Allow Users on Domain to Control Power Settings

April 9, 2009May 28, 2014 Wayne Zimmerman 2 Comments

In some domain environments you need to allow some control back to the users where they can manage it best. A perfect example of this is Power Settings, by default a normal domain user does not have the rights to control the power settings on the PC. This can lead to the computer turning off the monitor or going to standby at inopportune times. A way to solve this problem is by modifying the registry so any user authenticated / interactive user can modify these settings. To do this you need to use the regini.exe, it allows you to modify permissions in the registry from command line. Basically anything under registry key: (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\) need to be given permissions to be modify by the user. Below I have included some code that needs to be placed in a text file for parameters to pass to regini.exe during workstation start up.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\0 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\1 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\2 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\3 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\4 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\5 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\0 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\1 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\2 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\3 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\4 [1 5 7 11 17 21]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\ProcessorPolicies\5 [1 5 7 11 17 21]

Once you have this file made save it Machine Startup Scripts directory for Group Policy. Then add the following entry to the Group Policy (shown below) and the users should now be able to modify their computers power settings.

For more detail on parameters or what exactly regini.exe can do for you hop on over to Microsoft KB 237607.

Good Saturday

April 4, 2009April 14, 2009 Wayne Zimmerman Leave a comment

I’m happy the weekend is here, this weekend in specific we are taking care of my parents dog Boomer. He already has had quite the weekend staying the weekend at my house rather than theirs. We also took him to University Park in College Station. He ran around and explored some and then played with the other dogs that showed up while we were there. He was very tried at the end of that. Jen and I came back and grabbed some lunch (Boston’s in Aggieland is half priced pizza, we saved 16.50 on 2 mediums) and watched part of the Nascar Nationwide Texas Race that my parents are attending. Unfortunately, we don’t have cable here at the house, and it wasn’t available on ESPN 360 like last year, so I don’t’ get to finish it.

Work this week went quite well. Made some real progress towards finish the EMS eCAD Web Interface. I hope it turns out as well as I ambition. We will go another few days on double labels as we found a few more on Friday. Crystal Reports has become my friend here in the last week as I created a few reports in it and have found that it is very friendly for database exploration. Anyways, Have a Good Weekend and Enjoy Chilifest.

~waynezim

List Local Accounts from Computers in Active Directory

April 1, 2009May 28, 2014 Wayne Zimmerman Leave a comment

When you finally take the plunge and decided that the only way to take your business to the next level is to setup a true client/server environment, here is a script to help you clean up those old accounts. When you convert to an Active Directory structure, you need to remove all the old local user accounts. This will reduce the security risks by removing accounts that you can’t force to conform to the rules setup by Group Policy. Also, if you were running these users as Administrators or Power Users and now have limited them down to a Standard user, without removing their old local accounts they may have elevated rights that they don’t need. Using this script you can query every computer in you Active Directory and get a list in CSV that you can use to know where that accounts are that need to be removed. In this script you can modify the output file so you can save the file where you want. You will also need to modify the Active Directory information to match your Domain configuration.

Tip: You can remotely connect other computers on your domain using “compmgmt.msc /computer:[remote computer]” from there you can manage user accounts in Local Users and Groups.

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "MYDomainController" 'put domain controller here

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name, Location from LDAP://DC=subdomain,DC=zim,DC=local' " _  'update this with your AD information
        & "Where objectClass='computer'"  
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
	LocalUsers objRecordSet.Fields("Name").Value, "C:\localaccounts.csv" 'adjust output file name as needed
    objRecordSet.MoveNext
Loop

Sub LocalUsers(strComputer, strFilename)
	On Error Resume Next
	Set StdOut = WScript.StdOut
	 
	Set objFSO = CreateObject("scripting.filesystemobject")
	Set logStream = objFSO.opentextfile(strFilename, 8, True)
	 
	Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")
	If Err.Number Then
	      logStream.writeline(strComputer & ",Offline")
	      Err.Clear
	Else
		Set colAccounts = GetObject("WinNT://" & strComputer)
		colAccounts.Filter = Array("user")

		For Each objUser In colAccounts
		        logStream.writeline(strComputer & ",Online," & objUser.Name & "," & objUser.AccountDisabled) 
		Next
	End If

	logStream.Close
End Sub

Open For Business

March 31, 2009April 9, 2009 Wayne Zimmerman Leave a comment

Okay so it’s not really open for business exactly, however the server and website is up. You have to give me credit that’s a start in the right direction. And yes I am very aware that half of the links at the top don’t work, and I am still using the default graphics, but fear not in time it will become much more personalized. This site has been a long time coming. I have made several other websites along the way but nothing truly to call my own. Though this blog I plan to share with you code that I develop mostly related to my job but can probably be applied to most network environments. I will also share my profile of projects that I am either working on or have finished though out my career. Lastly, my life of pictures, tweets and random blog entries about life. So please stick around and take it in I hope you find it useful and not too offensive.

~waynezim

Remove Old Windows Updates Automatically using Logoff Script

March 31, 2009May 28, 2014 Wayne Zimmerman Leave a comment

This is a great script that helps you keep those patched boxes on your network running longer and faster. This script checks to see how old the Microsoft Windows Update Uninstall folders are and deletes them based on a parameter in the script. This reduces clutter on your PC and reduces one of the major disk hogs in a corporate environment. This script should be included in the Computers Group Policy so it has Administrative access to the PC so it can actually remove the files.

Set oShell = CreateObject("Wscript.Shell")
strWindows = oShell.ExpandEnvironmentStrings("%WINDIR%")

On Error Resume Next
Set fsoFolder = CreateObject("Scripting.FileSystemObject")

Set objFolder = fsoFolder.GetFolder(strWindows)
Set colSubfolders = objFolder.Subfolders

For Each objSubfolder in colSubfolders
	If (DateDiff("D", objSubfolder.DateCreated, Date()) > 90) AND ((Left(objSubfolder.Name,3)) = "$Nt") then
		fsoFolder.DeleteFolder strWindows & "\" & objSubfolder.Name, TRUE
	End If
Next