We’ve moved!!!

Ok, so I’ve grown tired of the things I cannot do using WordPress’ free hosting, so I am moving to a new host!

Find this blog now at www.laoae.com

Hope to see you at the new page!

December 21, 2008 Posted by Just Joe | Uncategorized | | No Comments Yet

Digital Locksmith: Resetting the Directory Services Restore Mode password on Windows Server 2003

Do you have a friend that you call when you have some totally off the wall question about IT related stuff? Well I am that friend for most of the people that I know for some odd reason, and some of the questions I get are doozies.

For instance I get this call yesterday afternoon:

Friend in need: “Hey man how’s it going?”

Me: “Not bad, working on getting our new accounting software set up, Go Live is next Monday, so I just want to make sure everything is right, you know.”

Friend in need: “Cool, hey do you know how to reset the Directory Services Restore Mode password on a WS2003 box?”

Me: Wait, what?

Not your everyday run of the mill question. This is an interesting type of problem, where you need thing A to get thing B, but cannot get thing A without already having thing B, or what I like to call “The Bill and Ted Conundrum” (excerpt from Bill and Ted’s Excellent Adventure):

Bill: Ted, while I agree that, in time, our band will be most triumphant, the truth is, Wyld Stallyns will never be a super band until we have Eddie Van Halen on guitar.
Ted: Yes, Bill, but, I do not believe we will get Eddie Van Halen until we have a triumphant video.
Bill: Ted, it’s pointless to have a triumphant video before we even have decent instruments.
Ted: Well, how can we have decent instruments when we don’t really even know how to play?
Bill: That is why we NEED Eddie Van Halen!
Ted: And THAT is why we need a triumphant video.

The Directory Services Restore Mode (DSRM) password is somewhat of a last ditch safe guard put in place by Microsoft to protect Active Directory. Without the DSRM password, you cannot restore Active Directory. This prevents attackers from creating a new Active Directory and then restoring it over your Active Directory, thereby completely pwning your network.

But what if you need to restore Active Directory, and do not have the DSRM password? Like if the SysAdmin who built AD originally did not document it and then left the company? Now we are in The Bill and Ted Conundrum: you need the DSRM password to restore AD, but you don’t have the DSRM password.

Luckily for us, Microsoft has their own version of Rufus with his time travelling Phone Booth for WS2003; the NT Directory Services Utility (Ntdsutil.exe).

To reset the DSRM password in Windows Server 2003 using Ntdsutil.exe:

1. Log on to the domain controller using an account with administrative rights.
2. Go to Start>Run and type: cmd {ENTER}.
3. At the command prompt, type: cd %SystemRoot%\System32 {ENTER}.
4. Type: ntdsutil.exe {ENTER}
5. Type: set dsrm password {ENTER}
6. Type: reset password on server null {ENTER}
7. Enter the new password when prompted.
8. Confirm the new password when prompted.
9. At the DSRM command prompt, type: q (to exit) {ENTER}
10. At the Ntdsutil command prompt, type: q (to exit the utility and return to the command prompt) {ENTER}

Now that the DSRM password is changed to something you know, write it down this time. In the immortal words of The Great Ones: Bill, Ted: EXCELLENT! (cue air guitar)

November 26, 2008 Posted by Just Joe | Ask an IT ninja!!!, Digital Locksmith | | No Comments Yet

Banish Windows Notepad: Replacing Notepad with Notepad++

It’s no secret around these parts that I hate Windows Notepad. It hasn’t been updated (in any useful way) since Windows 95, and is just plain inadequate for most tasks I need a text editor for. Up to this point I have been content to simply never use it, however as I am finding myself working with text files more and more these days, I would like to completely replace it.

Now obviously I am a big proponent of Notepad++, and this would be my ideal replacement for notepad.exe and luckily for me, there is a launcher made specifically for this. Before we begin, we will need to download the following files:

1. The current Notepad++ install package from here.
2. The current Notepad++ launcher from here.

Once we have these files, we can begin the process:

1. Install Notepad++.
2. Unzip the Notepad++ launcher, and have it ready to be copied (we will need to put this in a couple different directories.
3. Turn off hide invisible files in Tools->Folder Options->View.

