top tools for top administrators 2
DESCRIPTION
Part two of a four part series on amazing free i.t tools.TRANSCRIPT
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 1
Top tools for top administrators 2/4
All of the informat ion presented in this art ic le is the opinion of the author, not the opinion of the any of the
vendors ment ioned. The authors experience is in the Managed Services Provider sector , more specif ical ly , the
Educat ion vert ical
Top tools article two of four: vbScript and PowerGui
Welcome back, didn’t think you’d stay away. In this article, we will be covering the basics of the
aforementioned programs and tools.
Ever had a task you needed to do where you thought “Windows should do this natively, but it
doesn’t”? VbScript should solve a lot of these problems. VbScript is a powerful, lightweight scripting
language that you can use to do many dozens of administrative tasks. Some of the examples I will
show I will have stolen from the internet; others are examples of scripts I have written for
production environments. I hope you can use / enjoy them.
PowerGui is a handy app that generates queries for you based on common administrative tasks that
you want done. The queries it generates are Microsoft PowerShell queries. I cannot understate how
powerful this program is. All credit to the developers and the fantastic community that develop and
supports this software.
Wire shark PowerShell Get-ACL Subinacls Excel1 vbScript Process Explorer
Power Gui Putty Tftpd32 nMap Ldefde MSBPA TcpView
All of the above mentioned tools and technologies allow an I.T administrator to extract near any
information needed for the successful audit and administration of any Microsoft desktop / server
environment.
1 I will not be explaining how to use Excel. You know what it is and how to use it. It is a supporting tool
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 2
For the sake of consistency, I will leave in the supporting table below; in case you didn’t read article
one. If you have read article one, I strongly recommend you read it. Find it here.
These products perform the following functions, including but not limited to:
Product Usage
Wire Shark Samples traffic travelling across the network
Subinacls Used to audit NTFS share permissions against disk volumes.
Get-Acls Used to audit NTFS share permissions against disk volumes
Microsoft PowerShell Command line driven desktop or Server admin tool. Similar to vbScript but more robust
Microsoft Excel Excel is used to collate and post process the volumes of data collected by Get-Acls
Microsoft Visual Basic Script Used for scripting and automation where PowerShell is not fit for purpose
Power Gui Used for generating PowerShell scripts automatically
Putty Remote telnet / ssh control of switches, routers, firewalls etc
TFTPD32 A simple, powerful telnet server
nMap Used to discover analyse the threats that may exist from remote systems and users
Microsoft LDEFDE Used to audit, query, and export Microsoft Active Directory
MSBPA Microsoft Exchange / SQL Best practise analyser for Exchange and SQL Security
Introducing vbScript:
So, the time had to come, where I, Mark Boyd, declare my love for automation. With the words “I.T
Automation” comes some inevitability, namely the need to write scripts, batch files and small
programs.
Ever since I started this blogosphere stuff, I had to re learn all the things I was forced to learn in
university years ago. When I started in this industry, I swore I’d never write a single line of
programming code. The very first task at my very first job I had, I was writing and manipulating code.
I am going to come right out and say it…You DO NOT need to learn how to be a programmer, you
ABSOLUTELY DO NOT need to learn a specific programming language when you are at university.
What universities should teach however, is working smarter not harder. This was certainly never a
course I sat, but I knew early on the value of solving repetitive tasks with automation. What
universities should be teaching is the art of automation.
First, a short story about my university experience, more specifically learning programming.
I will prefix this story by saying the university degree I got was a Bachelor of Computing (Networking)
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 3
I came to university from the TAFE (In Australia, TAFE is a “step down” from university) sector. In
TAFE, I sat a HTML course, building and testing basic websites, a step up from how to use Microsoft
Front Page, a step down from building fully functional PHP based websites, or “hard core” CRM stuff.
When I transitioned into university, I was entitled for exemptions from having done certain classes. I
was told to choose a programming stream; I had a choice between the Microsoft .net framework
(VB) stream, and a C stream. My exemptions (based on having learnt HTML) were the for the entry
level programming class (go figure), I straight away entered the intermediate C programming
stream. The first class I sat, I was asked to create a program that sorted alphabetically 10 sentences,
and prefix them with a character in numerical order. I was expected to do all of that in 30 minutes of
classwork.
It was immediately clear to me I was out of my depth.
I went and spoke to the course convenor, it was the first real life / business lesson I remember
learning – Don’t put a case forward emotionally, you will lose just about every time. I was given two
options, drop down and redo the entry level C programming course, or, quit. Plain and simple.
Neither of those options bayed well with me.
In any case, I knew sitting the entry level C course would buy me six months, maybe the penny
would drop and I’d become a good programmer (never happened). My first assignment was to build
an application in C that asked the user to a temperate in Fahrenheit and have the application
convert the number to degrees Celsius. I understood the maths, researched how to make the
calculations, and with the help of a software developer friend, I got 100 percent on the assignment
The second assignment, well, it made me more furious than just about any assignment has ever
made me. The second assignment (paraphrasing) asked me to understand “Electron Momentum
Spectroscopy” and program “something” for it. I still don’t understand what the point of it all was.
