# deploy-cond_portforward.ps1
# a stand-alone script that deploys the port-forward to a list of target computers
# v1.0 - 2024-10-08 s.t. - initial release
# EDIT THIS - create a temporary list of all computer on which we want to deploy
$complstfileToAdd = @'
AH00001
RA00003
BM0001-W10
'@
Set-Content "$env:TEMP\comps.txt" $complstfileToAdd
# create the .ps1 file that will execute the portforward - this file must be tailored to each host after deployment
$psfileToAdd = @'
# condprtforward.ps1
# a powershell script to check the portforwading on iBox and re-add if not present
# To be run by powershell from Task Scheduler */10min with SYSTEM rights and arguments "-noprofile -executionpolicy bypass -file C:\WINDOWS\cond_portfwd.ps1"
# Version 1.0 - 2024 s.t.
# EDIT THIS - define IP and ports
$lclip = "127.0.0.1"
$lclport = "65535"
$2ndlclprt = ""
$rmtip = "127.0.0.2"
$rmtport = "65535"
$2ndrmtprt = ""
# check if run with admin rights
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
{
$arguments = "& '" +$myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
#test if the portforward is already active
if (Test-NetConnection $lclip -Port $lclport -WarningAction SilentlyContinue -InformationLevel Quiet) {
Write-Host "got_response, $lclport is open"
} else {
#add rules
Write-Host "add_rules $lclip : $lclport $rmtip : $rmtport"
netsh interface portproxy reset
netsh advfirewall firewall add rule name="PortProxy Custom 1" dir=in action=allow protocol=TCP localport=$lclport
netsh interface portproxy add v4tov4 listenport=$lclport listenaddress=$lclip connectport=$rmtport connectaddress=$rmtip
if($2ndrmtprt) {
Write-Host "2nd port is defined, adding 2nd rule"
netsh advfirewall firewall add rule name="PortProxy Custom 2" dir=in action=allow protocol=TCP localport=$2ndlclprt
netsh interface portproxy add v4tov4 listenport=$2ndlclprt listenaddress=$lclip connectport=$2ndrmtport connectaddress=$rmtip
}
}
##Write-Host "end"
##Start-Sleep 5
'@
Set-Content "$env:TEMP\cond_portfwd.ps1" $psfileToAdd
# create the scheduled task .xml file that will be "imported" in order to create the task
$xmlfileToAdd = @'
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2024-10-08T00:00:00.0000000</Date>
<Author>Administrator</Author>
<Description>Launch and maintain Port Forward</Description>
<URI>\PortForward</URI>
</RegistrationInfo>
<Triggers>
<BootTrigger>
<Repetition>
<Interval>PT10M</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<Enabled>true</Enabled>
</BootTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Command>
<Arguments>-noprofile -executionpolicy bypass -file C:\WINDOWS\cond_portfwd.ps1</Arguments>
</Exec>
</Actions>
</Task>
'@
Set-Content "$env:TEMP\PortForward.xml" $xmlfileToAdd
# start the deployment. first ask for some admin credentials valid on targets
$cred = Get-Credential -Message "Please enter admin credentials valid on target computers";
if($cred -isnot [PSCredential]) {Write-Host -ForegroundColor Red -BackgroundColor DarkBlue "No valid credentials provided. Exiting!" ; exit 1}
# copy the files to each target computer. no need to see the errors, we have our own errorreporting
$ErrorActionPreference= 'silentlycontinue'
foreach($line in Get-Content $env:TEMP\comps.txt) {
Write-Host -ForegroundColor Gray "`nStart running on $line"
$comp = New-PSSession -Credential $cred $line
if ($?) { Write-Host -ForegroundColor Green "Session to $comp established" }else{ Write-Host -ForegroundColor Red "Unable to connect to $line" }
Copy-Item -ToSession $comp $env:TEMP\cond_portfwd.ps1 -Destination C:\WINDOWS\cond_portfwd.ps1 -Force
if ($?) { Write-Host -ForegroundColor Green ".ps1 file copied" }else{ Write-Host -ForegroundColor Red ".ps1 file NOT copied on $line" }
Copy-Item -ToSession $comp "$env:TEMP\PortForward.xml" -Destination "C:\WINDOWS\TEMP\PortForward.xml" -Force
if ($?) { Write-Host -ForegroundColor Green ".xml file copied" }else{ Write-Host -ForegroundColor Red ".xml file NOT copied on $line" }
# create the scheduled task from the .xml file
Invoke-Command -ComputerName $line -Credential $cred { $Task = Get-Content "C:\WINDOWS\TEMP\PortForward.xml" -raw ; Register-ScheduledTask -Xml $Task -TaskName 'PortForward' -User SYSTEM -Force }
if ($?) { Write-Host -ForegroundColor Green "Scheduledtask created"}else{ Write-Host -ForegroundColor Red "Scheduledtask NOT created on $line" }
}
# local cleanup
Remove-Item "$env:TEMP\comps.txt"
Remove-Item "$env:TEMP\PortForward.xml"
Remove-Item "$env:TEMP\cond_portfwd.ps1"
# reminder
Write-Host -ForegroundColor Yellow -BackgroundColor DarkBlue "`nOn each of the target computers please edit C:\WINDOWS\cond_portfwd.ps1"
exit
In the void is virtue, and no evil. Wisdom has existance, principle has existance, the Way has existance, spirit is nothingness.