Now at this point it is pertinent to mention that there are several methods that may work for preplacing Notepad, you may need to try each one until you find the one that works for your OS version (Method 1 worked for me on one XP sp2 install, but I had to use Method 2 on another.

Method 1

1. Go to %windir%\system32\Restore
2. Select filelist.xml and right click->Properties and uncheck Read-only
3. Edit the file, adding:

<REC>%windir%\notepad.exe</REC>

to:

<Exclude>
<REC>%windir%\system.ini</REC>
<REC>%windir%\tasks\desktop.ini</REC>
<REC>%windir%\win.ini</REC>
<REC>*:\AUTOEXEC.BAT</REC>
<REC>*:\CONFIG.MSI</REC>
<REC>*:\CONFIG.SYS</REC>
</Exclude>


4. Copy the Notepad++ launcher to %windir%\system32, replacing notepad.exe there with the Notepad++ launcher.
5. If this worked, you should now be able to open a Run dialog, and type: notepad {ENTER}, which will launch Notepad++.

Method 2

1. Copy the Notepad ++ launcher to %windir%\system32\dllcache
2. Copy the Notepad ++ launcher to %windir%\system32
3. A dialog will pop up hit cancel.
4. If this worked, you should now be able to open a Run dialog, and type: notepad {ENTER}, which will launch Notepad++.

Method 3

1. Copy the Notepad ++ launcher to %windir%\servicepackfiles\i386
2. Copy the Notepad ++ launcher to %windir%\system32\dllcache
3. Copy the Notepad ++ launcher to %windir%\system32
4. Copy the Notepad ++ launcher to %windir%
5. When you replace notepad.exe in %windir% and %windir%\system32, a “Windows File Protection” message box appears, click Cancel. Then another message box appears, click OK.
6. If this worked, you should now be able to open a Run dialog, and type: notepad {ENTER}, which will launch Notepad++.

Now, enjoy the goodness that comes from having a real text editor as your default text editor.

November 25, 2008 Posted by Just Joe | Admin's Arsenal, Ask an IT ninja!!! | | No Comments Yet

Bringing awareness to AITO Syndrome.

If you work in IT I can guarantee you have run into AITO Syndrome, as it seems to effect an alarming number of people. AITO (Assumed IT Omnipotence Syndrome) is a very serious (and in some extreme cases life threatening) affliction which causes those afflicted with it to assume that anyone that works in IT knows everything about every computer related thing ever made, often including anything with a power cord.

Together, I believe we can stop AITO Syndrome, there are many warning signs, including:

• Conversations starting with “Do you know that one program that does…. I was wondering how I can change setting XYZ to make it do ABC better, you know, like on that one movie.”
• Calls from employees that go something like “Hey I installed program XYZ, how do I configure it?”
• Being asked to load up “that program we got a while back to do XYZ, on the new servers” which turns out to be stored on some 5″ floppy disks in the company fire safe.
• Conversations that start out with or contain any of the following phrases occur regularly, and these terms are used incorrectly: hackers, virus, Trojan, the Internet is down, email is broken, the network is down, crack (as in “can’t you just crack this password”, or “well I forgot the license code, so just crack it”)
• Or maybe (and this one is tricky, because you will have to hear it more than once to realize that it is an indicator of AITO Syndrome) “So I have this music DVD, and I want to transfer just the audio to my iPod because…”

If you know someone who suffers from AITO (or are a victim of this terrible affliction yourself), please have them read this carefully:

I am not God. I cannot make things happen that are physically impossible. I am not “The One”, I do not see the world in Matrix code. I cannot load a program written in 1985 on to a server with an OS made in 2000-anything, as the hardware interface for that program likely does not exist anymore.

Yes I can do some things with technology that may to the uninitiated appear to be magic, but they are not in fact magic. Please do not mistake this for Omnipotence. I have worked very hard to attain the technology skills I have, but I cannot know everything.

I do not use every kind of computer known to man (nor have I), so the chances of me being able to pull an answer to your obscure Apple IIe question off the top of my head are slim to none. I cannot possibly have used (or in most cases have even heard of) all of the available software packages that were released this month, let alone 5 years ago.

The software packages I do know enough about to answer those kinds of questions intelligently are all packages that relate to doing my job, so you will most likely have absolutely no use for them, let alone have heard of them.

