Tag Archives: administration

Robocopy file classes

This information comes from the Robocopy.exe documentation PDF file for Windows XP version, but it’s the best description I’ve been able to find. From page 15 of that document:

Using Robocopy File Classes

For each directory processed, Robocopy constructs a list of files in both the source
and destination directories. This list matches the files specified on the command line
for copying.

Robocopy then cross-references the lists, determining where files exist and comparing
file times and sizes. The program places each selected file in one of the following
classes.

File Class In source In destination Source/Dest file times Source/dest file sizes Source/dest attributes
Lonely Yes No n/a n/a n/a
Tweaked Yes Yes Equal Equal Different
Same Yes Yes Equal Equal Equal
Changed Yes Yes Equal Different n/a
Newer Yes Yes Source > Destination n/a n/a
Older Yes Yes Source < Destination n/a n/a
Extra No Yes n/a n/a n/a
Mismatched Yes (file) Yes (directory) n/a n/a n/a

By default, Changed, Newer, and Older files are candidates for copying (subject to
further filtering, as described later). Same files are not copied. Extra and Mismatched
files and directories are only reported in the output log.

Normally, Tweaked files are neither identified nor copied – they are usually identified
as Same files by default. Only when /IT is used will the distinction between Same and
Tweaked files be made, and only then will Tweaked files be copied.

Readable System Event logs

I think I’m not alone in finding the Service Control Manager logs so many informational events as to make it hard to read the important events in the System Event logs on modern Windows systems.

I’ve used custom XPath queries of Event logs before, and decided to define a Custom view of the System event log that suppresses the events generated by the Service Control Manager that are in the Informational or Verbose catergories. Here’s the XML that defines this custom view:


<QueryList>
 <Query Id="0" Path="System">
 <Select Path="System">*</Select>
 <Suppress Path="System">*[System[Provider[@Name='Service Control Manager']
 and (Level=4 or Level=0 or Level=5)]]</Suppress>
 </Query>
</QueryList>

References:

Get-PrintJobs.ps1 PowerShell script

After a recent upgrade of our print servers, I discovered that the Print Spooler service event logging had been enhanced, and changed enough that some PowerShell reporting scripts that worked just fine on Windows Server 2008 (32-bit) no longer worked on Server 2012 R2.

To get the reports working again, I had to enable the Microsoft-Windows-PrintService/Operational log. I also had to increase the log size from the default in order to retain more than one day’s events. The trickiest part was figuring out the XPath query syntax for retrieving events from a particular printer. The newer syntax makes more sense to me, but it took me a long time to arrive at it.

Following Don Jones‘ entreaty to build tools and controllers, I offer this tool script, which retrieves (simplified) print job events, and cares not a whit about formatting or saving.


<#
.SYNOPSIS
Gets successful print job events and returns simplified objects with relevant
details.

.DESCRIPTION
Collects the successful print jobs from the PrintService Operational log, with
optional query parameters including Printer name and start and end times.

.PARAMETER PrinterName
The share name of the printer for which events will be retrieved.

.PARAMETER StartTime
The beginning of the interval during which events will be retrieved.

.PARAMETER EndTime
The end of the interval during which events will be retrieved.

.EXAMPLE
C:\> Get-PrintJobs.ps1
Returns objects representing all the successful print jobs (events with id 307).

.EXAMPLE
C:\> Get-PrintJobs.ps1 -PrinterName 'Accounting HP LaserJet'
Returns objects for all the jobs on the Accounting printer.

.EXAMPLE
C:\> Get-PrintJobs.ps1 -PrinterName 'Accounting HP LaserJet' -StartTime (Get-Date).AddHours(-12)
Returns objects for all the jobs on the Accounting printer generated in the last twelve hours.
.NOTES
Script Name: Get-PrintJobs.ps1
Author : Geoff Duke <Geoffrey.Duke@uvm.edu>

Edit 2014-10-08: Generalizing from dept printer report script, fixing XPath
query syntax.

