Tips & Tricks Archives - Page 7 of 11

UNICODE – ONE code to rule them all

April 20, 2010July 24, 2019 ingmar.koecher 0 Comment Miscellaneous, Pure Knowledge, Tips & Tricks Unicode tutorial bom bmp utf-8 ucs-2 utf-16

If you live in an English-speaking country like the United States, United Kingdom or Australia, then you are in the lucky position where every character in your language can be represented by the ASCII table. Many other languages aren’t as lucky unfortunately, and it is no surprise given the fact that over 1000 written languages exist. Most of these languages cannot be interpreted by ASCII, most notably Asian and Arabic languages.

Take the text below for example, ASCII would be struggling with this a bit (to say the least):

النمسا

Understanding UNICODE is no easy feat however – just the mere abbreviations out there can be mind-boggling: UTF-7, 8, 16, 32, UCS-2, BOM, BMP, code points, Big-Endian, Little-Endian and so forth. UNICODE support is particularly interesting when dealing with different platforms, such as Windows, Unix and OS X.

It’s not all that bad though, and once the dust settles it can all make sense. No, really. As such, the purpose of this article is to give you a basic understanding of UNICODE, enough so that the mention of the word UNICODE doesn’t give you cold shivers down your back.

Unicode is essentially one large character set that includes all characters of written languages, including special characters like symbols and so forth. The goal – and this goal is reality today – is to have one character set for all languages.

Back in 1963, when the first draft of ASCII was published, Internationalization was probably not on the top of the committee member’s minds. Understandable, considering that not too many people were using computers back then. Things have changed since then, as computers are turning up in pretty much every electrical device (maybe with the exception of stoves and blenders).

The easiest way to start is, of course, with ASCII (American Standard Code for Information Interchange). Gosh were things simple back in the 60s. If you want to represent a character digitally, you would simply map it to a number between 1 and 127. Voila, all set. Time to drive home in your Chevrolet, and listen to a Bob Dylan, Beach Boys or Beatles record. I won’t go in to the details now, but for the sake of completeness I will include the ASCII representation of the word “Bob Dylan”:

String:      B    o    b         D    y    l    a    n
Decimal:     66   111 98   32   68   121 108 111 110
Hexadecimal: 0x42 0x6F 0x62 0x20 0x44 0x79 0x6C 0x6F 0x6E
Binary:      01000010 01101111 01100010 00010100
01000100 01111001 01101100 01101111 01101110

Computers, plain and simple as they are, store everything as numbers of course, and as such we need a way to map numbers to letters, and vice versa. This is of course the purpose of the ASCII table, which tells our computers to display a “B” instead of 66.

Since the 7-bit ASCII table has a maximum of 127 characters, any ASCII character can be represented using 7 bits (though they usually consume 8 bits now). This makes calculating, how long a string is for example, quite easy. In C programs for example, ASCII characters are represented using chars, which use 1 byte (=8 bits) of storage. Here is an example in C:

char author[] = “The Beatles”;
int authorLen = strlen(author); // authorLen = 11
size_t authorSize = sizeof(author); // authorSize = 12

The only reason the two variables are different, is because C automatically appends a 0x0 character at the end of a string (to indicate where it terminates), and as such the size will always one char(acter) longer than the length.

So, this is all fine and well if we only deal with “simple” languages like English. Once we try to represent a more complex language, Japanese for example, things start to get more challenging. The biggest problem is the sheer number of characters – there are simply more than 127 characters in the world’s written languages. ASCII was extended to 8-bit (primarily to accommodate European languages), but this still only scratches the surface when you consider Asian and Arabic languages.

Hence, a big problem with ASCII is that is essentially a fixed-length, 8-bit encoding, which makes it impossible to represent complex languages. This is where the Unicode standard comes in: It gives each character a unique code point (number), and includes variable-length encodings as well as 2-byte (or more) encodings.

But before we go to deep into Unicode, we’ll just blatantly pretend that Unicode doesn’t exist and think of a different way to store Japanese text. Yes! Let us enter a world where every language uses a different encoding! No matter what they want to make you believe – having countless encodings around is fun and exciting. Well, actually it’s not, but let’s take a look here why.

The ASCII characters end at 127, leaving another 127 characters for other languages. Even though I’m not a linguist, I know that there are more than 127 characters in the rest of the world. Additionally, many Asian languages have significantly more characters than 255 characters, making a multi-byte encoding (since you cannot represent every character with one byte) necessary.

This is where encodings come in (or better, “came” in before Unicode was established), which are basically like stencils. Let’s use Japanese for our code page example. I don’t speak Japanese unfortunately, but let’s take a look at this word, which means “Farewell” in Japanese (you are probably familiar with pronunciation – “sayōnara”):

さようなら

The ASCII table obviously has no representation for these characters, so we would need a new table. As it turns out, there are two main encodings for Japanese: Shift-JIS and EUC-JP. Yes, as if it’s not bad enough to have one encoding per language!

