Script – Fix ACL permissions on folders/files 2

Inheritance has been fixed in the previous post. Now, would it be nice to have some sort of a report that could find me folders/files that have wrong settings no matter how deep they are. This script would confirm that previous changes were successful.

We are going to look for a specific group in the ACL by parsing CACLS output.
In this example I’m looking for a “GG-ADM-S” group.

Here it is: Continue reading

Advertisements

Script – Fix ACL permissions on folders/files 1

From time to time our first line support guys were complaining that they have limited access to the users’ home drives. The access to their group is set on the root folder so that when the inheritance is enabled they should have Full Control. Unfortunately this is not always the case. Some of the deeper folders/files have custom NTFS settings where even local Administrators are not listed in the Security.

So, it’s been decided to make an order and fix all this. Obviously the number of folders/files is just huge, way over a million. Let’s see how scripting can help us here 🙂

First off all we need to clarify our requirements:
1. we want to have an NTFS configuration backup, just in case.
2. we need to ensure that current custom NTFS settings are going to remain.
3. we need to ensure that support team have access to all the folders and files no matter how deep they are in the structure. Continue reading

Troubleshooting – Home folders are displayed as “Documents” or “My Documents”

Client of mine asked me to figure out why is it some of the user Home folders are displayed as “Documents” or “My Documents”?:
B1 B2

First view is presented when looking in the root folder from Windows 2003, second – when looking from Windows 7 or Windows 2008. Interesting isn’t it.

The cause of this behaviour is literally hiding in the folders – desktop.ini file. Hidden desktop.ini is a customization/personalization file. Every folder with corrupted name had a desktop.ini in it. Continue reading

Script – Find all installed applications

I had a task to collect all application names installed on a number of servers, including updates.
OSes were both 2003 and 2008, therefore Powershell was not an option, so I went with vbscript.

One important thing I’ve learned while developing was the fact that on 64 bit OSes Windows stores information about the installed software not only in the “SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\” key but also in the “SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\”.

Here is the script. Continue reading

DNS – Remove DNS records on schedule

Sometimes you need to remove the DNS records at a night time or early in the morning, for example before users logs on. Say you want to perfom a maintenance work on a server. Here how you can do this.

You need a script and a task scheduler.
Script – just a simple .cmd [call it say “RemoveDNS.cmd”] file with the commands like these:

dnscmd /RecordDelete yourdomain.com server1.yourdomain.com. A 192.168.0.100 /f
dnscmd /RecordDelete yourdomain.com server2.yourdomain.com. A 192.168.0.120 /f

Scheduler – you need a scheduler that is able to use custom user credentials, user who have rights to modify DNS records. at.exe won’t work as it uses System account. But the built-in Windows Task Scheduler will do the work.
TS1 Continue reading

Scheduling Windows server reboot

Usually reboot can not be done during the business hours, and herefore you would like to have an easy way to do that at night. Here is when an old “at.exe” utility comes into play (I know about SCHTASKS.exe but at.exe is way easier to configure). So, here is a simple command:

at.exe 2:00 shutdown.exe -r -f -c "Planned Reboot" -t 10

Interesting thing about at.exe is that utility in the example interprets 2:00 as 2:00AM. It means that if the time when you run this command is later then 2:00AM Today [normally you are sleeping at that time :)] then utility knows that you are talking about Tomorrow.

Continue reading