Category Archives: Tools

%SystemRoot%System32 Secrets: certreq

CLIThe next two candidates for the series from System32 folder were bootcfg and cacls (I’m going through them alphabetically). But they are deprecated and, what’s important too, I’ve managed to learn theirs new variants. Moreover, I’ve already described BCDEdit, which is a successor to bootcfg (and I’ve managed to learn how to use the new one ;)). Therefore I’m skipping these two commands and go straight to certreq command.

So, certreq. It is more for advanced admin use, then for general user. But still it is good to remember of it… Just in case you need to:

  • create new request for a certificate, which can be later submitted to a CA
  • submit the request to a CA
  • retrieve a certificate from a CA
  • sign a certificate request
  • and all other stuff to deal with certificates =)

Of course, it is scriptable, but, to be honest, I’ve used it several times so far. Still it can become handy in scripting, on helpdesk and on a disconnected from your network box. So, keep in mind 😉

Further reading:

Certreq Syntax

Extended explanation of it

Advanced Certificate Enrollment and Management

Advertisements

%SystemRoot%System32 secrets: BITSAdmin

CLIAnother deprecated friend of mine. But I still like it, really. First of all because I haven’t still found enough time to get acquainted with all that *-BITSTransfer PowerShell comandlets. Second… Well, there is nothing for the “second”, naturally =) But still – it is a great command and I’d like to make a tribute to it with this article, because it is AWESOME! It is soooo powerful! Even though I used it usually just to be sure I would download the file regardless of network loss or whatever, it can do much more. Download or upload, retry these tasks, get some part of the file, set myriads of parameters, including authentication, use peer caching… Wow! =)

But again, usually I used it to download large files. Let’s take a look at one example.

Lets start with creating a download job:

BITSAdmin /CREATE /DOWNLOAD DownloadJob1

image

You can see that the job has been created and it has been assigned some GUID you can use later (but we’ll use it’s name in this example). Also as you can see we are being constantly notified about the command deprecation =( Let’s take a look at the job:

BITSadmin /LIST /VERBOSE

image

(Yeah, a LOT of information). Obviously, the job is currently empty (FILES: 0 / 0), so let’s add some files to it:

BITSadmin /ADDFILE DownloadJob1 <URL> <PathToSavedFile>

image

Added successfully and created a temp file already:

image

Let’s add one more:

image

and look at the second temporary file:

image

They are both of 0 bytes size yet. Now, once we have two files for our job to download, we can get more info from the job:

image

Here we can see both our files (JOB FILES) and… Can we just wait till the files get downloaded? No, because the job is not started at the moment (STATE: SUSPENDED). We need to start it and this is easy:

BITSADMIN /RESUME DownloadJob1

image

Now the job is in TRANSFERRING state, we can see how many bytes (BYTES) or files (FILES) has been transferred and so on. On this point something goes wrong and we get our network disconnected: image. Is it a problem for our downloads? Yes:

image

their state is TRANSIENT_ERROR. Should we worry about it? No, because as soon as network restores we’ll get our job QUEUD and then resumed automatically:

image

Looking at this big picture from time to time reentering /LIST command is boring, so we’ll monitor it in other way:

BITSadmin /MONITOR /REFRESH 1

image

which will refresh the state for our jobs occasionally (each 1 second in the example):

image

As soon as we get our files transferred:

image

we can just go to our download location and… Oh… Wait… What’s that?

image

The files do have appropriate size but their names… They are still temporary =( But don’t worry, just one more little step:

BITSadmin /COMPLETE downloadJob1

image

Oops. Seems like BITSadmin treats job names as case-sensitive. We should remember this, so let’s rewrite it in the correct way:

BITSadmin /COMPLETE DownloadJob1

image

Here we are! The files are here and no more job to do! I’m loving it © =)

image

Forgive me for that useless lesson: just couldn’t resist it Winking smile

If you are as amazed, as I am, here is some reading.

%SystemRoot%System32 secrets: BCDEdit

CLI

Ok, next item in our list is not to be actually very much used. Troubleshooting OS boot, creating some boot options, that’s it. But actually it is worth knowing about it. Nevertheless, what you can do with it can be quite awesome… If you need it =)

For example, you can enable and configure EMS (Emergency Management Services) for any boot entry in your list. Or you can enable kernel debugging. Some wicked tongues tell that you can even arrange a dual boot with some other OS if you want. I’m going to check it one of these days… Someday =)

For further reading refer to these documents:

http://technet.microsoft.com/en-us/library/cc709667(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc731662(WS.10).aspx

http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/BCDedit_reff.docx

%SystemRoot%System32 Secrets: AzMan

To be honest, I had been thinking of it as of some unneeded tool for quite a long time before I had a close look on the console and its abilities. I was wrong. It is really powerful instrument to manage or delegate permissions for an application. It is as powerful that I’m only teasing you in this article, before creating one or more big articles about it. Imagine, you need a person to have a full control over some Hyper-V virtual machine, including the right to delete it, but the only thing he or she is not to do is creating snapshots (because those are a pain in the neck, you know). Can you create such a set of permissions? Easy! Do you want to create quite the opposite policy? You are welcome. Do you want to check a user against some complex rules, not only groups? Create your scripts for this matter. What is even more pleasant: it is very role-oriented. Thinking in terms of roles is simple and nice with the tool.

image

Ok, will tell you me, what’s the trap? Unfortunately there are not one of them. First of them: your application should be written with AzMan in mind. It is true though for many MS applications, like, say, Hyper-V or DPM. But if you use VMM, then it is almost impossible for you to use AzMan with Hyper-V. And VMM has less abilities in the field. And I don’t like the way it has them =) DPM’s AzMan is not yet broken by any “management” software, but, my gosh! It is soooo poor in its capabilities =(

Still, if you don’t use VMM, or use some other app which is compatible with AzMan then I sincere recommend you to take a look at it.

