ANDY FLETT TOOLS summary

ANDY FLETT TOOLS summary

DATE = December 2014

TO ENABLE = the evaluation of situations (and the addition of value and knowledge) without the need for “touch labour” or “visits” (i.e. “getting the computer & network to do the initial work” rather than “passing the problem onwards”, ideally reducing diagnosis delays)

See - APPENDIX 1 = Summary of “not normally easily available” results and facilities available with this suite of tools (Go straight to Appendix 1)See - APPENDIX 2 = POSSIBILITES based on the principles outlined below (most of these “possibilities” already exist) – (Go straight to Appendix 2)

DESCRIPTION OF OPERATION follows……

MAIN MENU(Launch MAINMENU.vbs) presents the following options.......

Input a valid number, choose OK or press ENTER

Further explanations of the above options follow.

(Continues on Next Page)

OPTION 1 = Detect PC

Input a NetBios name in to the resulting screen

Choose OK or press ENTER

VALID RESULT

IP address retrieved from DNS, tested for reply, then validated against originally specified NetBios Name to check ACTUAL EXPECTED NAME replied – rather than just “something” replied(CI.IT.POINT option only presented when on RMGP domain)


OPTION 1 - ALTERNATE REPLY 1

NetBios Name NOT ACTIVE or INVALID or NETWORK UNAVAILABLE


OPTION 1 - ALTERNATE REPLY 2

DIFFERENT NetBios Name replies = reported, USUALLY when DNS is “out of date”(i.e. a DIFFERENT NetBios Name is now associated with the recently DNS recorded ORIGINAL NetBios Name, but DNS has NOT been fully updated yet – this is the equivalent of “something responded – but NOT what you intended to test for!”)


OPTION 2 = Detect/Map Network Drive to PC



Proceeds as Option 1 previously – if a validated PC is returned, disconnects any previously mapped T: (“target”) drive and attempts to map NEW T: drive to C$ share on target PC. Success results in a new instance of Windows Explorer, focussed on the newly mapped T: drive.Any failure is reported accordingly.

ADVANTAGE = network drive is speedily/automatically mapped to VERIFIED PC and NOT a “possibly similar” PC occupying an out of date published DNS address


OPTION 3 = Connect Command Prompt Session to PC


Choose OK or press ENTERValid detection of active NetBios name results in the following

In the above example, the command “SET COMPUTERNAME” shows the Command Prompt Session is running on the (remote) intended target, rather than locally.CAUTION – ONLY TEXT BASED DOS/Windows commands can be run in this environment – any WINDOWS PROGRAMS launched can result in loss of control, and the environment reacts unfavourably to commands like CTRL+C or CTRL+S. (Pause & Resume)Simple short commands like CHKDSK /F/R – resulting in the scheduling of a CHKDSK routine run on the next reboot of the target (without visit, user interruption – or maybe even target user knowledge) work well with this option

Type EXIT within the remote session to close that session

(“error code 0” above = 0 errors occurred within the PsExec session)

OPTION 4 = Options 1+2+3 above – but sequentially

Executes all 3 previously listed menu choices sequentially(i.e. Detect PC, if successful- map network drive AND commence Remote Command Prompt session)

Enables suitable executable programs (see later for examples) to be transferred to the target PC – and possibly run (even fully automatically) within the Remote Command Prompt session (e.g. “BATCH” files or “COPY” routines)


OPTION 5 = Query PC



Proceeds as per Option 1 – on successful detection of target PC, launches 3 separate functions as follows


OPTION 5, FUNCTION 1 = “standard” test routine = results as follows

Verifies correct target as previously Launches optional PC QUERY routine separately (details follow) Launches optional EXTRA DIAGNOSTICS routine separately (details follow) Performs STANDARD DIAGNOSTIC routines (in the background while other functions

are presented/chosen) – e.g. Verifies Target PC ACCOUNT with Domain Controller server, Reveals full OU Name of Target PC, Reveals recent Startups, CORRECT Shutdowns and IMPROPER Shutdowns since commencement of Target PC log file (allows detection of a “troublesome” PC? One with repeated “blue screens” or “OFF button being repeatedly held in”), Reveals if Client Side Caching (Offline Files) is enabled


