$14.

95
A Penton Publication

May 2003

Use Csvde, Scriptomatic, and Excel to create easy-to-read reports

AD and WMI Reporting
by Alistair G. Lowe-Norris
When you need to extract Active Directory (AD) or Windows Management Instrumen-

tation (WMI) data, several tools are at your disposal. The Csvde command-line utility

(csvde.exe) and the Scriptomatic tool (scriptomatic.exe) are both extremely useful in this

respect. To get the most out of this data, you can use Microsoft Excel to format the out-

put into clean and easy-to-read reports. Here are some scripts to show you how.

AD Reporting information, the best method for making that

Csvde, which resides in %systemroot%\
system32 after you install Windows Server
2003 or Windows 2000 Server, lets you import
and export AD data to a comma-separated
value (CSV) file according to attribute and
In This Issue object filters. For example, to extract all user-
object data to a .csv file called C:\report.csv,
1 AD and WMI open a command window and type the fol-
Reporting lowing command:
csvde -f c:\report.csv -v -d
6 Rem dc=mycorp,dc=com
-r (objectClass=User) -p SubTree
9 Progressive Perl for
This command directs Csvde to extract the
Windows
information to the specified file (-f), use ver-
bose mode onscreen while running (-v), start
13 Real-World Shell
from mycorp.coms root (-d), look for the
Scripting specified objects (i.e., User objects) only (-r),
and scan the whole tree (-p). If you want to
15 Reader to Reader extract the user objects ADsPath property
only, add the following parameter:
-l ADsPath
For more information about Csvdes syntax,
use the tools -? parameter, type the csvde com-
mand with no parameters, or go to http://
www.microsoft.com/technet/prodtechnol/
windowsnetserver/proddocs/entserver/csvde
.asp.
After youve used Csvde to extract AD
data into legible reports (with formatted
columns, headings, and so forth) is to use
Excel. You can import the .csv file into Excel,
then save the report as an Excel (.xls) file. Ive
created a VBScript script, which Listing 1,
page 2, shows, that automates this process
without visibly opening Excel. The script cre-
ates an Excel Application object, then uses the
Workbooks::Open method to open the .csv
file that I used Csvde to create (i.e., C:\
report.csv). The script then passes two
parameters to the ActiveWorkbook::SaveAs
method. The first parameter specifies the new
file to be created (i.e., C:\report.xls), and the
second parameter defines the file format (i.e.,
xlNormal). Note that running this script on a
Win2K Server that doesnt run Excel will result
in an error.
System Reporting
If youre considering extracting system data for
reporting purposes, investigate Scriptomatic,
which automates the creation of complex
WMI reporting scripts. (For information about
WMI scripts and other reporting topics, see
Related Reading, page 2.) You can download
this free tool from http://www.microsoft
.com/technet/treeview/default.asp?url=/tech
net/scriptcenter/wmimatic.asp (at the time of
this writing, the tool is also scheduled to be
 AD and WMI Reporting
and Version is the OS build version
LISTING 1: Code to Convert a .csv File to an .xls File numberfor example, 5.1.2600.) Ive
Option Explicit also added code that creates an Excel
Const xlNormal = &HFFFFEFD1 Application object, adds a workbook
Dim appExcel to that object, and names the first
Set appExcel = CreateObject(Excel.Application) worksheet OS Data. The code then
places column headings (i.e., PC Name,
appExcel.Workbooks.Open C:\report.csv
appExcel.ActiveWorkbook.SaveAs C:\report.xls, xlNormal Caption, and Version) in the first three
appExcel.Workbooks.Close
cells in Row 1 (i.e., A1, B1, and C1). To
appExcel.Quit make the headings stand out, the code
sets those cells background color to
included in the Windows 2003 resource your organization.) For example, when dark blue and sets the text to a bold
kit). Scriptomatic works on Windows you select Win32_OperatingSystem white font. (To discover how I deter-
2003, Windows XP, and Win2K systems from the list, the tool instantly creates mined the code to use to automate
and on Windows NT 4.0 Service Pack 6 a script that reports every item within these Excel tasks, see the sidebar For-
(SP6) and Windows 98 systems on the Win32_OperatingSystem class. If matting the Reports, page 4.)
which youve installed Microsoft Inter- you then click Run, Scriptomatic uses The next three lines of code are
net Explorer (IE) 5.0, WMI, and Win- cscript.exe to execute the script, open- straight from the Scriptomatic script
dows Script Host (WSH) 5.6. You can ing a command window and placing and extract data from the Win32_Oper-
use the tool to generate basic WMI the results into that command win- atingSystem class into a collection
scripts, which you can then modify to dow. You can modify the created script called colItems. Then, to populate the
be more versatile. to export the results into Excel. spreadsheet, the code sets a row index
2 After you download Scriptomatic, Listing 2 shows the Scriptomatic- marker (which starts at Row 2, after my
run scriptomatic.hta to open the tool. generated Win32_OperatingSystem heading row) and enters a loop through
The primary screen contains a drop- class script, which Ive modified in sev- the collection. This loop adds data into
down list of WMI classes for you to eral ways. First, for the sake of brevity, the three columns, using the row index
select from. When you select a class, Ive shortened the script so that it to target the correct cell each time. At
the tool automatically returns a script extracts only the CSName, Caption, and the end of the loop, the code incre-
that will report every item of that class Version properties. (On an XP system, ments the row index marker. (Using a
on the local system. (The scripts always CSName is the clients short name, For EachNext loop through colItems
point to the local PC, but you can mod- Caption is some text along the lines of when only one item exists in the col-
ify the scripts to run on other PCs in Microsoft Windows XP Professional, lection might seem silly, but this script
is simply a generic example of how to
import your data into Excel. The advan-
RELATED READING tage of the Scriptomatic scripts is that
they print every item for every returned
You can obtain the following article from Windows & .NET Magazines Web site at http://www result. Depending on the WMI class you
.winnetmag.com. select, those items can become quite
numerous. You can modify the sample
ALISTAIR G. LOWE-NORRIS
script in Listing 2 as necessary to start
Generating Deployment Reports, March 2000, InstantDoc ID 8054 each new item on a new row.)
After all the data is in the spread-
You can obtain the following articles from the Windows Scripting Solutions Web site at
http://www.winscriptingsolutions.com. sheet, the code selects all the cells in
the worksheet and autofits the width
ALISTAIR G. LOWE-NORRIS of the columns and the rows to make
Scripting Solutions with WSH and COM: Creating Simple and Useful Scripts with WMI, August the report easier to read. Last, the code
2000, InstantDoc ID 9173
Scripting Solutions with WSH and COM: Simple Uses of WMI, July 2000, InstantDoc ID 8985
OBTAINING THE CODE
Graphing Windows 2000 User Logons with Excel 2000, May 2000, InstantDoc ID 8601
Listings are available for down-
Using Excel Objects to Manipulate a Spreadsheet, April 2000, InstantDoc ID 8387 loading from the Windows Script-
Using WSH with ADSI to Create Excel Spreadsheets for Debugging, April 2000, InstantDoc ID 8385 ing Solutions Web site at http://
www.winscriptingsolutions.com.
Automating Excel to Create Trend Charts, March 2000, InstantDoc ID 8186

