Windows 7 and Server 2008 DOS Batch File Date Tip….

2017-07-27T00:01:07+00:00 May 30th, 2012|Uncategorized|

No matter what people think, DOS batch scripts are just as alive and needed as ever.  And for all the tasks we create on Windows servers, we still commonly need to gather application output, rotate logs, etc.

So when running a script that exports results to a log/results file, I always prefer to date my file names for easy tracking and history.  My preferred date arrangement for filenames is the date in reverse format: YYYYMMDD, or 20120531.  And since the DOS date command isn’t as friendly or flexible as the Linux/Unix date command (with which you may easily format the output in myriad ways), it’s best to do the next-best thing: use the date *variable*.

Most folks don’t even know that your Windows system is keeping a real-time variable for the date, but it certainly makes sense that it would be necessary.  Go ahead, pull up a command prompt and type: echo %date%

…and on Windows 7 and Server 2008 (for XP, please see this post), you’ll get a result like this:  Wed 05/31/2012

 So what we need to do now is to utilize string manipulation, grab the date elements we want, and flip the order around to get the arrangement we need:
set todaysdate=%date:~10,4%%date:~4,2%%date:~7,2%

 The structure above is this:  There are 3 sections, all of which use the date variable.  The first section moves in 10 characters, and grabs 4.  The second moves in 4 characters and grabs 2, and the third moves in 7 and grabs 2.  As a result, we have reverse-date!

Then set a variable to use the combined date variable in the filename.

set exportfile=C:tempexportmyexport-%todaysdate%.txt

…now just call the %exportfile% in your batch file when you redirect your output, and viola!!  Here’s what it looks like when you echo %exportfile%:

C:tempexportmyexport-20120531.txt

Enjoy…

😎

(Updated 20120809 for OS version clarification)

Creating a “drop box” for Collecting Workstation Information…

2017-07-27T00:01:07+00:00 May 23rd, 2012|Uncategorized|

If you manage workstations in an enterprise, you know that administrators occasionally need to create a centralized repository where scripts and programs can write output/results.  Sometimes these scripts utilize a user credential, sometimes not; either way, users mustn’t see the contents.

To create such a hidden “drop box” type of folder (notice the lower-case “d”; I don’t mean to refer to a well-known trademark in any way) on a Windows server — where all users and/or computers in a domain may create folders and/or drop a files in that folder but never see what is in the folder(s) — you typically would create either a hidden folder on an existing share, or create a “hidden” share for the hidden folder.

To do so, create one of the following:

Option 1: Folder, on an existing share
If you intend to create a folder on an existing Windows share for the purpose of creating the “drop box”, do this:
a.) Create the folder (we chose “UserFileArchive” to avoid spaces for scripting)
b.) Right-click the folder, choose Properties, and the Security tab.
c.) Click Advanced, and the Change Permissions button.
d.) Un-check the Include Inheritable permissions box, and click the “Add” button at the prompt
e.) Remove any “Users” permissions, if found.
f.) Click the Add… button, and type in “Authenticated Users”, and click OK.
g1.) If the users must be able to create folders (as well as files) and drop files in them, set the following items:
  Apply onto: This folder, subfolder, and files
  Permissions: Create Files – Allow
  Permissions: Create Folders – Allow
g2.) If the users only need to drop files in the root folder, set the following items:
  Apply to: This folder only
  Permissions: Create Files – Allow
h.) Click OK, OK, OK, and OK.

Option 2: Shared Folder
If you intend to create a Shared Folder on a Windows server for the purpose of creating the “drop box”, do this:
a.) Create the folder (we chose “UserFileArchive” to avoid spaces for scripting)
b.) Right-click the folder, choose Properties, Sharing, and the Advanced Sharing button.
c.) Check the Share this folder box, name the share with a dollar-sign at the end (in our example, UserFileArchive$)
d.) Click the Permissions button, highlight/remove “Everyone”.
e.) Click the Add button, and type in “Authenticated Users”, and click OK.
f.) Set the permissions; typically, there’s nothing wrong with giving “Full Control”, but at least set “Change” and “Read”.
g.) Click OK, and click on the Security tab.
h.) Continue with step “c.” in Option 1 above.

