Hello again, it's been a while since my last post.
Today i will post some Christmas spirit for all you system admins to share in your network.
Since last Christmas we have had a special script called from within our logonscript. This special script will change the wallpaper for the users to a random wallpaper from a set of Christmas wallpapers on our server. The script changes the wallpaper only during December. After that it will change the wallpaper back to whatever it was before the change. As this script is called every time the user logs on it will change the wallpaper once for every logon. The change will not be visible to the user immediately, but it will show upon the next logon. This is because Windows has already loaded the wallpaper setting when the script is run, so the change always comes one logon later. The nice thing with this script is that it changes the background upon every logon during December, so users will be presented with various nice Christmas wallpapers. And when the new year comes, the original wallpaper of the user is restored. The script saves the original wallpaper in a file so it can restore it later. The script is not very nicely written, as all this has been done on my own time.
The script works both on Windows XP and Windows 7.
For you to be able to use this in your organization or on your personal Windows computer you will need to edit the following:
The strBackupFile variable. Currently it points to "c:\temp\wallpaper_username.bak". I have chosen to save the user's original wallpaper setting in a file called c:\temp\wallpaper_username.bak, in which the "username" will be changed to the user's username. So if my username is Frank the original wallpaper setting will be saved in a file called c:\temp\wallpaper_Frank.bak. If you wish to save the setting somewhere else you need to edit this text to something else.
The strWPLocation specifies the UNC path to the folder where you have all your nice Christmas wallpapers stored. Users should have appropriate access to this folder to be able to apply the wallpapers. The wallpapers need to be named 1.bmp, 2.bmp, 3.bmp... for this script to work. If you wish to use jpg, png or something else you will need to do a find/replace of all the ".bmp"-strings in the script.
The intWallpapers should be changed to the number of wallpapers you have in the shared folder. The script uses a crude randomizing function to randomly select any of the wallpapers in the folder.
Once you have set these variables to suit your environment and need you are ready to go.
As I mentioned earlier we call this script from the logon script. you may run it manually or whatever. Once you run it nothing seems to happen, but you will find the .bak file in the c:\temp folder and on next reboot your background has changed!
Happy Christmas!
Today i will post some Christmas spirit for all you system admins to share in your network.
Since last Christmas we have had a special script called from within our logonscript. This special script will change the wallpaper for the users to a random wallpaper from a set of Christmas wallpapers on our server. The script changes the wallpaper only during December. After that it will change the wallpaper back to whatever it was before the change. As this script is called every time the user logs on it will change the wallpaper once for every logon. The change will not be visible to the user immediately, but it will show upon the next logon. This is because Windows has already loaded the wallpaper setting when the script is run, so the change always comes one logon later. The nice thing with this script is that it changes the background upon every logon during December, so users will be presented with various nice Christmas wallpapers. And when the new year comes, the original wallpaper of the user is restored. The script saves the original wallpaper in a file so it can restore it later. The script is not very nicely written, as all this has been done on my own time.
The script works both on Windows XP and Windows 7.
For you to be able to use this in your organization or on your personal Windows computer you will need to edit the following:
The strBackupFile variable. Currently it points to "c:\temp\wallpaper_username.bak". I have chosen to save the user's original wallpaper setting in a file called c:\temp\wallpaper_username.bak, in which the "username" will be changed to the user's username. So if my username is Frank the original wallpaper setting will be saved in a file called c:\temp\wallpaper_Frank.bak. If you wish to save the setting somewhere else you need to edit this text to something else.
The strWPLocation specifies the UNC path to the folder where you have all your nice Christmas wallpapers stored. Users should have appropriate access to this folder to be able to apply the wallpapers. The wallpapers need to be named 1.bmp, 2.bmp, 3.bmp... for this script to work. If you wish to use jpg, png or something else you will need to do a find/replace of all the ".bmp"-strings in the script.
The intWallpapers should be changed to the number of wallpapers you have in the shared folder. The script uses a crude randomizing function to randomly select any of the wallpapers in the folder.
Once you have set these variables to suit your environment and need you are ready to go.
As I mentioned earlier we call this script from the logon script. you may run it manually or whatever. Once you run it nothing seems to happen, but you will find the .bak file in the c:\temp folder and on next reboot your background has changed!
Happy Christmas!
