setman-info Mailing List for Settings Manager
Status: Alpha
Brought to you by:
modg
Menu
▾
▴
setman-info — General info and discussion
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(3) |
Nov
(17) |
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ben...@id...> - 2004-05-25 08:43:40
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
|
From: Scott M. <Wi...@lo...> - 2003-12-03 06:08:19
|
Hi! This url got forwarded to me today... http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/tools/twkmatic.asp --Scott. |
|
From: Morten O. <mo...@cg...> - 2003-11-14 15:14:54
|
Hi Scott, Scott McNay wrote: > > I thought we had a discussion about default values already? :) > > Probably just having it create a backup will do. In any event, having > the ability to create a backup will make it easy to provide a list of > default values, if choose to go ahead and do that. > It's just that a backup doesn't necesarily make sence in setman's format. If there's a value in the registry that is 'out of bounds' (undefined) according to the settings file, setman can't assign a name to it and thus not export it. This is a little strange, but I think it's a good way because it ensures that an exported file will make sence to import - no matter how messed up the machine was when the export took place. Worst case is that you'll end up with an export file full of undefined settings. Have you tried the 'nested-combined-settings.xml' file? I put some test instructions in it. It gives a good example on how import and export and combined settings work. (This file is easier to read in notepad than IE.) It's in this light, I see the 'default' settings. They would provide setman with the possibility that when a present value is undefined, to export the default value instead. But can't decide yet if it's a good idea. It could have some strange consequences. To make a backup you could always just do a 'regedit /e file [key]' to export a reg file. One wonders why 'regedit /?' doesn't do anything since there are actually useful switches. > > MO> I would have liked more opinions on the file format before creating > MO> settings files big time, but maybe we should just move on... It's pretty > MO> theoretic at the moment. That could change if we create a bunch of > MO> files. Or we could make an .ADM converter to do the job on policies. > > Yes, I'd been thinking about something like that, to convert to and > from ADM, REG, and INF formats, so could not only use SetMan for its' > official purpose, but also make it easy to get a decent list of > settings to play with. Actually, I kinda suspect that a convert > utility might be more popular that SetMan itself. > Hehe, could be. For one thing, it could be useful to be able to output the reg.exe commands used in an import instead of actually importing them. They could then be used from a bat file (possibly on a remote computer). This is very easy to implement since the commands are already there. I *really* don't like .INF files. If you've ever messed with MS's User State Migration Tool, you'll know why... But let's do it: -ADM files should be directly importable since that format also names it's values and defines possible values. -REG files can be imported but some work is needed afterwards. REG values are not named, nor do they have any specification on possible values. This would need some attention to become a proper setman file. -INF files have the same problems as REG files plus a data different format. INF files can also include file operations - these would be skipped. -Morten. |
|
From: Morten O. <mo...@cg...> - 2003-11-12 14:13:34
|
The first version of Setman has now been released! Please check it out. It's an alpha version but it does most of what is planned. Please note that it only runs on WinXP because it uses reg.exe. I've also updated the website with some documentation (also included in the release). It includes a lot of the choices I've made. Comments and suggestions are highly welcome. -Morten |
|
From: Morten O. <mo...@cg...> - 2003-11-10 04:57:35
|
Did I write something about a release coming up?! I thought I could have a working version ready this morning, but tonight I noticed some tricky problems with the export functionality. I might as well get it as right as I can before a release, so I'll figure out a solution soon... -Morten |
|
From: Morten O. <mo...@cg...> - 2003-11-05 22:12:23
|
Scott McNay wrote: > MO> This is a common mistake, glad we got it up. HKU\.DEFAULT is NOT the > MO> same hive as ..\Default User\ntuser.dat. This means that keys written > > ... > > MO> I once tested this to make absolutely sure. You can try yourself - write > MO> something to HKU\.DEFAULT, create a new user and log on - the setting > MO> won't be in HKCU like you would expect. > > MO> To apply something to the Default User profile you have to load > MO> ..\Default User\ntuser.dat to some name under HKU, write to it and then > MO> unload it again. > > Might want to document that somewhere, for people poking through your > code (like me). :) > Yes, I will. It's pretty confusing though it is in fact documented here: http://www.microsoft.com/ntserver/techresources/management/prof_policies.asp. But who could know. > >>>Might also want an ALL option, so that all users get set. > > MO> That could be interesting. I'll consider this. It's a bit of work but it > MO> could be done. > > You have all of the code already, it looks like ; just need to do a loop. > Almost - just have too loop through the profiles and determine which are valid users, ie. not the current one, not All Users, not LocalSystem or NetworkService plus any others they might add that we don't want to touch... It could get a little messy. > Well, can't modify HKCR from remote anyway, if only because any > modifications would depend upon what user you connected as (presumably > administrator). I'd suggest simply locking it out, or loudly > documenting as "tread at own risk". > Yes, I think I'll just lock it out and document why. Then the issue would have to be resolved in the settings files. |
|
From: Morten O. <mo...@cg...> - 2003-11-05 21:57:50
|
Scott McNay wrote: >>>Is it only the registry? My older WMI apps were dog slow running >>>remotely, but now they're reasonably speedy, and I have no idea what >>>the difference is; I just hope that I don't break it. ;) > Probably not, but that's the worst problem. There aren't so many services for instance, that it will be a problem there. > > MO> Are they VBscripts? They could be faster than JScripts because they use > MO> another method (at least syntatically - I'm not an expert on this) for > MO> calling WMI methods. We ought to test this. It would be possible to > MO> create the registry module as a Script Component using VBscript. > > Yes, VBScript. Have added them inline below. I trimmed out the > registry hack, since they weren't needed for the rest of the code; > I'll send those sections from work tomorrow. I dunno why I took them > out. > > As for VBScript vs JScript, how much do you wanna bet that MS is > making sure that VBScript runs faster? :) I did some tests: VBscripts are no faster. This rules out WMI as setman's method for editing the registry. I tried replacing it with WshShell.RegWrite() calls instead. While this is much faster, it has two problems that I also can't live with: It can't set REG_BINARY values properly and REG_MULTI_SZ at all. And worse - it's error handling is miserable. So I spent this afternoon reimplementing the module using reg.exe. Don't you just love writing command line parsers?! But now it works the way I like it, so I'm happy. This means I can probably release an alpha version within the week :) > I'm mostly working with VBScript over here just because most of the > samples that I had were VBScript, not JScript. > > > MO> I think we should have two registry modules then. A 'safe' one that will > MO> positively report any errors, probably use WMI and only run on Win2K and > MO> forth. And then the one you mention that is more flexible and can be > MO> used for other purposes and try several methods. But it's going to be a > MO> pain to write all those parsers with their different types of value formats. > > Yes, parser is a pain; I've done that already, for REG.EXE. :( Then > I did it again, and then I did it again. Finally got it working > properly. I think. :) > Hehe - now I've done it too ;) Reg.exe's builtin docs are flawed (concerning REG_EXPAND_SZ's) - big surprise. But I finally got it (or Google did). -Morten |
|
From: Scott M. <Una...@lo...> - 2003-11-05 03:02:25
|
//
// $ is the IN operator, i.e., is x in y?
// MemoRead() reads the contents of a file into a variable.
// MemoLine(x,y,z) reads line z from variable x (a multi-line string)
// alltrim(x) is the same as ltrim(rtrim(x))
// StrTran(x,y,z) converts all occurrences of y to z in string x.
// I'm using chr(0) to indicate nothing to return, and chr(0)+chr(0)
// to indicate failure.
// Clipper is very similar to BASIC, but is designed for database
// manipulation.
//
Function GetReg(x,y)
local ww
runshell(" /MIN /C REG.EXE QUERY " + chr(34)+ x + "\'" + y +"'" + chr(34) + " \\" + mCNAME + " > " + MyTemp)
ww := memoread(MyTemp)
delete file (MyTemp)
if alltrim(MemoLine(ww,65535,2))="Access is denied."
ww := chr(0) + chr(0)
elseif chr(13)+chr(10)+"REG_BINARY" $ ww .and. "Data to follow:" $ ww
ww := StrTran(alltrim(MemoLine(ww,65535,4))," ","")
elseif !(chr(13)+chr(10)+"REG_" $ ww) .and. !(chr(13)+chr(10)+"EXPAND_SZ" $ ww) .and. !(chr(13)+chr(10)+"MULTI_SZ" $ ww)
ww := chr(0)
else
ww := rtrim(MemoLine(ww,65535,2))
ww := alltrim(substr(alltrim(substr(ww,at(" ",ww)+1)),len(y)+1))
endif
return ww
// This function gets a list of keys into an array.
// aAdd(z,x) adds item x as a new element to array z.
// mlcount(ww,y) counts the number of lines in ww.
Function GetReg2(x,y)
local a, ww, z := {}
runshell(" /MIN /C REG.EXE QUERY " + chr(34)+ x + "\'" + y +"'" + chr(34) + " \\" + mCNAME + " > " + MyTemp)
ww := memoread(MyTemp)
delete file (MyTemp)
if "Listing of ["$ww
for a := 1 to mlcount(ww,65536)
b := alltrim(memoline(ww,65535,a))
if left(b,1)="["
aAdd(z,alltrim(substr(b,2,len(b)-2)))
endif
next a
endif
return z
Procedure DelReg(x,y)
runshell(" /MIN /C REG.EXE DELETE " + chr(34)+ x + "\'" + y +"'" + chr(34) + " \\" + mCNAME + " /FORCE > NUL")
return
// Yes, I'm cheating here.
Procedure SetReg(x,y,z,a)
runshell(" /MIN /C REG.EXE UPDATE " + chr(34) + x + "\'" + y +"'" + chr(34) + "=" + alltrim(var2char(z)) + " \\" + mCNAME + " > NUL")
runshell(" /MIN /C REG.EXE ADD " + chr(34)+ x + "\'" + y +"'" + chr(34) + "=" + alltrim(var2char(z)) + " " + a + " \\" + mCNAME + " > NUL")
return
|
|
From: Scott M. <Una...@lo...> - 2003-11-04 06:53:12
|
This may be of interest: http://thegoldenear.org/tweak/ (also on SourceForge) --Scott. |
|
From: Scott M. <Wi...@lo...> - 2003-11-04 04:20:33
|
Hi Morten,
Monday, November 3, 2003, 9:36:23 AM, you wrote:
>> Is it only the registry? My older WMI apps were dog slow running
>> remotely, but now they're reasonably speedy, and I have no idea what
>> the difference is; I just hope that I don't break it. ;)
MO> Are they VBscripts? They could be faster than JScripts because they use
MO> another method (at least syntatically - I'm not an expert on this) for
MO> calling WMI methods. We ought to test this. It would be possible to
MO> create the registry module as a Script Component using VBscript.
Yes, VBScript. Have added them inline below. I trimmed out the
registry hack, since they weren't needed for the rest of the code;
I'll send those sections from work tomorrow. I dunno why I took them
out.
As for VBScript vs JScript, how much do you wanna bet that MS is
making sure that VBScript runs faster? :)
I'm mostly working with VBScript over here just because most of the
samples that I had were VBScript, not JScript.
MO> I think we should have two registry modules then. A 'safe' one that will
MO> positively report any errors, probably use WMI and only run on Win2K and
MO> forth. And then the one you mention that is more flexible and can be
MO> used for other purposes and try several methods. But it's going to be a
MO> pain to write all those parsers with their different types of value formats.
Yes, parser is a pain; I've done that already, for REG.EXE. :( Then
I did it again, and then I did it again. Finally got it working
properly. I think. :)
MO> No, I'm thinking of running a proces inside the user's session
MO> (something that almost all legacy installers need - I shouldn't really
MO> be bring this up here.)
I know it can be done, as long as you don't mind having blood all over
the place. :)
--Scott.
**********************
MyExec.vbs
Executes specified command on remote computer
Note, uses modified version of blnConnect, from MS samples
cscript MyExec.vbs computername userid password command parameters
**********************
on error resume next
If right(ucase(wscript.FullName),11)="WSCRIPT.EXE" then
wscript.echo "ERROR: You must run this script using cscript, for example 'cscript " & wscript.scriptname & "'."
wscript.quit 0
end if
ip = wscript.arguments(0)
usr = wscript.arguments(1)
pwd = wscript.arguments(2)
cmd = wscript.arguments(3)
opt = ""
if wscript.arguments.count > 3 then
for aa = 4 to (wscript.arguments.count - 1)
opt = opt & " " & wscript.arguments(aa)
next
end if
opt = ltrim(opt)
wscript.echo "Connecting..."
xError = blnConnect("root\cimv2",usr,pwd,ip,osvcRemote)
if xError then xError = blnConnect("root\cimv2","","",ip,osvcRemote)
If not xError Then
xError = (RunIt() <> 0)
end if
if xError then Wscript.echo "Please check server name, credentials, and WBEM Core."
function RunIt()
on error resume next
wscript.echo "Getting remote process..."
set oprocess = osvcRemote.Get("win32_process")
if Err.Number <> 0 then
wscript.echo "Error was: " & Err.Number & ": " & Err.Description & "(" & Err.Source & ")"
ret = Err.Number
else
wscript.echo "Executing..."
ret = oprocess.create(cmd & " " & opt)
if Err.Number <> 0 then
wscript.echo "Error was: " & Err.Number & ": " & Err.Description & "(" & Err.Source & ")"
ret = Err.Number
elseif (ret <> 0) then
wscript.echo "Failed to start process on " & ip & ": " & ret
else
ret = 0
end if
end if
RunIt = ret
end function
'********************************************************************
'*
'* Function blnConnect()
'*
'* Purpose: Connects to machine strServer.
