Microsoft Press is offering free copies of below Microsoft ebooks.

• Free ebook: Programming Windows Phone 7, by Charles Petzold (a 24-chapter gift from the Windows Phone 7 team and Microsoft Press)

• Free ebook: Moving to Microsoft Visual Studio 2010

• Free ebook: Introducing Microsoft SQL Server 2008 R2
• Free ebook: Understanding Microsoft Virtualization Solutions (Second Edition)
• Free ebook: Own Your Future: Update Your Skills with Resources and Career Ideas from Microsoft
• Free ebook: Introducing Windows Server 2008 R2
• Free ebook: First Look Microsoft Office 2010
• Free ebook: Deploying Windows 7, Essential Guidance

Till windows XP, taking a screenshot of active windows or a selected area is more than an easy task. You need to be familiar and always remember the key selection(Ctrl+PrintScn) to do that. These headaches are gone with windows 7.

To capture a screenshot in windows 7, follow the below steps.

1. Get the required screen to top of all windows — essential for any screen capture mechanism 🙂
2. Go to START -> RUN -> type “SnippingTool.exe”
3. This will gray out your screen and launch the tool.
4. Select the screen area that you want to screen shot and at the end of selection it will automatically converted to a image file and prompts you for saving.
5. Before you save, it allows you to make any modifications to it if you want — like pointing some item etc.

I assume you felt this very easy. You can read more about this at http://windows.microsoft.com/en-IN/windows7/products/features/snipping-tool.

Merging file contents is very easy with powershell. If you are familar with two powershell cmdlets(get-content, add-content) you are done with the task.

See the below example, where I have multiple files with same name but in different directories. The below code will search for the files and merges its contents to a new file called “globalmergedfile.txt”.

$allmyfiles = Get-childitem c: -recurse | where {$_.Name -eq “mytest.txt” }
$mergedfile = “c:globalmergedfile.txt”
foreach ($myfile in $allmyfiles) {
$fullpath = $myfile.fullname
$content = Get-content $fullpath
add-content $mergedfile $content
}

So what the above code doing is, searches the c: drive for all the files which has name “mytest.txt” and then enters a for loop where it reads contents of each file and adds it to globalmergedfile.txt.

Hope this code helps you in your scripts.

Customizing the event log size is one other activity which system administrators want to do during the server/desktop build process. We do it for variety of reasons, be it for storing more events or a as part of standard process. The below one liner helps to you increase the log file size of your choice to desired value.

Limit-EventLog -LogName Application -MaximumSize 20MB

This command can be used for altering the custom event log file sizes. For example, if you want to change “Internet Explorer” log file size which is under “Applications and Services logs” on a windows 7/2008 system, use the below command

Limit-EventLog -LogName “Internet Explorer” -MaximumSize 30MB

Using this cmdlet, you can also work with event log sizes on remote computers as well. The -Computername parameter helps with for this.

Limit-EventLog -LogName Application -MaximumSize 20MB -Computername mypc1

For non powershell users, WevtUtil.exe can do this task. It is available on windows 7/2008 operating systems. Seehttp://technet.microsoft.com/en-us/library/cc732848(WS.10).aspx to learn more about it.

I came across a useful powershell function which allows you to set auto admin login on local/remote computer easily. Thought of sharing it with my blog readers.

You have few pre-requisites to make this function work against remote computer.

1. Remote Registry should running

2. You should have proper access to WMI name space

In easy words, running with domain admin privileges works great.