The maths for what we needed to calculate was half a page long. For those of you who don’t know
what EMS is, here is a brief description
“Electron Momentum Spectroscopy measures the energy-momentum density of the electrons in atoms,
molecules and solids by means of a kinematically-complete ionization reaction initiated by an electron beam. The
construction of spectrometers and the acquisition and reduction of cross-section data are described in detail. The
quantum theory of the reaction is explained and the experimental verification is given. It is shown how to extract
quasiparticle orbitals, and coefficients describing electron correlations of the data”2
Regardless, I got the assignment done (again with some help) This assignment and the fact I got 100
percent on it, shaped my opinion of university from there on in, forever.
What happened annoyed me for two reasons
1. I was given an exemption for Engineering Programming in C, based on a HTML class I took.
2. I was given assignments where I learn nothing transferable to everyday I.T work.
Why, as a networking / business major, did I have to know any of that crap? What did it do for me
other than breed contempt for the institutions that are universities? Later on I learnt my second very
2 http://books.google.com/books/about/Electron_momentum_spectroscopy.html?id=dm9DdZ68PsEC
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 4
valuable business lesson. Listen to what others are saying, don’t appease them with what they want
to hear just because they think you should agree with them. It is OK to disagree with people. If
someone if disagreeing with you and they get emotional, you are touching a nerve with them,
maintaining your composure is key to being a well-rounded debater and individual. Never belittle a
person if they argue with emotion, but don’t argue back with emotion.
So I had the talk with the convenor and the vice chancellor of I.T after I finished the semester.
My contention was
What out of this C programming class is transferable to real business skills?
Why will I ever need the “knowledge” I learnt from these assignments much less the exam?
Is this likely to make me any more employable?
I got yelled at…
“You are ungrateful…the university puts a lot of time and effort into designing these course based
on educational outcomes, you do nothing other than give us attitude, and spend more time
disagreeing with the course work then doing it yourself”
My response was diplomatic and measured…
“I am sorry, I disagree, all I am doing is questioning the relevancy of the course work, not the course
itself, I never contended that I shouldn’t sit the course work, I am wondering what electron
momentum spectroscopy has to do with being a network engineer much less a business consultant”
I was asked to leave the office and not come back until “my attitude improved” I returned 24
months later with a photocopy of my degree, with a polite letter thanking them for all I had learnt
listed out in bullet form, needless to say, building applications that do some sort of electron
momentum spectroscopy calculations wasn’t on that list.
I will summarize by saying it is important to learn programming, but please any university reading
this, give students a task and tell them to do it in any bloody language they like. Give them real
administrative tasks; give them real life objectives like “Write a program that asks for first name, last
name, date of birth, gender and pushes those details to a database”
Problem solved. Mark Boyd 1, University 0
Let’s now talk about vbScript and all it has to offer
VbScript was the first script language I was ever exposed to. My boss and mentor at my first full time
job wrote a logon script that was a trillion lines long that I needed to understand. Luckily, my boss
wrote code that was nicely segmented, and easy to understand. My first task was a valuable one,
when a staff member logged into a particular location, note that location, and map a certain printer,
and set it as the default printer. (Hey university – this helped me, not the science stuff you “taught”)
On the next page, I will start listing off vbScripts and how to use them
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 5
Our first script will add a printer located at the “ServerName” server, called Printername
Code What Set objNetwork = CreateObject("WScript.Network") Connect to network object objNetwork.AddWindowsPrinterConnection \\Servername\Printername. Use object to connect to printer
There you go your first script that will connect to a printer share. The next step does the exact same
thing, but also adds a default printer.
Code What Option Explicit Forces you to declare variables
Dim objNetwork, strUNCPrinter Declares 2 variables
strUNCPrinter = "\\LittleServer\HP LaserJet 2420" Gives strUNC variable a printer location
Set objNetwork = CreateObject("WScript.Network") Creates the network object
objNetwork.AddWindowsPrinterConnection strUNCPrinter Adds the printer using variable
' Here is where we set the default printer to strUNCPrinter
objNetwork.SetDefaultPrinter strUNCPrinter Sets the default printer using varible
WScript.Echo "Check the Printers folder for : " & strUNCPrinter Echos a message about the printer
WScript.Quit Quits the script
Much better than the first one don’t you think?
If you ever get stuck it is safe to assume you can go on to the internet and find what you need to
know. When I was writing my script to install printers based on the location of the logon. I needed to
know how to determine the name of the PC the user was logging onto. Google taught me that, as
soon as I got the script working, I forgot it almost instantaneously. – The very definition of scripting.
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 6
The next script is massively complex, but oh so simple – how does that work you ask? Read on. You
declare a folder to scan, and it will check for unwanted file types, it can log them to a file, or delete
them. I take no credit for writing this code, but I can’t remember where I found it. What I did do, was
add the section that outputs the results to a text file. Code below.
