Sophos Duplicate IDs

On August 23, 2011, in Uncategorized, by admin

I found my self in a large environment where someone decided to deploy an image with Sophos installed. This resulted in all the computers being seen as 1 single computer in the Sophos Enterprise Console.

This caused me to write the following scripts. sophosFindDuplicate.pl scan the IIS logs looking for duplicate GUIDs from computer. It will output the IPs of the machines. This command will let you remotely fix the machines.(Remeber to whitelist psexec in Sophos)

psexec @hosts.txt -u domain\user -p password -c batchfile.bat

sophosFixDuplicate.cmd

@echo off
net stop "Sophos Message Router"
net stop "Sophos Agent"
net stop "Sophos AutoUpdate Service"

echo y|del "C:\Program Files\Sophos\AutoUpdate\machine_ID.txt"
echo y|del "C:\ProgramData\Sophos\AutoUpdate\machine_ID.txt"

reg delete "HKLM\Software\Sophos\Messaging System\Router\Private" /v pkc /f
reg delete "HKLM\Software\Sophos\Messaging System\Router\Private" /v pkp /f

reg delete "HKLM\Software\Sophos\Remote Management System\ManagementAgent\Private" /v pkc /f
reg delete "HKLM\Software\Sophos\Remote Management System\ManagementAgent\Private" /v pkp /f

reg delete "HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private" /v pkc /f
reg delete "HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private" /v pkp /f

reg delete "HKLM\Software\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private" /v pkc /f
reg delete "HKLM\Software\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private" /v pkp /f

net start "Sophos Message Router"
net start "Sophos Agent"
net start "Sophos AutoUpdate Service"

sophosFindDuplicate.pl

#Stephen
#Check for Duplicates
use Data::Dumper;

$file = "\\\\sophos-c108-01\\W3SVC1\\u_ex110822.log";
my %hash = ();
my %hDup = ();

open FILE, $file or die $!;

while () {
  @data = ($_ =~ /(\b143\.55\.\d{1,3}\.\d{1,3}\b).*?(\b143\.55\.\d{1,3}\.\d{1,3}\b).*?(\{{0,1}[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\}{0,1})/);
	#print $data[0] . "\n";
	if ((exists $hash{$data[2]}) && ($hash{$data[2]} ne $data[1]))
	{
		if(not exists $hDup{$data[1]})
		{
			print $data[1] . "\n";
			$hDup{$data[1]} = $data[1];
		}
	}
	else
	{
		$hash{$data[2]} = $data[1];
	}
}

close(FILE);
0 Comments
Leave A Response

Tagged with:  

Windows 7 RDP Hack

On June 28, 2011, in Uncategorized, by admin

This hack is two fold. If you have Home or Home Premium which does not include RDP, this will let you remote into your computer. Also, if you want RDP to behave more like a real terminal server where you can have concurrent logons.

http://andrewblock.net/2010/02/23/enable-remote-desktop-on-windows-7-home-premium-64-32-bit

0 Comments
Leave A Response

Tagged with:  

Network Shares Migration Script

On January 25, 2011, in Uncategorized, by admin

Some times its just easier to use command line tools then using WMI. This simple script migrates out shared folder system into the new structure that is the teachers name with two folders underneath it.

migrate.vbs

Set fso = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

Set folder = fso.GetFolder("f:\shares\")
rcopy = "robocopy /e /zb /move /r:1 /w:1 "

For each folderIdx In folder.SubFolders
	objshell.run "net share " & folderIdx.Name & " \\servername /delete", 1 , true
	if instr(1,folderIdx.Name,"_drop",1) <> 0 then
		fteacher = replace(folderIdx.Name,"_drop","",1,-1,1)
		objshell.run rcopy & folderIdx.path & " f:\transportshare\" & fteacher & "_transport\DropBox\", 1, true
	elseif instr(1,folderIdx.Name,"_ffs",1) <> 0 then
		fteacher = replace(folderIdx.Name,"_ffs","",1,-1,1)
		objshell.run rcopy & folderIdx.path & " f:\transportshare\" & fteacher & "_transport\FFS\", 1, true
	end if
Next
0 Comments
Leave A Response

Tagged with:  

Group Policy RSSSAVER

On November 30, 2010, in Scripts, by admin

I was testing rsssaver to deploy enterprise wide to have an information screen saver. In my testing rsssaver looks the best but does not work with Windows 7 and does not support multiple screens. I have not found a good replacement, but here is the GPO policy file that I used to centrally manage the configuration.