Function Enable-AutoAdminLogon {
param (
  [Parameter(Mandatory=$false)]
     [String[]]$computerName = “.”,
  [Parameter(Mandatory=$false)]
  [String]$DefaultDomainName = $env:USERDOMAIN,
  [Parameter(Mandatory=$false)]
  [String]$DefaultUserName = $env:USERNAME,
  [Parameter(Mandatory=$true)]
  [String]$DefaultPassword,
  [Parameter(Mandatory=$false)]
  [Int]$AutoLogonCount
)
if ([IntPtr]::Size -eq 8) {
  $hostArchitecture = “amd64”
} else {
  $hostArchitecture = “x86”
}
foreach ($computer in $computerName) {
  if (($hostArchitecture -eq “x86”) -and ((Get-WmiObject -ComputerName $computer -Class Win32_OperatingSystem).OSArchitecture -eq “64-bit”)) {
   Write-Host “Remote System’s OS architecture is amd64. You must run this script from x64 PowerShell Host”
   continue
  } else {
   if ($computer -ne “.”) {
    if ((Get-Service -ComputerName $computer -Name RemoteRegistry).Status -ne “Running”) {
     Write-Error “remote registry service is not running on $($computer)”
     continue
    } else {
     Write-Verbose “Adding required registry values on $($computer)”
     $remoteRegBaseKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘LocalMachine’,$computer)
     $remoteRegSubKey = $remoteRegBaseKey.OpenSubKey(“SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon”,$true)
     $remoteRegSubKey.SetValue(“AutoAdminLogon”,1,[Microsoft.Win32.RegistryValueKind]::String)
     $remoteRegSubKey.SetValue(“DefaultDomainName”,$DefaultDomainName,[Microsoft.Win32.RegistryValueKind]::String)
     $remoteRegSubKey.SetValue(“DefaultUserName”,$DefaultUserName,[Microsoft.Win32.RegistryValueKind]::String)
     $remoteRegSubKey.SetValue(“DefaultPassword”,$DefaultPassword,[Microsoft.Win32.RegistryValueKind]::String)
     if ($AutoLogonCount) {
      $remoteRegSubKey.SetValue(“AutoLogonCount”,$AutoLogonCount,[Microsoft.Win32.RegistryValueKind]::DWord)
     }
    }
   } else {
    #do local modifications here
    Write-Verbose “Adding required registry values on $($computer)”
    Write-Verbose “Saving curent location”
    Push-Location
    Set-Location “HKLM:SoftwareMicrosoftWindows NTCurrentversionWinLogon”
    New-ItemProperty -Path $pwd.Path -Name “AutoAdminLogon” -Value 1 -PropertyType “String” -Force | Out-Null
    New-ItemProperty -Path $pwd.Path -Name “DefaultUserName” -Value $DefaultUserName -PropertyType “String” -Force | Out-Null
    New-ItemProperty -Path $pwd.Path -Name “DefaultPassword” -Value $DefaultPassword -PropertyType “String” -Force | Out-Null
    New-ItemProperty -Path $pwd.Path -Name “DefaultDomainName” -Value $DefaultDomainName -PropertyType “String” -Force | Out-Null
    if ($AutoLogonCount) {
     New-ItemProperty -Path $pwd.Path -Name “AutoLogonCount” -Value $AutoLogonCount -PropertyType “Dword” -Force | Out-Null
    }
    Write-Verbose “restoring earlier location”
    Pop-Location
   }
  }
}
}

[Source : Ravichaganti.com]

Auditing active directory has become a vital important factor for many organizations since they use it managing many security aspects like shares permissioning, printers provisioning, access to critical things like IRM(information rights management), etc. Not only these, there are many other things which uses active directory objects for managing the security permissions.

Considering these, now a day’s organizations insist their IT staff to continuously monitor active directory changes; more precisely security group changes. Quest compliance tools is the first product that comes into mind when someone talks about Active Directory auditing — the reason is simple, I already got my hands wet with that. Quest has really nice setup of tools for managing/auditing Active Directory environment. (1) Quest Active Roles Server  — It is a awesome product for delegating and managing change history of active directory object. It is very helpful in delegating rights to L1/L2 IT admin staff at granular level, i. e to the level of attributes. But one downside/limitation with this product is, it is not meant for auditing the changes made to active directory made through native methods, like through dsa.msc and scripts. (2) Quest Intrust plug-in for Active Directory: – This one is designed to cover the limitation that ARS has. This plug-in won’t help you in managing/delegating active directory objects/permissions but this is for monitoring and logging all sorts of changes made to Active Directory Domain/Schema/Configuration partitions. All it does is monitors these partitions and logs the events to event log.

