Posts Tagged ‘Windows 7’

Send an Email from the Windows Commmand Prompt or Script…

July 19th, 2012 by Jeremy Pavlov | No Comments | Filed in Microsoft, Scripting, Windows 7

Today, Avi and I were discussing one of the requirements of an application he’s working on;  it seemed simple enough at first blush…

He needed to send an email from a Windows 7 computer — which is fairly straightforward if you happen to have something like BLAT installed, or if you’re able to script a call to a nearby SMTP gateway.  However, there was one major requirement this time:  it had to appear to come from the *user* of the application, with the user’s intent/blessing/permission. 

Yes, Avi could have configured the application to make a direct call to the local email client executable — if there were guaranteed to be one (not necessarily the case), and if the version/type were to be predictable (it might be Outlook, it might be GroupWise, etc.) to properly call with the correct options and flags.  Avi did some digging and soon found a way to get a fully formatted message to launch in Outlook, but we had to modify it a tad to get it to work in both GroupWise and Outlook (and perhaps others).  Here’s what we settled on, and how it works…

Aside: I’ll have to assume that your GroupWise or Outlook is properly installed and configured for these things to work.

Let’s start with the basics (pun intended); this should launch your email client and pre-populate the recipient (interestingly, it should work no matter whether your email client is configured or not):

start mailto:sales@CoretekServices.com

…but you knew that, and you’re clearly not impressed.  Now perhaps the trickiest part: after the recipient in the command — and before the next component (I use Subject in this example) — it is best to use a question (?) mark here for Outlook *and* GroupWise compatibility, although a caret+ampersand (^&) will work if using Outlook only (note that the “%20” is a space character):

start mailto:sales@CoretekServices.com?Subject=Your%20Subject...

…and now you’re intrigued.  Let’s build on that.  Next, we tack on another option in the command (I show the CC option here), separated with a caret+ampersand (^&) :

start mailto:sales@CoretekServices.com?Subject=Your%20Subject...^&CC=questions@YourLinuxGuy.com

…and now I’ve won you over.  Cool!  Let’s complete the line — separated by more caret+ampersand (^&) characters, of course — and make it a fully populated email, ready-to-send:

start mailto:sales@CoretekServices.com?Subject=Your%20Subject...^&CC=careers@CoretekServices.com^&BCC=secret@CoretekServices.com^&Body=This%20is%20the%20message,%20which%20I%20agree%20to%20send%20by%20clicking%20SEND.

Now click send, and enjoy!

 

 

Did you like this? Share it:

Tags: , , , , , ,

Remotely Reboot a Bunch of XP Workstations…

April 5th, 2012 by Jeremy Pavlov | 2 Comments | Filed in Computer Support, Desktop Management, Desktop OS, Microsoft, Windows 7

I got an interesting question from a co-worker today (we’ll call him “Ray” to protect his identity).  Ray wanted to know if it’s possible for his customer to reboot a bunch of workstations at once, in a way other than the customer’s workstation management system. 

The customer is in the midst of a major migration from XP to Windows 7, and simultaneously from Novell ZENworks 7 to Novell ZCM 11.  Ray’s team has put together an amazing set of automatic deployment steps that take the ZENworks-controlled XP machine all the way to a completely-deployed, domain-managed, ZCM-controlled Win 7 machine with all needed applications installed, via a method called “Zero Touch Deployment”.   And it all kicks off with a reboot — but the only problem is that the bundled reboot in the old ZENworks is not always reliable.

Note: This particular customer’s machines are XP, all in one domain, all are resolvable (either via WINS or DNS), and can all be managed by a single set of credentials; allowing remote administrative execution and permitting the following to work.

So when Ray asked the question, I said, “Absolutely!”  I can do that, and not even break out PowerShell (or bash, for that matter).  Ray had nothing more than a list of computer names, but that is all we need.  Let’s do it old-school, with a DOS batch “for” loop.  Man, I love my job… 

First, the input file; it is just a single list of computer names or IP addresses, one-per-line, in a TXT file.  We put them in a file called C:\TEMP\RemoteRebooter-Input.txt, and here’s a varied example of how it might look:

pc1
10.2.1.3
wks22.domain.local
192.168.33.44
amyscomputer

The script is a bit on the simple side, but does the job.  I call this RemoteRebooter.bat, and notice that it calls the other input file by name:

@ECHO OFF
@Echo Process RemoteRebooter...
@For /F "tokens=*" %%Q in (c:\temp\RemoteRebooter-Input.txt) Do @(
1>&2 ECHO Rebooting: %%Q
shutdown -m \\%%Q -r -f -t 20 -c "Rebooting in 20 seconds via %0 -- please save your work quickly."
)
1>&2 type nul
@ECHO Complete!