My ability to understand computers, and servers, and the software that runs on them is the direct result of many years of hard work and diligent study on my part, which I cannot impart to you in a 5 minute conversation.

The truth of it is that “computers” and everything relating to them is a job for me. When I get home at night if I sit down in front of a computer, I am either working (IT professionals work quite a lot more hours than you would think, or is healthy quite frankly), or I may send a couple people email, or even play a game for a bit.

Most likely though (assuming I do not have work that must be done), I do not even want to look at a computer, as my brain is totally fried from all the mental gymnastics I’ve had to do at work all day (while sitting at a computer all day might seem like a kick back job, I can assure you that it is incredibly tough, and highly stressful).

AITO Syndrome is not incurable! If you keep the above in mind, the symptoms will begin to disappear, and you may eventually even be symptom free! Please, do you part to end the needless suffering caused by AITO Syndrome. If for nothing else, do it for the children.

Treatment options for AITO syndrome include:

• Frequent and hearty use of Google.com (this is considered by many IT professionals the best course of treatment).
• Possible use of books or help files for the program or OS you have questions about (usually abbreviated as “RTFM” when prescribed by an IT professional).
• Understanding that software has a usable life of approximately 1-2 years before it must be upgraded to a current version.
• Hardware has a useful life of between 3 and 5 years before it must be replaced.
• Operating Systems should be upgraded to the latest version at every hardware replacement, or at the very least when the OS manufacturer stops providing free support for them.

If these methods are not effective, more aggressive treatment options include:

• Revocation of network access.
• Filtering of Internet access.
• Liberal application of a L.A.R.T. by a qualified IT Professional.
• Migration from a standard desktop OS to DOS.
• Questions being answered with a link to http://www.letmegooglethatforyou.com/
• Random stapling of written instructions to various parts of your anatomy by an IT professional.

Together we can beat this horrible affliction, do your part today!

November 21, 2008 Posted by Just Joe | Seppuku yourself, and save me the trouble. | | No Comments Yet

How do I…: Hide the non printable formatting marks in Outlook 2007?

Here’s the situation; you’re working away, minding your own business, you go to send an email, and BAM! Pilcrow overload! Where did all these characters come from? How do I get rid of them?

What you are seeing are the “non printable formatting” characters that are used by Office programs to determine the layout of your document. I’m not quite sure how most people end up with these displayed (since the default setting is for them to be hidden), but I do know that unless you are trying to fix a really tricky formatting issue, they are totally useless!

Fortunately the fix is very easy, and works not only in Outlook, but also in Word, and in all of the 2000, XP, 2003, and 2007 versions of both programs.

There is a keyboard shortcut to show or hide these characters as needed: CTRL+SHIFT+8 (don’t use the 8 on the 10 key, use the one on top of the keyboard – technically these are totally different keys). Voila! no more formatting marks.

There are ways to do this through the individual program menus as well, but why try to memorize umpteen different ways when the keyboard shortcut works in all of them?

November 20, 2008 Posted by Just Joe | How do I? | | 1 Comment

How do I…: Use EXMERGE to protect Individual users’ mailboxes?

For the third time this month I’ve gotten this email:

My email is gone, I need it back.
- Your boss

Now it wasn’t exactly like that, but it was pretty dang close. I have absolutely no idea how this keeps happening (though I am pretty sure it has something to do with him deleting it while “not doing anything”, and restoring from tape is getting old.

So I put a little thought into it, and I’ve got a “quick and (not so) dirty” solution.
ExMerge can be used to backup any mailbox on any server (it works remotely too) and you can schedule it to run as you please.

WARNING: Do not confuse this procedure for a proper method for protecting Exchange. This will only protect individual mailboxes, so if anything happens to the actual Mail Store in Exchange, you’re going to have trouble if you are not performing a proper “monolithic” Exchange backup.

First we need to get a current version of ExMerge for Exchange 2003 (what I am using at work, and what this article is based on, though the setps for prior versions of Exchange are pretty much the same). To get this we head over to Microsoft’s site and download it here.

Once we have the latest version of ExMerge, extract it from the download (use 7zip or similar compression software) and copy EXMERGE.EXE to the %Program Files%>Exchsrvr>bin folder of your Exchange server.