27/10: SSH Hammering prevention
I have a Windows 7 computer running an SSH server. I don't trust RDP, so I won't allow connections over RDP from the Internet. Instead I have chosen to trust SSH for remote access. I therefore tunnel RDP over SSH to be able to use Remote Desktop. This works for me and I can access my home computer from almost any Internet-connected computer.
The thing that worries me, however, is the fact that so many password guessing attacks are being made all the time, and the SSHD itself doesn't provide an adequate protection against these. I can limit the amount of failed logon attempts before the server closes the line, but the attacker can just reconnect and try again. I can naturally also make sure that I don't permit root logon and restrict which accounts are allowed to log on remotely. Also, I could allow only certain hosts to connect, but this doesn't work either, as I often need to access my computer from whatever computer.
With thousands of script kiddies hammering my box hour after hour I'm not comfortable with only the above security measures.
I want to be able to block computers that have performed several unsuccessful logon attempts within a short time frame. In other words, I want to block attacks like these:
Invalid user apache from 79.29.80.124
input_userauth_request: invalid user apache
Failed password for invalid user apache from 79.29.80.124 port 50074 ssh2
Received disconnect from 79.29.80.124: 11: Bye Bye
Invalid user root from 79.29.80.124
input_userauth_request: invalid user root
Failed password for invalid user root from 79.29.80.124 port 50901 ssh2
Received disconnect from 79.29.80.124: 11: Bye Bye
Invalid user root from 79.29.80.124
input_userauth_request: invalid user root
Failed password for invalid user root from 79.29.80.124 port 50915 ssh2
Received disconnect from 79.29.80.124: 11: Bye Bye
Invalid user network from 79.29.80.124
input_userauth_request: invalid user network
Failed password for invalid user network from 79.29.80.124 port 52613 ssh2
...
So I wrote a script!
This is just a beginning of something that could prove useful. The script is designed to be run every hour, ten minutes, whatever, and reads the sshd log and checks for failed logon attempts. The script employs a threshold and any IP that has a failed logon attempt count above the threshold will be blocked from accessing the server. The blocking is performed by adding a blocking rule to the Windows firewall. The script currently never removes any of these rules, so they might build up. Maybe in the future I will enhance the script to employ a method for removing rules over a certain age.
I put the script to run every hour in my Task Scheduler.
The thing that worries me, however, is the fact that so many password guessing attacks are being made all the time, and the SSHD itself doesn't provide an adequate protection against these. I can limit the amount of failed logon attempts before the server closes the line, but the attacker can just reconnect and try again. I can naturally also make sure that I don't permit root logon and restrict which accounts are allowed to log on remotely. Also, I could allow only certain hosts to connect, but this doesn't work either, as I often need to access my computer from whatever computer.
With thousands of script kiddies hammering my box hour after hour I'm not comfortable with only the above security measures.
I want to be able to block computers that have performed several unsuccessful logon attempts within a short time frame. In other words, I want to block attacks like these:
Invalid user apache from 79.29.80.124
input_userauth_request: invalid user apache
Failed password for invalid user apache from 79.29.80.124 port 50074 ssh2
Received disconnect from 79.29.80.124: 11: Bye Bye
Invalid user root from 79.29.80.124
input_userauth_request: invalid user root
Failed password for invalid user root from 79.29.80.124 port 50901 ssh2
Received disconnect from 79.29.80.124: 11: Bye Bye
Invalid user root from 79.29.80.124
input_userauth_request: invalid user root
Failed password for invalid user root from 79.29.80.124 port 50915 ssh2
Received disconnect from 79.29.80.124: 11: Bye Bye
Invalid user network from 79.29.80.124
input_userauth_request: invalid user network
Failed password for invalid user network from 79.29.80.124 port 52613 ssh2
...
So I wrote a script!
This is just a beginning of something that could prove useful. The script is designed to be run every hour, ten minutes, whatever, and reads the sshd log and checks for failed logon attempts. The script employs a threshold and any IP that has a failed logon attempt count above the threshold will be blocked from accessing the server. The blocking is performed by adding a blocking rule to the Windows firewall. The script currently never removes any of these rules, so they might build up. Maybe in the future I will enhance the script to employ a method for removing rules over a certain age.
I put the script to run every hour in my Task Scheduler.
The problem with Java Runtime Environment is that security holes and flaws are constantly found and new patched versions and updates pop up way too often. This causes a lot of work for the person(s) in charge of keeping the Java up to date on the computers. This is especially true if the company has business critical applications that rely on JRE and if the company therefore does not allow the JRE on the workstations to update themselves automatically or if the level of permissions granted to the users is too low for using JRE's autoupdate feature.
