GetNumberOfBlueScreens. At my company, a server frequently had system errors that produced blue screens; when the blue screen appeared, the server automatically rebooted without indicating that anything unusual had happened. If the server rebooted at just the opportune moment and our paging script missed the few minutes the node was offline, we didn't know that the problem had occurred. I wrote the GetNumberOfBlueScreens script to identify the number of recent blue screens a machine has experienced. The script uses the Uptime (uptime.exe) tool that's included in early Windows resource kits. You can also download Uptime at http://www.microsoft.com/ntserver/nts/downloads/management/uptime.
GetNumberOfLocalAdmins. Most of the servers and PCs in our environment have a limited number of local Administrator group accounts. These generally consist of a few local domain groups along with the local Administrator account. Our policy allows only groups—not individuals—to be local Administrators. The GetNumberOf-LocalAdmins script periodically checks the number of members (groups or users) in the Administrators group, letting us identify nodes that violate our local Administrator policies. The script invokes the Windows Server 2003 Resource Kit Local tool (local.exe), which displays members of local groups on remote servers or domains.
GetNumberOfShares. On our user PCs, we're trying to reduce the number of shared folders that users create to share potentially proprietary corporate data. We don't want to block users completely, but we do want to monitor how many shares they have beyond the default number of shares that Windows allots. The GetNumberOfShares script uses the Rmtshare tool (rmtshar.exe) to display information about shares. Rmtshare was in earlier Windows resource kits and is still available from the Microsoft FTP site at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/rmtshar.exe. When you download the executable file, you might notice that it's named rmtshar.exe (not rmtshare.exe). Don't be confused; the executable was originally called rmtshare.exe in the resource kits, but now is called rmtshar.exe. Be sure to modify your script or rename the file to match the actual name of your executable.
GetUptime. System-uptime information can help you determine whether a node has been rebooted since the most recent hotfix was applied. Additionally, keeping an uptime log can help you spot the use of hacking utilities that intruders could employ to modify event logs on nodes. Such utilities might restart the system to cleanse the event log of entries and cover the hacker's tracks. The GetUptime script helps you keep an eye on uptime by using PsInfo to capture the uptime for a list of nodes.
Getting the Scripts Working in Your Environment
I tested the 11 scripts on a Windows XP SP2 system. Remember to carefully test your scripts in a nonproduction environment before rolling them out into production. To get the scripts working in your environment, follow these steps:
- Download the script code from the Windows Scripting Solutions Web site. Place all the files in one dedicated directory.
- Obtain the Filever, PsInfo, Uptime, Local, and Rmtshare tools.
- Configure each script file with the tool locations and configuration options.
- Create an input file containing a handful of nodes you want to test the script against. Put one node name on each line. Name the file InputList.txt and place it in the dedicated directory where your scripts reside.
- When you run each script, it creates an output file named similarly to the .bat file in your dedicated folder. For example, the GetBiosDate script creates an output file called GetBiosDate-LOG.txt.
- After you've tested all 11 scripts and verified the settings, you can add more nodes to the InputList.txt input file.
Small Is Beautiful
I've given you 11 practical, focused mini scripts and a couple new techniques for handing errors. You can use the scripts as-is or easily modify them to monitor different aspects of system stability and security. Keep these small scripts handy for emergency situations. You'll be surprised just how often you can use them!
End of Article
Prev. page
1
[2]
next page -->
