Tuesday, December 4, 2012

Remotely Log Off Remote Desktop Users


I frequently use Remote Desktop to access various PCs here at work and nothing annoys me more than seeing this message box:

This is caused when “The terminal server has exceeded the maximum number of allowed connections.”, right? Basically, this happens because Windows by default only allows two simultaneous terminal services connections to the same machine. If you see this message, then there is already that number of people logged in, and you cannot connect until one of the sessions logs off.

Usually what happens is that people don’t explicitly log out of machines when they disconnect from remote desktop which causes their “rogue” sessions to remain active. You could just nicely ask everyone if they would please “log off” before disconnecting their sessions, but is there something else we can do?

To perform the commands I am about to show you, you need to be an administrator on the target machine. If you aren’t you can’t perform these commands. However, in most development and test environments, hopefully this won’t be an issue.

How to query for users on a machine

First, how can we query to find out what users have a session on a remote machine? Windows provides the qwinsta.exe command which we can use to query for the sessions that are running The format is as follows:

qwinsta /server:<serverName>

Here is an example running this command against one of my local machines. Notice it shows the username, state, and the ID of the session.
You can also use quser.exe:
quser /server:<serverName>
Here is the same example above but notice it also when they logged in and how long they were idle.
How to log a user off of a machine
Now that we know what users are on a machine, how can we force one to disconnect? Again, there is a handy little command called logoff.exe that we can use to force a user to log off of a machine based off of their session ID. The format is as follows:
logoff <sessionId> /server:<serverName>
Here is an example running this command against one of my local machines. Notice that I used the session ID that I found from the quser.exe command above.

Warning: If you remotely log off a user, their log session goes away which could mean that the unsaved data is lost, or if the user is in the middle of an activity, they may come down to your office to chew you out.


Monday, December 3, 2012

Event 1096 The processing of Group Policy failed.

 

I came across this issue and I think it's worth mentioning it here.

There was the desktop which was not getting any domain machine policy. Looking at the GPRESULT policy event, it has a lot of Event ID 1096 errors "The processing of Group Policy failed. Windows could not apply the registry-based policy settings for group policy object LocalGPO."

When you do a "gpupdate /force", you see errors like these:

"Computer policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy
bject LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for mor
information on the file name and path that caused the failure."

So, it turned out that the domain policy cannot be processed due to a problem with the local policy. To fix this problem, the local policy file will have to be removed. There is this registry.pol file located at:
c:\Windows\System32\GroupPolicy\Machine. Rename this file to .bak or whatever and refresh the policy with a gpupdate /force. The problem will go away. The policy file could have been corrupted.

Source: http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/ccf3b6ef-1321-46bc-95ae-03e534b5ae5c/

Monday, November 26, 2012

How to view installed programs on remote machine.

How to view installed programs on remote machine and export to text file in C drive - You can use WMI from powershell:


1. Run Windows PowerShell as Administrator

2.  Copy and paste below command

gwmi win32_product -ComputerName NameOfYourPC >c:\ViewSoftwares.txt

3. After few minutes go to your C:\ drive and look for ViewSoftwares.txt file to see what programs has been installed for the computer NameOfYourPC.

Tuesday, November 20, 2012

Using PsExec to deploy silent MSI program to 1 or multiple client

1. Download PsExec from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx or just Google for "Download psexec"

2. Exact to your C:\PsExec  folder  - Create the folder if you don't have

3. Open command prompt with administrator privilege ( locate your CMD and right click and select run as Administrator"

4. change the directory to your PsExec folder (where you extracted the PsExec files) by typing in the command """"cd c:\PsExec""" and hit Enter

5. Now put your Program.msi file into a network shared and please make sure you have full access to that folder.

6. type this in CMD *****  psexec \\192.168.1.5 -u "domain\administrator" -p "Password" cmd /c "msiexec.exe /I \\networkshared\folder\Program.msi /quiet /norestart"     *****  then hit enter

7. Below is the syntax is used to install to COMPUTERNAME instead of IP Address, when you get the error code 0. That is completed status.