'*
'* Input: strServer a machine name
'* strNameSpace a namespace
'* strUserName name of the current user
'* strPassword password of the current user
'*
'* Output: objService is returned as a service object.
'* strServer is set to local host if left unspecified
'*
'********************************************************************
Private Function blnConnect(ByVal strNameSpace, _
ByVal strUserName, _
ByVal strPassword, _
ByRef strServer, _
ByRef objService)
ON ERROR RESUME NEXT
Dim objLocator, objWshNet
blnConnect = False 'There is no error.
'Create Locator object to connect to remote CIM object manager
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
If Err.Number then
Call Wscript.Echo( "Error 0x" & CStr(Hex(Err.Number)) & _
" occurred in creating a locator object." )
If Err.Description <> "" Then
Call Wscript.Echo( "Error description: " & Err.Description & "." )
End If
Err.Clear
blnConnect = True 'An error occurred
Exit Function
End If
'Connect to the namespace which is either local or remote
Set objService = objLocator.ConnectServer (strServer, strNameSpace, _
strUserName, strPassword)
If Err.Number then
Call Wscript.Echo( "Error 0x" & CStr(Hex(Err.Number)) & _
" occurred in connecting to server " _
& strServer & ".")
If Err.Description <> "" Then
Call Wscript.Echo( "Error description: " & Err.Description & "." )
End If
Err.Clear
blnConnect = True 'An error occurred
Exit Function
End If
ObjService.Security_.impersonationlevel = 3
If Err.Number then
Call Wscript.Echo( "Error 0x" & CStr(Hex(Err.Number)) & _
" setting impersonation level for " _
& strServer & ".")
If Err.Description <> "" Then
Call Wscript.Echo( "Error description: " & Err.Description & "." )
End If
Err.Clear
blnConnect = True 'An error occurred
Exit Function
End If
'Get the current server's name if left unspecified
If IsEmpty(strServer) Then
Set objWshNet = CreateObject("Wscript.Network")
strServer = objWshNet.ComputerName
End If
End Function
**********************
FixPhoto.Vbs
Changes registry so that Micosoft Photo Editor will work. In theory,
anyway.
**********************
' This does not seem to work, for some reason. Works when run REGPERM
' manually, though.
cNAME = InputBox("Enter user's computername")
if len(cNAME) = 0 then return
' on error resume next
Set WshShell = WScript.CreateObject("WScript.Shell")
ret=wshShell.run("cmd.exe /c RegPerm.exe \\" & cNAME & " /K ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools"" /A:""Users"":QWCENR /A:""Power Users"":QWCENR /A:""Administrators"":F /E /I /R", 0)
wscript.echo "Now have the user try again to see if that fixes the problem."
**********************
SCRIPT.PRG
An Xbase++ (Clipper/dBase III derivative) program to scan and connect
to a remote system.
**********************
LOCAL aThreads[1], aThreads2[1]
public ip := { ;
{"192.168.0.", 0,255,"local"}}
PUBLIC nCount := 0
use RKA shared new alias RKA
? "Starting..."
runshell("/MIN /C NBTSTAT -R > NUL")
do while !eof()
do while (nPtr := aScan(aThreads,{|x| valtype(x)=="U" .or. !x:active})) = 0
sleep(10)
end do
if nPtr > 0
vREADONLY := !empty(substr(RKA->READONLY,1,1))
vNOPEEP := !empty(substr(RKA->READONLY,2,1))
vNOKEYBOARD := !empty(substr(RKA->READONLY,3,1))
if !(valtype(aThreads[nPtr])=="O")
aThreads[nPtr] := Thread():new()
endif
athreads2[nPtr] := RecNo()
DoComputer(RecNo())
skip
else
? "Huh??"
endif
end do
? "Waiting until all threads have terminated..."
do while aScan(aThreads,{|x| valtype(x)=="O" .and. x:active}) > 0
for nPtr := 1 to len(aThreads2)
if valtype(aThreads[nPtr])="O" .and. aThreads[nPtr]:active
goto aThreads2[nPtr]
@nPtr+1,0 say str(aThreads2[nPtr]) + " " + RKA->CNAME
else
@nPtr+1,0 say "---------------"
endif
next nPtr
@nPtr+2,0 say alltrim(str(nCount))+" "
sleep(50)
end do
? "Exiting."
go top
return
procedure DoComputer(nRec)
local xText0, xText1, xText2, xText3, xText4, b, c, d
LOCAL aAdmin := { ;
{"userid","pwd"} ;
}
cThread := alltrim(str(ThreadId()))
MyTemp := "TMP" + cThread + ".OUT"
nCount++
if FExists(MyTemp)
FErase(MyTemp)
endif
if FExists(MyTemp)
cThread += "x"
endif
mCNAME := alltrim(RKA->CNAME)
mNBTUSER := ""
mNBTMAC := ""
mPINGIP := ""
oNBTUSER := ""
oNBTMAC := ""
oPINGIP := ""
if RKA->(FieldPos("NBTUSER"))>0
oNBTUSER := RKA->NBTUSER
endif
if RKA->(FieldPos("NBTMAC"))>0
oNBTMAC := RKA->NBTMAC
endif
if RKA->(FieldPos("PINGIP"))>0
oPINGIP := RKA->PINGIP
endif
mSTATUS := ""
*******************************************************************************
* Here we see see if the system has an IP address, and if so, if it's active. *
*******************************************************************************
//PING
runshell("/MIN /C PING -n 1 " + chr(34) + mCNAME + chr(34) + " > " + MyTemp)
xText0 := MemoRead(MyTemp)
DelCount := 0
do while !(FErase(MyTemp) == 0) .and. DelCount < 60
DelCount++
sleep(10)
end do
rlock()
SetField("LASTTRY", Date())
mStatus := ""
if !("Unknown host " $ xText0)
*******************************************************************************
* Record IP address. *
*******************************************************************************
mPINGIP := substr(left(xText0,AT("]",xText0)-1),AT("[",xText0)+1)
if !empty(mPINGIP)
SetField("PINGIP",mPINGIP)
*******************************************************************************
* Use IP address to look up location *
*******************************************************************************
// IPLOCATION
b := left(RKA->PINGIP,RAT(".",RKA->PINGIP)-1)
c := val(substr(RKA->PINGIP,RAT(".",RKA->PINGIP)+1))
for d := 1 to len(ip)
if ip[d,1]=b .and. c >= ip[d,2] .and. c <= ip[d,3]
SetField("IPLOCATION",ip[d,4])
EXIT
endif
next d
if d > len(ip)
SetField("IPLOCATION", "Unknown")
endif
*******************************************************************************
* Is it live or is it Memorex? *
*******************************************************************************
SetField("STATUS", "")
mSTATUS := ""
if !("TTL=" $ xText0)
? padr(mCNAME,17) + "Off "
SetField("STATUS", "Off")
mSTATUS := "Off"
else
SetField("LASTFIND", DATE())
? padr(mCNAME,17)
mSTATUS := left(time(),2)+substr(time(),4,2)
SetField("STATUS", mSTATUS)
*******************************************************************************
* Get NBTSTAT info *
*******************************************************************************
// NBTSTAT
sleep(10)
runshell("/MIN /C NBTSTAT -a "+ chr(34) + mCNAME + chr(34) + "> " + MyTemp)
xText0 := MemoRead(MyTemp)
DelCount := 0
do while !(FErase(MyTemp) == 0) .and. DelCount < 60
DelCount++
sleep(10)
end do
if " UNIQUE "$xText0
*******************************************************************************
* Save MAC address *
*******************************************************************************
xText1 := alltrim(StrTran(substr(xText0,AT(" MAC Address = ", xText0)+18),"-",""))
if !("Connect"$xText1)
mNBTMAC := left(xText1,12)
if !empty(mNBTMAC)
SetField("NBTMAC", mNBTMAC)
endif
endif
*******************************************************************************
* Mangle NBTSTAT results *
*******************************************************************************
xText1 := substr(xText0,AT("----"+chr(13)+chr(13)+chr(10),xText0)+7)
xText1 := left(xText1,AT(" MAC Address = ", xText1)-1)
if "IS~"$xText1
xText1 := StrTran(xText1,"<00> UNIQUE Registered"," Computer--IIS Server")
else
xText1 := StrTran(xText1,"<00> UNIQUE Registered"," Computer--Workstation Service")
endif
if "INet~Services"$xText1
xText1 := StrTran(xText1,"<1C> GROUP Registered"," IIS group")
else
xText1 := StrTran(xText1,"<1C> GROUP Registered"," Domain Controller")
endif
xText1 := StrTran(xText1,"<00> GROUP Registered"," Domain Name")
xText1 := StrTran(xText1,"<03> UNIQUE Registered"," Computer/User--Messenger Service")
xText1 := StrTran(xText1,"<20> UNIQUE Registered"," Computer--File Server Service")
xText1 := StrTran(xText1,"<1E> GROUP Registered"," Domain--Browser Service Elections")
xText1 := StrTran(xText1,"<01> GROUP Registered"," Master Browser")
xText1 := StrTran(xText1,"<21> UNIQUE Registered"," Computer--RAS Client Service")
xText1 := StrTran(xText1,"<31> UNIQUE Registered"," Computer--Modem Sharing Client Service")
xText1 := StrTran(xText1,"<42> UNIQUE Registered"," Computer--McAfee AV")
xText1 := StrTran(xText1,"<BE> UNIQUE Registered"," Computer--Network Monitor Agent")
xText1 := StrTran(xText1,"<BF> UNIQUE Registered"," Computer--Network Monitor App")
xText1 := StrTran(xText1,"<1D> UNIQUE Registered"," Domain--Master Browser")
xText1 := StrTran(xText1,"<6A> UNIQUE Registered"," Computer--MS Exchange IMC (RecTrac server)")
xText1 := StrTran(xText1,"<1F> UNIQUE Registered"," Computer--NetDDE service")
xText1 := StrTran(xText1,"<01> UNIQUE Registered"," Computer--Messenger Service (rare)")
if "<"$xText1
memowrit("errorN"+alltrim(str(nRec))+".txt",xText1)
endif
xText3 := 0
for a := 1 to MLCount(xText0,240)
xText2 := MemoLine(xText0,240,a)
if "<03> UNIQUE" $ xText2
xText1 := xText2
xText3++
endif
next a
*******************************************************************************
* Save name of apparent current user according to NBTSTAT *
*******************************************************************************
mNBTUSER := ""
xText2 := ""
if xText3==2
xText2 := alltrim(left(xText1,19))
endif
mNBTUSER := xText2
if !empty(xText2)
SetField("NBTUSER",mNBTUSER)
endif
endif
*******************************************************************************
* Log on *
*******************************************************************************
RemoteWMIAccess := .T.
RemoteRegAccess := .T.
RemoteFileAccess := .T.
If !vNOPEEP
lOk := .F.
?? "Log on... "
lOk := .F.
xx := val(RKA->PWD)
First := xx > 0
If !First
xx++
endif
do while !lOk .and. xx < len(aAdmin)
runshell("/MIN /WAIT /C NET USE " + chr(34) + "\\" + mCNAME + "\IPC$" + chr(34) + " /USER:" + chr(34) + iif("\"$aAdmin[xx,1],"",mCNAME+"\") + aAdmin[xx,1] + chr(34) + " " + chr(34) + aAdmin[xx,2] + chr(34) + " > " + MyTemp)
if "The command completed successfully."$memoread(MyTemp)
lOk := .T.
else
?? "-"
if First
First := .F.
xx := 1
else
xx++
endif
endif
delete file MyTemp
end do
if lOk
cUser := aAdmin[xx,1]
cPwd := aAdmin[xx,2]
NameIndex := xx
else
cUser := ""
cPwd := ""
NameIndex := 0
?? "Failed! "
endif
if !First
if NameIndex > 0
SetField("PWD",alltrim(str(NameIndex)))
endif
endif
*******************************************************************************
* Run WMI script to grab info from system *
*******************************************************************************
if empty(NFODATE1) .or. NFODATE1 < date()-7
?? "WMI... "
xDate := date()
xSecs := seconds()
runshell("/MIN /WAIT /C cscript /nologo /t:1200 info.vbs " + chr(34) + mCNAME + chr(34) + " " + chr(34) + cUser + chr(34) + " " + chr(34) + cPwd + chr(34) + " > " + MyTemp)
xTime := (date()-xDate) * 86400 + seconds() - xSecs
xText0 := MemoRead(MyTemp)
x := AT("{",xText0)
RemoteWMIAccess := x > 0
if RemoteWMIAccess
if fexists(McNAME + "_info.txt")
delete file (McNAME + "_info.txt")
endif
rename (MyTemp) to (McNAME + "_info.txt")
xText0 := StrTran(StrTran(StrTran(substr(xText0,x),chr(13)+chr(10),""),"}{","},{"),"'","`")
bSaveErrorBlock := ErrorBlock( {|e| Break(e)} )
BEGIN SEQUENCE
x := eval( &("{||{" + xText0 + "}}") )
SetField("NFOINFO1",var2char(xText0))
SetField("NFODATE1",Date())
SetField("WMIUSER",GetInfoValue("Win32_ComputerSystem","UserName"))
RECOVER USING oError
SetField("NFOINFO1","Error during convert. WMI scan took " + str(xTime / 60) + " minutes")
END SEQUENCE
ErrorBlock( bSaveErrorBlock )
endif
endif
*******************************************************************************
endif
*******************************************************************************
* Disconnect IPC$ if connected *
*******************************************************************************
?? " Done"
SetField("Reg",iif(RemoteRegAccess,"Y","N"))
SetField("File",iif(RemoteFileAccess,"Y","N"))
SetField("WMI",iif(RemoteWMIAccess,"Y","N"))
runshell("/MIN /C NET USE " + chr(34) + "\\" + mCNAME + "\IPC$" + chr(34) + " /D > " + MyTemp)
endif
endif
else
? mCNAME
endif
unlock
commit
delete file (MyTemp)
nCount--
sleep(10)
return
procedure SetField(x,y)
local z, b, c, d
z := Select()
select RKA
x := upper(x)
if FieldPos(x)=0 .or. (FieldInfo(FieldPos(x),FLD_TYPE)<>"M" .and. FieldInfo(FieldPos(x),FLD_LEN) < len(var2char(y)))
b := recno()
c := dbstruct()
if FieldPos(x)=0
? "Adding " + x + " value " + left(var2char(y),60)
aAdd(c,{x,valtype(y),0,0})
else
? "Resizing " + x + " value " + left(var2char(y),60)
endif
d := AScan(c,x)
c[d,3] := max(1,len(var2char(y)))
if c[d,3] > 80
c[d,3] := 10
c[d,2] := "M"
endif
DbCreate("xTMP",c)
close RKA
use xTMP exclusive new
append from RKA
close xTMP
delete file RKA.DBF
delete file RKA.DBT
rename xTMP.DBF to RKA.DBF
rename xTMP.DBT to RKA.DBT
use RKA shared new alias RKA
goto b
endif
do while !dbrlock()
?? "."
