Martin Zugec blog

How to use aliases in IE?

When I join some forum, I really like function “Show posts since my last visit”. My usual practise is to set this URL to alias (I am mostly using Maxthon) and by just simply writing “msfn” it will expand this alias and go to page “http://www.msfn.org/board/index.php?act=Search&CODE=getnew”...

That WAS one of the features I really missed in IE - but it IS possible to use aliases in IE. How? Simple...

When you create Favourite, its name is functioning such as alias. If you create favourite, that will point to my blog and give it name Martin, then you simple write Martin to address bar and it will take you directly to my page!

Great feature - it looks like it is really long time available, however I never heard about it.

What can you see in Recycle bin?

I am not talking about recycle bin on your desktop - I want to talk about recycle bin, the hidden folder on your drive.

When you enter this directore, you can see some strange files. Their name is in this structure: D<drive><deleted_number>.<extension>

For example Dc7204.ppt is my unsuccessful presentation, deleted from C drive. It was 7205th deleted file :)

This values means:

• D as deleted
• c as disk where the file originaly was
• # as number of deleted file.
• ??? as extension.

Where are informations about where is the file from? They are stored in file Info2.

Maybe you find this information useful - I never did :)

IE vs. FF - constructive comments only :)

Well, I am quite tired to see flames all around :(

I like alternative browsers... They keep the wheels in move (IE6 SP2), they add functionality MS couldnt add...

However (since SP2) FF is NOT more secure then IE. Just have a look at secunia...

One argument often used is that there are many holes not patched in IE - and again, this is NOT truth. The point is that these holes werent fixed by patches - they were fixed by architecture change. Typical example is local machine lockdown in SP2. If you dont believe me, just search for some exploits of these bugs and try them on your IE...

You can find really nice article about this problem here: http://blogs.zdnet.com/Ou/index.php?p=108

Personally I am using Maxthon and IE as my browsers - mostly Maxthon, but sometimes I use IE (for example web-based application are more reliable). You can never feel safe in this world - and that is why I set lower rights using SAFER.

What is your opinion on this topic? And please leave adolescent comments like “FF rulez!” ;)

How to add new mail address to AD

One of companies I take care of was bought by another company... I needed to add new primary mail (from name.surname@old_domain.cz to name.surname@new_domain.cz)

So I decided to use script for this. Here is the result:

Set myOU = GetObject("LDAP://OU=Uzivatele, DC=Old_Domain, DC=cz")

For each myUser in myOU
       Set objRecipient = myUser
       bIsFound = False
       vProxyAddresses = objRecipient.ProxyAddresses
       nProxyAddresses = UBound(vProxyAddresses)
       i=0
       Do While i <= nProxyAddresses
              email = vProxyAddresses(i)
              If InStr(mid(email,6),"@New_Domain.cz") Then 
                 bIsFound = True
                 Exit Do
              End If
              If Left (email, 5) = "SMTP:" Then
                  vProxyAddresses(i) = "smtp:" & Mid(email,6)
                  MailIndex =  InStr(mid(email,6),"@")
                  strNewProxyAddresses = "SMTP:" & Mid(email, 6, MailIndex - 1) & "@New_Domain.cz"
                 Wscript.Echo strNewProxyAddresses
             End If
             If vProxyAddresses(i) = strNewProxyAddresses Then
                          bIsFound = True
                          Exit Do
             End If
             i = i + 1
       Loop
       If Not bIsFound Then
           ReDim Preserve vProxyAddresses(nProxyAddresses + 1)
           vProxyAddresses(nProxyAddresses + 1) = strNewproxyAddresses
           objRecipient.ProxyAddresses = vProxyAddresses
           myUser.SetInfo
       End If
Next

Heh, and it is working... It will take all users from specified OU, and if they dont have @new_domain.cz mail, it will take their actual primary mail, take first part (name.surname) and same new mail address in format first_part_of_actual_primary_mail@new_domain.com. And of course it will change current primary mail as normal :)

P.S.: Sorry for formating, looks like this blog system does not support [CODE][/CODE] :(

"Soft" introduction to WMI classes/WMIC part no.1

Hello guys!