Search This Blog
Showing posts with label CMD. Show all posts
Showing posts with label CMD. Show all posts
Friday, January 03, 2025
Deploy port forward script on multiple computers
Saturday, February 03, 2024
backup cmd
:: *** SYNC DATA - Copy one way v3.6 ***
@echo off
title BACKUP in progress
SETLOCAL ENABLEDELAYEDEXPANSION
if not defined is_min set is_min=1 && start "" /min "%~dpnx0" %* && goto end
echo.
if not "%~1" == "" (set source=%~1)
if not "%~2" == "" (set destination=%~2)
if not "%~3" == "" (set rcptto=%~3) else (echo USAGE: %~0 "source" "destination" "mail@dom.tld; mail2@dom.tld" "mail.server(optional)" && goto end)
if not "%~4" == "" (set smtpsrv=%~4) else (set smtpsrv="smtp.dom.tld")
set mailfrom="%COMPUTERNAME%@%USERDNSDOMAIN%"
set emailer=%temp%\email_%random%.vbs
set logfile=%temp%\copy_report_%random%.log
:: *** Copy ***
echo > %logfile% %date% %time% *** STARTING COPY ***
robocopy %source% %destination% /E /FP /TS /XO /FFT /COPY:D /R:3 /W:5 /IPG:25 /X /V /NP /LOG:%logfile%
set erlvl=%ERRORLEVEL%
if %erlvl% EQU 16 echo >> %logfile% %date% %time% *** !!! FATAL ERROR - NOTHING COPIED !!! *** && set err=yes
if %erlvl% EQU 15 echo >> %logfile% %date% %time% * FAIL + MISMATCHES + XTRA + OKCOPY * && set err=yes
if %erlvl% EQU 14 echo >> %logfile% %date% %time% * FAIL + MISMATCHES + XTRA * && set err=yes
if %erlvl% EQU 13 echo >> %logfile% %date% %time% * FAIL + MISMATCHES + OKCOPY * && set err=yes
if %erlvl% EQU 12 echo >> %logfile% %date% %time% * FAIL + MISMATCHES * && set err=yes
if %erlvl% EQU 11 echo >> %logfile% %date% %time% * FAIL + XTRA + OKCOPY * && set err=yes
if %erlvl% EQU 10 echo >> %logfile% %date% %time% * FAIL + XTRA * && set err=yes
if %erlvl% EQU 9 echo >> %logfile% %date% %time% * FAIL + OKCOPY * && set err=yes
if %erlvl% EQU 8 echo >> %logfile% %date% %time% * FAIL * && set err=yes
if %erlvl% EQU 7 echo >> %logfile% %date% %time% * MISMATCHES + OKCOPY + XTRA *
if %erlvl% EQU 6 echo >> %logfile% %date% %time% * MISMATCHES + XTRA *
if %erlvl% EQU 5 echo >> %logfile% %date% %time% * MISMATCHES + OKCOPY *
if %erlvl% EQU 4 echo >> %logfile% %date% %time% * MISMATCHES *
if %erlvl% EQU 3 echo >> %logfile% %date% %time% * OKCOPY + XTRA *
if %erlvl% EQU 2 echo >> %logfile% %date% %time% * XTRA *
if %erlvl% EQU 1 echo >> %logfile% %date% %time% * OKCOPY *
if %erlvl% EQU 0 echo >> %logfile% %date% %time% * NO CHANGES / NOCOPY *
:: *** Delete files & folder older than 365 days ****
::forfiles /p %destination% /s /m *.* /c "cmd /c del @path" /d -365
::for /f "tokens=*" %d in ('dir %destination% /ad/b/s ^| sort /R') do rd "%d"
::echo Files older than 365 days deleted
:: *** Send Email ***
echo Set objNet = CreateObject("WScript.Network") >%emailer%
echo strHostName = objNet.ComputerName >>%emailer%
echo Set email = CreateObject("CDO.Message") >>%emailer%
if "%err%"=="" echo email.Subject = strHostName ^& " - Backup Report" >>%emailer%
if "%err%"=="yes" echo email.Subject = strHostName ^& " - FAILED Backup Report" >>%emailer%
echo email.From = %mailfrom% >>%emailer%
echo email.To = "%rcptto%" >>%emailer%
if "%err%"=="" echo email.TextBody = "Copy completed as %username% on " ^& strHostName ^& ". Please check the attached report" >>%emailer%
if "%err%"=="yes" echo email.TextBody = "Copy as %username% has FAILED on " ^& strHostName ^& ". Please check the attached report" >>%emailer%
echo email.AddAttachment "%logfile%" >>%emailer%
echo email.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusername")="UserName" >>%emailer%
echo email.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword")="PassWord" >>%emailer%
echo email.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing")=2 >>%emailer%
echo email.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver")=%smtpsrv% >>%emailer%
echo email.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport")=25 >>%emailer%
echo email.Configuration.Fields.Update >>%emailer%
echo email.Send >>%emailer%
echo set email = Nothing >>%emailer%
start %emailer%
timeout 1 >nul /nobreak && del /q %emailer%
timeout 1 >nul /nobreak && del /q %logfile%
:end
ENDLOCAL
title
exit /B
Tuesday, September 05, 2017
Deploy .pfx cert embedded in script (a sort of 'cat << EOF' for windows)
@echo off
::
::
:: In order to prepare the certificate please run
:: 'certutil -encode the_pfx_cert base_64_cert`
:: then paste the base_64_cert in the section below
:: Please note that the certificate password has to be given as start paramater to this script!
