VBScript ; Event ID 36 IWAM IIS Monitor

VBScript ; Event Log Monitor – Event ID36 W3SVCS and DCOM 10004 Errors

IIS IWAM accounts usually automatically sync every 7 days. This process was causing chaos on our AD domain with a variety of different IIS servers; from Citrix Web Interface servers to VMWare management pages.

Page Cannot Be Displayed Errors are accompanied by DCOM 10004 errors and W3SVC 36 errors in the System Event log. The problems can be resolved by running the ‘syniwam.vbs’ script. In order to both detect and eliminate this problem whilst we troubleshooted the root cause I wrote a script that would detect these errors in the event log and automatically run the synciwam.vbs script.

The vbscript file must be configured to run every 5 minutes on the server you wish to protect. The script will establish the local time difference from UTC (which is required when searching the event log). Once found it will check the System Event Log for any event code 36 errors in the last 5 minutes. If there are any the script will call the synciwam.vbs script file. The script will then send an email to the desired user via a mail server of choice. I have highlighted the code that you must change in bold.

You can change the search period and increase it from 5 minutes if required. I have made the text red on this part of the script. Remember if you do this to change the frequency of the scheduled task to match your required time period.

‘Event Log checker to protect IIS Web Sites

‘Contact Chris Bradford for details.

‘Option Explicit
Const ForReading = 1
Const ForWriting = 8

Dim objFso, objFolder, objWMI, objEvent ‘ Objects
Dim strFile, strComputer, strFolder, strFileName, strPath ‘ Strings
Dim intEvent, intNumberID, intRecordNum, colLoggedEvents, arrHistory, Compare

For Each LocalTimeZone in GetObject(“winmgmts:”).InstancesOf(“Win32_ComputerSystem”)
TimeZoneOffset = LocalTimeZone.CurrentTimeZone

Wscript.Echo “The current time difference is ” & TimeZoneOffset & ” minutes (” & TimeZoneOffset/60 & ” hrs)”

DateToCheck = CDATE(DateAdd(“n”,-5,Now))

If TimeZoneOffset > 0 Then
UTCDate = DateAdd(“n”, -ABS(TimeZoneOffset), DateToCheck)
UTCDate = DateAdd(“n”, ABS(TimeZoneOffset), DateToCheck)
End if

WScript.Echo “UTC Date/Time: ” & UTCDate

Set objNetwork = CreateObject(“Wscript.Network”)
strComputerName = objNetwork.ComputerName

‘ ——————————————–
‘ Set your variables
intNumberID = 36 ‘ Event ID Number
intRecordNum = 0

strComputer = “.”

Set objWMI = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)

WScript.Echo “Looking for events newer than: ” & UTCDate & “(UTC Date) and event ID: ” & intNumberID

Set colLoggedEvents = objWMI.ExecQuery(“Select * from Win32_NTLogEvent Where Logfile = ‘System’ AND TimeWritten > ‘” & UTCDate & “‘ and EventCode = ’36′”)

intEvent = 0
For Each objEvent in colLoggedEvents
IntEvent = intEvent +1

WScript.Echo “Number of errors: ” & IntEvent

If intEvent > 0 Then
WScript.Echo “Error detected”
Set objShell = CreateObject(“WScript.Shell”)

command = “cscript.exe “
command_arg1 = “D:\Inetpub\AdminScripts\synciwam.vbs” ‘Location of synicwam AdminScript
objShell.Run command & command_arg1
End If

Sub SendEMail
Set objMessage = CreateObject(“CDO.Message”)

‘==This section provides the configuration information for the remote SMTP server.
‘==Normally you will only change the server name or IP.

objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/sendusing”) = 2

‘Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/smtpserver”) = “mailserver”

‘Server port (typically 25)
objMessage.Configuration.Fields.Item _
(“http://schemas.microsoft.com/cdo/configuration/smtpserverport”) = 25


‘==End remote SMTP server configuration section==

objMessage.Subject = strComputerName & “: W3SVC Error.”
objMessage.From = strComputerName & “@yourdomain.com”
objMessage.To = [email protected]
objMessage.TextBody = “W3SVC error detected on ” & ServerName & vbCr & vbCr & “synciwam.vbs automatically script run.”
End Sub

