Use Powershell to get logged on user with WMI

I have a need to take a list of computers and determine who is logged in on each one.  We had an OU in active directory that really needed to be sorted and the quickest way for me to do that was to simply see who is logged on to each PC and then manually move them.  Here is my command:

Get-Content C:\batch\computers.txt | ForEach-Object {gwmi -computer $_ -class win32_computerSystem} | fl Name, UserName, Manufacturer, Model | out-file c:\comprep.txt

Let’s break this down piece by piece.  The first part of the command is this:

Get-Content C:\batch\computers.txt

This takes my simple list of computers and puts them into an array which gets piped into:

ForEach-Object {gwmi -computer $_ -class win32_computerSystem}

Now lets take each object one at a time and use WMI to return the computerSystem variable.  The “$_” is the pipeline variable so each computer name in the array is entered there.  The return is more information than I need so I use the next piped command to make it pretty and give me what I want.

fl Name, UserName, Manufacturer, Model

Format List with the name of the pc, logged on user, manufacturer, and model.  Great this is exactly what I want, but it takes a while to run and I want to review it later so let’s dump it into a simple text file.

out-file c:\comprep.txt

That’s all there is to it!  It’s much easier when broken down into simple components.  My output looks like this:

Name         : COMP1
UserName     : domain\user0
Manufacturer : Dell Computer Corporation
Model        : OptiPlex GX270

Name         : Comp2
UserName     : domain\user1
Manufacturer : Dell Computer Corporation
Model        : Precision WorkStation 350

Now I can look through this list and easily sort them to my heart’s content!

ODBC Problems with 32-bit Office 2007 on 64-bit Windows 7

I recently solved an issue with ODBC compatibility on Windows 7 64-bit.  Our environment uses 32-bit Office 2007 and new computers are deployed as 64-bit windows 7.  Users complain that they aren’t getting the ODBC connection in Office even though they show up in the ODBC control panel.  Problem? The infamous Wow6432Node in the registry.

HKLM\Software\ODBC\ODBC.INI contains information for 64-bit connections.

HKLM\Software\Wow6432Node\ODBC\ODBC.INI contains the old 32 bit connections that office 2007 needs.

You can add the 32-bit versions by running c:\windows\SysWOW64\odbcad32.exe instead of the control panel version.  I chose to deploy these via Preferences in group policy.

CCleaner causes Windows Installer dilemma

I have been thoroughly checking out CCleaner and the possibility of running it as a scheduled task to cleanup user temp files.  This is a common support call for us with temp files causing issues.  We have a different utility called Cleanup! that can be run interactively, but isn’t always the best choice for Win7 machines with the new file locations.  I tried a test deployment of this through group policy specifying it as a task.  Suddenly, many users complained that opening any program was causing a re-install of my custom SBClient package for our ERP system.  A little investigating of the vent log showed this event:

Sure enough CCleaner was dropping the MSDEMSG.LOG file and also an associated files, MKDEWE.TRN.  These files belong to the Pervasive SQL program.  This was causing my custom installation package to try and repair itself.  I have now excluded these files from my CCleaner task and all is back to normal, whatever that is :)

Desktop OCS shortcuts for calling out

Do you have someone you call often?  Would you like a desktop shortcut to call them from OCS?  Super easy!

Right-click somewhere on your desktop and choose New –> Shortcut.  Enter your telephone number like you see below:

That’s right…you can just prefix it with tel: and it knows to use OCS for your outgoing call!  Give it a name on the next window:

Check out your new desktop icon.  Click it and you will get an OCS window.

Just click the Phone icon at the upper left to start your call.

P2V conversion failure fixed

I’ve been trying to convert a Windows 2000 SP4 server to a VMWare machine now for a while and running into the same issue.  I would always get a KMODE_EXCEPTION_NOT_HANDLED BSOD right after the login screen would appear.  I tried the normal fixes listed on the VMWare website including the right SP4 rollup 1 v2 and checking the versions of scsiport.sys.  Fortunately, I stumbled across this wonderful article:

http://www.networkworld.com/news/2005/041105-windows-crash.html?page=1

I set the virtual machine to a kernel mode dump and let it BSOD as recommended by the article.  I then copied to memory.dmp file to my Windows 7 workstation where I had installed the debugging tools referenced in the article.  I quickly identified usbsp.sys as the offending driver.  I renamed it on the virtual and rebooted.  Result?  Perfect!  I will definitely make sure I use this in the future to get a handle on blue screens when they pop up.