So code pages serve the same purpose as the ASCII table, they map numbers to letters. The problem with code pages – opposed to Unicode – is that both the author and the reader need to view the text in the same code page. Otherwise, the text will just be garbled. This is what “sayōunara” looks like in the aforementioned encodings:

EUC-JP
0xA4 B5 A4 E8 A4 A6 A4 CA A4 E9

Shift_JIS
0x82 B3 82 E6 82 A4 82 C8 82 E7

Their numerical representation between EUC-JP and Shift_JIS is, as is to be expected, completely different – so knowing the encoding is vital. If the encodings don’t match, then the text will be meaningless. And meaningless text is useless.

You can imagine that things can get out of hand when one party (party can be an Operating System, Email client, etc.) uses EUC-JP, and the other Shift_JIS for example. They both represent Japanese characters, but in a completely different way.

Encodings can either (to a certain degree) be auto-detected, or specified as some sort of meta information. Below is a HTML page with the same Japanese word, Shift_JIS encoded:

<HTML>
<TITLE>Shift_JIS Encoded Page</TITLE>

<META HTTP-EQUIV=”Content-Type” CONTENT=”text/html; charset=Shift_JIS”>
<BODY>
さようなら
</BODY>
</HTML>

You can paste this into an editor, save it has a .html file, and then view it in your favorite browser. Try changing “Shift_JIS” to “EUC-JP”, fun things await you.

But I am getting carried away, after all this post is about Unicode, not encodings. So, Unicode solves these problems by giving every character from every language a unique code point. No more “Shift_JIS”, no more “EUC-JP” (not even to mention all the other encodings out there), just UNICODE.

Once a document is encoded in Unicode, specifying a code page is no longer necessary – as long as the client (reader) supports the particular Unicode encoding (e.g. UTF-8) the text is encoded with.

The five major Unicode encodings are:

UTF-8
UCS-2
UTF-16 (an extension of UCS-2)
UTF-32
UTF-7

All of these encodings are Unicode, and represent Unicode characters. That is, UTF-8 is just as capable as UTF-16 or UTF-32. The number in the encoding name represents the minimum number of bits that are required to store a single Unicode code point. As such, UTF-32 can potentially require 4 x as much storage as UTF-8 – depending on the text that is being encoded. I will be ignoring UTF-7 going forward, as its use is not recommended and it’s not widely used anymore.

The biggest difference between UTF-8 and UCS-2/UTF-16/UTF-32 is that UTF-8 is a variable length encoding, opposed to the others being fixed-length encodings. OK, that was a lie. UCS-2, the predecessor of UTF-16, is indeed a fixed length encoding, whereas UTF-16 is a variable length encoding. In most use cases however, UTF-16 uses 2 bytes and is essentially a fixed length encoding. UTF-32 on the other hand, and that is not a lie, is a fixed-length encoding that always uses 4 bytes to store a character.

Let’s look at this table which lists the 4 major encodings and some of their properties:

Encoding	Variable/Fixed	Min Bytes	Max Bytes
UTF-8	variable	1	4
UCS-2	fixed	2	2
UTF-16	variable	2	4
UTF-32	fixed	4	4

What this means, is that in order to represent a Unicode character (e.g. さ), a variable length encoding might require more than 1 byte, and in UTF-8’s case up to 4 bytes. UTF-8 needs potentially more bytes, since it maintains backward-compatibility with ASCII, and as such loses 7 bits.

Windows uses UTF-16 to store strings internally, as do most Unicode frameworks such as ICU and Qt‘s QString. Most Unixes on the other hand use UTF-8, and it’s also the most commonly found encoding on the web. Mac OSX is a bit of a different beast; due to it using a BSD kernel, all BSD system functions use UTF-8, whereas Apple’s Cocoa framework uses UTF-16.

UCS-2 or UTF-16
I had already mentioned that UTF-16 is an extension of UCS-2, so how does it extend it and why does it extend it?

You see, Unicode is so comprehensive now that it encompasses more than what you can store in 2 bytes. All characters (code points) from 0x0000 to 0xFFFF are in the “BMP“, the “Basic Multilingual Plane”. This is the plane that uses most of the character assignments, but additional planes exist, and here is a list of all planes:

•    The “BMP”, “Basic Multilingual Plane”, 0x0000 -> 0xFFFF
•    The “SMP”, “Supplementary Multilingual Plane”, 0x10000 -> 0x1FFFF
•    The “SIP”, “Supplementary Ideographic Plane”, 0x20000 -> 0x2FFFF
•    The “SSP”, “Supplementary Special-purpose Plane”, 0xE0000 -> 0xEFFFF

So technically, having 2 bytes available is not even enough anymore to cover all the available code points, you can only cover the BMP. And this is the main difference between UCS-2 and UTF-16, UCS-2 only supports code points in the BMP, whereas UTF-16 supports code points in the supplementary planes as well, through something called “surrogate pairs“.

Representation in Unicode
So let’s look at the above sample text in Unicode, shall we? Sayonara Shift_JIS & EUC-JP! The site http://rishida.net/tools/conversion/ has some great online tools for Unicode, one of which is called “Uniview“. It shows us the actual Unicode code points, the symbol itself and the official description:

The official Unicode notation (U+hex) for the above characters uses the U+ syntax, so for the above letters we would write:

U+3055 U+3088 U+3046 U+306A U+3089

With this information, we can now apply one of the UTF encodings to see the difference:

UTF-8
E3 81 95 E3 82 88 E3 81 86 E3 81 AA E3 82 89

UTF-16
30 55 30 88 30 46 30 6A 30 89

UTF-32
00 00 30 55 00 00 30 88 00 00 30 46 00 00 30 6A 00 00 30 89

So UTF-8 uses 5 more bytes than UCS-2/UTF-16 to represent the same exact characters. Remember that UCS-2 and UTF-16 would be identical for this text since all characters are in the BMP. UTF-32 uses yet 5 more bytes then UTF-8 and would be require the most storage space, as to be expected.