end do
if pcount() = 3 .and. &(x) $ "px" .and. y="N"
REPLACE &(x) with "x"
else
REPLACE &(x) with (y)
endif
unlock
Select(z)
return
function GetInfoValue(p1, p2, i)
local r, b, c, d, e
static oc := "", a
if valtype(i)="U"
i := 1
endif
if i = 0
r := {}
endif
if !(oc==CNAME)
a := eval( &("{||{" + RKA->nfoinfo1 + "}}") )
oc := CNAME
endif
b := AScan(a[1], {|f|iif(valtype(f)="A",f[1]==p1,.F.)})
if a[1,b,1]==p1
for d := 1 to len(a[1,b,2])
if i=0 .or. i=d
for c := 1 to len(a[1,b,2,d])
if a[1,b,2,d,c,1]==p2
if i=0
aAdd(r,a[1,b,2,d,c,2])
else
r := a[1,b,2,d,c,2]
endif
endif
next c
endif
next d
endif
return r
**********************
INFO.VBS
This is the last one; it's a 59K WMI script to gather info about the
remote system. I originally had a version that would push itself over
to the remote system, execute, then put the results file where the
administrator's system could get it. However, the current version
works fast enough that it's rare for the script to time out, so I did
away with the unreliable remote-execution stuff. Before, the script
would even time out when it was running on the same system that it
gathered info about! I'm not sure what I changed that made a
difference but I'm sure not complaining!
Note that the output file is formatted so that SCRIPT.PRG can handle
it easily, with only a little massaging. However, modifying the
predefines should make it easy to create alternate formats, should you
choose to play with this script.
Note, uses modified version of blnConnect, from MS samples
**********************
'
' 2003-09-07
' Got push version working
' Added version # (date)
' Suppressed Win32_QuickFixEngineering results, since so horribly slow
' Removed passwords
' Redo patch reporting
' We're back on the remote version now; ripped out push code.
MyVer = "2003-09-21 A"
Q = chr(34)
OQ = "{" & Q
CQ = Q & "}"
COMMA = Q & "," & Q
ip = wscript.arguments(0)
usr = wscript.arguments(1)
pwd = wscript.arguments(2)
wscript.echo "Connecting..."
xError = blnConnect("root\cimv2",usr,pwd,ip,objWMIService)
if xError then xError = blnConnect("root\cimv2","","",ip,objWMIService)
if not xError then Main2 objWMIService
Function CheckError(x,y)
w = ""
if (Err.Number <> 0) then
w = x & ": " & CStr(Hex(Err.Number)) & ": " & Err.Description & " (" & Err.Source & ")."
elseif y=1 and ret <> 0 then
w = x & ": " & ret
end if
CheckError = (w <> "")
if CheckError <> "" and x <> "" and w <> "" then
wScript.Echo w
end if
Err.Clear
end function
sub main2(objWMIService)
On Error Resume Next
Wscript.Echo OQ & MyVer & Q & ","
'
Wscript.Echo OQ & "Win32_1394Controller" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_1394Controller",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "MaxNumberControlled" & COMMA & objItem.MaxNumberControlled & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
' Filter for local computer only
'Wscript.Echo OQ & "Win32_Account" & Q & ",{"
'Set colItems = objWMIService.ExecQuery("Select * from Win32_Account",,48) ' where SIDType=1, Domain='" & strComputer & "'",,48)
'For Each objItem in colItems
' Wscript.echo "{"
' Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
' Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
' Wscript.Echo OQ & "Domain" & COMMA & objItem.Domain & CQ
' Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
' Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
' Wscript.Echo OQ & "SID" & COMMA & objItem.SID & CQ
' Wscript.Echo OQ & "SIDType" & COMMA & objItem.SIDType & CQ
' Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
' Wscript.Echo "}"
'Next
'Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_BaseBoard" & Q & ",{"
' - Manufacturer:
' - Product:
Set colItems = objWMIService.ExecQuery("Select * from Win32_BaseBoard",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "Model" & COMMA & objItem.Model & CQ
Wscript.Echo OQ & "Product" & COMMA & objItem.Product & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
Wscript.Echo OQ & "Win32_Battery" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_Battery",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Availability" & COMMA & objItem.Availability & CQ
Wscript.Echo OQ & "BatteryRechargeTime" & COMMA & objItem.BatteryRechargeTime & CQ
Wscript.Echo OQ & "BatteryStatus" & COMMA & objItem.BatteryStatus & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Chemistry" & COMMA & objItem.Chemistry & CQ
Wscript.Echo OQ & "ConfigManagerErrorCode" & COMMA & objItem.ConfigManagerErrorCode & CQ
Wscript.Echo OQ & "ConfigManagerUserConfig" & COMMA & objItem.ConfigManagerUserConfig & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DesignCapacity" & COMMA & objItem.DesignCapacity & CQ
Wscript.Echo OQ & "DesignVoltage" & COMMA & objItem.DesignVoltage & CQ
Wscript.Echo OQ & "DeviceID" & COMMA & objItem.DeviceID & CQ
Wscript.Echo OQ & "ErrorCleared" & COMMA & objItem.ErrorCleared & CQ
Wscript.Echo OQ & "ErrorDescription" & COMMA & objItem.ErrorDescription & CQ
Wscript.Echo OQ & "EstimatedChargeRemaining" & COMMA & objItem.EstimatedChargeRemaining & CQ
Wscript.Echo OQ & "EstimatedRunTime" & COMMA & objItem.EstimatedRunTime & CQ
Wscript.Echo OQ & "ExpectedBatteryLife" & COMMA & objItem.ExpectedBatteryLife & CQ
Wscript.Echo OQ & "ExpectedLife" & COMMA & objItem.ExpectedLife & CQ
Wscript.Echo OQ & "FullChargeCapacity" & COMMA & objItem.FullChargeCapacity & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LastErrorCode" & COMMA & objItem.LastErrorCode & CQ
Wscript.Echo OQ & "MaxRechargeTime" & COMMA & objItem.MaxRechargeTime & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & objItem.PNPDeviceID & CQ
Wscript.Echo OQ & "PowerManagementCapabilities" & COMMA & objItem.PowerManagementCapabilities & CQ
Wscript.Echo OQ & "PowerManagementSupported" & COMMA & objItem.PowerManagementSupported & CQ
Wscript.Echo OQ & "SmartBatteryVersion" & COMMA & objItem.SmartBatteryVersion & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "StatusInfo" & COMMA & objItem.StatusInfo & CQ
Wscript.Echo OQ & "TimeOnBattery" & COMMA & objItem.TimeOnBattery & CQ
Wscript.Echo OQ & "TimeToFullCharge" & COMMA & objItem.TimeToFullCharge & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
' Should be only 1?
Wscript.Echo OQ & "Win32_BIOS" & Q & ",{"
' - Manufacturer:
' - SerialNumber:
' - Version:
Set colItems = objWMIService.ExecQuery("Select * from Win32_BIOS",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "SerialNumber" & COMMA & objItem.SerialNumber & CQ
Wscript.Echo OQ & "Version" & COMMA & objItem.Version & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
' No drive S/N, unfortunately.
Wscript.Echo OQ & "Win32_CDRomDrive" & Q & ",{"
' - PNPDeviceID: (between backslashes)
Set colItems = objWMIService.ExecQuery("Select * from Win32_CDROMDrive",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Id" & COMMA & objItem.Id & CQ
x = objItem.PNPDeviceID
y = instr(x,"\")
if y > 0 then
x = mid(x,y+1)
end if
y = instr(x,"\")
if y > 0 then
x = left(x,y-1)
end if
Wscript.Echo OQ & "PNPDeviceID" & COMMA & x & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'Only 1
Wscript.Echo OQ & "Win32_ComputerSystem" & Q & ",{"
' - AdminPasswordStatus: 3=no
' - CurrentTimeZone: -300=Central
' - DaylightInEffect: True
' - Manufacturer:
' - Name:
' - PowerOnPasswordStatus: 3=no
' - TotalPhysicalMemory:
' - UserName:
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystem",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "AdminPasswordStatus" & COMMA & objItem.AdminPasswordStatus & CQ
Wscript.Echo OQ & "CurrentTimeZone" & COMMA & objItem.CurrentTimeZone & CQ
Wscript.Echo OQ & "DaylightInEffect" & COMMA & objItem.DaylightInEffect & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "PowerOnPasswordStatus" & COMMA & objItem.PowerOnPasswordStatus & CQ
Wscript.Echo OQ & "TotalPhysicalMemory" & COMMA & objItem.TotalPhysicalMemory & CQ
Wscript.Echo OQ & "UserName" & COMMA & objItem.UserName & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
Wscript.Echo OQ & "Win32_ComputerSystemProduct" & Q & ",{"
' - IdentifyingNumber:
' - Name:
' - UUID:
' - Vendor:
Set colItems = objWMIService.ExecQuery("Select * from Win32_ComputerSystemProduct",,48)
For Each objItem in colItems
if objItem.UUID = "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF" OR objItem.UUID = "00000000-0000-0000-0000-000000000000" then
else
Wscript.echo "{"
Wscript.Echo OQ & "IdentifyingNumber" & COMMA & objItem.IdentifyingNumber & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "UUID" & COMMA & objItem.UUID & CQ
Wscript.Echo OQ & "Vendor" & COMMA & objItem.Vendor & CQ
Wscript.Echo "}"
end if
Next
Wscript.echo "}}"
' Is this used?