OPTION 5, FUNCTION 2 = PC QUERY routine

Reveals dated report of PC details as follows (TEXT file, for easy SAVE or COPY of details)

For IMMEDIATE “advanced” diagnosis - specifically includes….. any external/attached Video Display Unit details (if powered on and detectable) Available Memory Capacity and current usage (slow PC? = not enough memory

maybe?) Last recorded Boot Time (is it really “always rebooting”?) Hard Disk sizes

(For RMGP Domain based PCs – also reveals “cloud data” details for any detected active “logged on” user – or absence of one, as above)


OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine

Presented as below

To EXIT without performing any of the above (i.e. these are optional – you don’t have to run any of these if you don’t want to), input 0, x or X and press ENTER

Details of optional facilities follow


OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine – SUB OPTION 1Display NETWORK CONFIGURATIONS

Queries REMOTE PC “directly” for its Network Configurations, Reveals details like…… DHCP server and lease time for EACH revealed (type of) network adapter in use –

allows detection of “LONG LEASE times” (e.g. “other” on site PCs or devices acquiring APIP Addresses) – in seconds, (providing at least ONE DHCP enabled PC on the same subnet has acquired a valid IP Address) - without a visit!

MULTIPLE NETWORK ADAPTERS active/in use, and which one holds the DNS address (enables detection of a WIRELESS Network Adapter as the DNS target, and the possibility of any “connection loss” if the user “logs off” while remotely connected)


OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine – SUB OPTION 2Display state of OFFLINE FILE Service

(Repeat of automatically processed item in OPTION 5, FUNCTION 1)

OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine – SUB OPTION 3Display state of CONFIGURATION MANAGER REMOTE CONTROL Service

May be used to establish why CMRCVIEWER.EXE cannot make a valid connection to an apparently active PC and NOT display a Remote Control Session dialogue

OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine – SUB OPTION 4Display Attached “disks”

Reveals “disks” on Target PC and sizes (includes USB Memory Sticks) – NOT CD/DVD drives


OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine – SUB OPTION 5

Display Memory Usage

Provides the ability to “observe and list” what applications and processes are running on a remote PC – AND (if able to “get in” and report) what may be “hogging the memory” or “thrashing the system” – without a visit.



Display LAPTOP Battery Usage

RESULT 1 = Desktop (i.e. NO BATTERY, usually!)

RESULT 2 = Laptop on MAINS power

RESULT 3 = Laptop on BATTERY power

Allows detection of a “network connected” laptop “running on battery” that MAY “expire” and become non responsive - BEFORE commencement of a long remote diagnostic or remote configuration process

NB – Laptop may be “wireless connected” to a network AND have a low battery condition – occasionally a tenuous situation to commence advanced/detailed work on!



Show recent User Logons

Creates spreadsheet similar to as below (dates reported as N/A = logon BEFORE scope of report, or session still current)

Simply an audit trail of recent users for that PC, and “how and when” they used it – note that some people “stay logged on for days” (via Switch User option?)



Show defined printers on target computer (and ports used)


OPTION 6 = Query IP Address

Input an IP ADDRESS in to the resulting screen (NOT NetBios Name = slightly different)

PINGs supplied IP Address, tests for reply

Allows detection of an “occupied” IP Address – and tries to discover what device is occupying it and report about it – usually without a visit!Attempts (Windows) NBTSTAT command to reveal NetBios Name if possible (e.g. a RICOH Printer WILL reveal a NetBios name – as per the example below)

Most (if not all) Ricoh Printers have a “signature” NetBios Name commencing RNP?????? – detected as above – which can be processed accordingly


For a “possible printer” – subsequent key press launches “Web Browser” as below – configured to reveal (and possibly change) PRINTER DETAILS similar to as below(requires only ONE key press to acquire the following display of information)

Device Info tab (in this case) will reveal Printer Serial Number (once again, without a visit!)