Windows Scripting Solutions MAY 2003


makes the Excel spreadsheet visible. I
could have written the script to make
the spreadsheet visible earlier so that I
could watch the script populate the
spreadsheet, but doing so introduces
the risk of the user accidentally click-
ing the spreadsheet while the script is
workingan action that would inter-
rupt the script and cause it to abort
with an error. If you never intend to
show a systems user the data youre
retrieving from that system, you can
simply leave out the code that makes
Excel visible and let the entire process
run in the background.
If you want to save the Excel spread-
sheet, then close Excel, simply add sev-
eral lines to the end of the script. For
example, to save the spreadsheet to the
local system under the filename report
.xls, use the following code:
appExcel.ActiveWorkbook.SaveAs _
C:\report.xls
appExcel.Workbooks.Close
appExcel.Quit
To open a saved file in another
script and have this second script per-
form additional changes, save the file,
and close it, use the following code:
appExcel.Workbooks.Open _
C:\report.xls
Perform your changes
appExcel.ActiveWorkbook.Save
appExcel.Workbooks.Close
appExcel.Quit
LISTING 2: Code to Report the Current PC OS to an
.xls File
Option Explicit
Const xlSolid = 1
Dim appExcel, strComputer, objWMIService, colItems, objItem, _
intRowIndex
Reference the Excel Application object, open the workbook,
and rename the worksheet.
Set appExcel = CreateObject(Excel.Application)
appExcel.Workbooks.Add
appExcel.Sheets(Sheet1).Name = OS Data
appExcel.Sheets(OS Data).Select
Set up the OS data sheet and print the column headers.
appExcel.Cells(1,1).Value=PC Name
appExcel.Cells(1,2).Value=Caption
appExcel.Cells(1,3).Value=Version
Format the column headers.
appExcel.Range(A1:C1).Select
appExcel.Selection.Interior.ColorIndex = 5
appExcel.Selection.Interior.Pattern = xlSolid
appExcel.Selection.Font.ColorIndex = 2
appExcel.Selection.Font.Bold = True
Gather the data for the current PC.
A strComputer = .
Set objWMIService = GetObject(winmgmts:\\ & strComputer & _
\root\cimv2) 3
Set colItems = objWMIService.ExecQuery(Select * from & _
Win32_OperatingSystem,,48)
Starting at Row 2, loop through the results and print on
separate rows.
intRowIndex = 2
For Each objItem in colItems
appExcel.Cells(intRowIndex,1).Value=objItem.CSName
appExcel.Cells(intRowIndex,2).Value=objItem.Caption
appExcel.Cells(intRowIndex,3).Value=objItem.Version
intRowIndex = intRowIndex + 1
Next
Autofit the columns and rows.
appExcel.Cells.Select
appExcel.Cells.EntireColumn.AutoFit
appExcel.Cells.EntireRow.AutoFit
Make Excel visible.
appExcel.Visible=True

Remote PCs
How can you modify the provided
script to return information about one
or more remote PCs? The answer lies
in the scripts strComputer line, which
specifies the target computer. By
default, Scriptomatic sets this line of
code (at callout A in Listing 2) to ".",
indicating the current PC. To check a
remote PC instead, change "." to the
full DNS name of the remote PC
"anotherpc.emea.mycorp.com", for
example. What about checking multi-
ple PCs? If you want to check only a
dozen PCs, you can add them to the
script as an array and cycle through
each one in turn. However, if you want
to check more PCssay, all the PCs in
a specific OUyou need a way to
retrieve all those long DNS names
from AD. That requirement takes us
back to Csvde, which you can use to
export the names of all the PCs in a
certain group, a certain OU, or the
entire network.
Suppose that you want to find all
the PCs listed in AD, then pull out the
OS Caption and Version information
from each one. You can do so by using
Csvde and a modification to the Scrip-
tomatic-generated WMI Win32_Oper-
atingSystem script. The script that
Listing 3, page 5, shows uses Csvde to
extract the list of client PCs to a .csv
file, opens that file in Excel (placing
the information about each PC in a
new row), and reads the file line by
line. The script then uses WMI to try to
connect to each PC and read the OS
data. The script writes the results to a
second Excel spreadsheet, indicating
for each PC whether the script could
connect to the PC and providing the

www.winscriptingsolutions.com
 AD and WMI Reporting

Formatting the Reports

How did I determine what lines to add to the VBScript to automate
Microsoft Excel? The trick is simple. Open Excel and select Tools,
Macro, Record New Macro from the menu bar, then perform the
operations that you want your script to automate (e.g., saving,
opening, autofitting columns and rows, coloring cells). Stop the
macro, then open and edit it to see the Visual Basic for Applica-
tions (VBA) code that it generates.
You cant copy this code exactly. First, constants such as xlNor-
mal and xlSolid are already defined in VBA, so youll need to find
out their values and define them in your script. To do so, press F2
from within the Microsoft Visual Basic (VB) macro editor (or select
View, Object Browser from the editors menu bar) to open the
Object Browser. Select the <globals> class from the Classes pane,
then scroll through the Members of <globals> pane until you find
the constant you want to identify. When you select the constant, its
definition appears in the box at the bottom of the Object Browser.
Second, VBA is more verbose than VBScript when a subroutine,
function, or method has parameters, so youll want to edit the code.
Consider the following example, which is the record of my use of
the SaveAs method:
4 eters are enclosed in square brackets ([]). However, I recommend
ChDir C:\
ActiveWorkbook.SaveAs Filename:= _
C:\Book2.xls, FileFormat:= _
xlNormal, Password:="", _
WriteResPassword:="", _
ReadOnlyRecommended:=False, _
CreateBackup:=False
The macro shows that Excel popped up a Save dialog box, from
which I navigated to the C: root drive, then saved the spreadsheet
as Book2. Because the SaveAs command includes the path, I can
delete the first line of this code. The second line defines six param-
eters, each beginning with the parameter name, followed by :=,
then the parameter assignment. To convert this code into VBScript,
I remove the parameter names and := and preface the line of
code with appExcel. (or whatever variable name you're using for
your Excel Application object). The result looks like the following:
appExcel.ActiveWorkbook.SaveAs _
C:\Book2.xls,xlNormal, _
, , False, False
As long as I define xlNormal as a constant in my VBScript, this
line of code will work. But do I truly need all those parameters? To
determine how many parameters are mandatory and how many are
optional, I return to the Object Browser, select the Application class
(for my Excel.Application object), and select the ActiveWorkbook
member (the method that Im calling). The results pane indicates
that the Application classs ActiveWorkbook property returns a
Workbook object, which contains the SaveAs method. Conse-
quently, I pick the Workbook class from the left-hand pane and
select SaveAs (the method Im using on the active workbook) from
the right-hand pane. The results pane shows the SaveAs parame-
ters. Now, I can click the question mark (?) in the Object Browser to
bring up Help material about SaveAs. This material reveals that all
the parameters are optionalwhich was already obvious in this
case by looking at the results pane because all the SaveAs param-
that you still consult the Help material because it contains detailed
information. In this case, that material tells me that all I need is the
name and path of the sheet (i.e., the first parameter). So, my final
VBScript code ends up as follows:
appExcel.ActiveWorkbook.SaveAs C:\Book2.xls
You might wonder why this line of code doesnt include the sec-
ond parameter, which defines the file format (i.e., xlNormal) as I
specified in the script in Listing 1 in the main article. The reason is
that the second parameter sets the default file type of the file that
youre saving. In this example, Im already dealing with an Excel file,
so I dont need to specify a different file type. In Listing 1, the script
read in a .csv file, so if I didnt specify xlNormal, the script would
save the file as a .csv file, which isnt what I want. For more detailed
instructions, see Generating Deployment Reports, March 2000,
http://www.winnetmag.com, InstantDoc ID 8054.