VBScript ; Enable Out-Of-Office (OOO)

VBScript ; Enable Out-Of-Office (OOO)

The following script will allow you to enable Out Of Office on any users mailbox (provided you have permissions that it…)

Set objMAPISession = CreateObject(“MAPI.Session”)

‘strExchangeSvr = InputBox(“Please provide the name of your Exchange Server”)
strExchangeSvr = “mailserver-name”

strMailbox = InputBox(“Please enter the mailbox name to enable Out-Of-Office…”)

strMAPI = strExchangeSvr & vbLf & strMailbox

On error Resume Next

objMAPISession.Logon “”, “”, False, True, 0, False, strMAPI

If err <> 0 Then
Wscript.Echo “An Error occured: ” & err.description
Wscript.Sleep 7000
End If

strOOOMessage = InputBox(“Please enter Out-Of-Office message…”)

objMAPISession.OutOfOfficeText = strOOOMessage
objMAPISession.OutOfOffice = 1
strOOOMessage = objMAPISession.OutOfOfficeText

Set objMAPISession = Nothing
MsgBox “All done”


IAS RADIUS Server Configuration for 802.1x EAP-MS-CHAP v2

IAS RADIUS Server Configuration for 802.1x EAP-MS-CHAP v2

This article describes the steps required to setup a resiliant 802.11x Wifi RADIUS authentication infrastructure; a must for any SMB.

This article assumes you have configured your Wireless Access Point with the desired radius server IP addresses / FQDNs and a shared secret.

IAS/Certificate Services Installation/Configuration Primary RADIUS Server

To optimize IAS authentication and authorization response times and minimize network traffic, install IAS on a domain controller.

  1. First, install IIS on your Domain Controller.
  2. Next, install Enterprise Certificate Authority Root – Enterprise Root Server Mode> Give the CA the same name as the server’s name
  3. Next Create a new Global Group > ‘Wireless Users and Computers’ Add Computer AND User Objects into this group that you wish to grant IAS RADIUS Access.
  4. Ensure that Users Account are configured to grant Remote Access (Dial In) permissions.
  5. Next Install IAS (via Add/Remove Programs > Windows Components)

You will also need to request a NPS/IAS/RADIUS Server Authentication certificate for each IAS server you wish to configure.

Create IAS RADIUS Clients

Next load the IAS MMC Snap-In Select Clients

  1. Rt-Click Clients > New > Enter a Friendly Name
  2. Ensure that Protocol is ‘RADIUS’
  3. Enter Access Point IP Address
  4. Select RADIUS Standard as the client vendor.
  5. Tick the Client must always send the signature attribute in the request
  6. Enter the shared secret as configured on the AP
  7. Click Finish


Configure Remote Access Policies

  1. Select Remote Access Policies
  2. Rt-Click Remote Access Policies > New Remote Access Policy>
  3. Enter a friendly name
  4. Click Next
  5. On the conditions window, click Add
  6. Select Windows Groups and click Add
  7. Click Add and then set Domain as location and earch for the Global Group, then click OK, you will return to the conditions window
  8. Click Add, select NAS-Port-Type and then select Wireless – IEEE 802.11
  9. Click Add, select Wireless – Other and then Click Add, you will return to the conditions window.
  10. Click Next
  11. Select Grant Remote Access Permission
  12. Click Edit Profile then select the ‘Authentication’ tab
  13. Enable Extensible Authentication Protocol, select PEAP as the EAP type from the drop down box
  14. Disable all other authentication types
  15. Click Configure under the Extensible Authentication Protocol group
  16. Ensure that Secured Password (EAP-MSCHAP-V2) is listed
  17. Select the IAS/RADIUS Server Authentication certificate you wish use for authentication (note if the certificate is to be replaced in future change it here)


    18. Click OK

    19. Click OK until the Remote Access Policy Configuration Window disappears!


Perform the steps as above on the Secondary RADIUS server.

Client Configuration

Once laptop has detected AP, configure advanced options:

                Network Authentication should be set as: WPA using TKIP Data encryption
                Under Authentication select Protected EAP
                                Select Properties
                                Ensure Validate Server Certificate is selected
                                Ensure that Connect to these servers contains the RADIUS servers FQDN’s
                                Scroll down and select both RADIUS server certificates under Trusted Root Cert. Authorities
It may be necessary to manually install one of the Certificates to your client.

