Powershell – get user Profile and Home directory paths

I’ve been recently working with Terminal Servers and one of the things I needed from time to time is a Profile configuration [Profile path and Home folder path] for the users located in one or another OU:

Here is a short PowerShell script to collect above information:
Continue reading


Script – Fix ACL permissions on folders/files 1

From time to time our first line support guys were complaining that they have limited access to the users’ home drives. The access to their group is set on the root folder so that when the inheritance is enabled they should have Full Control. Unfortunately this is not always the case. Some of the deeper folders/files have custom NTFS settings where even local Administrators are not listed in the Security.

So, it’s been decided to make an order and fix all this. Obviously the number of folders/files is just huge, way over a million. Let’s see how scripting can help us here 🙂

First off all we need to clarify our requirements:
1. we want to have an NTFS configuration backup, just in case.
2. we need to ensure that current custom NTFS settings are going to remain.
3. we need to ensure that support team have access to all the folders and files no matter how deep they are in the structure. Continue reading

Troubleshooting – Home folders are displayed as “Documents” or “My Documents”

Client of mine asked me to figure out why is it some of the user Home folders are displayed as “Documents” or “My Documents”?:
B1 B2

First view is presented when looking in the root folder from Windows 2003, second – when looking from Windows 7 or Windows 2008. Interesting isn’t it.

The cause of this behaviour is literally hiding in the folders – desktop.ini file. Hidden desktop.ini is a customization/personalization file. Every folder with corrupted name had a desktop.ini in it. Continue reading

Script – Find all installed applications

I had a task to collect all application names installed on a number of servers, including updates.
OSes were both 2003 and 2008, therefore Powershell was not an option, so I went with vbscript.

One important thing I’ve learned while developing was the fact that on 64 bit OSes Windows stores information about the installed software not only in the “SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” key but also in the “SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\”.

Here is the script. Continue reading

DNS – Remove DNS records on schedule

Sometimes you need to remove the DNS records at a night time or early in the morning, for example before users logs on. Say you want to perfom a maintenance work on a server. Here how you can do this.

You need a script and a task scheduler.
Script – just a simple .cmd [call it say “RemoveDNS.cmd”] file with the commands like these:

dnscmd /RecordDelete yourdomain.com server1.yourdomain.com. A /f
dnscmd /RecordDelete yourdomain.com server2.yourdomain.com. A /f

Scheduler – you need a scheduler that is able to use custom user credentials, user who have rights to modify DNS records. at.exe won’t work as it uses System account. But the built-in Windows Task Scheduler will do the work.
TS1 Continue reading

SEP – agent upgrade script

SEP agent upgrade can be a real pain, mainly because of the double reboot requirement. In production you can do it only during the maintenance windows, meaning at night. Scripting is your best friend in this case, unless off course you are a night person 🙂

My environment is a mix of Windows 2003 and 2008, therefore VBScript is still the best choice to ensure interoperability. Script is needed to uninstall existing SEP11 version. Reboots and installation of the new version can be executed with no script, just usual Windows tools. All you need to do is copy required files and run these commands in the command line:

at 03:00 C:\Software\sep11uninstall.vbs
at 03:15 shutdown.exe -r -f -c "Planned restart to complete SEP11 uninstall" -t 10
at 03:35 C:\Software\setup.exe
at 03:50 shutdown.exe -r -f -c "Planned restart after SEP12 is installed" -t 10

Continue reading

SEP – old virus definitions are not being deleted

Continuing the global fight against Symantec Endpoint Protection 🙂 here is a possible way to ensure that old virus definitions are not staying on the C drive.

First of all we need to temporarily turn the Tamper Protection off for the whole environment. It can be done from the SEP Manager console for a particular group. Go to Clients view, on the left hand side you will see a list of groups. Select your target group and then on the right hand side select Policies tab:

Continue reading