November 2007 - Posts
OK, I am back blogging after a short Thanksgiving break. I didn’t go nowhere though. I was “On Duty” working at home. I didn’t eat turkey either as I am enjoy reading The China Study: The Most Comprehensive Study of Nutrition Ever Conducted and the Startling Implications for Diet, Weight Loss and Long-term Health and trying to embark on a journey to eat only plant food for life. I realized that this is going to a very difficult journey so I give myself sometime to think this through. As I don’t want to do yo-yo. 
Other than that, I watched Planet Earth - The Complete BBC Series using my newly acquired Dell Inspiron 1520 – equipped among everything else with 256MB NVIDIA® GeForce™ 8600M GT, running Vista Ultimate. What I can say, the screen results is amazing!
OK, enough said about my Thanksgiving Dairy and time to get back to work!
In case you haven’t heard, the new version of Windows PowerShell — Version 2.0, CTP is now available for early “adopters”.
I just spent about 20 minutes to get it installed on my new Vista Laptop, here is a couple of points worth to mention:
Windows PowerShell 1.0 and Windows PowerShell 2.0 Community Technology Preview (CTP) cannot run on the same computer. You must un-install Windows PowerShell 1.0 before installing the version 2.0 CTP; It requires Microsoft .NET Framework Version 2.0 which is part of Vista OS; if you need the Graphical PowerShell feature or the Out-GridView cmdlet, you will also need Microsoft .NET Framework Version 3.0 which is again part of Vista but you will need to use the “Turn Windows Features On Or Off” in control panel to turn it on. It also requires WS-Management v1.1 which I have yet to find it’s “vista” version. This is why I get a warning:“Windows PowerShell(TM)v2(CTP)remoting features may not work correctly in this version of the Operating System.”
Other than that I have to say the install itself is pretty smooth.
Just do get-process |out-gridview and you will like what you see. Another cool new feature is Graphical PowerShell(early alpha version)You can use it to compose and test run your scripts. It has the potential or intent to become “PowerShell Studio” down the road.
Of course PowerShell Remoting is the added feature but I have yet to test it out on Vista.
Happy Holidays
Here is a VB script to check file size and modified date aginist a list of files on a list of servers.
On Error Resume Next
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set InputFileX = oFSO.OpenTextFile("C:\Temp\MachineList.Txt")
Do While Not (InputFileX.atEndOfStream)
strComputer = InputFileX.ReadLine
Wscript.Echo strComputer
CheckFile
Loop
'************************************************************************************************
Function CheckFile
Set InputFileY = oFSO.OpenTextFile("C:\Temp\FileList.Txt")
Do While Not (InputFileY.atEndOfStream)
FileName = InputFileY.ReadLine
Wscript.Echo FileName
Set TargetFile = OFSO.GetFile(Filename)
Modifieddate = TargetFile.DateLastModified
Wscript.Echo Modifieddate
FileSize = TargetFile.Size
Wscript.Echo FileSize & " Bytes"
Loop
End Function
One of the ground breaking features introduced in windows 2008 is Server core - it's a Windows OS without GUI. You need to use a command prompt or scripting techniques to manage the server. The server core installation is available with Standard, enterprise and Datacenter versions and is available on x86 and x64 platforms.
The Server Core installation option provides you with the choice of installing windows Server 2008 with the only required services and applications. This option provides base server functionality without extra overhead. and minimize attack surface on the server
Server Core is designed for organizations that require servers to perform dedicated tasks and at the mean time permit only a minimal attack surface on the server. Here are some of the pros and cons for the server core:
Pros:
Less overhead and less attack surface
Cons:
Doesn't support all server roles and as of this writting, the following server roles are supported:
File server
Print server
Domain controller
DNS
DHCP
WINS
Doesn't support .NET Framework
Do not support upgrade from previous version of Server OS
Can not change from server Core to standard version of Windows Server 2008 without rebuild
Requires familiarity with command line and scripting
Here are some of the initial configuration tasks
Setting Administrator Password
Net user administrator *
The asterisk, at the end of the command, prompts you to enter the password rather than entering the password as part of the command.