Client configuration can be completed using Group Policy; Computer Configuration/Windows Settings/Wireless (802.11) Policies

Manual Certificate Installation

Navigate Internet Explorer to:

  • http://your-certificateserver1/certsrv
  • http://your-certifcateserver2/certsrv

From each server retrieve the CA certificate’; download the CA certificate in DER encoded format.

ON the client load MMC and add the Certificates snap-in, select Computer account > Local computer. Expand Trusted Root Certificate Authorities and Select Certificates  > Right-Click certificates > Import >  Select the first RADIUS server’s CA certificate


Automatic MAPI Profile Creation for Outlook XP / 2000/3/7

Automatic MAPI Profile Creation for Outlook 2000 / XP / 2003 & 2007

Like many Wintel Administrators I was presented with the requirement to automate MAPI profile creation on our Citrix Farm; this requirement was later extended to our Windows XP workstations running a multitude of different Outlook versions.

When auto-generating a MAPI profile in Outlook 2000 (Outlook v9) it is necessary to use the NewProf.exe tool along with a PRF file, newer versions of Outlook (Outlook v10+) are able to read a PRF file directly if configured to read the file on first run for a user.

The following script is Cross Platform (i.e Windows and Outlook) compatible; and must be used along with the PRF file further down:

Const ForReading = 1
Const ForWriting = 2

Set WshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
windir = WshShell.ExpandEnvironmentStrings(“%windir%”)

Set objNetwork = CreateObject(“Wscript.Network”)
currentDomain = objNetwork.UserDomain
currentUser = objNetwork.UserName

‘——————————– Mk2
‘Create an instance of Outlook so that it can be queried for it’s version
Set objOLK = CreateObject(“Outlook.Application”)
OLKVer = left(objOLK.Version,inStr(1,objOLK.Version,”.”)-1)

‘If Outlook version is later than 2000 then make this registry change so that Outlook imports the PRF on first run
If OLKVer > 9 Then
‘Set Wsh = CreateObject(“Wscript.Shell”)
If CheckRegKey(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\First-Run”) = TRUE Then
RetVal = WshShell.RegDelete(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\First-Run”)
End If
RetVal = WshShell.RegWrite(“HKEY_CURRENT_USER\Software\Microsoft\Office\” & OLKVer & “.0\Outlook\Setup\ImportPRF”,_
WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”)
‘Set Wsh = Nothing
End If

‘———————— Establish 16bit names for fso – required for newprof tools
arrPath = Split(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”),”\”)
For Each str in arrPath
If Len(str) > 7 Then
str = Left(str,6) & “~1”
End If
If fullpath = “” Then
fullpath = str
fullpath = fullpath & “\” & str
End If
savePath = fullpath & “\MYDOCU~1\PST\”

If Not fso.FileExists(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”) Then
End If

‘Read contents of Template prf file
Set fsoTextStream = fso.OpenTextFile(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”, ForReading)
strTmpPrf = fsoTextStream.ReadAll

‘Search though the array of lines and replace anything with %username% with logon name
Set vbsRegExp = New RegExp
vbsRegExp.Pattern = “%username%”
vbsRegExp.Global = True
vbsRegExp.IgnoreCase = True
strNewPrf1 = vbsRegExp.Replace(strTmpPrf,currentUser)
Set vbsRegExp = Nothing

‘Search though the array of lines and replace anything with %userprofile% with env var userprofile
Set vbsRegExp = New RegExp
vbsRegExp.Pattern = “%userprofile%”
vbsRegExp.Global = True
vbsRegExp.IgnoreCase = True
strNewPrf2 = vbsRegExp.Replace(strNewPrf1,savePath)
Set vbsRegExp = Nothing

If Not fso.FolderExists(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\”) Then
fso.CreateFolder WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\”
End If

If Not fso.FileExists(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”) Then
‘fso.DeleteFile(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”)

Set fsoTextStream = fso.CreateTextFile(WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf”, ForWriting)
fsoTextStream.Write strNewPrf2

‘fso.CopyFile WshShell.ExpandEnvironmentStrings(“%USERPROFILE%”) & “\My Documents\PST\Outlook.prf” ,_
‘ WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\Outlook.prf”, True