OS data for those PCs to which it
could connect.
The script begins by declaring the
necessary constants and variables.
Youll need to change the specified
PATH, CSV, XLS, and AD_ROOT vari-
able values to ones that are appropri-
ate for your environment.
The script then uses the WSH Shell::
Run method to run Csvde, ensuring
that the Run window remains hidden
and that the scripts execution pauses
until Csvde has finished running. The
script uses the Csvde string that I
described earlier but sets the filter (-r)
to search for computers and the prop-
erty to be returned (-l) to the PCs long
DNS names.
After the script populates the .csv
file, it creates an Excel Application
object, opens the .csv file, and saves the
file as an .xls file, closing the original
.csv file in the process. The script then
uses the standard FileSystemObject::
DeleteFile call to delete the .csv file
and the csv.log file.
The .xls file has one sheet containing
the PC data. This data includes an extra
first column containing each returned
items distinguished name (DN) and an
extra header row identifying each
returned item. We dont need this infor-
mation in our report, so the script
deletes the first column and first row.
Now the .xls file contains the data
we need in one worksheet named
Machines (or whatever you called your
.csv fileExcel opens the .csv file into
one worksheet and gives that work-
sheet whatever name you gave the .csv
file). Because only one worksheet
exists, the script can rename the sheet
(with a more descriptive name such as
OS Details for All PCs, for example)
simply by selecting all worksheets and

Windows Scripting Solutions MAY 2003


renaming the active sheet. I also need
to create a heading row, so the script
inserts a new first row, shifting all the
other cells down. The script then
inserts column headings into the
empty row and formats those cells, as
I described for Listing 2.
Now were ready to begin adding
data, starting at Row 2. The script uses
a While loop to determine whether the
first cell in that row (i.e., cell A2) is
empty. If notin other words, if the
cell contains a PC namethe script
continues, setting the strComputer
object to the name in the cell and
attempting to use the Scriptomatic
WMI code to retrieve data from that
system. Before entering the loop, the
script confirms that the objWMI-
Service object isnt equal to Nothing. If
the object is equal to Nothing, the
script increments the rowcount and
skips to the next row. (Inside the While
loop, the script sets the objWMIService
object to Nothing after each pass. Oth-
erwise, if WMI failed to connect to a
remote PC, the object would fail to
loop to the next machine in line.)
When looping through colItems,
the script sets the first cell of the cur-
rent row to be strComputer and the
second and third cells to be the Cap-
tion and the Version, respectively. If
colItems returns more than one result,
the script moves all the following
rowswhich contain the names of the
PCs weve yet to connect todown to
make room for this data. At the same
time, the script adds the first cell, con-
taining the strComputer value, to these
new blank rows. So for example, if col-
Items contains three results, the script
will fill in Row 2 with the first set of data
from colItems, create a blank Row 3,
insert strComputer and the next set of
data from colItems into Row 3, create a
blank Row 4, insert strComputer and
the last set of data from colItems into
Row 4, and create a blank Row 5. When
the loop determines that colItems is
empty and that we therefore dont
need that final blank row, the script
deletes that row. The next row, which
LISTING 3: Code to Retrieve OS Data from All PCs
Option Explicit
On Error Resume Next
Declare constants and variables.
Const FSO_FILE_FORCE_DELETE = TRUE
Const xlNormal = &HFFFFEFD1
Const xlSolid = 1
Const xlShiftDown = &HFFFFEFE7
Const xlShiftUp = &HFFFFEFBE
Const xlToLeft = &HFFFFEFC1
Const SHELL_RUN_HIDE_WINDOW = 0
Const SHELL_RUN_WAIT_UNTIL_FINISHED = TRUE
Const PATH = C:\
Const CSV = Machines.csv
Const CSV_LOG = CSV.LOG
Const XLS = Results.xls
Const AD_ROOT = dc=mycorp,dc=com
Dim wshShell, appExcel, fso, intRowIndex, strComputer
Dim objWMIService, colItems, objItem , strCommand
Use Csvde to export all client PC DNS names from AD
to a .csv file.
strCommand = csvde.exe -f & PATH & CSV & -d & _
A AD_ROOT & -r (&(objectClass=Computer))_
-p SubTree -l dNSHostName
Set wshShell=WScript.CreateObject(WScript.Shell)
wshShell.run strCommand, SHELL_RUN_HIDE_WINDOW, _
SHELL_RUN_WAIT_UNTIL_FINISHED
5
Open the .csv file in Excel and save the .xls file.
Set appExcel = CreateObject(Excel.Application)
appExcel.Workbooks.Open PATH & CSV
appExcel.ActiveWorkbook.SaveAs PATH & XLS, xlNormal
Delete old .csv file and log file.
Set fso = CreateObject(Scripting.FileSystemObject)
fso.DeleteFile PATH & CSV, FSO_FILE_FORCE_DELETE
fso.DeleteFile PATH & CSV_LOG, FSO_FILE_FORCE_DELETE
Delete unnecessary first column and first row.
appExcel.Columns(A:A).Select
appExcel.Selection.Delete xlToLeft
appExcel.Rows(1:1).Select
appExcel.Selection.Delete xlShiftUp
Set up the OS data sheet and insert a heading row.
appExcel.Worksheets.Select
appExcel.ActiveSheet.Name = OS Details for All PCs
appExcel.Rows(1:1).Select
appExcel.Selection.Insert xlShiftDown
Print and format the first row column headers.
appExcel.Cells(1,1).Value=PC Name
appExcel.Cells(1,2).Value=Caption
appExcel.Cells(1,3).Value=Version
appExcel.Range(A1:C1).Select
appExcel.Selection.Interior.ColorIndex = 5
appExcel.Selection.Interior.Pattern = xlSolid
appExcel.Selection.Font.ColorIndex = 2
appExcel.Selection.Font.Bold = True
Loop through the .xls file and read PC DNS names.
intRowIndex = 2
While appExcel.Cells(intRowIndex,1).Value <>
Attempt to use WMI to connect to each PC and write out the
results. Continued on page 6
www.winscriptingsolutions.com
 AD and WMI Reporting

LISTING 3 continued INSTANTDOC ID

The number that appears at the
strComputer = appExcel.Cells(intRowIndex,1).Value end of each article is the articles
Set objWMIService = GetObject(winmgmts:\\ & strComputer _ InstantDoc ID. To access the arti-
& \root\cimv2)
cle, go to the newsletters home page
If Not (objWMIService Is Nothing) Then
(http://www.winscriptingsolutions.com)
Set colItems = objWMIService.ExecQuery(Select * from & _
Win32_OperatingSystem,,48) and enter the ID in the InstantDoc ID box.
For Each objItem in colItems
appExcel.Cells(intRowIndex,1).Value = strComputer
appExcel.Cells(intRowIndex,2).Value = objItem.Caption
shows so that it uses the Win32_Ser-
appExcel.Cells(intRowIndex,3).Value = objItem.Version vice class and the Description prop-
appExcel.Rows(intRowIndex + 1 & : & intRowIndex +1)._ erty, then watch what happens. (I
Insert xlShiftDown
strongly suggest that you limit the
intRowIndex = intRowIndex + 1
Next number of clients you connect to for
appExcel.Rows(intRowIndex & : & intRowIndex).Delete _ this test, because these changes add
xlShiftUp one line per service per PC, or as many
Set objWMIService = Nothing
Else as 100 more lines per client.) Rather
intRowIndex = intRowIndex + 1 than using Csvde, comment out the
End If lines at callout A in Listing 3 and ref-
Autofit the columns and rows, save the .xls file, and display erence an existing .csv file that con-
Excel. tains a dozen or so PC names. This test
appExcel.Cells.Select
will give you more than 1000 lines in
appExcel.Cells.EntireColumn.AutoFit
appExcel.Cells.EntireRow.AutoFit your spreadsheet. Pretty powerful
6 appExcel.ActiveWorkbook.Save stuff, isnt it? Play around with Csvde,
appExcel.Visible = True Scriptomatic, and Excelreporting
about AD and your WMI clients might
contains the next PC, moves up, and user that the file is available. You can actually become fun. 38401
the script continues. even have the script email the file,
Last, the script autofits the columns then remove it from the PC that the Alistair G. Lowe-Norris (alistair@winnet
mag.com) is a consultant specializing in
and rows, saves the .xls file, and opens script ran on.
Microsoft technologies. He is an MCSE, an
it for viewing. You can just as easily MCP+Internet, and the author of Win-
have the script quit Excel without dis- Reports in a Flash dows 2000 Active Directory (OReilly and
playing the file to the user and instead To see a large amount of data for each Associates), which is published in four
send an email message notifying the PC, modify the script that Listing 3 languages.