WMI classes are base of Windows management, however many administrators dont know how to use their potential. That is why I decided to write this series of articles...

WMI classes are between you (wscript/cscript, console etc.) and system APIs. They provide access to almost everything you need to know. For example informations about memory, CPU, processes, services, filesystem etc.

In w2k only method to access this classes was by using scripts (vbscript), so they were great for scripting, however it was hard to use them if you wanted just to receive some informations. Someone clever at Microsoft had nice idea - what about creating cmd utility, that would provide access to these classes? You want need to create big program and you will have access to many interesting informations.

And that is why WMIC was created. As I said this will be really soft introduction, so I will start with classes/objects/methods/properties. You can encounter these terms in almost every programmers documentation, however what do they really mean?

Everything in windows is object - file is object, directory is object, user is object etc... Every object have properties and methods. Method mean “do something”, while property is just the value.

Lets take example - our object will be dog. He have methods (”Bark”, “Roll”, “ShutUp” etc.) and properties (value of property “Color” will be “Black”, value of property “Tail” will be “Short” etc.).

Classes are something like templates for objects - they specify, what methods/properties the object will have and how they will act. Example: lets say you are architect. You created blueprint for house - however it is just blueprint. When you will build house, you will take this blueprint and modify it - for example you will say that walls will be white, it will have an alarm etc. So your object WONT affect the class.

When you create object, it is created from class. Class Dog only says that every dog have property Legs, Tail etc and methods Bark etc. You initiate the object when you say that Fred is Dog - from now Fred have properties/methods based on dog class. You cant ask whats the color of dog in general - you can ask what is the color of Fred.

Sometimes you need (or you can) provide arguments to methods - for example Fred.Bark(Loud) or Fred.ShutUp(Now)... Sometimes you can provide more arguments, for example Fred.Bark(Loud,5), where you are telling Fred to bark, volume Loud and do it for 5 minutes.

Now lets return to WMIC. In WMIC you are using aliases to access classes. For example to access processes, you wont use Win32_Process (WMI Class), you use just Process (Alias).

Basic syntax of WMIC is “WMIC Alias WMIC_Method Parameters).

There are 4 WMIC methods:

• list  - retrieve a set of properties
• get - retrieve specific property(properties)
• set - set a property value
• call - call a method

For example to view properties of process, you use command “WMIC process list”. To set property you use “WMIC Process set property_name=property_value”. To call method you use “WMIC process call method_name” etc...

How do you know what aliases you have available? And how do you know their properties/methods?

There is switch /? available. If you want to see all available aliases, just use command “WMIC /?”.

This switch is also available for aliases, so if you want to see available methods of alias process, use command “wmic process call /?”. If you want to see properties, use “wmic process get /?”.

This switch (/?) have two modes - brief and full. Brief is default, if you need more informations (for example description of properties), use full method. Syntax is /?:help_mode.

For example to see everything about process methods, use command “wmic call /?:full”.

This is just the beginning - next time I will speak about more practical things. Hope so you will play with wmic :)

How to add domain group to local group using Group Policy

I needed to add a domain group to local administrators... It is quite common task - you have group Technicians - you need to provide them administrator access to all computers, however you dont want to make them Domain Administrators members.

The solution is to use Restricted Groups. The problem is you often dont want to override actual settings, you just want to modify them. For example you want to add group Technicians, however (if you dont prefer LUA :)), you want to have user of that computer in Administrators group.

When you read some articles about Restricted Groups, you will see that it will remove/add, not modify. However there is workaround.

Recreate membership

If you just want to recreate (force) membership, it is quite simple. Go to

Computer Configuration -> Windows Settings -> Security Settings -> Restricted Groups

Right click, select Add Group.

Now you will enter name of group - in our case you will select Administrators (note this is not just description, it is real name of that group).