What you can also see here, is that UTF-16 essentially mirrors the U+ notation.

Fixed Length or Variable Length?
Both encoding types have their advantages and disadvantages, and I will be comparing the most popular UTF encodings, UTF-8 and UCS-2, here:

Variable Length UTF-8:
•   ASCII-compatible
•   Uses potentially less space, especially when storing ASCII
•   String analysis/manipulation (e.g. length calculation) is more CPU-intensive

Fixed Length UCS-2:
• Potentially wastes space, since it always uses fixed amount of storage
• String analysis/manipulation is usually less CPU intensive

Which encoding to use will depend on the application. If you are creating a web site, then you should probably choose UTF-8. If you are storing data in a database however, then it will depend on the type of strings that will be stored. For example, if you are only storing languages that cannot be represented through ASCII, then it is probably better to use UCS-2. If you are storing both ASCII and languages that require Unicode, then UTF-8 is probably a better choice. An extreme example would be storing English-Only text in a UCS-2 database – it would essentially use twice as much storage as an ASCII version, without any tangible benefits.

One of the strongest suits of UTF-8, at least in my opinion, is its backward compatibility with ASCII. UTF-8 doesn’t use any numbers below 127 (0x7F), which are – well – reserved for ASCII characters. This means that all ASCII text is automatically UTF-8 compatible, since any UTF-8 parser will automatically recognized those characters as being ASCII and render them appropriately.

The BOM
And this brings us to the next topic – the BOM (header). BOM stands for “Byte Order Mark”, and is usually a 2-4 byte long header in the beginning of a Unicode text stream, e.g. a text file. If a text editor does not recognize a BOM header, then it will usually display the BOM header as either the þÿ or ÿþ characters.

The purpose of the BOM header is to describe the Unicode encoding, including the endianess, of the document. Note that a BOM is usually not used for UTF-8.

Let’s revisit the example from earlier, the UTF-16 encoding looked like this:

30 55 30 88 30 46 30 6A 30 89

If we wanted to store this text in a file, including a BOM header, then it could look also look like this:

FF FE 55 30 88 30 46 30 6A 30 89 30

“FF FE” is the BOM header, and in this case indicates that a UTF-16 Little Endian encoding is used. The same text in UTF-16 Big Endian would look like this:

FE FF 30 55 30 88 30 46 30 6A 30 89

The BOM header is generally only useful when Unicode encoded documents are being exchanged between systems that use different Unicode encodings, but given the extremely little overhead it certainly doesn’t hurt to add it to any UTF-16 encoded document. As such, Windows always adds a 2-byte BOM header to all Unicode text documents. It is the responsibility of the text reader (e.g. an editor) to interpret the BOM header correctly. Linux on the other hand, being a UTF-8 fan and all, does not need to (and does not) use a BOM header – at least not by default.

Tools & Resources
There are a variety of resources and tools available to help with Unicode authoring, conversions, and so forth.

I personally like Ultraedit, which lets me convert documents to and from UTF-8 and UTF-16, and also supports the BOM headers. GEdit on Linux is also very capable, and supports different code pages (if you ever need to use those) as well. Babelpad is an editor designed specifically for Unicode, and seems to support every possible encoding. I have not actually used this editor though.

A nifty online converter that I already mentioned earlier can be found at http://rishida.net/tools/conversion/, and also check out UniView: http://rishida.net/scripts/uniview/.

The official Unicode website is of course a great resource too, though potentially overwhelming to mere mortals that only have to deal with Unicode occasionally. The best place to start is probably their basic FAQ: http://www.unicode.org/faq/basic_q.html.

I hope this provides some clarification for those who know that Unicode exists, but are not entirely comfortable with the details.

さようなら!

How to REALLY monitor SMTP, POP3 and IMAP on Exchange 2003

February 1, 2010May 28, 2019 ingmar.koecher 0 Comment EventSentry, Monitoring, Tips & Tricks, Tools & Utilities Monitor exchange 2003 server eventsentry iis smtp pop3 smtpsvc

Even though Microsoft Exchange Server 2010 has already been released, many organizations still use Exchange 2003. In this article I’ll explain how to thoroughly monitor the various Internet protocols that Exchange 2003 offers, including SMTP, POP3, IMAP (and NNTP for that matter). The reason why I’ll only be looking at Exchange 2003 is because there is a significant difference in architecture between Exchange 2003 and later versions.

It is a common misconception that you can effectively monitor the W3SVC service (commonly referred to as IIS, though IIS encompasses a lot more than just a web server) and other services provided through IIS, such as SMTP and POP3, by simply monitoring their associated service. It’s a misconception, because a given IIS-based service may contain multiple instances – most commonly the case with the World Wide Web Service which often hosts multiple independent web sites. The status of these instances can be controlled independently of the hosting service, though that service needs to be running of course.