Setting the IP Address for the server using the Netsh command
Netsh interface ipv4 set address name = "2" source = 192.168.1.10 mask=255.255.255.0 gateway=192.168.1.1
Configure Computer Name and domain Membership
Netdom renamecomutercomputername /newname:new_computername
netdom join comutername /domain: domain name /userD:username /PasswordD: *
Activating the server and Enabling the firewall
SCRegEdit.wsf is a customized VB script for Server Core. This VB script can perform multiple configuration tasks. One such task is to allow administrators to activate the server without using a GUI. You can also use this script to perform Windows Update, configure a pagefile, configure time zones, and enable Remote Desktop.
You can enable and configure windows Firewall by using the Netsh command
Netsh Firewall set opmode enable
Adding Server Roles and Features
You can add or remove all server roles and features, except the domain controller role, by using the OcSetup.exe command
start /w ocsetup DNS-Server-Core-Role (install and start DNS Server Role)
The File Server role is installed by default to provide administrative share support for management tools
You can determine the names and installation status of the available roles by using the oclist.exe command
Here is a VB script to check and verify the McAfee On Access Scan Exclusions on multiple machines and write the results to txt files.
I am doing VB script because my current job(production) environment don’t have PowerShell installed yet. But I have to say this is not a very pleasant experience after I already used to the PowerShell way of thinking. Just look at how “complicated” to write the output to a txt file in VB script, In PowerShell I could accomplish the same task in a line or two.
'On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
Const ForWriting = 2
const ForAppending = 8
Const OpenAsASCII = 0
Const CreateIfNotExist = True
'Read machine names from a txt file
Set ObjFso = CreateObject("Scripting.FileSystemObject")
Set InputFile = Objfso.OpenTextFile("MachineList.Txt")
Do While Not (InputFile.atEndOfStream)
strComputer = InputFile.ReadLine
GetRegInfo
Loop
'*********************************************************************************************************
'Get information from Registry
Sub GetRegInfo
Set oReg=GetObject( _
"winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Network Associates\TVD\shared Components\On Access Scanner\McShield\Configuration\"
‘Enumerate the SubKeys here
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
For Each subkey In arrSubKeys
strKeyPath = "SOFTWARE\Network Associates\TVD\shared Components\On Access Scanner\McShield\Configuration\" & subkey
Exclusions = strKeyPath & VBcrlf
‘Enumerate the Keys and identify the ExcludedItem_* key and get it’s value and put them in Exclusions variable
oReg.EnumValues HKEY_LOCAL_MACHINE, strkeyPath, arrValuenames
For i=0 To UBound(arrValueNames)
if Left(arrValueNames(i), 12) = "ExcludedItem" Then
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,arrValueNames(i),strValue
Exclusions = Exclusions & (right(strValue,(Len(strValue)-5))) & VBcrlf
End If
Next
'wscript.Echo Exclusions
strFilePath = "c:\Temp\" & strcomputer & ".txt"
' Open the file for write access.
Set objFile = objFSO.OpenTextFile(strFilePath, _
ForAppending,CreateIfNotExist, OpenAsASCII)
' Write to file.
objFile.WriteLine Exclusions
objFile.Close
Next
End Sub
In Windows Server 2008, a server role describes the primary function of the server. Administrators may choose to dedicate an entire server to one role or to install multiple server roles on a single server. For example, the DHCP adn DNS roles could be installed together on one server
A Server features provide supporting functions to servers. You can add features to improve the functionality of installed roles and not as the primary function of the server. For example, failover clustering is a feature thta is installed after specific roles, such as file server. This is done to make the File Server role redundant.
There are ~20 server roles in Windows 2008:
Active Directory Domain Services
Active Directory Federation Services
DHCP Server
Web Server (IIS)
.
.
.
There are ~30 features avaliable in Windows Server 2008:
Background Intelligent Transfer Services(BITS)
Windows BitLocker Drive Encryption
Microsoft Message Quering (MSMQ) Services
Storage Manager for Storage Area Networks (SANs)
.
.
.
You can use Server Manager to configure server roles/features.