Tag Archives: Batch

Administration Automation Part 1:

Every company has there build specs, their dummy accounts, after installation software and other internal doo dad’s they feel are vital to the build. Even with imaging you can never guarantee its all done right so i always prefer to script the end of install just to make sure its clean, fresh and right each time a system comes off the build line.

Heres a few pointers i threw together to get your “post build” script in order starting with dummy accounts, passwords and user memberships.

Renaming the administrators account (admrename.vbs):

strComputer = “.”
Set wshShell = WScript.CreateObject( “WScript.Shell” )
strComputerName = wshShell.ExpandEnvironmentStrings( “%COMPUTERNAME%” )

Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

Set objWMIService = GetObject(“winmgmts:” & strComputer & “rootcimv2″)
Set colAccounts = objWMIService.ExecQuery _
(“Select * From Win32_UserAccount Where LocalAccount = True And Name = ‘Administrator'”)

For Each objAccount in colAccounts
objAccount.Rename “ADM” & strComputerName

The above script will rename the Administrator account to ADMcomputername, it can easily be changed to a static name deleting the & strComputerName and adding the full name in the “” ‘s.

Creating a local account using the command line (batch):

net user patchacc passw0rd /add /comment:”Patch account” /fullname:”windows Patch account” /active:yes /passwordchg:no /passwordreq:yes

the above script will create a username (patchacc) with password (passw0rd), the account will also be enabled.

Add an account to the local administrators(batch):

net localgroup /add administrators patchacc

The above command adds the username patchacc to the local group administrators, you can use the above command to add a domain account using net localgroup /add administrators domainusername.

Setting a password to never expire (pwd.vbs):

Set objUser = GetObject(“WinNT://” & strcomputer & “/username“)
objPasswordNoChangeFlag = objUser.UserFlags XOR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put “userFlags”, objPasswordNoChangeFlag
objUser.SetInfo

The above scriptlet will simply set the password to the “username” account to never expire, dont try to do it with net user, it doesnt work… ever.

Creating a dummy administrator account:

net user Administrator Notreal123 /add /comment:”Bogus Admin Account” /fullname:”Bogus Admin Account” /active:no /passwordchg:no /passwordreq:yes

The above script will create a disabled user called administrator (rename the current administrator first), with password of Notreal123.

After the jump is an example of how to tie them all into one super script and the source files.

http://www.4shared.com/file/64993533/ef9ff324/users.html

Continue reading

Deleting Files older than X, Forfiles.exe.

As part of my recent Citrix cleanup i found the need to clear down an applications log files folder, this folder existed in the program files directory and was eating up gb’s of space with useless logs. The only difference between these files and standard logs was that sometimes recovery was neccessary so it was agreed that a 7 day retention would be kept.

With the 7 day retention it made it slightly more complicated to batch, but with a little searching and trial/error i present to you forfiles. As far as I’m aware this program comes with server 2003 tools, but could be wrong. a bit of googling will find you a copy.

Forfiles allows you to execute individual commands for files that meet certain criteria, in my case it was the Date index. Not only this but it allows for & commands… excellent little batch tool!

forfiles -d -8 -c “cmd /c echo Deleted: @file @fdate >> %apath% & del @file”

Once i had decided it was forfiles i was going to use, i had a few options. but seeing as this tool was not on all servers, and i wanted to log it centrally with the least ammount of logging, i chose to run it from central.

Below is a step by step of what i did.

@echo off
set apath=c:avyaclean.log
echo. >> %apath%
echo.Time Starting: %time% >> %apath%
Pushd Servernamec$Program Filesapplogs
forfiles -d -8 -c “cmd /c echo Deleted: @file @fdate >> %apath% & del @file”
echo. >> %apath%
echo. Finished @ %time% >> %apath%
popd
EXIT

The meat of this statement is here: forfiles -d -8 -c “cmd /c echo Deleted: @file @fdate >> %apath% & del @file”. this basically says, any files older than 8 days (modified, not created date) run a command prompt that echos the file name and modify date to a text file specified & delete the file.

You can do this on as many servers as you like, just change the servername and copy and paste :)