Tech Blog

An SBS customer wanted to ensure everyone had Companyweb set as their default homepage, the partners at the firm however wanted to keep MSN.  Our compromise was to set both.  Below is the solution I came up with.

1. Create a text file

2. Paste the following code into it

<%@ LANGUAGE=”VBSCRIPT” %>
<% response.buffer=true %>
<%
Const navOpenInBackgroundTab = &H1000
Set oIE = Getobject(”",”internetexplorer.application”)
oIE.Navigate2 “http://www.msn.com”
oIE.Navigate2 “http://companyweb”, navOpenInBackgroundTab
oIE.Visible = true
%>
<script language=javascript>
function CloseWindow()
{
window.open(”",”_self”,”");
window.close();
}
</script>

3. Save the file and name it something like homepages.asp

4. Place the homepages.asp file in the C:\InetPub\WWWROOT directory of a server running IIS.

5. Configure the IE homepage in a GPO to point to http://servername/homepages.asp.

When IE launches it will open the designated web pages and close the initial IE window that hosted homepages.asp.

In the event that the user manually navigates to homepages.asp and had other IE Tabs open, then just the tab that launched homepages.asp will close and a new instance of IE will be running with the two homepages.

I recently was setting up Exchange 2007 for CCR.  During my setup I wanted to verify that all was working and that I could move the Active Node between the two servers I had setup in my cluster.  You can’t use the Cluster Admin tools since those are not Exchange aware.  Instead you need to utilize PowerShell.  That got me thinking that it would be nice to have a script that could transfer the Active Node to the system I executed the script from.  Below is the result of my musings.

‘==========================================================================
‘
‘ NAME: MoveCluster.vbs
‘
‘ AUTHOR: Mark D. MacLachlan , The Spider’s Parlor
‘ URL: http://www.thespidersparlor.com
‘ DATE : //2009
‘ COPYRIGHT © 2009, All Rights Reserved
‘
‘ COMMENT:
‘ THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF
‘ ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
‘ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
‘ PARTICULAR PURPOSE.
‘
‘ IN NO EVENT SHALL THE SPIDER’S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
‘ BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
‘ DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
‘ WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
‘ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
‘ OF THIS CODE OR INFORMATION.
‘
‘==========================================================================

Set WSHNetwork = CreateObject(”Wscript.Network”)
Set WSHShell = CreateObject(”Wscript.Shell”)

ComputerName = WSHNetwork.ComputerName
Reason = InputBox(”Enter reason for moving cluster active node”)

PSCmd0 = “Start-Sleep 3;Write-Host ‘Adding Exchange Snapin’;add-pssnapin *.Exchange*;”
PSCmd1 = “Start-Sleep 3;Write-Host ‘Getting Cluster Name’;”
PSCmd2 = “$cs = Get-ClusteredMailboxServerStatus|%{$_.Identity}|%{$_.Name};”
PSCmd3 = “Write-Host ‘Cluster:’$cs;Write-Host ‘Moving Cluster Active Node To:’” & ComputerName & “;”
PSCmd4 = “Move-ClusteredMailboxServer -Identity $cs -Target ” & ComputerName & ” -MoveComment ‘” & Reason & “‘ -Confirm:$false;”
PSCMd5 = “Write-Host ‘Getting Cluster Status’;Get-ClusteredMailboxServerStatus”

WSHShell.run “Powershell -noexit -command ” & chr(34) & PSCmd0 & PSCmd1 & PSCmd2 & PSCmd3 & PSCmd4 & PSCmd5

The above also got me thinking that it would be nice to quickly access just the status information of our cluster.  That was easy enough since I was already displaying that at the end of the above script.

‘==========================================================================
‘
‘ NAME: CheckCluster.vbs
‘
‘ AUTHOR: Mark D. MacLachlan , The Spider’s Parlor
‘ URL: http://www.thespidersparlor.com
‘ DATE : //2009
‘ COPYRIGHT © 2009, All Rights Reserved
‘
‘ COMMENT:
‘ THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF
‘ ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
‘ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
‘ PARTICULAR PURPOSE.
‘
‘ IN NO EVENT SHALL THE SPIDER’S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
‘ BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
‘ DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
‘ WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
‘ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
‘ OF THIS CODE OR INFORMATION.
‘
‘==========================================================================

Set WSHShell = CreateObject(”Wscript.Shell”)

PSCmd0 = “Start-Sleep 3;Write-Host ‘Adding Exchange Snapin’;add-pssnapin *.Exchange*;”
PSCMd1 = “Write-Host ‘Getting Cluster Status’;Get-ClusteredMailboxServerStatus”

WSHShell.run “Powershell -noexit -command ” & chr(34) & PSCmd0 & PSCmd1

Scenario:

You have a PITA program that you need to support (PITA= Pain In The Ass), these programs typically want you to assign the user as an admin on their local machine in order to run properly.  Needless to say this is just an invitation for disaster and you will end up with a bunch of machines with spyware and malware on them.  Ideally you should be able to just assign full control rights to the necessary registry and program files to satisfy the program.  Manually configuring such permissions can be tedious and unrealistic in large organizations or remote locations.

