Finding profiles on domain workstations

‘ NAME: ScanComputersForProfile
‘ AUTHOR: Yuri de Jager , Provincie Groningen
‘ DATE  : 2009-05-20
‘ COMMENT: Scans all client computers from OU for a user profile. This
‘          was needed after it was suspected a user logged in with some one
‘          else account to read mail he wasn’t suppose to read.
‘ VERSION: 1.0 – Yuri de Jager – Initial Release
‘==========================================================================
Option Explicit
Dim objFSO
Dim objOU
Dim objFile
Dim objComputer
Dim objIP
Dim strComputer
Dim strLogFile
Dim intCounter
Dim intProfileFound
‘Profile name to search For
‘Const strProfile = “<ProfileName>”
Const strProfile = “IVT986”
‘Logfile path
strLogFile = “ScanComputersForProfile_” & strProfile & “.log”
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objFile = objFSO.CreateTextFile(strLogFile, True)
Set objIP = CreateObject(“SScripting.IPNetwork”)
Function PingSSR( myHostName )
‘ This function returns True if the specified host could be pinged.
‘ myHostName can be a computer name or IP address.
‘ This function requires the System Scripting Runtime by Franz Krainer
‘ Standard housekeeping
Dim objIP
Set objIP = CreateObject( “SScripting.IPNetwork” )
If objIP.Ping( myHostName ) = 0 Then
PingSSR = True
Else
PingSSR = False
End If
Set objIP = Nothing
End Function
‘ Bind to the OU holding the computeraccounts, using the full Distinguished Name.
‘Set objOU = GetObject(“LDAP://ou=<ComputersOU>,dc=<Domain>,dc=<TopLevelDomain>”)
Set objOU = GetObject(“LDAP://ou=WS,dc=provinciegroningen,dc=nl”)
‘ Filter on objects of class computer.
objOU.Filter = Array(“computer”)
‘ Enumerate all computer objects in OU.
For Each objComputer In objOU
‘ The object reference objComputer is bound to each domain computer object with the LDAP provider.
strComputer = objComputer.sAMAccountName
‘ Remove trailing “$”.
strComputer = Left(strComputer, Len(strComputer) – 1)
‘For Testing
‘objFile.WriteLine “Replacing ” & strComputer & ” for <TestComputerName>”
‘strComputer = “<TestComputerName>”
‘Check if computer is turned on
If PingSSR(strComputer) = True Then
On Error Resume Next
‘If online
If objFSO.FolderExists (“\\” & strComputer & “\C$\Documents and Settings\” & strProfile)then
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” FOUND on PC!”
intProfileFound = CInt(intProfileFound) + 1
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” NOT found on PC.”
End If
‘If offline
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Computer was not responding to ping.”
End If
intCounter = CInt(intCounter) + 1
Next
‘Write final line and close logfile
objFile.WriteLine “All done. Scanned ” & intCounter & ” PC’s. Profile found on ” & intProfileFound & ” PC’s.”
objFile.Close
‘Free memory
Set objFSO = Nothing
Set objOU = Nothing
Set objFile = Nothing
Set objComputer = Nothing
Set objIP = Nothing
Set strComputer = Nothing
Set strLogFile = Nothing
Set intCounter = Nothing
Set intProfileFound = Nothing
‘Notify user
msgbox “done”
Quit
Recently I was asked if I could see if a user account was used by an unauthorized user (that somehow got the password for the account). I answered there is no way of knowing, because it is not technically possible to know what person is operating a machine if they use some other user’s  user name.
I could see however, on what machine this user was logged onto. Although this holds no legal ground what so ever, it could confirm some suspicion.