End If

‘Add code for Outlook 2K (9) only

If OLKVer =<9 AND fso.FileExists(WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\newprof.exe”) Then
cmd = WshShell.Run(“%comspec% /c (” & WshShell.ExpandEnvironmentStrings(“%SYSTEMROOT%”) & “\newprof.exe -p ” _
& savePath & “Outlook.prf -x)”,0,True)
End If

‘**** CheckRegKey(RegStr)
Function CheckRegKey(RegStr)
On Error Resume Next
Wsh.RegRead RegStr
If Err Then
CheckRegKey = False
CheckRegKey = True
End If
On Error Goto 0
End Function

Save the above code in to a new fie named ‘profgen.vbs.’ A group policy should then be created and this script assigned as a logon script for users.

The following code should be saved into a new file named ‘outlook.prf‘:

; Outlook PRF file for Exchange Server users
; ——————————————-
; Copyright (C), Microsoft Corporation, 1996.
; The following PRF file is included as an example of how to create a PRF file that will
; configure Outlook users with Exchange Server. Section 1, 2, and 3 may be modified.
; DO NOT MODIFY SECTION 4. It will most likely cause Exchange services to crash.
; Be very careful when editing to ensure property values match their property types.
; NOTE: The HomeServer setting for the Microsoft Exchange Server must be filled in
; before using this file.
; For information about how to disable Outlook Profile Setup and instead use the
; the Inbox Setup Wizard, see NONE.PRF in the Office Resource Kit.

; ************************************************************************
; Section 1 – Profile defaults.

; — Required. Indicates that this is a customized PRF file.

; ************************************************************************
; Section 2 – Services in profile.

[Service List]
Service1=Microsoft Outlook Client
Service2=Microsoft Exchange Server
Service3=Outlook Address Book
Service4=Archived Messages

; ************************************************************************
; Section 3 – Default values for each service.


; **** Customized Outlook Client properties ****

; Required.
; — The name of the Microsoft Exchange Server the user should
; connect to (ex: ALEX). You can specify any Microsoft Exchange Server
; in your site, and the correct Home Server will be assigned
; when the user first logs on.

; — Dummy property. Do not delete or modify.



; ************************************************************************
; Section 4 – Mapping for profile properties. DO NOT MODIFY.

; ************************************************************************
; Microsoft Outlook Client definitions

[Microsoft Outlook Client]

; — A boolean value indicating whether or not to empty the
; wastebasket on exit.

; — A boolean value indicating whether or not to select entire
; words when selecting.

; — Indicates what to do after moving or deleting a message.
; Possible values are shown below:
; 0 – Open Next Message
; 1 – Return to Viewer
; 2 – Open Previous Message

; — A boolean value indicating whether or not to close the
; original message after replying.

; — A boolean value indicating whether or not to generate
; a read receipt on sent mail.

; — A boolean value indicating whether or not to generate
; a delivery receipt on sent mail.

; — The default sensitivity to send mail with.
; Possible values are shown below:
; 0 – Normal
; 1 – Personal
; 2 – Private
; 3 – Confidential

; — The default priority to send mail with.
; Possible values are shown below:
; 0 – Low
; 1 – Normal
; 2 – High

; — A boolean value indicating whether to save a copy of
; sent messages in the sent items folder.

; **** Custom entries added by [email protected] ****

; — A boolean value indicating whether Outlook should close original
; message when replying or forwarding.

; — A boolean value indicating whether Outlook should mark comments
; in a reply message with the users name.

; — A boolean value indicating whether Outlook should allow a comma
; to be used as an address separator.

; — The default is to auto archive every 14 days.
; Possible values are shown below:
; 1 – 60

; — The path and file name for the default auto archive file.
; ex: c:\home\rickva\outlook\archive.pst

; ************************************************************************
; Microsoft Exchange Server service definitions.

[Microsoft Exchange Server]

; — The name of the user’s Exchange Server Mailbox

; — The name of the Microsoft Exchange Server the user should
; connect to. You can specify any Microsoft Exchange Server
; in your site, and the correct Home Server will be assigned
; when the user first logs on.

