Matt Broadstock

January 2006 - Posts

• IE 7 Beta 2 available

  I installed IE7 Beta2 about 30 minutes ago and I've been playing around with it. So far, so good. I had it crash one time on me while trying to do a forum search on myitforum.com but other than that it has been great. If everything continues to work well, I may end up scrapping FireFox at home. I can't live without tabbed browsing and IE7 seems to do a great job with them. I love how the tab groups work and the fact that they kept the same shortcut keys that FireFox has used (CTRL-T and CTRL-W to open/close tabs). http://www.microsoft.com/windows/ie/ie7/ie7betaredirect.mspx Share this post:                                        Posted Jan 31 2006, 05:00 PM by Matt Broadstock with 1 comment(s) Filed under: Windows - Workstation

• Improvements to SMS Group/Collection creation HTA

  I posted a while back about a little HTA that I was working on to help automate the creation of groups in AD and the creation of Collections that are tied to those groups. I've added a few options to make it a bit more flexible. Collection to Limit To Parent Collection OU to create the groups in Group Description Group Notes Here's a screenshot. I'm not ready to post all of the code quite yet but if anyone wants to try it out, shoot me an e-mail (matt.broadstock@gmail.com) and I'll give you the code and explain what changes you will need to make to get it to work in your environment. There are a few variables that have to be updated in the code and you'll need to create a small XML file that has information on your OU structure and SMS Collection structure. I'm not sure how many people are using AD groups to manage collection membership but it works great at my current client. Each department is able to manage their own groups in AD (therefore they can manage their collection members). But pretty much everything is SMS is managed centrally. Because we have separate collections (and groups) for each department, creating everything for each new package/advertisement is time consuming. At least it used to be. :) Edit: you can download it on www.smsutils.com in the Community Downloads area. Share this post:                                        Posted Jan 01 2006, 11:10 PM by Matt Broadstock with no comments Filed under: Active Directory, Scripting - VBScript, SMSUtils

• Clean up your vbs code with functions and subroutines

  Ok, I've been going through a bunch of vbs scripts that a previous consultant at my current client wrote. Most of the scripts actually work fairly well but trying to follow what they are doing can be difficult and they can be a real pain to update. Some of the cleanup has been fairly complicated but there are a few simple things that I've done that make the code a lot more flexible and a lot easier to understand. Hopefully I'll be able to leave my client with some scripts that they can support themselves when I am gone. Here's an example of how a simple subroutine/function can make things easier: Old Code Fragment: (basically just adding attributes to a user account)      objUser.Put "userPrincipalName", strUserName & "@ds.ad.ssmhc.com"      objUser.SetInfo      If err.number <> 0 Then       strRet = err.number       Call ExceptionHandler("Error in LDAP set info userPrincipalName" & err.number & " Desc: " & err.Description)      End If                  objUser.Put "title", strJobTitle       If err.number <> 0 Then       strRet = err.number       Call ExceptionHandler("Error in LDAP set info userPrincipalName" & err.number & " Desc: " & err.Description)      End If      objUser.SetInfo      If err.number <> 0 Then       strRet = err.number       Call ExceptionHandler("Error in LDAP set info userPrincipalName" & err.number & " Desc: " & err.Description)      End If                   objUser.Put "givenName", strFirstName       If err.number <> 0 Then       strRet = err.number       Call ExceptionHandler("Error in LDAP put givenName" & err.number & " Desc: " & err.Description)      End If etc.....There were a number of other attributes getting set in the code (100+ lines of code required)   By creating a function that allows you to pass the attribute you are updating and the value you want to set it to you will have code that is easy to update and much easier to understand New Code Fragment: Call SetAccountAttribute(objUser, "userPrincipalName", strUserName & "@ds.ad.ssmhc.com") Call SetAccountAttribute(objUser, "title", strJobTitle) Call SetAccountAttribute(objUser, "givenName", strFirstName) Call SetAccountAttribute(objUser, "initials", strMiddleInitial) Function SetAccountAttribute(objUser, strAttributeName, strAttributeValue)     objUser.Put strAttributeName, strAttributeValue     objUser.SetInfo     If err.number <> 0 Then         strRet = err.number         Call ExceptionHandler("Error in LDAP set info: " & strAttributeName & vbTab & _         vbTab & err.number & " Desc: " & err.Description)     End If End Function In this case I could've used a subroutine instead of a function since I am not actually returning any values but I'll probably add that functionality in at some point down the road. By having all of the “smarts“  in a function I have one place that I can make changes instead of the 15 that I would've had before. Plus, the number of lines required dropped from over 100 to less than 20.   Share this post:                                        Posted Jan 01 2006, 11:09 PM by Matt Broadstock with 2 comment(s) Filed under: Scripting - VBScript

• Getting NETSH to manage DHCP from XP

  I've always hated the fact that you can't do NETSH command from XP to manage DHCP. I've always had to RDP or PSEXEC into a server in order to run NETSH commands for DHCP. Today I stumbled across a technote describing how to get it to work so I figured I would share. netsh add helper dhcpmon.dll I did a quick comparison between a server and my workstation and it looks like the other services that you can't manage from XP are AAAA, IPSec and RPC. So, next I ran “netsh show helper“ on a server to see what DLLs were responsible for letting you manage those other services. I was able to add AAAA (whatever that is) by adding the helper for aaaamon.dll I tried adding nshipsec.dll and rpcnsh.dll to get RPC and IPSec but no dice. Oh well, I probably just don't have those DLLs on my system or something. And I never use NETSH to manage those services anyway. Share this post:                                        Posted Jan 01 2006, 11:08 PM by Matt Broadstock with no comments Filed under: Active Directory