Don’t despair though, most server-based windows applications, fortunately, can be monitored by ensuring that their respective service is – well – running. For example, to ensure that the Apache service is up, you “simply” make sure that the Apache service is running. The same goes for countless other services such as MySQL – even SQL Server (of course you can still detach individual databases in SQL Server).

Exchange 2003, due its partnership with the Internet Information Services 6.0, is different though. Yes, IIS and Exchange 2003 are tightly coupled, and if you intend to have your Exchange Server 2003 communicate with any other server using a standard Internet protocol such as SMTP, then you will need IIS.

The screenshot above shows that the inetinfo.exe process hosts all the major services (bold name), and that each service can host one or more instance. For more details please see http://technet.microsoft.com/en-us/library/bb124674(EXCHG.65).aspx.

The three most common Internet services your Exchange 2003 server is running are probably SMTP, POP3 and IMAP4. While a lot of attention is being paid to the core Exchange services such as

• Microsoft Exchange Information Store (MSExchangeIS)
• Microsoft Exchange System Attendant (MSExchangeSA)

The services providing SMTP, POP3 and IMAP4 connectivity are usually similarly important, especially the SMTP service. Looking at the EventSentry service status page immediately reveals that the SMTP, POP3 and IMAP4 services are managed by IIS:

As you can see, IMAP4Svc, POP3Svc and SMTPSvc all use inetinfo.exe (Executable column) for their host process. So why is this important again?

Since all of these services support multiple instances INSIDE the service (inetinfo.exe), the host process will continue to run even when one or more instances inside the service are stopped. Since most installations only have one instance, stopping that one instance inside the service will still leave the service up and running. The effect of course is the same; the service is not available to the end users while the Windows service will happily continue to run.

A screen shot from the System Manager application shows instances listed inside:

As you can see with the IMAP4 protocol, we have two virtual servers setup that are both hosted inside the “Microsoft Exchange IMAP4” service. To stubbornly illustrate my point further I took a screenshot that shows both IMAP4 instances stopped while the service itself is running:

So I think we’re all in agreement now that monitoring the POP3, SMTP etc. services in Exchange 2003 is not enough if you want to ensure that these services are actually available. So how do we monitor all of these instances?
The easiest way is actually with a VBScript, which is included below. VBScript works well since the cscript.exe interpreter is readily installed on Windows 2003, so no additional installation of tools is required. The script enumerates all instances of a given protocol, and checks whether they are running or not. If at least one instance is not running, the tool will return 1, thus setting the ERRORLEVEL to 1.

This VBScript can then be embedded into EventSentry, which will then run the script at set intervals using the application scheduler, notifying you via email (with the proper filter setup) when an instance is stopped. There’s a screencast for that, you can view it at https://www.eventsentry.com/screencasts/eventsentry-application-scheduler/eventsentry-application-scheduler.htm. It shows you how to create an embedded script and setup EventSentry to notify you when the scripts returns an error. Note that the screencast uses an older version of the script which only monitored web sites (not SMTP, IMAP4, …), but the process of setting up the script with EventSentry is exactly the same.

You should be able to use the script as-is, just configure which protocols are monitored by adjusting the values in the “Define which protocols to monitor here” section. The script always prints all installed instances and their status, and any stopped instance is prefixed with an asterisk. Below is what an email from EventSentry looks like:

The line with the stopped instance won’t be yellow in the actual email, I just added this for readability. The script can also easily be modified to automatically start any stopped instances – simply add the line

Instance.Start

after line 102. This will still trigger an email (or error) to notify you that it was stopped, but a subsequent run of the script at the next monitoring interval should not trigger an error again if the start was successful.

A note of caution here though – I have seen the script hang indefinitely with this line added when an instance that is currently stopped can’t be started because it’s not configured correctly. Hence, it’s not included by default.

‘ Lists the state of all IIS protocols configured on the local machine
‘ and returns an %ERRORLEVEL% of 1, if at least one instance is not in
‘ the “Started” state.
‘
‘ When scheduling this script with EventSentry’s application scheduler,
‘ make sure that the interpreter is set to “cscript.exe”

Option Explicit

Dim allInstancesAreRunning

Dim monitorSMTP, monitorPOP3, monitorIMAP4, monitorNNTP, monitorFTP, monitorWWW

‘ Define which protocols to monitor here

monitorSMTP = 1
monitorPOP3 = 1
monitorIMAP4 = 1
monitorNNTP = 1
monitorFTP = 1
monitorWWW = 1

‘ Define which protocols to monitor here

‘ ==================== EXECUTION STARTS HERE ====================
allInstancesAreRunning = EnumerateAllInstances

If allInstancesAreRunning = 0 Then
WScript.Echo vbCRLF & “WARNING: One or more IIS components are not running” & vbCRLF
End If

If allInstancesAreRunning = 0 Then
WScript.Quit 1
End If

‘ ==================== FUNCTIONS ====================
Function EnumerateAllInstances

EnumerateAllInstances = 1

If monitorSMTP = 1 Then
EnumerateAllInstances = EnumerateAllInstances And EnumerateInstances(“localhost”, “SMTPSVC”)
End If