I happen to work at such a place. As we have about 1500 computers, most of which need to have JRE installed, there's a lot of work keeping the JRE's on the workstations up to date. Even though we have a workstation management system for deploying the new Java it's a lot of work. To ease the burden of keeping the JRE environment up to date I made a simple script to remove all old versions of Java and install the new veresion.
The script checks what version(s) of Java is installed. It then removes all versions, except the most recent version. If the most recent version isn't installed it will install it. Furthermore, the script will copy the deployment.config file to the workstation. This file points the Java installation on the workstation to use settings from a central settings file. This might be useful in a corporate environment.
Please click on "Read more..." to read more :)
I happen to work at such a place. As we have about 1500 computers, most of which need to have JRE installed, there's a lot of work keeping the JRE's on the workstations up to date. Even though we have a workstation management system for deploying the new Java it's a lot of work. To ease the burden of keeping the JRE environment up to date I made a simple script to remove all old versions of Java and install the new veresion.
The script checks what version(s) of Java is installed. It then removes all versions, except the most recent version. If the most recent version isn't installed it will install it. Furthermore, the script will copy the deployment.config file to the workstation. This file points the Java installation on the workstation to use settings from a central settings file. This might be useful in a corporate environment.
Please click on "Read more..." to read more :)
I just found a bunch of scripts from way back in time. One of them is particularly interesting. It is a script that monitors the availability of the e-mail service. This might be useful for some of you, so I decided to share it here. The script monitors the availability of the e-mail service by sending an e-mail message, and then making sure that the message arrived in the mailbox it was sent to. If the message doesn't arrive within a predefined time, an SMS will be sent using Microsoft's SMS sender program. This means that you need to have a mobile phone connected to your computer, but the script could be modified to start any program if the message didn't arrive on time. I wouldn't recommend sending an e-mail though...
The script uses w3sockets (socketreg.exe & socket.dll) from http://www.dimac.net. I won't post those files here, but you can download them from here.
Also, the script uses Microsoft's SMS sender for sending the SMS messages using a mobile phone connected to the computer that runs the script. The SMS sender program can be found here.
The SMS sender program is kind of problematic. When you send an SMS it will throw a notification on the screen. I've used pskill.exe (part of the pstools, available here) to kill the SMS sender program and its notifications.
And finally, the script itself is shown below...
The script uses w3sockets (socketreg.exe & socket.dll) from http://www.dimac.net. I won't post those files here, but you can download them from here.
Also, the script uses Microsoft's SMS sender for sending the SMS messages using a mobile phone connected to the computer that runs the script. The SMS sender program can be found here.
The SMS sender program is kind of problematic. When you send an SMS it will throw a notification on the screen. I've used pskill.exe (part of the pstools, available here) to kill the SMS sender program and its notifications.
And finally, the script itself is shown below...
26/07: Ok, they found me...
I wondered why the traffic was suddenly up to 2GB per day, until I noticed my blog's comment-function was being misused by mass-posting various spam messages into the comment-field.
With 6000+ spams I figured it was best to just bulk-erase them all. Sorry for removing all nice comments as well.
For the time being the comment-section is closed :(
With 6000+ spams I figured it was best to just bulk-erase them all. Sorry for removing all nice comments as well.
For the time being the comment-section is closed :(
29/05: HTA
I've mostly been using vbscripts to accomplish various system administration tasks. It's a good tool for automating tasks. While you can get nice message- and input boxes with vbscript I've been missing a real graphical user interface though. A while ago I stumbled upon something called HTA (HTML Applications), and thought it sounded interesting. I didn't have time to study it any further at the time, though, so I just added the site to my favorites folder, where it's been sitting dormant for some months now. A couple of days ago I found it again and took a closer look, and WOW! That's cool. Microsoft has a really nice little two chapter introduction to this here.
I've created a small and simple helpdesk application for our users in just a couple of hours. The hta does some basic diagnostics (Checking if the computer is on the network, checking that e-mail servers are available, checking CPU load, etc.), shows basic computer information (Computer name, make, model, memory, hard drive, serial number etc), and allows the user to send support requests to the support team. The nice thing with this method of sending support requests is that the hta can automatically add some relevant information to the support request (such as computer name and IP address), that the user doesn't necessarily understand to add themselves.