; — The path to the Offline Store File that contains
; local replicas of the user’s Mailbox and Favorites.
; If you do not specify a value, no Offline Store will
; be created. If you specify a path, an Offline Store
; will be created and the Inbox, Outbox, Deleted Items,
; and Sent Items folders will be replicated to it.

; — The path to the directory to store offline address
; book files in.

; — Flags that control behavior when connecting to the Exchange
; Server.
; The following values are possible:
; 4 Normal
; 6 Ask whether to connect or work offline at startup.
; 12 Allow clients to be authenticated via the Internet
; 14 Combination of 6 and 12.

; — A boolean value indicating whether NEWPROF should
; attempt to resolve the Exchange mailbox name at run time.
; If set to TRUE, NEWPROF will copy the name to the profile
; without resolving it.
; If FALSE, the name will be resolved. Invalid server or
; mailbox name will not be copied to the profile.

; ************************************************************************
; Microsoft Mail service definitions.

[Microsoft Mail]

; — The path to the users post office. Mapped network drives, UNC and NETWARE paths
; are acceptable. NETWARE paths of the type NWServer/share:dir\dir1 are converted to
; UNC paths of the type \\NWServer\share\dir\dir1.


; — The users mailbox name. eg. in a NET/PO/USER address,
; this is USER. The maximum mailbox name is 10 characters.


; — The users mailbox password. The maximum password is 8 characters.


; — A boolean value indicating whether the users password is
; to be remembered in the profile or not. This is useful because
; if the password is remembered the user can bypass the logon prompt
; if his server path, mailbox name and password are all supplied.


; — The connection type. This may be one of CFG_CONN_AUTO, CFG_CONN_LAN,
; 0x0 — LAN type connection. Used to connect to the post office using a
; UNC path or pre-existing mapped drive.
; 0x1 — Dial up connection using Dial-up Networking.
; 0x2 — Not connected.
; 0x3 — Automatically detect whether the connection type is LAN or REMOTE.
; This connection type is only available on Win95.


; — A boolean value indicating whether session logging
; is on or off.


; — The path to the session log file.


; — A boolean value which indicates whether mail in the outbox
; is sent.


; — A boolean value which indicates whether mail in the server
; mailbag is downloaded.


; — A bit array which allows the user to indicate which addresses
; for which the transport is to attempt delivery. This is useful
; in order to allow a user to specify that a transport only handle
; delivery for a subset of the addresses it can really process.
; When multiple transports are installed and the user wants a
; different transport to handle some specific address types they
; can use this bit array to specify that the MSMAIL transport
; only handle a specific set of addresses.
; Possible values as defined below include:
; 0x00000001 — Local Post Office and External Post Office address types
; 0x00000002 — PROFS address types
; 0x00000004 — SNADS address types
; 0x00000008 — MCI address types
; 0x00000010 — X.400 address types
; 0x00000040 — FAX address types
; 0x00000080 — MHS address types
; 0x00000100 — SMTP address types
; 0x00000800 — OfficeVision address types
; 0x00001000 — MacMail address types
; 0x000019df — All of the above address types


; — A boolean value which indicates whether a netbios notification
; is sent to a recipients transport when mail is delivered to
; their server inbox.


; — The polling interval in minutes when the transport
; checks for new mail. 1 <= polling interval <= 9999


; — A boolean value which, if TRUE, only displays the Microsoft Mail Global Address
; list for name selection. The Postoffice list, external post office lists, and gateway
; address lists are not shown.


; — A boolean value which indicates whether the user wants to enable
; headers while working on the LAN. Headers mode allows the user
; to download message headers and selectively choose which mail
; to download.


; — A boolean value which indicates whether the user wants to use
; name resolution based on a local copy of the server address book
; rather than the server address book itself.


; — A boolean value which indicates whether EXTERNAL.EXE, a server process, should be used
; to deliver submitted mail messages. This is sometimes useful when mail is running
; on a slow LAN connection.


; — A boolean value which indicates whether the user wants to enable
; headers while working over a slow speed link. Headers mode
; allows the user to download message headers and selectively
; choose which mail to download.


; — A boolean value which indicates whether the user wants to use
; name resolution based on a local copy of the server address book
; rather than the server address book itself.


