Posts Tagged ‘Domain’

Showing Active Directory Location

April 14th, 2009 Wayne Zimmerman

I have a very simple script for you today that will allow you to configure settings based on where a users and computers are within your Active Directory. This is very helpful when you are determining internet settings, file / printer connections and even desktop icons, but before you do all that you need a simple script to look up what your location / membership is in the directory. It will provide you with at path that is easily searched with string commands and can help diagnose why some users don’t get all the correct settings. This script returns to popup events, the first one gives you computer location: cn=nameofcomputer,ou=admin,dc=domain,dc=local and user location cn=username,ou=it,dc=domain,dc=local these are the strings you would search to determine who got which settings. Later I will show you how to use these settings to add icons, map drives, and map printers.

?Download ADLocation.vbs
Set Network = WScript.CreateObject("WScript.Network")
Set objNetwork = CreateObject("WScript.Network") 
 compname = Network.ComputerName
 domname  = "domain"
 
 Set oNet = CreateObject("Wscript.Network")
 Set oTrans = CreateObject("NameTranslate")
 oTrans.Init 1, domname
 oTrans.Set 3, domname &"\"& compname &"$"
 sAdsPath = oTrans.Get(1)
 Set oNet = Nothing
 Set oTrans = Nothing
 sAdsPath = LCase(sAdsPath)
wscript.echo "Computer Location: " & sAdsPath
 
 
Set objNetwork = CreateObject("WScript.Network") 
Set objUser = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
colGroups = CurrentUser.memberOf
userlocation = lcase(objUser.UserName)
 
wscript.echo "User Location: "  & userlocation
Posted in Code Tags: , , , , , No Comments »

Allow Users on Domain to Control Power Settings

April 9th, 2009 Wayne Zimmerman

In some domain environments you need to allow some control back to the users where they can manage it best. A perfect example of this is Power Settings, by default a normal domain user does not have the rights to control the power settings on the PC. This can lead to the computer turning off the monitor or going to standby at inopportune times. A way to solve this problem is by modifying the registry so any user authenticated / interactive user can modify these settings. To do this you need to use the regini.exe, it allows you to modify permissions in the registry from command line. Basically anything under registry key: (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\) need to be given permissions to be modify by the user. Below I have included some code that needs to be placed in a text file for parameters to pass to regini.exe during workstation start up.

?Download allowpowerconfig.txt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\0 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\1 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\2 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\3 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\4 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\5 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\0 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\1 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\2 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\3 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\4 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\5 [1 5 7 11 17 21]

Once you have this file made save it Machine Startup Scripts directory for Group Policy. Then add the following entry to the Group Policy (shown below) and the users should now be able to modify their computers power settings.

Regini.exe with Parameter

Regini.exe with Parameter


For more detail on parameters or what exactly regini.exe can do for you hop on over to Microsoft KB 237607.

Posted in Code Tags: , , , , , , , , 2 Comments »

List Local Accounts from Computers in Active Directory

April 1st, 2009 Wayne Zimmerman

When you finally take the plunge and decided that the only way to take your business to the next level is to setup a true client/server environment, here is a script to help you clean up those old accounts. When you convert to an Active Directory structure, you need to remove all the old local user accounts. This will reduce the security risks by removing accounts that you can’t force to conform to the rules setup by Group Policy. Also, if you were running these users as Administrators or Power Users and now have limited them down to a Standard user, without removing their old local accounts they may have elevated rights that they don’t need. Using this script you can query every computer in you Active Directory and get a list in CSV that you can use to know where that accounts are that need to be removed. In this script you can modify the output file so you can save the file where you want. You will also need to modify the Active Directory information to match your Domain configuration.

Tip: You can remotely connect other computers on your domain using “compmgmt.msc /computer:[remote computer]” from there you can manage user accounts in Local Users and Groups.

?Download getlocalaccts.vbs
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "MYDomainController" 'put domain controller here

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, Location from LDAP://DC=subdomain,DC=zim,DC=local' " _  'update this with your AD information
        & "Where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
	LocalUsers objRecordSet.Fields("Name").Value, "C:\localaccounts.csv" 'adjust output file name as needed
    objRecordSet.MoveNext
Loop
 
Sub LocalUsers(strComputer, strFilename)
	On Error Resume Next
	Set StdOut = WScript.StdOut
 
	Set objFSO = CreateObject("scripting.filesystemobject")
	Set logStream = objFSO.opentextfile(strFilename, 8, True)
 
	Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
	If Err.Number Then
	      logStream.writeline(strComputer & ",Offline")
	      Err.Clear
	Else
		Set colAccounts = GetObject("WinNT://" & strComputer)
		colAccounts.Filter = Array("user")
 
		For Each objUser In colAccounts
		        logStream.writeline(strComputer & ",Online," & objUser.Name & "," & objUser.AccountDisabled) 
		Next
	End If
 
	logStream.Close
End Sub
Posted in Code Tags: , , , , , , , , , , No Comments »

Remove Old Windows Updates Automatically using Logoff Script

March 31st, 2009 Wayne Zimmerman

This is a great script that helps you keep those patched boxes on your network running longer and faster. This script checks to see how old the Microsoft Windows Update Uninstall folders are and deletes them based on a parameter in the script. This reduces clutter on your PC and reduces one of the major disk hogs in a corporate environment. This script should be included in the Computers Group Policy so it has Administrative access to the PC so it can actually remove the files.

?Download cleanwu.vbs
Set oShell = CreateObject("Wscript.Shell")
strWindows = oShell.ExpandEnvironmentStrings("%WINDIR%")
 
On Error Resume Next
Set fsoFolder = CreateObject("Scripting.FileSystemObject")
 
Set objFolder = fsoFolder.GetFolder(strWindows)
Set colSubfolders = objFolder.Subfolders
 
For Each objSubfolder in colSubfolders
	If (DateDiff("D", objSubfolder.DateCreated, Date()) > 90) AND ((Left(objSubfolder.Name,3)) = "$Nt") then
		fsoFolder.DeleteFolder strWindows & "\" & objSubfolder.Name, TRUE
	End If
Next
Posted in Code Tags: , , , , , , , , No Comments »
Newer Entries »
Twitter Delicious Facebook Digg Stumbleupon Favorites More