Edit 2012-11-29: Job is run as SYSTEM, and computer object has been granted
Modify rights to the destination directory.
#>

Param(
[string] $PrinterName,

[datetime] $StartTime,

[datetime] $EndTime
)
Set-StrictMode -version latest
# Building XPath query to select the right events
$filter_start = @'
<QueryList>
  <Query Id="0" Path="Microsoft-Windows-PrintService/Operational">
    <Select Path="Microsoft-Windows-PrintService/Operational">
'@

$filter_end = @'
    </Select>
  </Query>
</QueryList>
'@

$filter_match = '*[System[(EventID=307)' #need to add ']]' to close

if ( $StartTime -or $EndTime) {
    $filter_match += ' and TimeCreated[' #need to add ']' to close
    $time_conds = @()

    if ( $StartTime ) {
        $time_conds += ( '@SystemTime&gt;=' +
            "'{0:yyyy-MM-ddTHH:mm:ss.000Z}'" -f $StartTime.ToUniversalTime()
        )
    }
    if ( $EndTime ) {
        $time_conds += ( '@SystemTime&lt;=' +
            "'{0:yyyy-MM-ddTHH:mm:ss.000Z}'" -f $EndTime.ToUniversalTime()
        )
    }

    $filter_match += ( $time_conds -join ' and ' ) + ' ]' # Closing TimeCreated[
}

$filter_match += "]]`n" # Closing [System[

if ( $PrinterName ) {
    $filter_match += @"
  and
*[UserData[DocumentPrinted[(Param5='$PrinterName')]]]
"@
}

write-debug "Using Filter:`n $filter_match"

# The $filter variable below is cast as XML, that's getting munged
# by WordPress or the SyntaxHighlighter as '1'
1 $filter = ($filter_start + $filter_match + $filter_end)

get-winevent -filterXML $filter | foreach {
    $Properties = @{
        'Time' = $_.TimeCreated;
        'Printer' = $_.Properties[4].value;
        'ClientIP' = $_.properties[3].value.SubString(2);
        'User' = $_.properties[2].value;
        'Pages' = [int] $_.properties[7].value;
        'Size' = [int] $_.properties[6].value
    }

    New-Object PsObject -Property $Properties
}

If you find this script useful, please let me know. If you find any bugs, definitely let me know!

Set default printer with PowerShell

Closely related to my previous post, this simple script uses a WScript.Network COM object to set the default printer. The comment block is longer than the script, but I think it’s a useful little tool.

<#
.SYNOPSIS
Sets a Network Printer connection as the default printer.

.DESCRIPTION
Uses a COM object to sets the specified, installed printer as the default. If
an error is encountered, e.g., the specified printer isn't installed, the
exception is written to a file called Set-DefaultPrinter.err in the current
$env:temp directory, and then the script terminates, throwing the exception.

Based on my colleague's VBScript solution:

http://blog.uvm.edu/jgm/2014/06/11/parting-scripts-add-a-new-network-printer-and-set-it-as-default/

.PARAMETER PrinterShare
The UNC path to the shared printer.
e.g. \\printers1.campus.ad.uvm.edu\ETS-SAA-SamsungML-3560

.EXAMPLE
Set-DefaultPrinter.ps1 -PrinterShare '\\printers1.campus.ad.uvm.edu\ETS-SAA-SamsungML-3560'

.NOTES
    Script Name: Set-DefaultPrinter.ps1
    Author     : Geoff Duke <Geoffrey.Duke@uvm.edu>
#>

[cmdletbinding()]

Param(
    [Parameter(Mandatory=$true,
        HelpMessage="Enter the UNC path to the network printer")]
    [ValidateNotNullOrEmpty()]
    [string] $PrinterShare
)

Set-PSDebug -Strict

$PSDefaultParameterValues = @{"out-file:Encoding"="ASCII"}

$ws_net = New-Object -COM WScript.Network

try {
    $ws_net.SetDefaultPrinter($PrinterShare)
}
catch {
    $error[0].exception | out-file (join-path $env:temp 'Set-DefaultPrinter.err') 
    throw $error[0]
}
write-verbose "Default printer now $PrinterShare"

Add network printer with PowerShell

This is my PowerShwell translation of my colleague’s VBScript solution for mapping network printers with a script.

<#
.SYNOPSIS
Add a Network Printer connection, optionally making it the default printer.

.DESCRIPTION
Uses a COM object to add a Network Printer, and optionally sets that printer
as the default. If an error is encountered, the exception is written to a
file called Add-NetworkPrinter.err in the current $env:temp directory, and then
the script terminates.

This is my PowerShell translation of my colleague's VBScript solution:

http://blog.uvm.edu/jgm/2014/06/11/parting-scripts-add-a-new-network-printer-and-set-it-as-default/

.PARAMETER PrinterShare
The UNC path to the shared printer.
e.g. \\printers1.campus.ad.uvm.edu\ETS-SAA-SamsungML-3560

.PARAMETER Default
Specifies that the printer will also be set as the default printer for the current user.

.EXAMPLE
Add-NetworkPrinter.ps1 -PrinterShare '\\printers1.campus.ad.uvm.edu\ETS-SAA-SamsungML-3560' -Default

.NOTES
    Script Name: Add-NetworkPrinter.ps1
    Author     : Geoff Duke <Geoffrey.Duke@uvm.edu>
#>

[cmdletbinding()]

Param(
    [Parameter(Mandatory=$true,
        HelpMessage="Enter the UNC path to the network printer")]
    [ValidateNotNullOrEmpty()]
    [string] $PrinterShare,

    [parameter(Mandatory=$false)]
    [switch] $Default
)

Set-PSDebug -Strict

$PSDefaultParameterValues = @{"out-file:Encoding"="ASCII"}

$ws_net = New-Object -COM WScript.Network

write-verbose "Adding connection to $PrinterShare"
try {
    $ws_net.AddWindowsPrinterConnection($PrinterShare)
}
catch {
    $error[0].exception | out-file (join-path $env:temp 'Add-NetworkPrinter.err')
    throw $error[0]
}

write-verbose "Setting the printer as the default"
if ( $Default ) {
    try {
        $ws_net.SetDefaultPrinter($PrinterShare)
    }
    catch {
        $error[0].exception | out-file (join-path $env:temp 'Add-NetworkPrinter.err')
        throw $error[0]
    }
}

# the end

For use with Group Policy, it will probably be helpful to create a simple Set-DefaultPrinter.ps1 script. But that’s just the second stanza from the script above.

Updating firewall rules with netsh

I needed to adjust the scope of a built-in firewall rule in a couple of servers, restricting the remote IPs to a list of UVM subnets in CIDR notation. The netsh documentation describes the syntax for a list as comma-separated values (no spaces). But I kept getting errors with the command:

netsh advfirewall firewall set rule name="Windows Internet Naming Service (WINS) (NB-Name-UDP-In)" remoteip="10.10.0.0/16,10.11.0.0/16,10.12.0.0/16"

Finally, I actually read the error message:

For ‘set’ commands, the ‘new’ keyword must be present and must not be the last argument provided.

And the related part of the usage text:

Values after the new keyword are updated in the rule.  If there are no values, or keyword new is missing, no changes are made.

One little three-letter keyword was all I needed:

netsh advfirewall firewall set rule name="Windows Internet Naming Service (WINS) (NB-Name-UDP-In)" new remoteip="10.100.0.0/16,10.101.0.0/16,10.102.0.0/16"

/sigh

Who’s logged into Server 2012?

I’m severely disappointed that Microsoft has removed from Server 2012 the tools required for managing and configuring Remote Desktop for Administration. On previous server editions, I’ve used the Remote Desktop Services Manager to troubleshoot colleagues and delegated administrators’ access issues. We’ve also had situations where the SSL certificate used to identify the server and to encrypt traffic has expired and needed some intervention.

Some discussion on Mark Minasi’s support forum indicates that some of this functionality is returning in Server 2012 R2. In the meantime, and until all our servers get upgraded, I’ll be using a combination of the Task Manager (which shows user sessions),

Displaying user logon sessions in Server 2012 Task manager

Displaying user logon sessions in Server 2012 Task manager

and Process Explorer, which can show the username and start time for process.

Adding VMware Tools to WinPE 4.0

I’m trying to augment the Bare Metal Recovery boot image provided by EMC as part of the NetWorker Client to support recovery in our VMware vSphere environment. The BMR .ISOs include a sources\boot.wim file that I should be able to modify.

I started with these somewhat date instructions in the VMware knowledgebase. I copied the contents of the .ISO file to a temporary directory on my PE Build system (Windows 8 guest). Using the Windows ADK, I mounted the sources\boot.wim file.

C:\Temp>dism /mount-image /imagefile:c:\temp\NW-MBR-ISO\sources\boot.wim /index:1 /mountdir:c:\temp\mount

I downloaded the latest VMware Tools, then used the /A switch (administrative install) on the setup file to extract the contents to a local folder. The driver files are contained within Program Files\VMware\VMware Tools\VMware\Drivers. I copied that directory to my working location, then added the drivers to the WIM files.

dism /image:c:\temp\mount /add-driver /driver:c:\temp\drivers /recurse

DISM reported success, so I committed the changes and umounted the WIM file.

dism /unmount-image /mountdir:c:\temp\mount /commit

The files I copied off of the EMC-provided ISO were not sufficient to create a new bootable image. So I used the CopyPE command to create a new base image, which included a file source for the PE image as well as the appropriate boot sector files. Since the image source files were identical to the file in the EMC disk image (because this is how they created the image), I just copied my customized boot.wim over the default boot.wim. Then I was able to use the makewinpemedia command to create a new .ISO image.

I’ve been able to boot the image, and it loaded the VMXNET3 like a champ. We’ll see how the Bare Metal Recover process goes. Thankfully, this is a test and not a crisis.