModified, Date()) > 90) then
							logStream.writeline(strComputer & ",Online,Delete," & objSubfolder & "," & objSubfolder.DateLastModified)
							fsoFolder.DeleteFolder objSubfolder, TRUE
						else
							logStream.writeline(strComputer & ",Online,Active," & objSubfolder & "," & objSubfolder.DateLastModified)
						End If
 
				else
					logStream.writeline(strComputer & ",Online,System," & objSubfolder & "," & objSubfolder.DateLastModified)
				End If
			Next
	End If
	logStream.Close
End Sub

How To Securely Wipe A Hard Drive

June 2nd, 2009 Wayne Zimmerman

There always comes a time when you are replacing the old with the new, but the real question is what to do with the old. Usually computers get resold, given away or recycled, however all of these things could lead to a compromise in information security. The easiest way to prevent this from happening is to wipe the hard drive with a DoD Compliant wipe. The easiest way to get this done is to use a great free program called Darik’s Boot and Nuke. This program allows you to boot a computer and nuke the hard drive from being recovered using computer forensics. However rather than just burning this one program on a CD I would suggest downloading the Ultimate Boot CD. This CD contains tons of great utilities for troubleshooting and working on PCs and should be a part of any administrators toolkit.

  • Well to get started wiping your old PCs hard drive, you will need to burn the Ultimate Boot CD to a CD and boot to it by either changing the boot order in the bios or getting to a boot menu where you can select which device to boot.
  • The first screen you should see once you have successfully booted to the CD will ask you to press enter to boot to the UBCD.
  • Next you need to select “Hard Drive Tools” then “Wiping Tools” and finally “Darik’s Boot and Nuke V1.0.7″. Once there it will take a minute to load, if it doesn’t it may not support your hardware / hard drive. However I haven’t run across a computer that it wouldn’t wipe.
  • Once it loads up hit the (M) key to select method and change it to your preference, I typically use the “DoD 5220.22-M” method because this is what the military uses, and if it is good enough for them it is good enough for me.
  • Once selected, be sure to press the space bar and select the drive or drives you wish to wipe and then press F10 which will let wiping commence.

Now go grab some dinner with a friend or a frosty adult beverage at the local tavern because it will be a while before it is complete (depending on the size of your drive).

Here are some screen shots that should help you step though the different screen just in case you get lost.

Five Windows Commands Every Administrator Needs To Know

May 26th, 2009 Wayne Zimmerman

You should always feel like a little ninja when a chance to use the command line rolls around. These command should give you an excuse to open and use the command line just a bit more.

  • wuauclt /detectnow – This command makes Windows check for updates in accordance with the settings on the workstation. This is very helpful in domain environments where you have a Windows Server Update Service (WSUS) running and want it to go grab new updates from that server and not use the Microsoft Update website and try to remember which ones you had and hadn’t approved.

  • runas /user:administrator cmd – This command is a simple RunAs command that opens command prompt. This is important to know if you want to run other programs as an administrator while leaving a user logged in. This will allows you to start and other program as administrator simply by typing it in your administrator command window. Just be sure to close it when you leave, if not the user will have open reign on the computer using your account.

  • oobe/msoobe /a – This command will start the Microsoft Product Activation Wizard. This may not be the most useful command on the enterprise environment but when it comes to reinstalling a PC for someone you know it is a necessary evil. None the less, when there is no activation link, just run the command it it will get you rolling.

  • netstat and netstat -a – These two commands shows you the IP address, port and other vital information about the connections your computer is using. These information can be helpful when trying to troubleshoot a PC that has slow internet or some type of malware issue, or when you are setting up a new service on your server and trying to determine why you can’t use a certain port because it is already in use.

  • shutdown -i – Although many people use the shutdown command to shutdown or restart computers, most people don’t know that this has a handy GUI interface which makes declaring all those parameters in the command line obsolete. Give it a shot and shut down your coworkers computer, but give them some time to see if they can figure out the shutdown -a command to abort your shutdown request. This works especially good to test the new guys skills.

I’m sure there are many commands I have forgotten to add that are just as great as these, if you think of one put it in the comments and share it with everyone else.

On The Way to Indy

May 21st, 2009 Wayne Zimmerman

Only four days have passed, yet I am getting ready for another adventure out in our great country. The Indianapolis 500 is one of the crown jewels in auto racing and my coworker just happen to have an extra ticket. Honestly, what is any guy gonna do? We are driving and leaving tonight for Dallas to stay with some of his relatives and relax before the huge drive on Friday up to Indy. Saturday we hang around and do some backyard beers and brats and resting from this crazy trip. Sunday is live at track race… I should be in turn 4 in somewhere in the grand stands, I will try to give a more exactly location once I’m there via Twitter. Then we watch the race again on TV that night because they delay the airing of it so that people can come home from the race and catch what they missed on TV. Kinda strange but I enjoy racing. Monday, which is Memorial Day we will be driving home like bandits to travel the 1100 miles back to College Station. I will be sure to take a bunch of pictures so I can share it with the rest of ya. I know I said I would post more about my DC trip but I just have not had the time because of the Indy trip so close together. Those should come next week once I am back and don’t have any trips planned, however then it gets close to moving time so beware more delays may be ahead.

« Older Entries
Newer Entries »
Twitter Delicious Facebook Digg Stumbleupon Favorites More