Well, enough talking about Quest products and promoting them — Sorry I am not a quest sales personJ. Moreover they are costly and organizations need to put in some money if they want to leverage the benefits of these products. So, let’s talk about “how to make the group changes auditing work” through native mechanism.

Cheaper solution to monitor active directory group changes:

As many of you already aware, windows 2003/2008 provides some built-in auditing mechanisms. If you didn’t ever get a chance to see them what they are, you should go and read some stuff from MS technet site. In a nut shell,

To enable auditing of Active Directory objects:

a)       Configure an audit policy setting for all domain controllers. When you configure an audit policy setting, you can audit objects but you cannot specify the object you want to audit.

                To configure audit policy, edit “default domain controller” GPO, navigate to “Computer Configuration” -> “Windows Settings” -> “Security Settings” -> “Local Polices” -> “Audit Policies” and set the “Audit Directory Services Access” policy to log “Success” and “failure” events. Make sure that “Default Domain Controller” policy is being applied to all Domain controllers in your domain

b)       Configure auditing for specific Active Directory objects (security groups in this case). After you specify the Active Directory objects, Windows Server tracks and logs these events.

        To select the auditing for a specific objects, security groups in our case, go the OU where you have all your security group objects in active directory, go to the properties of OU, click on “Advanced” and switch to “Auditing” tab and in the list of names, double-click “everyone” and select “Successful” or “failure” check box for the actions you want to audit. Since our aim in this article is to monitor security group member ship changes, select the “successful” check box for “Write members” action.

This completes auditing setup for security group’s objects and your server will start writing the events to Security event log whenever there is a change to the membership of security group you configured.

NOTE: If you are running windows 2008 Active Directory, then story is bit different. The auditing of active directory objects is divided into four sub categories and you need to enable auditing for “Directory Service Changes” subcategory. Go through this TechNet link for more information in this regard.

Disclaimer: These are just my thoughts and experience I want to share. I am not responsible for any kind of damage made to your environment with the steps I provided. One should thoroughly test these changes before trying in production environment. Use at your own risk.

Happy learning…

I troubleshooted a peculiar problem today and to implement a workaround for that issue, I have to disconnect wireless at the time of logoff. I did some search in google and the below command helped me.

netsh wlan disconnect

Btw, this command is Vista/Windows 7 compatible. I am not sure about other operating systems. I did some more research and came across bunch of commands using which we can manage wireless on windows 7 computers very easily.

Refer to this Microsoft Document to know the commands.

Happy learning and happy Diwali.

There are two good and easy ways available to generate a Pop-up message box using PowerShell. These methods uses DotNet and Windows Shell so works in any version of Operating System.

Simple way:-

In this powershell relies on a method which is available in windows shell object(WSH). In this you can control four factors, “Message box title”, “Message”, “timeout for message box”, “box type”.

Below is a simple example.

$a = new-object -comobject wscript.shell

$b = $a.popup(“This is a test message from http://Techibee.com “,0,“Test message from techibee”,1)

Second and effective method:-

In this we can make use of dotnet windows forms to generate the pop-up message boxes. Though code looks bit heavy it works very well and has lot of flexibility.

[System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”)

[Windows.Forms.MessageBox]::Show(“Test message from Techibee.com!. Subscribe to news letters, RSS feeds at https://techibee.com to stay tuned”, “PowerShellScripts.blogspot.com”, [Windows.Forms.MessageBoxButtons]::OK, [Windows.Forms.MessageBoxIcon]::Information)

PowerShell has a built in cmdlet(Get-Eventlog) which directly interacts with Event Viewer. You can query the data in the way you want using this cmdlet. Below are some of the examples…

Get-Eventlog -logName System

This queries all events in System event.

Get-EventLog -LogName System | ? {$_.Entrytype -match “error” }

This queries all error events in System event viewer.

$fromtime = (get-date).Adddays(-1)

Get-EventLog -LogName System | ? {$_.Entrytype -match “error” -and $_.timegenerated -gt $fromtime }

This queries all error events in last one day. You can similarly use the methods of (get-date) to query events in last few seconds, minutes, hours, days, etc.