After having created the above folder and settings, you may now copy files (or folders) into the hidden location using the “copy” command (or scripts), specifying the full destination path.  Of course, you can’t browse there to see it with a regular user permission to see the results, but that is as intended. 

If you wish, you can now create an additional permission for a user or group that may need to read the results (other than the Administrators), but you are well on your way to collecting system results across the network.

Go to it!

 

 

 

A Fortinet Site/Site IPSec VPN from a Valid Address…

2012-05-16T22:26:35+00:00 May 16th, 2012|Uncategorized|

It’s fairly common for two enterprises to temporarily connect their private data networks to each other for business purposes.  It’s actually pretty easy to do, especially when the main purpose of the connection is for one side to  access resources on the other.

However, over the past weeks we struggled a bit with a Fortinet firewall to connect to a Site-to-Site IPSec VPN.  Because in this case, we wanted to NAT all traffic destined for the distant network, and to have it appear to come from a valid address. 

All knowledge base articles we could find only showed NATing internal addresses.  Ultimately, the fix was to run the following lines from the Fortinet CLI (interestingly, no static/policy routes need to be added to the firewall):  

config vpn ipsec phase1 
edit "Phase 1 VPN Name"   
set interface *firewall external WAN interface*   
set nattraversal enable   
set proposal aes-md5 *or whatever encryption is used on the opposite end*   
set psksecret *Decided upon key*   
set remote-gw *IP Address of Remote Device* 
next
end
config vpn ipsec phase2  
edit "Phase 2 VPN Name"    
set keepalive enable    
set pfs enable    
set phase1name "Phase 1 VPN Name"    
set proposal aes-md5 *or whatever encryption is used on the opposite end*    
set replay enable    
set use-natip disable  
next
end
config firewall policy  
edit 9    
set srcintf internal *firewall Interal LAN interface*    
set dstintf wan1 *firewall external WAN interface*    
set srcaddr "Internal Range" *Group created to specify internal subnet needing to traverse VPN*    
set dstaddr "VPN Destination Subnets" *Group created of Firewall Addresses from subnets on remote VPN side*    
set action ipsec *Encrpyts the traffic across the VPN Tunnel*    
set schedule always    
set service ANY *Can be Specific*    
set natip X.X.X.X 255.255.255.255 *Replace X.X.X.X with valid IP Address*    
set inbound enable    
set outbound enable    
set natoutbound enable    
set vpntunnel "Phase 1 VPN Name"  
next
end

We hope this helps you!

 

How to run bginfo.exe at startup on Windows Server 2008 R2

2017-07-27T00:01:07+00:00 May 9th, 2012|Uncategorized|

No matter what area of IT you work in, there’s always some important piece of information you frequently need to retrieve from a workstation or server; often, it’s several pieces of information.  A lot of time can be spent searching a system to obtain that info. Fortunately, there’s a tool that’s been around for years that can display system info right on the desktop: bginfo (http://technet.microsoft.com/en-us/sysinternals/bb897557).

 

Bginfo is often a necessity in a lab environment, but it can be used anywhere.  Some of the most popular information to display is:

  • OS version
  • SP version
  • IP address
  • Boot time
  • Disk “Free Space”

…but there’s a whole lot more.  In fact, you can configure bginfo to display just about any attribute of the system.  (NOTE: A detailed explanation about how to display custom info using bginfo is beyond the scope of this article; but if you would like to learn more, check out Shay Levy’s article here: http://blogs.microsoft.co.il/blogs/scriptfanatic/archive/2008/07/22/bginfo-custom-information.aspx).

It’s nice to run bginfo at startup silently and unattended.  This can be challenging, though, particularly on Windows Server 2008 R2.  To do so, you need to edit the following registry key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

**Credit to James from redkitten.co.uk for documenting this here: http://www.redkitten.co.uk/windows-server/using-bginfo-on-windows-server-2008/

Create a new REG_SZ value under the “Run” key named “bginfo”, or whatever you want.  The value of the key will be the path to bginfo.exe, and any parameters you want to pass.  Personally, I’ve had the best luck passing /silent /accepteula /timer:0 to run bginfo silently at startup.  The help file indicates /NOLICPROMPT is also a parameter to bypass the Sysinternals accept EULA dialog, but /accepteula always works for me.