OPTION EXPLICIT
DIM strExtensionsToDelete,strFolder
DIM objFSO, MaxAge, IncludeSubFolders
' ************************************************************
' Setup
' ************************************************************
' Folder to delete files
strFolder = "c:\users\markb\desktop"
' Delete files from sub-folders?
includeSubfolders = true
' A comma separated list of file extensions
' Files with extensions provided in the list below will be deleted
strExtensionsToDelete = "rom"
' Max File Age (in Days). Files older than this will be deleted.
maxAge = 0
' ************************************************************
'Mark Appended this on 17th May 2010
DIM fso, OutputToFile
Set fso = CreateObject("Scripting.FileSystemObject")
Set OutputToFile = fso.CreateTextFile("C:\users\markb\desktop\Files_to_delete.txt", True)
'End of Marks Appendage
set objFSO = createobject("Scripting.FileSystemObject")
DeleteFiles strFolder,strExtensionsToDelete, maxAge, includeSubFolders
wscript.echo "Finished"
sub DeleteFiles(byval strDirectory,byval strExtensionsToDelete,byval maxAge,includeSubFolders)
DIM objFolder, objSubFolder, objFile
DIM strExt
set objFolder = objFSO.GetFolder(strDirectory)
for each objFile in objFolder.Files
for each strExt in SPLIT(UCASE(strExtensionsToDelete),",")
if RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt then
IF objFile.DateLastModified < (Now - MaxAge) THEN
'wscript.echo "Deleting:" & objFile.Path & " | " & objFile.DateLastModified
OutputToFile.WriteLine "Deleting: " & objFile.Path & " | Date last modified: " & objFile.DateLastModified
'-----------------------------------------------------------------------------------------------------
'The next line will delete all files detected with the specified extention
'Use extreme caution when uncommenting line 49 (probably not line 49 anymore
'Review line 34's output (Files_to_delete.txt) before uncommenting line 49 again, probably not line 49
'-----------------------------------------------------------------------------------------------------
'objFile.Delete
exit for
END IF
end if
next
next
if includeSubFolders = true then ' Recursive delete
for each objSubFolder in objFolder.SubFolders
DeleteFiles objSubFolder.Path,strExtensionsToDelete,maxAge, includeSubFolders
next
end if
end sub
msgbox "Done"
Unfortunately, due to my inability to comment this the way I did the printer stuff, you will have to
put up with my analysis here.
I think if you look at this logically you can figure it out, a whole bunch of stuff is declared, objects are
used, the script steps through sub directories detecting a list of “unwanted file types” The only file
types we declare as unwanted at the moment are ROM’s.
There are certain methods you should probably be aware of when you are creating vbScripts,
however in the day and age of the internet, there is probably no need for me to list a huge number
of them, it is probably more appropriate for me to leave it here, Google whatever you want to know
but remember, logic is the key. You will always have a start middle and end, you will always have a
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 7
declaration of variables, tell them to do something, and produce an output. When it comes to I.T
automation, this is just about all you want to do, all the time, ever.
Next we will talk about PowerGui, please turn over / skip to the next page.
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 8
Introducing PowerGui:
PowerGui is a wonderfully powerful application for building scripts dynamically. The scripts it creates
are Microsoft Windows PowerShell scripts. As discussed in a previous article PowerShell can do just
about any administrative task on any modern server platform.
Read all about PowerGui here
The software is incredibly powerful, you can download plugins to connect to Active Directory,
Microsoft Exchange, even the vSphere client for VMware integration.
PowerGui is supported by a relatively large and well skilled community, if there isn’t a PowerShell
script here that doesn’t do what you need it to, chances are it won’t exist.
Everything to the best of my knowledge is free, everything is geared towards automation.
Here are some screenshots for PowerGui
The Interface:
Article by Mark Boyd www.simpleit.tumblr.com
Monday, 27 June 2011 Page 9
And what it does:
Wow! Just wow. I still can’t believe how powerful that is for a free program. The PowerShell
generated, I wouldn’t have a care in the world to figure out myself. I can use this filter how many
event logs between EventID 100 and EventID 4000 there were in the newest 100 event logs.
The conditional operators I can apply are the usual equals, not equals, <, > and so on. I can save
those to PowerShell scripts files and get Microsoft Task Scheduler to run them for me. Better yet I
can use even better Automation tools like Kaseya to schedule the execution of these scripts and
email me the results of them. I can target the scripts to thousands of machines worldwide, instantly
having a snapshot of all my customers and all their equipment’s apparent health.
It isn’t hard to be a good administrator; it is hard and unnecessary to reinvent the wheel.
It is here I will apologise for the lack of “pure nerd speak” in this article. The article was more to
share my experiences with what is a tricky and touchy subject – programming / scripting. My
contention remains that there is a great need for learning programming and scripting, but make it
relevant, state what you are trying to achieve, and you are a third of the way to solving your
problem.
This is the end of part 2 of the “Top tools for administrators guide” I am hoping my mix of tech and
real world examples help you think outside the circle when you are troubleshooting issues.
Remember, you want quick answers when troubleshooting stuff, not hours of investigation.
My next article will most probably be about SNMP and discovering key hardware health attributes.