Here is the relevant data from the process with the info highlighted in red.   How cool is that?

EXCEPTION_PARAMETER1:  00000000 EXCEPTION_PARAMETER2:  00000000 ERROR_CODE: (NTSTATUS) 0 - STATUS_WAIT_0 BUGCHECK_STR:  0x1E_0 DEFAULT_BUCKET_ID:  DRIVER_FAULT PROCESS_NAME:  System LAST_CONTROL_TRANSFER:  from f2695af5 to 8042be0b STACK_TEXT:  f245fc78 f2695af5 0000001e 00000001 804b1cd8 nt!KeBugCheck+0xf WARNING: Stack unwind information not available. Following frames may be wrong. f245fc90 804b1d5e 828696f0 82614000 f219fd08 usbsp+0xaf5 f245fd58 804b1f9f 0000008c 82614000 f219fd08 nt!IopLoadDriver+0x672 f245fd78 80417b47 f219fd08 00000000 00000000 nt!IopLoadUnloadDriver+0x3f f245fda8 80457838 f219fd08 00000000 00000000 nt!ExpWorkerThread+0xaf f245fddc 8046c8e6 80417a98 00000001 00000000 nt!PspSystemThreadStartup+0x54 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 STACK_COMMAND:  kb FOLLOWUP_IP: usbsp+af5 f2695af5 8d45f4          lea     eax,[ebp-0Ch] SYMBOL_STACK_INDEX:  1 SYMBOL_NAME:  usbsp+af5 FOLLOWUP_NAME:  MachineOwner MODULE_NAME: usbsp IMAGE_NAME:  usbsp.sys DEBUG_FLR_IMAGE_TIMESTAMP:  3cc859dd FAILURE_BUCKET_ID:  0x1E_0_usbsp+af5 BUCKET_ID:  0x1E_0_usbsp+af5 Followup: MachineOwner

Sonicwall Guest Services with third party access points

Problem:  We are using an old D-Link hotspot to allow guest access in our building.  This D-Link feed a VLan that is distributed to 7 D-Link access points.  These APs support multiple SSIDs on different VLAN making them very convenient for distributing multiple wireless networks around the facility.  The new Sonicwall has Guest Services, but how can we make it all work together?  It seems like Sonicwall wants us to use their own proprietary (and expensive) access points.

In our server room we have a port dedicated to feeding the VLAN through the building.  I connected that port to X5 on our Sonicwall TZ210.  Now the configuration on the SW.

First, let’s add a new Zone and call it Guest.  For initial testing I am leaving the security settings turned off.

Now let’s configure port X5 to be in our Guest zone with a static IP address of 192.168.1.1 on a standard Class C subnet.  Do this from Interfaces.  I have enabled management and ping plus user logins on this interface.  After testing I will disable the management except for Ping.  Make sure you enable login so your users can actually log in!

Verify a firewall rule exists for traffic from the GUEST to WAN zones.  With my firmware, this was automatically created.  I enabled some bandwidth limiting on it as well.

Now turn on the DHCP server for this interface with the appropriate settings.  Note that it is configured for interface X5.  Make sure the DHCP server is actually enabled in the top check box.  I forgot this part the first time around.

Anyone that connects to the VLAN or physical network on X5 should now receive a DHCP address in your range and be greeted in a web browser with the Sonic Wall Login page.

Adding users is very easy!  Just head down to Users|Guest Accounts and you can have them automatically generated for you or create your own.  You can also specify how long they are active for.  You can also click on Guest Status to see your logged in guests!

Adding Macros and Custom Menu bars in Outlook for Spiceworks

One of the common things we do here at work is work with helpdesk tickets through Spiceworks.  This is a great FREE help desk application and it suits our department style well.  I was looking for some more convenient ways to work with tickets and Remote tickets is a cool way to do it.

First thing first…check your Macro security in Outlook.  Click on Tools, Macro, Macro Security.  I set mine to No security for testing purposes, but you should change it to Warnings for all Macros.