Wscript.Echo OQ & "Win32_CurrentProbe" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_CurrentProbe",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Accuracy" & COMMA & objItem.Accuracy & CQ
Wscript.Echo OQ & "Availability" & COMMA & objItem.Availability & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "ConfigManagerErrorCode" & COMMA & objItem.ConfigManagerErrorCode & CQ
Wscript.Echo OQ & "ConfigManagerUserConfig" & COMMA & objItem.ConfigManagerUserConfig & CQ
Wscript.Echo OQ & "CurrentReading" & COMMA & objItem.CurrentReading & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DeviceID" & COMMA & objItem.DeviceID & CQ
Wscript.Echo OQ & "ErrorCleared" & COMMA & objItem.ErrorCleared & CQ
Wscript.Echo OQ & "ErrorDescription" & COMMA & objItem.ErrorDescription & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "IsLinear" & COMMA & objItem.IsLinear & CQ
Wscript.Echo OQ & "LastErrorCode" & COMMA & objItem.LastErrorCode & CQ
Wscript.Echo OQ & "LowerThresholdCritical" & COMMA & objItem.LowerThresholdCritical & CQ
Wscript.Echo OQ & "LowerThresholdFatal" & COMMA & objItem.LowerThresholdFatal & CQ
Wscript.Echo OQ & "LowerThresholdNonCritical" & COMMA & objItem.LowerThresholdNonCritical & CQ
Wscript.Echo OQ & "MaxReadable" & COMMA & objItem.MaxReadable & CQ
Wscript.Echo OQ & "MinReadable" & COMMA & objItem.MinReadable & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "NominalReading" & COMMA & objItem.NominalReading & CQ
Wscript.Echo OQ & "NormalMax" & COMMA & objItem.NormalMax & CQ
Wscript.Echo OQ & "NormalMin" & COMMA & objItem.NormalMin & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & objItem.PNPDeviceID & CQ
Wscript.Echo OQ & "PowerManagementCapabilities" & COMMA & objItem.PowerManagementCapabilities & CQ
Wscript.Echo OQ & "PowerManagementSupported" & COMMA & objItem.PowerManagementSupported & CQ
Wscript.Echo OQ & "Resolution" & COMMA & objItem.Resolution & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "StatusInfo" & COMMA & objItem.StatusInfo & CQ
Wscript.Echo OQ & "Tolerance" & COMMA & objItem.Tolerance & CQ
Wscript.Echo OQ & "UpperThresholdCritical" & COMMA & objItem.UpperThresholdCritical & CQ
Wscript.Echo OQ & "UpperThresholdFatal" & COMMA & objItem.UpperThresholdFatal & CQ
Wscript.Echo OQ & "UpperThresholdNonCritical" & COMMA & objItem.UpperThresholdNonCritical & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
' Lists all of the desktops on system
' - Name:
' - ScreenSaverActive:
' - ScreenSaverExecutable:
' - ScreenSaverSecure:
' - ScreenSaverTimeout:
Wscript.Echo OQ & "Win32_Desktop" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_Desktop",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "ScreenSaverActive" & COMMA & objItem.ScreenSaverActive & CQ
Wscript.Echo OQ & "ScreenSaverExecutable" & COMMA & objItem.ScreenSaverExecutable & CQ
Wscript.Echo OQ & "ScreenSaverSecure" & COMMA & objItem.ScreenSaverSecure & CQ
Wscript.Echo OQ & "ScreenSaverTimeout" & COMMA & objItem.ScreenSaverTimeout & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_DesktopMonitor" & Q & ",{"
' - ScreenHeight:
' - ScreenWidth:
' - PNPDeviceID: (between backslashes)
Set colItems = objWMIService.ExecQuery("Select * from Win32_DesktopMonitor",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "ScreenHeight" & COMMA & objItem.ScreenHeight & CQ
Wscript.Echo OQ & "ScreenWidth" & COMMA & objItem.ScreenWidth & CQ
x = objItem.PNPDeviceID
y = instr(x,"\")
if y > 0 then
x = mid(x,y+1)
end if
y = instr(x,"\")
if y > 0 then
x = left(x,y-1)
end if
Wscript.Echo OQ & "PNPDeviceID" & COMMA & x & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
Wscript.Echo OQ & "Win32_DiskDrive" & Q & ",{"
' - PNPDeviceID: (between backslashes)
' - InterfaceType:
' - Model:
' - Partitions:
' - Size:
Set colItems = objWMIService.ExecQuery("Select * from Win32_DiskDrive",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "InterfaceType" & COMMA & objItem.InterfaceType & CQ
Wscript.Echo OQ & "Partitions" & COMMA & objItem.Partitions & CQ
x = objItem.PNPDeviceID
y = instr(x,"\")
if y > 0 then
x = mid(x,y+1)
end if
y = instr(x,"\")
if y > 0 then
x = left(x,y-1)
end if
Wscript.Echo OQ & "PNPDeviceID" & COMMA & x & CQ
Wscript.Echo OQ & "Size" & COMMA & objItem.Size & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
Wscript.Echo OQ & "Win32_DiskPartition" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_DiskPartition",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "BlockSize" & COMMA & objItem.BlockSize & CQ
Wscript.Echo OQ & "Bootable" & COMMA & objItem.Bootable & CQ
Wscript.Echo OQ & "BootPartition" & COMMA & objItem.BootPartition & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "PrimaryPartition" & COMMA & objItem.PrimaryPartition & CQ
Wscript.Echo OQ & "Size" & COMMA & objItem.Size & CQ
Wscript.Echo OQ & "StartingOffset" & COMMA & objItem.StartingOffset & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_DisplayConfiguration" & Q & ",{"
' - Caption/Description/DeviceName/SettingID:
' - DisplayFrequency
' - DriverVersion
' - PelsHeight
' - PelsWidth
Set colItems = objWMIService.ExecQuery("Select * from Win32_DisplayConfiguration",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "DriverVersion" & COMMA & objItem.DriverVersion & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_DisplayControllerConfiguration" & Q & ",{"
' - VideoMode
Set colItems = objWMIService.ExecQuery("Select * from Win32_DisplayControllerConfiguration",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "VideoMode" & COMMA & objItem.VideoMode & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
' Nothing??
Wscript.Echo OQ & "Win32_DriverVXD" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_DriverVXD",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "BuildNumber" & COMMA & objItem.BuildNumber & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "CodeSet" & COMMA & objItem.CodeSet & CQ
Wscript.Echo OQ & "Control" & COMMA & objItem.Control & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DeviceDescriptorBlock" & COMMA & objItem.DeviceDescriptorBlock & CQ
Wscript.Echo OQ & "IdentificationCode" & COMMA & objItem.IdentificationCode & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LanguageEdition" & COMMA & objItem.LanguageEdition & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "OtherTargetOS" & COMMA & objItem.OtherTargetOS & CQ
Wscript.Echo OQ & "PM_API" & COMMA & objItem.PM_API & CQ
Wscript.Echo OQ & "SerialNumber" & COMMA & objItem.SerialNumber & CQ
Wscript.Echo OQ & "ServiceTableSize" & COMMA & objItem.ServiceTableSize & CQ
Wscript.Echo OQ & "SoftwareElementID" & COMMA & objItem.SoftwareElementID & CQ
Wscript.Echo OQ & "SoftwareElementState" & COMMA & objItem.SoftwareElementState & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "TargetOperatingSystem" & COMMA & objItem.TargetOperatingSystem & CQ
Wscript.Echo OQ & "V86_API" & COMMA & objItem.V86_API & CQ
Wscript.Echo OQ & "Version" & COMMA & objItem.Version & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_HeatPipe" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_HeatPipe",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "ActiveCooling" & COMMA & objItem.ActiveCooling & CQ
Wscript.Echo OQ & "Availability" & COMMA & objItem.Availability & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "ConfigManagerErrorCode" & COMMA & objItem.ConfigManagerErrorCode & CQ
Wscript.Echo OQ & "ConfigManagerUserConfig" & COMMA & objItem.ConfigManagerUserConfig & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DeviceID" & COMMA & objItem.DeviceID & CQ
Wscript.Echo OQ & "ErrorCleared" & COMMA & objItem.ErrorCleared & CQ
Wscript.Echo OQ & "ErrorDescription" & COMMA & objItem.ErrorDescription & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LastErrorCode" & COMMA & objItem.LastErrorCode & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & objItem.PNPDeviceID & CQ
Wscript.Echo OQ & "PowerManagementCapabilities" & COMMA & objItem.PowerManagementCapabilities & CQ
Wscript.Echo OQ & "PowerManagementSupported" & COMMA & objItem.PowerManagementSupported & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "StatusInfo" & COMMA & objItem.StatusInfo & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
' Nothing
Wscript.Echo OQ & "Win32_InfraredDevice" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_InfraredDevice",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Availability" & COMMA & objItem.Availability & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "ConfigManagerErrorCode" & COMMA & objItem.ConfigManagerErrorCode & CQ
Wscript.Echo OQ & "ConfigManagerUserConfig" & COMMA & objItem.ConfigManagerUserConfig & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DeviceID" & COMMA & objItem.DeviceID & CQ
Wscript.Echo OQ & "ErrorCleared" & COMMA & objItem.ErrorCleared & CQ
Wscript.Echo OQ & "ErrorDescription" & COMMA & objItem.ErrorDescription & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LastErrorCode" & COMMA & objItem.LastErrorCode & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "MaxNumberControlled" & COMMA & objItem.MaxNumberControlled & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & objItem.PNPDeviceID & CQ
Wscript.Echo OQ & "PowerManagementCapabilities" & COMMA & objItem.PowerManagementCapabilities & CQ
Wscript.Echo OQ & "PowerManagementSupported" & COMMA & objItem.PowerManagementSupported & CQ
Wscript.Echo OQ & "ProtocolSupported" & COMMA & objItem.ProtocolSupported & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "StatusInfo" & COMMA & objItem.StatusInfo & CQ
Wscript.Echo OQ & "TimeOfLastReset" & COMMA & objItem.TimeOfLastReset & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_LogicalDisk" & Q & ",{"
' - Caption:
' - Description:
' - Filesystem:
' - FreeSpace:
' - ProviderName
' - Size:
' - VolumeSerialNumber:
Set colItems = objWMIService.ExecQuery("Select * from Win32_LogicalDisk",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "FileSystem" & COMMA & objItem.FileSystem & CQ
Wscript.Echo OQ & "FreeSpace" & COMMA & objItem.FreeSpace & CQ
Wscript.Echo OQ & "ProviderName" & COMMA & objItem.ProviderName & CQ
Wscript.Echo OQ & "Size" & COMMA & objItem.Size & CQ
Wscript.Echo OQ & "VolumeSerialNumber" & COMMA & objItem.VolumeSerialNumber & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_LogicalMemoryConfiguration" & Q & ",{"
' - AvailableVirtualMemory
' - TotalPageFileSpace:
' - TotalPhysicalMemory:
' - TotalVirtualMemory:
Set colItems = objWMIService.ExecQuery("Select * from Win32_LogicalMemoryConfiguration",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "AvailableVirtualMemory" & COMMA & objItem.AvailableVirtualMemory & CQ
Wscript.Echo OQ & "TotalPageFileSpace" & COMMA & objItem.TotalPageFileSpace & CQ
Wscript.Echo OQ & "TotalPhysicalMemory" & COMMA & objItem.TotalPhysicalMemory & CQ
Wscript.Echo OQ & "TotalVirtualMemory" & COMMA & objItem.TotalVirtualMemory & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_LogicalShareSecuritySetting" & Q & ",{"
' - ControlFlags:
' - Name:
Set colItems = objWMIService.ExecQuery("Select * from Win32_LogicalShareSecuritySetting",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "ControlFlags" & COMMA & objItem.ControlFlags & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_NetworkAdapter" & Q & ",{"
' - MACAddress: (non-empty)
' - ProductName:
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapter",,48)
For Each objItem in colItems
if objItem.MACAddress > "" and instr(objItem.ProductName,"Miniport")=0 then
Wscript.echo "{"
Wscript.Echo OQ & "MACAddress" & COMMA & objItem.MACAddress & CQ
Wscript.Echo OQ & "ProductName" & COMMA & objItem.ProductName & CQ
Wscript.Echo OQ & "Speed" & COMMA & objItem.Speed & CQ
Wscript.Echo "}"
end if
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_NetworkAdapterConfiguration" & Q & ",{"
' - Caption:
' - DeadGWDetectEnabled:
' - DHCPServer:
' - DNSHostName:
' - IPSubNet:
' - MACAddress:
' - WINSEnableLMHostsLookup:
' - WINSPrimaryServer:
' - WINSSecondaryServer:
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration",,48)
For Each objItem in colItems
if objItem.IPEnabled <> "False" then
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "DeadGWDetectEnabled" & COMMA & objItem.DeadGWDetectEnabled & CQ
if VarType(objItem.DefaultIPGateway) <> 8204 then
Wscript.Echo OQ & "DefaultIPGateway" & COMMA & objItem.DefaultIPGateway & CQ
end if
Wscript.Echo OQ & "DHCPEnabled" & COMMA & objItem.DHCPEnabled & CQ
Wscript.Echo OQ & "DHCPLeaseExpires" & COMMA & objItem.DHCPLeaseExpires & CQ
Wscript.Echo OQ & "DHCPLeaseObtained" & COMMA & objItem.DHCPLeaseObtained & CQ
Wscript.Echo OQ & "DHCPServer" & COMMA & objItem.DHCPServer & CQ
