top tools for top administrators 2

Article by Mark Boyd www.simpleit.tumblr.com

Monday, 27 June 2011

Top tools for top administrators 2/4

All of the informat ion presented in this art ic le is the opinion of the author, not the opinion of the any of the

vendors ment ioned. The authors experience is in the Managed Services Provider sector , more specif ical ly , the

Educat ion vert ical

Top tools article two of four: vbScript and PowerGui

Welcome back, didn’t think you’d stay away. In this article, we will be covering the basics of the

aforementioned programs and tools.

Ever had a task you needed to do where you thought “Windows should do this natively, but it

doesn’t”? VbScript should solve a lot of these problems. VbScript is a powerful, lightweight scripting

language that you can use to do many dozens of administrative tasks. Some of the examples I will

show I will have stolen from the internet; others are examples of scripts I have written for

production environments. I hope you can use / enjoy them.

PowerGui is a handy app that generates queries for you based on common administrative tasks that

you want done. The queries it generates are Microsoft PowerShell queries. I cannot understate how

powerful this program is. All credit to the developers and the fantastic community that develop and

supports this software.

Wire shark PowerShell Get-ACL Subinacls Excel1 vbScript Process Explorer

Power Gui Putty Tftpd32 nMap Ldefde MSBPA TcpView

All of the above mentioned tools and technologies allow an I.T administrator to extract near any

information needed for the successful audit and administration of any Microsoft desktop / server

environment.

1 I will not be explaining how to use Excel. You know what it is and how to use it. It is a supporting tool



For the sake of consistency, I will leave in the supporting table below; in case you didn’t read article

one. If you have read article one, I strongly recommend you read it. Find it here.

These products perform the following functions, including but not limited to:

Product Usage

Wire Shark Samples traffic travelling across the network

Subinacls Used to audit NTFS share permissions against disk volumes.

Get-Acls Used to audit NTFS share permissions against disk volumes

Microsoft PowerShell Command line driven desktop or Server admin tool. Similar to vbScript but more robust

Microsoft Excel Excel is used to collate and post process the volumes of data collected by Get-Acls

Microsoft Visual Basic Script Used for scripting and automation where PowerShell is not fit for purpose

Power Gui Used for generating PowerShell scripts automatically

Putty Remote telnet / ssh control of switches, routers, firewalls etc

TFTPD32 A simple, powerful telnet server

nMap Used to discover analyse the threats that may exist from remote systems and users

Microsoft LDEFDE Used to audit, query, and export Microsoft Active Directory

MSBPA Microsoft Exchange / SQL Best practise analyser for Exchange and SQL Security

Introducing vbScript:

So, the time had to come, where I, Mark Boyd, declare my love for automation. With the words “I.T

Automation” comes some inevitability, namely the need to write scripts, batch files and small

programs.

Ever since I started this blogosphere stuff, I had to re learn all the things I was forced to learn in

university years ago. When I started in this industry, I swore I’d never write a single line of

programming code. The very first task at my very first job I had, I was writing and manipulating code.

I am going to come right out and say it…You DO NOT need to learn how to be a programmer, you

ABSOLUTELY DO NOT need to learn a specific programming language when you are at university.

What universities should teach however, is working smarter not harder. This was certainly never a

course I sat, but I knew early on the value of solving repetitive tasks with automation. What

universities should be teaching is the art of automation.

First, a short story about my university experience, more specifically learning programming.

I will prefix this story by saying the university degree I got was a Bachelor of Computing (Networking)



I came to university from the TAFE (In Australia, TAFE is a “step down” from university) sector. In

TAFE, I sat a HTML course, building and testing basic websites, a step up from how to use Microsoft

Front Page, a step down from building fully functional PHP based websites, or “hard core” CRM stuff.

When I transitioned into university, I was entitled for exemptions from having done certain classes. I

was told to choose a programming stream; I had a choice between the Microsoft .net framework

(VB) stream, and a C stream. My exemptions (based on having learnt HTML) were the for the entry

level programming class (go figure), I straight away entered the intermediate C programming

stream. The first class I sat, I was asked to create a program that sorted alphabetically 10 sentences,

and prefix them with a character in numerical order. I was expected to do all of that in 30 minutes of

classwork.

It was immediately clear to me I was out of my depth.

I went and spoke to the course convenor, it was the first real life / business lesson I remember

learning – Don’t put a case forward emotionally, you will lose just about every time. I was given two

options, drop down and redo the entry level C programming course, or, quit. Plain and simple.

Neither of those options bayed well with me.

In any case, I knew sitting the entry level C course would buy me six months, maybe the penny

would drop and I’d become a good programmer (never happened). My first assignment was to build

an application in C that asked the user to a temperate in Fahrenheit and have the application

convert the number to degrees Celsius. I understood the maths, researched how to make the

calculations, and with the help of a software developer friend, I got 100 percent on the assignment

The second assignment, well, it made me more furious than just about any assignment has ever

made me. The second assignment (paraphrasing) asked me to understand “Electron Momentum

Spectroscopy” and program “something” for it. I still don’t understand what the point of it all was.

