Posted by The Admin Arsenal Team on Mon, Jun 29, 2009
Photo by A.M. Kuchling
I'm happy today, as we've reached a milestone with Admin Arsenal 2.0 development. We've now got an Alpha build with all major features completed. This is good news for all of you waiting to be beta testers, since we've only got a handful of minor features and clean-up items before we can complete alpha testing and get it into your hands.
This new version is going to be a big one. We now have an honest to goodness report designer, job scheduling, and a new feature called "Rules" which we hope you'll really like. It will give you a birds-eye view of your systems and whether they comply with whatever policies you set. You'll be able to focus your time more on the computers needing attention and not worry about the healthy ones.
We hope that you will enjoy using it as much as we've enjoyed creating it.
Posted by Adam Ruth, Shane Corellian, and Shawn Anderson on Fri, Jun 26, 2009
OK, I am writing this on a Friday afternoon. I don't feel like starting a new project. I don't feel like working through my list of to-do's and, well, it's very obvious that I'm not the only person who feels like this today. But I'm at work, slightly bored and I have administrative rights on all of these computers. Sweet.
I think it's time to confuse the hordes of co-workers who are playing Solitaire. I'm gonna write a Monitor to watch for, and kill any running solitaire process.
Let's open up Admin Arsenal and select the Monitors button:
As you can see from the images above, I created a Monitor called Solitaire - Vista. I look for the executable called Solitaire.exe. Every 120 seconds Admin Arsenal (AA) will poll selected target systems and check to see if any process called Solitaire.exe is Running. If it detects the process running it will trigger two Actions that I have defined. The first will kill the process Solitaire and the other will send an email to me stating some information that about the event. If you notice in both Action examples I have called variables like {Process}. These variables can be select by pressing the 
button and selecting my desired variable.
After you define your Monitor, don't forget to add the targets. You can add individual machines or Collections or Active Directory OUs as targets. Since I'm bored, I'm going to select all Vista machines as targets.
Sit back and wait for various groans and grunts from other cubes.
*NOTE* For versions of Windows prior to Vista, the Solitaire exe is 'Sol.exe'
Posted by The Admin Arsenal Team on Wed, Jun 24, 2009
Path and Hash rules for previous versions of AppLocker were easier for users to subvert (path), or required additional maintenance with product upgrades (hash).
The enhanced AppLocker for Windows 7 allows another method: Publisher.
The publisher rule is based upon the digital signature of the application. Since the publisher will stay the same with subsequent releases (assuming they aren't purchased by another company) your rule should stand the test of time.
A fairly decent example of this is given by Microsoft.
Windows 7 is really turning out to be cool. Let's hope the air doesn't come out of the balloon too soon.
Posted by Adam Ruth, Shane Corellian, and Shawn Anderson on Mon, Jun 22, 2009
Dynamic Collections are an extremely simple, yet powerful, tool that can be used to breakdown your environment into logical groupings. For instance, you can have a Collection that specifies that all member computers must have Symantec Antivirus installed, or must have at least 2 GB of RAM.
There are two tools within Admin Arsenal that you can use to help you be more effective with your Collections. The first is the Export / Import command.
Export / Import allows you to either share or receive Collections that have been previously defined, perhaps by another Administrator. If you have defined a great Collection go ahead and export it and offer it to other AA Administrators. This can save duplication of effort plus you can look like a bad ass.
To export a Collection (or a Collection Folder) go to Admin Arsenal, right click on a Collection and select Export...
An XML file will be created. You or any other AA Administrator can take that XML file and import it into another AA console.
In a nutshell, the Export command allows you to save or share the collection DEFINITION. If you want to export or extract the Collection data (such as member computers, etc.), then you will need to use a different command altogether.
With a Collection highlighted, simply go to your Computer menu and select Save Computers As...
Enter the name of your file and hit Save. You can now import this data into Excel or Lotus 123 or another reporting tool.
Posted by The Admin Arsenal Team on Fri, Jun 19, 2009
Mary-Jo Foley from ZDNet writes in a June 18, 2009 article that Microsoft has announced that downgrades for new PC purchases following Windows 7 shipping will be limited to 18 months or Windows 7 SP1, whichever comes first.
"On June 17, however, Microsoft officials told Computerworld that the downgrade period during which users will be allowed to move from Windows 7 to XP is going to end, at the latest, in April 2011, which is 18 months after the October 22, 2009 general availability date for Windows 7."
