Security

Sep 4 2008   4:01PM GMT

Pinging a remote computer from another remote computer using the WMI Win32_PingStatus class in VBScript

Posted by: Jerry Lees
Development, Functions, VBScript, Networking, monitoring

I recently began working on trying to figure out ways to troubleshoot real problems with a VBScript and give me some diagnostic information about the current state of the environment. As I build this script I plan on sharing pieces of it bit by bit with you, my readers. I also wanted to get back to writing some WMI scripts that will help you all do your jobs more efficiently. Lastly, I wanted to begin building a “toolbox” script that you could use to write your own scripts. These are the goals I’m tracking toward in my next series of posts that contain VBScript code. Now onto this script…

The first piece of troubleshooting a problem, in my opinion, is ensuring that a communication path exists between two systems. Duh! However, simply pinging the systems individually from your desktop isn’t a good test… it only tests the your computer can communicate with the two systems, not that they can communicate with each other!

This script simply uses our friend WMI to make a call a remote computer requesting that computer ping another computer. Simple enough, but invaluable because how many times have you had to login to a remote computer to check if it can connect to a system? Now you don’t have to… you can do it from a script!

The script uses the Win32_PingStatus class in WMI. Essentially, it will only work on Windows XP and newer (Sorry, Windows 2000 and older doesn’t support the WMI class we need.) and the user executing the script will likely need to be an administrator on the system that is being called (but not necessarily being pinged). For further information on this class you can reference the Win32_PingStatus documentation.

Now lets get to the script!

 ‘Use a remote computer to ping another remote computer
Option Explicit 
‘Change the SourceServer and RemoteServer Strings below to servernames or IP addresses for you.
wscript.Echo RemotePing(”SourceServer”, “RemoteServer”)
wscript.Echo “Done!”

Function RemotePing( SourceComputer, DestinationComputer)

 Dim strComputer1, strComputer2
 Dim objWMIService, colItems, objItem

 strComputer1 = SourceComputer
 strComputer2 = DestinationComputer

 On Error Resume Next
  ’ error control block
  Set objWMIService = GetObject(”winmgmts:{impersonationLevel=impersonate}//” & strComputer1 & “\root\cimv2″)
  Set colItems = objWMIService.ExecQuery (”Select * from Win32_PingStatus ” & “Where Address = ‘” & strComputer2 & “‘”)
  For Each objItem in colItems
      If objItem.StatusCode = 0 Then
          RemotePing = strComputer1& “: Reply received from ” & strComputer2 & ” in ” & objItem.ResponseTime & ” ms.”         
      Else
       RemotePing = “Error pinging ” & strComputer2 & ” from ” & strComputer1 & “. The status code returned was :” & objItem.StatusCode
      End If
  Next
 On Error GoTo 0
End function

As always, this code works perfectly. However, sometimes the formatting of the blog breaks the code if you copy and paste it into your editor. So, if you’d like to not type or troubleshoot any syntax errors due to the copy and paste problems– I’ve provided the code for download, plus example output files  from my final tests for you. You’ll find the code and other files available for download from my website’s (www.websystemsadministration.com) File Depot under the ITKE Blog Scripts category. Enjoy and happy scripting!

Aug 21 2008   2:25PM GMT

Essential Tools: A free tool to mount an ISO cdrom or DVD image as a Virtual CDROM drive

Posted by: Jerry Lees
free tools, free software, software resources, Systems administrator tools, windows tools, DVD Tools, CDROM Tools, ISO Tools, ISO, disk utilities, drive utilities, essential tools

We’ve all had times when we needed a file from an installation CD or DVD, but only had an ISO image available on the network. So, we have to copy the image to our machine then burn the image to media– just to get the file.

There are utilities out there that do this, like Alcohol 120%, but none seem to be free and free from ads or “Value add toolbars”. (Alcoholsoft makes Alcohol 52%, but it has toolbars). I’ve recently found a free utility that does fit the bill for my free essential tools series!

