Remove unused NICs from BGInfo

Like many organisations we use BGInfo on all Windows systems to provide a simple way to view the machine name, IP address etc.

One thing we have noticed is on laptops which have standard wireless, Bluetooth, SSL VPN etc there are a number of devices that do not have IP addresses assigned. This isn’t a technical issue but on some screens it does look a bit of a mess (see below)

BGInfo-ALL-IP

We wanted to show only ‘live’ IP addresses and remove the blanks to neaten things up slightly. Natively I couldn’t find a simple option so ended up on google and found a number of threads showing similar results. Most of the results however also showed the IPV6 address which we don’t currently need and confuses the end user when the support team ask for their IP address.

So, show active IPs, IPv4 only. I also wanted to show the Windows 10 build as this is starting to become more and more important with the six monthly release cycle and the necessary changes required.

Active IPs

I ended up creating three .vbs scripts (IP, DNS Servers, Gateway) and linking each one to a custom field within BGInfo.

IP Address VBS:

strMsg = ""
strComputer = "."

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")

For Each IPConfig in IPConfigSet
  If Not IsNull(IPConfig.IPAddress) Then
    For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
     If Not Instr(IPConfig.IPAddress(i),":") > 0 Then
        strMsg = strMsg & IPConfig.IPAddress(i) & vbcrlf & vbtab
      End If
    Next
  End If
Next

Echo strMsg

 

DNS Server VBS:

strMsg = ""
strComputer = "."

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select DNSServerSearchOrder from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")

For Each IPConfig in IPConfigSet
  If Not IsNull(IPConfig.DNSServerSearchOrder) Then
    For i = LBound(IPConfig.DNSServerSearchOrder) to UBound(IPConfig.DNSServerSearchOrder)
      If i = 0 Then
        strMsg = strMsg & IPConfig.DNSServerSearchOrder(i)
      ElseIf i > 0 Then
        strMsg = strMsg & vbcrlf & vbtab & IPConfig.DNSServerSearchOrder(i)
      End If
    Next
  End If
Next

Echo strMsg

 

Default Gateway VBS:

strMsg = ""
strComputer = "."

Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select DefaultIPGateway from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")

For Each IPConfig in IPConfigSet
  If Not IsNull(IPConfig.DefaultIPGateway) Then
    For i = LBound(IPConfig.DefaultIPGateway) to UBound(IPConfig.DefaultIPGateway)
     If Not Instr(IPConfig.DefaultIPGateway(i),":") > 0 Then
        strMsg = strMsg & IPConfig.DefaultIPGateway(i) & vbcrlf
      End If
    Next
  End If
Next

Echo strMsg

 

We now need to add these vbs scripts into BGInfo as Custom Fields:

BGInfo-New Field

Now add to the BGInfo information as a standard field and the result removes all gaps!

BGinfo-Min-IP

Windows 10 Build

Finally we need to add the Windows 10 build number. This is much easier than above as the information is held within the registry so the BGInfo custom field can simply point to it:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseID

 

 

Advertisements

LAPS – Local Admin Password Solution

As part of my role I took over a reasonable sized Windows Server infrastructure. Many servers have now been replaced but some of the originals remain. I am currently running security tasks across all areas and one was to change the local admin password and account name for all servers.

There used to be generally two ways to acheive this:

  1. Manually reset each password and save into a spreadsheet.
  2. Use Group Policy Preferences to set a standard password.

Creating a spreadsheet of passwords fills me with dread and sods law says you won’t be able to open it when you need it. Using GPP is a reasonable idea but the implementation stores passwords in clear text within the Sysvol folder (read-only to anyone on the network). Microsoft have realised this is an issue and have actually prevented the GPP solution from working as at May 2014.

The new, approved solution is LAPS – Local Admin Password Solution. This is a combination of dll and GPO configurations which regularly, automatically reset the local administrator password and store the information in Active Directory. Its a free tool available here complete with downloadable instructions. The instructions are very clear and easy to follow so I won’t detail them here but give a quick overview.

  1. Install the management agent onto a management server.
  2. Extend the schema and make some small permission changes to the AD OU/s you wish to manage the servers in.
  3. Create a GPO with password complexity and refresh time you require.
  4. Install agent onto server to be managed.

Once complete (the above took 30 minutes not including Change Control and testing). You can retrieve the password in 3 ways:

  1. Using the LAPS tool

LAPS

2. Inspecting the attribute editor in Active Directory

AD

3. Viewing in PowerShell

PS

Reset Users Homefolder Permissions

This batch file allows you to reset  permissions on re-directed folders. Download and install subinacl and adjust the batch as necessary. Insert relevant domain name on the first line.

 set domain-name=

for /f %%a in (‘cd’) do set currdir=%%a
for /f “tokens=*” %%a in (‘dir /b’) do call :updateit %%a
goto :eof

:updateit
c:subinaclsubinacl.exe /file %currdir%%1 /setowner=”%domain-name%%1″
c:subinaclsubinacl.exe /subdirectories %currdir%%1 /setowner=”%domain-name%%1″
c:subinaclsubinacl.exe /file %currdir%%1 /grant=”%domain-name%%1″=F
c:subinaclsubinacl.exe /subdirectories %currdir%%1 /grant”%domain-name%%1″=F
c:subinaclsubinacl.exe /file %currdir%%1 /grant=”Domain Admins”=F
c:subinaclsubinacl.exe /subdirectories %currdir%%1 /grant=”%domain-name%Domain Admins”=F
goto :eof