; — A boolean value which indicates whether EXTERNAL.EXE, a server process, should be used
; to deliver submitted mail messages. This speeds up message delivery when mail is
; running on a Dial-up network connection.


; — A boolean value which indicates that a Dial-up Network connection should
; be established when the transport provider starts up.


; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated when headers are finished downloading.


; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated after mail has finished being sent
; received.


; — A boolean value which indicates that a Dial-up Network connection should
; be automatically terminated when the provider is exited.


; — The name of the Dial-up Network profile that the transport will use by
; default to attempt the connection.


; — Number of times to attempt dial for connection.
; 1 <= retry attempts <= 9999


; — Delay between retry attempts in seconds.
; 30 <= retry delay <= 9999


; ************************************************************************
; Personal Folders service definitions.

[Archived Messages]
ServiceName=MSPST MS

; — Path to personal folders.


; — A boolean value that determines if the personal folders password
; should be cached.


; — A value that designates the type of encryption that is used to
; compress the data in the PST:
; No Encryption 0x80000000
; Compressable Encryption 0x40000000
; Best Encryption 0x20000000


; — PST password.


; ************************************************************************
; Personal Address Book service definitions.

[Personal Address Book]
ServiceName=MSPST AB

; — Path to personal address book.


; — Determines if PAB entries are first, last, or last, first.
; first last 0
; last, first 1


; ************************************************************************
; Outlook Address Book service definitions.

[Outlook Address Book]
; — Dummy property. Do not modify.

Finally we have to ensure the availability of the required files for the profgen.vbs VBScript. This is completed by running a machine start-up script attached to a group policy. First, copy the NewProf.exe, outlook.prf into your domains NETLOGON share (i.e \\mydomain.com\NETLOGON). Then copy the code below into a new text file and save it as comp-startup.vbs. Assign this script as machine startup script for all machines you wish to automate MAPI profilecreation on.

Set objNetwork = CreateObject(“Wscript.Network”)
Set fso = CreateObject(“Scripting.FileSystemObject”)

Set oShell = CreateObject( “WScript.Shell” )
windir = oShell.ExpandEnvironmentStrings(“%windir%”)

target = windir & “\NEWPROF.EXE”
If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
fso.CopyFile “\\mydom.com\netlogon\NEWPROF.EXE”, windir & “\” ,True
End If

‘target = windir & “\Prfpatch.exe”
‘If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
‘ fso.CopyFile “\\mydom.com\netlogon\Prfpatch.exe”, windir & “\” ,True
‘End If

target = windir & “\outlook.prf”
If Not (fso.FileExists(target)) Then
‘If it exists overwrite it.
fso.CopyFile “\\mydom.com\netlogon\outlook.prf”, windir & “\” ,True
End If



VBScript ; Enable Remote Desktop Remotely

VB Script Enable Remote Desktop Remotely

I recently came across the following useful script that will enable Remote Desktop connections (access via RDP) on a remote server as long as you have permission to do so with your current logon credentials.

The script below will function on both Windows Server 2000 and Windows Server 2003 machines.

strComputer = InputBox (“Enter Machine Name”)
Set objWMIService = GetObject(“winmgmts:” _ & “{impersonationLevel=impersonate}!” & strComputer & “\root\cimv2”)Set colTSSettings = objWMIService.InstancesOf(“Win32_TerminalServiceSetting”)
For Each colTS in colTSSettings
Wscript.Echo UCase(strComputer) & ” Remote Desktop Is Now Enabled”

VBScript ; Create Active Directory Organisational Unit (OU)

VB Script Create Active Directory Organisational Unit (OU) – ADSI

Another useful time-saving tip when deploying a new Active Directory Tree.It is possible to script the creation of all Organisational Units in the Active Directory Tree using vbscript. This can save a great deal of time when it comes to the deployment of a new domain.

The following script will create a tree as follows: yourdomain.com > Sites – {new Top Level OU} > UK – {new sub-OU}

It will then create sub-OUs for each site listed in the object arrOus.