According to Foley, Microsoft is stating the if/when a service pack is released bit. I wish that they wouldn't do that. No one who walks erect, doesn't drool, and has an IQ above room temperature believes that a major application will never require security or other enhancements, either by patch, service pack, or point upgrade. (Microsoft should realize that there are people out there who believe that service packs are a sign of weakness. Just remember that none of these people happen to be vendors for an application that sells billions of licenses.)
In a way I can see the push to get folks off of XP. It's an old system and Microsoft is on borrowed time now with all the hardware and software vendors who still support that OS. I don't think that Redmond is bluffing on this. They've placed a huge bet on Windows 7 and they can't afford mass numbers of users waxing nostalgic.
Still, it'll be interesting to see how the public reacts. Based on my observations of Windows 7 this will be an easier pill for people to swallow.
Posted by The Admin Arsenal Team on Wed, Jun 17, 2009
I was happy to learn that Microsoft did indeed hear the screaming & lamenting from their Vista users on the all-or-none implementation of UAC. In fact, not only has Microsoft learned from this experience but they've also added some really cool features.
First comes the ability to make some changes as a standard user, including improving the readability of the screen without making the change to the entire system. Plus, the changes are easier for non-IT users, simply increasing the size of the screen by a percentage rather than delving into a discussion of screen resolution.
This may seem a trivial issue, but anything that lessons the calls to a Help Desk IT administrator is a good thing.
The "user in control" motto for Microsoft is paying off.
P.S. Interestingly I learned that Microsoft's use of UAC was as much for developers as it was for users. According to Mark Russinovich, too many developers were writing code which either required or assumed that the user would be running with admin rights. The UAC therefore hopefully poked and prodded the developers to scrutinize their code to determine if elevated rights were indeed a necessity.
Posted by Adam Ruth, Shane Corellian, and Shawn Anderson on Mon, Jun 15, 2009
It's important to know which of your computers don't have the latest Windows Service Packs. I'm going to show you a quick way to find this out using the inventory in Admin Arsenal.
Our goal is to create a collection for each operating system, and then roll them up into one collection folder which will give a birds-eye view of all the missing service packs. In the end, you should have collections that look like this:
The first step is to create a collection folder. Once you have the folder, right click on it and select Any Children under Collection Folder Rollup. This will show all of the computers that appear in any of the child collections we create.
Below this collection folder, create a dynamic collection for each operating system. Each collection will need two filters, one for the operating system and one for the service pack. For example, the XP collection looks like:
Once you're done, all you need to do is select the top folder to see all of your computers which are out of date. Collections are "live" in that when computers get re-scanned, the members of the collection will be updated automatically.
You can tweak any of the collections to meet your needs. You may have, for example, some computers which cannot or should not be updated. You could then add filters to the appropriate collections to keep them from showing up.
To save you time, I've exported the collections used in in the example (out-of-date-service-packs.xml) Import them and use them to your heart's content.
Posted by The Admin Arsenal Team on Fri, Jun 12, 2009
Photo by accent on eclectic
Sometimes when browsing I see that a particular site is down (this is especially discouraging when the site happens to be my own.) My first question is always the same: Is it just me or is everyone seeing this?
While perusing Server Fault I came across a question on website monitoring. One of the answers introduced me to DownForEveryoneOrJustMe.com. It is JUST what I have been looking for.
DownForEveryone... is the brainchild of Alex Payne. He discussed his website with Eric Krapf of No Jitter. Here is how he explained his website to Eric.
The site is as dead-simple as it gets: it makes an HTTP HEAD request to the root ("/") of the user-provided domain. If I get a response code in the 200/300 series, I assume the site is up. If I get a 500 or a timeout, I assume the site is down.
Obviously this is good for the quick check when you see that something is down. For a more proactive approach to website monitoring you'll want to look at another solution. There are a ton of hosted website monitoring apps, or if you have several thousand bucks that you don't know what to do with you can always check out HP SiteScope(formerly Mercury).
But for a quick little tool that can keep you from calling your IT guy or your friends, downforeveryone... is just what you need.
Posted by Adam Ruth, Shane Corellian, and Shawn Anderson on Wed, Jun 10, 2009
Some customers have asked us how to move the database used by Admin Arsenal. By default the 1.4 database is stored in the APPDATA\Brisworks\Admin Arsenal directory. (e.g. C:\Documents and Settings\Joe.Bob\Application Data\Brisworks\Admin Arsenal).
