Author Archives: Krishna - MVP

VB Script to Modify Folder NTFS Security and Share Permission

VB ScriptsLeave a comment

Below is the VBscript to Modify Folder NTFS Security and Share permission. It is using Cacls.exe and Rmtshare.exe to modify the permission. Cacls.exe can be used to modify Folder NTFS security Permission and  rmtshare.exe modifies Share Permission.  Below script removes all the existing permission NTFS Permission and Provides domain\accountname Full access and remove Inheritance check box and provide domain\accountname read share permission and remove all the other share permission. You can modify the script to suite your requirement

Set WshNetwork = WScript.CreateObject(“WScript.Network”)
strFolderName = Installerpath(WshNetwork.ComputerName)
Set objShell = CreateObject(“Wscript.Shell”)
intRunError = objShell.Run(“%COMSPEC% /c Echo Y| cacls ” & strFolderName & ” /c /g domain\accountname:F”, 2, True)
intRunError = objShell.Run(“F:\Krishna\Rmtshare.exe \\Servername\Sharename /remove”)
intRunError = objShell.Run(“F:\Krishna\Rmtshare.exe \\Servername\Sharename /grant “”domain\accountname””:read”)
intRunError = objShell.Run(“F:\Krishna\Rmtshare.exe \\Servername\Sharename /remove everyone”)

Function Installerpath(compname)
strPath = “\\” &  compname & “\Sharename”
strPath = Replace(strPath, “\\”, “”)
arrPath = Split(strPath, “\”)
strComputer = arrPath(0)
strShare = arrPath(1)
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set colItems = objWMIService.ExecQuery(“Select * From Win32_Share Where Name = ‘” & strShare & “‘”)

For Each objItem in colItems
strFolderName = objItem.Path
Next
Installerpath = strFolderName

End Function

Executing the script :

Save the file as .vbs and you can execute locally or user psexec.exe to execute script remotely. Below is the psexec command to run remotely.

Psexec.exe \\servername cscript C:\Securitymodify.vbs

You can find the copy of the code in the below link

http://powershell.com/cs/members/smtpport25.wordpress/files/ModifySecuritySharePermission.txt.aspx

Powershell to check check user Security Permission using Dscals

PowershellLeave a comment

Powershell to check if  set of users for security security permission. Below script helps to check if users has Account Operators listed in security permission

$csv = Import-csv -path "D:\Krishna\dsacls\user.csv"foreach($line in $csv){$input = "\\Servername\" + $line.DN$K = .\dsacls.exe $input$i = 1foreach ($service in $K){$Status = $service -like "Allow BUILTIN\Account Operators*"if ($status -eq $true){i= 0}}if($i -eq 1){$line.mailnickname >> dcalsresult.txt}

You can also find the copy in the below link

http://powershell.com/cs/members/smtpport25.wordpress/files/UserSecurityPermission.ps1.aspx

Powershell to find version of Transport.exe on all Exchange Transport servers

Exchange 2007Leave a comment

Powershell to find version of Transport.exe on all Exchange Hub Transport server

$TsServer = Get-TransportServer
foreach($server in $TsServer){
$name = $server.name
$storever = [System.Diagnostics.FileVersionInfo]::GetVersionInfo(“\\$name\c$\Program Files\Microsoft\Exchange Server\Bin\EdgeTransport.exe”).Fileversion
$res = $server.name  + ” = ” + $storever
$res
}

Powershell to Find Store.exe Version on All Exchange Mailbox Servers

Exchange 2007Leave a comment

Powershell to Find Store.exe Version on All Exchange Mailbox Servers. We need to make sure that Store.exe is constant on all the servers.  Below script helps you to get same

$MBXServer = Get-mailboxServer
foreach($server in $MBXServer){
$name = $server.name
$storever = [System.Diagnostics.FileVersionInfo]::GetVersionInfo(“\\$name\c$\program files\microsoft\exchange server\bin\store.exe”).Fileversion
$res = $server.name  + ” = ” + $storever
$res
}

VBScript to Add users Security Group to local computer if Computer object is under specific OU

Exchange 2007Leave a comment

VBScript to Add users Security Group to local computer if Computer object is under specific OU. For Security reason we always need to make sure that only specific security groups are administrators of specific computers. This will always be the business requirement. With below script you can obtain this. Include this script in in the GPO and Add in to user logon script.


DIM objNetwork
DIM computerName
DIM ou
set objNetwork = createobject(“Wscript.Network”)
computerName = objNetwork.ComputerName
ou = getOUByComputerName(computerName)

on error resume next
Select Case ou

Case “OU=Computers,DC=domain,DC=com”
set group = GetObject(“WinNT://”& computerName &”/Administrators”)
group.Add “WinNT://domain/Group”
err.clear

Case “OU=Computers1,DC=domain,DC=com”
set group = GetObject(“WinNT://”& computerName &”/Administrators”)
group.Add “WinNT://domain/Group1”
err.clear

End Select

function getOUByComputerName(byval computerName)
DIM namingContext, ldapFilter, ou
DIM cn, cmd, rs
DIM objRootDSE
set objRootDSE = getobject(“LDAP://RootDSE”)
namingContext = objRootDSE.Get(“defaultNamingContext”)
set objRootDSE = nothing
ldapFilter = “<LDAP://” & namingContext & _
“>;(&(objectCategory=Computer)(name=” & computerName & “))” & _
“;distinguishedName;subtree”
Set cn = createobject(“ADODB.Connection”)
set cmd = createobject(“ADODB.Command”)
cn.open “Provider=ADsDSOObject;”
cmd.activeconnection = cn
cmd.commandtext = ldapFilter
set rs = cmd.execute
if rs.eof <> true and rs.bof <> true then
ou = rs(0)
ou = mid(ou,instr(ou,”,”)+1,len(ou)-instr(ou,”,”))
getOUByComputerName = ou

end if
rs.close
cn.close

end function

You can always find the copy from the below link

http://powershell.com/cs/cfs-filesystemfile.ashx/__key/CommunityServer.Components.UserFiles/00.00.00.30.62/AddAdminfinal.txt

Exchange Database – Dirty Shutdown

Exchange 2003, Exchange 2007, Exchange 20104 Comments

As Exchange Administrator it would be bad day if you have exchagne database in Dirty Shutdown State and you dont have required log files to perform soft recovery. Below link has a steps on how to perform soft recovery if you have al the require log file.

/2009/07/13/disaster-recovery-of-exchange-2007-mailbox-server/

If you dont have the required log files then you have to follow below steps to recover the database

1. Run ESEUTIL /P database_filename.edb (from the BIN folder and repair the edb files)
2. Delete the log and chk files.
3. Run eseutil /d database_filename.edb (Defrag the Database)
4. Run isinteg (isinteg -s servername -fix -test alltests) from the bin folder.
5. Mount the stores

Eseutil and Isinteg would be really long time , depending on the size of the database. Microsoft always recommends to keep the database size less then 100 GB. If you are using CCR environment then it can grow more then 100 GB as you will be multipe copies of the log files for recovery purpose