Site names must be seperated by a semi-colon (;)

For each Site sub-OU created a Users container and Computers container will be created.Again, the script is simple to modify for your environment.
Dim objRoot, objDomain, objOU, arrOUsDim strOUContainerDim intUser
Set oRoot = GetObject(“LDAP://rootDSE”)
oDomain = oRoot.Get(“defaultNamingContext”)
Set oDomain = GetObject(“LDAP://” & oDomain)strOUContainer =”OU=Sites”
Set objOU = objDomain.Create(“organizationalUnit”, strOUContainer)
objOU.SetInfostrOUContainer =”OU=UK,OU=Sites”
Set objOU = objDomain.Create(“organizationalUnit”, strOUContainer)
arrOUs = “Belfast;Birmingham;Bristol;Chessington;Dublin;Glasgow;Greenwich”arrOUs = Split(arrOUs,”;”)
For Each ou in arrOUs
        strOUContainer =”OU=” & ou & “,OU=UK,OU=Sites”
        Set objOU = oDomain.Create(“organizationalUnit”, strOUContainer) objOU.SetInfo strOUContainer =”OU=Users,OU=” & ou & “,OU=UK,OU=Sites” ‘
        ‘On Error Resume next
        Set objOU = oDomain.Create(“organizationalUnit”, strOUContainer)
        objOU.Put “Description”, “User Object Organisational Unit”
        WScript.Echo “New OU created = ” & strOUContainer strOUContainer =”OU=Computers,OU=” & ou & “,OU=UK,OU=Sites” ‘
        Set objOU = oDomain.Create(“organizationalUnit”, strOUContainer)
        objOU.Put “Description”, “Computer Object Organisational Unit”
        WScript.Echo “New OU created = ” & strOUContainer

 The script has been tested on Windows Server 2000 and 2003 Domains.

VBScript ; List All Processes On Remote Computer

VBScript list all processes on remote computer

VB Script to echo all processes running on a remote system, including the process [email protected]

strComputer = “computer_name”
Set objWMIService = GetObject(“WinMgmts:” & “{impersonationLevel=impersonate}!” & strComputer & “\\\\root\\\\cimv2”) \r\n
Set colProcesses = objWMIService.ExecQuery (“Select * from Win32_Process”)
For Each objProcess in colProcesses
ProcessID = objProcess.ProcessID
Wscript.echo objProcess.ExecutablePath i=i+1

Understanding and configuring the Citrix XML Service

Understanding and configuring the Citrix XML Service’, ‘Recently caught out by modifying the Citrix XML Service port I thought I would share my experiences!

Citrix XML Service Port / ctxxmlss

The Citrix XML Service Port is used by the ICA Client for connection to the Citrix server / published application:When TCP/IP + HTTP is selected and you specify servers in the Address List box, the client communicates with the Citrix XML Service on a specified server for Enumeration.If you modify the XML service port from port 80 and rely on your clients to connect via HTTP & TCP/IP using the dns host entry for ‘ica’ for round-robin DNS resiliency you will find that this round-robin DNS for this entry will fail. This is because you cannot specify the port number, which the XML service is running on in DNS.Therefore, if the first Citrix server in your farm becomes unresponsive or is taken offline connections to the farm will failAs a result you need to configure your clients to use the default server address if ica:pn where pn is the port number you are using for the XML Service. For example’; ica:8080:

 This can be manually specified in an unattended install of the ica client. Run msiexec /a ica32pkg.msi and create an extracted network install source. Then once created edit the \\yourserver\yourshare\ Program Files\Citrix\Application\ICA Client\appsrv.ini file and add the following line at the end of the file:


This will also affect Thin Client devices that utilise HTTP & TCP/IP. For example WYSE 1200LE and S10 Thin Client devices. The solution for these devices is to edit the wnos.ini file on you FTP server so that the port number is specified:


You’ll find that without this if the first server in the list goes offline the TC devices will NOT connect to the next server in the list.