• More annoyances with Lotus Notes

  Let me reiterate in case you missed it...the Lotus Notes client blows. Today I got a call from one of our techs out in the field. The CEO is getting the following error whenever he tries to run Notes. "You cannot use the Administration program while the Domino Server is running. Either shut down the Domino Server (but keep the file server running) or choose the icon labeled "Lotus Notes" instead" Well, after 20 minutes of digging around it turns out that the problem is that the CEO has another computer somewhere and Notes is still running on it. Because Notes still insists on storing so much data on the client rather than the server, some critical files were locked and the new Notes session wouldn't launch without giving the no-so-helpful error above. Now this wouldn't be a problem if we just setup the CEO to store all of his Notes data on the C: drive for both systems instead of putting it all out on a network share. But then you run into other issues: No backups. If the hard drive dies, you've lost your address book and other important data. No shared address book. The CEO would have to maintain his address book on both systems. Maintaining your password separately. What other e-mail system stores your password in an ID file on the client instead of storing it on the server?!? I guess I just miss working at a client that uses Exchange. I know it's not perfect but at least Microsoft is willing to stay with the times. Lotus Notes has made tons of improvements on the server side but the client/server architecture they are using hasn't changed since the old MSMail days. I can't believe Domino still has close to the same market share as Exchange. Share this post:                                        Posted Jan 01 2006, 11:07 PM by Matt Broadstock with 1 comment(s) Filed under: Lotus Notes

• Utility to build Groups and Collections for SMS

  I posted a while back on this but I have a production version done now. This utility is really handy for creating groups that you can tie to SMS Collections as query rules. The company that I am at now has all of their departments broken down into “Entities” and we create separate groups and collections for each package for each Entity. It can be very time consuming to create all of the groups and collections whenever we have a new package to send out. So I wrote a HTA that automates the entire process. First, you select the “Entities” that you want to setup and type in the base groupname name that you want to create. Then, you click “CreateGroups” and it will create all of the groups for you. In my current customer's case, each groupname is prepended with their Entity code. And the groups are created in each entity's specific OU. And it is really fast. Next, enter the base collection name and click “CreateCollections”. It will create unique collections for each entity (also prepending the entity code before the base collection name). Every entity has their own collection structure and the utility will put the new collection in the collection heirarchy where it belongs. This seems to take a few seconds per collection but there is a lot of stuff that has to be done to create a collection, tie it to a parent collection, setup a refresh schedule, and create the query rule. It might take a little bit of customization to get it to work for your SMS environment but it is mostly XML driven so you can just create an XML file with the information that is pertinent to your SMS setup. Anyway, here's a screenshot. Sorry for the slow download speed on this webserver! If you have any feedback, please shoot me an e-mail: matt.broadstock@gmail.com Share this post:                                        Posted Jan 01 2006, 11:05 PM by Matt Broadstock with no comments Filed under: SMS, Scripting - VBScript

• Creating an Exclusion query/collection in SMS

  Some people may already know about this but I ran into it for the first time and thought it was interesting. We needed to create a collection in SMS that excluded all resources that were in a specific group in AD. Well, the obvious way to pull it off didn't work. Anyway, here's what I had to do: select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where Name Not In (select distinct Name from  SMS_R_System where SystemGroupName = "DS\\G113-KeepMSNetwareClient") Instead of: select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SystemGroupName Is Not Like  "DS\\G113-KeepMSNetwareClient") Basically, you have to have a subquery that returns members of the group and then do a "Not In" on that instead of just trying a "Is Not Like groupname" or "Not = groupname" type exclusion. From what I was reading this isn't unique to groups. You have to do it for a lot of inventory info.   Also, I found that the nested query (the part in the parenthesis in the 1st example) had to only return “Name“. I tried nesting that query with all of the normal stuff that gets returned (ResourceType, SMSUniqueIdentifier, etc.) but it didn't work then either. Share this post:                                        Posted Jan 01 2006, 11:04 PM by Matt Broadstock with no comments Filed under: SMS

• Problems deploying packages that utilize InstallShield ISScript

  We've run into a few applications that wouldn't install properly via SMS if a non-admin was logged onto the system when the package got deployed. If an administrator was logged on or if no one was logged on at all everything worked great. This seemed a bit strange because everything should run as the local System account, right? Well, this isn't necessarily true in the case of a MSI created with InstallShield that utilizes ISScript. When ISScript gets deployed, it sets its DCOM permissions to Interactive User. So when the MSI runs, it is possible that certain components of the install routine will try to run as the logged on user--not as System. Anyway, you can fix the issue by deleting a few registry values. The problem is that if ISScript ever gets reinstalled it will set itself back to run as Interactive User. And each version of ISScript has a different DCOM app that needs to be checked for the problem. It looks like ISScript versions 7, 8, and 9 all have the problem and one of our packagers is thinking that version 10 does as well. Not sure about 10.5 or 11 yet. Anyway, someone already posted a really good article on the problem if you care to read more on it and exactly how to fix the issue if you run into it. Share this post:                                        Posted Jan 01 2006, 11:03 PM by Matt Broadstock with no comments Filed under: Misc