Solution:

We can script the setting of both registry and file permissions.  These tasks will require different utilities that you will first need to deploy to the workstations.  REGINI.EXE and XCACLS.VBS are both free Microsoft utilities.  REGINI is part of the Resource Kit Tools but is already installed in Vista machines.  Download the files to the target PCs.  You can then utilize the following script samples to set the permissions in the registry and the file system.

In the below sample we will assign full control permissions to “Everyone” to two registry keys, DumbApp1 and DumbApp2.  This sample creates a temporary text file that the REGINI program will use to set the permissions.  Once execute, the temporary file is deleted by the script.

‘==========================================================================
‘
‘ NAME: ChangeRegistryPerms.vbs
‘
‘ AUTHOR: Mark D. MacLachlan , The Spider’s Parlor
‘ URL: http://www.TheSpidersParlor.com
‘ COPYRIGHT (c) 2009 All Rights Reserved
‘ DATE  : 3/22/2009
‘
‘    THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF
‘    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
‘    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
‘    PARTICULAR PURPOSE.
‘
‘    IN NO EVENT SHALL THE SPIDER’S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
‘    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
‘    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
‘    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
‘    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
‘    OF THIS CODE OR INFORMATION.
‘
‘ COMMENT: Download REGINI in the Resource Kit Tools from Microsoft.com.
‘
‘==========================================================================
‘First create our File System Object and Shell
Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set WSHShell = CreateObject(”WScript.Shell”)

‘ Next we create the temp file that regini.exe will use
strFileName = objFSO.GetTempName
Set objFile = objFSO.CreateTextFile(strFileName)
objFile.WriteLine “HKEY_LOCAL_MACHINE\SOFTWARE\DumbApp1 [1 5 7 11 17]”
objFile.WriteLine “HKEY_LOCAL_MACHINE\SOFTWARE\DumbApp2 [1 5 7 11 17]”
objFile.Close

‘ Now we execute REGINI to change the registry permissions
WSHShell.Run “regini ” & strFileName, 8, true

‘ Perform cleanup and delete temp file
objFSO.DeleteFile strFileName

If you are wondering what all those numbers are after the registry keys, have a look at this supporting documentation for REGINI.  Note that WORLD is “Everyone.”  Also note that whatever permissions you set override whatever was there before.

1.    Administrator Full
2.    Administrator R
3.    Administrator RW
4.    Administrator RWD
5.    Creator Full
6.    Creator RW
7.    World Full
8.    World R
9.    World RW
10.    World RWD
11.    Power Users Full
12.    Power Users RW
13.    Power Users RWD
14.    System OpFull
15.    System OpRW
16.    System OpRWD
17.    System Full
18.    System RW
19.    System R
20.    Administrator RWX

Examples:

\Registry\Machine\System\CurrentControlSet\ENUM [1 8 17] - will grant Administrator - Full Control, Everyone - Read, and System - Full Control.

\Registry\User\S-1-5-21-2053067395-480382929-641664369-1001\Software\Strange Software Thingy [1 8 17] - Same as above.

\Registry\Machine\System\CurrentControlSet\ENUM [8 17] - Will remove the Administrator group from the first example.

**************************************************

OK, so now you need to set the permissions on the program files.  Here we will use XCACLS.VBS.
‘==========================================================================
‘
‘ NAME: ChangeNTFSPerms.vbs
‘ AUTHOR: Mark D. MacLachlan , The Spider’s Parlor
‘ URL: http://www.TheSpidersParlor.com
‘ COPYRIGHT (c) 2009 All Rights Reserved
‘ DATE  : 3/22/2009
‘
‘    THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF
‘    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
‘    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
‘    PARTICULAR PURPOSE.
‘
‘    IN NO EVENT SHALL THE SPIDER’S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
‘    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
‘    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
‘    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
‘    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
‘    OF THIS CODE OR INFORMATION.
‘
‘ COMMENT: Download XCACLS.VBS from Microsoft.com.
‘
‘==========================================================================
Dim objFSO, oShell, oFolder, sXPath, sFolder, sys, DomainName
‘ Create our objects for later use
Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set oShell = Wscript.CreateObject(”Wscript.Shell”)
Set sys = CreateObject(”ADSystemInfo”)
‘Find the domain name
DomainName = sys.DomainShortName
‘Specify the path to XCACLS
sXpath =  “C:\Utilities\xcacls.vbs”
‘Specify the folders we want to set permissions on
sDrive1 = “C:\Program Files\BaddApp1?
sDrive2 = “C:\Program Files\BadApp2?
‘Now we bind to the folder and then execute XCACLS to set permissions
Set oFolder = objFSO.GetFolder(sDrive1)
sFolder = objFso.GetFolder(oFolder).ShortPath & ” “