So I wrote composed this VB script to check all domain workstations for a profile.
It requires you to run it with an account that has admin privileges on the domain workstations for obvious reasons. It also requires you to install a little piece of software, namely System Scripting Runtime, to enable ping functionality without the usual weird scripting. You can download it here and find more info on it here.
The script is easily adjustable to check for more info, but my guess is you’ll figure it out =)
Replace the values within brackets <> with your domain information.
‘ NAME: ScanComputersForProfile
‘ AUTHOR: Yuri de Jager
‘ DATE  : 2009-05-26
‘ COMMENT: Scans all domain workstations from an OU for a user profile.
‘ VERSION: 1.0 – Yuri de Jager – Initial Release
‘==========================================================================
Option Explicit
Dim objFSO
Dim objOU
Dim objFile
Dim objComputer
Dim objIP
Dim strComputer
Dim strLogFile
Dim intCounter
Dim intProfileFound
‘Profile name to search For
Const strProfile = “<ProfileName>”
‘Logfile path
strLogFile = “ScanComputersForProfile_” & strProfile & “.log”
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objFile = objFSO.CreateTextFile(strLogFile, True)
Set objIP = CreateObject(“SScripting.IPNetwork”)
Function PingSSR( myHostName )
‘ This function returns True if the specified host could be pinged.
‘ myHostName can be a computer name or IP address.
‘ This function requires the System Scripting Runtime by Franz Krainer
‘ Standard housekeeping
Dim objIP
Set objIP = CreateObject( “SScripting.IPNetwork” )
If objIP.Ping( myHostName ) = 0 Then
PingSSR = True
Else
PingSSR = False
End If
Set objIP = Nothing
End Function
‘ Bind to the OU holding the computeraccounts, using the full Distinguished Name.
Set objOU = GetObject(“LDAP://ou=<ComputersOU>,dc=<Domain>,dc=<TopLevelDomain>”)
‘ Filter on objects of class computer.
objOU.Filter = Array(“computer”)
‘ Enumerate all computer objects in OU.
For Each objComputer In objOU
‘ The object reference objComputer is bound to each domain computer object with the LDAP provider.
strComputer = objComputer.sAMAccountName
‘ Remove trailing “$”.
strComputer = Left(strComputer, Len(strComputer) – 1)
‘For Testing
‘objFile.WriteLine “Replacing ” & strComputer & ” for <TestComputerName>”
‘strComputer = “<TestComputerName>”
‘Check if computer is turned on
If PingSSR(strComputer) = True Then
On Error Resume Next
‘If online
If objFSO.FolderExists (“\\” & strComputer & “\C$\Documents and Settings\” & strProfile)then
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” FOUND on PC!”
intProfileFound = CInt(intProfileFound) + 1
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Profile ” & strProfile & ” NOT found on PC.”
End If
‘If offline
Else
objFile.WriteLine “Scanned PC ” & strComputer & “. Computer was not responding to ping.”
End If
intCounter = CInt(intCounter) + 1
Next
‘Write final line and close logfile
objFile.WriteLine “All done. Scanned ” & intCounter & ” PC’s. Profile found on ” & intProfileFound & ” PC’s.”
objFile.Close
‘Free memory
Set objFSO = Nothing
Set objOU = Nothing
Set objFile = Nothing
Set objComputer = Nothing
Set objIP = Nothing
Set strComputer = Nothing
Set strLogFile = Nothing
Set intCounter = Nothing
Set intProfileFound = Nothing
‘Notify user
msgbox “done”
Quit
Advertisements