Rem Do you have a scripting-related question or problem? You can send

your question or problem to winscriptsol@winnetmag.com.
by Bob Wells

Q: I recently downloaded Microsofts
Scriptomatic utility from http://www
.microsoft.com/technet/treeview/default
.asp?url=/technet/scriptcenter/wmimatic
.asp. Scriptomatic generates Windows
AT A GLANCE
Porting Scriptomatic scripts to Perl . . . . . . . . . . . . . . 6
Accessing a Win98SE computer remotely . . . . . . . . . 7
Searching for users in an NT 4.0 domain . . . . . . . . . . 8
Management Instrumentation (WMI)
scripts, so its ideal for WMI scripting
newbies like me. However, the utility gen-
erates scripts in VBScript only. How can
I port a Scriptomatic-generated script to
Perl?
A: Scriptomatic has no built-in capa-
bility for porting its VBScript code to
Perl. However, with a bit of Perl and
VBScript knowledge, you can port the
code yourself. Porting a Scriptomatic
script to another scripting language is
simple. After you know how to port
one Scriptomatic script, you can eas-
ily port any Scriptomatic script be-
cause the scripts all follow the same
basic template.
For example, Listing 1 shows the
VBScript code that Scriptomatic gen-
erates when you select the Win32_
Environment class, which lets you
manage environment variables on any
WMI-enabled computer. I selected

Windows Scripting Solutions MAY 2003


Win32_Environment as an example
for two reasons. First, the class is rela-
tively small: It defines only eight prop-
erties. Second, all WMI-enabled
computers support this class.
Listing 2 shows the same script
ported to Perl. Although spotting the
changes is relatively easy, lets look at
the more interesting changes. The most
important change is in the first line,
which imports the Win32::OLE module.
Win32::OLE is the Perl module that pro-
vides Perl with the pixie dust it needs to
work with COM automation libraries,
such as the WMI Scripting Library.
The code at callout A in Listing 2 uses
the Win32::OLE modules GetObject
method to establish the WMI connec-
tion. Notice that Perls dereference
operator is an arrow (->) rather than a
dot (.). Also notice that the string
passed to GetObject isnt pieced
together like the VBScript string. Perl
supports interpolated strings, so you
dont need to concatenate the pieces
as you do in VBScript.
The last change worth noting is how
you use Perl and Win32::OLE to refer-
ence and dereference COM collections.
You use a scalar to reference the col-
lection returned from the WMI Script-
ing Librarys ExecQuery method. You
use Perls hash syntax to dereference an
item in the collection (e.g., $Reference-
Name->{PropertyName}). To learn
more about using the Win32::OLE mod-
ule to access COM automation libraries
and components, see ActiveStates
ActivePerl documentation at http://
aspn.activestate.com/ASPN/Reference/
Products/ActivePerl-5.6/site/lib/
Win32/OLE.html. 38405
Q: Im working on a script that uses
Windows Management Instrumentation
(WMI) to collect hardware and software
information in a mixed OS environment.
Most of our desktops run Windows 98
Second Edition (Win98SE); a few desk-
tops run Windows 2000 Professional. My
script runs great against the Win2K Pro
computers, but when the script tries to
connect to a Win98SE computer, I get a
LISTING 1: Scriptomatic-Generated VBScript Code
On Error Resume Next
strComputer = .
Set objWMIService = _
GetObject(winmgmts:\\ & strComputer & \root\cimv2)
Set colItems = objWMIService.ExecQuery _
(Select * from Win32_Environment,,48)
For Each objItem in colItems
WScript.Echo Caption: & objItem.Caption
WScript.Echo Description: & objItem.Description
WScript.Echo InstallDate: & objItem.InstallDate
WScript.Echo Name: & objItem.Name
WScript.Echo Status: & objItem.Status
WScript.Echo SystemVariable: & objItem.SystemVariable
WScript.Echo UserName: & objItem.UserName
WScript.Echo VariableValue: & objItem.VariableValue
Next
LISTING 2: VBScript Code Ported to Perl
use Win32::OLE;
my $strComputer = .;
A my $objWMIService =
Win32::OLE->GetObject(winmgmts://$strComputer/root/cimv2)
or die WMI connection failed.\n;
my $colItems = $objWMIService->ExecQuery(Select * from
Win32_Environment,WQL,48); 7
foreach my $objItem (in $colItems) {
print Caption: $objItem->{Caption}\n;
print Description: $objItem->{Description}\n;
print InstallDate: $objItem->{InstallDate}\n;
print Name: $objItem->{Name}\n;
print Status: $objItem->{Status}\n;
print SystemVariable: $objItem->{SystemVariable}\n;
print UserName: $objItem->{UserName}\n;
print VariableValue: $objItem->{VariableValue}\n\n;
}
remote procedure call (RPC) error. Can I Y is the default setting.
use a WMI script to access a Win98SE 3. Set the EnableRemoteConnect
computer remotely? value (of type REG_SZ) to Y. N is the
default setting.
A: You can use WMI to access your 4. Navigate to the HKEY_LOCAL_
Win98SE computers remotely, but you MACHINE\SOFTWARE\Microsoft\
first need to configure your Win98SE WBEM\CIMOM subkey.
computers to accept remote Distributed 5. Set the AutostartWin9x value (of
COM (DCOM) connections. Although type REG_SZ) to 1 or 2. For informa-
the WMI software development kit tion about each settings meaning, see
(SDK) describes the steps you need to the topic Automatically Invoking WMI
take, those steps contain some errors. on Windows 95/98 (http://msdn
The correct steps, which I adapted .microsoft.com/library/en-us/wmisdk/
from the WMI SDK, are as follows. On wmi/automatically_invoking_wmi_on_
a Win98SE computer: windows_95_98.asp?frame=true) in
1. Use the registry editor to navigate the WMI SDK.
to the HKEY_LOCAL_MACHINE\ 6. Add the winmgmt.exe file to the
SOFTWARE\Microsoft\Ole subkey. Win98SE computers Startup directory.
2. Set the EnableDCOM value (of You can find winmgmt.exe in the
type REG_SZ) to Y if it isnt already set. %windir%\system\wbem directory.
www.winscriptingsolutions.com
 Rem
time to run because our domain contains
LISTING 3: Code That Inefficiently Searches an thousands of user accounts. Can you
NT 4.0 Domain offer any suggestions to improve the
scripts performance?
Option Explicit
WScript.Echo Time
Dim blnFound, objDomain, objUser, strDomainName, strUserName A: To improve the scripts perfor-
blnFound = False mance, you can bind directly to the user
strDomainName = acme object in question instead of enumerat-
strUserName = johndoe
ing all users. When the user exists, the
Set objDomain = GetObject(WinNT:// & strDomainName) GetObject function succeeds. When the
objDomain.Filter = Array(User) user doesnt exist, GetObject fails. This
For Each objUser In objDomain approach will not only significantly
If LCase(objUser.Name) = LCase(strUserName) Then
improve your scripts performance but
blnFound = True
Exit For also reduce the scripts impact on your
End If network and domain controller (DC).
Next The script in Listing 4 demonstrates
how to use the bind operation to
WScript.Echo strUserName & : & blnFound
WScript.Echo Time determine whether a user exists. The
code at callout A in Listing 4 is key. This
code begins by enabling the On Error
7. Restart the Win98SE computer. (ADSI) WinNT provider doesnt have a statement, VBScripts error-handling
38406 search mechanism like the ADSI Light- mechanism. Next, the script tries to
8 weight Directory Access Protocol (LDAP) bind directly to the user object in the
Q: I need to search for users in our provider does, Im using a script similar NT 4.0 domain. This code works
Windows NT 4.0 domain. Because the to the one in Listing 3 to perform the equally well with Active Directory (AD)
Active Directory Service Interfaces search operation. This script takes a long in Windows 2000 and local SAM data-
bases in NT 4.0 member servers and
workstations. Following the GetObject
LISTING 4: Code to Efficiently Search an call, the script checks the VBScript Err
NT 4.0 Domain object to determine whether GetOb-
ject succeeded.
Option Explicit
When the Err objects Number
WScript.Echo Time
Dim blnFound, objUser, strDomainName, strUserName property is 0 (i.e., no error), GetObject
succeeded, so the script sets blnFound
Const USERNAME_NOT_FOUND = &h800708AD to True. When the Err objects Number
blnFound = False
property is equal to the Win32 error
To run this script, change the strDomainName variables code assigned to the USERNAME_
value to your domains name and change the strUserName NOT_FOUND constant, GetObject
variables value to the name of the user account to search for. failed, so the script sets blnFound to
strDomainName = acme
strUserName = johndoe False. When the Err objects Number
property is something other than 0
A On Error Resume Next or the USERNAME_NOT_FOUND
Set objUser = GetObject(WinNT:// & strDomainName _
constants value, some other error
& / & strUserName & ,User)
If Err.Number = 0 Then occurred. The script echoes that value
blnFound = True to the console and immediately exits.
ElseIf Err.Number = USERNAME_NOT_FOUND Then 38407
blnFound = False
Else Bob Wells (bobwells@winnetmag.com) is a
WScript.Echo CStr(Hex(Err.Number)) & : & Err.Description
contributing editor for Windows & .NET
WScript.Quit
Magazine. He is a programming writer at
End If
Microsoft, where he is contributing to a
WScript.Echo strUserName & : & blnFound new System Administration Scripting
WScript.Echo Time Guide that Microsoft will include in its
next Windows Server resource kit.