If you need details on the shutdown flags, type shutdown /? into a command prompt.  And I’m not sure if I should mention it here, but if you want this to work on Windows 7, you have to change the syntax a bit, flipping hyphens (-) to slashes (/).  And of course, this is only one way of doing it, and I know you all have others. 

Make sure to drop a comment and tell us how *you* do it!

 

 

 

Did you like this? Share it:

Tags: , , , , , , , , , , ,

Finding Rogue KMS Servers in the Enterprise…

February 9th, 2012 by Jeremy Pavlov | No Comments | Filed in Desktop OS, Linux, Microsoft, Microsoft Infrastructure, Windows 7

In larger Enterprises with Microsoft-based infrastructure, it’s highly likely that the licensing for the Windows 7 workstations will be based on the Microsoft KMS model.  If you don’t already know, this means you run servers in-house that register themselves into DNS as license providers, and Windows clients will learn of them (and become affiliated with them) to get a license, rather than contacting Microsoft themselves across the Internet.

Unfortunately, one problem that can occur is that someone who has access to the Microsoft license codes (like an I.T. worker, developer, etc.) might accidentally install a KMS license on a server that is not intended to be a KMS server.  And when a KMS license is installed, the server doesn’t know any better; and dutifully registers its KMS capability with the internal Active Directory based DNS as a VLMCS SRV record. 

Recently, I ran into a situation where I needed to hunt down and eliminate some accidentally rogue KMS servers that had cropped up across a large infrastructure, and be able to re-check at regular intervals.  While I originally wrote the script as a bash shell script for Linux, I re-wrote it into PowerShell recently for someone who asked, and I thought I’d post the new version here.

Mind you, this is a stripped-down version of the script, but it includes all that is needed to run the check manually for a hierarchical DNS infrastructure (although you may wish to strip out components if you just want to check the parent domain). 

Copy the contents below, paste them into a PowerShell script file (*.ps1), change the variables at the top… and have fun!

 

# Change the following 3 variables as needed.
# This script will loop through the subdomains, checking for KMS servers in each
# subdomain, and then at the parent domain.
$subs = @("subdomain1", "subdomain2", "etcetera")
$parentdomain = mydomain.local
$outfile = "checkKMS-Results.txt"
write "KMS check report..." | Out-File $outfile
write " " | Out-File $outfile -append
write "The only valid KMS servers are at the $parentdomain, as follows:" | Out-File $outfile -append
write "KMS1, KMS2, KMS3" | Out-File $outfile -append
write " " | Out-File $outfile -append
write "There should not be a KMS server at any of these locations:" | Out-File $outfile -append
foreach ($item in $subs)
{
  write "Checking subdomain: $item"
  $result = nslookup -type=srv _vlmcs._tcp.$item.$parentdomain. |findstr /C:"_vlmcs" /C:"svr hostname"
  if ("X$result" -eq "X")
  {
    write "No registered KMS server in $item" | Out-File $outfile -append
  }
  else
  {
    write "***KMS FOUND at this location: ***" | Out-File $outfile -append
    write $result | Out-File $outfile -append
  }
}
write " "  | Out-File $outfile -append
write "On the contrary, the following should be valid KMS servers:" | Out-File $outfile -append
$result = nslookup -type=srv _vlmcs._tcp.$parentdomain. |findstr /C:"_vlmcs" /C:"svr hostname"
$result | Out-File $outfile -append
write "...Done!" | Out-File $outfile -append

Enjoy!

:)

 

Did you like this? Share it:

Tags: , , , , ,

Application Virtualization – The UAC Panacea?

January 19th, 2012 by Cyndi Meinke | No Comments | Filed in Application Virtualization, Desktop Management, Desktop OS, Managed Desktop, Microsoft, Symantec, Virtual Desktop Technology, Windows 7

…with contributions from Aaron Gierak, Voltaire Toledo, and Jeremy Pavlov.

The User Account Control (UAC) Challenge

It is commonly known that in XP you have to give end users Administrator privileges in order to do even the most simple routine tasks; like changing the system clock, plugging in a USB drive, running a defrag, updating software, or even running security products.  Of course you can use the RunAs command, but that still requires having an Administrator password – which defeats the security purpose of a limited user account.  And just when we thought moving to Windows 7 would eliminate this security privilege nightmare, enter UAC…

User Account Control (UAC) is a technology aimed to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation.  In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system.  In other words, a user account may have Administrator privileges assigned to it, but the applications that the user runs do not inherit those privileges unless they are approved beforehand, or the user explicitly authorizes it.

It is possible to turn off UAC while installing software, and re-enable it at a later time.  However, this is not recommended since File & Registry Virtualization is only active when UAC is turned on – and if UAC is switched off, user settings and configuration files may be installed to an unintended location (i.e. a system directory rather than a user-specific directory).  Also Internet Explorer 7′s “Protected Mode” – whereby the browser runs in a sandbox with lower privileges than the standard user – relies on UAC; and will not function if UAC is disabled.