RSSSAVER.ADM

CLASS USER
CATEGORY Software
  POLICY rsssaver
  KEYNAME Software\rsssaver
    PART URLs EDITTEXT
    VALUENAME "URLs"
    END PART
    PART TTL EDITTEXT
    VALUENAME "TTL"
    END PART
    PART Color1 EDITTEXT
    VALUENAME "Color1"
    END PART
    PART Color2 EDITTEXT
    VALUENAME "Color2"
    END PART
    PART MipMap EDITTEXT
    VALUENAME "MipMap"
    END PART
  END POLICY
END CATEGORY
0 Comments
Leave A Response

Tagged with:  

Fix Duplicate WSUS Ids

On November 12, 2010, in Scripts, by admin

If you have an environment that that does not use SYSPREP you have a good chance that you will have duplicate WSUS IDs on your network and alot of system not patching properly.

These pair of scripts will query your WSUS DB and if the computer name does not match the WSUS id in the database it will reset the WSUS ID on the workstation.

wsusclientid.asp -> install on WSUS server

<%
susid = Request.QueryString("susid")
suscname = Request.QueryString("suscname")
connstring = "Driver={SQL Native Client};Server=localhost;Database=SUSDB;UID=wsusid;PWD=DBPASSWORD"
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = connstring
objConn.Open

Set rs = objConn.execute ("select COUNT(ComputerTargetId) AS records from PUBLIC_VIEWS.vComputerTarget where (ComputerTargetID = '" & susid & "' and Name Like '" & suscname & "%');")

response.write rs("records")

rs.close

%>

susCLientID.vbs -> run as Startup Script

'stephen

'Check and correct duplicate sus client ids on the network

'this has a sister script on the wsus server to talk to.

'get susclientid

Set objRegistry = CreateObject("Wscript.shell")

Set WshNetwork = WScript.CreateObject("WScript.Network")

set oxmlhttp=createobject("msxml2.xmlhttp")

suscname = WshNetwork.ComputerName

susclientid = objRegistry.RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientID")

oxmlhttp.open "GET", "http://wsus.SERVER.local/wsusclientid.asp?susid=" & susclientid & "&suscname=" & suscname, false

oxmlhttp.send ""

response = oxmlhttp.responseText

if (response = 0 ) then

 objRegistry.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientID"

 objRegistry.regdelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SusClientIdValidation"

 WScript.Sleep 10000

 objRegistry.run "net stop wuauserv"

 WScript.Sleep 10000

 objRegistry.run "net start wuauserv"

 WScript.Sleep 10000

 objRegistry.run "wuauclt /resetauthorization /detectnow"

 WScript.Sleep 10000
 objRegistry.run "wuauclt /r /reportnow"
 WScript.Sleep 10000
end if
0 Comments
Leave A Response

Tagged with:  

Crash Analyzer

On July 3, 2010, in Uncategorized, by admin 
Do post-mordum analysis on minidumps easily with whocrashedSetup.exe
0 Comments
Leave A Response

Tagged with:  

Windows 7 USB/CD Builder

On April 18, 2010, in Uncategorized, by admin

Microsoft USB/CD Builder, a nice easy way to make USB bootable Windows 7 drive.

http://store.microsoft.com/Help/ISO-Tool

0 Comments
Leave A Response

Tagged with:  

Internet Explorer Add-On List

On March 24, 2010, in Uncategorized, by admin

You you are going to implemend IE’s add-on list control here is a good place to start of allowed CLSID’s

http://support.microsoft.com/default.aspx?scid=kb;en-us;555235

0 Comments
Leave A Response

Tagged with:  

Utility CD Builders

On March 22, 2010, in Uncategorized, by admin 
PEBuilder - Windows Bootable disk good for diagnostics.
nLite - Windows Custom Installation Builder, slipstream drivers and Applications.
0 Comments
Leave A Response

Tagged with:  

Knowledgetree Document Management System on a WHS

On February 17, 2010, in Uncategorized, by admin

I setup Knowledgetree on my WHS because I didn’t like other options and it was free. I didnt want to use the canned installation because I didn’t want Apache and openoffice running in the background taking up my ram.