If you would like to move the database location the first thing to do is stop the Admin Arsenal Arsenal Background service (if you have enabled it).
From the Admin Arsenal menu on the main window, select Move Database… then push the Move Database button. Select your new location and click Save. The database will be moved to your new location.
A few things to consider: If you have a lot of monitors defined, it would be a good idea to disable them. Obviously you will want to RE-ENABLE the monitors after the move is successful. Also, if you use the Admin Arsenal Background service you will want to restart it after the move.
Posted by The Admin Arsenal Team on Mon, Jun 08, 2009
October 2 is the hoped for GA date for Windows 7. Will you be an early user?
There are many new features in Windows 7. Take a moment to get some info on the new Problem Steps Recorder feature. It'll be interesting to see if sysadmins run with this new tool.
We're still testing our product, Admin Arsenal, for full Windows 7 compatibility. We tested the guts out of Vista and it paid off for a few of our clients who ended up being early adopters. We're seeing a number of clients who have stuck with XP putting a lot of hope into 7.
This is definitely an OS you need to be ready to support.
Posted by The Admin Arsenal Team on Fri, Jun 05, 2009
I love product bullet comparisons, I love them so much that I decided to create one that I've been asked to provide on a number of occasions1. Of course, that is between Admin Arsenal and Apple iTunes. I am biased, though, since I wrote one of them2, so you should search the web for other Admin Arsenal/iTunes comparisons if you want the unvarnished truth3.
| Feature | Admin Arsenal | iTunes |
|---|
| Automatic Software/Hardware Inventory | Yes | No |
| Performance Counter Monitoring | Yes | No |
| Runs on Windows | Yes | Yes |
| Runs on OS X | No | Yes |
| Runs on BeOS | No | No |
| Dynamic Collections | Yes | Yes |
| Integrates with Active Directory | Yes | No |
| Plays MP3s | No4 | Yes |
| Remote Software Deployment | Yes | No |
| Compatible with Microsoft Zune | No | No |
| Comes in 5 Delicious Flavors | No | No |
| Comes in 4 Delicious Flavors? | No | No |
| 3 Flavors? | No! No Flavors! | Yes |
| Heartbeat Process | Yes | Yes5 |
| Free | (I told you not to ask that) | Yes |
I think it's quite clear which product is better.
-------
1 That number being zero.
2 Guess which one...
3 I find the truth works much better with a light oil, but that's a subject for a different bullet comparison.
4 Available in version 32.8 (April 1, 2049, 4:32 PM GMT)
5 Requires optional PacemakerTM iPodTM
Posted by The Admin Arsenal Team on Wed, Jun 03, 2009
Last week Shane was a guest blogger for Standalone Sysadmin. He took the opportunity to discuss various methods of software deployment available to Windows admins. Thanks to Matt Simmons for making it possible.
Here it is in all of its glory.
Posted by The Admin Arsenal Team on Wed, Jun 03, 2009
Since I really like the SysAdmin Network I was excited for Server Fault to go to beta. Now I'm hooked.
It's an easy-to-read layout of questions ranging from Mac OS X (which I use) to Windows (where I make my money) to Unix (where I got my start). Its range is as wide as the industry in which we work.
In their own words, here is what Server Fault is all about:
"What's so special about this? Well, nothing, really. It’s a Q&A website for system administrators and IT professionals. The only unusual thing we do is synthesize aspects of Wikis, Blogs, Forums, and Digg/Reddit in a way that is somewhat original. Or at least we think so."
If you're not a member of Server Fault, I highly suggest becoming one. It's a great resource for getting answers from those who really know their stuff. I'm seriously considering placing their logo and link on our purchase receipts so that our customers (Admin Arsenal is a tool for sys admins) will also know where to go.
Posted by The Admin Arsenal Team on Mon, Jun 01, 2009
Photo by timsamoff
Don't you get a kick out of looking at old scripts that you've built? I've been going through some fossils. I'm pretty sure that some Carbon-14 (14C) testing is needed to date some of these scripts. While some scripts will never be used again, some are still relevant and useful.
I remember that Adam and I were asked to report (via Tivoli Inventory) which computers had CAC (or SmartCard) Readers. This information wasn't available "out of the box" in Tivoli so we wrote a custom Inventory scanner. I've kept the MIF creation logic (see, doesn't MIF take you back?) for giggles. I still use Devcon.exe(which is referenced in the script).