The tool is Virtual CloneDrive from Slysoft. Virtual CloneDrive delivers all the functionality you need to mount an ISO as a virtual CD/DVD Drive in a small (1.86Mb for a full install) FREE package! (As a added benefit, it appears to have multi-language support as well)

Once installed it adds a Virtual CDROM drive to your system that has a menu context “Virtual CloneDrive” that gives you the Mount and unmount options, just like Alcohol 120% does. And it keeps track of your recent ISO’s like Alcohol 120% as well.

It also registers .ISO files with itself and simply double clicking on the file automatically mounts the image in your virtual drive, a nice touch.

All in all, the performance is good and the integration with windows is top notch. Give it a shot, I’m sure you’ll find it to be one of your essential tools.

Know of a tool that you think is essential? Post a comment here and if I don’t already have it in my tool belt, I’ll add it and give it a shot. If it makes the grade– I’ll add it to the list of tools to review. The only criteria are:

1. The tool must be free, or inexpensive with a “Per User” or “site” type license. (No pay per installation licenses, please)
2. The tool (or it’s installation file) must be small enough to fit on a 256Mb flash drive for portability.
3. Command line run time options are beneficial, but not required.
4. If it has ads… it needs be truly INVALUABLE.
5. It should make the user’s job easier by gathering information or preforming a task that a typical Network or Systems Administrator would preform.

Enjoy!

Jun 26 2008   1:56PM GMT

How to associate specific WWW w3wp.exe process ID’s with a IIS application

Posted by: Jerry Lees
Web applications, VBScript, webmaster, monitoring

One of the most difficult problems with troubleshooting a web application on a server that has many applications on it is determining which one of the applications is causing an issue. Sometimes that is easy because you see an error message or, in those rare cases where you get an actual screenshot, a URL is given to you to go on. However, often you don’t get such useful information! Most times you just notice a w3wp.exe process either taking up to much memory or using to many CPU cycles (or in some cases none at all), but there’s a vbscript solution for this!

The best part is that you don’t have to write a single line of VBScript code! It’s already been written for you my Microsoft! The only thing you need to do is be sure the applications have a different pool name from one another—which is always a good idea.At a command prompt you can run iisapp.vbs to get application pool information associated with a specific w3wp.exe process, like so:cscript c:\WINDOWS\system32\iisapp.vbsThis will return output similar to the following:

W3WP.exe PID: 17632   AppPoolId: Application-1
W3WP.exe PID: 17532   AppPoolId: Application-2
W3WP.exe PID: 5748   AppPoolId: Application-2
W3WP.exe PID: 14040   AppPoolId: Application-1

That’s it… easy as pie!

Jun 13 2008   2:18PM GMT

How to find a lost router password for most routers

Posted by: Jerry Lees
factory default, lost password, password, default passwords, routers, Networking, Security

In this installment, I thought I’d take a quick break from VBScript and give you a little networking information I stumbled upon.

Recently, at my current job site we had a situation where the client didn’t know the router password because a series of network administrators had left and the password was simply “lost in the shuffle”. Of course, you all know this is not a good situation to be in if you need to preform network maintenance or want to upgrade a portion of the network somehow.

Of course the only thing we could hope for was that the previous network administrators had NOT been security minded and left the router passwords blank, or that there had not been a console password configured… so started off with trying to figure out what the factory default passwords were for the particular router we were working with at the moment. In our search I found a really awesome resource, that will be invaluable if this ever happens to you here. This site has all the major player’s factory default router passwords in a database, simply select your manufacturer and click find password. Where you are then presented with the known factory default router passwords for specific models from the manufacturer! Awesomeness!

Well, as luck would have it, the last guy didn’t follow standard security practices and this site had the default router password we needed. We were able to get in and get the job done– and change the password when we were done. Plus, after such a scare, the client is sure to not let this happen again.

Now, we got lucky (and so did the client after years of service from the router with default passwords), but what if you need to get into a router and the password has been set to something other than default? Well, this situation is a bit harder– but not impossible. You need to see if you can get onto the console of the router, most major manufacturers have a mechanism for you to plug directly into a router with a serial cable and change settings. Hopefully, this will NOT have a console password– if it does try the defaults, just in case.