Windows Scripting Solutions MAY 2003

Progressive Perl for Windows
Converting Perl Scripts to Win32 Perl Services
by Dave Roth
Most programs require that a user log
on to the system to run them. How-
ever, long ago before Windows ever
appeared, UNIX developers realized
the importance of having some pro-
grams run from the time that a com-
puter booted until the computer was
shut down because the programs pro-
vided important services that had to
run, even when nobody was logged
on. Hence, the daemon was born. A
daemon is software thats designed to
run at boot time and keep running,
without user intervention. The OS
launches the program because a user
might not be available to do so.
Most of the common services asso-
ciated with the Internet are daemons,
such as Web, FTP, email, firewall,
streaming-media, and print services.
These services start running when the
computer starts and stop running
when the computer shuts down.
Windows OSs based on the Win-
dows NT kernel (e.g., Windows Server
2003, Windows XP, Windows 2000, NT)
refer to daemons as services. You can
find your machines Win32 services and
their states (e.g., running, stopped) in
the Control Panel Services applet,
which is in the Control Panels Admin-
istrative Tools folder. When you double-
click the Services applet, the Microsoft
Management Console (MMC) Services
snap-in appears. The Services snap-in
lists each services name and provides
information about that service, such as
its description and status.
Win32 services are useful for many
reasons. For example, Win32 services
provide the means to run a program
when the OS starts. In addition, you
can control a service from a remote
machine.
You can make almost any applica-
tion or tool a Win32 service. For exam-
ple, consider a script that pings a server
every minute to determine whether the
server is online. This script is a perfect
candidate for a Win32 service because it
needs to run as soon as the OS is loaded
and must continue running regardless
of which users log on and log off.
Win32 services are truly great tools.
However, when you use C or Visual
Basic (VB) to develop them, the task is
fairly daunting because you have to
manage multiple threads interacting at
different times. This task leaves you
with little time to benefit from the ser-
vices. However, you can use a Perl
script to create Win32 services, which
is far easier than using C or VB to cre-
ate them. And modifying a service is as
easy as modifying a Perl script.
How Win32 Perl Services
Work
Windows uses a specialized software
manager called the Service Control
Manager (SCM) to handle services. The
SCM manages the state of a service.
When Windows boots up, the SCM
starts any service configured to start at
boot time. When a user wants to start,
pause, or stop a service, the SCM per-
forms the action on the users behalf.
The SCM then interacts with the service
to inform it that its state must change.
When the SCM starts a service, the
SCM executes the services .exe file. For
Perl scripts, the SCM launches perl.exe
and passes to perl.exe the name of the
Perl script and any parameters that the
script needs. The Perl script then tells
the SCM to treat it as a service. There-
after, the script is officially considered
to be running as a service. In addition
to whatever tasks the script is pro-
grammed to do, the script has only one
service-related task that it must per-
form: monitor the SCM for state
changes.
The SCM receives requests to change
the state of a service. Such requests can
come from not only local or remote
users but also local or remote applica-
tions and system components. Thus, the
Perl script continuously monitors the
SCM for state changes and reacts
accordingly. For example, when the
state changes to SERVICE_PAUSE_
PENDING, the script reacts by perform-
ing whatever actions are required to
make the script pause. The script must
then inform the SCM that it has entered
the SERVICE_PAUSED state. The script
reacts similarly to the SERVICE_START_
PENDING, SERVICE_CONTINUE_
PENDING (essentially unpausing), and
SERVICE_STOP_PENDING states and 9
performs the necessary actions to enter
the pending state.
One of the most important states is
SERVICE_RUNNING. When the SCM
reports this state, the script performs
the actions for which it was designed.
For example, if the script was designed
to ping a server every minute, during
the SERVICE_RUNNING state, the
script issues a ping every minute.
The Win32::Daemon Perl
Extension
A few tools are available to create a
Win32 Perl service, such as the srvany
.exe freeware utility and ActiveStates
PerlSvc utility. However, srvany.exe has
limitations, and PerlSvc requires the
purchase of ActiveStates Perl Dev Kit.
An alternative is the Win32::Daemon
extension (http://www.roth.net/perl/
daemon) and the Win32::Daemon::
Simple extension (http://jenda.krynicky
.cz), which depends on Win32::Dae-
mon. These extensions provide full
Win32 service functionality from a
simple Perl script.
You can install Win32::Daemon by
running the Perl Package Manager
(PPM) from a command line:
www.winscriptingsolutions.com
 Win32 Perl Services
from running the registry editors block of code. The code first sets the
LISTING 1: Code That Lists (regedit.exe and regedt32.exe) and the default configuration settings, then calls
the Applications FTP client. You can also use the script to the Configure( ) subroutine to check for
terminate a process after the process user-specified parameters, some of
to Kill has run for a specific amount of time. which might override the default set-
%PROC_LIST = ( For example, I configured the script to tings. Depending on the configuration
telnet.exe => 120, terminate any Telnet session that runs options you specify when you launch
ftp.exe => 0,
longer than 2 minutes. This termination ProcMon.pl, the code either installs the
regedit.exe => 0,
regedt32.exe => 0 prevents users from staying logged on to script as a service, stops the script from
); a Telnet client for long periods of time. running as a service, or displays the
The scripts %PROC_LIST hash lists scripts syntax and exits. Figure 1 shows
the applications to kill and when to kill the configuration options that you can
PPM install http://www.roth.net/ them, as the code in Listing 1 shows. use when launching ProcMon.pl.
perl/packages/win32-daemon.ppd Each hash key lists the applications After setting the service configura-
filename (e.g., telnet.exe), which must tions, the script creates the log file. The
be in all lowercase letters. The value default logs filename is the name of the
Creating a Process- associated with each hash key speci- script with the .log extension. So, if you
Monitoring Service fies how many seconds the application leave the scripts name as ProcMon.pl,
In the Code Library on the Windows is allowed to run before being termi- the resulting default log file will be
Scripting Solutions Web site (http:// nated. Notice that all but one of the ProcMon.log. The log file will reside in
www.winscriptingsolutions.com), youll applications have a value of 0 seconds. the same directory as the script. The
find ProcMon.pl, a script that creates a This value causes the script to termi- code at callout A in Listing 2 configures
10 process-monitoring service. You can nate those applications just after the this default location. However, you can
use this script to prevent specific pro- script notices theyre running. override the default by using the -l
cesses from running. For example, I Next, the script sets the service parameter when you launch the script.
configured the script to prevent users configurations. Listing 2 shows this
Starting the Service and
Processing Service States
LISTING 2: Code That Configures the Service Now that the script has made the nec-
%Config = ( essary preparations to run as a service,
machine => Win32::NodeName(), the script starts the service by calling the
A logfile => ( Win32::GetFullPathName( $0 ) =~
Win32::Daemon::StartService() function,
/^(.*)\.[^.]*$/ )[0] . .log,
service_alias => ProcMon, as Listing 3 shows. If the call is success-
service_name => Perl Process Monitor, ful, the SCM starts interacting with the
# Specify how long (in milliseconds) to sleep Perl script as if the script were a built-in
# after polling the service state.
Win32 service. If the call fails, the script
service_sleep_time => 100,
# Specify how often (in seconds) to query the list of logs an error message and exits.
# processes to determine whether theres a process to kill. After the service starts, the script
update_proc_list_time => 5 continuously checks the SCM for mes-
);
sages. The script uses a long loop that
Configure( \%Config, @ARGV );
if( $Config{install} ) continuously calls the Win32::Dae-
{ mon::State() method to check for any
InstallService(); state change. In this loop, which List-
exit;
}
ing 4, page 12, shows, the script has a
elsif( $Config{remove} ) block of code for each possible state
{ that can occur. The code executes an
RemoveService(); appropriate action for that state. For
exit;
} example, the block of code for the
elsif( $Config{help} ) SERVICE_PAUSE_PENDING state
{ doesnt do anything other than log an
Syntax();
indicator that specifies that the script is
exit;
} entering the paused state. Each block
of code calls the Win32::Daemon::