Wscript.Echo OQ & "DNSDomain" & COMMA & objItem.DNSDomain & CQ
Wscript.Echo OQ & "DNSEnabledForWINSResolution" & COMMA & objItem.DNSEnabledForWINSResolution & CQ
Wscript.Echo OQ & "DNSHostName" & COMMA & objItem.DNSHostName & CQ
Wscript.Echo OQ & "DomainDNSRegistrationEnabled" & COMMA & objItem.DomainDNSRegistrationEnabled & CQ
if VarType(objItem.IPAddress) <> 8204 then
Wscript.Echo OQ & "IPAddress" & COMMA & objItem.IPAddress & CQ
end if
Wscript.Echo OQ & "IPEnabled" & COMMA & objItem.IPEnabled & CQ
if VarType(objItem.IPSubnet) <> 8204 then
Wscript.Echo OQ & "IPSubnet" & COMMA & objItem.IPSubnet & CQ
end if
Wscript.Echo OQ & "MACAddress" & COMMA & objItem.MACAddress & CQ
Wscript.Echo OQ & "TcpipNetbiosOptions" & COMMA & objItem.TcpipNetbiosOptions & CQ
Wscript.Echo OQ & "WINSEnableLMHostsLookup" & COMMA & objItem.WINSEnableLMHostsLookup & CQ
Wscript.Echo OQ & "WINSPrimaryServer" & COMMA & objItem.WINSPrimaryServer & CQ
Wscript.Echo OQ & "WINSSecondaryServer" & COMMA & objItem.WINSSecondaryServer & CQ
Wscript.Echo "}"
end if
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_NetworkClient" & Q & ",{"
' - Caption
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkClient",,48)
For Each objItem in colItems
if objItem.Caption <> " & Q & Q & " then
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo "}"
end if
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_NetworkLoginProfile" & Q & ",{"
' - FullName:
' - LastLogoff:
' - LastLogon:
' - Name:
' - NumberOfLogons:
' - PasswordAge: ***
' - PasswordExpires:
' - PrimaryGroupID:
' - ScriptPath:
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkLoginProfile",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "FullName" & COMMA & objItem.FullName & CQ
Wscript.Echo OQ & "LastLogoff" & COMMA & objItem.LastLogoff & CQ
Wscript.Echo OQ & "LastLogon" & COMMA & objItem.LastLogon & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "NumberOfLogons" & COMMA & objItem.NumberOfLogons & CQ
Wscript.Echo OQ & "PasswordAge" & COMMA & objItem.PasswordAge & CQ
Wscript.Echo OQ & "PasswordExpires" & COMMA & objItem.PasswordExpires & CQ
Wscript.Echo OQ & "PrimaryGroupId" & COMMA & objItem.PrimaryGroupId & CQ
Wscript.Echo OQ & "ScriptPath" & COMMA & objItem.ScriptPath & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_OnBoardDevice" & Q & ",{"
' - Description:
Set colItems = objWMIService.ExecQuery("Select * from Win32_OnBoardDevice",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_OperatingSystem" & Q & ",{"
' - BuildNumber:
' - CSDVersion:
' - CurrentTimeZone:
' - FreePhysicalMemory:
' - FreeSpaceInPagingFiles:
' - FreeVirtualMemory:
' - InstallDate:
' - LastBootUpTime:
' - LocalDateTime:
' - Locale: 0409
' - OSProductSuite:
' - OSType:
' - SerialNumber:
' - ServicePackMajorVersion:
' - ServicePackMinorVersion:
' - TotalVirtualMemorySize:
' - TotalVisibleMemorySize:
' - Version
Set colItems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "BuildNumber" & COMMA & objItem.BuildNumber & CQ
Wscript.Echo OQ & "BuildType" & COMMA & objItem.BuildType & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "CSDVersion" & COMMA & objItem.CSDVersion & CQ
Wscript.Echo OQ & "CurrentTimeZone" & COMMA & objItem.CurrentTimeZone & CQ
Wscript.Echo OQ & "FreePhysicalMemory" & COMMA & objItem.FreePhysicalMemory & CQ
Wscript.Echo OQ & "FreeSpaceInPagingFiles" & COMMA & objItem.FreeSpaceInPagingFiles & CQ
Wscript.Echo OQ & "FreeVirtualMemory" & COMMA & objItem.FreeVirtualMemory & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LastBootUpTime" & COMMA & objItem.LastBootUpTime & CQ
Wscript.Echo OQ & "LocalDateTime" & COMMA & objItem.LocalDateTime & CQ
Wscript.Echo OQ & "Locale" & COMMA & objItem.Locale & CQ
Wscript.Echo OQ & "OSProductSuite" & COMMA & objItem.OSProductSuite & CQ
Wscript.Echo OQ & "OSType" & COMMA & objItem.OSType & CQ
Wscript.Echo OQ & "OtherTypeDescription" & COMMA & objItem.OtherTypeDescription & CQ
Wscript.Echo OQ & "SerialNumber" & COMMA & objItem.SerialNumber & CQ
Wscript.Echo OQ & "ServicePackMajorVersion" & COMMA & objItem.ServicePackMajorVersion & CQ
Wscript.Echo OQ & "ServicePackMinorVersion" & COMMA & objItem.ServicePackMinorVersion & CQ
Wscript.Echo OQ & "TotalSwapSpaceSize" & COMMA & objItem.TotalSwapSpaceSize & CQ
Wscript.Echo OQ & "TotalVirtualMemorySize" & COMMA & objItem.TotalVirtualMemorySize & CQ
Wscript.Echo OQ & "TotalVisibleMemorySize" & COMMA & objItem.TotalVisibleMemorySize & CQ
Wscript.Echo OQ & "Version" & COMMA & objItem.Version & CQ
Wscript.Echo OQ & "WindowsDirectory" & COMMA & objItem.WindowsDirectory & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_PCMCIAController" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_PCMCIAController",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Availability" & COMMA & objItem.Availability & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "ConfigManagerErrorCode" & COMMA & objItem.ConfigManagerErrorCode & CQ
Wscript.Echo OQ & "ConfigManagerUserConfig" & COMMA & objItem.ConfigManagerUserConfig & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DeviceID" & COMMA & objItem.DeviceID & CQ
Wscript.Echo OQ & "ErrorCleared" & COMMA & objItem.ErrorCleared & CQ
Wscript.Echo OQ & "ErrorDescription" & COMMA & objItem.ErrorDescription & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LastErrorCode" & COMMA & objItem.LastErrorCode & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "MaxNumberControlled" & COMMA & objItem.MaxNumberControlled & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & objItem.PNPDeviceID & CQ
Wscript.Echo OQ & "PowerManagementCapabilities" & COMMA & objItem.PowerManagementCapabilities & CQ
Wscript.Echo OQ & "PowerManagementSupported" & COMMA & objItem.PowerManagementSupported & CQ
Wscript.Echo OQ & "ProtocolSupported" & COMMA & objItem.ProtocolSupported & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "StatusInfo" & COMMA & objItem.StatusInfo & CQ
Wscript.Echo OQ & "TimeOfLastReset" & COMMA & objItem.TimeOfLastReset & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_PnPEntity" & Q & ",{"
' - Caption/Description/Name:
' - Manufacturer: Doesn't start with " & Q & "(Standard" & Q & " and isn't empty and isn't " & Q & "Microsoft" & Q & ",{"
' - PNPDeviceID/DeviceID: (between backslashes, if no " & Q & "&" & Q & ")
Set colItems = objWMIService.ExecQuery("Select * from Win32_PnPEntity",,48)
For Each objItem in colItems
' Filter if empty
if left(objItem.Manufacturer,9)="(Standard" OR objItem.Manufacturer = "Microsoft" OR instr(objItem.PNPDeviceID,"\LEGACY_") > 0 then
else
x = objItem.PNPDeviceID
y = instr(x,"\")
if y > 0 then
x = mid(x,y+1)
end if
y = instr(x,"\")
if y > 0 then
x = left(x,y-1)
end if
if instr(x," & Q & "&" & Q & ") = 0 then
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & x & CQ
Wscript.Echo "}"
end if
end if
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_PortableBattery" & Q & ",{"
Set colItems = objWMIService.ExecQuery("Select * from Win32_PortableBattery",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Availability" & COMMA & objItem.Availability & CQ
Wscript.Echo OQ & "BatteryRechargeTime" & COMMA & objItem.BatteryRechargeTime & CQ
Wscript.Echo OQ & "BatteryStatus" & COMMA & objItem.BatteryStatus & CQ
Wscript.Echo OQ & "CapacityMultiplier" & COMMA & objItem.CapacityMultiplier & CQ
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "Chemistry" & COMMA & objItem.Chemistry & CQ
Wscript.Echo OQ & "ConfigManagerErrorCode" & COMMA & objItem.ConfigManagerErrorCode & CQ
Wscript.Echo OQ & "ConfigManagerUserConfig" & COMMA & objItem.ConfigManagerUserConfig & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "DesignCapacity" & COMMA & objItem.DesignCapacity & CQ
Wscript.Echo OQ & "DesignVoltage" & COMMA & objItem.DesignVoltage & CQ
Wscript.Echo OQ & "DeviceID" & COMMA & objItem.DeviceID & CQ
Wscript.Echo OQ & "ErrorCleared" & COMMA & objItem.ErrorCleared & CQ
Wscript.Echo OQ & "ErrorDescription" & COMMA & objItem.ErrorDescription & CQ
Wscript.Echo OQ & "EstimatedChargeRemaining" & COMMA & objItem.EstimatedChargeRemaining & CQ
Wscript.Echo OQ & "EstimatedRunTime" & COMMA & objItem.EstimatedRunTime & CQ
Wscript.Echo OQ & "ExpectedBatteryLife" & COMMA & objItem.ExpectedBatteryLife & CQ
Wscript.Echo OQ & "ExpectedLife" & COMMA & objItem.ExpectedLife & CQ
Wscript.Echo OQ & "FullChargeCapacity" & COMMA & objItem.FullChargeCapacity & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "LastErrorCode" & COMMA & objItem.LastErrorCode & CQ
Wscript.Echo OQ & "Location" & COMMA & objItem.Location & CQ
Wscript.Echo OQ & "ManufactureDate" & COMMA & objItem.ManufactureDate & CQ
Wscript.Echo OQ & "Manufacturer" & COMMA & objItem.Manufacturer & CQ
Wscript.Echo OQ & "MaxBatteryError" & COMMA & objItem.MaxBatteryError & CQ
Wscript.Echo OQ & "MaxRechargeTime" & COMMA & objItem.MaxRechargeTime & CQ
Wscript.Echo OQ & "Name" & COMMA & objItem.Name & CQ
Wscript.Echo OQ & "PNPDeviceID" & COMMA & objItem.PNPDeviceID & CQ
Wscript.Echo OQ & "PowerManagementCapabilities" & COMMA & objItem.PowerManagementCapabilities & CQ
Wscript.Echo OQ & "PowerManagementSupported" & COMMA & objItem.PowerManagementSupported & CQ
Wscript.Echo OQ & "SmartBatteryVersion" & COMMA & objItem.SmartBatteryVersion & CQ
Wscript.Echo OQ & "Status" & COMMA & objItem.Status & CQ
Wscript.Echo OQ & "StatusInfo" & COMMA & objItem.StatusInfo & CQ
Wscript.Echo OQ & "TimeOnBattery" & COMMA & objItem.TimeOnBattery & CQ
Wscript.Echo OQ & "TimeToFullCharge" & COMMA & objItem.TimeToFullCharge & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_PortConnector" & Q & ",{"
' - InternalReferenceDesignator:
Set colItems = objWMIService.ExecQuery("Select * from Win32_PortConnector",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "InternalReferenceDesignator" & COMMA & objItem.InternalReferenceDesignator & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_Printer" & Q & ",{"
' - Caption/DeviceID/Name:
' - DriverName:
' - HorizontalResolution:
' - PortName:
' - ServerName:
' - ShareName:
' - VerticalResolution:
Set colItems = objWMIService.ExecQuery("Select * from Win32_Printer",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "DriverName" & COMMA & objItem.DriverName & CQ
Wscript.Echo OQ & "HorizontalResolution" & COMMA & objItem.HorizontalResolution & CQ
Wscript.Echo OQ & "PortName" & COMMA & objItem.PortName & CQ
Wscript.Echo OQ & "ServerName" & COMMA & objItem.ServerName & CQ
Wscript.Echo OQ & "ShareName" & COMMA & objItem.ShareName & CQ
Wscript.Echo OQ & "VerticalResolution" & COMMA & objItem.VerticalResolution & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_PrinterConfiguration" & Q & ",{"
' - Color:
' - Description/Name:
' - XResolution:
' - YResolution:
Set colItems = objWMIService.ExecQuery("Select * from Win32_PrinterConfiguration",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Color" & COMMA & objItem.Color & CQ
Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
Wscript.Echo OQ & "XResolution" & COMMA & objItem.XResolution & CQ
Wscript.Echo OQ & "YResolution" & COMMA & objItem.YResolution & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_Processor" & Q & ",{"
' - Caption/Description:
' - CurrentClockSpeed:
' - MaxClockSpeed:
' - Name: (alltrim)
' - SocketDesignation:
Set colItems = objWMIService.ExecQuery("Select * from Win32_Processor",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "CurrentClockSpeed" & COMMA & objItem.CurrentClockSpeed & CQ
Wscript.Echo OQ & "ExtClock" & COMMA & objItem.ExtClock & CQ
Wscript.Echo OQ & "L2CacheSize" & COMMA & objItem.L2CacheSize & CQ
Wscript.Echo OQ & "MaxClockSpeed" & COMMA & objItem.MaxClockSpeed & CQ
Wscript.Echo OQ & "Name" & COMMA & ltrim(objItem.Name) & CQ
Wscript.Echo OQ & "SocketDesignation" & COMMA & objItem.SocketDesignation & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_Product" & Q & ",{"
' - Caption/Description/Name
' - InstallDate:
' - Vendor:
' - Version:
Set colItems = objWMIService.ExecQuery("Select * from Win32_Product",,48)
For Each objItem in colItems
Wscript.echo "{"
Wscript.Echo OQ & "Caption" & COMMA & objItem.Caption & CQ
Wscript.Echo OQ & "InstallDate" & COMMA & objItem.InstallDate & CQ
Wscript.Echo OQ & "Vendor" & COMMA & objItem.Vendor & CQ
Wscript.Echo OQ & "Version" & COMMA & objItem.Version & CQ
Wscript.Echo "}"
Next
Wscript.echo "}}"
'
Wscript.Echo OQ & "Win32_QuickFixEngineering" & Q & ",{"
'Set colItems = objWMIService.ExecQuery("Select * from Win32_QuickFixEngineering",,48)
'For Each objItem in colItems
' Wscript.echo "{"
' Wscript.Echo OQ & "Description" & COMMA & objItem.Description & CQ
' Wscript.Echo OQ & "FixComments" & COMMA & objItem.FixComments...