8. To install 1 program into multiple workstations, just create  computerlist.txt file and add all the computer names or IP Addresses as you wish in there and save it to the C:\PsExec folder.
                    . Then you would use the \\computerlist.txt  syntax instead of a single computername or  IP Address.             

9. Please modify the syntaxes to fit your needs, if you have any question I am here to help so send me an email if need be at joevanynguyen@gmail.com

Friday, November 16, 2012

How to scan domain servers/desktops and pipe to a .cvs file


Copy below script into notepad and save as ScanServersDesktops.vbs file, this will scan the domain servers/desktops or both and result will be in C;\ComputerReport.csv

 

 

====================================================================================

Option Explicit

 

                Call MainScript

 

WScript.Echo "Changes complete. Check the report on C: Drive"

 

Sub MainScript

' Version 1.0

' Amended by Krystian Karia

' Dated 18-Feb-2009

 

' Script that gets all the computer names

' and their DistinguishedNames from AD.

' All results are put to a csv file

 

                On Error Resume Next

 

 

                Dim objFSO, objReport

                Dim strReportFile

                Dim strHeader, strMsg

                Dim strComputer

                Dim iSelectedOption

                Dim arrComputers

 

                Const ForWriting = 2

 

' Create needed objects

                Set objFSO = CreateObject("Scripting.FileSystemObject")

 

' Initialize variables

                strHeader = "ComputerName,DistinguishedName"

                strReportFile = "c:\ComputerReport.csv"

 

' Open the report

                Set objReport = objFSO.OpenTextFile(strReportFile, ForWriting, True)

 

' Enter the header

                objReport.WriteLine strHeader

 

 

' Ask where to get our machine list from

                                strMsg = strMsg & "Select an option by entering a number only!" & vbNewLine & vbNewLine

                                strMsg = strMsg & "1 - Servers Only (From AD)" & vbNewLine

                                strMsg = strMsg & "2 - Desktops Only (From AD)" & vbNewLine

                                strMsg = strMsg & "3 - All Machines (From AD)" & vbNewLine & vbNewLine

 

                iSelectedOption = InputBox(strMsg, "Select an Option", "1")

                               

                                Select Case Trim(iSelectedOption)

                                                Case "1"

                                                                arrComputers = GetObjectArrayFromAD("Servers", "")

 

                                                Case "2"

                                                                arrComputers = GetObjectArrayFromAD("Desktops", "")

                                                               

                                                Case "3"

                                                                arrComputers = GetObjectArrayFromAD("AllMachines", "")

                                                               

                                                Case Else

                                                                WScript.Echo "An invalid option was made or you cancelled"

                                                                WScript.Quit

                                End Select

 

' Loop each computer

                For Each strComputer In arrComputers

                                If strComputer = "" Then

                                                Exit For

                                End If

 

                                objReport.WriteLine strComputer

 

                Next

 

                objReport.Close

 

End Sub

 

 

 

 

 

Private Function GetObjectArrayFromAD(sArgComputerType, sArgDCName)

' Version 1.0

' ~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~

 

'               Function Written by Krystian Karia

 

'               Description:        Function that searches AD based on the criteria

'                                                                               that you pass to it and returns an Array

 

'               Use:                                       Pass the Machine Type and optional Domain Controller ServerName

 

'               Example:                             arrMyComputerArray = GetObjectArrayFromAD("servers" | "desktops" | "allmachines" ["dcservername"])

 

'               Returns:                               An array of all required computer objects found

 

'               Version:                               Version 1.0                         Created on 06-08-2007

 

' ~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~¬~

 

                On Error Resume Next

               

                Dim oRoot

                Dim strBase, strFilter, strCriteria, strLevel

                Dim adoConnection, adoCommand, adoRecordset

                Dim strQuery, strContents

                Dim arrResults

                Dim i

 

 

' Get the Domain you are currently in

                Set oRoot = GetObject("LDAP://rootDSE")

                                strBase = oRoot.Get("defaultNamingContext")

                               

                                                If Err.Number<> 0 Then

                                                                WScript.Echo "Unable to get the current domain name - Is the machine this script ran on a part of one?" _

                                                                                & VbCrLf & "Error: " & Err.Number _

                                                                                & VbCrLf & Err.Source _

                                                                                & VbCrLf & Err.Description

                                                                Err.Clear

                                                                GetObjectArrayFromAD = False

                                                End If

 