Windows Scripting Solutions MAY 2003


State() method, which passes in a new
state. The loop continues until the
state changes to SERVICE_STOPPED,
at which time the script cleans up any
loose ends (e.g., closes open files,
deletes temporary files), then ends.
Of the different states that the main
loop monitors, the most important
states are SERVICE_START_PENDING,
SERVICE_STOP_PENDING, SERVICE_
RUNNING, and SERVICE_STOPPED.
The script enters the SERVICE_START_
PENDING state only onceat the
beginning of the script. As the code at
callout A in Listing 4 shows, the code
initiates a Windows Management
Instrumentation (WMI) connection
that the script uses throughout the life
of the service. The code then instructs
the SCM that the service has officially
entered the SERVICE_RUNNING state.
The SCM returns a SERVICE_STOP_
PENDING state when a user, applica-
tion, or system component requests
the service to stop. In response, the
script cleans up any loose ends and
prepares for the services termination.
Afterward, the script calls the Win32::
Daemon::State(SERVICE_STOPPED)
function to indicate that the script has
stopped processing service requests.
When the SCM returns the SERVICE_
STOPPED state, the main loop ends and
the script shuts down the service by call-
ing the Win32::Daemon::StopService( )
functions, then exits.
The script uses the SERVICE_
RUNNING state to do the bulk of its
work. When the loop detects this state,
it runs the code at callout B in Listing
4. This block of code first checks the
clock to see whether enough time has
passed since the last check of running
processes. This amount of time is con-
figurable through the -proctime com-
mand-line parameter. If the specified
amount of time has passed, the code
uses WMI to walk through each running
process on the machine. The code com-
pares each process name with the
names in the %PROC_LIST hash. When
a match occurs, the code compares how
long the process has been running with
ProcMon.pl [-install [-account Account] [-password Password]
[-l LogFile] [-m Machine] [-n Name] [-proctime Time]] [-remove] [-help]
-install Installs the service.
-account Account Specifies the account under which the service
runs. Replace Account with your accounts
name. The account name must have the Logon
as a Service privilege on the machine the service
is installed on. The default is the local system.
-password Password Specifies the password the service uses.
Replace Password with your accounts password.
-l LogFile Specifies the location of the log file. Replace
LogFile with your logs path.
-m Machine Specifies the machine to monitor. You must specify
an account that has administrative permissions on
the remote machine.
-n Name Specifies the services name. Replace Name
with a name for your service.
-proctime Time Specifies how often (in seconds) to check the list
of processes for any process that must be terminated.
-remove Removes the service. If you installed the service
with a name (i.e., used the -n parameter), specify
-n when removing the service.
-help Displays the scripts syntax.
11
FIGURE 1:
Syntax to launch ProcMon.pl
the permitted time in the %PROC_LIST that it successfully changed states
hash. If the process has been running (e.g., moved from SERVICE_PAUSE_
longer than the permitted time, the PENDING to SERVICE_PAUSED), the
code terminates the process. script remembers the new state (e.g.,
The final line of the code at callout SERVICE_PAUSED) by storing that
B is important. It tells the script to fall information in the $PrevState variable.
asleep for 25 milliseconds (ms). This Then, when an unknown state occurs,
sleep cycle occurs for each process to the script ignores the unknown state
prevent WMI from spiking the CPU and tells the SCM that the service is still
load. in the state that the $PrevState variable
The last state that the main loop specifies, as the code at callout C in
checks for is an unknown state. Some Listing 4 shows.
services have special states that specific Finally, the main loop falls asleep
applications trigger. To the SCM, these for a short amount of time, as the code
states are unknown. Because the SCM at callout D in Listing 4 shows. This
can indicate an unknown state, the sleep cycle prevents any CPU spiking
script must be able to handle this state. that might occur if the loop runs
Every time the script tells the SCM amok. Typically, the main loop doesnt
LISTING 3: Code That Starts the Service
if( ! Win32::Daemon::StartService() )
{
Log( Could not start the $Config{service_name} service );
Log( Error: . GetError() );
exit();
}
www.winscriptingsolutions.com
 Win32 Perl Services
need to run constantly anyway. By
LISTING 4: Code That Checks the SCM default, the script falls asleep for
100ms before starting over.
while( SERVICE_STOPPED !=
( my $State = Win32::Daemon::State() ) )
{ Customizing ProcMon.pl
if( SERVICE_START_PENDING == $State ) Now that you understand how a Win32
{
Perl Service works, you can customize
Log( Linking to WMI... );
if( $WMIServices = Win32::OLE-> ProcMon.pl to monitor the processes
A
GetObject( winmgmts://$Config{machine}/root/cimv2 ) ) that you want to limit. Simply modify
{ the %PROC_LIST hash in Listing 1 to
Log( ...successful. );
include those processes. Then, to install
Win32::Daemon::State( $PrevState = SERVICE_RUNNING );
Log( $Config{service_name} service has started. ); the script as a service, use the following
} command to launch ProcMon.pl:
else
{
Perl ProcMon.pl -install
Log( ...failure. );
Win32::Daemon::State($PrevState = SERVICE_STOPPED );
Log( $Config{service_name} service could not get a process To start the service, run the command
list object: Aborting. );
Log( Error: . Win32::OLE->LastError() );
} net start ProcMon
}
elsif( SERVICE_PAUSE_PENDING == $State ) To test the service, run a program thats
{
in your %PROC_LIST hash. You can
# Pausing
12 then check the log file for details about
Win32::Daemon::State($PrevState = SERVICE_PAUSED );
Log( $Config{service_name} service has paused. ); what the service has done.
next;
}
elsif( SERVICE_CONTINUE_PENDING == $State )
Debugging the Service
{ If all goes well, your Win32 Perl service
# Resuming will run smoothly. However, problems
Win32::Daemon::State($PrevState = SERVICE_RUNNING ); can arise, and you might need to de-
Log( $Config{service_name} service has resumed. );
bug the service.
next;
} Win32 services have limitations that
elsif( SERVICE_STOP_PENDING == $State ) can be difficult to work around. The
{ biggest limitation is that a service runs
# Stopping
Win32::Daemon::State($PrevState = SERVICE_STOPPED );
headless, which means it doesnt have
Log( $Config{service_name} service is stopping. ); a UI. Thus, Win32 services are difficult
next; to debug because they dont have any
} windows that display information, so
elsif( SERVICE_RUNNING == $State )
{ you cant directly interact with the ser-
B my $Now = time(); vices. This limitation can be especially
if( $Now - $LastRunTime >= $Config{update_proc_list_time} ) frustrating for Perl scriptwriters because
{
they typically use an interactive debug-
$LastRunTime = $Now;
my $ProcList = ger to debug their scripts.
$WMIServices->InstancesOf( Win32_Process ); The most practical way to debug a
foreach my $Process ( in( $ProcList ) ) Win32 Perl service is to have it write
{
debug messages to a log file. You can
my $ProcName = $Process->{Name};
if( defined $PROC_LIST{lc $ProcName} ) then examine the log file to see the data
{ that your script printed out. However,
my( @List ) = ( $Process->{CreationDate} =~ this type of debugging is slow and
/(\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)/ );
# Index 0 = full year, 1 = month, 2 = day,
cumbersome because you have to walk
# 3 = hour, 4 = minute, 5 = second. Month through a potentially long log file just
# must be changed to be 0 indexed. to see the results of debug messages. A
$List[1] ; better alternative is to run SysLogD.pl,
Continued on page 13
which you can find in the Code