[truncated message content] |
|
From: Scott M. <Wi...@lo...> - 2003-11-04 03:40:51
|
Hi Morten, Monday, November 3, 2003, 7:43:24 AM, you wrote: MO> This is a common mistake, glad we got it up. HKU\.DEFAULT is NOT the MO> same hive as ..\Default User\ntuser.dat. This means that keys written ... MO> I once tested this to make absolutely sure. You can try yourself - write MO> something to HKU\.DEFAULT, create a new user and log on - the setting MO> won't be in HKCU like you would expect. MO> To apply something to the Default User profile you have to load MO> ..\Default User\ntuser.dat to some name under HKU, write to it and then MO> unload it again. Might want to document that somewhere, for people poking through your code (like me). :) >> Might also want an ALL option, so that all users get set. MO> That could be interesting. I'll consider this. It's a bit of work but it MO> could be done. You have all of the code already, it looks like ; just need to do a loop. >> I was wondering how you were doing the loading; now I see that you're >> cheating. ;) WMI is apparently capable of doing it, since it can >> report desktop settings for all users, but I don't know if that >> functionality is directly available to the programmer. MO> I don't believe I'm cheating. Is there something wrong with "reg.exe MO> load" ? I havn't finished the registry module, so I don't touch the MO> registry just yet, but basically it's just writing to HKU\DEFAULT_USER MO> instead of HKCU. MO> Can WMI do this? Please enlighten me. This would be a nice solution for MO> Win2K that doesn't have reg.exe out of the box. Maybe I really do have MO> some old WMI docs. I saw in one of the scripts at unattended that Perl MO> can too. Just too bad Perl is not bundled with Windows. Be nice if WMI had a function for it. If you haven't found one, I guess there isn't one, or it's fairly well hidden. I've yet to mess with WMI registry functions much, so I can't help much. There's a copy of Perl in the Win NT Resource Kit. Dunno about newer versions. MO> There's another thing we have to worry about eventually - the MO> HKEY_CLASSES_ROOT hive. In fact, this is not a real hive. I had no idea MO> until I saw MO> http://isg.ee.ethz.ch/tools/realmen/det/msi.en.html a couple MO> of years ago. The short story is that HKCR is a merge between MO> HKCU\Software\Classes and HKLM\Software\Classes. I think the conclusion MO> should be that setman should not allow changes to HKCR since it's quite MO> complicated where they might end up. It's better to decide in advance MO> where the setting should go and keep a clear distinction between MO> <UserSettings/> and <MachineSettings/>. Well, can't modify HKCR from remote anyway, if only because any modifications would depend upon what user you connected as (presumably administrator). I'd suggest simply locking it out, or loudly documenting as "tread at own risk". In Win9x, it IS a real hive, which may account for some confusion. MO> Yes, you're right - Denmark to be precise. And you? I'm in central Texas, USA. --Scott. |
|
From: Morten O. <mo...@cg...> - 2003-11-03 15:35:21
|
Scott McNay wrote: > > MO> afterwards on each login. I suspect this is no different with GP. Would > MO> be nice if somebody could clear this up. From my point of view, there > MO> isn't much point in this kind of enforcement. A solution might be ACLs > MO> on the registry keys - it's just that no one knows how explorer.exe > MO> would handle not being able to write a key. In any case, I think it's > > In NT-based systems, the HKLM settings cannot be changed by Restricted > Users, unless you specifically change the ACLs to allow that (that's > what is needed for MS Photo Editor). The HKCU settings can be changed > by the user, but you could change the ACL to block that for specific > settings, although the program that's trying to make the change may > not react well to that. I don't really see that as much concern; it'd > all be in the settings, and situations like that could have a warning. > > Right. But in most cases, it's not an issue. As far as I know, most > things that are security issues in HKCU can be locked down or > overridden by a setting in HKLM. See below, though. > Yes, it's no big problem. On the relatively rare occasions it's needed to apply an ACL to HKCU, it would just need to be tested and documented. > > MO> I can't decide either. Anyway, I don't plan to use this information > MO> programatically, so it's not that important yet. But I have this idea > MO> that I prefer having as little information as possible - but still > MO> enough. Meaning that if it is tested well and nobody finds the > MO> documentation too brief or lacking something, then it's probably ok. > MO> Maybe I'm too optimistic about this. > > I have it in mind as being for the administrator to see, or perhaps > sort on or filter on, but I can't see doing more than that, not at > present, but then again, who knows what will come up in the future. > I'm thinking much the same for the other things, but I have in mind > having those be more informative than anything else. I think should > just have the various sections there as reminders that they should be > checked and documented, if known or applicable. For instance, if you > have an option to enable or disable MSN Instant Messenger, it's > helpful to know what ports it uses, so that you can remember to set > your firewall accordingly. Having the section there will remind the > documenter to document it. > MSN is a good point. I see what you mean. > > MO> No, sorry - setman is not going to install programs. This is a much more > I'm not interested in installing things, per se, just running things, > if you have that kind of functionality in there already. > It's not in there, but of course it's very easy to add. I don't like it too much though. > MO> There's a big but to WMI though. Editing the registry through WMI is > MO> incredibly slow, even locally. This is not too important if one wants to > > Is it only the registry? My older WMI apps were dog slow running > remotely, but now they're reasonably speedy, and I have no idea what > the difference is; I just hope that I don't break it. ;) > Are they VBscripts? They could be faster than JScripts because they use another method (at least syntatically - I'm not an expert on this) for calling WMI methods. We ought to test this. It would be possible to create the registry module as a Script Component using VBscript. > > MO> use it as an administration tool to do something specific, but it's not > MO> feasable for importing 100+ keys in a login script. I'm thinking using > MO> WshShell.RegWrite() instead for simple values that it can handle. This > MO> would speed up things enough - but it doesn't do anything remotely. MS > MO> have a COM object (RegObj.dll) that does this though - it just need to > MO> be registered on each client. It's such a mess! > > REGEDIT and REGEDT32 seem to do things remotely pretty fast, but I > have no idea how they do it. I don't think they use WMI, though. Be I think they use RPC to make remote Win32 API calls. Too bad I don't know anything about Win32 API. But of course we could find people who do... It would mean reimplementing RegObj.dll an possibly a little more. Btw - I just noticed that Real Men have updated their site. For editing ACLs they now point to http://setacl.sourceforge.net. If we want to do ACLs, this is how we'll do it! > nice to find out, so can add in that functionailty, and thus make a > registry editing module that will try every possible way to jam a > change through, all the way down to the brute force method of copying > a REG file across and running REGEDIT using AT. > I think we should have two registry modules then. A 'safe' one that will positively report any errors, probably use WMI and only run on Win2K and forth. And then the one you mention that is more flexible and can be used for other purposes and try several methods. But it's going to be a pain to write all those parsers with their different types of value formats. > > MO> There are lots of options. WMI allows running any application remotely > > I can't always get it to work, as you see from my mention of AT and > SOON; I'd love to know what the pre-requisites are for it. > Hmm - which client OS are you trying to access? I'm generally only concerned with Win2K and forth, but I have used WMI on NT4 quite a lot. I think it just requires SP6 and <http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=AFE41F46-E213-4CBF-9C5B-FBF236E0E875> This link also has some info on Win9x. > PsExec, though, gave me the idea to write my own function to copy an > executable across, execute it, and get the results back. It didn't > work too well, but at least I had the concept working. > > > MO> However, for the time being, I'll stick to the original plan and have > MO> setman only work locally until it's fully implemented. Though it's > MO> simple to edit the registry remotely, there are other things that get a > MO> little complicated - like editing the Default User Profile remotely in > MO> the same run. > > Why is editing the Default user profile complicated? It should be > available. HKLM and HKU should both be available, and the > currently-logged on user(s) (if any) and .default should both tbe > available. Because of the need to load the profile. I discussed this in anothe message. > > MO> I have a question here btw. Is it possible to run a proces in a user's > MO> user context (with the user's environment - HKCU and all) without either > MO> knowing the user's password or running an "agent" in the user's session? > > I'll have to think about it. > > If admin access is needed for whatever the program wants to do, you > can't do this anyway. > > I do know that the suggested way to get a program to run under the > SYSTEM account is to use the AT command. Don't need a password for > that. You can add the /INTERACTIVE option, which lets the user screw > it up, er, configure it to his/her preferences. Would this be > adequate for what you want? > No, I'm thinking of running a proces inside the user's session (something that almost all legacy installers need - I shouldn't really be bring this up here.) > > MO> I believe the answer is no and that it's a design choice, but I haven't > MO> been able to find a definitive answer. I would really like to know for > MO> sure since it is a major obstacle for a lot of things (especially > MO> installing applications). > > Yes, it's a big problem, and I have no idea how you're supposed to do > certain things without temporarily giving the user admin access, which > is supposed to be a no-no. > > Don't talk to me about MS Office; I've been doing lots of cussing > about it lately. :( Especially about how to get it updated without > having to go to each and every machine... and then go back over and > over again when it starts asking for the @^&$#@*! CD. > Hehe - glad I havn't been there for a while. > On another subject, how do you have in mind to get new settings to the > machine? As I mentioned, it's a pain in the butt to grab a machine > that's on dialup for only a few mins, since you have to have your > scanner constantly running, which is a terrible waste of network > bandwidth and CPU time. Having a client on those systems would seem > best, especially if can push it across, and give it the ability to > auto-update itself when there's a newer version. At present, FTP seems > to be the most reliable connection method, although, of course, you > need an FTP server set up for that. I can't seem to get network > mapping to work consistently over dialup; possibly there's a firewall > in the way. Interestingly, I seem to be more successful in mapping > from the server to the client. > > Anyway, I think the system should be designed to work either locally as client > or remotely from a server, for maximum flexibility. > > --Scott. > I see it's a pretty complicated task you have at hand. We really need a big OS project to take on MS SMS for these things. -Morten. |
|
From: Morten O. <mo...@cg...> - 2003-11-03 13:48:21
|
Scott McNay wrote: > Is there any reson can't, if cscript wasn't used, simply re-start with > cscript automatically? Maybe not any good reason ;) I thought it was better to make it clear to the user/admin right away. Maybe it could cause somebody to not skip the documentation (that isn't there yet). And I think it's such a pretty popup, don't you? |
|
From: Morten O. <mo...@cg...> - 2003-11-03 13:42:21
|
Scott McNay wrote: > As I mentioned in a previous email, the default profile *should* already > be available as "HKU\.DEFAULT", although that may be something that > REGEDIT does automatically. This is a common mistake, glad we got it up. HKU\.DEFAULT is NOT the same hive as ..\Default User\ntuser.dat. This means that keys written here will NOT be applied to new users. HKU\.DEFAULT used to contain settings that users like System and services running under the Localsystem account have, but on WinXP there at "real" profiles for at least LocalService and NetworkService (they're just "super hidden"). System probably still uses HKU\.DEFAULT I once tested this to make absolutely sure. You can try yourself - write something to HKU\.DEFAULT, create a new user and log on - the setting won't be in HKCU like you would expect. To apply something to the Default User profile you have to load ..\Default User\ntuser.dat to some name under HKU, write to it and then unload it again. > > Might also want an ALL option, so that all users get set. > That could be interesting. I'll consider this. It's a bit of work but it could be done. > I was wondering how you were doing the loading; now I see that you're > cheating. ;) WMI is apparently capable of doing it, since it can > report desktop settings for all users, but I don't know if that > functionality is directly available to the programmer. > I don't believe I'm cheating. Is there something wrong with "reg.exe load" ? I havn't finished the registry module, so I don't touch the registry just yet, but basically it's just writing to HKU\DEFAULT_USER instead of HKCU. Can WMI do this? Please enlighten me. This would be a nice solution for Win2K that doesn't have reg.exe out of the box. Maybe I really do have some old WMI docs. I saw in one of the scripts at unattended that Perl can too. Just too bad Perl is not bundled with Windows. There's another thing we have to worry about eventually - the HKEY_CLASSES_ROOT hive. In fact, this is not a real hive. I had no idea until I saw http://isg.ee.ethz.ch/tools/realmen/det/msi.en.html a couple of years ago. The short story is that HKCR is a merge between HKCU\Software\Classes and HKLM\Software\Classes. I think the conclusion should be that setman should not allow changes to HKCR since it's quite complicated where they might end up. It's better to decide in advance where the setting should go and keep a clear distinction between <UserSettings/> and <MachineSettings/>. If anybody have other registry issues I'd like to hear about it. I havn't read much of the official registry guides so I may be missing out. > Time for me to get to bed... > > Where are you, if I may ask? Language on your dyndns home page looks > like a scandinavan language. > Yes, you're right - Denmark to be precise. And you? -Morten. |
|
From: Scott M. <Wi...@lo...> - 2003-11-03 04:57:16
|