Now we need to configure the user account being used to do this to have access to the mailbox(es) that will be backed up (by default the Exchange Full Administrator permissions do not give you the right to open any other users’ mailbox).

Configuring EXMERGE

To perform Brick-Level backups of one or more mailboxes found on one Exchange server follow these steps:

1. Navigate to the %Program Files%>Exchsrvr>bin folder of your Exchange server and double click ExMerge.exe.
2. On the Welcome page click Next.
3. On the “Procedure Selection” dialogue box, select “Export or Import (Two Step Procedure)”.
4. On the “Two Step Procedure” dialogue box, select “Step 1: Extract data from and Exchange Server Mailbox”.
5. In the “Source Server” dialogue box specify the name of your Exchange server. If you have a multiple domain environment you’ll need to specify the name and LDAP port number of your Domain Controller. Click Next.
6. In the “Database Selection” dialogue box select the mailbox store you want to perform the action upon (Note: In a scenario where you only have one mailbox store you will not be presented with this page). Click Next.
7. In the “Mailbox Selection” dialogue box select individual mailboxes or press the “Select All” button to select all mailboxes found in that store. In this example I will only select one mailbox. Note that you can also see the mailbox size next to the mailbox name. Click Next.
8. On the “Locale Selection” dialogue box select the Locale that you would like to use to search the mailboxes. (Hebrew users take note: there are special steps that must be taken to use ExMerge with Hebrew language characters. Contact Microsoft for specific instructions). Click Next.
9. Specify the path to the folder where you want to place the .PST files. This folder should reside on a different HD that the one where your mailbox stores are located, but this is only a recommendation for performance benefits, not a must. Also, make sure you have enough free space on that partition. Click Next.
10. On the “Save Settings” dialogue box you can now save the settings you’ve configured so far, or you can just click Next. You can also change the name and location of the files used by ExMerge by clicking on the “File Names” button.
11. After pressing Next the process will begin. This could take a considerable about of time depending on how many mailboxes you’ve selected and the size of the mailboxes.

Now, next time this user “does nothing” and loses all their email, I can simply restore is from this PST file (assuming that I have a recent copy). To ensure that there is always a recent copy available, we’d need to automate this process of using ExMerge, which I will cover in another post.

WARNING: Be aware of the following issues:

• Security - ExMerge does not password-protect the .PST files it creates.
• Storage Space – You need to consider how much space is required to store the .PST files and with what frequency you will have to purge the archived .PST files.
• Overwriting .PST files – If there is no corresponding .PST file for the mailbox in the export folder, EXMERGE will create a new .PST file for the mailbox. The .PST file naming convention is [ALIAS].PST. If a .PST file for the mailbox already exists in the export folder, ExMerge will export only new message data from the mailbox to the .PST file. Therefore, you may want to purge the .PST files or move them to another directory so that ExMerge will create new .PST files when it runs next time.
• Single Instance Architecture – When ExMerge exports mailbox data to a .PST file, you lose the benefit of the Single Instance message storage capability, so expect a mailbox’s newly created .PST file to be 10% to 50% larger than the mailbox itself (depending on how many messages in that mailbox are also in other mailboxes on the Exchange Server).

November 17, 2008 Posted by Just Joe | How do I? | | No Comments Yet

Can you hear me now? Know when your email got to their BlackBerry.

I just love hearing “oh sorry, I didn’t get your email” as a response when I ask someone for a response for the third time. Especially when I know that person has a BlackBerry. When it’s from users on my BlackBerry Enterprise Server (BES) I usually just create a help desk ticket from their “oh I didn’t get your email” response, and then attach a screen shot of the BES log showing that it was in fact delivered to their BlackBerry.

Then they forget that I can do this, and in a few weeks I have to repeat the whole thing. But what do you do when the person you’re sending email to doesn’t have a BES, or is not on your network?

Apparently the good folks at RIM are one step ahead of me, as they have a solution to this nonsense built in. Keeping in mind that this will only work with actual BlackBerry devices (I’ve confirmed that it works with a BES server, and using the BlackBerry Redirector for peeps without a BES), send a email to the address that gets delivered to the BlackBerry with <confirm> as the subject, and in a few moments you should get a reply that looks something like this:

As you’ll see in the screen shot, you can use this functionality with an actual subject, or by sending just <confirm> as the subject (just make sure that <confirm> is the first thing on the subject line). The really awesome part of this is that unless the recipient knows what the <confirm> tag in the subject line does, they have no idea that you now know that the email was delivered to their device. Take note smarmy sales weasels: I see what you did there.