Will prompt to initiate TELNET SESSION if NetBios name cannot be determined(takes a bit of time waiting for NBTSTAT command attempt to fail)


Example of a “Managed ROUTER or SWITCH” detected by a TELNET session

Different Printers or UNIX hosts will respond differently – as explained BEFORE the TELNET connection is attempted (not seen here). Some devices will not respond to a TELNET connection attempt – but it doesn’t hurt to try, and at least you know the IP Address is “occupied” – not necessarily “what” is occupying it! Devices that DO “respond” often respond characteristically, similar to as above.

(It helps if you know what kind of response is expected! – hence the “explanation document” being presented before the connection attempt is made)


OPTION 7 = Examine BIOS Contents on an “active” Remote PC



ONLY TESTED on HP and LENOVO devices (2 completely different methods of reporting – MAY work on devices from other manufacturers? – or with slight alteration)

Either REPORTS DIRECTLY or QUERIES REMOTELYSingle key press required after query

1) “HP”Method = mapped drive + remote program execution


2) Reported Data (after single key press)

(This is an example of HP’s “proprietary” way of reporting/configuring the BIOS from a Command Prompt – other PCS (like Lenovo) will/may respond to the more standard WMI interrogation or reprogramming method)


3) This is an example of the “LENOVO” method (using WMI rather than a proprietary program)

= “less complicated” arrival at similar result

Result using BOTH methods = a text file of configurations called….<NetBios_Name>_BIOS.txt….. is created on both the target and the calling computer – for records, examination or use later

As well as “examining” BIOS contents remotely, there ARE ways to “reprogram” BIOS contents remotely (e.g. Change BOOT order? Enable NUM LOCK on start-up? Enable/Disable certain functions) for activation on the next boot of the PC

APPENDIX 1 = Summary of “not normally easily available” results and facilities available with this suite of tools

Function or Determined item NO VISITREQUIRED

NO USERINTERVENTION or Knowledge

COMMAND PROMPT running on remote PC Yes YesCertain programs/routines executed on remote PC Yes YesDetection/validation of “Domain Trust” relationship Yes YesValidated “OS Activation” test (revealing Activation Code) Yes YesNumber of Successful/Improper Startups/Shutdowns (can be used to identify a problem PC….. or user!)

Yes Yes

PC Make/Model/Serial Number Yes YesActive OS version Yes YesCurrent User (if any) Yes YesAny attached Monitor Make/Model/Serial Number Yes YesInstalled Memory value (can be used to establish if PC is up to memory specification – may run “slow” if not)

Yes Yes

Last BOOT time Yes YesNetwork Adapters in use (may be more than one –able to identify “cabled” and “wireless” adapters)

Yes Yes

DHCP Server and Lease Period (can be used to establish why IP Addresses “run out” on a remote subnet?)

Yes Yes

Attached “USB” type disks and details Yes YesMemory-Usage/Applications-Active on a target PC (may be able to identify a “process hogging the system?)

Yes Yes

Laptop running on MAINS or BATTERY (may expire soon?) Yes YesRecently Logged On users of the target PC (spreadsheet) Yes YesPrinters defined on Target PC Yes YesPrinter discovered occupying IP Address, and details Yes Yes(Limited) Target IP address device identification Yes YesRemote PC BIOS examination/recording/manipulation Yes Yes

…… obviously, if a PC is “thrashing”, these may “thrash” it even further – but usually, a logged on user would never notice that any of the above are being evaluated

For information.......All the above details above are acquired via combinations of standard System Executable utilities (configured accordingly), specific Visual Basic Scripts, WMI (Windows Management Interface) commands, Powershell scripts and Windows Command Line Interface routines – usually run with (local or domain) ADMINISTRATOR authority on target devices where necessary