In Members of this group select add, select who you want to include (SoulinCorp\Domain Administrators, SoulinCorp\Technicians) and thats all!

Modify membership

This is using reverted logic :) Use the same procedure, however instead of modifying Members of this group modify This group is member of...

Name of the group is the name of the group you want to ADD to group. So in our example name will be SoulinCorp\Technicians and we will make this group member of Administrators group. This second approach is not forced - it wont recreate the Administrators group. it will just modify it.

BartPE + USMT

I wanted to move to next step - I finally decided to leave MSDOS to stay in grave and use BartPE... Everything is working fine - however I encountered one (logical) problem...

You cant use USMT to migrate user profiles to network when you boot using PE :( I am still trying to find a workaround, however it looks like really big problem.

Have anyone any advices?

Windows Installer a.k.a. Advanced Setup Manager

One of the most common problems with unattended installations are typos (as I wrote before)... How to solve them?

You can use dictionary for your favourite text editor (Crimson Editor or dictionary for Word). This is one solution.

Remember Setup Manager, that is used to automatically generate .sif file? It is included in deploy.cab and have name SetupMgr.exe. It is working fine, however it contains only necessary values :( Nothing advanced...

For a long time I was looking for similar tool, however with support for more advanced features. And then I found project Winstaller on MSFN. And I decided to create .xml files for every possible section in .sif file with descriptions etc.

Right now I am working on this project with Jonathan Gordon - the problem is it is really big time-eater to generate files for all settings in .sif files in one person :(

So this way I would like to ask for a help - please, if you could give us a hand, let me know. I dont want to let this project die, it looks really promising. Only thing you need to do is to rewrite some text from ref.chm to xml file (I will provide howto if you are interested).

Another usage of bayesian filter?

I bet you all know bayesian filter - maybe not under its real name, but you know it :)

Bayesian filter is based on generating possibility based on previous acts. It is commonly used in antispam applications.

For example you received 50 good and 50 spam mails - you run bayesian filter on this mails, it generates DB where typical behavior of BOTH set of mails are stored. This is quite important, it is not just controlling the bad mails, it also checks good mail. When new mail arrive, bayesian filter have a look on it and calculate probability if it is good/bad mail... If it is fifty/fifty, it will ask you if you could decide and based on your decision it will update its own database. Most of bayesian filters are quite simple, however advanced filters are not checking just text, however also the structure - for example most emails that use big letters + red colour are spam.

But what I wanted to talk about is something else - this was just “prerequisity” to understand what I mean.

Today I missed one of my favourite shows again... I was thinking what I can do with it. I dont watch television lot, so I dont watch TV program every day...

Then I got an idea it could be clever if you could use bayesian filter for parsing these kind of informations - so after two weeks it will automatically know what you like and what you dont like.

It would not be so hard to program it I think - using xmltv format, you have every information you need.

So this program could check every program by type (serial, show, movie etc.), if it is action movie/comedy, actors, directors etc...

I think it could have success. What do YOU think? :)

Yours Martin

Batch - use sub and function?

I really like using subs&functions everywhere I can :)

hYou can even use them in batches -

If you want to create sub, just use

Call :EnableLogging

And if you want to create function, use Call :DeleteFile C:\temp\test.txt

Parameters are passed to this “function” same way as they are passed to new script!

Also there is one workaround I like to use - I am using another batches as functions... Variables are global, so this new batch can access variables from another batch file...

Loopback adapter - how to access share when computer is offline?

I wanted to show SDS after my last presentation, but I encountered one problem - SDS is accessing admin share, but you cant use admin shares when computer if offline...

However there was quite simple solution - installation of Microsoft Loopback Adapter.

This is exactly solution for my problem - it will create virtual NIC for testing purposes. If you want to add it to your computer, just follow this instructions -

Control Panel - Add Hardware - Add new hardware device - Network Adapters - Microsoft - Microsoft Loopback Adapter

Why do I like batches?