November 14, 2008 Posted by Just Joe | Ask an IT ninja!!! | | No Comments Yet

I, SysAdmin

(Evil SysAdmin laugh) Silly Users! You cannot escape my domain! I have been getting a whole lot of questions regarding… “Can I do this at work” or “Will I get caught if I am downloading…” and my all time favorite “If I look at a little pr0n will I get caught?”

Here’s a clue; most of the time, if we have the capabilities of remote monitoring, we’re not using them. Unless you do something to draw the Evil Eye of a SysAdmin, we just don’t care, we’ve got other things to worry about.

Now that being said, if you DO happen to do something to draw our attention, you’re dead in the water if you’re doing something wrong.

Here is a list of things that most SysAdmins don’t really care about:

• Light Porn surfing (if it’s playboy type stuff) up to say 10-15 minutes a day, we just don’t care. We might be a bit entertained by your old woman or tranny fetish, but chances are, nothing to really worry about. Unless you owe us money. Just be aware, we know what you’re doing.

• Reading news sites, or shopping online. Again, we just don’t care. Most of our days are spent in one of two modes; putting out fires, or preventing fires.

• Circumventing the proxy to go watch that really funny YouTube video your brother sent you in your corporate email. If you’re smart enough to do it, more power to you. If you didn’t do it exactly right, the Evil Eye is turning your way right now. If it’s just a funny YouTube video, no big deal. If you’re logging into hardcore pr0n sites to download videos, and eating all the T1 bandwith, your fapping is about to be seriously interrupted. It might even be something like total computer failure, which we will conveniently be able to pin to the pr0n you were downloading.

If you have thus far managed to evade the Evil Eye, good job! Here are some things that will draw down the Striking Hammer Of God:

• Illegal pr0n. If she could be your daughter, or our kid sister, you are toast. We don’t just get you fired, we call the FBI and let them arrest you. At work. If you (sick bastards) are unlucky enough to get a SysAdmin like me, you first get the living shit beat out of you, then you get to deal with the Feds.

• Illegal pr0n. If the “man” of the pr0n is named fido, we call the FBI and again, probably beat the crap out of you for good measure. We definitely make sure that EVERYONE in the company (and likely your spouse, and/or family) know what you were doing, and why the men in suits have come to take you away.

• Downloading illegal music. Not cool man. Not at work. Yeah we have a T1, but it’s not your personal playground. Expect to have the music mysteriously disappear from your machine overnight, and forget being able to do anything like that in the future, we just demoted you to the Guest account.

• Listening to streaming music. Ok, so yeah it’s not illegal. But you and your 10 brethren have just filled our T1, and effectively DoS’d the email server. If you want music, bring it from home on a portable hard drive, and don’t copy it to the machines. Just play it from the hard drive.

• Installing or running any port scanners, or downloading anything that might be considered a “hack” tool. Congratulations, you just pissed IT off, and will likely be locked out of the network shortly. I’ve got enough to do without wrangling your script kiddie ass too.

• Heavy pr0n surfing. Like 5-6 hours a day heavy. Dude, just stop. You are likely going to be visiting some websites that are, ummm, let’s just say less than legit, to get in that amount of pr0n every day. You are going to end up getting that machine infested with virii and spyware. You might even actually inadvertently compromise the corporate network. If that happens, do you really think that anyone is going to let that slide? Now I’ve actually had to explain to the boss why you need to be fired before your little problem destroys the network, and I don’t really care to discuss what you’ve been looking at (you mean there’s more than one person that looks at THAT?!?!?) with my boss.

Even if I’ve been cool enough not to filter out web content, the boss is going to want to know how you were able to view this stuff. Rather than blow it for everyone, I am going to do the right thing. I am going to lie my ass off. You must be a hacker, because you’ve been able to circumvent every filtering method I’ve set up, and I have logs to prove it (believe me, I have logs to prove ANYTHING).