:: (eq: "cert-inst.bat S3cr3tPassw0rd")
:: If the cert was already installed, exit
REG QUERY HKCU\SOFTWARE\neXt /v CertInstalled
If %errorlevel%==0 goto :eof
:: define the temp name of the extracted cert
set extractedfile=%temp%\extract-%random%.txt
:: set the password needed to decode the cert
set certpasswd=%~1
:: separate the cert from this script
call:extractembedded embeddedfile %extractedfile%
:: process the extracted file
certutil -decode %extractedfile% %extractedfile%.pfx
certutil -f -user -p %certpasswd% -importpfx %extractedfile%.pfx
:: clean-up
::del %extractedfile% %extractedfile%.pfx
:: leave a trace in the registry, so the cert will not be installed again and again
REG ADD HKCU\SOFTWARE\neXt /v CertInstalled /t REG_DWORD /d 1
:: clean exit
exit /b
:: begin of the embed cert & extraction procedure
:: After the next line, please paste the "base_64_cert" created by certutil -encode
goto:embeddedfile
-----BEGIN CERTIFICATE-----
MIIMngIBAzCCDGQGCSqG
[...]
k05EzAQIFXJaGHOuxZcCAggA
-----END CERTIFICATE-----
:embeddedfile
:: before the previous line you can find the end of the "base_64_cert"
:: cert extraction procedure
:extractembedded
setlocal EnableDelayedExpansion
set embedbegin=goto:%~1
set embedend=:%~1
set embedcert=%~2
if exist %embedcert% del %embedcert%
set tmprndfile=%temp%\%random%.%random%
findstr /n ^^ "%~f0" > %tmprndfile%
call :seekembed < %tmprndfile%
del %tmprndfile%
exit /B
:seekembed
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostart
set oneline=!oneline:*:=!
if not !oneline! == %embedbegin% goto seekembed
:getline
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostop
set oneline=!oneline:*:=!
if !oneline! == %embedend% goto :eof
echo/!oneline!>> %embedcert%
goto getline
:nostart
echo Error finding start delimiter %embedbegin%
goto :eof
:nostop
echo Error finding stop delimiter %embedend%
goto :eof
::
::
:: In order to prepare the certificate please run
:: 'certutil -encode the_pfx_cert base_64_cert`
:: then paste the base_64_cert in the section below
:: Please note that the certificate password has to be given as start paramater to this script!
:: (eq: "cert-inst.bat S3cr3tPassw0rd")
:: If the cert was already installed, exit
REG QUERY HKCU\SOFTWARE\neXt /v CertInstalled
If %errorlevel%==0 goto :eof
:: define the temp name of the extracted cert
set extractedfile=%temp%\extract-%random%.txt
:: set the password needed to decode the cert
set certpasswd=%~1
:: separate the cert from this script
call:extractembedded embeddedfile %extractedfile%
:: process the extracted file
certutil -decode %extractedfile% %extractedfile%.pfx
certutil -f -user -p %certpasswd% -importpfx %extractedfile%.pfx
:: clean-up
::del %extractedfile% %extractedfile%.pfx
:: leave a trace in the registry, so the cert will not be installed again and again
REG ADD HKCU\SOFTWARE\neXt /v CertInstalled /t REG_DWORD /d 1
:: clean exit
exit /b
:: begin of the embed cert & extraction procedure
:: After the next line, please paste the "base_64_cert" created by certutil -encode
goto:embeddedfile
-----BEGIN CERTIFICATE-----
MIIMngIBAzCCDGQGCSqG
[...]
k05EzAQIFXJaGHOuxZcCAggA
-----END CERTIFICATE-----
:embeddedfile
:: before the previous line you can find the end of the "base_64_cert"
:: cert extraction procedure
:extractembedded
setlocal EnableDelayedExpansion
set embedbegin=goto:%~1
set embedend=:%~1
set embedcert=%~2
if exist %embedcert% del %embedcert%
set tmprndfile=%temp%\%random%.%random%
findstr /n ^^ "%~f0" > %tmprndfile%
call :seekembed < %tmprndfile%
del %tmprndfile%
exit /B
:seekembed
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostart
set oneline=!oneline:*:=!
if not !oneline! == %embedbegin% goto seekembed
:getline
set oneline=:eof
set /P oneline=
if !oneline! == :eof goto nostop
set oneline=!oneline:*:=!
if !oneline! == %embedend% goto :eof
echo/!oneline!>> %embedcert%
goto getline
:nostart
echo Error finding start delimiter %embedbegin%
goto :eof
:nostop
echo Error finding stop delimiter %embedend%
goto :eof
Thursday, September 01, 2016
CMD tmpwatch / logwatch
@echo off
:: (c)2015 s@toXX.guru
set watchdir="C:\Program Files\Research In Motion\BlackBerry Enterprise Server\logs"
:: remove older files
forfiles /p %watchdir% /s /m *.* /c "cmd /c Del @path" /d -30
:: remove empty folders !!! cd on a different drive first, if that's the case !!!
