jeffharbert.com

I was working at home one weekend recently, performing some scheduled server maintenance. We have mostly HP servers where I work, and they have this nice feature built into them called Remote Insight. It’s a card that’s plugged into the motherboard of the server. This card has an ethernet port on it. You can connect to the RI card over this ethernet port and use it as a sort of virtual KVM. It’s a fantastic feature, letting you control a server remotely, shutting down or restarting if you need to, and, since it’s essentially attached to the console, you can even get into the BIOS should the need arise.

That is, when it works.

The RI cards are pretty reliable, but every once in a while they’ll disconnect you and make you wait a 30 minute timout period before it resets the connection. Not a big deal if you’re in the building, but a much bigger problem if you’re offsite, as I was this particular weekend.

Anyway, I had to shut down a server briefly, and that server’s RI card decided that right then would be a good time to drop its connection. I had to drive in to work on a Sunday just so I could press the power button on the server. I was good and annoyed, let me tell you.

The next work day, I decided to give myself a backup method of turning on a server. My tool of choice? A wonderful piece of technology called Wake on LAN. I use a tiny application called WOL.EXE for this. Open a command prompt, type “wol 112233445566″ (that last part being a MAC address) and WOL.EXE sends out what’s called the magic packet to wake up the computer (or server) with the correct MAC address. This would have suited my needs perfectly, if only I’d had the MAC address of the server in question.

Hmm, I feel some scripting coming on.

Let’s not limit this to servers. Let’s cover all the computers in an entire domain, ok? Ok.

The first thing to do is gather all the computer names from your Active Directory domain. I found the perfect script over at Microsoft’s Script Center Repository. Their website doesn’t support direct hyperlinking, so I can’t link to the script. I’ll just give it to you here:

On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject(”ADODB.Connection”)
Set objCommand = CreateObject(”ADODB.Command”)
objConnection.Provider = “ADsDSOObject”
objConnection.Open “Active Directory Provider”
Set objCommand.ActiveConnection = objConnection

objCommand.Properties(”Page Size”) = 1000
objCommand.Properties(”Searchscope”) = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
“SELECT Name FROM ‘LDAP://dc=fabrikam,dc=com’ WHERE objectCategory=’computer’”
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields(”Name”).Value
objRecordSet.MoveNext
Loop

Quick side note: The script references an example AD domain as ‘LDAP://dc=fabrikam,dc=com’. The AD domain where I work is actually a subdomain of our public domain name, so I have to add to the DC path above. Like so: ‘LDAP://dc=subdomain,dc=fabrikam,dc=com’. Note how I added a third DC section. That’s how you can reference a subdomain name in an LDAP path.

The script as-is will output the information it gathers to the console, but I wanted to capture it in a text file. The easiest way to do this without modifying the script is to run the script from within Microsoft’s Scriptomatic tool, with Scriptomatic set to display the results in a text file. Boom, nice and easy. I use Scriptomatic a lot this way.

Paste the script into Scriptomatic, change the LDAP path in the script to your own AD domain, and click Run. After a second or two you’ll see a text file pop open with a list of all the computers and servers in your domain. Save this text file somewhere safe. I saved mine with the name workstations.txt.

Now we need to fetch all the MAC addresses of the computers listed in that text file we just saved. We’ll use another script to do that, using the text file we just saved as the input for the script.

Here’s the script:

‘—– Let’s Dim our variables —————————————————————-

Dim strComputer, objFSO

‘—– Set some constants used for manipulating text files————————————-

Const ForReading = 1
Const ForAppending = 8

‘—– Let’s open the list of workstations we grabbed from Active Directory ——————-

Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set objFile = objFSO.OpenTextFile(”C:\scripts\Fetch MAC Addresses\workstations.txt”, ForReading)

‘—– We want to loop through the text file line by line, grabbing MAC addresses as we go —

Do Until objFile.AtEndOfStream
strComputer = objFile.ReadLine

‘—– Let’s see if we can ping the workstation ———————————————–

Set WshShell = CreateObject(”WScript.Shell”)
PINGFlag = Not CBool(WshShell.run(”ping -n 2 -w 250 ” & strComputer,0,True))

‘—– If we can ping the workstation, grab the MAC address and save it in a text file ——–