I am working with vbscript... I am working with VBA... I am working with VB.NET... I am working with AutoIt... I am sometimes working with Python...

So why the hell do I like batches? :)

There are few reasons - batches are quite simple, however are still functional. I like the interactivity of batches - what you can create in batches, you can use in cmd. And thats the main reason - I love to control Windows (and remote machines) from console :)

And thats the why!

Is MOC(Microsoft Official Curriculum) really useful?

I am thinking about this for few weeks now. Why it even exist?

I will attend my first MOC this monday - not as student, but as lector. I was reading through training kit and there was almost nothing interesting.

The MOC I am presenting is about WSH/VBS - and they even didnt include informations about WMI there!

There are long empty spaces where you speak about nothing important - for example .wsf (I never saw someone that was creating this files), and technologies like HTA are not included :(

This really disappointed me - however I need to earn some money, so I must do it :(

Batch - how to search&replace?

This is quite usual question - how to search and replace strings in batches?

It can be done - you must use Set command for it.

Syntax is Set Variable=%Variable:Search_For=Replace_With%

For example I got variable Test with values Helo, Helo, Ehlo inside. I want to replace Ehlo with Helo.

Here is how to do it:

Set Test=Helo, Helo, Ehlo

Set Test=%Test:Ehlo=Helo%

If you use Echo %Test% now, you will see Helo, Helo, Helo :)

Most common problems during deployment

I spoke about this few days ago, these are most common problems during deployment projects:

• including toooo much settings in .sif files - many people are trying to include everything they can in their answer files - but when you encounter problems, you will find out it is really hard to find out where is the problem.
• not enought time spend on planning phase - this is often problem. I personally dont like planning (plus documentation etc.), however it is VERY important.
• static informations - I spoke about it in Batch abstraction - use variables everywhere you can! One of the worst work ever is trying to find what was running on burned server - I encounter this quite often, when I am called to solve problems :(
• deployment is not divided to sections - I prefer to create different sections during unattended. What I mean? I always create sections that are shared for all computers - for example installation of AV and removing temporary files. Technology part is run before any installation, ending part is run after any installation. This is quite usefull when you want to change
• using workaround to solve some problems. This is VERY common problem - for example if server is not available, many administrators will include timeout (sleep command) instead of trying to solve the problem by another method (for example loop witch checking if server is available). This is really often problem - you create workaround, everything is working fine, however when you try to install 5 computers, one of them fails :( So DONT USE WORKAROUNDS! Spend some time and try to locate the problem and solve it using adequate solution.
• Too complicated solutions. Sometimes when I see what are people able to implement, I think I will bang my head against the wall. Easy solutions often means reliable solutions. I like to use something similar to black-boxes - solutions, that are independent on company, domain etc and are dependent only on .ini files...
• Too simple solutions. What I mean is not related to deployment, it si more related to scripting. Why the hell are people using variables like a, b or st? I like variables where you can say exactly what they will hold. That is way my variables are quite longer than usual - however if I try to change behavior later, it is really easy for me (for example if I want to see variables that contains paths, I only need to list all Path.* variables).
• OS modifications. Why are people always trying to remove/disable something that is necessary or recommended to stay on computer? Typical is removing IE - you CANNOT remove IE. IE is (simply said) just practical usage of OS components. It is NOT something that is dig into OS, it is something that is using many natives functions... When you remove something from core OS, you can expect various problems later. If you want to remove something like this, you must know what you are doing and how it will affect OS. For example I like to disable LastAccessStamp on FS - however I know what it will affect (like Outlook or Add/Remove Programs), so when someone wants to use diary in outlook, the installation will automatically enable LAS and reinicialize Office.
• Fight for your rights :) What I mean is similar as workarounds section - if something is not working, dont just disable, find the reason. Typical example of this is WakeOnLan - many companies automatically disable WOL, because their computers woke automatically. Instead of trying to find solution (disable RWUPING and RWUARP), they just disable this great functionality.
• mistypes in .sif - of course really common problem :) I saw a Word dictionary for .sif files somewhere around internet and I think it is really useful.