If monitorPOP3 = 1 Then
EnumerateAllInstances = EnumerateAllInstances And EnumerateInstances(“localhost”, “POP3SVC”)
End If

If monitorIMAP4 = 1 Then
EnumerateAllInstances = EnumerateAllInstances And EnumerateInstances(“localhost”, “IMAP4SVC”)
End If

If monitorNNTP = 1 Then
EnumerateAllInstances = EnumerateAllInstances And EnumerateInstances(“localhost”, “NNTPSVC”)
End If

If monitorFTP = 1 Then
EnumerateAllInstances = EnumerateAllInstances And EnumerateInstances(“localhost”, “FTPSVC”)
End If

If monitorWWW = 1 Then
EnumerateAllInstances = EnumerateAllInstances And EnumerateInstances(“localhost”, “W3SVC”)
End If

End Function

Function MapServiceToInstance( Service )

If Service = “SMTPSVC” Then
MapServiceToInstance = “IIsSmtpServer”
ElseIf Service = “POP3SVC” Then
MapServiceToInstance = “IIsPop3Server”
ElseIf Service = “IMAP4SVC” Then
MapServiceToInstance = “IIsImapServer”
ElseIf Service = “W3SVC” Then
MapServiceToInstance = “IIsWebServer”
ElseIf Service = “NNTPSVC” Then
MapServiceToInstance = “IIsNntpServer”
ElseIf Service = “FTPSVC” Then
MapServiceToInstance = “IIsFtpServer”
End If

End Function

Function EnumerateInstances( Server, Service )
On Error Resume Next

Dim VirtualServerService
Dim Instance, InstanceID

EnumerateInstances = 1

Set VirtualServerService = GetObject(“IIS://” & Server & “/” & Service)

If Err.Number = 0 Then
InstanceID = MapServiceToInstance(Service)

For Each Instance in VirtualServerService

If Instance.KeyType = InstanceID Then

If SiteIsNotRunning(Instance.ServerState) Then
WScript.StdOut.Write “*”
EnumerateInstances = 0
End If

WScript.StdOut.Write Instance.ServerComment & ” (” & Service & “): ” & State2Desc(Instance.ServerState) & vbCRLF
End If
Next
End If

End Function

Function SiteIsNotRunning( nState )

If nState <> 2 Then
SiteIsNotRunning = 1
Else
SiteIsNotRunning = 0
End If

End Function

Function State2Desc( nState )

Select Case nState
Case 1
‘MD_SERVER_STATE_STARTING
State2Desc = “Starting”
Case 2
‘MD_SERVER_STATE_STARTED
State2Desc = “Running”
Case 3
‘MD_SERVER_STATE_STOPPING
State2Desc = “Stopping”
Case 4
‘MD_SERVER_STATE_STOPPED
State2Desc = “Stopped”
Case 5
‘MD_SERVER_STATE_PAUSING
State2Desc = “Pausing”
Case 6
‘MD_SERVER_STATE_PAUSED
State2Desc = “Paused”
Case 7
‘MD_SERVER_STATE_CONTINUING
State2Desc = “Continuing”
Case Else
State2Desc = “Unknown state”
End Select

End Function

You can also download the script from here.

Until next time,
Ingmar.

Group Policy Software Deployment: Targeting the right computers with WMI filters

October 19, 2009June 17, 2022 ingmar.koecher 5 Comments Tips & Tricks, Tools & Utilities windows group policy software installation wmi filtering

Group policy was introduced with Windows 2000, and is an easy way of centralizing many Windows settings. In addition to centralizing event log and firewall settings, I personally like the ability to deploy MSI-based software applications with Group Policy, since it makes it extremely easy to deploy new software packages.

Even though Software Installation only works only with MSI-based packages, it does make deploying MSI-based software packages extremely easy. Here is a short list of software (mostly tools for sysadmins) that you can deploy using Active Directory:

7-Zip
Firefox (from FrontMotion)
Foxit Reader (a PDF reader)
TortoiseSVN
ActivePerl
Python
SourceGear Vault Client
OpenOffice (I have not tried this)
Adobe Flash (requires custom download)

There are of course many more, and you can distribute most Microsoft client applications, such as Microsoft Office, through Group Policy as well.

We generally deploy software through Group Policy when three or more computers use it, since it’s very easy to create a new package (if you already have a network share etc. setup, then you can literally do it in 2 minutes).

Before I list some of the useful WMI queries we use to target certain operating systems or computer types, there are a couple of things to note for those who are new to software deployment via group policy:

Software packages are always installed right after a reboot, so they’re mostly suitable for workstations.
The network share which hosts the MSI files needs to give the computer accounts (e.g. DESKTOP1$) at least read access. Generally, giving EveryOne Read access works well unless you have a reason to restrict access to the software packages that you distribute.

Since the mechanism to distribute software is based on group policies, any sort of software package you create inside a group policy, will need to be assigned to an organizational unit (OU).

Since OUs can contain a large amount of computers that might not all need that particular software package, you can use two techniques to narrow down which computers receive the software:

Security Filtering
WMI Filtering

Security Filtering
With this method, you create a security group in ActiveDirectory, place the computers that should get a particular software package into the group, and then specify this group in the Security Filtering list.