If PINGFlag = True Then
wScript.Echo strComputer & ” pings”
Dim objShell,objExec
Set objShell=CreateObject(”wscript.shell”)
strCommand=”nbtstat -a ” & strComputer
Set objExec=objShell.Exec(strCommand)
Do While objExec.StdOut.AtEndOfStreamTrue
strLine=objExec.StdOut.ReadLine
If InStr(strLine,”MAC Address”) Then
arrFields = Split(strLine, ” “)
strMAC1 = arrFields(7)
strMACAddress = Replace(strMAC1, “-”, “”)
strCompEntry = strComputer & “,” & strMACAddress
Set objFile2 = objFSO.OpenTextFile(”C:\scripts\Fetch MAC Addresses\MAC_Addresses.txt”, ForAppending)
objFile2.WriteLine strCompEntry
objFile2.close
End If
Loop
Else

‘—– If we can’t ping the workstation, let’s log that so we can get the MAC address later —-

Set objFile3 = objFSO.OpenTextFile(”C:\scripts\Fetch MAC Addresses\cannot_ping.txt”, ForAppending)
objFile3.WriteLine strComputer
objFile3.close

End If

Loop

The script reads the first workstation name, sees if the workstation responds to ping, runs the nbtstat command against the workstation, grabs the MAC address by monitoring the stdout of the nbtstat command, then saves the workstation name and MAC address (sans hyphens) to a second text file. Also, if the workstation does not respond to ping, it saves that workstation name to a third text file. We can use this third text file at a later date as the input file of this same script so that, over time, we can gather all the MAC addresses in our domain.

There you have it, all the MAC addresses in your domain. For myself, I now have all the information I need to wake up any workstation or server on my domain, but let’s not stop here. Let’s make it easy to use the MAC addresses we just gathered.

Here’s a script that prompts you for a workstation name, searches for the MAC address in the second text file, then automatically sends the WOL packet to wake up the workstation.

‘—– Let’s dim our variables ————————————————
dim fname, objFSO, objFile

‘—– This opens an input box into which we’ll enter our workstation name —-

fname=InputBox(”Which computer do you want to wake up?”)
fname = UCase(fname)

‘—– Some tracking integers ————————————————-

i = 0
y = 0

Const ForReading = 1

‘—– Open the text file of MAC addresses and read the ———————–
‘—– entire thing into memory at once —————————————

Set objFSO = CreateObject(”Scripting.FileSystemObject”)
Set objFile = objFSO.OpenTextFile_
(”C:\scripts\Fetch MAC Addresses\Copy of MAC_Addresses.txt”, ForReading)
strFile = objFile.ReadAll
objFile.Close

‘—– Split the file into an array, using the comma delimiter —————-

arrFields = Split(strFile, “,”)

‘—– When we find a match we’ll increment Y by 1, but ———————–
‘—– we want the script to keep looping until otherwise ———————

Do While y=0

‘—– Whatever array field has the workstation name, the MAC address ———
‘—– will be in the next field ———————————————-

strPC=arrFields(i)
strMAC=arrFields(i+1)

‘—– Let’s see if we have a match between the workstation name taken ——–
‘—– from the text file and the input box ———————————–

If strPC = fname Then

‘—– If we do, let’s grab the MAC address and send the WOL signal ———–

Dim objShell,objExec
Set objShell=CreateObject(”wscript.shell”)
strCommand=”C:\scripts\wol.exe ” & strMAC
Set objExec=objShell.Exec(strCommand)
‘—– Let’s get a visual confirmation that we sent the WOL signal ————

wscript.echo “Wake on lan command sent to MAC address ” & strMAC

‘—– Since we found a match, let’s increment Y ——————————
y=1
End If

‘—– If we didn’t find a match, let’s look at the next workstation name —–
‘—– which will always be two array segments away —————————

i=i+2

‘—– The loop will terminate here once Y=1, otherwise it’ll keep going ——

Loop

And there you have it. I hope you find this helpful.

Every once in a while the TCP/IP stack in Windows XP will break. The most obvious way to tell is to open a command prompt and run ipconfig. If it comes back with “Windows IP Configuration” and nothing else, TCP/IP is broken. If it was working, you’d at least see that the IP was 0.0.0.0. One oddity I’ve run across is that TCP/IP will function normally in Safe Mode but not in Normal Mode. YMMV, obviously.

Some will tell you that you have to reinstall XP if TCP/IP breaks. This is not necessarily the case. You can repair TCP/IP with one simple command. Open a command prompt and run this command:

netsh int ip reset c:\resetlog.txt

This resets TCP/IP to the state it was in when XP was first installed. Run this command, reboot, and you should be golden.

Note: After you run this command, some apps that rely on networking might need to be reinstalled. When I used this command to repair TCP/IP on one of our company laptops, the VPN client on the laptop didn’t work anymore. I had to remove and reinstall it. Again, YMMV.

You can kill processes on a remote computer by using the taskkill command. Run ‘taskkill /?’ on a command line to see all the options.