Hi Morten! Sunday, November 2, 2003, 8:25:56 PM, you wrote: MO> Maybe I wasn't clear about this. What I want to do first is just having MO> a command line script run on the client, resulting in an import of a set MO> of tested and known-good settings. This would be run as part of the MO> installation procedure. Ok, that sounds good. BTW, didn't know you had anything in CVS already; will look. MO> It could also be run from a login script, possibly on each login. This MO> would more or less mirror the functionality of GP. But here is a problem MO> that relates to the concept of "enforcing" settings. If users are able MO> to change the settings, it doesn't make any sense to just import them on My understanding is that this is exactly what Policy does; the data is stored in the SDB file, and at logon, or when AD forces it, the settings are re-set using the database. I'd suggest having SetMan use the database, so that Windows will do most of the grunt work, but I don't think I know enough about how it works to do that. MO> each login. Clueful (is that a word?) users would just change them I've heard "clueful" used before. :) MO> afterwards on each login. I suspect this is no different with GP. Would MO> be nice if somebody could clear this up. From my point of view, there MO> isn't much point in this kind of enforcement. A solution might be ACLs MO> on the registry keys - it's just that no one knows how explorer.exe MO> would handle not being able to write a key. In any case, I think it's In NT-based systems, the HKLM settings cannot be changed by Restricted Users, unless you specifically change the ACLs to allow that (that's what is needed for MS Photo Editor). The HKCU settings can be changed by the user, but you could change the ACL to block that for specific settings, although the program that's trying to make the change may not react well to that. I don't really see that as much concern; it'd all be in the settings, and situations like that could have a warning. Right. But in most cases, it's not an issue. As far as I know, most things that are security issues in HKCU can be locked down or overridden by a setting in HKLM. See below, though. MO> necessary to divide things into MO> a) things that are provided as a default that users may change at will, and MO> b) settings that should be enforced (that could break security or cause MO> other problems). Yes, sounds good to me. You'd want most HKLM settings enforced and most HKU settings be merely default, but there's good reasons to not always want that. In some cases, a user preference can be a security issue, such as in Outlook, the preview panel and the auto-preview. Certain nasties (scripts) can get in via preview panel (in which you can read the entire message), but not via auto-preview (in which you can only see the first couple of lines of text). Of course, if all of the patches are up-to-date, this isn't a problem, but it's the principle of the thing; if something similar appears later on, you'd want to be able to deal with it, especially if MS doesn't have a patch for it out yet, and it's already being exploited. MO> I can't decide either. Anyway, I don't plan to use this information MO> programatically, so it's not that important yet. But I have this idea MO> that I prefer having as little information as possible - but still MO> enough. Meaning that if it is tested well and nobody finds the MO> documentation too brief or lacking something, then it's probably ok. MO> Maybe I'm too optimistic about this. I have it in mind as being for the administrator to see, or perhaps sort on or filter on, but I can't see doing more than that, not at present, but then again, who knows what will come up in the future. I'm thinking much the same for the other things, but I have in mind having those be more informative than anything else. I think should just have the various sections there as reminders that they should be checked and documented, if known or applicable. For instance, if you have an option to enable or disable MSN Instant Messenger, it's helpful to know what ports it uses, so that you can remember to set your firewall accordingly. Having the section there will remind the documenter to document it. MO> No, sorry - setman is not going to install programs. This is a much more MO> complicated task than editing the registry and the likes. I would love MO> to have an open source system for this but this is beyond setman for MO> many reasons. Just a basic things such as a guarantee that something MO> went right is impossible for general applications. I want to be sure MO> that if setman returns 0, then absolutely nothing went wrong. I'm not interested in installing things, per se, just running things, if you have that kind of functionality in there already. MO> There is a recent discussion on Unattended on this issue precisely, MO> you've probably read it. I think we should count on a separate project MO> for application installation and management. It would be great and I'd MO> like to help - it's simply too big to integrate with setman, sorry. MO> There's a big but to WMI though. Editing the registry through WMI is MO> incredibly slow, even locally. This is not too important if one wants to Is it only the registry? My older WMI apps were dog slow running remotely, but now they're reasonably speedy, and I have no idea what the difference is; I just hope that I don't break it. ;) MO> use it as an administration tool to do something specific, but it's not MO> feasable for importing 100+ keys in a login script. I'm thinking using MO> WshShell.RegWrite() instead for simple values that it can handle. This MO> would speed up things enough - but it doesn't do anything remotely. MS MO> have a COM object (RegObj.dll) that does this though - it just need to MO> be registered on each client. It's such a mess! REGEDIT and REGEDT32 seem to do things remotely pretty fast, but I have no idea how they do it. I don't think they use WMI, though. Be nice to find out, so can add in that functionailty, and thus make a registry editing module that will try every possible way to jam a change through, all the way down to the brute force method of copying a REG file across and running REGEDIT using AT. MO> There are lots of options. WMI allows running any application remotely I can't always get it to work, as you see from my mention of AT and SOON; I'd love to know what the pre-requisites are for it. MO> (ie. regedit and setman), Windows Scripting Host which I already use MO> extensively in setman has a mechanisn too, and then of course PsExec MO> from http://sysinternals.com/ntw2k/freeware/psexec.shtml. That's a great MO> tool for many purposes, it's free, but it's not open source. I can't use PsExec here; I need to use stuff that comes from MS, or which I can get full source code and review it and compile it myself. Or, need to pay money for it, so that the vendor is legally responsible for it. The problem then is the number of machines that I'd have to install it on, and money is one of those ongoing problems, you know... PsExec, though, gave me the idea to write my own function to copy an executable across, execute it, and get the results back. It didn't work too well, but at least I had the concept working. MO> However, for the time being, I'll stick to the original plan and have MO> setman only work locally until it's fully implemented. Though it's MO> simple to edit the registry remotely, there are other things that get a MO> little complicated - like editing the Default User Profile remotely in MO> the same run. Why is editing the Default user profile complicated? It should be available. HKLM and HKU should both be available, and the currently-logged on user(s) (if any) and .default should both tbe available. MO> That's an area I don't know much about - 'locked down' workstations. MO> Probably worth a discussion. It's something that I'm having to do, and there's an annoying number of systems that I deal with that have Administrator-required applications. In fact, MS's own Picture It! requires admin access, and I haven't been able to find a workaround yet, except by writing a wrapper script that runs the program under a special account that has admin access, which I view as being klutzy. MO> I have a question here btw. Is it possible to run a proces in a user's MO> user context (with the user's environment - HKCU and all) without either MO> knowing the user's password or running an "agent" in the user's session? I'll have to think about it. If admin access is needed for whatever the program wants to do, you can't do this anyway. I do know that the suggested way to get a program to run under the SYSTEM account is to use the AT command. Don't need a password for that. You can add the /INTERACTIVE option, which lets the user screw it up, er, configure it to his/her preferences. Would this be adequate for what you want? MO> I believe the answer is no and that it's a design choice, but I haven't MO> been able to find a definitive answer. I would really like to know for MO> sure since it is a major obstacle for a lot of things (especially MO> installing applications). Yes, it's a big problem, and I have no idea how you're supposed to do certain things without temporarily giving the user admin access, which is supposed to be a no-no. Don't talk to me about MS Office; I've been doing lots of cussing about it lately. :( Especially about how to get it updated without having to go to each and every machine... and then go back over and over again when it starts asking for the @^&$#@*! CD. MO> I'd love to see your code (though I really don't like VB syntax ;) ). I don't either, but so much is written with it, and I'm not able to convert it. I grew up with GWBASIC. Visual BASIC is alien to me, and VBS is tolerable. On another subject, how do you have in mind to get new settings to the machine? As I mentioned, it's a pain in the butt to grab a machine that's on dialup for only a few mins, since you have to have your scanner constantly running, which is a terrible waste of network bandwidth and CPU time. Having a client on those systems would seem best, especially if can push it across, and give it the ability to auto-update itself when there's a newer version. At present, FTP seems to be the most reliable connection method, although, of course, you need an FTP server set up for that. I can't seem to get network mapping to work consistently over dialup; possibly there's a firewall in the way. Interestingly, I seem to be more successful in mapping from the server to the client. Anyway, I think the system should be designed to work either locally as client or remotely from a server, for maximum flexibility. --Scott. |
|
From: Morten O. <mo...@cg...> - 2003-11-03 02:25:02
|
Hi Scott, This is turning in to a long discussion but that's good. We better turn as many stones as we can. Btw. there's some new stuff on CVS. Check the readme first. Scott McNay wrote: > Hi Morten, > > Sunday, November 2, 2003, 12:38:52 PM, you wrote: > > MO> Yes, it's not that much work. Documenting the stuff is definitely the > MO> biggest task. > > MO> But I think you might be overestimating the project. > > No, I'm pretty sure that I know what you have in mind; I'm just saying > that I think documentation is VERY important. Some things I don't do > or are nervous about doing because I don't know what the side-effects > are. Planning ahead for future enhancements should be kept in mind > also. > > I'd guess that what you have in mind is remote settings management, so > that you can configure a computer remotely, and then check the system > to confirm that the settings took, and you can check again still later > to make sure that the settings haven't been changed while you weren't > looking (perhaps the system got reinstalled). > > How are you thinking of doing it? Plopping a program on the remote > system and executing it, or trying to do everything from remote? > Maybe I wasn't clear about this. What I want to do first is just having a command line script run on the client, resulting in an import of a set of tested and known-good settings. This would be run as part of the installation procedure. It could also be run from a login script, possibly on each login. This would more or less mirror the functionality of GP. But here is a problem that relates to the concept of "enforcing" settings. If users are able to change the settings, it doesn't make any sense to just import them on each login. Clueful (is that a word?) users would just change them afterwards on each login. I suspect this is no different with GP. Would be nice if somebody could clear this up. From my point of view, there isn't much point in this kind of enforcement. A solution might be ACLs on the registry keys - it's just that no one knows how explorer.exe would handle not being able to write a key. In any case, I think it's necessary to divide things into a) things that are provided as a default that users may change at will, and b) settings that should be enforced (that could break security or cause other problems). For the time being, I'm mostly concerned about a) but when the tool does this, then b) is just an extension. > It'd be nice to be able to specify that a set or range of values are > acceptable. For instance, in my case, I want a screen saver to be on, > and only Microsoft screen savers are acceptable, no third-party ones, > and the timeout must be within a specific range. If the screensaver > currently set is not on the list, then change it to my default value. > If the timeout is out of range, set it to the default value. > Ranges... hmm. It's possible, but it might get ugly. > > MO> I perfectly agree on the "when and why and how". That's a must to make > MO> it any better than existing solutions. That and various dependencies. > > MO> Related to the above, I think the security issues are too much for > MO> setman. But then again, that's just because right now I'm more focused > MO> on gui settings, like disabling the baloon tips and such. > > I think the security issues need to be documented, perhaps with a flag > that indicates simply that changing would increase or decrease or not > change security. > This relates to b) above. A possibility would be to create a) and b) settings with different options. You're right, it would be a nice functionality to have. > > MO> I'd like to hear suggestions on how to organize the documentation in the > MO> files - do we just write stuff in a <documentation/> tag or should we > MO> have some further kind of organisation. > > I'm undecided... but planning ahead probably can't go too wrong, so > I'd suggest that things like USES_PORTS, > PREREQUISITE_SERVICES, CREATES_SERVICES, STARTS_SERVICES, > STOPS_SERVICES, REMOVE_SERVICES, and the like should be planned for, > even if just shove everything into <documentation/> for now. > I can't decide either. Anyway, I don't plan to use this information programatically, so it's not that important yet. But I have this idea that I prefer having as little information as possible - but still enough. Meaning that if it is tested well and nobody finds the documentation too brief or lacking something, then it's probably ok. Maybe I'm too optimistic about this. > I've been messing around with remote management for a while now. Most > of what I need to do falls into these categories: > > 1. Change settings. > 2. Install programs. > 3. Check that programs are installed and/or settings set. > No, sorry - setman is not going to install programs. This is a much more complicated task than editing the registry and the likes. I would love to have an open source system for this but this is beyond setman for many reasons. Just a basic things such as a guarantee that something went right is impossible for general applications. I want to be sure that if setman returns 0, then absolutely nothing went wrong. There is a recent discussion on Unattended on this issue precisely, you've probably read it. I think we should count on a separate project for application installation and management. It would be great and I'd like to help - it's simply too big to integrate with setman, sorry. > For setting registry values, there's a number of ways that I do it at > present: > > 1. Manually run REGEDIT, connect to remote computer, make change. > > 2. Use REG.EXE (from Resource Kit, but apparently comes standard with > XP) with the computer name as a parameter. Need to first connect to > the system using: It's part of the Support Tools on the Windows 2000 Professional cd and comes with Windows XP (at the latest in SP1), I just checked. Darn - I thought it came with SP3 or 4 for win2k. I use it setman. Hmm > > NET USE \\computername\ipc$ /user:domain\user password > > 3. Copy *.REG file to remote system, then execute REGEDIT.EXE /S with > filename as parameter. > > 4. Use WMI (I don't think I have code for this yet). > Yes! This is what setman is for. It wasn't in my plan to use it remotely as I said earlier, but that's definitely an option. This is very easy with WMI. It wouldn't take much modification of the current registry.js to do this remotely. There's a big but to WMI though. Editing the registry through WMI is incredibly slow, even locally. This is not too important if one wants to use it as an administration tool to do something specific, but it's not feasable for importing 100+ keys in a login script. I'm thinking using WshShell.RegWrite() instead for simple values that it can handle. This would speed up things enough - but it doesn't do anything remotely. MS have a COM object (RegObj.dll) that does this though - it just need to be registered on each client. It's such a mess! There are lots of options. WMI allows running any application remotely (ie. regedit and setman), Windows Scripting Host which I already use extensively in setman has a mechanisn too, and then of course PsExec from http://sysinternals.com/ntw2k/freeware/psexec.shtml. That's a great tool for many purposes, it's free, but it's not open source. However, for the time being, I'll stick to the original plan and have setman only work locally until it's fully implemented. Though it's simple to edit the registry remotely, there are other things that get a little complicated - like editing the Default User Profile remotely in the same run. > > For setting registry security settings, I use: > > 1. REGEDT32, connect to remote computer, make change. > > 2. There's a utility that I finally found, at long last, named > RegPerm, from http://www.cae.wisc.edu/~micro/regperm/, which allows > command-line remote security access settings changes to the registry > > 3. Presumably can do this using WMI, but haven't investigated far > enough yet. > According to my WMI docs, WMI doesn't allow changing registry ACLs remotely (the docs could be too old though). The "Real Men Don't Click" guys wrote a script http://isg.ee.ethz.ch/tools/realmen/down/index.en.html to do this. It does require the RegObj.dll from MS I mentioned before. It has some other requirements, all listed in the file. It's excellent work. But the same applies as before. It's probably a good idea, that I'll completely ignore until a stable version is ready ;) > You need this capability in order to allow users at Restricted User > level to view JPG files with MS Photo Editor or sometimes with IE. > That's an area I don't know much about - 'locked down' workstations. Probably worth a discussion. > > To execute a program on the remote system, there's several ways to do > it. I once had to do it brute force, by adding the command line to the > RUN section of the registry, so that it'll execute on next startup. > Not very satisfactory, needless to say. I did this once on a system > that I'd managed to lock myself out of, and I took the hard drive out, > mounted it in another computer, added the items to the RUN section, > put the drive back, booted up, checked to see if I could get in... > > 1. Use WMI. I have a script that does this. > > 2. Use AT or SOON (from Resource Kit). Doesn't work if scheduler > service isn't running, but can presumably use NETSVC to activate it. > Also need to check that time and time zone and daylight-savings status > are correct. > > To copy files to the remote system, I use either WMI or the DOS COPY > command. I have a VBS script that will copy itself to a remote system > and then execute itself, but at present, it doesn't seem to work reliably. > > My experience is that for a robust application, if one mechanism > doesn't work, you should have another mechanism implemented also. > Thus, if WMI doesn't seem to work, try using a command-line tool to do > the job. If the code is modularized, the main routine need not be > affected; the subfunction would try one method, and if it didn't work, > would try another, and remember the setting for as long as that system > is being modified. > > I can send you what I have so far. > > --Scott. > I wrote something on the options of remote execution above that applies here too. I have a question here btw. Is it possible to run a proces in a user's user context (with the user's environment - HKCU and all) without either knowing the user's password or running an "agent" in the user's session? I believe the answer is no and that it's a design choice, but I haven't been able to find a definitive answer. I would really like to know for sure since it is a major obstacle for a lot of things (especially installing applications). It's great that we discuss all this stuff. We're bound to learn something new ;) I'd love to see your code (though I really don't like VB syntax ;) ). -Morten. |