SQL Server 2008 Management Studio Express installation error: Performance counter registry hive consistency (failed)

I tried to install the SQL Server 2008 Management Studio for my SQL Server 2008 Express installation and received the error ‘Performance counter registry hive consistency’ with status ‘Failed’.

perfomance1

Log file:

InstallGlobalRules: SQL Server 2008 Setup configuration checks for rules group ‘InstallGlobalRules’
PerfMonCounterNotCorruptedCheck Checks if existing performance counter registry hive is consistent. Failed The performance counter registry hive is corrupted. To continue, you must repair the performance counter registry hive. For more information, see http://support.microsoft.com/kb/300956.

So I went to the Microsoft KB article that is supposed to help me out: KB300956. What a nightmare. After I finally removed the values for all FirstCounter, LastCounterer, FirstHelp and LastHelp entries and rebooted my PC… nothing changed. Oh wait, I forgot to run lodctr /R. Hmm, that requires input from the ini files I ‘lodctr-ed’ before the reboot. Hrrmphh. OK, done. Same setup error, grrr.

After some more searching I found a clue that pushed me in the right direction. I fired up Regmon(everyone should have the Sysinternal tools!) and excluded al running processes except setup100.exe. I pressed the Rerun button on the setup screen. I did a search for Perflib and came up with this:

perfomance2

I exported my HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Perflib09 registry key. Edited it to point to 013 and inserted it back into the registry. Same with 0413. Pressed rerun again and viola:

perfomance3

This obviously has everything to do with not running a US English Windows version. I can’t believe Microsoft didn’t test this on non-English systems though. Well.. maybe I can =)

I hope this helps out some people who got this annoying error.

perfomance4

Oh and by the way. If you receive the error ‘Restart computer with Status: Failed’, Just rename the PendingFileRenameOperations key in HKLM\SYSTEM\CurrentControlSet\Control\SessionManager to something else and re-create the REG_MULTI_SZ key again, but of course leave it empty =)

This is a generic tip that can help you with many equivalent errors of all kinds of software.

Deleting profiles with Delprof.exe and the Vista workaround

I went through the Resource Tools directory yesterday and found a nifty utility: delprof.exe. This is what it does:

C:\WINDOWS\system32>delprof /?
Microsoft« Windows« Operating System User Profile Deletion Utility v5.2

Microsoft Corporation. All rights reserved.

This utility deletes Windows NT, Windows 2000, Windows XP and Windows Server 2003 family user profiles.

usage:  DELPROF [/Q] [/I] [/P] [/R] [/C:\\<computername>] [/D:<days>]

/Q      Quiet, no confirmation.

/I      Ignore errors and continue deleting.

/P      Prompts for confirmation before deleting each profile.

/R      Delete roaming profile cache only

/C      Remote computer name.

/D      Number of days of inactivity.

C:\WINDOWS\system32>delprof /?
Microsoft« Windows« Operating System User Profile Deletion Utility v5.2
⌐ Microsoft Corporation. All rights reserved.
This utility deletes Windows NT, Windows 2000, Windows XP and Windows Server 2003 family user profiles.
usage:  DELPROF [/Q] [/I] [/P] [/R] [/C:\\<computername>] [/D:<days>]
/Q      Quiet, no confirmation.
/I      Ignore errors and continue deleting.
/P      Prompts for confirmation before deleting each profile.
/R      Delete roaming profile cache only
/C      Remote computer name.
/D      Number of days of inactivity.

Really nice! I log onto alot of PC’s because of my job and I never like the idea that my profile sits there for ever and ever. Also when cleaning up PC’s one of the first things I do is deleting old user profiles, this saves alot of diskspace, sometimes gigabytes. I always had to login, open properties of this computer->advanced tab->Profiles button->lookup the last login date of every profile and decide if I would delete it. Very time consuming. With this utility I can do it all from my admin PC =)

‘delprof /C:\\<computer name> /D:31’ deletes all user profiles older then 31 days on computer <computer name>. What a breeze =) Please note, it will also delete the local administrator profile so make sure you leave nothing of value there. It will not touch the All Users, Default User, NetworkService and LocalService profiles.

Sweet! But what about Vista?

As of now, the utility is not compatible with Vista nor is there news of Microsoft developing a new util for Vista or enhancing the util to work on Vista.

There is, however, a Group Policy setting you can use to set a max age for user profiles. You can find it in Computer Configuration->(Policies (WS2K8 only)->)Administrator Templates->System->User Profiles->Delete user profiles older than a specified number of days on system restart. This only works on Vista though.

1

If you don’t like roaming profiles at all on your workstations, you can use the ‘Delete cached copies of roaming profiles’ option.

