ben.hamilton.id.au

If you're new here, you may want to subscribe to my RSS feed or learn more about me, Ben Hamilton or link to me via LinkedIn. I can be found tweeting at @benhamilton. Thanks for visiting!

I’m often writing scripts to do stuff. It makes my job easier. I’ve often wanted to be able to script the discovery of registry values in the Windows Registry.

Thus here is a short example on using the vanilla windows command line to find the value of a Windows registry key. From my testing these commands are all present by default in Windows XP, Vista, 7, Server 2003 and Server 2008.

Assume we want to find the Microsoft Windows Common Files directory. Using Regedit we can find that here: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir

So the first thing we want to do is query the registry, we do that with the command line tool reg as follows (more about reg):

reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp

This will spit out the following into the text file 1.tmp:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion    
CommonFilesDir    REG_SZ    C:\Program Files\Common Files

However, this isn’t of much use in a script. Really, we just want the value of the folder itself, not all the extra info.

So what we do is use the command line tool ‘findstr’ which essentially is a windows regex tool (more about findstr). We use it to do this:

findstr /r REG_SZ 1.tmp >2.tmp

This spits out just the line that contains REG_SZ and puts it into the text file 2.tmp. Now that we’ve just just the one line, we want to strip the first 32 characters off it. We do this by first setting it as an enviroment variale and then trimming it down using the following two commands (more on set):

set /p CommFiles=<2.tmp

And then we shorten that (more on trimming):

set CommFiles=%CommFiles:~32%

Then we can echo the result to the screen using:

Echo The Common Files directory is: %CommFiles%

And here it is all in one easy to copy set:

Set CommFiles=C:\Temp  
reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion /v CommonFilesDir >1.tmp  
findstr /r REG_SZ 1.tmp >2.tmp  
set /p CommFiles=<2.tmp  
set CommFiles=%CommFiles:~32%  
Echo The Common Files directory is: %CommFiles%

With a little editing I’m sure that you can turn this to your own uses, pulling out the value of registry keys and using them in script files. You’re not limited to this registry key, you can use it to access all sorts of registry keys.

Please do tell me what uses you put this to.

Enjoy.

Occasionally you may want to know the SID of a windows user. If that made no sense to you, read no futher, this snippet is not for you.

Open up REGEDIT and browse to this key:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Here you will find a list of SID’s, under each is a subkey containing the name of the user it is associated with. Run through them until you find the username you’re looking for and bingo, it’s parent key is that users SID.

Found via petri.co.il

Bonus link

Quick tip on getting the Network Connections control panel applet, do one of the following:

• WIN+R, ncpa.cpl<enter>
• CTRL-SHIFT-ESC, Applications, File, New Task, ncpa.cpl <enter>

This will give you quick access to changing network settings, useful if you have no mouse… as per a workstation I’m working on right now.

A client has a SharePoint installation that has died, with all their project files and data in it.

In the course of searching for how to resurrect it, I’ve found the following that seem to be things that others may well benefit from:

• An article on the Official SBS Blog, pointing to an unofficial tool:

  During disaster recovery, if no backups other than the database files exist, we may manually extract the files from the database as a “belt and suspenders” approach to disaster recovery.

• A script from Mark Jen at Plaxo that restores files from SharePoint SQL DB with their directory structure
• An article from Ed Walters on how to backup SharePoint

Possibly the biggest lesson here is to ensure that if your using SharePoint, make sure you back it up PROPERLY, ALL OF IT.

It is now two weeks in to my new digs at Evolution Marketing – and it sure is fun.

Primarily I’ve been learning how to drive ACT!, software to take care of your contact management. Yesterday and today I’ve been playing with custom tables in the ACT! MS-SQL database. While ACT! looks after contacts and tasks, meetings & calls to do with your contacts really well, some clients would like to be able to do even more, like handle job sheets etc. Which is the reason for the custom tables. These allow us to track all sorts of other information and connect them to contacts & companies.

