whereami : HowTo ... Hacker\ library\ System Administration\scripts

Real Men Don't Click

Windows System administration with command lines and scripts

This is a collection of scripts (Visual Basic script, Windows batch files, ...) referred to in Network and System Administration in the Small Office (or: dutch version here). Scripts like these come in handy when attempting automatic system administration and system recovery and implementing a 'reproducible system' with unattended setups, silent installs and hands-free network configuration, and so on.

This collection is intended for a Microsoft Windows environment. Of course, you can apply the ideas behind it to linux as well.

Operating System Setup

Unattended Setup

sample answer file for Windows 2003 Server Setup. Refer to unattended (silent) installation of Windows 2003 Server for background information on how to prepare such a setup
sample answer file for Windows 98 Setup. Refer to unattended (silent) installation of Windows 98 for background information on how to prepare such a setup
Creating custom boot CD's for Windows Setup.

Post Installation Tasks: Server

Batch of commands to execute after Operating System Setup, to include Support Tools, Resource Kit, and various other software that is not by default included in the setup

Post Installation : PC configuration

Batch of commands to execute after Operating System Setup on the work station / client PC's.

modifying the Windows Registry
adding Active Directory client software, WMI Support, and other post installation tasks on Windows 98
script to enable DHCP clients, works on Windows XP - does not work on Windows NT4 and 98.

Disks and Partitions

makePartitions.bat: After Operating System Setup, the remaining disk space should be partitioned and formatted
changing windows xp default folders.: script to move the default 'Program Files' and 'Documents and Settings' folder to a new location and create/move/increase the pagefile. A post-installation script to manage the use of multiple partitions on a baseline computer.
DiskSpace.vbs: DiscSpace reports free / used disk space on partitions, folders and disks, and writes the result to a file. If run an regular intervals (as a scheduled task), it gives an idea of the data volume growth rate, which can be useful to predict when a given partition or disk will be completely full, or to plan the necessary size of new disks

Active Directory Setup

dcpromo answer file: answer file for dcpromo : provides parameters for the dcpromo command and allows for an unattended customized setup of Microsoft Active Directory.

Network Configuration

checkNetwork.bat: collection of commands in a batch file, to collect and check network configuration : IP configuration, DNS, DHCP, WINS, ...
restoreNetwork.bat: collection of commands in a batch file, to restore a network configuration : IP configuration, DNS, DHCP, WINS, ...
checkDHCP.vbs: cleanup script : forces hosts with IP addresses within a given range to renew their addresses after significant changes to DHCP server configuration
Proxy Configuration: Dynamically, remotely assign proxy settings to your clients and manage it centralised

Active Directory configuration

After Active Directory has been set up and the network configuration checks out ok (in particular the DNS), the Active Directory needs to be populated with Organizational Units, User Accounts, Computer Accounts, Security Groups, and so on. We use scripts that take input from lists and text files so that the Active Directory can be easily reproduced, either for disaster recovery or when migrating to a new domain. Obviously, the scripts will populate the Active Directory in accordance with the design of the logical structure of the Active Directory.

createOU.bat: create a number of given Organizational Units
createUsers.bat: create user accounts and security groups, then make users member of global groups and global groups member of local groups across organizational units.
createComputers.bat: create computer accounts
configAD.bat: As all of the above scripts are needed to populate the active directory with Organizational units, security groups, user and computer accounts, etc., we can also create a batch file that runs these scripts in sequence.

manage files, directories, shares, and Access Control Lists

resetACL.bat: When moving data to a new domain, the data will probably have Access Control Lists (ACL) with accounts of the old domain. This script resets the ACL's to accounts in the new domain.
setShares.bat: (re-)create network shares on the domain file server
setUserShares.vbs: create shared folders for user home directories or roaming profiles for a batch of users, and set user-specific NTFS security

Creating a BaseLine computer

While all these scripts do many wonderful things for us, we might end up in the situation where in stead of clicking numerous 'next' buttons, we 're clicking numerous scripts to run them (or typing statement after statement at the prompt). That was how we intended it. Fortunately, there's something like batch files - they were originally intended to process numerous commands / programs as a batch - so we could easily create a batch file that runs all the scripts to create a standard workstation, or a standard server ...

baseline.bat.: sample (skeleton) batch file with a number of tricks such as : temporarily make users member of the local group administrators, and continue the script after a reboot

Patch Management

Obviously, patch management can be implemented with Software Update Server (SUS), but this requires client configuration through Active Directory. Some systems, such as Windows 98, can not be configured via Group Policy, and thus can not be configured to use SUS. So we need workarounds ...
And as SUS uses Internet Information Services and occupies tcp port 80, small organisations, typically with only 1 server, need to be aware that SUS may well interfere with their intranet ...

doPatching.vbs: Workaround : execute downloaded patches, security updates and service packs.
Software Update Server and Intranet Web Server on a single server: Running SUS, Outlook Web Access and an intranet website on a single (web)server

Software Setup

Unattended Setup: Scripts for unattended customized software installation
Automating Software Deployment: Handsfree software deployment based on scripts and Active Directory Group Policy Objects
Remote Sceduled Tasks: using At or SchTasks to schedule tasks and execute programs on remote computers - and how this can be used as for software deployment.

Scripts for setting up printers

The following scripts show how you can automate the installation of printers on a local machine (a workstation or a server), use TCP/IP printer ports, share printers on a server, and connect to and install shared printers on workstations. It includes setiing the 'default printer'

workstation oriented

Setup Local Printers: Scripts to install printer drivers and set up printer drivers, eg on a printer server (to be shared) or local to a workstation.
Setup Printers using TCP/IP ports: scripts to create standard TCP/IP ports and use them for local and network printers
Connect to and Install Shared Printers: scripts to connect to shared printers and install them on workstations. Includes setting a default printer.

server oriented

Setup Shared Printers: scripts to automatically share printers on a printer server

Publish Shared Printers in Active Directory: When a printer is shared in a Windows 2003 server, it is automatically published in Active Directory so that users can install it by browsing the directory. This also handles installation of drivers and takes care of elevating the user privileges to allow the installation. Printers connected to the network by sharing on an older Windows system or so, the same can be accomplished with this script to publish printers in Active Directory.

Scripting for Disaster Recovery

A standardized environment where system administration is quasi automatic and where systems are configured by means of scripts, can easily be reproduced. Disaster recovery will thus evolve around 'reproducing the environment by means of scripts'. However, as these scripts require input (from text files), a big part of the disaster recovery planning will be about producing these text files. That, too, can be automated : here are some scripts that collect information and present them in text files that can be used as input for the system administration scripts described earlier.

getOU: list organizational units by distinguished name, thus preserving the OU hierarchy
getUsers: list domain user accounts and the organizational units they belong to
enumerate group membership: enumerate users as members of groups, and groups as members of other groups
enumerate group membership: enumerate users as members of groups, and groups as members of other groups
enumerate network shared folders: enumerate shared folders on multiple servers

Windows 2003 Active Directory scripts

A new set of commands, available in Windows 2003 Server and Windows XP, makes it far more straightforward to query the Active Directory and create batch files to reproduce a given configuration. The following scripts make use of these commands to simplify Disaster Recovery by means of scripts.

getADconfig.bat: export organizational units, user accounts, computer accounts, security groups and group membership, etc. to text files