The screen shot below shows a group policy that will only be applied to members of the “Source Control Computers” group:

WMI Filtering
With this method, you can filter the computers which are affected by your policy, based on common properties of the Operating System. For example, some packages might distinguish between 32-bit and 64-bit, some packages might only work on Vista or later, whereas other packages apply only to servers. With WMI, you can target the right computers without having to mess with group memberships (though you will probably still need to do that). For example:

32-bit vs. 64-bit computers
only workstations
only computers running a certain OS
only computers with a certain amount of RAM
only computers of a certain brand

With WMI filtering, you just create the software group policy, for example:

7-Zip 32-bit
7-Zip 64-bit

and then apply the respective WMI filter to them. But lets cut to the chase, here are a few WMI queries that you can cut & paste:

Operating System 32-bit

Select * from Win32_Processor where AddressWidth = ’32’

Operating System 64-bit

Select * from Win32_Processor where AddressWidth = ’64’

Workstation

Select * from WIN32_OperatingSystem where ProductType=1

Domain Controller

Select * from WIN32_OperatingSystem where ProductType=2

Server

Select * from WIN32_OperatingSystem where ProductType=3

Some filters require multiple WMI queries, which are just chained together.

Workstation 32-bit

Select * from WIN32_OperatingSystem where ProductType=1

Select * from Win32_Processor where AddressWidth = ’32’

Workstation 64-bit

Select * from WIN32_OperatingSystem where ProductType=1

Select * from Win32_Processor where AddressWidth = ’64’

Windows XP

Select * from WIN32_OperatingSystem where Version like ‘5.1.%’ and ProductType=1

Windows Vista

Select * from WIN32_OperatingSystem where Version like ‘6.0.%’ and ProductType=1

Windows 7

Select * from WIN32_OperatingSystem where Version like ‘6.1.%’ and ProductType=1

Windows 2003

Select * from WIN32_OperatingSystem where Version like ‘5.2.%’ and ProductType>1

Windows 2008

Select * from WIN32_OperatingSystem where Version like ‘6.0.%’ and ProductType>1

Windows 2008 R2

Select * from WIN32_OperatingSystem where Version like ‘6.1.%’ and ProductType>1

WIN32_OperatingSystem of course includes more information that can be useful for WMI queries, such as a descriptive name of the installed OS (“Name”) as well as the service pack installed (“ServicePackMajorVersion”).

Manufacturer (e.g. DELL)

Select * from WIN32_ComputerSystem where Manufacturer = ‘DELL’

Installed Memory (e.g. more than 1Gb)

Select * from WIN32_ComputerSystem where TotalPhysicalMemory >= 1073741824

Like I mentioned earlier, this is merely a small sample of the possible WMI queries one can use to filter group policies, but they should cover most relevant scenarios. Feel free to suggest other useful WMI queries and I will include them here.

For more information, check out these resources on WMI:

WMI
Secrets of Windows Management Instrumentation
Scriptomatic (Vista/Win2k8/Win7: run as administrator!)

Happy querying,
Ingmar.

Get your KIX on route 66 – Powerful (login) scripts made easy with KiXtart

September 17, 2009August 30, 2021 ingmar.koecher 1 Comment Event Log, Tips & Tricks, Tools & Utilities kixtart login script

Route 66 was a US highway that connected Chicago with Los Angeles (or vice versa), with a total length of almost 2500 miles (for the rest of world using the metric system: almost 4000 km). It was established in 1926 and Nat King Cole first recorded the song “(Get Your Kicks On) Route 66” in 1946.

Completely unrelated to Route 66 of course is KiXtart, a free, free-format scripting language for Windows.

I first ran across KiXtart back in ’99, when I was looking for a scripting language that I could use to write login scripts in a NT4 network. My goals back then were simple, and included the ability to map printers and shares depending on the user and/or group membership.

I was already familiar with Perl back then, and would have preferred to use that, if it wouldn’t have been for the requirement to install Perl on every workstation. Things have changed since then of course, and installing Perl today on every workstation in your domain would be rather simple with GroupPolicy (ActivePerl provides a MSI).

Still, KiXtart is a surprisingly simple and flexible scripting language that will allow you to accomplish most anything (not only in regards to login scripts) with extremely little effort. KiXtart also supports Windows 9x clients, if you are in the unfortunate position to take advantage of that functionality.

So what can you do with KiXtart? Here is an overview:

Read and/or write to the registry
Manage the event log
Add printer or network share connections
Create shortcuts, program groups etc.
Read and/or write from/to files
Retrieve system information (memory, hostname, IP address, …)
Get group information
And much more …

There really is little you cannot do, and most tasks can be accomplished with as little as one or two lines of code. How about some practical examples of what you can do with KiXtart:

Map the color laser printer to all members of the “Marketing” group at logon.

Map a network share depending on the network location (e.g. IP address) of a user.

Query registry values or log information to the event log.

Add a shortcut or program group

Change the wallpaper 🙂

The KiXtart web site has the complete documentation for all commands and functions that are at your disposal, and you can download them in a variety of formats (I recommend the CHM format) from http://www.kixtart.org/?p=manual.