|
From: Scott M. <Wi...@lo...> - 2003-11-02 22:25:45
|
Hi Morten, Sunday, November 2, 2003, 12:38:52 PM, you wrote: MO> Yes, it's not that much work. Documenting the stuff is definitely the MO> biggest task. MO> But I think you might be overestimating the project. No, I'm pretty sure that I know what you have in mind; I'm just saying that I think documentation is VERY important. Some things I don't do or are nervous about doing because I don't know what the side-effects are. Planning ahead for future enhancements should be kept in mind also. I'd guess that what you have in mind is remote settings management, so that you can configure a computer remotely, and then check the system to confirm that the settings took, and you can check again still later to make sure that the settings haven't been changed while you weren't looking (perhaps the system got reinstalled). How are you thinking of doing it? Plopping a program on the remote system and executing it, or trying to do everything from remote? It'd be nice to be able to specify that a set or range of values are acceptable. For instance, in my case, I want a screen saver to be on, and only Microsoft screen savers are acceptable, no third-party ones, and the timeout must be within a specific range. If the screensaver currently set is not on the list, then change it to my default value. If the timeout is out of range, set it to the default value. MO> I perfectly agree on the "when and why and how". That's a must to make MO> it any better than existing solutions. That and various dependencies. MO> Related to the above, I think the security issues are too much for MO> setman. But then again, that's just because right now I'm more focused MO> on gui settings, like disabling the baloon tips and such. I think the security issues need to be documented, perhaps with a flag that indicates simply that changing would increase or decrease or not change security. MO> I'd like to hear suggestions on how to organize the documentation in the MO> files - do we just write stuff in a <documentation/> tag or should we MO> have some further kind of organisation. I'm undecided... but planning ahead probably can't go too wrong, so I'd suggest that things like USES_PORTS, PREREQUISITE_SERVICES, CREATES_SERVICES, STARTS_SERVICES, STOPS_SERVICES, REMOVE_SERVICES, and the like should be planned for, even if just shove everything into <documentation/> for now. I've been messing around with remote management for a while now. Most of what I need to do falls into these categories: 1. Change settings. 2. Install programs. 3. Check that programs are installed and/or settings set. For setting registry values, there's a number of ways that I do it at present: 1. Manually run REGEDIT, connect to remote computer, make change. 2. Use REG.EXE (from Resource Kit, but apparently comes standard with XP) with the computer name as a parameter. Need to first connect to the system using: NET USE \\computername\ipc$ /user:domain\user password 3. Copy *.REG file to remote system, then execute REGEDIT.EXE /S with filename as parameter. 4. Use WMI (I don't think I have code for this yet). For setting registry security settings, I use: 1. REGEDT32, connect to remote computer, make change. 2. There's a utility that I finally found, at long last, named RegPerm, from http://www.cae.wisc.edu/~micro/regperm/, which allows command-line remote security access settings changes to the registry 3. Presumably can do this using WMI, but haven't investigated far enough yet. You need this capability in order to allow users at Restricted User level to view JPG files with MS Photo Editor or sometimes with IE. To execute a program on the remote system, there's several ways to do it. I once had to do it brute force, by adding the command line to the RUN section of the registry, so that it'll execute on next startup. Not very satisfactory, needless to say. I did this once on a system that I'd managed to lock myself out of, and I took the hard drive out, mounted it in another computer, added the items to the RUN section, put the drive back, booted up, checked to see if I could get in... 1. Use WMI. I have a script that does this. 2. Use AT or SOON (from Resource Kit). Doesn't work if scheduler service isn't running, but can presumably use NETSVC to activate it. Also need to check that time and time zone and daylight-savings status are correct. To copy files to the remote system, I use either WMI or the DOS COPY command. I have a VBS script that will copy itself to a remote system and then execute itself, but at present, it doesn't seem to work reliably. My experience is that for a robust application, if one mechanism doesn't work, you should have another mechanism implemented also. Thus, if WMI doesn't seem to work, try using a command-line tool to do the job. If the code is modularized, the main routine need not be affected; the subfunction would try one method, and if it didn't work, would try another, and remember the setting for as long as that system is being modified. I can send you what I have so far. --Scott. |
|
From: Morten O. <mo...@cg...> - 2003-11-02 18:37:56
|
> Yes, I got the link from your message there. That's why I've been on > that list for a while, because I found interesting stuff on unattended > or silent installation of various programs. > > I'm thinking that you won't have to do much harvesting; if you write > coversion tools that will convert *.INF, *.REG, and *.ADM (see > \WINDOWS\INF\SYSTEM.ADM for an example of these) files to the SetMan > format (and vice versa would be good also), the bulk of the actual > harvest work can be done in a single day. I have a collection of them > already. All that would then be needed would be to bring the > documentation up to project standards. > Yes, it's not that much work. Documenting the stuff is definitely the biggest task. But I think you might be overestimating the project. The intention is not to replace the Group Policy concept altogether. I don't like it much, especially for reasons like AD requirement, but it does have perfectly good uses. If you have a really huge site and enough resources to implement it well (...), it's probably not a bad solution. What I'd like to do is make an alternative - more aimed at providing useful settings to users than enforcing security policies. And as far as I know, this alternative doesn't exist at the moment. For instance, from my experience and what I've seen at the Unattended list, most admins there have their own methods for applying stuff at the end of an unattended install. Some of the methods are good, but they probably spent an awful lot of time doing it. And what's worse - my guess is that a lot of especially smaller sites are so overwhelmed by the complexity and expences of GP/AD that they don't really do anything. As a first priority, I'd like to create a credible alternative for this purpose. Keeping it this simple at first helps us getting there fast. > For documentation, I'd suggest the following be covered for each > setting: > > How is security affected? For instance, "Fetches user-defined file > from user-specified web site and allows it to be stored in a > user-specified location and then executes it with admin privileges" > (i.e., no security whatsoever). > What network ports are used? > What internet services are used? > What internet protocols are used? > What files get modified? > What system services are used? > What userid and security level are needed? > What files and registty settings are modified, created, or deleted and where are they stored? > What are the side effects and the consequences of them? (for instance, > removing Network Neighborhood from the desktop has some > consequences) > When and why would you want it? > When and why would you not want it? > How can this be done via REG file, INF file, ADM file, AD policy, > manually, etc. > I perfectly agree on the "when and why and how". That's a must to make it any better than existing solutions. That and various dependencies. Related to the above, I think the security issues are too much for setman. But then again, that's just because right now I'm more focused on gui settings, like disabling the baloon tips and such. I'd like to hear suggestions on how to organize the documentation in the files - do we just write stuff in a <documentation/> tag or should we have some further kind of organisation. -Morten. |
|
From: Scott M. <Wi...@lo...> - 2003-11-01 20:28:14
|
Morten Odgaard wrote: MO> I don't know all the .INF's. Some of them seem to be related to an MO> upgrade from previous windows versions and don't look very interesting. MO> But I believe the security templates are documented in the resource kits. MO> MO> I'll update the website soon with more information on what I think MO> setman should and shouldn't do. It's a different approach than Policies MO> but there are many similarities. MO> MO> But I couldn't agree with you more on the confusion and lack of MO> documentation. Sometimes things are in fact well documented, you just MO> have to spend a few hours finding it. The problem is that you never know MO> if it's there. MO> MO> That's one of the reasons I started this project. With a well defined MO> file format and a good documentation dicipline, I hope that it possible MO> to establish a bit of order in the 'settings' field. MO> MO> Maybe the good folks at http://unattended.sourceforge.net have some MO> better answers. They have a very good and active mailing list. Yes, I got the link from your message there. That's why I've been on that list for a while, because I found interesting stuff on unattended or silent installation of various programs. I'm thinking that you won't have to do much harvesting; if you write coversion tools that will convert *.INF, *.REG, and *.ADM (see \WINDOWS\INF\SYSTEM.ADM for an example of these) files to the SetMan format (and vice versa would be good also), the bulk of the actual harvest work can be done in a single day. I have a collection of them already. All that would then be needed would be to bring the documentation up to project standards. For documentation, I'd suggest the following be covered for each setting: How is security affected? For instance, "Fetches user-defined file from user-specified web site and allows it to be stored in a user-specified location and then executes it with admin privileges" (i.e., no security whatsoever). What network ports are used? What internet services are used? What internet protocols are used? What files get modified? What system services are used? What userid and security level are needed? What files and registty settings are modified, created, or deleted and where are they stored? What are the side effects and the consequences of them? (for instance, removing Network Neighborhood from the desktop has some consequences) When and why would you want it? When and why would you not want it? How can this be done via REG file, INF file, ADM file, AD policy, manually, etc. |
|
From: Morten O. <mo...@cg...> - 2003-10-31 06:04:47
|
Scott McNay wrote: > Hi! > > Have you looked at \WINDOWS\INF\DEFLTWK.INF, DWUP.INF, SCEREGVL.INF, > SECRECS.INF, and \WINDOWS\SECURITY\TEMPLATES\*.INF? > > I think it's very important to list the direct and indirect > consequences of a change. Some of the Microsoft documentation doesn't > give details at all, and sometimes it's vague. Fully documented? Not > from Microsoft, it seems. > > It would be REALLY nice if someone could point me at a resource that > describes the differences, similarities, and relationships between > *.REG files, *.INF files, local policy, group policy, etc., both with > and without AD. As a lower-level administrator without the benefit of > AD, it's frustrating when much of the documentation that I see seems > to assume that AD is present; many sites simply don't bother to tell > you that AD is required, or they say that AD is needed, but don't tell > you how to do without. > > The environment that I'm in has systems that have a variety of > different administrator passwords under a variety of different names, > and the computers are used for different things, such as point-of-sale > (generally only one person at a time uses it, and customers are not > allowed to touch), public terminal (anyone can use, but only specified > programs), office work (general usage). Connection types vary also, > with 10/100 network with internet, dialup, combination dial-up and a > local network for file sharing (no internet sharing), local network > only for file sharing, and standalone. > > One problem that we have with remote management is that many systems > are only online intermittently, so if they're not there when we poll > them, we can't make changes. > > That brings up another problem; things like WMI, etc., need certain > services to be running and configured, and ports open, in order for > them to work, but finding out exactly what those prerequisites are > seems to be a hopeless task; if someone can point towards > documentation for that, it'd be a great help towards finding out > exactly why have trouble with certain machines. > > --Scott. > Hi Scott, I don't know all the .INF's. Some of them seem to be related to an upgrade from previous windows versions and don't look very interesting. But I believe the security templates are documented in the resource kits. I'll update the website soon with more information on what I think setman should and shouldn't do. It's a different approach than Policies but there are many similarities. But I couldn't agree with you more on the confusion and lack of documentation. Sometimes things are in fact well documented, you just have to spend a few hours finding it. The problem is that you never know if it's there. That's one of the reasons I started this project. With a well defined file format and a good documentation dicipline, I hope that it possible to establish a bit of order in the 'settings' field. Maybe the good folks at http://unattended.sourceforge.net have some better answers. They have a very good and active mailing list. -Morten |
|
From: Scott M. <Una...@lo...> - 2003-10-31 02:52:20
|
Hi! Have you looked at \WINDOWS\INF\DEFLTWK.INF, DWUP.INF, SCEREGVL.INF, SECRECS.INF, and \WINDOWS\SECURITY\TEMPLATES\*.INF? I think it's very important to list the direct and indirect consequences of a change. Some of the Microsoft documentation doesn't give details at all, and sometimes it's vague. Fully documented? Not from Microsoft, it seems. It would be REALLY nice if someone could point me at a resource that describes the differences, similarities, and relationships between *.REG files, *.INF files, local policy, group policy, etc., both with and without AD. As a lower-level administrator without the benefit of AD, it's frustrating when much of the documentation that I see seems to assume that AD is present; many sites simply don't bother to tell you that AD is required, or they say that AD is needed, but don't tell you how to do without. The environment that I'm in has systems that have a variety of different administrator passwords under a variety of different names, and the computers are used for different things, such as point-of-sale (generally only one person at a time uses it, and customers are not allowed to touch), public terminal (anyone can use, but only specified programs), office work (general usage). Connection types vary also, with 10/100 network with internet, dialup, combination dial-up and a local network for file sharing (no internet sharing), local network only for file sharing, and standalone. One problem that we have with remote management is that many systems are only online intermittently, so if they're not there when we poll them, we can't make changes. That brings up another problem; things like WMI, etc., need certain services to be running and configured, and ports open, in order for them to work, but finding out exactly what those prerequisites are seems to be a hopeless task; if someone can point towards documentation for that, it'd be a great help towards finding out exactly why have trouble with certain machines. --Scott. |
|
From: Morten O. <mo...@cg...> - 2003-10-30 14:07:52
|
Welcome to the setman mailing list. The setman project is brand new so comments and ideas are very welcome. -Morten |