The Application Virtualization Question

So is application virtualization the solution?  If a virtualized package runs at the kernel level, does it eliminate having to give an XP user Administrator rights?  When you repackage an application that you have been running in XP – in order to port to Win7 – does the app skate by UAC in a way that allows you to keep UAC turned on?

By default, UAC virtualizes requests for protected resources to provide compatibility with applications not developed for UAC.  This is important because many applications written for Windows XP and earlier operating systems assume that the user has administrative privileges and attempt to write to protected resources such as the Program Files or System folders.  The first time an application makes a change to a virtualized resource, Windows copies the folder or registry key to the location within the user’s profile.  Then, the change is made to the user’s copy of that resource.  UAC virtualization is designed to allow already-installed applications to run successfully with standard user privileges, even if they store temporary files or logs in a protected folder.

Installs, Upgrades, and Updates

Many of the problems with UAC come from application installs or upgrades/updates where a new driver or an action that requires UAC acceptance is needed.  With application virtualization – especially a tool like Symantec’s Workspace Streaming where you package from the kernel level – you can bundle the drivers *inside* the virtual app.  As a result, nothing would ever be required of the end-user since nothing is ever “installed”. 

Secondary Executions

However, another issue that bumps against UAC is what we commonly call the “Secondary Execution Event”, where a loaded executable decides to make a call on its own (outside of the one that the app designer intended).  For instance, if a permitted/intended executable launched, and then it calls out to the manufacturer for an updated version, or the latest driver, that is not pre-bundled in the package.  Examples of this are the Juniper VPN agent or the MS Security Center executable.

Panacea or Pariah?

The good news is that application virtualization absolutely does address UAC and elevation features by isolating areas that normally prevent non-elevated users from writing to them by creating a virtual HKLM registry hive, \Windows and \Program Files.  Virtualizing applications also mitigates potential conflicts in a shared session environment like Remote Desktop Servers or XenApp.

However, is application virtualization the silver bullet to fix all elevation and UAC issues?  The answer is “it depends”.  If the application explicitly requires elevated privileges within its manifest, then it will always present a UAC prompt.  In addition, if the application attempts to make a system change like a driver installation or some kind of self-updating feature, it will force Windows 7 to prompt you for elevation.  These challenges can be further addressed with tools such as AppSense Application Manager, or Viewfinity Privilege Management (which elevate a user’s privilege on a per-executable basis), or SystemGuard (which can elevate privileges to write to the registry).

The bottom line is that application virtualization brings many advantages.  In addition to extending the life of legacy applications, reducing deployment costs, and reducing user downtime caused by install/uninstall issues and application conflicts, many UAC issues can be mitigated with application virtualization, especially when coupled with effective use of user virtualization tools.

 

Next installment – Application Streaming…

 

Did you like this? Share it:

Tags: , , , , , , , ,

How To Force Windows 7 To Open Excel Spreadsheets in Separate Windows…

December 1st, 2011 by Chris Shalda | 9 Comments | Filed in Microsoft, Office 2010, Windows 7

As IT consultants, we occasionally find ourselves with large spreadsheets that need to be reviewed with human eyes (rather than by filters or scripts) for inspection or comparison, etc.

The other day I was quite frustrated while comparing a large amount of data between two Excel spreadsheets.  I had to constantly switch between each spreadsheet, or set them up side by side in the same window.  Since I have two monitors (of course), I wanted to be able to take advantage of ALL my screen real estate for my spreadsheet needs.  I searched a bit, and found a cool tip on the WhiteSites Blog from author Paul White (thanks Paul!) for my conundrum; and since Paul’s original post is mostly for Office 2003 (with updates for 2007/2010), I thought I should share a “readers digest” version of only the 2007/2010 version of it here.

Again, please note that these instructions are specifically for Excel 2007/2010. 

WARNING: Always backup your registry before making any changes. Do not attempt to perform these tasks if you are not comfortable with editing the registry.  Seriously.  Don’t.

  • Open Regedit
  • Navigate to the following registry key:
HKEY_CLASSES_ROOT\Excel.Sheet.12\shell\Open\command
  • The “(default)” value will be something like this:
"C:Program Files (x86)Microsoft OfficeOffice14EXCEL.EXE" /e
  • Append a “%1″ to the end of the “(default)” value, making it:
"C:Program Files (x86)Microsoft OfficeOffice14EXCEL.EXE" /e "%1"
  • Rename the “command” value, which is right below the “(Default)” value, to “command2″ or something else.
  • Rename the “ddeexec” key to “ddeexec2″ or something else.