The short answer is, if we’re watching you, there is no escape. Between hardware keyloggers, and specialty software that is designed to be undetectable (which is extremely hard to find even to buy), we will catch you.

If you are doing something that is in a grey area, take your SysAdmin out for lunch a couple times, or for a beer, and find out what the real policy is (the one that gets enforced, not the one in the manual). Hell if we like you, we’ll let you get away with a lot more than if you’re a dick to us in the hall.

November 13, 2008 Posted by Just Joe | Ask an IT ninja!!!, Seppuku yourself, and save me the trouble. | | No Comments Yet

Guerrilla Event Log archiving: why and how.

I am quite positive that there are as many solutions (both paid and unpaid) for handling Win32 Syslogs as there are SysAdmins out there. On my *NIX machines syslogs are a simple thing, configure Syslog-ng and move on. My Windows Syslogs are a whole different story.

First off, shame on you Microsoft for not providing built in syslogd integration capabilities. With the volume of BSD code in Windows there is just no acceptable reason for this.

But that doesn’t help me. The long term goal is of course to get a central Syslog server set up that will handle and archive log entries from all of my machines (*NIX and Win32), but that is going to take two things:

1. Time I don’t have.
2. Money I don’t have.

I need a solution for archiving my Windows event logs right now, in a central location, until I can get the central Syslog server set up. As I mentioned, most of the solutions for doing this on Windows machines (the ones I feel comfortable entrusting my event logs to anyway) cost somewhere in the neighborhood of an arm, a leg, and most of an ear, so those are not viable options. Now what do you do?

Well if you’re me, you roll your own solution. I’ve got several WS2003 servers that I need to log the event data from, because, well to be quite honest, because this network was built by someone that is more of a *NIX SysAdmin, and didn’t set up the Windows side correctly, so there are quite a few odd bugs in this network that will take quite a while to work out.

Now I could go through and manually export the event logs to a file once a month, but that is way too much work. I decided to script the solution to this problem using VBScript (as it is available on all of the Servers I need event log info from).

I give you logArchive.vbs:

'#==============================================================================
'#==============================================================================
'#  SCRIPT.........:  logArchive.vbs
'#  AUTHOR.........:  Joe Glessner
'#  EMAIL..........:  jglessner@gmail.com
'#  VERSION........:  1.0
'#  DATE...........:  30JUL07
'#  COPYRIGHT......:  2008, Joe-IT.com
'#  LICENSE........:  Freeware
'#  REQUIREMENTS...:
'#
'#  DESCRIPTION....:  This script backs up all of the event logs on the
'#                    designated computer, to the specified file server.
'#                    Optionally this script can also clear the event logs once
'#                    they are archived.
'#
'#  NOTES..........:
'#
'#  CUSTOMIZE......:
'#==============================================================================
'#  REVISED BY.....:
'#  EMAIL..........:
'#  REVISION DATE..:
'#  REVISION NOTES.:
'#
'#==============================================================================
'#==============================================================================
'**Start Encode**

'#==============================================================================
'#  START OF SCRIPT
'#==============================================================================
'Option Explicit
'On Error Resume Next

    '#--------------------------------------------------------------------------
    '#  SCRIPT CONFIGURATION SECTION
    '#--------------------------------------------------------------------------
    '#  OPTIONS:
    '#              strComputer = The name of the computer that generated the
    '#                            event logs (e.g. fs01 - use "." for the local
    '#                            machine.
    '#              objDir2 =      The destination directory on the file server.
    '#              clearEVTLogs   "No" does not clear the event logs. "Yes"
    '#                             will clear the event logs once the current
    '#                             logs are archived.
    '#--------------------------------------------------------------------------
    DIM strComputer, objDir2
    strComputer = "dc1"
    objDir2 = "\\SyslogServer\EventLogs$\" & strComputer
    clearEVTLogs = "Yes"

    '#--------------------------------------------------------------------------
    '#  Declare Remaining Variables
    '#--------------------------------------------------------------------------
    Dim current: current = Now
    Dim strDateStamp: strDateStamp = dateStamp(current)
    DIM objDir1: objDir1 = "\\" & strComputer & "\c$\EVT"