KT = Knowledgetree
WHS = Windows Home Server

  1. Setup a shared directory for kt with duplication, in my example I am going to use DMS you can use DMS$ if you want it hidden from browsing
    1. Add the users that are going to use KT
  2. Install the WHS PHP Extension
    1. http://www.mediasmartserver.net/downloads/add-ins/WHSPHP_1.0.4.zip
  3. Install WHS MySql Extension
    1. http://www.mediasmartserver.net/downloads/add-ins/MySqlInstallerForWHS_0.0.8.zip
    2. Change your mysql root password at http://localhost/pma
  4. Enable curl in php.ini
    1. Edit c:\php5\php.ini and add extension=php_curl.dll under the other extensions
  5. Install SUN Java 1.6
    1. http://www.java.com/en/download/manual.jsp
  6. Download the KT Source Code its about 60mb, the Windows version.
    1. http://www.knowledgetree.com/products/opensource/downloadopensource
  7. Extract KT to d:\dms
    1. Add full rights for the “Windows Home Server Users” group to d:\dms
  8. Create a virtual directory under the default website in IIS called DMS and using d:\dms as the document root
    1. Disable anonymous authentication and enabled basic authentication
  9. Run the KT setup at http://localhost/dms
  10. Setup the httpsso for single sign-on to your whs users.
    1. http://forge.knowledgetree.com/gf/project/httpsso/
    2. you must first manually make the matching user in KT first.
  11.  Scheduled Tasks 
    1.  ktscheduler – runs internal tasks
      1. Run: c:\php5\php.exe d:\dms\bin\scheduler.php
      2. Start in: d:\dms\bin
      3. Run As: NT AUTHORITY\SYSTEM
      4. Run every 15 minutes for 24 hours
    2. ktlucene
      1. Run: “C:\Program Files\Java\jre6\bin\java.exe” -jar D:\DMS\bin\luceneserver\ktlucene.jar
      2. Start in: D:\DMS\bin\luceneserver
      3. Run As: NT AUTHORITY\SYSTEM 
      4. Run at system startup
      5. Uncheck the stop the task if it runs for 72 hours
    3. ktDbBackup
      1. Run: C:\php5\php.exe d:\dms\ktdbbackup.php
      2. Start In: d:\dms
      3. Run As: Administrator (needs network access for backups)
      4. Run every 12 hours for 24 hours

    
#stephen
#www.stephenjc.com
#kt backup for whs
#dump sql backup of kt to document root
#dump a quick csv to help convert files back to their original names

#ktconfig
$ktconfig = parse_ini_file("config/config.ini");

$mysqlLink = mysql_connect($ktconfig["dbHost"],$ktconfig["dbUser"],$ktconfig["dbPass"]);
if (!$mysqlLink) {
    echo "Unable to connect to DB: " . mysql_error();
    exit;
}
if (!mysql_select_db($ktconfig["dbName"])) {
    echo "Unable to select mydbname: " . mysql_error();
    exit;
}

#get document location from db

$sql = 'SELECT * FROM `config_settings` WHERE item = \'documentRoot\'';
$result = mysql_query($sql);
if (!$result) {
    echo "Could not successfully run query ($sql) from DB: " . mysql_error();
    exit;
}
if (mysql_num_rows($result) == 0) {
    echo "No rows found, nothing to print so am exiting";
    exit;
}
$row = mysql_fetch_assoc($result);
$docHome = $row["value"];

#dump database to document root
system('mysqldump --user ' . $ktconfig["dbAdminUser"] . ' --password=' . $ktconfig["dbAdminPass"] . ' ' . $ktconfig["dbName"] . ' >' . $docHome . '\ktdbbackup.sql');

#create csv to restore original documents just in case
$sql = 'select * from documents, document_content_version, users where documents.status_id = 1 and document_content_version.document_id = documents.id and documents.creator_id = users.id';
$result = mysql_query($sql);
if (!$result) {
    echo "Could not successfully run query ($sql) from DB: " . mysql_error();
    exit;
}
if (mysql_num_rows($result) == 0) {
    echo "No rows found, nothing to print so am exiting";
    exit;
}

$mycsvBackup = $docHome . "\ktbackup.csv";
$fh = fopen($mycsvBackup, 'w');
fwrite($fh,"Original_Name,KT_StoragePath,Owner,md5hash\n");
while ($row = mysql_fetch_assoc($result)) {
    fwrite($fh,$row["filename"] . "," . $row["storage_path"] . "," . $row["username"] . "," . $row["md5hash"] . " \n");
}
fclose($fh);

?>
    4 Comments
    Leave A Response

    Tagged with:  
    Previous Entries