But that’s all nothing but dry theory, so I will show you how to create a KiXtart script that accomplishes the following:

Creates a printer connection depending on the group membership of the user
Maps network shares depending on the group membership
Displays a warning message if the latest service pack is not installed
Maps another network share only if the user is in a certain IP network
Display a warning if the password is older than 180 days

1. Creating a printer connection

IF INGROUP("MARKETING")
? "Connecting to color laser ..."
ADDPRINTERCONNECTION("\\PRINTSERVER\COLOR_LASER_1")
ENDIF

In this example we are taking advantage of two functions, INGROUP and ADDPRINTERCONNECTION. I think they are fairly self-explanatory. If the currently logged on user is in the MARKETING group, then a printer connection to \\PRINTSERVER\COLOR_LASER_1 will be established.

2. Mapping network shares

The same INGROUP feature can be used to add network connections as well, so here is how you can control connections to network shares based on group membership

;Map Home Directory
USE G: "\\FILESERVER\@USERID"

IF INGROUP("Marketing")
USE I: "\\FILESERVER\Marketing"
ENDIF

IF INGROUP("SALES")
USE J: "\\FILESERVER\Sales"
ENDIF

In this example I introduced macros (@USERID), another powerful feature of KiXtart. By default, pretty much any system property is available as a macro (macros always start with the @ symbol). @USERID contains the user name of the currently logged on user, but there are others, such as:

@ProductType (OS type, e.g. “Windows Vista Ultimate”
@Wksta (computer name)
@LDomain (logon domain)
@CSD (service pack information)
@CPU (CPU information)
@Address (MAC address of network adapter)
@IPaddress0, @IPaddress1, … @IPaddress3 (IP address of xth network adapter)
@PWAge (password age)

Lines that contain comments in KiXtart start with a semi-colon.

3. Display a warning based on the service pack number

KiXtart also includes a variety of functions for handling strings. We can use the @CSD variable to get the service pack information:

? "Service Pack: " + @CSD

which will yield something similar to

Service Pack: Service Pack 1

In order to display a dynamic message, we can get the last character and evaluate it. So let’s display a warning message if a user is running Vista with a service pack smaller than SP 2:

IF INSTR(@ProductType, "Vista") > 0
IF RIGHT(@CSD, 1) < 2
MESSAGEBOX("Important Message from your IT Department" + @CRLF + @CRLF + "Your computer is not running the latest service pack, and will be upgraded tomorrow automatically at 10am. The upgrade will take approximately 30 minutes, and you will not be able to use your computer at that time." + @CRLF + @CRLF + "Thank you for your understanding.", "Service Pack Installation", 48)
ENDIF
ENDIF

The INSTR() function checks whether a string appears inside another string, and the LEFT() function retrieves the specified number of characters from the beginning of a string.

4. Map a network share depending on the IP address

Let’s imagine that we have a network share with lots of really large files (e.g. corporate training videos and more) and that we only want to map this share if a user is in the headquarter, opposed to a satellite location which has a slow access speed.

IF LEFT(@IPADDRESS0, 11) = " 10. 10.  0"
USE Z: "\\FILESERVER\TrainingVideos"
ENDIF

Now the network share is only mapped if the user is in the 10.10.0.0/24 subnet. You can also use the EnumIPInfo() if you need to get more information from the network adapter.

5. Display a warning if a password is old

Most networks require users to change their passwords on a regular basis, but wouldn’t it be nice if we could give our users a one-time warning before they are faced with the inevitable prompt that requires them to change their password?

$PasswordWarningThreshold = 170

IF @PWAge = $PasswordWarningThreshold
MESSAGEBOX("Your password is " + $PasswordWarningThreshold + " days old and will have to be changed in 10 days. Please think of a really good password in the meantime.", "Password Expiration", 64)
ENDIF

In this example I also introduced variables, which are specified with the dollar sign. These are simplified examples, and there is a lot more you can do. For example, using the registry functions, you can save user responses and previous alerts in the registry, and later read them again.

So, forget multiple logon scripts or batch scripts using “NET USE” commands. With KiXtart, you can have one central login script that can adjust dynamically to the user, location, operating system or even the computer itself.

To get started, simply follow these steps:

Create a batch file (e.g. login.cmd) with the following line:
%0\..\WKix32.exe %0\..\login.kix
Create the actual login script for KiXtart, e.g. “login.kix”
Assign the login script login.cmd to all user accounts that require them

That’s it. You don’t have to install anything on the client computers, and you now have a single login script for your entire network.

Until next time,
Ingmar.

Wish Sandwich – 5 (free) tools we wish Windows had

August 13, 2009January 10, 2017 ingmar.koecher 0 Comment Tips & Tricks, Tools & Utilities favorite tools windows editor command line putty console launchy

“Have you ever heard of a wish sandwich? A wish sandwich is the kind of a sandwich where you have two slices of bread and you, hee hee hee, wish you had some meat…”

These are part of the lyrics from the “Rubber Biscuit” song by “The Chips“, covered by the Blues Brothers in 1978. At the time, UNIX was almost 10 years old, the first version of BSD had been released, and Microsoft had their office in Albuquerque with Bill Gates being 23 years old.

It would take almost another 20 years before Windows NT 4 would be released. But back to the future now.

Well, after working with Windows for about 15 years now, I also wish that the base set of utilities that ship as part of Windows would have been updated and improved. It might seem odd, but one of the first things I do when I install a new release of Windows, is to open notepad, the calculator and paint – to see if they have improved.