We use SpySweeper on all our workstations at work. It occasionally hangs during a scan, severely slowing down that particular PC. Here’s the command I use to kill it remotely:

taskkill /s computername /im spysweep* /f /t

/s lets you designate a remote PC, in this case ‘computername’.
/im lets you specify a process by application name. This lets you kill a process without knowing the PID
/f forces a process to close
/t also kills any child processes

I’ve actually made a batch file on my workstation called ks.bat. ‘ks’ = kill SpySweeper. Here it is:

taskkill /s %1 /im spysweep* /f /t

I simply open a Run dialog box, enter ‘ks computername’ and it kills SpySweeper on whatever workstation I specify.

Change XP to the Classic theme: Right-click on the desktop and select Properties. On the Theme tab, select ‘Windows Classic’ from the drop-down menu. Click Apply, then OK.

On systems that use shared system memory instead of dedicated video memory, turn off the wallpaper and reduce the color depth to 16-bit.

Reduce visual effects. Right-click on My Computer and select Properties. Click the Advanced tab. Under ‘Performance’, click Settings. Select ‘Adjust for best performance’. Click Apply, then OK, then OK again.

Open the Registry. Start > Run > regedit.

Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl
Give ‘Win32PrioritySeparation’ a Hex value of 26. This prioritizes applications over background services. Do NOT do this on a server.

Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Give ‘DisablePagingExecutive’ and ‘LargeSystemCache’ each a value of 1. The first one keeps critical OS and application processes in RAM and prevents them from being written to the swap file. This keeps apps more responsive. The second one makes that RAM cache larger. This does not reduce swap file use per se, but it does keep the more important stuff in RAM so apps remain (mostly) immediately usable.

Schedule weekly disk defrags:
Open a command prompt. Enter: at 03:00 /every:Sunday “defrag c:”. This will defragment the C: drive every Sunday at 3:00am. Change time and day values to whatever you need. Enter a separate ‘at’ command for every local drive letter, staggering the times by 30-60 minutes.

Reboot and enjoy. It won’t be greased lightning, but it’ll be better.

There are several things you can do with XP to make it run better on older hardware.

• Change the display settings to use the standard Windows theme instead of the default XP theme.
• Under System Properties, Performance Options, Visual Effects, choose ‘Adjust for best performance’.
• Use 16-bit color depth on systems that use shared system memory instead of dedicated video memory.
• Set the Prefetcher to only grab boot files. Open Regedit and go to this key: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters. Change the value of ‘EnablePrefetcher’ to ‘2′. Delete the contents of C:\WINDOWS\Prefetch and reboot.

Lastly, turn off any unneeded services. Here’s a good list:

• Error Reporting
• Help and Support
• Messenger
• Themes
• WebClient
• Windows Audio
• Wireless Zero Configuration

One thing I’ve encountered at every tech support job I’ve had are users that are afraid of their computers. I liken this to driving to a location you’ve never been before in the dark without a map. You’re either going to drive slowly so you don’t miss your destination or drive fast to cover up your nervousness. While the first approach is preferable, it is also inefficient. It would better to look up directions and become familiar with a map of the area before you begin your trip. This is the approach I take to user training.

There are several things every computer user should know. Here’s a partial list, in no particular order:

• The ‘why’ of strong passwords.
• How to easily use strong passwords.
• The difference between logging off, rebooting, and shutting down.
• The difference between programs and data.
• How to map a network printer.
• How to map a network drive.
• Proper terminology - Computers are not ‘hard drives’ or ‘CPUs’.
• The difference between memory and storage.
• How to handle hung applications.
• The importance of error and warning messages.

By learning these things, all of which can be easily taught in 30 minutes or less, users become more confident, more productive, and, because they’re better equipped to explain problems clearly, trouble tickets can be closed more quickly.

If you’re sending an email to more than one person, it’s not always a good idea to put everyone’s email address in the TO field. Every address you put in the TO field will be visible to everyone who receives the email. People often like to keep their email addresses private, and you would be sharing it if you put everyone’s address in the TO field. Instead, add them to the BCC field. Let’s go over some rules.

• If the email is work related and and it’s only going to coworkers inside your company, use the TO field.
• If you’re email a coworker or customer and you want your boss to have a copy of the email, use the TO field unless you don’t want the recipient to know you’ve copied your boss on the email.
• If it’s a personal email and everyone in your list knows everyone else - with no exceptions - use the TO field.
• If it’s a personal email and everyone in your list does NOT know everyone else, use the BCC field.

Why that last one? I, like many people, keep tight control over my personal email address. I don’t mind my friends having it, but I do not want your sister’s best friend’s husband’s cousin to have it. Instead, put your own email address in the TO field, and put everyone elses email address into the BCC field. That will retain the privacy of everyone’s email addresses.