Once in, get a dump or output of the configuration. Then you will need to follow the manufacturers method to change the password. Should the console connection not have enough security to change the passwords– you may have to set the router to factory defaults. Be sure if you do this you have the configuration completely and you are prepared to rebuild it. I would not recommend you do this unless you have either done this before or you have 24/7/365 support and have the support folks on the phone while you do it.

Here is my recommendation (and I’ll probably get many security folks commenting differently) , but assuming the router is in a secured place, (a hall closet or the CEO’s office does not count) and locked away so only authorized people can get to it, I almost always leave no password on the console for cases just like this one I’ve mentioned.

Hopefully this helps someone out there and good luck!

Apr 7 2008   5:19PM GMT

Rant: Anyone else dislike those “enter the letters you see below” confirmation pages?

Posted by: Jerry Lees
Security, CAPTCHA

Ok, you guys know I try to at least stay on topic with respect to systems administration… but this time, as a systems administrator, I have to just share my complete frustration with a technology in use these days entirely to much, in my opinion.

That technology is the use of the automated images that are shown on pages that you have to enter the text shown in the image. I can never get them right the first time, but this one takes the cake!

 This has simply got to be the WORST one I have ever seen! I mean, I see gsp there– but what are those other letters? tun? tia? tian?tim? lun? I gave up.

Most sites do this so that scripters will not be able to write scripts that automatically post comments to discussion boards, like spam e-mails, with no real person actually doing the posting. It’s supposed to “verify your humanity”– however, you’ll have to take my word for it– I am human! If your reading this and you own a  site that does this to us or are considering it– please find a better way to protect us from the spam bots!

 Some other ways they do this is with multi colored text. And while I’m not color blind, they generally do it with reds, greens, and blues– three colors that are hard to see if you are color blind.

All this trouble simply because some yahoo thinks he’s going to get rich by posting comments and sending e-mails about prescription drugs, a stock tip, or some other stuff. (We’ve all seen them, so I don’t have to go into detail here. Thankfully.)

At any rate, thank you for listening… back to your regularly scheduled systems administration duties. If get a chance post a comment with your favorite experiences with this frustration, I’m sure we’d all love to read them!

Mar 24 2008   3:03PM GMT

Found discount: 50% off Kaspersky Antivirus Products

Posted by: Jerry Lees
Antivirus

I don’t normally think enough about a product to pass these things on, or the discount isn’t real enough to warrant my bugging you with the information– but I recently found a link to Kaspersky Anti-Virus Products where they are offering almost 50% off your entire purchase of their antivirus products.

Thier products are pretty good, offering both home and business Antivirus solutions, and they are inexpensive enough to warrant a look if your in the market for antivirus software.

As I understand it, the offer is until March 31st and you enter the code 50KMS into the cart on checkout and the cost of the order is cut in about half. That’s substantial. When I tried it, the code wasn’t needed it looked like it was already discounted through the link I found above when I compared the shown prices with the website’s prices.

 Essentially, it ended up being $39.95 for a year of their latest antivirus application and only $20 for their newest mobil security product for smartphones and PDAs.

If your in the market for antivirus software– or looking to upgrade your current version of their product you might check it out.

Mar 7 2008   10:22PM GMT

Eventlog search tool — Find quick help with windows event log entries

Posted by: Jerry Lees
DataCenter, Exchange, Networking, Security, Administration tools

While not VBScript related, I found this Microsoft Eventlog and Error Message Search a few days ago as I stumbled around looking for tools that I thought network administrators would need on my site that I’ve been toying with– I had to share the tool with you as well!

 The tool itself is an awesome resource, similar to EventID.net– except it’s FREE and it comes from Microsoft themselves providing links to Microosft content about the event entry or error message.

 You can search for any combination of the following:

Microsoft Product|
Version
Message ID
Event Source
File Name
Language

When you do it takes you to a search result page that lists the available results for your specific search, each seem to have not only an example of the message, but also an explanation of what the event means…. and the best part a section entitled User Action that gives a possible solution for the problem!

 Enjoy the tip!