The maths for what we needed to calculate was half a page long. For those of you who don’t know

what EMS is, here is a brief description

“Electron Momentum Spectroscopy measures the energy-momentum density of the electrons in atoms,

molecules and solids by means of a kinematically-complete ionization reaction initiated by an electron beam. The

construction of spectrometers and the acquisition and reduction of cross-section data are described in detail. The

quantum theory of the reaction is explained and the experimental verification is given. It is shown how to extract

quasiparticle orbitals, and coefficients describing electron correlations of the data”2

Regardless, I got the assignment done (again with some help) This assignment and the fact I got 100

percent on it, shaped my opinion of university from there on in, forever.

What happened annoyed me for two reasons

1. I was given an exemption for Engineering Programming in C, based on a HTML class I took.

2. I was given assignments where I learn nothing transferable to everyday I.T work.

Why, as a networking / business major, did I have to know any of that crap? What did it do for me

other than breed contempt for the institutions that are universities? Later on I learnt my second very

2 http://books.google.com/books/about/Electron_momentum_spectroscopy.html?id=dm9DdZ68PsEC

http://books.google.com/books/about/Electron_momentum_spectroscopy.html?id=dm9DdZ68PsEC



valuable business lesson. Listen to what others are saying, don’t appease them with what they want

to hear just because they think you should agree with them. It is OK to disagree with people. If

someone if disagreeing with you and they get emotional, you are touching a nerve with them,

maintaining your composure is key to being a well-rounded debater and individual. Never belittle a

person if they argue with emotion, but don’t argue back with emotion.

So I had the talk with the convenor and the vice chancellor of I.T after I finished the semester.

My contention was

What out of this C programming class is transferable to real business skills?

Why will I ever need the “knowledge” I learnt from these assignments much less the exam?

Is this likely to make me any more employable?

I got yelled at…

“You are ungrateful…the university puts a lot of time and effort into designing these course based

on educational outcomes, you do nothing other than give us attitude, and spend more time

disagreeing with the course work then doing it yourself”

My response was diplomatic and measured…

“I am sorry, I disagree, all I am doing is questioning the relevancy of the course work, not the course

itself, I never contended that I shouldn’t sit the course work, I am wondering what electron

momentum spectroscopy has to do with being a network engineer much less a business consultant”

I was asked to leave the office and not come back until “my attitude improved” I returned 24

months later with a photocopy of my degree, with a polite letter thanking them for all I had learnt

listed out in bullet form, needless to say, building applications that do some sort of electron

momentum spectroscopy calculations wasn’t on that list.

I will summarize by saying it is important to learn programming, but please any university reading

this, give students a task and tell them to do it in any bloody language they like. Give them real

administrative tasks; give them real life objectives like “Write a program that asks for first name, last

name, date of birth, gender and pushes those details to a database”

Problem solved. Mark Boyd 1, University 0

Let’s now talk about vbScript and all it has to offer

VbScript was the first script language I was ever exposed to. My boss and mentor at my first full time

job wrote a logon script that was a trillion lines long that I needed to understand. Luckily, my boss

wrote code that was nicely segmented, and easy to understand. My first task was a valuable one,

when a staff member logged into a particular location, note that location, and map a certain printer,

and set it as the default printer. (Hey university – this helped me, not the science stuff you “taught”)

On the next page, I will start listing off vbScripts and how to use them



Our first script will add a printer located at the “ServerName” server, called Printername

Code What Set objNetwork = CreateObject("WScript.Network") Connect to network object objNetwork.AddWindowsPrinterConnection \\Servername\Printername. Use object to connect to printer

There you go your first script that will connect to a printer share. The next step does the exact same

thing, but also adds a default printer.

Code What Option Explicit Forces you to declare variables

Dim objNetwork, strUNCPrinter Declares 2 variables

strUNCPrinter = "\\LittleServer\HP LaserJet 2420" Gives strUNC variable a printer location

Set objNetwork = CreateObject("WScript.Network") Creates the network object

objNetwork.AddWindowsPrinterConnection strUNCPrinter Adds the printer using variable

' Here is where we set the default printer to strUNCPrinter

objNetwork.SetDefaultPrinter strUNCPrinter Sets the default printer using varible

WScript.Echo "Check the Printers folder for : " & strUNCPrinter Echos a message about the printer

WScript.Quit Quits the script

Much better than the first one don’t you think?

If you ever get stuck it is safe to assume you can go on to the internet and find what you need to

know. When I was writing my script to install printers based on the location of the logon. I needed to

know how to determine the name of the PC the user was logging onto. Google taught me that, as

soon as I got the script working, I forgot it almost instantaneously. – The very definition of scripting.



The next script is massively complex, but oh so simple – how does that work you ask? Read on. You

declare a folder to scan, and it will check for unwanted file types, it can log them to a file, or delete

them. I take no credit for writing this code, but I can’t remember where I found it. What I did do, was

add the section that outputs the results to a text file. Code below.