:: D:\
cd %watchdir%
for /f "tokens=*" %d in ('dir /ad/b/s ^| sort /R') do rd "%d"
Shorter version:
forfiles /p [PATH] /s /m [FILE-PATTERN] /D -[MM/DD/yyyy] /c "cmd /c del @path"
for /f "delims=" %%d in ('dir [PATH] /s /b /ad ^| sort /r') do rd "%%d"
Wednesday, June 01, 2016
kill dial-up if a program runs for more than 15 min or it doesn`t run at all
@echo off
:: (c)2015 sorin@toXX.guru
setlocal
:: echo Checking if EDI (Gedi_dsk.exe) runs for more than 15 min and disconect if true
for /F "tokens=1" %%t in ('tasklist /FO TABLE /FI "CPUTIME gt 00:15:00" /FI "IMAGENAME eq Gedi_dsk.exe"') do (
if "%%t" == "Gedi_dsk.exe" (rasdial /disconnect >NUL )
)
::the same result can be obtained using pslist:
::for /F "tokens=11 delims=: " %%f in ('"pslist Gedi_dsk 2>NUL"') do (
::if %%f geq 15 ( rasdial /disconnect >NUL )
::)
:: echo if EDI is not started wait a few seconds try again, then disconnect if it is still not there
for /F "tokens=1" %%t in ('tasklist /FI "IMAGENAME eq Gedi_dsk.exe" 2>NUL') do (
if NOT "%%t" == "Gedi_dsk.exe" (
:: echo program not running wait a few seconds and check again
ping -n 5 -w 1000 1.1.1.1 >NUL
for /F "tokens=1" %%t in ('tasklist /FI "IMAGENAME eq Gedi_dsk.exe" 2>NUL do (
if NOT "%%t" == "Gedi_dsk.exe" ( rasdial /disconnect >NUL )
)
)
)
endlocal
:: (c)2015 sorin@toXX.guru
setlocal
:: echo Checking if EDI (Gedi_dsk.exe) runs for more than 15 min and disconect if true
for /F "tokens=1" %%t in ('tasklist /FO TABLE /FI "CPUTIME gt 00:15:00" /FI "IMAGENAME eq Gedi_dsk.exe"') do (
if "%%t" == "Gedi_dsk.exe" (rasdial /disconnect >NUL )
)
::the same result can be obtained using pslist:
::for /F "tokens=11 delims=: " %%f in ('"pslist Gedi_dsk 2>NUL"') do (
::if %%f geq 15 ( rasdial /disconnect >NUL )
::)
:: echo if EDI is not started wait a few seconds try again, then disconnect if it is still not there
for /F "tokens=1" %%t in ('tasklist /FI "IMAGENAME eq Gedi_dsk.exe" 2>NUL') do (
if NOT "%%t" == "Gedi_dsk.exe" (
:: echo program not running wait a few seconds and check again
ping -n 5 -w 1000 1.1.1.1 >NUL
for /F "tokens=1" %%t in ('tasklist /FI "IMAGENAME eq Gedi_dsk.exe" 2>NUL do (
if NOT "%%t" == "Gedi_dsk.exe" ( rasdial /disconnect >NUL )
)
)
)
endlocal
Wednesday, September 02, 2015
Map remote printer
map a local printer to TS session when "bring local printers to TS" fails miserably and start the App only after the printer is available
@echo off
setlocal enableextensions enabledelayedexpansion
set result=0
ser printer=oj100
Title Adding Printer. Be patient...
echo Adding printer. Do not start App yet...
ping -n 2 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe 2>nul
%userprofile%\delprint.vbs
ping -n 2 1.1.1.1 >nul 2>nul
echo Please wait. Starting Installation...
echo ..
for /F "tokens=2 delims=/: " %%f in ('%userprofile%\gettscip.exe') do (
echo Your IP is: %%f
:loop
net use \\%%f\ipc$ /d /y >nul 2>nul
ping -n 1 1.1.1.1 >nul 2>nul
net use \\%%f\ipc$ && set result=1
echo Result: !result!
if not !result! equ 1 goto :loop
Echo Add printer. This is going to take up to 5 minutes, be patient...
rundll32 printui.dll,PrintUIEntry /in /n "\\%%f\!printer!" /u /q /Gw
echo Setting default printer...
echo.
rundll32 printui.dll,PrintUIEntry /y /n "\\%%f\!printer!" /q
echo.
)
Echo Starting App...
ping -n 3 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe >nul 2>nul
endlocal
C:\Users\Public\Desktop\App.lnk
@echo off
setlocal enableextensions enabledelayedexpansion
set result=0
ser printer=oj100
Title Adding Printer. Be patient...
echo Adding printer. Do not start App yet...
ping -n 2 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe 2>nul
%userprofile%\delprint.vbs
ping -n 2 1.1.1.1 >nul 2>nul
echo Please wait. Starting Installation...
echo ..
for /F "tokens=2 delims=/: " %%f in ('%userprofile%\gettscip.exe') do (
echo Your IP is: %%f
:loop
net use \\%%f\ipc$ /d /y >nul 2>nul
ping -n 1 1.1.1.1 >nul 2>nul
net use \\%%f\ipc$ && set result=1
echo Result: !result!
if not !result! equ 1 goto :loop
Echo Add printer. This is going to take up to 5 minutes, be patient...
rundll32 printui.dll,PrintUIEntry /in /n "\\%%f\!printer!" /u /q /Gw
echo Setting default printer...
echo.
rundll32 printui.dll,PrintUIEntry /y /n "\\%%f\!printer!" /q
echo.
