Thursday, May 30, 2013

Scripting: Administering the Windows Firewall with Batch

We needed a way to configure the Windows Firewall during a series of OS Deployments. After doing a bit of research I diced that a batch script using the NETSH command was probably the easiest solution. Here's the scripts I came up with (comment/uncomment desired settings:

Windows 7-2008 or later:

@ECHO OFF :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Set Windows Firewall Features for Windows 7-2008 or later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Auto-set Windows Firewall Features for Windows 7-2008 or later. :: Version: 2.0 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Clear screen to hide "UNC paths not supported" error message: CLS :: Display a message to the user: ECHO Setting Windows Firewall Features for Windows 7-2008 or later... ECHO. :: Run NETSH commands to disable/enable (off/on) individual firewall profiles: netsh advfirewall set domainprofile state off :: netsh advfirewall set privateprofile state off :: netsh advfirewall set publicprofile state off :: Run NETSH commands to disable/enable (off/on) all firewall profiles: :: netsh advfirewall set allprofiles state off :: Run NETSH command to enable Remote Desktop exception: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes :: Display completion notice: ECHO Done! :: Uncomment to view script results: :: ECHO. :: PAUSE EXIT
Windows XP-2003:

@ECHO OFF :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Set Windows Firewall Features for Windows XP-2003 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Auto-set Windows Firewall Features for Windows XP-2003. :: Version: 2.0 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Clear screen to hide "UNC paths not supported" error message: CLS :: Display a message to the user: ECHO Setting Windows Firewall Features for Windows XP-2003... ECHO. :: Run NETSH commands to disable/enable firewall: netsh firewall set opmode disable :: Run NETSH command to enable Remote Desktop exception: netsh firewall set service remotedesktop enable :: Display completion notice: ECHO Done! :: Uncomment to view script results: :: ECHO. :: PAUSE EXIT
BONUS - This script will reset the firewall if you make a mistake with your desired settings:

@ECHO OFF :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Reset Windows Firewall Features for Windows 7-2008 or later :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Auto-reset Windows Firewall Features for Windows 7-2008 or later. :: Version: 2.0 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Clear screen to hide "UNC paths not supported" error message: CLS :: Display a message to the user: ECHO Resetting Windows Firewall for Windows 7-2008 or later... ECHO. :: Run NETSH commands to reset firewall (restores default settings): netsh advfirewall reset :: Display completion notice: ECHO Done! :: Uncomment to view script results: :: ECHO. PAUSE EXIT

Tuesday, May 28, 2013

TechEd 2013: Here I come!

So looks like I'll be heading down to the Big Easy (New Orleans) next week for TechEd 2013. I've installed the Blogger app on my mobile device and it appears to have the capability to upload pictures directly from my phone. I'll try to post some pics while I'm down there. I'm hitting one of the big SCCM 2012-related pre-cons on Sunday. Really looking forward to that. Also there's a ton of interesting sessions I plan to try to attend as well. As expected "cloud" continues to be the hot buzzword and I'm sure Microsoft will be ready to inform me of all the awesome perks I'll gain by handing everything over to them. It should make for some interesting (and likely heated) discussions. I’ve also been issued a Surface Pro from work so (for once) I won’t have to hear the Microsoft fan boys blast me for toting around a certain fruit-themed laptop.


On the hot-beverage front, tea certainly seems to be sweeping the nation so there's a good chance I might be able to find some good tea vendors down there this go 'round (not much luck last time during TechEd 2010). That being said, I've always had better luck with coffee when I'm in South Louisiana. While I prefer tea (hands down), I have to admit I had one of the best lattes of my entire life down there back in 2010. There was a lady in the convention center selling lattes made with milk from a local farmer and coffee beans she roasted herself. She promised me the best latte ever and she totally delivered. To this day I still have cravings for that latte, so I intend to seek her out this year! Besides that there’s also the excellent coffee and chicory (not to mention the beignets) at CafĂ© Du Monde so (even if I don’t find good tea) something tells me I’ll survive.

Thursday, May 23, 2013

Scripting: My take on Batch-based OS detection

I've seen a lot of OS-detection methods out there. I know PowerShell and VBScript scripts are a lot more robust than batch scripts, but sometimes its easier to just fall back to good old CMD.EXE. To that end here's my take on an OS-detection script. In the past I've run into some issues where an application might create a folder structure that exists on a post-vista OS on a pre-vista one. So rather than check for paths or folders, I've found its better to see if environment variables have been defined, like so:

@ECHO OFF :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Detect OS Version - Pre-Post Vista :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Check for PUBLIC folder to determine OS type and execute actions. :: Version: 1.3 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Clear screen to hide "UNC paths not supported" error message: CLS :: Define Variables: SET _OSType=Unknown SET _OSArch=Unknown :: Verify PUBLIC environment variable is defined: IF DEFINED PUBLIC ( SET _OSType=Vista-2008 or later ) ELSE ( SET _OSType=XP-2003 or earlier ) :: Verify PROGRAMFILES(X86) environment variable is defined: IF DEFINED PROGRAMFILES(X86) ( SET _OSArch=x64 ) ELSE ( SET _OSArch=x86 ) :: Display result: ECHO You appear to be running an %_OSArch% version of Windows %_OSType%. :: Uncomment to view script results: ECHO. PAUSE EXIT
Just for grins here's an even more granular method using WMIC:

@ECHO OFF :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: TITLE Detect OS Version - WMIC Method :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Purpose: Determine OS version using the WMI database. :: Version: 2.0 :: Author: ZeusABJ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: Clear screen to hide "UNC paths not supported" error message: CLS :: Define Variables: SET _OSVersion=Unknown :: Query WMI to get the OS Caption to detect OS version: WMIC OS GET Caption | FINDSTR /c:"2000" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=2000 WMIC OS GET Caption | FINDSTR /c:"Windows XP" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=XP WMIC OS GET Caption | FINDSTR /c:"Server 2003" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=2003 WMIC OS GET Caption | FINDSTR /c:"Vista" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=Vista :: Note: The additional "r" after "Server" is not a typo: WMIC OS GET Caption | FINDSTR /c:"Serverr 2008" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=2008 WMIC OS GET Caption | FINDSTR /c:"Windows 7" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=7 WMIC OS GET Caption | FINDSTR /c:"Server 2008 R2" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=2008R2 WMIC OS GET Caption | FINDSTR /c:"Windows 8" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=8 WMIC OS GET Caption | FINDSTR /c:"Server 2012" > NUL IF %ERRORLEVEL% EQU 0 SET _OSVersion=2012 :: Display result: IF %_OSVersion%==Unknown ( ECHO Unable to determine Windows version. ) ELSE ( ECHO You appear to be using Windows %_OSVersion% ) :: Uncomment to view script results: ECHO. PAUSE EXIT
Hope somebody finds this useful!