    '#--------------------------------------------------------------------------
    '#  Ensure that the Scratch directory exists on the source computer.
    '#--------------------------------------------------------------------------
    Set filesys=CreateObject("Scripting.FileSystemObject")
    If Not filesys.FolderExists(objDir1) Then
        createDir(objDir1)
    End If

    '#--------------------------------------------------------------------------
    '#  Ensure that the destination directory exists on the file server.
    '#--------------------------------------------------------------------------
    If Not filesys.FolderExists(objDir2) Then
        createDir(objDir2)
    End If

    '#--------------------------------------------------------------------------
    '#  Make create backups of the event logs to the Scratch directory.
    '#--------------------------------------------------------------------------
    strPath = objDir2 & "\"
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
            & strComputer & "\root\cimv2")
    Set colLogFiles = objWMIService.ExecQuery _
        ("Select * from Win32_NTEventLogFile")
    For Each objLogfile in colLogFiles
        strCopyFile = strDateStamp & "_" & strComputer & "_" _
        & objLogFile.LogFileName & ".evt&"
        strBackupFile = "c:\EVT\" & strDateStamp & "_" _
            & strComputer & "_" & objLogFile.LogFileName & ".evt"
        strBackupLog = objLogFile.BackupEventLog _
            (strBackupFile)
        'WScript.Echo objLogFile.LogFileName & " backed up to " _
        '    & strBackupFile

        '#----------------------------------------------------------------------
        '#  Copy the event logs to the file server.
        '#----------------------------------------------------------------------
        call copyAFile(objDir1, strPath, strCopyFile)

        '#----------------------------------------------------------------------
        '#  Clear the event logs, or not.
        '#----------------------------------------------------------------------
        If clearEVTLogs = "Yes" then
            objLogFile.ClearEventLog()
        End If
    Next

'#==============================================================================
'#  SUBROUTINES/FUNCTIONS/CLASSES
'#==============================================================================
    '#--------------------------------------------------------------------------
    '#  FUNCTION.........:  dateStamp(ByVal dt)
    '#  PURPOSE..........:  Generate an 8-character date stamp from the current
    '#                      VBScript date.
    '#  ARGUMENTS........:  dt = The date stamp to convert.
    '#  EXAMPLE..........:  Dim current: current = Now
    '#                      WScript.Echo dateStamp(current)
    '#  REQUIREMENTS.....:
    '#  NOTES............:  The above example will produce output of 20080730 if
    '#                      run on 07/30/08.
    '#--------------------------------------------------------------------------
    Function dateStamp(ByVal dt)
        Dim y, m, d
        y = Year(dt)
        m = Month(dt)
        If Len(m) = 1 Then m = "0" & m
        d = Day(dt)
        If Len(d) = 1 Then d = "0" & d
        dateStamp = y & m & d
    End Function

    '#--------------------------------------------------------------------------
    '#  FUNCTION........:  copyAFile()
    '#  ARGUMENTS.......:  strScourceFolder = The folder containing the files to
    '#                                        be copied.
    '#                     strTargetFolder = The Destination Folder
    '#                     strFileName = The name and file extension of the file
    '#                                   to be copied.
    '#  PURPOSE.........:  General purpose file copying function.
    '#  EXAMPLE.........:  Wscript.Echo copyAFile("C:\", "\\Server\Share", _
    '#                     & "fileName.txt")
    '#  NOTES...........:  strSourceFolder folder must exist
    '#                     strTargetFolder folder must exist
    '#                     strFileName file must exist in strSourceFolder folder
    '#--------------------------------------------------------------------------
    Function copyAFile( Byval strSourceFolder, Byval strTargetFolder, _
        Byval strFileName)
        Dim objFSO, booOverWrite, strResult
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        If objFSO.FileExists( strSourceFolder & "\" & strFileName) _
            And UCase( strSourceFolder)  UCase( strTargetFolder) Then
            If objFSO.FolderExists( strTargetFolder) Then
                Else
                strResult = "The destination folder does not exist!"
                'copyAFile = strResult
                Exit Function
            End If
            If objFSO.FileExists( strTargetFolder & "\" & strFileName) Then
                strResult = "The file exists, overwritten"
                booOverWrite = vbTrue
            Else
                strResult = "The file does not exist, created"
                booOverWrite = vbFalse
            End If
            objFSO.CopyFile strSourceFolder & "\" _
                & strFileName, strTargetFolder & "\", booOverWrite
        Else
            strResult = "The source file does not exist, or " _
                & "identical Source and Target folders!"
        End If
        'copyAFile = strResult
    End Function