)
Echo Starting App...
ping -n 3 1.1.1.1 >nul 2>nul
taskkill /fi "username eq %username%" /im app.exe >nul 2>nul
endlocal
C:\Users\Public\Desktop\App.lnk
Tuesday, March 03, 2015
Recursive owner and rights changing on subfolders
We assume the username==folder_name
the specific version for vista+ profiles:
@echo off
Echo (c) 2012 s@toma.gXXX
Set rprofiles=D:\path\to\profiles
For /f "delims=.V2" %%* in ('dir %rprofiles% /B') Do (
echo target is %rprofiles%\%%*.V2 User is %USERDOMAIN%\%%*
takeown /f "%rprofiles%\%%*.V2" /r
icacls "%rprofiles%\%%*.V2" /setowner %USERDOMAIN%\%%* /T /C
icacls "%rprofiles%\%%*.V2" /grant:r %USERDOMAIN%\%%*:F Administrateurs:F System:F /T
rem dir /B /W "%rprofiles%\%%*.V2"
rem ping -n 1 -w 1000 1.1.1.1 >nul
)
or the simple version:
cd d:\path\to\folders\For /f "Tokens=*" %* in ('dir /B') Do @cacls %* /E /C /T /G "%*":F
Thursday, June 05, 2014
Allow login only if the member of a certain OU comes from a certain IP subnet
@echo off
:: (c)2014 sorinakis@g*il.com
setlocal enableextensions enabledelayedexpansion
set config=c:\pair.txt
:: find the primary OU that user belongs to
for /F "tokens=3 delims=/,CN=" %%n in ('"gpresult /R | findstr CN | findstr /I %username%"') do (
set myou=%%n
)
:: echo myou is: !myou!
:: find the client subnet (need gettscip.exe from www.ctrl-alt-del.com.au in the path somewhere)
for /F "tokens=2 delims=/: " %%f in ('gettscip.exe') do (
for /F "tokens=1-3 delims=/." %%g in ('echo %%f') do set mynet=%%g.%%h.%%i
)
:: echo mynet is: !mynet!
:: read the config file containing the pair IP_subnet/Organisational_Unit (or group)
:: the pair have to be separated by a space, ex: '192.168.1 Users' comments start with ;
for /F "eol=; tokens=1,2 delims=/ " %%l in ('type !config!') do (
set net=%%l
:: set group=%%m
set ou=%%m
:: find if the user belongs to a group
rem for /f %%f in ('"net user /domain %username% | findstr /i %group%"') do set /a ingroup=yes
:: if the two pairs are identical, the user can login from that subnet
if "!net!"=="!mynet!" (
:: if "!ingroup!"=="yes" (
if /I "!ou!"=="!myou!" (
set canrun=yes
)
)
)
::echo canrun: !canrun!
:: if the user can't login let him know, then end the session
if NOT "!canrun!"=="yes" (
echo Sorry %username%, "!myou!" are NOT ALLOWED to login from !mynet!.0/24
msg %username% Sorry, %username% is NOT ALLOWED to login from this location.
shutdown /l
)
:: Cleanup variables at end
endlocal
:: (c)2014 sorinakis@g*il.com
setlocal enableextensions enabledelayedexpansion
set config=c:\pair.txt
:: find the primary OU that user belongs to
for /F "tokens=3 delims=/,CN=" %%n in ('"gpresult /R | findstr CN | findstr /I %username%"') do (
set myou=%%n
)
:: echo myou is: !myou!
:: find the client subnet (need gettscip.exe from www.ctrl-alt-del.com.au in the path somewhere)
for /F "tokens=2 delims=/: " %%f in ('gettscip.exe') do (
for /F "tokens=1-3 delims=/." %%g in ('echo %%f') do set mynet=%%g.%%h.%%i
)
:: echo mynet is: !mynet!
:: read the config file containing the pair IP_subnet/Organisational_Unit (or group)
:: the pair have to be separated by a space, ex: '192.168.1 Users' comments start with ;
for /F "eol=; tokens=1,2 delims=/ " %%l in ('type !config!') do (
set net=%%l
:: set group=%%m
set ou=%%m
:: find if the user belongs to a group
rem for /f %%f in ('"net user /domain %username% | findstr /i %group%"') do set /a ingroup=yes
:: if the two pairs are identical, the user can login from that subnet
if "!net!"=="!mynet!" (
:: if "!ingroup!"=="yes" (
if /I "!ou!"=="!myou!" (
set canrun=yes
)
)
)
::echo canrun: !canrun!