Next, create some macros to do things with Spiceworks:  Tools|Macro|Macros

I added one called AddClosedTicket when I want to add a ticket and also show that it’s already been solved. Also, I have one for just adding a ticket.  You can see I am adding a Ticket Anywhere command to the body below by typing in msg.Body = “#closed”.  This pre-adds the closed command to my new message.

Now I am going to create a drop down menu at the top to easily start these messages.  You could create a button too.  Right-click the top menu bar and go to Customize…

Find the New Menu item and drag it to the top menu bar.  Now click the “Modify Selection” button.  I named mine “&Spiceworks”.  Just like Visual Studio this adds the ALT-S shortcut for the new Spiceworks menu item.

Next up click the “Rearrange Commands” button.  Chose your new menu at the top, in my case, Spiceworks.

Now click the Add button to start adding menu items.  I am going to change to Macros and add in my two Macros.

After you add these you can click on “Modify Selection” again to rename them to a simpler name such as my “Add Closed Ticket” above.

There are a lot more thing you can do with Macros, this is just a sample! :)  Have fun and experiment.  If you want to backup these customizations, they default to these files:

Windows Vista drive:\Users\user\AppData\Roaming\Microsoft\Outlook\outcmd.dat

Windows XP or Windows Server 2003 drive:\Documents and Settings\user\Application Data\Microsoft\Outlook\outcmd.dat

Packet loss on Dell Power Connect switches

I upgraded many Dell 6248 switches to the latest and greatest firmware over the weekend.  I have been experiencing more packet loss than I would ever want to see on an internal LAN.  Connecting from the servers on the same switch would yield a periodic lost packet for no apparent reason.  There were some clues on the switch with logged “spanning tree topology changes” in the log file.  During this log event, I would drop packets not only on the local switch, but other connecting switches as well.  All of these switches are configured with Rapid STP, LAG groups between them, and two VLANs.

Reading up on the dell site, I saw some good advice entailing turning on “Port Fast” on every port that isn’t an edge link between switches, namely ports connected to switches and servers.  This advice appears to be valid.  With the latest firmware I could go to Global STP settings and simply enable Port Fast.  It was smart enough to not turn it on for the LAG groups and switch interconnects with multi-vlans on them.  So far so good…over the past few hours I haven’t had any dropped packets.

Sonicwall troubleshooting with SBClient over VPN

Installing a new firewall always presents a challenge. In this case it was our ERP client, SBClient, timing out after 15 minutes of inactivity across the VPN.  I started with the excellent Sonicwall VPN troubleshooting guide.

http://www.sonicwall.com/downloads/site_to_site_vpn_troubleshooting_on_sonicwall_security_appliances.pdf

Running Wireshark on the client, I see a RST packet coming from the ERP server at 15:01 which corresponds to a 15 minute timeout on TCP connections over the VPN connection.  I modified four rules for LAN->VPN and the reciprocal on both end sonicwalls for 60 minute TCP timeout values.  Here you can see a reset packet when properly closing our ERP client.  The timeout reset packets do not contain the ACK on them, only a 0x4 RST packet.  These are actually being generated by the sonicwall.

One gotcha that I fell into was the modification of the firewall access rules.  You must modify both the LAN => VPN and the VPN => LAN on both sides.  Modify the TCP timeout values on the Advanced tab.

OCS Incompatible security settings

After upgrading the Exchange 2007 server with windows updates, I started getting an error about incompatible security settings when calling exchange UM from my OCS client.  The problem lied in the UM dialplan.

Exchange Management Console|Organization Configuration|Unified Messaging|UM Dial Plans tab.
Open the dial plan for the OCS server and check the VoIP security setting.  Mine was set to SIP Secured for some reason.  Change it to Secured and restart the Microsoft Exchange Unified Messaging service or reboot the mail server.

OCS 2007 failure to renew certificate

So you are having trouble renewing your OCS 2007 certificate?  My certificate expired over the weekend without my noticing and I tried to renew it.  Everything I tried was met with some unspecified error through the cert wizard.  I tried adding a new CA authority to our domain, adding the RTCServer locally as an administrator, and several other security tweaks.  What was the end solution?  Opening permissions to everyone on c:\documents and settings\all users.  I now have to determine which user actually needs those permissions.  Once I made this change everything started working as expected!

Gotta love the lack of error logging on the wizard :)