    '#--------------------------------------------------------------------------
    '#  FUNCTION.......:  createDir(strDir)
    '#  ARGUMENTS......:  strDir = UNC path of the directory to create.
    '#  PURPOSE........:  Creates directories.
    '#  EXAMPLE........:  createDir("c:\WSH_TEST\")
    '#                    createDir("c:\WSH_TEST\" & "Files\")
    '#  NOTES..........:  If creating a subdirectory of a directory that does
    '#                    not exist, the parent directory must be created
    '#                    first, as shown in the example.
    '#--------------------------------------------------------------------------
    Function createDir(strDir)
        set filesys=CreateObject("Scripting.FileSystemObject")
        Set objFSO = CreateObject("Scripting.FileSystemObject")
        If Not filesys.FolderExists(strDir) Then
            Set objFolder = objFSO.CreateFolder(strDir)
        End If
    End Function

'#==============================================================================
'#  END OF FILE
'#==============================================================================

So, What does it do? This script will copy the event logs (well technically it creates a backup it doesn’t actually copy the data per se) from the target system to a directory defined by the user, and optionally clear the logs.

You can then use the built in Windows Event Log viewer to open the resulting file and search the event logs for the time period in the file.

How I use this:

I have several copies of this script set up in Windows’ Task Scheduler to run on the first of every month at exactly midnight, with the option to clear the event logs turned on. This allows me to create a Monthly archive of event logs for each Server that it is run against, and when I get a cryptic event log message like “Windows has previously logged the source of this error”, I can go back and search for the referenced previous entry.

Like I said before, this is a temporary system designed to do one thing: archive all of the Event logs from all of my Windows server to a central location until I can get a proper central Syslog server in place. It works flawlessly for the task it was designed to do.

November 10, 2008 Posted by Just Joe | Ask an IT ninja!!!, VBScript | | 7 Comments

Admin’s Arsenal (personal edition): Songbird

I wasn’t exactly sure how to categorize this post, but I feel that it rightly belongs in the Admin’s Arsenal. Even the most nose to the grindstone SysAdmin needs some tunes. I have something playing in the background in my office pretty much all day.

Until recently I was a die hard Winamp fan (mostly because of its Llama whipping ways). As of late though Winamp has been getting more and more bloated. My copy now lags horribly when I first start it up, and it eats a ton of system resources.

Allow me to introduce you to Songbird, an open source media player based on the Firefox and VLC code. Songbird is currently in Beta, however I have been using Beta 1.0rc1 for a week or so and it is very close to being final.

Seeing the default interface, it is pretty obvious they are aimed squarely at dethroning iTunes (thank you for that, iTunes is just bloated crapware).

Now here is the really cool part; from it’s Firefox roots it has inherited what I believe is Firefox’s best feature: Add-ons. Even though this is beta software, I am really excited about this software. The potential here is epic, this could actually turn out to be the best media player on the market.

Even though it is in beta (and hence there are quite few Add-ons available for it), here is a screenshot of what Songbird now looks like on my computer:

Notice that I have a second tab open… yeah, it’s got a browser integrated right into it, and it’s FireFox code! Here is a list of some of the features this baby offers:

• Add media to Songbird by importing from your file system or iTunes.
• Songbird supports MP3, FLAC, and Vorbis on all platforms; WMA and WMA DRM on Windows; and AAC and Fairplay on Windows and Mac.
• Browse, organize, sort and search your media.
• Songbird includes an integrated web browser with features like bookmarking, tabbed browsing, and more.
• Songbird runs on Windows, Linux and Mac.
• Always stay up to date using Songbird’s built-in automatic updates.

The beta version that I am showing here adds several more features, including multiple additions to mp3 player support, and metadata management.

If you find that there are features that are missing that you want, the developers are maintaining a roadmap wiki showing the planned additions to the software, so that killer feature you want may be just around the corner!

November 7, 2008 Posted by Just Joe | Admin's Arsenal | | No Comments Yet