Only four days have passed, yet I am getting ready for another adventure out in our great country. The Indianapolis 500 is one of the crown jewels in auto racing and my coworker just happen to have an extra ticket. Honestly, what is any guy gonna do? We are driving and leaving tonight for Dallas to stay with some of his relatives and relax before the huge drive on Friday up to Indy. Saturday we hang around and do some backyard beers and brats and resting from this crazy trip. Sunday is live at track race… I should be in turn 4 in somewhere in the grand stands, I will try to give a more exactly location once I’m there via Twitter. Then we watch the race again on TV that night because they delay the airing of it so that people can come home from the race and catch what they missed on TV. Kinda strange but I enjoy racing. Monday, which is Memorial Day we will be driving home like bandits to travel the 1100 miles back to College Station. I will be sure to take a bunch of pictures so I can share it with the rest of ya. I know I said I would post more about my DC trip but I just have not had the time because of the Indy trip so close together. Those should come next week once I am back and don’t have any trips planned, however then it gets close to moving time so beware more delays may be ahead.
Author: Wayne Zimmerman
List All Active Directory User Accounts in a CSV
We all know maintaining hundreds of user accounts can be frustrating especially when it comes to audit time and you need a good list of information to pass on to an auditor. Well today I am your savory, this simple script will produce you a list of users with some detailed information that can make audits or documentation much easier. The script creates a Comma Separated Values file or CSV that you can edit in Microsoft Excel or any standard spreadsheet application so you can customize the information before adding it to your report or audit. Below are the specific fields that this script will provide detail on for your Active Directory Users.
User Details
- Name
- Description
- Profile Path
- Home Drive
- Account Disabled
- Password Required
- User Changable Password
- Password Expires
- SmartCard Required
- Login Count
- Last Login (date)
- Last Password Change (date)
- Created (date)
- Modified (date)
Script Configuration
Before running this script there is some minor configuration that must be done so it can communicate with your Active Directory setup.
- Find objConnection.Open “Active Directory Server” change Active Directory Server to the name of your Domain Controller
- Find objCommand.CommandText = _
“SELECT Name, description, profilePath, homeDrive, distinguishedName,userAccountControl FROM ‘LDAP://dc=subdomain,dc=domain,dc=suffix’ WHERE objectCategory=’user'” change subdomain, domain, and suffix to the name of your domain i.e. west consco com (respectively) - Find Set logStream = objFSO.opentextfile(“C:\domainusers.csv”, 8, True) and change C:\domainusers.csv to the location where you want the file saved. Be sure to save it with the extension CSV
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_ACCOUNTDISABLE = &H0002
Const ADS_UF_PASSWD_NOTREQD = &H0020
Const ADS_UF_PASSWD_CANT_CHANGE = &H0040
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
Const ADS_UF_SMARTCARD_REQUIRED = &H40000
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Server"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT Name, description, profilePath, homeDrive, distinguishedName,userAccountControl FROM 'LDAP://dc=subdomain,dc=domain,dc=suffix' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Set objFSO = CreateObject("scripting.filesystemobject")
Set logStream = objFSO.opentextfile("C:\domainusers.csv", 8, True)
logStream.writeline("Name,Description,Profile Path,Home Drive,Account Disabled,Password Required,User Changable Password,Password Expires,SmartCard Required,Login Count,Last Login,Last Password Change,Created,Modified")
Do Until objRecordSet.EOF
strDN = objRecordset.Fields("distinguishedName").Value
Set objUser = GetObject ("LDAP://" & strDN)
If objRecordset.Fields("userAccountControl").Value AND ADS_UF_ACCOUNTDISABLE Then
Text = "Yes"
Else
Text = "No"
End If
If objRecordset.Fields("userAccountControl").Value AND ADS_UF_PASSWD_NOTREQD Then
Text = Text & ",No"
Else
Text = Text & ",Yes"
End If
If objRecordset.Fields("userAccountControl").Value AND ADS_PASSWORD_CANT_CHANGE Then
Text = Text & ",No"
Else
Text = Text & ",Yes"
End If
If objRecordset.Fields("userAccountControl").Value AND ADS_UF_DONT_EXPIRE_PASSWD Then
Text = Text & ",No"
Else
Text = Text & ",Yes"
End If
If objRecordset.Fields("userAccountControl").Value AND ADS_UF_SMARTCARD_REQUIRED Then
Text = Text & ",Yes"
Else
Text = Text & ",No"
End If
logStream.writeline(objRecordset.Fields("Name").Value & ","_
& objRecordset.Fields("description").Value & ","_
& objRecordset.Fields("profilePath").Value & ","_
& objRecordset.Fields("homeDrive").Value & ","_
& text & ","_
& objUser.logonCount & ","_
& objUser.LastLogin & ","_
& objUser.PasswordLastChanged & ","_
& objUser.whenCreated & ","_
& objUser.whenChanged & ","_
)
objRecordSet.MoveNext
Loop
logStream.Close
Living without Cable
It is coming up on a year that I have not had to pay for cable television. I still have cable in my house as it it is the fastest cheapest internet source for where I live but I don’t pay for any sort of standard TV programming with that.
Before I went without cable I was spending about $140 a month for having an HD DVR, HD Channels and extended basic, with HBO and standard 3 megabit internet. I am currently paying $55 a month for just 8 megabits high speed internet. There is some real savings there of over $1000 dollars, but the real question is did I miss a show. No, is the answer to that, I have a DVR though Hulu which never misses a show unlike my DVR did, and if i’m hanging around that night and want to watch it live I am able to pick up ABC, CBS, FOX and NBC with Over-the-Air HD so i’m really not missing out on much HD primetime TV when I’m home, and Hulu and the other websites that give you TV over the internet do a full screen and look great on my TV using my HP Z555 Media Center PC connected via HDMI.