APPENDIX 2 = POSSIBILITES based on the principles outlined aboveOPTION 4 = DETECT PC/MAP DRIVE/RUN COMMAND PROMPT SESSIONCreate AUTOMATED COMMAND FILES that can be transferred to a Target PC (along with any necessary accompanying files) to run a routine on a remote PC within a (possibly un-noticed?) Command Prompt session (ideally cleaned up/deleted after processing)ALREADY EXISTING EXAMPLES

HP Version of Option 7 ( Examine BIOS contents) above Reprogram BIOS of remote HP PC for use after next re-boot (e.g. change boot order -

even to initiate PXE boot for remote reconfiguration, or simply toggle NUM LOCK on/off at boot, or similar)

WAKE UP REMOTE PC (requires knowing the MAC address of a Target PC AND finding an already active PC on the same network subnet) – method=transfer files/routine to the “active” PC and use WAKE ON LAN procedure to boot or resume the intended network/mains connected PC – EVEN if it’s “switched off”

OPTION 5 = QUERY PCReport on lists of MULTIPLE PCs rather than just oneALREADY EXISTING EXAMPLES

Detected PC Hardware Details/Users/Software-per-PC reports Detected PC Hardware Details/Users AND LOCATIONS reports (depends on “look up

tables” related to detected IP Address or User) Lists of Users Per PC For RMG = Lists of Users Per PC, Date Last Used and “updated dates” of relevant

users “cloud data” Routine that can query each detected PC and ask about “other nearby PCs” via

restricted NET VIEW command – expanding the “original supplied list”, possibly even finding NetBios Names that were previously unknown/unregistered – can be configured to run continuously = self perpetuating automatic inventory management! (Will even discover PCs “new to” or “NOT registered to” a DOMAIN)

Based on OPTION 5 above (…. And IDEAL for “refresh planning” – if any)“Certificate of Hardware/Software/Configurations Conformity” Report ALREADY EXISTING EXAMPLES show……

PC Hardware (inc. Memory (and locations), Network Adapters, Disk Drives etc.) Current Operating System AND Installation date INSTALLED software MISSING and EXTRA sotware other than as expected (comparison list required) MISSING SERVICES compared to as expected (comparison list required) Known/Previous PC Users at test time Installed Printers at test time Possible Legacy Problem Printers (e.g. Parallel Port Printers) Problem Devices EXPECTED (AND any EXTRA) Machine Administrators MISSING Machine Administrators differing to as expected – if any Network Problems Test initiator, date and time

APPENDIX 3 = Extra Option 5 = PCQUERY routine options – not used much other than to show off!

Typing C at the prompt above produces a “revolving/animated” chart of the Memory Values that appear above


When viewed on a computer screen – this chart slowly revolves!

The “principle” of “instantly automatically presenting graphical representations of remotely/recently acquired data” is “simply” illustrated here. There may be more convoluted and larger sets of data that could be processed


Other options appear after the chart above has been generated

Mainly used to create SINGLE or SMALL AUDITS of PCs – there are better ways of doing large ones!

APPENDIX 4 = Useful Extra Utilities

WS_Ping ProPack (or similar?) – used as below = able to determine “occupied IP Addresses” on a remote target network subnet – and “sometimes” the devices occupying those IP Addresses – without a visit.

MAY enable detection of an active target PC that can be used as an “intermediate” in a WAKE ON LAN attempt to a known inactive MAC Address on that subnet………… OR to query the network details (Main Menu, OPTION 5, FUNCTION 3 = OPTIONAL EXTRA DIAGNOSTICS routine – SUB OPTION 1) of any “working” target PC, where other PCs are “unable to obtain an IP Address” on that network subnet – to identify the length of the DHCP Lease Period, which may be too long for the quantity of devices allocated to the site.

In this particular scenario...... “LOWER”numbered and “blank” IP Addresses are usually switches or routers – and

can be identified accordingly, using MAIN MENU OPTION 6 (Query an IP Address) Names like RNP?????? Are Ricoh Network Printers and can be queried using the

same method as the switches/routers above

Documents

ANDY FLETT TOOLS summary