Windows Scripting Solutions MAY 2003

Library. SysLogD.pl is quite beneficial
when debugging a Win32 service
because the service writes debugging
messages to a named pipe rather than
a log file. A named pipe acts as a
medium between two processes: the
server process that creates the named
pipe and the client process that con-
nects to the named pipe. From the
viewpoint of both applications, the
named pipe looks like a file that they
can write to or read from.
SysLogD.pl uses the Win32::Pipe
extension (which comes with Active-
States ActivePerl) to create the named
pipe. After creating the named pipe,
the script waits for an application to
connect to it. A perfect example of a
client application connecting to the
named pipe is a Win32 service that
uses the named pipe as a log file.
After an application connects to the
named pipe, the script reads from the
named pipe while the client is still con-
nected. The call to the named pipes
Read() function is a blocking call. There-
fore, the Read() function wont return
anything until the client application has
either written data to the named pipe
or disconnected from the named pipe.
If the application wrote data to the
named pipe, the Read() function returns
the data. SysLogD.pl displays anything
that a client application might send to
it. If the application disconnected from
the named pipe, the Read() function
returns nothing at all.
To test SysLogD.pl, run the script in
a cmd.exe window. Then, in another
cmd.exe window, run the following
LISTING 4 continued
my $ProcStartTime = timelocal( reverse @List );
my $ProcRunTime = $Now - $ProcStartTime;
if( $PROC_LIST{lc $ProcName} <= $ProcRunTime )
{
if( 0 == $Process->Terminate( 0 ) )
{
Log( Killed $ProcName started on .
localtime( $ProcStartTime ) );
}
else
{
Log( Failed to Kill $ProcName started on
. localtime( $ProcStartTime ) );
}
}
}
Win32::Sleep( 25 );
}
}
}
else
{
Win32::Daemon::State( $PrevState );
C
}
D Win32::Sleep( $Config{service_sleep_time} );
}
13
Dir command, which redirects the Win32 Services for Everyone
output to the named pipe: Win32 services are incredibly powerful
tools that you shouldnt be without.
Dir C:\*.* > \\YourMachineName\ When you use Perl scripts, creating
pipe\syslog Win32 services is easy. So, have some
fun and create some Win32 services.
Be sure to replace YourMachineName Drop me an email message sharing the
with your computers name. The result kinds of Perl-based Win32 services
is a directory listing in the Perl scripts that youve created. 38404
cmd.exe window.
Because named pipes work over a Dave Roth (rothd@roth.net) is the author
network, you can have your scripts log of several Win32 Perl extensions, including
Win32::AdminMisc, Win32::ODBC, Win32::
to a remote machine. If you have all
Daemon, and Win32::Perms. His most
your services on all your servers log to
recent book is Win32 Perl Programming:
one remote machine, you would need The Standard Extensions, 2nd edition
to monitor only one computer to (New Riders Publishing/Macmillan Tech-
monitor an entire network of services. nical Publishing).

Real-World Shell Scripting

Group Membership Tracking
by Dick Lewis
If you manage a large environment,
youve probably delegated responsi-
bility for group memberships to
administrators in your domain or
organizational unit (OU). Ultimately,
though, youre responsible if a user is
granted too much access or access
thats otherwise inappropriate.
In Real-World Shell Scripting:
Auditing the Membership of Privileged
Groups, July 2002, http://www.win
scriptingsolutions.com, InstantDoc ID
25275, I described a script that lets you
quickly perform a periodic audit of key
local and global group memberships

www.winscriptingsolutions.com
 Group Membership Tracking
LISTING 1: Main Code to Configure
:: Replace London with your domains name.
Set Domain=London
:: Replace FredSmith@yourcompany.com with the email addresses
:: of the recipients you want to receive the email message.
Set Recipients=FredSmith@yourcompany.com
:: Replace CindyWong@yourcompany.com with the email address
:: of the person sending the email message.
Set From=CindyWong@yourcompany.com
:: Replace mailserver.yourcompany.com with your SMTP servers name.
Set Mailserver=mailserver.yourcompany.com
on your servers. That script gives you
a good snapshot of group member-
ships for your quarterly audits, but its
not much help when you want to track
day-to-day additions to and deletions
from group memberships. Discovering
a user account with authority thats too
generous is important at audit time,
14 but discovering potential problems
sooner is better.
Comparing Lists
The GroupMembershipTracker.bat
script, which you can find in the Code
Library on the Windows Scripting Solu-
tionsWeb site (http://www.winscripting
solutions.com), uses the Local and
Global utilities from the Microsoft
Windows 2000 Server Resource Kit or
the Microsoft Windows NT Server 4.0
Resource Kit to periodically list a
groups members. The script then
compares that list with the previous
list.
The code that performs the line-by-
line comparison uses the Findstr com-
mand to determine whether the new
file contains every line entry from the
old file and whether the old file con-
tains every line entry from the new file.
If something doesnt match, someone
has added or deleted a member and a
notification event occurs. In addition
to sending notification messages,
GroupMembershipTracker .bat creates
a running timestamped log, in case
you need to review the entire history of
changes. If no changes exist, no notifi-
cation event is necessary.
Windows Scripting Solutions MAY 2003
This script assumes youre moni-
toring key administration groups as
opposed to large groups with hundreds
of members. The script can perform the
latter task but can take a while to com-
plete. Most domains or OUs contain 6
to 10 key groups, such as Domain
Admins, OU Admins, GPO Admins,
Local PC Admins, and other adminis-
trative groups that have sweeping
domain powers and whose member-
ship deserves constant attention.
Using Blat
Blat is a freeware utility that lets you
send email messages from a com-
mand-shell script. In the case of
GroupMembershipTracker.bat, Blat
lets you send notification messages
when any new group is added to the
local or global group tracking lists. You
can download Blat from http://www
.interlog.com/~tcharron/blat.html.
For more information about Blat, see
Real-World Scripting: Using Blat to
Send Email Notification Messages,
November 2000, http://www.win
scriptingsolutions.com, InstantDoc ID
15848. The GroupMembershipTracker
.bat code shows Blat syntax for SMTP
servers that dont require authentica-
tion. Review the Blat documentation
for information about the -u and -pw
authentication switches.
Putting It Together
GroupMembershipTracker.bat is com-
patible with Windows XP, Win2K, and
NT 4.0 systems. To get GroupMember-
shipTracker.bat running in your envi-
ronment, perform the following set of
steps:
1. Copy the script into a dedicated
folder on the server or workstation on
which you plan to schedule the script
to run.
2. Determine the local and global
groups that you need to monitor. Cre-
ate localgroups.txt and globalgroups
.txt input lists, and place these files in
the folder that holds GroupMember-
shipTracker.bat. If you have all local and
no global groups, or vice versa, you
dont need to create an empty input file.
If the script cant find an input file, it
simply moves on to the other input file.
3. Configure GroupMembership-
Tracker.bat for your environment. List-
ing 1 shows the code that you must
change. First, configure the domain in
which your local and global groups
exist. If you want to track groups in
more than one domain, you need to
either run additional instances of the
script or modify the code to handle
additional domains. Next, at the top of
the script, configure the To and From
email addresses that Blat will use for the
email notifications. For the email noti-
fications To address, you can specify
multiple recipients by separating the
addresses from one another with a
comma but no space. Finally, configure
the SMTP server name that Blat will use
to send the email notification.
4. Verify that the scripts utilities (i.e.,
now.exe, local.exe, global.exe, and
blat.exe) reside in the folder from
which the script will run. As Listing 2
shows, the script sets the folder loca-
tion to the %~dp1 variable. The per-
cent sign (%) specifies a replaceable
parameter. The ~dp1 portion tells the
scripting engine to capture the drive
letter (d) and the path (p). If your script
path is C:\AdminScripts\GroupMem-
bershipTracker.bat, the %~dp1 vari-
able contains the C:\AdminScripts
folder location information. Thus, if
your utilities arent in the same loca-
tion as the script or you want to locate
input and output files elsewhere, you
must modify the code in Listing 2 to
point to the utilities location. (For
more information about the %~dp1
variable, see the Web-exclusive sidebar
Two Tricks for Your Scripting Toolbelt,
http://www.winscriptingsolutions.com,
InstantDoc ID 38418.)
5. Manually test the script to verify
that its capturing and logging group
changes and properly sending email
messages. The script creates a tempo-
rary file for each group that youve tar-
geted for tracking so that it can
compare past script run results with
the next script run results. You might
want to make your changes to one or
two test groups so that you dont affect
your production group memberships
when you add and delete users to trig-
ger messages.
6. Determine how often you want
the monitoring script to run. You could
schedule it to run every few minutes,
but once or twice a day is probably suf-
ficient. Use Task Scheduler to schedule
the script.
LISTING 2: Code to Configure the Utilities Location
:: This code appears in the scripts :routine module. If your
:: utilities arent in the folder you specified in the launch
:: command, replace =%~dp1 with the full path that points to the
:: utilities location.
Set FolderLocation=%~dp1
This script is primarily designed to
identify unintentional group member-
ship changes. If youre looking for
security violations or patterns indicat-
ing intentional changes that might
necessitate employee discipline or dis-
missal, you have some additional con-
siderations. You would want to
frequently run the script on a PC or
server, and you would want to limit
knowledge of the scripts existence
and location. If a user has Change
access to the location of the group sta-
tus files, he or she could potentially
edit these files to mask user account
additions and removals. To accurately
track such intentional activities, you
would definitely want to use the script
in combination with auditing and
Security event-log monitoring.
GroupMembershipTracker.bat can
help you get a handle on your key
group memberships. The potential for
surprises at audit time will diminish,
and youll have an extra set of eyes for
tracking group members to be sure that
no security breaches occur because of
incorrect group memberships in your
domain or OU. 38400
Dick Lewis (dlewis@winnetmag.com) is a
senior systems engineer with CKT Consult- 15
ing in Riverside, California. He is an MCSE
and an MCT, specializing in enterprise
management of Windows 2000 and Win-
dows NT servers and workstations.

