|
Related Reading 
Windows Server Hacks |
Editor's Note: Mitch Tulloch has gathered 100 hacks for his Windows Server Hacks book to help system administrators master the more powerful features of Windows Server. To provide a real look at what these hacks can help you do, we offer three excerpts from the book: How to use an ADSI-based script to search for domain users; how to use the Hyena utility to quickly find out which user on your network has a particular file open; and how to quickly locate all machines that have automatic logon enabled in their registry. And if you like what you see here, pick up the book--there are 97 more cool techniques you can use in your everyday Windows administration tasks.
If you are in the process of migrating from Windows NT to Windows 2000, you can certainly appreciate the search capabilities provided in Active Directory administrative tools. At the same time, more than ever, you suffer from its absence in the User Manager. This issue becomes especially acute in environments where there is no consistent naming convention or when the naming convention happened to change several times over years. The sorting feature might help, but only provided that a person responsible for creating accounts entered the full name correctly and in the same format. Misspellings or using diminutives and nicknames are other frequent causes of confusion. Your search becomes considerably more time consuming if you manage multiple domains with different naming conventions.
To resolve a problem, you can employ a couple of approaches. The first one involves exporting a user list, along with each user's properties, into a comma-delimited file or a database (e.g., Access or SQL). The main drawback of this solution is the need for regular updates of the exported list. The second drawback, which eliminates the need for maintenance, is using an ADSI-based script.
This approach is shown in the script that follows.
The script allows searches against multiple domains. In order to accomplish this, you need to provide as the second input argument the list of domains (individual names need to be separated by semicolons). The first argument of the script is the part of the username (of any length) that you want to match against account names. Type the script into Notepad (with Word Wrap disabled) and save it with a .vbs extension as FindUser.vbs:
'***************************************************************
'*** The script searches for a username in one on more domains by
'*** looking for a match on the string of characters you specify.
'***
'*** The syntax:
'*** cscript //nologo FindUser.vbs string dom1[;dom2]
'*** where string is used to match against the username
'*** dom1;dom2 is the semicolon separated list of one or
'*** more domains to search (no limit on number of entries)
'***************************************************************
'*** variable declaration
Dim sName 'string to match against
Dim sDom 'string storing list of domains
Dim aDom 'array storing list of domains
Dim iCount 'counter variable
Dim oDomain 'object representing domain
Dim oUser 'object representing user account
Dim sLine 'string containing results of the search
'***************************************************************
'*** variable initialization
sName = Wscript.Arguments(0)
sDom = Wscript.Arguments(1)
aDom = Split(sDom, ";")
'***************************************************************
'*** search for matches in the loop
For iCount=0 To UBound(aDom)
Set oDomain = GetObject("WinNT://" & aDom(iCount))
oDomain.Filter = Array("user")
For Each oUser in oDomain
If InStr(1, oUser.name, sName, 1) > 0 Then
sLine = oDomain.Name & "\" & oUser.Name & ";"
SLine = sLine & oUser.Description & ";"
SLine = sLine & OUser.FullName & ";"
WScript.Echo sLine
End If
Next
NextWhen you run FindUser.vbs using Cscript.exe in a command-prompt window, you can easily find the full name and domain for a user, given his username. For example, when I search to see if the username bsmith is present in the MTIT domain, I find that user BobSmith is assigned that username (Figure 3-1).
Figure 3-1. Using FindUser.vbs to check whether username bsmith is already used.
—Marcin Policht
|
One of the biggest problems for system administrators is dealing with helpdesk or user requests that ask you to see who has a particular document open on the network. This can be most effectively completed using a utility called Hyena from SystemTools.com. With this utility, you can even disconnect the user who has the open file or send her a message asking her to close the file in question.
Here's a quick walkthrough on how to use the product, so you can see how
easy it is to use. Start Hyena and begin by selecting the server name where
the file is stored. Expand the + sign and the Shares leaf, and select the share
you want to examine. Then, drill through the directories until you find the
subdirectory you want, such as SqlDev in Figure 5-1.
Figure 5-1. Finding open files in Hyena.
Now, select the file you want (SMS_ABC_Database.mdb in our example) in the right pane to see who has it open. Right-click it, and from the context menu select More Functions and then Open By (Figure 5-2).
Figure 5-2. Selecting an open file.
Now, in the menu to the right, you will see who the user is by examining the User Name column, as shown in Figure 5-3.
Figure 5-3. Viewing who has the file open.
Now it is just a matter of either sending the user a message or, if he is unavailable, disconnecting him, by right-clicking on the file and choosing the appropriate menu option (Figure 5-4). If you opt for the latter, keep in mind that the file will be closed without giving the user the opportunity to make any final changes.
Figure 5-4. Disconnecting the user.
You can download a free, 30-day, fully functional, evaluation copy of this great tool from http://systemtools.com/hyena/download_frame.htm. Enjoy!
—Don Hite
|
While enabling automatic logon [Hack #4] in Chapter 1 can be useful in certain scenarios, such as a test network, it can also be a security risk, especially if it is enabled on a computer without the administrator's knowledge. Here is a quick and dirty way to locate all machines that have automatic logon enabled in their Registry.
You'll need the following tools:
The regfind.exe utility, which is available from the Windows NT/2000 resource kits.
A list of machines to search, which can be obtained in many different ways (including an SMS report, server manager, etc.). The list should be a plain text file named serverlist.txt in the following format:
server1
server2
server3
server4
etc...A user account that has administrative rights to the Registry on the machines being queried. Typically, a domain administrator account will work just fine.
Create a batch file that will use the provided list and kick off regfind. For
this we will use the FOR DOS command (all on one line - text is wrapped
here to fit the constraints of the page):
for /F %%A in (serverlist.txt) do (regfind.exe -m \\%%A -p "hkey_local_
machine\software\microsoft\windows nt\currentversion\winlogon" -n
"Autoadminlogon" >results.txt)You can see that we are simply parsing the serverlist.txt file for each server
name, then instructing regfind to locate that Registry key. There are two
caveats, though. First, the results can be hard to read while the search is
going on. It is recommended that you pipe the results to a text file (the preceding
example does this). Second, regfind is case-sensitive. This can make
the search a bit longer, but it's still fairly easy. Instead of just a one-line
batch file, you simply have a few more (almost identical) lines. A larger sample
of the completed batch file looks something like this (again, all on one
line -- beware of line wrap):
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "Autoadminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "AutoadminLogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "AutoAdminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "AutoAdminLogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoAdminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoadminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoAdminLogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoadminLogon" >results.txt)Using this method, you can scan a select list of workstations/servers for this key fairly quickly.
This procedure can easily be modified to find out other Registry keys as well, simply by changing the key name to search for. Enjoy!
—Donnie Taylor
Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.
Return to WindowsDevCenter.com.
Copyright © 2009 O'Reilly Media, Inc.