I’ve also setup a Blackberry Bold simulator and a Windows Mobile 6 Emulator, this allows me to experience the same things as our clients, notably HandHeldContact, which allows you to sync multiple calenders, notes, histories etc to your phone – loads more than MS Exchange alone allows.

To paraphrase the paragraphs above, I’m having fun learning new stuff!

The other staff at Evolution are great to work with, the coffee is good and all the tech toys I’ve asked for have been delivered, with the exception of the telephone headset, but it is on the way so they’re forgiven ;-). Woot!

Update 20th Oct: Got the telephone headset on Friday afternoon. Cool.

If like me you need to test if network traffic is getting through a firewall then this tool will be of use to you as well.

You run it on the target/client system, specify which port you want it to listen on, a response message and click on listen. Able to listen on multiple ports even.

Get listen from here.

Sometimes while supporting products, it is very useful to know just what version/s of .NET are installed.

Found this tool just now shows you just that: Free DotNet VersionCheck Utility

If you’ve ever wanted a quick way to find out which versions and service packs of the .NET runtime are installed on a machine, or if you’re trying to resolve a ‘missing mscoree.dll’ error, then DotNET Version Checker is for you. VersionCheck itself does not depend on the .NET runtime. VersionCheck will also tell you whether you have the required Windows components to run .NET applications, and will prompt you with download locations if not.

Update: this page at Microsoft lists the downloads for .NET in the left menu bar.

Spotted this great list of open source tools for system administrators: 24 Great Open Source Apps for Admins & Technicians.

I can personally vouch for a number of these:

• Angry IP Scanner
• PuTTY
• DBAN
• DeltaCopy

For some tools that are not open source but free, you can’t go past live.sysinternals.com (details here) – now owned by Microsoft themselves these tools make a Windows Sysadmin job much easier.

A Terminal Server I was attempting to work on today gave quite a lot of grief. The first hint was that users were unable to login to it. When I then tried to login, it gave an error message of: Login Failed
You are connected to the remote computer. Howerver, an error occured while an initial user program was starting, so you are being logged off. Contact the system administrator for assistance.

So I rebooted it remotely using the command shutdown /r /f /m \TSERVER1 while having a continuous ping running, from the ping results I could see it go down, come back up. However on trying to login now, after entering a username/password I could see the logon script run, but no taskbar, start button appeared. Right clicking the desktop didn’t give any menu.

I could however navigate to the hard drive on that machine by pointing My Computer to \tserver1\c$\.

Copying some of the tools at live.sysinternals.com I was able to view the event logs, no issues apparent, check status of various services, all ok.

So I connected via RDP once more (mstsc /v:tserver1 /console) and viewed the background (still no start button or taskbar) and pressed CTRL-ALT-END which allowed me to start the Task Manager. This allowed me to run a new task (File | New tas (run...)) so now I was able to copy the sysinternals autoruns program to the root of the C: partition, and run it from the affected terminal server. Running c:\windows\explorer.exe didn’t work tho.

Delving into it’s depths I found an entry for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Explorer – renaming this entry then allowed Explorer to run. So I’ve exported the key (in case I do want it sometime) and then deleted it.

Rebooted the server once more and bingo, it lets everyone log in. Very satisfying after a couple of hours of mad hair tearing.

Like Symantec Anti-virus. At a friends house right now, and trying to uninstall the product, it won’t – it keeps saying that something else wants to keep it there. Very unhelpful error message by they way (if Symantec is listening).

Found a great page that explains how to remove unwanted software (surprise, they also trying to remove Symantec… hmmm….).

Here it is at it.toolbox.com/blogs/locutus.

In a nutshell this is how:

1. Open regedit, browse to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\ WINDOWS\CURRENT VERSION\UNINSTALL
2. Then do a search for Symantec (or the name of the software you want to be rid of)
3. Copy the value of UninstallString
4. Open a command prompt (Start | Run | CMD) and paste the UninstallString here and add REMOVE=ALL to the end of that string, press enter. It will look similar to this: MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} REMOVE=ALL
5. Done.