For the shows that I cannot find on Hulu or their respective networks website, I turn to torrents because if I have this problem so does everyone else. They are not hard to find especially if you are looking for the latest episode of Heroes for example, you can even get some in HD if you really want to spend the extra time downloading. I tend to stick with the standard divx file. Also with my skills of installing XBMC on Xbox it allowed me to see any of the media I have downloaded in the bedroom using my home network. Even better is that is Media Mall’s PlayOn Media Server which will access internet content including Hulu and stream it to “dumber” devices across your home network. This is how we have been able to see Hulu in the bedroom with out the use XBMC Hulu Plugin, which is still not ready for prime time.
For the most part I don’t miss a show, I do miss ESPN, Versus and Fox Sports because they tend to carry the live sports that I would like to see, and although ESPN has ESPN 360 it doesn’t carry the things I wanna see like Nascar races or some college football games. So if you are a sports lover then you still might need cable or satellite for that need, I find that it is just excuse to go find some friends and watch the game with them or find a bar and makes new friends watching the game.
I will continue not paying for cable and enjoying saving that bit of cash. The only real problem I can see with this is with bandwidth caps, that might force me to rethink this whole thing if the limit the amount of content that I can download from sources, but for now the pipe is wide open and I will use it to my advantage.
National Bike to Work Day – May 15th
I would just like to remind everyone that tomorrow is National Bike to Work Day. For all of you out there that haven’t tried biking somewhere in a while this is a perfect time to start. I am on vacation at the moment but I still have not forgotten that it is Friday. Here in DC the local bike Bike and Roll Rental Shop will allow you to rent a bicycle for free all day on Friday if you live in the DC and will use it to commute. I don’t know what they are doing back in Texas but anyone that hasn’t ridden since they were a little kid needs to give it a shot. It is a great way to get into shape and save some money on that daily commute.
If you are needing a bike, Craigslist is probably the best way to get one for cheap, especially right around when students are moving out. If you are curious about what a good brand is or if a certain one will fit you, feel free to contact me or comment this post.
The Bryan/College Station area is a great place to bike as many road in College Station have dedicated bike lanes or sidewalks. Bryan is less formal about bikes on the road, however I’ve found all kinds of ways between towns on the bike. My suggestion is to just give it a try, it isn’t for everyone, but it sure does make you feel like you have accomplished something and the end of the day.
How to Deploy VNC using Group Policy
Do you spend too much time running from desk to desk just to help someone make a shortcut or change the default printer? This could be the solution for you. Using UltraVNC you can remotely view and control their workstation from your desk. This can save you time from running around everywhere, and make your users happier faster by solving their problems on the spot. You can also make your boss happy be making it authenticate with Active Directory. That will ensure that everyone that has the remote support access uses their own username and password, and it is easily managed with Active Directory Groups. VNC works very simply by installing a server on every workstation which allows it to share out the desktop to other clients / viewer programs. By installing the VNC Server on all your workstations it will allow you to connect using the client / viewer application and provide hands on support directly from your workstation.
Requirements
Making the MSI using VNCed
Now that you have the required software, the first thing we need to do is uncompress the VNCed UltraVNC MSI Creator to a folder on your desktop. Once completed, run the run.bat and it should popup a GUI interface you can use to configure different parts of the UltraVNC Server.
Using this interface you can adjust and explore what options you have to choose from to customize your UltraVNC Deployment for your environment. The defaults here are a pretty good start and you can click on each item to get a description of what it will change. You may want to install this to a test computer a few times before rolling it out.
At this time you also need to configure if you will be using if you will be using Active Directory Authentication or just a plain password.
– To setup the plain password just fill out the password item and leave the newMSLogon unchecked.
– To setup Active Directory Authentication check the newMSLogon and you will need to make a file to select for aclImportFile. This file can either be generated based on the UltraVNC Instructions or you can use my file by creating a text file called: MSACL.ini and pasting allow 0x00000003 "..\Domain Admins in to it. That will allow anyone in the Domain Admins group to have full access to any machine setup using this MSI.
Once you have finished configuring the options for UltraVNC hit the Generate UltraVNC MSI button at the bottom. This will generate your UltraVNC.msi in the folder in which VNCed was extracted to. This file is what you will use to deploy UltraVNC to your workstations.
Using Group Policy to Deploy the MSI
First you will need to open either your Group Policy Management Console (gpmc.msc) and either modify your existing Workstation Group Policy or make a new one just for the deployment of this application depending on how you want to deploy it. By making a different GP to install, it can allow you deploy it just to a few machines, and only change the settings on those machines, where as the workstation method installs it to all workstations. This really up to the requirements of your environment. Either way you will need to look under Group Policy Object for your domain and create one or right click on one and edit it.
Now use the Tree on the Left to browse to Computer Configuration > Software Settings > Software Installation and right click on Software Installation and select New > Package… It will now prompt you with an open dialog box, go and select the MSI that we created earlier. If all goes well you should end up with something like the screenshot shows to the left. If all goes well now the only thing you have to do is link it to the OUs that you want it to effect if you created a new one , or you let your workstation group policy deploy to all the workstations the next time they restart.
Firewall Configuration
If you run a firewall on your machine you will need to allow port 5900 open. If you only running the default Windows Firewall you can configure this using the same group policy that you deployed UltraVNC with. Just go to Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile then select Windows Firewall: Define port exceptions select Enabled then click the Show… button and click Add and fill out the items to specification.
For any other questions you have feel free to leave a comment I will be happy to assist you with the deployment.
For any other detailed information about UltraVNC you should check out their website at http://www.uvnc.com