EnumLocalUserGroup.wsf is a script that allows you to audit the membership of a selected local group on a single computer, a list of computers, or an OU containing computers. Typically you will want to audit the Administrators or Power Users groups. Rename it from .TXT to .WSF (not .VBS). Windows Scripting Files allow multiple jobs within a single…
The Local Administrator Password Manager v 1.1
The local administrator password on our workstations and servers should be changed regularly, and when an administrator leaves the staff. There are many ways to do this: with scripts, Hyena, and others, but none of those let you evaluate what needs to be changed and what has been changed. I wrote the Local Administrator Password…
Another Conficker Removal Tool
BitDefender has a nice tool for removing Conficker for single PCs and PCs in the Windows Domain. http://www.bdtools.net/
Quickest check for Conficker
A very nice and easy test for infection by Conficker: http://www.confickerworkinggroup.org/infection_test/cfeyechart.html. Also note that your Windows Update and Background Intelligent Transfers services will be disabled.
Make RDP files
MakeRDPFiles.vbs is a vbscript based on the RDP History script posted earlier. It take your RDP history and creates a folder with connection files for each of the systems you have previously connected to. Rename from .txt to .vbs.
Remotely Enable Terminal Services and RDP
You build a Windows 2003 server and forget to enable RDP. Very annoying. Or you want to RDP to a workstation, and it is not set up. Very annoying. EnableTS_RDP.vbs allows you to remotely enable RDP.
Get a unique list from a text file
This script UniqueList.vbs extracts, counts and writes a unique list of items from a text or CSV file. You can drag a file onto it or use the command line syntax below. If a CSV file, the unique list is just the first column. Command line syntax: uniquelist.vbs filewithdupes.txt newfile headerNote that header is YES or…
The Conficker Non-Event
If you do your job well, the threatened doom becomes a “non-event”. Year Y2K was seen as a non-event, and for well prepared enterprises Conficker – April 1 was also a “non-event”. In both cases we worked hard to avoid serious impact to our users. Calling these “non-events” devalues the hard work that IT professionals…
Conficker Info and Cleaning
I have been busy today making sure we are not vulnerable to the Conficker Worm. Do you need reliable information about Conficker? Try the SANS page at http://isc.sans.org/diary.html?storyid=5860. Signs of infection include being unable to get to security sites. Because of this I am putting the McAfee Conficker Stinger Tool as an attachment on my website. …
gzinflate base64 decode
I was looking at some alternate themes for my blog and downloaded a few nice ones to try. At the bottom of the test page was a URL in Russian. When I went to footer.php, I found a line that looked like this: eval(gzinflate(base64_decode(“fVHRSsMwFH1W8B+…”))); This sort of encoding is a little scary to see, especially…