Backing Up Locked Files

One of the challenges of migrating someone from one computer to another is the data they may have on the C: drive, especially those evil PST files.  The major challenge is backing up locked files.  We can get around this by using VSC in Windows.  Starting with Windows XP, VSC or Volume Shadow Copy allows Windows to “freeze” the state of the file system in time and then copy files/folder in this frozen state.  We will use the freeware program VSCSC to tap into this power.

First we use Mapper24 to encrypt/hide the credentials for the service account that will connect to our server:

mapper24.exe <some encrypted chars> domain\username \\server\backup

Next, we make a folder with the name of the computer we are running from:

 mkdir \\server\backup\%computername%

Then we kick off VSCSC:

vscsc -exec=wkxp2.cmd C:

In wkxp2.cmd, we have this:

robocopy “C:\documents and settings” \\server\backup\%computername% /B /MIR /R:0 /XF *.ost *.tmp *.bak *.dat *.mp3 /XD “Local Settings” “Temp” “Cookies” “Recent” “Nethood” “Printhood” “SentTo” “Start Menu”

So here is what we are doing…we are creating a snapshot in time, then we can use any copy program we want to copy files when “time is frozen” within this snapshot.  Once we exit the script, VSCSC exits and the snapshot is gone.  In the above robocopy script: I am telling it to exclude folders like Local Settings since that is where the internet temporary files are stored.  And yes: this will copy ALL user profiles on the computer to the server, not just the one we want, so you will have to pick through the profiles and grab what you want.

We can log in as the new user on the new computer and just drop in the Desktop, Favorites and My Documents folders manually from the server.

Note that vscsc doesn’t seem to work on Windows 7.  For Windows 7 you will need to copy Diskshadow from Server 2008 or 2008R2 or as a download from here:  Copy the contents of the ZIP file to System32, including the en-US folder or it will not work properly. The concept is pretty much the same:

set context persistent nowriters
set metadata C:\windows\temp\
set verbose on
begin backup
add volume C: alias C_Drive
expose %C_Drive% X:
exec yourbatchfile.cmd
delete shadows volume C:
unexpose X:
end backup

– Soli Deo Gloria

Anti-Malware Tools

It’s been about 5 years since I posted anything about the tools I use to clean off malware.  So, here’s my method:

1. Depending on the type of virus involved: I do a system restore to a system restore point to a time before the infection.

2. Run Hitman Pro.  This uses a combination of Bitdefender and Kaspersky definitions from the cloud.   Note that the free version will not remove the threat if the computer is domain joined, but it will usually show you where the file or registry entry is and you can remove it with another program manually.

3. Norton Power Eraser.  This this another cloud based reputation scanner along with the Symantec virus definitions.  You do need to be a careful with this one as it as a tendency of flagging uncommon/infrequently reported files.

4. ADWCleaner.   Generally finds the same files as Hitman Pro, but is completely free and will offer to clean them without asking for money.  Do note that it has a tendency to just restart Windows for the cleanup without warning you.

5. TDSSKiller.  The “go-to” rootkit remover.

6. Stinger from Mcafee.  Mcafee AV defs in a standalone program.

7. Sysinternals Suite – Specifically, the tools Process Explorer (with built-in Virustotal support) and Autoruns can help identify an infection and remove it.

– Soli Deo Gloria

Case of the Unexplained: 2014

Mark Russinovich’s famous “Case of the Unexplained” for 2014 from TechEd Europe 2014:

– Soli Deo Gloria

Migrating from XP to Windows 7 – Inventory What’s There

In the mist of upgrading from Windows XP to Windows 7 on all of our computers, I thought I would share some of the scripts I’m using to make life a little easier.  We currently use local user profiles, printers added manually by hand through a Windows print server and sometimes statically mapped network drives for users that need to perform cross duty work in other departments.

Yes, I give you permission to laugh and yes I know there’s ways of doing these things in an automated and centralized fashion.  Going into the companies we buy, however, I’m seeing even sillier things in their environments.  One was a guy that was using Clonezilla, an external hard drive, a USB stick (at least it wasn’t a CD-ROM) and doing a custom image for each and every model of computer hardware he had.  He had an impressive talent for scripting however and I found many clever VBScript snippets all over the network he was firing via the login script to do things automated and in the background.