%SystemRoot%System32 Secrets: Auditpol

CLIThis command is very useful in case you need to fine-tune audit. For example you cannot set “Audit directory service changes” without setting “Audit directory service replication” using only GUI, because “There is no Windows interface tool available in Windows Server 2008 to view or set audit policy subcategories”. therefore, you need auditpol badly in case you need to set those subcategories. You also need it in order to script changes to or audit of SACL. You need it also to backup or restore those policies quickly (say you need to turn some auditing settings on for some time and turn them off later). You also can fully reset auditing policy.

Wow! While writing the text I become filled with awe. I definitely should have used it more =)

Syntax is quite excessive, so I just show you a very simple example:

image

Have fun! =)

%SystemRoot%System32 Secrets: Schtasks

CLIAfter my previous post about AT command I received some feed back from people who obviously enough hadn’t read my post in its entirety =) The feedback stated that “AT is deprecated and is to be replaced with schtasks”. You bet I knew that! =)

Nevertheless, schtasks is really more powerful and since my article touched more than one heart I decided to write next message not about auditpol, which is next in my alphabetical list of interesting apps in System32 folder, but about schtasks. Let’s begin.

Schtasks

Comparing to AT it is a huge advancement. Really, here are its subcommands: create, change, run, end, delete, query. Actually it can do everything you can do through Scheduled Tasks applet in Control Panel. And since it is a CLI command, everything is scriptable. But as usual, there is a payback for the power: the syntax description consists of 33 pages in MS Word with the font size 8.5. 33 pages! Still, they recommend to switch from AT to this command and, to be honest, you don’t have much choice if you need just a bit more than AT can give you. Moreover, if you want to learn the syntax, it can be rewarding:

schtasks /create /tn “Shutdown Friends Machine” /tr “shutdown /s /f /t 0” /sc minute /mo 5 /s friend

The command above replaces ALL the commands I was to enter using AT.

Live Writer Wrap Up Tool: My version

As I mentioned some time ago, a guy named Simon May created a small tool which allows you to create a blog post with all your recent blog posts inside. It is cool and really saves me some time. However, I decided to:

1) adapt it more for my needs

2) write at last my first app since… Hell, I haven’t been writing anything but scripts for 15 years already =)

So, a guy with more than one blog and programming knowledge on the BASIC (not even VB!) “Hello World” level closes his eyes, downloads Visual C# 2010 Express and starts to develop his own application. Ok, I had to open my eyes before downloading VS. Then I got Simon’s explanations of his process of programming the thing, spent about 10-15 hours looking for solutions of my problems on MSDN and other Internet resources and…

image

Well, my program is definitely not so good looking, more complex, contain an orthographical mistake (will be fixed in next “release”. Yeah, now I can “release” things. Like I were actual programmer =))) ).

Some things are ugly crutches because I don’t know all the abilities of the language and didn’t plan for it well. Some places in my code are a topics to research further, because I used them without understanding them. Just take a look at this beautiful comment:

/// Tell me what the hell am I doing here? =) I guess it is LINQ? =)
OrderedFeed = feed.Items.OrderBy(i => i.PublishDate);

But it works for me!

I’ve replaced calendar from Simon’s version with to date pickers, add two presets to time period selection, added possibility to remember several blog feeds and sort items in the wrap up.

What’s the moral of the story? You can create a program even if you are not a professional in it. With Visual Studio it is really easy. So, if you need something small, but you cannot find it – create your own goodies. It is also a fun – create something, look for solutions and etc.

Just in case you want to try my app yourself, the link to the install is below. Just several points to notice before you install it:

1) It was fun for me. And it was designed for me. And I promise you I didn’t intend the program to be harmful. But still being a somewhat security guy: why should you trust me? And it is placed on a free hosting. Anyway, I won’t take any responsibility for the program results should they be not good.

2) The program will look for updates while starting. If you need a version which doesn’t… Well, write your own one =)

3) If you have ideas about it: write me, I’ll think it over. I don’t promise I will implement your ideas, but I like challenges, so why not?

4) If you need sources… Ok, but:

  • if you are newbie to the C# or programming at all, I’d recommend you to write it from scratch yourself. It is fun and it is more useful then copying and compiling my code.
  • if you are a professional, then I’ll give you the sources only after you promise me explain why you were laughing at them and how I should correct or improve it =)

5) It creates a registry key HKEY_CURRENT_USERSoftwareWLWWrapupper which is not deleted when you uninstall the tool. Remove it manually if you care.

If you are not scared of my “notice”, install it from here.