' Build the Filter string according to our computer type request

                Select Case UCase(sArgComputerType)

                                Case "SERVERS"

                                                strFilter = "(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(operatingSystem=*Server*))))"

                               

                                Case "DESKTOPS"

                                                strFilter = "(&(&(sAMAccountType=805306369)(objectCategory=computer)(!operatingSystem=*Server*)))"

 

                                Case "ALLMACHINES"

                                                strFilter = "(&(&(&(sAMAccountType=805306369)(objectCategory=computer)(samAccountName=*))))"

 

                                Case Else

                                                Exit Function

                End Select

 

' Set our Attribute Criteria and Search Level

                                strCriteria = "sAMAccountName,distinguishedName"

                                strLevel = "SubTree"

 

' Build our complete query string using the DC Server Name if passed

                If sArgDCName <> "" Then

                                strQuery = "<LDAP://" & sArgDCName & "/" & strBase & ">;" & strFilter & ";" & strCriteria & ";" & strLevel

                Else

                                strQuery = "<LDAP://" & strBase & ">;" & strFilter & ";" & strCriteria & ";" & strLevel

                End If

 

' Set up the connection to Active Directory using ADO

                Set adoConnection = CreateObject("ADODB.Connection")

                Set adoCommand = CreateObject("ADODB.Command")

 

                                adoConnection.Provider = "ADsDSOObject"

                                adoConnection.Open = "Active Directory Provider"

                                adoConnection.Cursorlocation = 3

 

                Set adoCommand.ActiveConnection = adoConnection

 

                                                If Err.Number <> 0 Then

                                                                WScript.Echo "Unable to open a connection to Active Directory" _

                                                                                & VbCrLf & "Error: " & Err.Number _

                                                                                & VbCrLf & Err.Source _

                                                                                & VbCrLf & Err.Description

                                                                Err.Clear

                                                                GetObjectArrayFromAD = False

                                                End If

 

                                adoCommand.CommandText = strQuery

                                adoCommand.Properties("Page Size") = 1000

                                adoCommand.Properties("Timeout") = 30

                                adoCommand.Properties("Cache Results") = False

 

' Get the recordset results of the query to Active Directory

                Set adoRecordset = adoCommand.Execute

                                adoRecordset.Sort = "distinguishedName"

 

                                                If Err.Number <> 0 Then

                                                                WScript.Echo "An error occured executing the recordset" _

                                                                                & VbCrLf & "Error: " & Err.Number _

                                                                                & VbCrLf & Err.Source _

                                                                                & VbCrLf & Err.Description

                                                                Err.Clear

                                                                GetObjectArrayFromAD = False

                                                End If

 

 

' Loop all the records that were found

                                Do Until adoRecordset.EOF = True

 

'                                               For i = 0 To adoRecordset.Fields.Count - 1

 

                                                                If NOT IsNull(adoRecordset.Fields("sAMAccountName").Value) Then ' Remove $ symbol from end of machines

                                                                                strContents = strContents & Left(adoRecordset.Fields("sAMAccountName").Value, Len(adoRecordset.Fields("sAMAccountName").Value) - 1) & ","

                                                                End If

                                                                               

                                                                strContents = strContents & Chr(34) & adoRecordset.Fields("distinguishedName").Value & Chr(34) & vbNewLine

 

'                                               Next

                                                adoRecordset.MoveNext

                                Loop

 

' Close the Recordset and clear the variables

                                adoConnection.Close

 

                Set adoRecordset = Nothing

                Set adoCommand = Nothing

                Set adoConnection = Nothing

 

' Check the contents of the list is not empty

                                If Trim(strContents) <> "" Then

                                                arrResults = Split(strContents, vbNewLine)          ' Create an array of the list

                                                                strContents = ""                                                                                               ' Clear the variable as not needed anymore

                                               

                                                Err.Clear

                                                GetObjectArrayFromAD = arrResults

                                Else

                                                Err.Clear

                                                GetObjectArrayFromAD = False

                                End If

 

End Function 'GetObjectArrayFromAD

 

=====================================================================================