Jump to content

Actions!


Recommended Posts

Here are some useful Custom-Actions for TNI:

For some actions you will need PsExec. Just copy PsExec to a folder you want. On my machine it's "C:\Tools". 

 

1. Open Eventlog on remote machine

{$IF WIN,ONLINE}Eventlog=eventvwr.exe %HOST%

 

2. Open CMD on remote machine (Using PsExec)

{$IF WIN,ONLINE}IOpen CMD="C:\Tools\PsExec.exe" cmd.exe \\%HOST%

 

3.  Run gpupdate /force on remote machine

{$IF WIN,ONLINE}gpupdate="C:\Tools\PsExec.exe" -cf \\%HOST% "C:\Tools\gpupdate.bat"

for this you will need a file like "gpupdate.bat". Place it in the C:\Tools folder. The content of the file is pretty simple. "gpupdate /force"

 

4. Open C$ share on remote machine

{$IF WIN,ONLINE}Open C$ Share=\\%HOST%\c$

 

5. Open Services on remote machine (You don't have to do this, because it's part of compmgmt.msc)

{$IF WIN,ONLINE}Services=mmc.exe services.msc /Computer=%HOST%

 

6. Open local Users on remote machine (You don't have to do this, because it's part of compmgmt.msc)

{$IF WIN,ONLINE}local Users=mmc.exe lusrmgr.msc /Computer=%HOST%

 

7. Get TeamViewer Client ID of the remote machine

If you are using Teamviewer on your environment, you might need to get the ClientID of a remote machine sometimes. 

In our environment, Teamviewer is deployed by group policy. And if you don't want to go to every machine for the Client ID, we built a tool to get this ID remotely. 

The tool is attached. 

What is it doing? 

Stop the Windows Firewall, Start remote registry service, browse the registry to find the correct Key, version, and hostname. 

After that, it is displayed in a CMD window. The ID will be copied to your clipboard. 

The software is virus-free. Just copy it to your C:\Tools folder.

{$IF WIN,ONLINE}TeamViewer ID="C:\Tools\GetTeamViewerClientId.exe" %HOSTNAME%

edit: Sometimes an error happens in our tool. It's a pretty early "Alpha". I'll update the attachement as soon as the tool is finished.

 

Link to comment
  • 2 weeks later...

Clearing EventlogAnother useful Action for administrators.

 

Sometimes you will have a look at Eventviewer. But there are thousands of old entries that you don't care about. You just want to see what has happend after the last reboot. 

So you might open Eventviewer and delete all records. In WinXP there are just 5, so it's no problem. But in Win7 the events are in many different log files. So this might take a while. 

I found a tool after a quick google search that does clear the whole eventlog. 

 

Put this in a .cmd or .bat file: 

@echo off

@cls
@echo.
@echo.
@echo.
@echo Clearing event logs...

@for /f %%i in ( 'wevtutil el' ) do wevtutil cl "%%i" >NUL 2>&1


wevtutil.exe cl "Microsoft-Windows-Diagnosis-DPS/Operational"
wevtutil.exe cl "Microsoft-Windows-User Profile Service/Operational"
wevtutil.exe cl "Microsoft-Windows-Windows Defender/Operational"
wevtutil.exe cl "Microsoft-Windows-Windows Defender/WHC"
wevtutil.exe cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"
wevtutil.exe cl System
wevtutil.exe cl "Kaspersky Event Log"
REM If Kaspersky isn't installed, it just quits with a information, that the eventlog of Kaspersky doesn't exist. 
REM You can add several other Eventlogs, if present. Just take the name showed in Eventviewer

Put this File in your C:\Tools location an add your Action to TNI:

 

{$IF WIN,ONLINE}Clear Eventlog="C:\Tools\PsExec.exe" -cf \\%HOST% "C:\Tools\clear_eventlog.cmd"

Link to comment

Hi,

 

I have a suggestion for Wake-on-LAN:

 

The suggested version in the blog entry uses only a mac address for the wol command. This works only on the same Layer 2 segment (within a IP subnet).

 

A good enhancement would be, if you could use a WOL-command that does support sending packet over L3 with a IP-network broadcast address. (You need to calculate the Broadcast IP for the subnet and have it as variable i.e. %PC-Subnetbroadcast%)

 

We use this tool for WOL over a routed network environment.

 

Example 1:

for a PC with the ip 192.168.0.33 /24

 

wake.exe 00-00-34-ab-ff-ff 192.168.0.255

 

Additional Information:

------------------------------------------------
           TCP/IP NETWORK INFORMATION
------------------------------------------------
IP Entered = ..................: 192.168.0.33
CIDR = ........................: /24
Netmask = .....................: 255.255.255.0
Netmask (hex) = ...............: 0xffffff00
Wildcard Bits = ...............: 0.0.0.255
------------------------------------------------
Network Address = .............: 192.168.0.0
Broadcast Address = ...........: 192.168.0.255
Usable IP Addresses = .........: 254
First Usable IP Address = .....: 192.168.0.1
Last Usable IP Address = ......: 192.168.0.254

 

 

 

 

Example 2:

for a PC with the ip 172.16.4.33 /28

 

wake.exe 00-00-34-ab-ff-ff 172.16.4.47

 

Additional Information:

------------------------------------------------
           TCP/IP NETWORK INFORMATION
------------------------------------------------
IP Entered = ..................: 172.16.4.33
CIDR = ........................: /28
Netmask = .....................: 255.255.255.240
Netmask (hex) = ...............: 0xfffffff0
Wildcard Bits = ...............: 0.0.0.15
------------------------------------------------
Network Address = .............: 172.16.4.32
Broadcast Address = ...........: 172.16.4.47
Usable IP Addresses = .........: 14
First Usable IP Address = .....: 172.16.4.33
Last Usable IP Address = ......: 172.16.4.46

Link to comment

Remote search for Windows UpdatesAnother useful Action for administrators.

 

Put this in a .cmd or .bat file:

wuauclt.exe /detectnow 

 

{$IF WIN,ONLINE}Updates="C:\Tools\PsExec.exe" -cf \\%HOST% "C:\Tools\updates.cmd"

 

Maybe there is a way to make a group-action for that. But it didn't work well for me. If anybody has an idea, feel free to create a group-task for update-search. 

Link to comment
  • 2 weeks later...

Edit hosts-file entries on remote machine


Another useful Action for administrators. For safety reasons or developers without administrative privilege. 


 


{$IF WIN,ONLINE}hosts-entry="%systemroot%\system32\notepad.exe" \\%HOST%\c$\windows\system32\drivers\etc\hosts


Link to comment

Hi,

 

I have a suggestion for Wake-on-LAN:

 

The suggested version in the blog entry uses only a mac address for the wol command. This works only on the same Layer 2 segment (within a IP subnet).

 

A good enhancement would be, if you could use a WOL-command that does support sending packet over L3 with a IP-network broadcast address. (You need to calculate the Broadcast IP for the subnet and have it as variable i.e. %PC-Subnetbroadcast%)

 

Hi Karel,

This was a planned enhancement for the standard WOL action, but adding a possibility to pass a remote broadcast address in custom actions is a nice feature too, thanks.

 

 

Marius,

Thank you for updating this topic with new useful actions.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...