After you have done this, your Registry should like similar to this:

 

 …and with that, your Excel spreadsheets should now open in separate windows. 

Enjoy!

 

Did you like this? Share it:

Tags: , , ,

Symantec Workspace Streaming / Virtualization Overview

May 24th, 2011 by admin | No Comments | Filed in Desktop Management, Desktop OS, Symantec, Symantec Healthcare, Virtual Desktop Management, Virtual Desktop Technology, Virtual Infrastructure, Virtualization

Understanding Workspace Streaming (SWS)

Symantec Workspace Streaming

Symantec Workspace Streaming is an application streaming solution that enables on-demand application provisioning, offline cache, license recovery and instant application upgrades. Symantec Workspace Streaming increases end user productivity with controlled, guaranteed access to any Windows based applications from any location at any time, including remote and mobile users.

Key Features

  • On-demand application streaming – simplifies OS image management by reducing the number and size of images
  • Dynamic license management – proactively insures license compliance by avoiding over-deployment and optimize software costs by re-harvesting licenses when they expire or after a period of disuse
  • Single-click application upgrades – upgrade and patch applications quickly and painlessly, or roll back applications to the previous version if required
  • Disconnected Usage Capability

Key Benefits

  • Reduce software license costs
  • Simplify Application delivery
  • Reduce application support costs/disruption
  • Improve utilization of existing hardware and software resources

 

Symantec Workspace Virtualization

Symantec Workspace Virtualization provides application virtualization that helps reduce application conflicts, testing requirements and support calls. Symantec Workspace Virtualization helps IT organizations improve management and control over endpoints to reduce the total cost of ownership of laptops and desktops.

Key Features

  • Virtual application layers – patented filter driver technology enables virtual layers that are transparent to the base operating system and other applications
  • Selective isolation – provides a solution for incompatible Windows 7 apps and insures system and application compatibility under any circumstance
  • Endpoint Management integration – Workspace Virtualization is a standard component of Symantec’s Client Management Suite (CMS), Total Management Suite (TMS), Symantec Workspace Streaming (SWS), Software Management Solution

Key Benefits

  • Eliminate conflicts between applications and base operating system, such as incompatible Windows 7 applications
  • Reduce application pre-deployment testing requirements
  • Provide instant reset for broken applications

Did you like this? Share it:

Tags: , , , ,

Running IE v6 on Windows 7 with Symantec Workspace Virtualization

August 6th, 2010 by admin | No Comments | Filed in Microsoft, Symantec, Virtual Workstation, Virtualization

Wednesday, August 4, 2010

If you are looking for a way to run IE v6 on Windows 7 desktops, take a look at Symantec’s Endpoint Virtualization technologies. The software includes two different modules that are free of charge, including Workspace Virtualization administration and the Browser Selector tools. They are fairly simple to setup and flexible enough to isolate individual applications from the host Windows 7 OS.
Symantec Endpoint Virtualization

http://www.symantec.com/connect/endpoint-virtualization

Entry level pricing starts at $45 per node

Source:  WebInformant.blogspot.com  By: David Strom

Did you like this? Share it:

Tags: , , , ,

Microsoft Starts Windows Embedded Update Service

July 2nd, 2010 by admin | No Comments | Filed in Microsoft, Microsoft Infrastructure

Microsoft initiated a free Windows Embedded update service for device developers, which started on Monday.

The new Windows Embedded Developer Update (WEDU) service is currently available and can be accessed by downloading the software here. The software can be installed and run on Windows Vista Service Pack 2, Windows 7, Windows Server 2008 and Windows Server 2008 R2.

The WEDU service, which reduces the time developers have to spend searching for updates, currently provides updates only for Windows Embedded Standard 7 developers. Microsoft plans to add support for Windows Embedded Compact 7 “within the calendar year,” according to the company’s announcement. Windows Embedded is Microsoft’s family of componentized operating systems used to support thin clients and various devices.

Project managers can use WEDU (pronounced “we do”) to ensure that their teams have the most current development environments. Users of WEDU need to have administrative access privileges to manage the service.

To use WEDU, administrators specify the products that should receive updates by registering them through the service. The next step is to specify the locations of the distribution shares where the updates should be activated, according to an MSDN library article. WEDU will search for daily updates in the background. Administrators can also perform manual scans for new updates.

The service comes with a few caveats. While updates can be automated, the WEDU tool doesn’t let the user remove the updates. Windows Control Panel has to be used in those instances to remove “certain updates for developer tools,” according to the MSDN article. The article adds that “updates to distribution shares and repository databases cannot be removed.”

Microsoft provides advice on maintaining distribution shares and creating distribution shares in its blogs. The former blog recommends importing all Microsoft-released packages and updates and not removing packages from distribution shares. Distribution shares should be backed up before importing any updates.

Did you like this? Share it:

Tags: , , ,