Reader to Reader
Win2K and NT Which Command
[Editors Note: Share your scripting dis-
coveries, comments, problems, solu-
tions, and experiences with products.
Email your contributions (500 words or
less) to r2rwinscriptsol@winnetmag
.com. We edit submissions for style,
grammar, and length. If we print your
submission, youll get $100.]
Ive found the Which command so
useful in UNIX that I decided to dupli-
cate its behavior in Win2K and NT. I
wrote a command-shell script, which
Web Listing 1 (http://www.winscripting
solutions.com, InstantDoc ID 38399)
shows, and a VBScript file, which Web
Listing 2 shows. The command-shell
script uses only batch tools and relies
on the native Win2K and NT tool find-
str.exe. The VBScript file requires Win-
dows Script Host (WSH). You can use
Win2Ks default version of WSH; for
NT, you must manually install a version
of WSH. Both of my scripts validate
command-line syntax and search for

The UNIX Which command lets you Windows Scripting Solutions (ISSN 1537-4483; USPS 017-852) is published monthly by Penton Technology Media, Inc.,
find in the current users path a speci- 221 E. 29th St., Loveland, CO 80538

fied executable. By default, Which lists
only the first instance of the specified
file in the path. If you use the -a option,
Which lists all locations of the file in
any directory in the path. In UNIX, the
current directory isnt in the path by
default. In Windows 2000 and Windows
NT, the current directory is in the path
but only implicitly.
Vol. 5, No. 5 2003 by Penton Media, Inc. ALL RIGHTS RESERVED.
Subscriptions in US $129.00 for one year; add $7.00 for all countries outside the US.
Windows Scripting Solutions is an independent publication not affiliated with Microsoft Corporation. Microsoft Cor-
poration is not responsible in any way for the editorial policy or other contents of the publication.
Windows Scripting Solutions, 221 E. 29th St., Loveland, CO 80538, 800-621-1544 or 970-663-4700.
Sales and Marketing Offices: 221 E. 29th St., Loveland, CO 80538
Periodicals Postage Paid at Loveland, CO and additional mailing offices.
POSTMASTER: Send address changes to Windows Scripting Solutions, P.O. Box 447, Loveland, CO 80539-0447
SUBSCRIBERS: Send all inquiries, payments, and address changes to Windows Scripting Solutions, Circulation Depart-
ment, P.O. Box 447, Loveland, CO 80539-0447, 970-203-2782 or 800-793-5697, scripting@winnetmag.com.

www.winscriptingsolutions.com
Publisher
EDITORIAL
Kim Paulsen
Reader to Reader
kpaulsen@winnetmag.com
Editor-in-Chief Janet Robbins
janet@winnetmag.com
Technical Editors Alistair G. Lowe-Norris any file that the OS deems executable. Both overran the command-line character limit.
alistair@winnetmag.com
Dino Esposito scripts also explicitly include the current The VBScript file is simpler than the com-
dino@winnetmag.com
Bob Wells
directory. mand-shell script. I use the VBScript file
bobwells@winnetmag.com The command-shell script contains some solely from the command line, so Ive written
Dick Lewis
dlewis@winnetmag.com unusual logic to delimit certain strings cor- a small batch wrapper for the file, which Web
Editor Michelle Crockett rectly. This script also breaks some For loops, Listing 3 shows. You must write the full path
crockett@winnetmag.com jumping in and out of them based on certain to which.vbs into the wrapper batch file.
Group Managing Editor Dianne Russell conditions. I repeated one line, which tests for 38399
drussell@winnetmag.com
Editorial Content Manager Amy Eisenberg
the existence of the command issued as the Glen Campbell
amy@winnetmag.com argument, because the elements I needed to gcampbel@dante.com
Editors Karen Bemowski
execute based on the commands success
Jason Bovberg
Rob Carson
Juliann Feuerbacher
Barb Gibbens
Renee Munshi
Lisa Pere
Warren Pickett
Gayle Rodcay

Copy Editors Angela Brew

Joan Roberts
Shauna Rumbaugh
Administrative Coordinator Kathy Milner
kmilner@winnetmag.com

Senior Art Director Larry Purvis

Associate Production Director Linda Kirchgesler

Circulation Marketing Gregg Kinnes

Manager greggk@winnetmag.com

Thomas L. Kemp Chairman and CEO

Daniel J. Ramella President and COO

PENTON TECHNOLOGY AND

LIFESTYLE MEDIA
David B. Nussbaum President
Darrell Denny President, IT Media Group

LETTERS AND SUBSCRIPTIONS

Send your letters and comments to
winscriptsol@winnetmag.com.
Send all inquiries, payments, and address
changes to scripting@winnetmag.com.

www.winscriptingsolutions.com

Printed in the USA