In these sample object paths, you might have noticed that I've enclosed the value in single quotes. You must enclose the value in either single or double quotes. In VBScript code, I tend to use single quotes because they're easier to work with. For example, you don't have to escape embedded single quotes as you do double quotes.
Following the call to the Get method, the script uses a third If...Then...Else statement and the Err object's Number property to determine the method's outcome. If Get fails, which is a good outcome in this case, Err.Number will be a non-zero value, which means that the MSSQLSERVER service isn't installed on the target computer. If Get succeeds, the MS-SQLSERVER service is installed on the target computer. In both cases, the script sends an appropriate message to the console.
Figure 1 shows the results from running IdentifySQLComputers.vbs in my lab. Of the seven computers listed in the output, only one computer (highlighted) is suspect. Had I not known the computers named dellsx260a and wdywtgt were offline and that dellxps is an XP Home Edition computer that doesn't permit remote WMI connections, I would have needed to investigate why these computers reported an error. In this case, the errors are intentional.
To use IdentifySQLComputers.vbs in your environment, you simply need to create a text file that contains the list of target computers in your environment. If you want to avoid modifying the script altogether, name the text file Computers.txt and save it in C:\Scripts. Otherwise you'll need to change the value assigned to the strInputFile variable.
Here's an extra-credit question for you: In a script, can you use Active Directory (AD) as a source for computer names instead of a text-based input file? Absolutely! You might be surprised at how trivial the changes are. To learn about those changes, read the Web-exclusive sidebar "Using AD to Retrieve Computer Names," InstantDoc ID 39765.
Containing the Crisis
Now that you've determined which computers are running SQL Server 2000 or MSDE, the next step is to contain the crisis. To that end, you want to stop and disable the MSSQLSERVER service on those computers that IdentifySQLComputers
.vbs reports as BAD. Disabling the service helps limit the worm's propagation and buys you time to figure out how to eradicate the virus and patch infected machines.
At this point, you've already written a large part of the containment script DisableSQLService.vbs, which Listing 2 shows, because DisableSQLService.vbs uses a lot of the same code as IdentifySQLComputers.vbs. You simply need to add the logic to stop the service and set the service's startup type to Manual or Disabled.
Callout A in Listing 2 highlights the code that stops the service. I first use the Win32_Service AcceptStop property to determine whether the target service is running. If AcceptStop returns the TRUE value, I use the Win32_Service's StopService method to stop the service. Next, I use this method's return value to determine whether StopService succeeded and send an appropriate message to the console.
As callout B in Listing 2 shows, I use the Win32_Service StartMode property to determine whether the target service's startup type is set to Disabled. If not, I use the Win32_Service ChangeStartMode method to do so. I use the method's return value to determine whether ChangeStartMode succeeded and send an appropriate message to the console.
I ran DisableSQLService.vbs against the same set of computers as IdentifySQLComputers.vbs. As Figure 2 shows, you can see that DisableSQLService.vbs successfully stopped and disabled the MSSQLSERVER service on the tmtowtdi computer.
It's Not If, But When
Unfortunately, it's only a matter of time before some yo-yo with too much time on his or her hands releases the next bad virus. As IdentifySQLComputers.vbs and DisableSQLService.vbs demonstrate, scripting is a powerful tool you can use to assess and contain the crisis while you wait for a vendor's response to that virus. By investing the time to learn how to write these types of scripts, you'll be in a much better position to react quickly and effectively.
End of Article
Prev. page
1
2
3
[4]
next page -->