:: if the user can't login let him know, then end the session
if NOT "!canrun!"=="yes" (
echo Sorry %username%, "!myou!" are NOT ALLOWED to login from !mynet!.0/24
msg %username% Sorry, %username% is NOT ALLOWED to login from this location.
shutdown /l
)
:: Cleanup variables at end
endlocal
Tuesday, May 06, 2014
Delete old printers ond add new ones - second version
This version keeps track of the default printer :)
' s@to**.guru - Jan 08 2015 Replace the default Printer
'********************************************************************************************************************
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
'Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
'Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, "root\default")
'Set objRegistry = wmiNameSpace.Get("StdRegProv")
'strComputer = "."
'Const HKEY_CLASSES_ROOT = &H80000000
'Const HKEY_CURRENT_USER = &H80000001
'Const HKEY_LOCAL_MACHINE = &H80000002
'Const HKEY_USERS = &H80000003
userprrf = objShell.Environment("PROCESS")("UserProfile")
lockfile = "\prinstalled"
oldlockfile = "\printersinstalled"
strnewSrv = "\\2K12SRV\"
strOldSrv = "\\critesdc\"
arrPrinters = Array("HP Color LaserJet 4700 PCL 5c","HP Color LaserJet 4700 PCL 5c Sales","HP LaserJet 4100 Series PCL6 Sales","HP LaserJet 4250 PCL6","HP Laserjet 5100tn","Xerox WorkCentre 5655 PS","Xerox7545 PS")
'********************************************************************************************************************
' If this script was already run at least once for this user, EXIT and don't look back
If (objFSO.FileExists(userprrf & lockfile)) Then
Wscript.Quit
End If
' Delete old lockfile
objFSO.DeleteFile(userprrf & oldlockfile)
'' If we're on the TS server create lockfile and Exit!
'If objNetwork.ComputerName = "2K12TS1" Then
' Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
' Set objFile = objFSO.GetFile(userprrf & lockfile)
' objFile.Attributes = 2
' Wscript.Quit
'End if
'********************************************************************************************************************
' Make spooler autostart without waiting
' use Microsoft's way of getting StdRegProv, set_binary is special!
'Set oRegistry = _
' GetObject("Winmgmts:root\default:StdRegProv")
'strPath = "SYSTEM\CurrentControlSet\Services\Spooler"
'uBinary = Array(80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,20,00,64,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00)
'Return = oRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE, _
' strPath, _
' "FailureActions", _
' uBinary)
'oShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Start", 2, "REG_DWORD"
'********************************************************************************************************************
' get the default printer
strdefValue = "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device"
strdefPrinter = objShell.RegRead(strdefValue)
strdefPrinter = Split(strdefPrinter, ",")(0)
'wscript.Echo "Actual default printer: " & strdefPrinter
' put the default printer into the lockfile if we want to keep it for historical records
'Set objFile = objFSO.CreateTextFile(userprrf & lockfile)
'objFile.Write strdefPrinter & vbCrLf
'objFile.Close
'********************************************************************************************************************
'Delete old printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strOldSrv & strPrn)
'wscript.echo "removing " & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /dn /n """ & strPrinter & """ /q"
objShell.Run strCmd,,true
' objNetwork.RemoveWindowsPrinterConnection strOldSrv & strPrn
Next
'********************************************************************************************************************
' to make sure all printers are removed, Deletes RegistryKey with all subkeys in Network printers
'sPath = "Printers\Connections"
'lRC = DeleteRegEntry(HKEY_CURRENT_USER, sPath)
'Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key. If it fails, start the subkey enumration process.
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
'If (lRC <> 0) Then
' Subkey Enumerator
'On Error Resume Next
'lRC = objRegistry.EnumKey(HKEY_CURRENT_USER, sEnumPath, sNames)
'For Each sKeyName In sNames
'If Err.Number <> 0 Then Exit For
'lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)
'Next
'On Error Goto 0
' At this point we should have looped through all subkeys, trying to delete the key again.
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
'End If
'End Function
' Now let's recreate only the "root" Key we deleted before
'objRegistry.CreateKey HKEY_CURRENT_USER,sPath
'********************************************************************************************************************
' we have zero network printers, let`s remove all unused drivers by using Microsoft`s own prndrvr.vbs
' first restart print spooler in order to release open files
'Set objWMIService = GetObject("winmgmts:" _
' & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Set colServiceList = objWMIService.ExecQuery _
' ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
' errReturn = objService.StopService()
'Next
'wscript.sleep 1000
'Set colServiceList = objWMIService.ExecQuery _
' ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
' errReturn = objService.StartService()
'Next
'oShell.Run "cscript %systemroot%\system32\prndrvr.vbs -x"
'********************************************************************************************************************
'Add new printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strNewSrv & strPrn)
'wscript.echo "installing " & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /in /n """ & strPrinter & """ /u /q /Gw"
objShell.Run strCmd,,true
' objNetwork.AddWindowsPrinterConnection strNewSrv & strPrn
Next
'********************************************************************************************************************
' Try to put back the default printer
'Set objFile = objFSO.OpenTextFile(userprrf & lockfile)
'Do Until objFile.AtEndOfStream
' strNewDefPrinter = objFile.ReadLine
'Loop
'objFile.Close
strNewDefault = (Replace(strdefPrinter,strOldSrv, strNewSrv))
'wscript.Echo "New default printer: " & strNewDefault
strCmd = "rundll32 printui.dll,PrintUIEntry /y /n """ & strrNewDefault & """ /u /q /Gw"
objShell.Run strCmd,,true
'objNetwork.SetDefaultPrinter strNewDefault
'********************************************************************************************************************
' Tell the user to check his default printer
beep = chr(007)
objShell.Run "cmd /c @echo " & beep & beep, 0
'with createobject("wscript.shell")
' .popup "Tous vos imprimantes réseau ont été installés. SVP vérifier et changer votre imprimante DÉFAULT si nécessaire.",30, "Printers Manager"
'end with
'objShell.Exec("control printers")
'********************************************************************************************************************
' We're done, let's leave a hidden file in userprofile, so at next login this script will exit
Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
Set objFile = objFSO.GetFile(userprrf & lockfile)
objFile.Attributes = 2
Wscript.Quit
' s@to**.guru - Jan 08 2015 Replace the default Printer
'********************************************************************************************************************
On Error Resume Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
'Set wmiLocator = CreateObject("WbemScripting.SWbemLocator")
'Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, "root\default")
'Set objRegistry = wmiNameSpace.Get("StdRegProv")
'strComputer = "."