#!/usr/bin/perl
############################################################################
#
# This script will scan and collect information about SmartCard Readers
# This script depends on devcon.exe (which is freely available)
#
# SPC - 25 March 2005 - Original Script written
############################################################################
use Win32;
$dev='device';
$status='status';
sub main {
chkver();
wrtmif();
rundevcon();
closemif();
}
sub chkver {
#Devcon cannot run on NT 4.0 systems. Exclude all NT 4.0 from executing.
($string, $major, $minor, $build, $id) = Win32::GetOSVersion();
print "Major = $major\n";
if ($major == 4) {
print "This script will not run on Windows NT Version $major\n";
exit
}
}
sub wrtmif {
#write scardrdr.mif file
$cMif="scardrdr.mif";
open(FILE,">$cMif") || die "Could not open MIF file";
print (FILE "START COMPONENT\n");
print (FILE "\tNAME = \"SCARDRDR.MIF\"\n");
print (FILE "\tDESCRIPTION = \"Smart Card Readers installed on System\"\n");
print (FILE "\tSTART GROUP\n");
print (FILE "\t\tNAME = \"ESM_SMART_CARD_READERS\"\n");
print (FILE "\t\tID = 1\n");
print (FILE "\t\tCLASS = \"ESM_SMART_CARD_READERS|1\"\n");
print (FILE "\t\tSTART ATTRIBUTE\n");
print (FILE "\t\t\tNAME = \"HWID\"\n");
print (FILE "\t\t\tID = 1\n");
print (FILE "\t\t\tACCESS = READ-ONLY\n");
print (FILE "\t\t\tTYPE = STRING(255)\n");
print (FILE "\t\t\tVALUE = \"\"\n");
print (FILE "\t\tEND ATTRIBUTE\n");
print (FILE "\t\tSTART ATTRIBUTE\n");
print (FILE "\t\t\tNAME = \"Device\"\n");
print (FILE "\t\t\tID = 2\n");
print (FILE "\t\t\tACCESS = READ-ONLY\n");
print (FILE "\t\t\tTYPE = STRING(255)\n");
print (FILE "\t\t\tVALUE = \"\"\n");
print (FILE "\t\tEND ATTRIBUTE\n");
print (FILE "\t\tSTART ATTRIBUTE\n");
print (FILE "\t\t\tNAME = \"STATUS\"\n");
print (FILE "\t\t\tID = 3\n");
print (FILE "\t\t\tACCESS = READ-ONLY\n");
print (FILE "\t\t\tTYPE = STRING(512)\n");
print (FILE "\t\t\tVALUE = \"\"\n");
print (FILE "\t\tEND ATTRIBUTE\n");
print (FILE "\t\tKEY = 1\n");
print (FILE "\tEND GROUP\n");
print (FILE "\tSTART TABLE\n");
print (FILE "\t\tNAME = \"SCARDRDR.MIF\"\n");
print (FILE "\t\tID = 1\n");
print (FILE "\t\tCLASS = \"ESM_SMART_CARD_READERS|1\"\n");
}
sub rundevcon {
#run Devcon and grab all info regarding CAC Readers
@dev = `devcon.exe status =SmartCardReader`;
$grabDev = 1;
$readName = 0;
$noDev = 1;
foreach $line (@dev) {
$line =~ s/^\s+//;
$line =~ s/\s+$//;
if ($grabDev) {
chomp $line;
$hwid=$line;
print "HW ID = $hwid\n";
$grabDev='';
}
if ($readName) {
print 'readname is running';
chomp $line;
$status=$line;
add2mif();
$readName='';
$noDev=0;
$grabDev = 1;
}
if ($line =~ /^Name: (.+)/) {
$dev=$1;
print "Device Name is: $dev\n";
$readName = 1;
}
}
if ($noDev) {
$hwid='0000';
$dev='No Devices Found';
$status='DISABLED';
add2mif();
}
}
sub add2mif {
#add data content to scardrdr.mif file
print (FILE "\t\t\t{\"$hwid\",\"$dev\",\"$status\"}\n");
}
sub closemif {
#finish writing mif file
print (FILE "\tEND TABLE\n");
print (FILE "END COMPONENT\n");
close (FILE);
}
main();
I guess Mom was wrong when she said "if you haven't used it in six months, throw it away". I always did hate cleaning out the attic.