OPTION EXPLICIT

DIM strExtensionsToDelete,strFolder

DIM objFSO, MaxAge, IncludeSubFolders

' ************************************************************

' Setup

' ************************************************************

' Folder to delete files

strFolder = "c:\users\markb\desktop"

' Delete files from sub-folders?

includeSubfolders = true

' A comma separated list of file extensions

' Files with extensions provided in the list below will be deleted

strExtensionsToDelete = "rom"

' Max File Age (in Days). Files older than this will be deleted.

maxAge = 0

' ************************************************************

'Mark Appended this on 17th May 2010

DIM fso, OutputToFile

Set fso = CreateObject("Scripting.FileSystemObject")

Set OutputToFile = fso.CreateTextFile("C:\users\markb\desktop\Files_to_delete.txt", True)

'End of Marks Appendage

set objFSO = createobject("Scripting.FileSystemObject")

DeleteFiles strFolder,strExtensionsToDelete, maxAge, includeSubFolders

wscript.echo "Finished"

sub DeleteFiles(byval strDirectory,byval strExtensionsToDelete,byval maxAge,includeSubFolders)

DIM objFolder, objSubFolder, objFile

DIM strExt

set objFolder = objFSO.GetFolder(strDirectory)

for each objFile in objFolder.Files

for each strExt in SPLIT(UCASE(strExtensionsToDelete),",")

if RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt then

IF objFile.DateLastModified < (Now - MaxAge) THEN

'wscript.echo "Deleting:" & objFile.Path & " | " & objFile.DateLastModified

OutputToFile.WriteLine "Deleting: " & objFile.Path & " | Date last modified: " & objFile.DateLastModified

'-----------------------------------------------------------------------------------------------------

'The next line will delete all files detected with the specified extention

'Use extreme caution when uncommenting line 49 (probably not line 49 anymore

'Review line 34's output (Files_to_delete.txt) before uncommenting line 49 again, probably not line 49

'-----------------------------------------------------------------------------------------------------

'objFile.Delete

exit for

END IF

end if

next

next

if includeSubFolders = true then ' Recursive delete

for each objSubFolder in objFolder.SubFolders

DeleteFiles objSubFolder.Path,strExtensionsToDelete,maxAge, includeSubFolders

next

end if

end sub

msgbox "Done"

Unfortunately, due to my inability to comment this the way I did the printer stuff, you will have to

put up with my analysis here.

I think if you look at this logically you can figure it out, a whole bunch of stuff is declared, objects are

used, the script steps through sub directories detecting a list of “unwanted file types” The only file

types we declare as unwanted at the moment are ROM’s.

There are certain methods you should probably be aware of when you are creating vbScripts,

however in the day and age of the internet, there is probably no need for me to list a huge number

of them, it is probably more appropriate for me to leave it here, Google whatever you want to know

but remember, logic is the key. You will always have a start middle and end, you will always have a



declaration of variables, tell them to do something, and produce an output. When it comes to I.T

automation, this is just about all you want to do, all the time, ever.

Next we will talk about PowerGui, please turn over / skip to the next page.



Introducing PowerGui:

PowerGui is a wonderfully powerful application for building scripts dynamically. The scripts it creates

are Microsoft Windows PowerShell scripts. As discussed in a previous article PowerShell can do just

about any administrative task on any modern server platform.

Read all about PowerGui here

The software is incredibly powerful, you can download plugins to connect to Active Directory,

Microsoft Exchange, even the vSphere client for VMware integration.

PowerGui is supported by a relatively large and well skilled community, if there isn’t a PowerShell

script here that doesn’t do what you need it to, chances are it won’t exist.

Everything to the best of my knowledge is free, everything is geared towards automation.

Here are some screenshots for PowerGui

The Interface:

http://powergui.org/index.jspa



And what it does:

Wow! Just wow. I still can’t believe how powerful that is for a free program. The PowerShell

generated, I wouldn’t have a care in the world to figure out myself. I can use this filter how many

event logs between EventID 100 and EventID 4000 there were in the newest 100 event logs.

The conditional operators I can apply are the usual equals, not equals, <, > and so on. I can save

those to PowerShell scripts files and get Microsoft Task Scheduler to run them for me. Better yet I

can use even better Automation tools like Kaseya to schedule the execution of these scripts and

email me the results of them. I can target the scripts to thousands of machines worldwide, instantly

having a snapshot of all my customers and all their equipment’s apparent health.

It isn’t hard to be a good administrator; it is hard and unnecessary to reinvent the wheel.

It is here I will apologise for the lack of “pure nerd speak” in this article. The article was more to

share my experiences with what is a tricky and touchy subject – programming / scripting. My

contention remains that there is a great need for learning programming and scripting, but make it

relevant, state what you are trying to achieve, and you are a third of the way to solving your

problem.

This is the end of part 2 of the “Top tools for administrators guide” I am hoping my mix of tech and

real world examples help you think outside the circle when you are troubleshooting issues.

Remember, you want quick answers when troubleshooting stuff, not hours of investigation.

My next article will most probably be about SNMP and discovering key hardware health attributes.

top tools for top administrators 2

Documents