‘Assign permissions to SYSTEM
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /I Remove /G “&Chr(34)& “System” & Chr(34)& “:F”
WScript.Sleep 2000
‘Assign permissions to DOMAIN ADMINS
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /E /G “&Chr(34)& “Domain Admins” &Chr(34)& “:F”
WScript.Sleep 2000
‘Assign permissions to DOMAIN USERS
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /E /G “&Chr(34)& “Domain Users” &Chr(34)& “:F”

‘Repeat the above steps for our second folder
Set oFolder = objFSO.GetFolder(sDrive2)
sFolder = objFso.GetFolder(oFolder).ShortPath & ” ”
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /I Remove /G “&Chr(34)& “System” & Chr(34)& “:F”
WScript.Sleep 2000
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /E /G “&Chr(34)& “Domain Admins” &Chr(34)& “:F”
WScript.Sleep 2000
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /E /G “&Chr(34)& “Domain Users” &Chr(34)& “:F”

Scenario:

Customer is replacing a file server with new hardware. The existing shares need to be migrated to the new server. There are far too many share permissions to document and duplicate without incurring significant cost to the customer.

Solution:

1. First use ROBOCOPY to copy the data with the required NTFS permissions. This is accomplished using the /E /SEC /COPYALL switches. Ideally the data will exist on the same drive letter on the new server as the old one, but it does not have to.

2. Open Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\LanmanServer\Shares

3. Export the key and save the export to a safe location.

4. In the right pane you will see a list of all the current shares. If the server drive letters and paths are the same, proceed to step 5. Otherwise double click each share name and alter the path in the pop up window to point to where the share will exist on the new server.

5. Delete any shares listed that will not exist on the new server.

6. Export the Shares key and copy the exported file to the new server.

7. Import the registry key on the new server by double clicking the file or choose File, Import from within Regedit.

8. Reboot the server. The shares and permission will be automatically recreated.

Bonus:

If the shares are user shares that match the user name and you wish to reset permissions to allow System and Domain Admins and the user to only have access to their share, you can do so via script.

‘==========================================================================
‘
‘ NAME: ResetNTFSUserPerms.vbs
‘
‘ AUTHOR: Mark D. MacLachlan , The Spider’s Parlor
‘ URL: http://www.TheSpidersParlor.com
‘ COPYRIGHT (c) 2005 All Rights Reserved
‘ DATE : 1/22/2009
‘
‘ THIS CODE AND INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF
‘ ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
‘ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
‘ PARTICULAR PURPOSE.
‘
‘ IN NO EVENT SHALL THE SPIDER’S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
‘ BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
‘ DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
‘ WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
‘ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
‘ OF THIS CODE OR INFORMATION.
‘
‘ COMMENT: Download xcacls.vbs from Microsoft.com.
‘
‘==========================================================================

Dim objFSO, oShell, oFolder, colSubfolders, oSubFolder, sXPath, sFolder, sys, DomainName
sXpath = “C:\Utilities\xcacls.vbs”
sDrive = “D:\Users\FolderRedirections\”
Set objFSO = createobject(”Scripting.FileSystemObject”)
Set oShell = Wscript.CreateObject(”Wscript.Shell”)
Set oFolder = objFSO.GetFolder(sDrive)
Set colSubfolders = oFolder.Subfolders

Set sys = CreateObject(”ADSystemInfo”)
DomainName = sys.DomainShortName

For Each oSubfolder in colSubfolders
sFolder = objFso.GetFolder(oSubfolder).ShortPath & ” ”
oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /I Remove /G “&Chr(34)& “System” & Chr(34)& “:F”

WScript.Sleep 2000

oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /E /G “&Chr(34)& “Domain Admins” &Chr(34)& “:F”

WScript.Sleep 2000

oShell.Run “cmd /c cscript.exe ” & sXpath & ” “& sFolder & ” ” & _
” /E /G ” & DomainName &”\” & oSubfolder.Name & “:F”
Next