Changing the XML Service Port

You have two options when configuring the XML Service port; one, run the XML Service alongside IIS; two, run it on a dedicated port.To configure the XML service to run alongside IIS on port 80 see the following guide:


To configure the XML service to use a dedicated port:

First un-register the XML Service on the server you wish to modify the port:ctxxmlss /u

Now re-register the service on your desired port number:ctxxmlss /r8080

Troubleshooting ICA Client / PNAgent Error 2306

Program Neighbourhood Agent / PNAgent Error 2306

On setting up the ICA Client 10.105 I received the following error on trying to connect via the applications listed under the PNAgent.’, ‘On setting up the ICA Client 10.105 I received the following error on trying to connect via the applications listed under the PNAgent:

This was being caused because the ICA file was being deleted before the PNAgent had finished reading it… very strange. After browsing a few forum posts I found that by modifying my local workstation registry I could resolve the issue by changing the ‘RemoveICAFile’ entry to equal false:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\ICA File

Alternately, if you are an Administrator wanting to resolve this for all of your PNAgent users and Web Interface users simply follow these instructions:

Modify the \Inetpub\wwwroot\Citrix\MetaFrame\conf\default.ica on all of your Citrix Servers that have the web interface.

Change the line “RemoveICAFile=yes” to “RemoveICAFile=no”

Deploying Outlook 2007 via Group Policy

Deploying Outlook 2007 via Group Policy

There are 2 options for deploying Outlook 2007 via Group Policy:

1) Using the supplied MSI and modifying the config.xml file

2) Calling setup from a group-policy machine start up script and installing using a customised MSP file.


Option 1 Cons / Option 2 Pros

Option 1 is limiting in that you are not able to integrate service packs and updates by adding the MSP files to the Upgrades directory in the root of your installation folder. Option 2 allows you to achieve this. This means you cannot automate integration of SP1 with Option 1.

Option 1 also limits your setup options, whereas you can use the following command to create an entirely modified and personalised Outlook 2007 setup: setup /adminOption 1 will not allow you to upgrade a previous version of Outlook to 2007 unless you specifically deployed Outlook via group policy and not a complete Office Suite installation that included Outlook.

If you attempt to upgrade using Option 1 setup will install the files but Outlook 2007 will show as ‘Not Available’ when you try to modify the setup. This is due to Group Policy; even though you specify the ‘Setting Id=”RemovePrevious” Value=”OUTLOOKFiles” ’ setup will not upgrade the previous version as group policy does not see the installation as an upgrade.

Furthermore, instructing the new Outlook 2007 GPO to upgrade your previous version of Office will also fail.Option 2 will allow you to upgrade a previous installation of Outlook to 2007, even if your Outlook install is part of an full Office Suite.


Option 1 Pros / Option 2 Cons

Option 2, however, will not allow you to ‘manage’ the software; if a machine falls out of the scope of the install script Outlook will not be uninstalled. Option 1 would enable you to manage software in this way.



With the above in mind I opted for Option 2 as I was performing an upgrade to 2007 from 2000 so it really was a no brainer. I combined the MSP based setup with a start-up script written in vbScript. This is configured in a new GPO and set as a machine start-up script. The scope of the GPO depends upon machine membership within a particular group within AD: thus providing a granular and controlled method of deployment.

Const HKEY_LOCAL_MACHINE = &H80000002
Set WshShell = CreateObject(“WScript.Shell”)
Set fso = CreateObject(“Scripting.FileSystemObject”)
Set objNetwork = CreateObject(“Wscript.Network”)
strComputerName = objNetwork.ComputerName
InstallDIR = WshShell.ExpandEnvironmentStrings(“%PROGRAMFILES%”) & “Microsoft OfficeOffice12”
target = InstallDIR & “OUTLOOK.exe”
If NOT fso.FileExists(target) Then ”If there is no Outlook 2007 executable install Outlook 2007
    cmd = WshShell.Run(“file_serveroutlook2007$setup.exe /adminfile file_serveroutlook2007$Outlook2K7UPDT.MSP”,0,True)
    ‘Create Outlook Desktop Icon
    Set objNetwork = CreateObject(“Wscript.Network”)
    Set wmiLocator = CreateObject(“WbemScripting.SWbemLocator”) ”Object used to get StdRegProv Namespace
    Set wmiNameSpace = wmiLocator.ConnectServer(objNetwork.ComputerName, “rootdefault”) ‘ Registry Provider (StdRegProv) lives in rootdefault namespace.
    Set objRegistry = wmiNameSpace.Get(“StdRegProv”)
    objRegistry.CreateKey HKEY_LOCAL_MACHINE, ”   SoftwareMicrosoftWindowsCurrentVersionExplorerDesktopNameSpace{00020D75-0000-0000-C000-000000000046}]”
End If