I may be posting the hta here if someone requests it, and more importantly, if I have the time to tidy it up a bit. For now the application is in English only, but I just might add different languages (Swedish, Finnish, German).
I've created a small and simple helpdesk application for our users in just a couple of hours. The hta does some basic diagnostics (Checking if the computer is on the network, checking that e-mail servers are available, checking CPU load, etc.), shows basic computer information (Computer name, make, model, memory, hard drive, serial number etc), and allows the user to send support requests to the support team. The nice thing with this method of sending support requests is that the hta can automatically add some relevant information to the support request (such as computer name and IP address), that the user doesn't necessarily understand to add themselves.
I may be posting the hta here if someone requests it, and more importantly, if I have the time to tidy it up a bit. For now the application is in English only, but I just might add different languages (Swedish, Finnish, German).
I'm getting frustrated. My excellent blog isn't getting any hits. I guess this is the problem with a privately owned and hosted blog like this. Maybe I should have started this blog on one of the numerous free blog sites on the Internet.
Well, anyway I should probably start investigating how I can get some publicity for my fine blog. The only thing is that I don't find that very interesting.
A quick search on one of the leading web search engines led me to some kind of link exchange program, which can be found here:
SubmitLinksFree.com - the high quality Links Directory for webmasters.
Add Your Link - Web Directory. Add your link today.
-Sorry, I had to include those links to be allowed to submit my link to the site. Let's see if it helps. I'm expecting to get numerous hits within the next 24 hours ;)
Well, anyway I should probably start investigating how I can get some publicity for my fine blog. The only thing is that I don't find that very interesting.
A quick search on one of the leading web search engines led me to some kind of link exchange program, which can be found here:
SubmitLinksFree.com - the high quality Links Directory for webmasters.
Add Your Link - Web Directory. Add your link today.
-Sorry, I had to include those links to be allowed to submit my link to the site. Let's see if it helps. I'm expecting to get numerous hits within the next 24 hours ;)
So we had this old Windows printer server that needed to be replaced. The server had about 200 printer queues shared to about a thousand computers. A new printer server was set up and new printer shares were made. At the same time we decided to deploy a new printer naming policy, so the printer queues got new names on the new server. Now the only problem was to replace the printer queue connections on the 1000+ workstations from the old server to the corresponding queues on the new server. As our users haven't got that good computing skills we realized we couldn't just post instructions to the users on how to replace the old queues with the new ones. After some thinking I came up with the idea to use a script to replace the old queues with the new ones on the workstations.
25/05: Instant VNC session
Ever wanted to remotely assist someone with their problem only to find out that the remote help program isn't installed on the remote user's computer. Here's a simple solution for that problem. I call it instant VNC session. A script installs the VNC service onto the remote computer and 'instantly' opens a VNC session to it. This can be handy when Remote Assistance or any other remote help software hasn't been installed on the remote computer, or when the installed program just doesn't work. The beautiful thing with this instant VNC script is that upon disconnect it will clean up after itself. No service or files will be left on the target computer. Obviously you will need to have admin privileges to the remote computer for this to work! (Otherwise it would be an evil H4x0R backdoor thingie...)
Have you ever been searching for a file that you know is on one of your computers in the AD, but you fail to remember which computer the file resides on. I've had that problem on several occasions, so one day I made a vbs script that searches through all the computers in the AD for the bugger. It might take some time for this script to find your file, because it searches through the computers one by one. Maybe I'll create a new version sometime that searches for the file on several computers in parallel. The script will remember which computers it wasn't able to search, so switched off computers will be retried.
There are a number of things that could have been done better in this script. Now you can e.g. only search by exact file name, including extension (e.g. filename.exe) or substitute the file name or extension with wildcards (e.g. filename.* or *.exe). You're welcome to improve the script. If you decide to do so, please post the improved version here for everyone (including me) to enjoy.
Oh, and all scripts on this site (including this one) may be used by anyone for free, as long as you include the credits in the script code.
Well, enough babbling. Click on Read More to see the script.
There are a number of things that could have been done better in this script. Now you can e.g. only search by exact file name, including extension (e.g. filename.exe) or substitute the file name or extension with wildcards (e.g. filename.* or *.exe). You're welcome to improve the script. If you decide to do so, please post the improved version here for everyone (including me) to enjoy.
Oh, and all scripts on this site (including this one) may be used by anyone for free, as long as you include the credits in the script code.
Well, enough babbling. Click on Read More to see the script.