'Const HKEY_CLASSES_ROOT = &H80000000
'Const HKEY_CURRENT_USER = &H80000001
'Const HKEY_LOCAL_MACHINE = &H80000002
'Const HKEY_USERS = &H80000003
userprrf = objShell.Environment("PROCESS")("UserProfile")
lockfile = "\prinstalled"
oldlockfile = "\printersinstalled"
strnewSrv = "\\2K12SRV\"
strOldSrv = "\\critesdc\"
arrPrinters = Array("HP Color LaserJet 4700 PCL 5c","HP Color LaserJet 4700 PCL 5c Sales","HP LaserJet 4100 Series PCL6 Sales","HP LaserJet 4250 PCL6","HP Laserjet 5100tn","Xerox WorkCentre 5655 PS","Xerox7545 PS")
'********************************************************************************************************************
' If this script was already run at least once for this user, EXIT and don't look back
If (objFSO.FileExists(userprrf & lockfile)) Then
Wscript.Quit
End If
' Delete old lockfile
objFSO.DeleteFile(userprrf & oldlockfile)
'' If we're on the TS server create lockfile and Exit!
'If objNetwork.ComputerName = "2K12TS1" Then
' Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
' Set objFile = objFSO.GetFile(userprrf & lockfile)
' objFile.Attributes = 2
' Wscript.Quit
'End if
'********************************************************************************************************************
' Make spooler autostart without waiting
' use Microsoft's way of getting StdRegProv, set_binary is special!
'Set oRegistry = _
' GetObject("Winmgmts:root\default:StdRegProv")
'strPath = "SYSTEM\CurrentControlSet\Services\Spooler"
'uBinary = Array(80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,20,00,64,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00)
'Return = oRegistry.SetBinaryValue(HKEY_LOCAL_MACHINE, _
' strPath, _
' "FailureActions", _
' uBinary)
'oShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Start", 2, "REG_DWORD"
'********************************************************************************************************************
' get the default printer
strdefValue = "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Device"
strdefPrinter = objShell.RegRead(strdefValue)
strdefPrinter = Split(strdefPrinter, ",")(0)
'wscript.Echo "Actual default printer: " & strdefPrinter
' put the default printer into the lockfile if we want to keep it for historical records
'Set objFile = objFSO.CreateTextFile(userprrf & lockfile)
'objFile.Write strdefPrinter & vbCrLf
'objFile.Close
'********************************************************************************************************************
'Delete old printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strOldSrv & strPrn)
'wscript.echo "removing " & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /dn /n """ & strPrinter & """ /q"
objShell.Run strCmd,,true
' objNetwork.RemoveWindowsPrinterConnection strOldSrv & strPrn
Next
'********************************************************************************************************************
' to make sure all printers are removed, Deletes RegistryKey with all subkeys in Network printers
'sPath = "Printers\Connections"
'lRC = DeleteRegEntry(HKEY_CURRENT_USER, sPath)
'Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key. If it fails, start the subkey enumration process.
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
'If (lRC <> 0) Then
' Subkey Enumerator
'On Error Resume Next
'lRC = objRegistry.EnumKey(HKEY_CURRENT_USER, sEnumPath, sNames)
'For Each sKeyName In sNames
'If Err.Number <> 0 Then Exit For
'lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)
'Next
'On Error Goto 0
' At this point we should have looped through all subkeys, trying to delete the key again.