It can be quite confusing and time consuming to read a long trouble ticket log to determine what the problem is and what steps have been taken to resolve the problem. This can be avoided by using templates. Let me give you some examples.

ATTEMPT:
RESULT:
CAUSE:
TROUBLESHOOTING:
FIX:

Copy and paste this into the ticket and start filling it out. ‘Attempt’ is what the user is trying to do. ‘Result’ is what happens when they try. ‘Cause’ is what caused the problem, if known. ‘Troubleshooting’ would contain a summary of all the troubleshooting steps taken. ‘Fix’ is what steps actually resolved the problem.

Not every step is necessary for every problem. If a user needs their password reset, there’s little need to fill out Troubleshooting, just Fix. In fact, for very simple problem, you could use an abbreviate template:

PROBLEM:
FIX:

A general rule would be to use the longer template for any tickets you have to pass on to someone else.

(more…)

Tips and Tricks

*On PCs with less than 512mb RAM, set Windows XP to the Classic theme. This will save about 30Mb RAM and help avoid hitting the swap file, which will speed things up nicely.

*If a login script instead of a Group Policy is used to map network drives, remote users will often not have their network drives mapped upon login. No server connectivity, no login script. Create a batch file for them and place it on their desktop. After connecting via VPN, they can run the batch file and have access to their drives.

*If your company has several departments where different groups have, say, a different S: drive, make a list of what the S: drive should be for each department. Keep this list handy so you can refer to it when someone can’t connect to their S: drive. This will save you from having to hunt down that information every time.

I have an ancient Samba file server at home. It’s a Pentium Pro 180 with 256mb RAM, a custom BIOS that allows it to recognize large hard drives, and an 80Gb drive. I run Red Hat 7.1 on it and it works just fine. Running X on it is a tad slow, but it’s perfectly usable as a small file server.

I also have a sweet little Windows 98SE box I keep around for older games. It’s a Dell Dimension 4100. 1Ghz PIII, 512mb RAM, 40Gb drive, 32x CD burner. I used Alper Coskun’s unofficial Win98SE service pack, which includes many Win98 patches not included in Windows Update, along with registry and appearance updates. He updates this service pack every so often. I’ve been using it for several years. It boots faster than my 2.4Ghz P4 box and is just as stable.

I keep around a PII-350 and a Duron 700 box for miscellaneous testing and experimenting. I have at various times installed Win2k Advanced Server, Win2k3 Server, Ubuntu, Kubuntu, Mandriva 10.x, Fedora Core 1-6, Damn Small Linux, Knoppix, and others.

I also have a nifty little P200 box. It runs FreeSCO, uses a 4mb Compact Flash card instead of a hard drive, and two PCI NICs. It boots in about 12 seconds once the POST is done. This was my firewall at home for about three years. Except for power outages and tinkering, I think I had to reboot it three times. This box actually started out as a P100, which is more than enough CPU power for a firewall. I swapped in a P200 chip just because I had it around.

My main box is a 2.4Ghz P4 with the 800Mhz FSB and 2Gb RAM.

It can be quite confusing and time consuming to read a long trouble ticket log to determine what the problem is and what steps have been taken to resolve the problem. This can be avoided by using templates. Let me give you some examples.

ATTEMPT:
RESULT:
CAUSE:
TROUBLESHOOTING:
FIX:

Copy and paste this into the ticket and start filling it out. ‘Attempt’ is what the user is trying to do. ‘Result’ is what happens when they try. ‘Cause’ is what caused the problem, if known. ‘Troubleshooting’ would contain a summary of all the troubleshooting steps taken. ‘Fix’ is what steps actually resolved the problem.

Not every step is necessary for every problem. If a user needs their password reset, there’s little need to fill out Troubleshooting, just Fix. In fact, for very simple problems, you could use an abbreviated template:

PROBLEM:
FIX:

A general rule would be to use the longer template for any tickets you have to pass on to someone else.

If you work in an environment that has a number of everyday problems, keep a bunch of these templates in your text file already filled out as much as you can. You can also do this for short-term issues. For example, let’s say a recent patch installed on a server used to verify VPN logins caused a problem where every user was locked out. You’re of course going to see a spike in calls, so make yourself a template:

ATTEMPT: Logging in via VPN
RESULT: Error message: Access Denied
CAUSE: Server patch causing account lockouts.
TROUBLESHOOTING: None needed - known issue.
FIX: Unlocked user’s VPN account and verified they could log in.

There you go. Type it up once then copy and paste it for every VPN call related to this problem.