2

Virtualbox Installation Error: Event-id 1033 Status 1603

While trying to upgrade my nVritualbox from version 2.2.0-r45846 to version 2.2.2-r46594,  at one point the installation rolled back seemingly without throwing an error. The eventviewer contained this information (sorry, it’s Dutch) :
Type gebeurtenis: Informatie
Bron van gebeurtenis: MsiInstaller
Categorie van gebeurtenis: Geen
Gebeurtenis-ID: 1033
Datum: 2009-05-07
Tijd: 17:18:31 PM
Gebruiker: X
Computer: Y
Beschrijving:
Het product is geïnstalleerd. Productnaam: Sun xVM VirtualBox. Productversie: 2.2.2. Producttaal: 1033. Status van geslaagde/mislukte installatie: 1603.
Zie Help en ondersteuning op http://go.microsoft.com/fwlink/events.asp voor meer informatie.
Gegevens:
0000: 7b 30 35 34 32 32 33 31   {0542231
0008: 46 2d 32 30 31 30 2d 34   F-2010-4
0010: 43 37 42 2d 39 31 36 39   C7B-9169
0018: 2d 45 43 30 43 30 43 42   -EC0C0CB
0020: 39 46 33 37 31 7d         9F371}
I quickly found ticket 1730 on the virtualbox website. This issue seemed fixed, but then reoccured in newer builds.
I first copied the MSI files from a temp dir to an installation folder. I followed the instructions given on the site and ran the installer with logging options: ‘msiexec /i VirtualBox-2.2.2-r46594-MultiArch_x86.msi /l*xv install.log’. I found the rollback command and right before that the reason for the rollback:
DIFXAPP: ERROR 0x2 encountered while opening persistent-info key for component ‘{B7D782D2-96DF-4775-A0E1-A76CF7B04B65}’
At first I thought it had to do with my disabled Host-Only NIC, but the install still failed with the same error after I enabled it.
Solving this, however was very simple. I ran a repair of the current installation. This required a reboot. After the reboot, the installation of the new version 2.2.2 went smoothly.

While trying to upgrade my Virtualbox from version 2.2.0-r45846 to version 2.2.2-r46594,  at one point the installation rolled back seemingly without throwing an error. The eventviewer contained this information (sorry, it’s Dutch) :

Type gebeurtenis: Informatie

Bron van gebeurtenis: MsiInstaller

Categorie van gebeurtenis: Geen

Gebeurtenis-ID: 1033

Datum: 2009-05-07

Tijd: 17:18:31 PM

Gebruiker: X

Computer: Y

Beschrijving:

Het product is geïnstalleerd. Productnaam: Sun xVM VirtualBox. Productversie: 2.2.2. Producttaal: 1033. Status van geslaagde/mislukte installatie: 1603.

Zie Help en ondersteuning op http://go.microsoft.com/fwlink/events.asp voor meer informatie.

Gegevens:

0000: 7b 30 35 34 32 32 33 31   {0542231

0008: 46 2d 32 30 31 30 2d 34   F-2010-4

0010: 43 37 42 2d 39 31 36 39   C7B-9169

0018: 2d 45 43 30 43 30 43 42   -EC0C0CB

0020: 39 46 33 37 31 7d         9F371}

I quickly found ticket 1730 on the virtualbox website. This issue seemed fixed, but then reoccured in newer builds.

I first copied the MSI files from a temp dir to an installation folder. I followed the instructions given on the site and ran the installer with logging options: ‘msiexec /i VirtualBox-2.2.2-r46594-MultiArch_x86.msi /l*xv install.log’. I found the rollback command and right before that the reason for the rollback:

DIFXAPP: ERROR 0x2 encountered while opening persistent-info key for component ‘{B7D782D2-96DF-4775-A0E1-A76CF7B04B65}’

At first I thought it had to do with my disabled Host-Only NIC, but the install still failed with the same error after I enabled it.

Solving this, however was very simple. I ran a repair of the current installation. This required a reboot. After the reboot, the installation of the new version 2.2.2 went smoothly.

%d bloggers like this: