Wednesday, June 8, 2011

Finding Out a Machines Uptime

This post sort of goes along with the previous "Remotely Rebooting Machines" post.

The title says all - being curious, I wanted to find out everyone's machine uptime. In other words, how long has the computer been powered on?

You need:
-elevated privileges to access remote machines
-grep - if you want to filter out what you dont need from the command, add ".../bin" directory to your environment variables

If you run "systeminfo" from the command prompt on your machine, this is the output that we are looking for from remote machines. Also, we just need this line from the output: "System Boot Time: 6/8/2011, 7:07:01 AM" The other junk can be handy for other "curiousness'" but for this instance, Im not interested.

Create a .cmd file, paste in this command (all one line):
for /f "tokens=*" %%c in (machines.txt) do psexec \\%%c systeminfo | grep "System Boot Time:"
Create a separate text file named machines.txt in the same directory. Put all your computer names in the text file, each on a separate line. Ok, open the command prompt, adjust your screen buffer, run the .cmd file.  If you have hundreds of computers, this will take a LONG time to run.

I believe there is a way to output the results in a local text file, but I could never get it to work since I have a pipe grep at the end, however I could be doing something wrong.

Monday, June 6, 2011

Remotely Rebooting Machines

I noticed there are some machines on the network that haven't been rebooted for quite some time. As time moves along, new gpo's are created, software is updated, etc. Nonetheless, every month or two, all machines should be rebooted to pick up what has changed.

Create a .cmd file with this command in it:
for /f "tokens=*" %%c in (machines.txt) do shutdown /r /f /m \\%%c
You also need to create a txt file in the same directory that includes the machines you want rebooted. Make sure you do not include \\ in front of the computer name. If you prefer leaving \\, then revise the command above.

/r - Indicates to reboot the machine
/f - Force running applications to close without forewarning users
/m - Specify the remote computer in \\

Run your .cmd file in the command prompt window so you can see which machines errored out. You may need to adjust your screen buffer size if you have alot of machines.
Note - There may be computers that are shutdown or in Sleep mode, this command will error out if it cannot contact the machine, however, it will proceed to the next machine after about 15 seconds. Keep a list of what computers errored out and visit them individually.
2E01: The entered computer name is not valid or remote shutdown is not supported on the target computer.
Also, if you dont have the proper permissions to do so, this will fail.

Thursday, June 2, 2011

Malware/Viruses in the Workplace

Now that our campus is dominantly running Windows 7, I've seen MAJOR improvement on malware/virus infections on campus machines. When we were running XP, I typically cleaned about a machine or two a day. Mostly using ComboFix, Malwarebytes, and/or Microsoft FEP 2010. If those scanners didn't clean the infected machine, I'd resort to a reformat/rebuild of the OS. My time was consistently being pulled away from projects, server maintenance, etc. Thanks Windows 7!

We still have a handful of machines out there running Windows XP. My new motif (which has been quite some time now) that I've learned is that "most of the time" it's easier to just grab a different hard drive, image it, move over the files. This process is usually quicker than cleaning the infected machine and taking a chance of it not being cleaned after spending time on it. Or even the chance of lingering infections that will come back to haunt. This is something that I've learned over my desktop support years.

For on the spot imaging, we use Acronis True Image. I can image a hard drive typically in about 4 minutes, boot it up, let Win7 find the drivers and am ready to go.