Somewhat surprisingly, Windows 7 brings a lot of improvements to the core utilities that ship with Windows. Microsoft not only spiced up Paint and Wordpad by giving them the “Ribbon”, but also improved the calculator in ways never imagined before. Yeah!

But these improvements do not satisfy a long-time Windows user! Having worked with Linux, OS X and Windows since the 3.0 days, I have my own list of apps that I use to substitute or extend some of the archaic tools that ship with Windows.

And here they are:

1. Notepad
What we know today as “Notepad”, was first seen in Windows NT 4.0. When Windows 2000 came out, notepad hadn’t changed. Well, fair enough – it had only been 4 years after all. A short while later Windows XP was released with a bang, but notepad was still the same. Windows 2003 showed that an upgrade to notepad obviously had low priority, and the release of Vista confirmed to me that notepad was clearly no longer under development. The recent release of Windows 7 crushed my hopes of Microsoft ever releasing an updated version of Notepad. Sigh.

So, why was Notepad left behind? Well, I have a few theories:

a)    The developer who originally developed Notepad has left the company, and nobody at Microsoft understands the existing code enough to make modifications.
b)    Companies developing third-party editors formed a powerful, mafia-like lobby, threatening Microsoft (presumably kidnappings) to never ever release an update to notepad, to ensure that third-party editors will continue to sell well.
c)    Microsoft deems Notepad complete, and cannot imagine how this robust application could be improved.
d)    Windows applications do not use text files, since all configuration is stored in the registry or databases. Even though unneeded, Notepad is provided as a courtesy and might be excluded from future version (like, telnet.exe!).

Whatever the reason (I may never find out), fact is that Notepad hasn’t been updated in 13 years, and since Windows 8 won’t be out until 2012, probably won’t change in 16 years. That’s a lot of years for a software program.

Line Numbers?
Basic syntax highlighting?
Anyone?

So what could replace Notepad? Why, Notepad2 of course! To be fair, there are more powerful editors out there than Notepad2, but it’s free, light-weight and fast. Florian’s Notepad2 supports line numbers, syntax highlighting, line highlighting, encodings, Unix/Windows line endings, transparency and much more. An extended version from Kai Liu is also available here, most notably including code folding abilities. Tabs are not supported in either version, unfortunately.

My other favorite editor is Ultraedit, as it includes pretty much any feature you could ever want from an editor. A nice feature, for sysadmins in particular, is the ability to switch environments. The “System Administrator” view for example, allows you to show SSH/telnet/FTP windows along with the editor windows.

2. Command Prompt
Yeah, this hasn’t changed much since the early days either, though the introduction of the PowerShell deserves some credit. Using Linux regularly though, I miss some of the features like tabs, transparency and so forth.

The good news is, there is an excellent substitution out there called Console. The latest beta of version 2 features transparency, multiple tabs, appearance options and is free. It’s so free, that they even give you the source code if you want it! It works on all the machines I use (mostly Vista, soon to be Win7) and I’m very happy with it overall – though it is a beta still and you might run into a glitch every now and then. I sit around in the command line a lot, and having multiple tabs open is nice.

One option I really like is the ability to show the currently executing command as the tab title, which is useful because you can see when a long-running process finishes (see screenshot above where fping is running in the 2nd tab).

When downloading, get the latest beta and simply extract all files from the

Console2\bin\release

folder to a directory of your choice.

3. Desktops / Spaces
Linux, and Unix, had multiple desktops since the industrial revolution. Well, at least it seems that way. I’m not sure why this hasn’t been added to Windows yet, given that:

• Every major Operating System OTHER than Windows includes it
• Microsoft provides a tool (part of Sysinternals) that offers this functionality

Yes, in the age of affordable large monitors, multiple desktops aren’t really that necessary anymore. But, many of us still work on laptops and having multiple virtual desktops can help group different work into different workspaces.

I recommend Sysinternals’ Desktops, but there are more tools out there that do the same thing – though they are not all free.

4. Launchy
It indexes all of your applications in the start menu, and you can simply launch them by typing their name – or part of their name. No
longer do you have to wade through dozens and dozens of menu items just to find a shortcut. Simply launch Launchy with ALT+SPACE and type a couple of letters. Voila!

5. PuTTY
If you work with Windows and UNIX/Linux machines, then it’s pretty much impossible that you haven’t heard of PuTTY. It’s a free SSH client that no only provides SSH/Telnet functionality, but also comes with other SSH-related utilities like PSCP, PSFTP and PLINK (see previous post on this).

I’d love it if Windows would ship with a command-line SSH client, just like all UNIX and Linux distributions do.

Of course there is more, but these are the tools “desktop” that we really use on a daily basis.

If your computers are in an Active Directory domain and you want to roll out some of these tools with your computers by default, then I recommend reading our previous post: Your favorite tools and utilities always available everywhere.

What do you want for nothing?

Rubber Biscuit?

EventSentry Blog

Category: Tips & Tricks

UNICODE – ONE code to rule them all

How to REALLY monitor SMTP, POP3 and IMAP on Exchange 2003

Group Policy Software Deployment: Targeting the right computers with WMI filters

Wish Sandwich – 5 (free) tools we wish Windows had