These are problems I got in mind right now. What are your experiences?

Batch - how to search if utility is available (for example reg.exe)

If you ever created the script for heterogenous environment, you know this can be real problem - does the user have reg.exe (it is not available on w2k)? Or if he have it, is the path included in Path variable???

There is one quite simple way to determine if he have it or not. I will share :)

@echo off
Set SDS.SearchFor.Reg=Reg.exe
Set SDS.SearchFor.Shutdown=Shutdown.exe
Set SDS.pathExecutablePath=%~dp0
Set SDS.pathExecutablePath=%SDS.pathExecutablePath:~0,-1%

For /f "usebackq tokens=1-2 delims==" %%i IN (`Set SDS.SearchFor.`) Do (
 Call:FoundFile %%j
 )
For /f "usebackq tokens=1-2 delims==" %%i IN (`Set SDS.Location.`) Do (
 If /i "%%j" EQU "Not Found" (Echo File %%i is not available!) Else (Echo Path to file is %%j)
 )
Goto:EOF

:FoundFile
Set SDS.Path.FoundedPath=%~dp$PATH:1
Set SDS.SearchedFile=%1

If "%SDS.pathFoundedPath%" NEQ "" (
 Set SDS.Location.%SDS.SearchedFile%="%SDS.pathFoundedPath:~0,-1%\%SDS.SearchedFile%"
 ) Else If Exist "%SDS.pathExecutablePath%\%SDS.SearchedFile%" (
 Set SDS.Location.%SDS.SearchedFile%="%SDS.pathExecutablePath%\%SDS.SearchedFile%"
 ) Else (
 Set SDS.Location.%SDS.SearchedFile%=Not Found
 )

SAM (Software Asset Management) - what about paid solutions?

Not a long time ago I encountered nice page from Microsoft, where you can search for SAM tool of your preference...

Check it out! I recommended it already to few people that were searching for software asset tools...

http://www.microsoft.com/resources/sam/aspx/findtool.aspx

Free Asset Management

Yesteday I had presentation about deployment - it was first part of series, where I want to cover every deployment topic. I was talking about theory of deployment and then I spoke about planning.... Part of the planning phase is inventorize you software and hardware environment - and I was REALLY surprised that there were only few guys that are using asset management software.

WHY?

Dont tell me it is because money - if you want free solution, you can try http://ocsinventory.sourceforge.net (my favourite is v3.0, NG is tooo complicated and needs too many components) or http://www.ilient.com (didnt try this SysAid, however looks useful).

When I saw that these people didnt have any experience with asset management, I decided to show them how to configure OCS... Installation of asset “server” took me about 5 minutes (and dont forget that I was talking about every step)...

It is quite simple - download package, unpack it somewhere, create share with access rights, then you just need to create ODBC connection to included access DB (doesnt require MS Access) and add one line to logon script...

OT - Xbox + WakeOnLan

This is thing I would like to achieve - enable wake on lan for my xbox... The main reason is xbox is also my ftp/http server and I would like to wake it up from my work for example...

Have any of you some experiences if it si possible? If so, let me know. If not I will let you know if it is working or not :)

Troubleshooting WSUS - Client

This is question I see almost every day - client problems with WSUS...

Most of the solutions are quite simple -

• do you have generated corresponding groups in WSUS server?
• are you sure your registry settings are correct? This is often cause of troubles
• do you have http:// prefix in your WUServer and WUStatusServer?
• did you check WindowsUpdate.log in windir? WindowsUpdate.log is related to WSUS, Windows Update.log is related to automatic updates...
• did you run http://download.microsoft.com/download/9/7/6/976d1084-d2fd-45a1-8c27-a467c768d8ef/WSUS%20Client%20Diagnostic%20Tool.EXE? This is Client Diagnosti tool, it is working quite well and can really help you.