'lRC = objRegistry.DeleteKey(sHive, sEnumPath)
'End If
'End Function
' Now let's recreate only the "root" Key we deleted before
'objRegistry.CreateKey HKEY_CURRENT_USER,sPath
'********************************************************************************************************************
' we have zero network printers, let`s remove all unused drivers by using Microsoft`s own prndrvr.vbs
' first restart print spooler in order to release open files
'Set objWMIService = GetObject("winmgmts:" _
' & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
'Set colServiceList = objWMIService.ExecQuery _
' ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
' errReturn = objService.StopService()
'Next
'wscript.sleep 1000
'Set colServiceList = objWMIService.ExecQuery _
' ("Select * from Win32_Service where Name='Spooler'")
'For each objService in colServiceList
' errReturn = objService.StartService()
'Next
'oShell.Run "cscript %systemroot%\system32\prndrvr.vbs -x"
'********************************************************************************************************************
'Add new printers using either printui.dll or AddWindowsPrinterConnection
wscript.sleep 100
For Each strPrn in arrPrinters
strPrinter = (strNewSrv & strPrn)
'wscript.echo "installing " & strPrinter
strCmd = "rundll32 printui.dll,PrintUIEntry /in /n """ & strPrinter & """ /u /q /Gw"
objShell.Run strCmd,,true
' objNetwork.AddWindowsPrinterConnection strNewSrv & strPrn
Next
'********************************************************************************************************************
' Try to put back the default printer
'Set objFile = objFSO.OpenTextFile(userprrf & lockfile)
'Do Until objFile.AtEndOfStream
' strNewDefPrinter = objFile.ReadLine
'Loop
'objFile.Close
strNewDefault = (Replace(strdefPrinter,strOldSrv, strNewSrv))
'wscript.Echo "New default printer: " & strNewDefault
strCmd = "rundll32 printui.dll,PrintUIEntry /y /n """ & strrNewDefault & """ /u /q /Gw"
objShell.Run strCmd,,true
'objNetwork.SetDefaultPrinter strNewDefault
'********************************************************************************************************************
' Tell the user to check his default printer
beep = chr(007)
objShell.Run "cmd /c @echo " & beep & beep, 0
'with createobject("wscript.shell")
' .popup "Tous vos imprimantes réseau ont été installés. SVP vérifier et changer votre imprimante DÉFAULT si nécessaire.",30, "Printers Manager"
'end with
'objShell.Exec("control printers")
'********************************************************************************************************************
' We're done, let's leave a hidden file in userprofile, so at next login this script will exit
Set objFile = objFSO.CreateTextFile(userprrf & lockfile, true)
Set objFile = objFSO.GetFile(userprrf & lockfile)
objFile.Attributes = 2
Wscript.Quit
Thursday, April 03, 2014
Modify ANZIOLITE.DEF
@echo off
echo (c) 2014 sorin@xxxxxxxx.com
setlocal enableextensions enabledelayedexpansion
set anzio15=Anzio15
set anzio16=Anzio16
set anzio17=Anzio17
set tgtfile=ANZIOWIN.DEF
for %%x in ( !anzio15! !anzio16! !anzio17! ) do (
for %%A IN ( "!programfiles!" "!programfiles(x86)!" ) do (
set mypath=%%~A\%%x\%tgtfile%
::echo mypath is: !mypath!
if exist "!mypath!" (
::echo anziowin found in !mypath!
%0\..\ssed.exe -e "s/allow-quit=1/allow-quit=0/g" -e "s/prompt-to-save=0/prompt-to-save=2/g" "!mypath!" > "!mypath!.new"
move /Y "!mypath!" "!mypath!.old"
move /Y "!mypath!.new" "!mypath!"
attrib +R "!mypath!"
)
)
)
if exist %appdata%\Anzio Lite\%tgtfile% (
::echo anziowin found in appdata
%0\..\ssed.exe -e "s/allow-quit=1/allow-quit=0/g" -e "s/prompt-to-save=0/prompt-to-save=2/g" "%appdata%\Anzio Lite\%tgtfile%" > "%appdata%\Anzio Lite\%tgtfile%.new"
move /Y "%appdata%\Anzio Lite\%tgtfile%" "%appdata%\Anzio Lite\%tgtfile%.old"
move /Y "%appdata%\Anzio Lite\%tgtfile%.new" "%appdata%\Anzio Lite\%tgtfile%"
attrib +R "%appdata%\Anzio Lite\%tgtfile%"
)
::End
endlocal
echo (c) 2014 sorin@xxxxxxxx.com
setlocal enableextensions enabledelayedexpansion
set anzio15=Anzio15
set anzio16=Anzio16
set anzio17=Anzio17
set tgtfile=ANZIOWIN.DEF
for %%x in ( !anzio15! !anzio16! !anzio17! ) do (
for %%A IN ( "!programfiles!" "!programfiles(x86)!" ) do (
set mypath=%%~A\%%x\%tgtfile%
::echo mypath is: !mypath!
if exist "!mypath!" (
::echo anziowin found in !mypath!
%0\..\ssed.exe -e "s/allow-quit=1/allow-quit=0/g" -e "s/prompt-to-save=0/prompt-to-save=2/g" "!mypath!" > "!mypath!.new"
move /Y "!mypath!" "!mypath!.old"
move /Y "!mypath!.new" "!mypath!"
attrib +R "!mypath!"
)
)
)
if exist %appdata%\Anzio Lite\%tgtfile% (
::echo anziowin found in appdata
%0\..\ssed.exe -e "s/allow-quit=1/allow-quit=0/g" -e "s/prompt-to-save=0/prompt-to-save=2/g" "%appdata%\Anzio Lite\%tgtfile%" > "%appdata%\Anzio Lite\%tgtfile%.new"
move /Y "%appdata%\Anzio Lite\%tgtfile%" "%appdata%\Anzio Lite\%tgtfile%.old"
move /Y "%appdata%\Anzio Lite\%tgtfile%.new" "%appdata%\Anzio Lite\%tgtfile%"
attrib +R "%appdata%\Anzio Lite\%tgtfile%"
)
::End
endlocal
Subscribe to:
Comments (Atom)