Something else to be aware of — especially if you intend to run bginfo in an enterprise with UAC turned on and GPOs applied — is to keep the output bitmap file in a location that the logged on user has write permissions.  The reason for this is that bginfo runs in the user context to display on the user’s desktop; and because the information is “dynamic” — at least at each user logon — the output bitmap file needs to be updated.  You can change where bginfo stores the .bmp under the Bitmap -> Location… menu.  The default location is in the user’s TEMP directory, which should be okay.

 Bginfo is a fun, easy and very useful way to customize your desktop, and I hope this helps you (and other users) be more productive!

 

A FlexPod Brief…

2012-05-02T22:31:06+00:00 May 2nd, 2012|Uncategorized|

With the rise of virtualization over the last several years, there’s one large segment of Information Technology that has been struggling to keep up with the demand – your organization’s data center. 

Not So Long Ago…

IT infrastructure used to be built and deployed using distributed technology and components on an application-by-application basis.  That philosophy worked well because most IT teams were organized in silos that segmented applications, servers, local area networks, and storage groups.

As more applications were required across multiple departments, that infrastructure development strategy became far less efficient.  Server sprawl become a serious concern as more and more servers were required to deliver software solutions.  It took longer to build and deploy environments.  It also turned the data center into one of the least “green” places in an organization due to the immense power requirements needed to power the core infrastructure.

Virtualization changed much of that in the last few years by re-imagining a consolidated data center that significantly reduced the number of servers required to deliver Tier 1 applications for the enterprise.  The result is a more flexible, easier to manage environment that has reduced power demands.  Building this type of infrastructure can be very simple when you use a building-block solution like FlexPod.

A New Approach…

Introduced a little over two years ago, FlexPod offers a set of validated infrastructure designs that allow you to build a robust data center with a very dense infrastructure footprint confined in a small amount of space.  The FlexPod system is built around a baseline configuration that includes servers and switches from Cisco, high-performance storage from NetApp, and virtualization components from Citrix, VMware, or Microsoft, depending on your Hypervisor preference.

All FlexPod solutions begin with a standard – but flexible – blueprint which can be modified to suit your organization’s unique needs.  This base configuration can be scaled quickly to meet any number of infrastructure needs, but FlexPod truly shines in the virtualization space.

Because all three components of FlexPod are tightly integrated, supporting FlexPod is considerably simpler than with a traditional server model.  All patches, upgrades, and enhancements are pre-tested to ensure they work seamlessly during implementation.  This reduces risk during critical updates and time required when performing basic maintenance tasks.

What Cisco Brings…

Cisco has done a phenomenal job of leveraging their popular Unified Computing System (UCS) platform to serve as the backbone of the FlexPod environment.  Cisco’s new B- and C- Class series servers significantly increase performance and capacity for large data-heavy virtualized environments by serving up a whopping 384GB (and even more in some models) of memory per blade server.  Cisco’s UCS M81KR Virtual Interface Card improves network throughput performance by 38% over similar software-based switches, and reduces cost by performing as both a network interface care and a host bus adapter.  The result is the elimination of key bottlenecks that directly impacted performance on virtual servers.

Cisco also includes the Unified Computing System Manager (UCS-M) as part of the FlexPod environment.  This provides for management of all software and hardware in the stack.  UCS-M also offers flexible role and policy-based management of the entire environment using services profiles.  Resources can be placed in pools, and service profiles can be used to help speed up time to market for key deployments.

The NetApp Piece…

NetApp provides a huge boost to the FlexPod environment by offering a wide array of software aimed at maximizing storage.  NetApp’s de-duplication process drives the cost of storage down dramatically by intelligently writing only truly unique data to its drives.  Using its FlexClone technology, users can quickly provision new environment for use in development, testing, or disaster recovery.  Innovations like NetApp’s FlexCache technology allow high-demand data to be segregated from data in its main repositories to ensure for quick access and maximum performance.

Greater Than The Sum…

Add this all up and it’s clear that FlexPod is a real game changer.  Whether your organization is looking to reduce its footprint in the data center, drive better performance it its virtualized environments, or simplify the management of the data center, FlexPod’s certainly a technology worth keeping an eye on.