The below script is quick, dirty and thrown together from many different sources.  It will give you:

All the drives and UNC paths mapped under the logged in user’s profile

All of the printers networked and local under the logged in user’s profile

The default printer of the logged in user

Names of all Outlook profiles of the logged in user (this will error out if this does not exist)

List of unsorted software as given from WMI

Simply call it as the user from the login script and SCCM and dump the file to some where world writable.  It will dump the contents in plain text to a file in the format of

– Soli Deo Gloria

On Error Resume Next

Const HKEY_CURRENT_USER = &H80000001
Const r_ProfilesRoot = "Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles"

strComputer = "." 
Set objWMIService = GetObject("winmgmts:" _ 
 & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
Set colInstalledPrinters = objWMIService.ExecQuery _ 
 ("Select * from Win32_Printer where Default = True") 
For Each objPrinter in colInstalledPrinters 
Dim objFileSystem, objOutputFile
Dim strOutputFile


Set objFileSystem = CreateObject("Scripting.fileSystemObject")

Set Shell = CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set oDrives = WshNetwork.EnumNetworkDrives
Set oPrinters = WshNetwork.EnumPrinterConnections
oUser = WshNetwork.UserName

computername = Shell.ExpandEnvironmentStrings("%computername%")

strOutputFile="\\wksms01\logs\" & oUser & "." & computername & ".txt"
Set objOutputFile = objFileSystem.CreateTextFile(strOutputFile, TRUE)

objOutputFile.WriteLine("Network drive mappings:")
For i = 0 to oDrives.Count - 1 Step 2
objOutputFile.WriteLine("Drive " & oDrives.Item(i) & " = " & oDrives.Item(i+1))
objOutputFile.WriteLine("Network printer mappings:")
For i = 0 to oPrinters.Count - 1 Step 2
objOutputFile.WriteLine("Port " & oPrinters.Item(i) & " = " & oPrinters.Item(i+1))

objOutputFile.WriteLine("Default Printer: ") & PrinterDefault

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _ 
 strComputer & "\root\default:StdRegProv")

oReg.EnumKey HKEY_CURRENT_USER,r_ProfilesRoot,subKeys

objOutputFile.WriteLine(" ") 
objOutputFile.WriteLine("Outlook Profiles: ") 

For Each profileName In subKeys
 objOutputFile.WriteLine( profileName ) 

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSoftware = objWMIService.ExecQuery ("Select * from Win32_Product")

objOutputFile.WriteLine(" ") 
objOutputFile.WriteLine("Installed Software: ") 

For Each objSoftware in colSoftware
 objOutputFile.WriteLine objSoftware.Caption & ", " & objSoftware.installDate & ", " & objSoftware.installDate2


Set objFileSystem = Nothing

AutoAdministator: A Nifty Free Remote Management Tool

This tip comes from the website  There is a program called AutoAdministrator that used to be payware, but is now freeware.  This program allows you to drill into your Active Directory structure and check off a bunch of computers for an action.  What can you do?

  • Password updates
  • Remote shutdown / reboot
  • Services maintenance
  • Registry maintenance
  • Network ping
  • Remote file management
  • Remote file information
  • Logged on user information
  • Execute processes locally or remotely
  • WMI queries
  • ODBC maintenance

I used it to select all the computers in an OU and then look at the logged in user to see if the computer description matched up.  I was also able to remotely execute programs against multiple computers which is very cool!

– Soli Deo Gloria

Set Folder and Registry Permissions with VBScript

Sample VBScript opens up registry and folder access with write access for the Everyone group:


' Create temp file with the script that regini.exe will use
set oFSO = CreateObject("Scripting.FileSystemObject")
strFileName = oFSO.GetTempName
set oFile = oFSO.CreateTextFile(strFileName)
oFile.WriteLine "HKEY_LOCAL_MACHINE\Software\TraxStar Technologies LLC\Client [1 5 7 11 17]"

' Change registry permissions with regini.exe
set oShell = CreateObject("WScript.Shell")
oShell.Run "regini " & strFileName, 8, true

' Delete temp file
oFSO.DeleteFile strFileName

Dim strHomeFolder, strHome, strUser
 Dim intRunError, objShell, objFSO

 strHomeFolder="C:\Program Files\TraxStar"

 Set objShell = CreateObject("Wscript.Shell")
 Set objFSO = CreateObject("Scripting.FileSystemObject")
 If objFSO.FolderExists(strHomeFolder) Then
 intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls """ & strHomeFolder & """ /t /c /g everyone:F ", 2, True)
 End If

– Soli Deo Gloria

Giveaway of the Day: XYplorer 14.40

Very nice filemanager.  I own the full version, but this free one is almost as good!  Today only.

– Soli Deo Gloria

A Weekend with Plex

Finally decided to take the plunge and bought the lifetime subscription for Plex so I could dump all my TV shows into it and stream them to my TV in the living using Chromecast. However, certain TV shows just wouldn’t show up and the server log files weren’t much help.  The issue is that Plex expects to see files in the SXXEXX format, where S is the season and E is the episode number.  If your files don’t have this format, Plex will refuse to add them properly.

The real bear of course is that you may have many files…thousands of files…that do not fit this format.  What’s a guy to do?  Filebot to the rescue!  Basically: this program looks at each filename trying to determine what TV show it belongs to from an online TV database and then offers to put it in the proper naming format.  If the files are missing the TV show name, you can use Bulk Rename to add the show name to any part of the file en mass.  To find out if you are missing any episodes you can use TV Rename.

– Soli Deo Gloria

Bill Gates Trashed the Charms Bar, Win9 to RTM by end of 2014

– Soli Deo Gloria

Windows 9 Tech Preview Coming in Late September

– Soli Deo Gloria