How to check and set Task Scheduler Log options and path using a script

The following knowledgebase will explain the methods you can use to check the Task Scheduler Log options and path on local and remote computer.

To check on local computer:

You can use the following methods:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\Software\Microsoft\SchedulingAgent

The above registry key includes the following values in right pane:

LogPath REG_EXPAND_SZ %SystemRoot%\SchedLgU.Txt

TasksFolder REG_EXPAND_SZ %SystemRoot%\Tasks

To check on a Remote Computer:

You can use the below script to check the LogPath and Tasks Folder on a remote computer:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Log Path, Tasks Folder >> Result.csv

SET Log_Path=

SET Task_Fold=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\Software\Microsoft\ShcedulingAgent”

REG.exe Query %RegQry% > CheckCC.txt

Find /i “LogPath” < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Log_Path=%%b

Find /i “TasksFolder” < CheckCC.txt > StringCheck.txt

FOR /f “Tokens=3” %%b in (CheckCC.txt) DO SET Task_Fold=%%b

Echo %Comp_name, %Log_Path%, %Task_Fold% >> Result.csv

)

The above script will check remote computer for two registry entries for Log Path and Tasks Folder and the results will be saved in a CSV format file.

How To Check Crash Control Settings On Remote Computer

The following knowledgebase will explain the methods you can use to set the Crash Control (Memory dump) on remote computers.

You can use the following methods to check and set the Crash Control settings on remote computer:

  1. Connecting to Remote Registry Service
  2. Using a script

The first method is easy but includes a lot of efforts. You can navigate to the following location in registry after connecting to remote registry:

HKLM\SYSTEM\CurrentControlSet\Control\CrashControl

The above registry includes the following values in right pane:

AutoReboot DWORD 00000001

CrashDumpEnabled DWORD 00000003

DumpFile STRING The dump file name

LogEvent DWORD 00000001

MinidumpDir DWORD The dump file location

Overwrite DWORD 00000001

SendAlert DWORD 00000001

You can use the below script to check the Crash Control settings on a remote computer is enabled or not.

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Crash Control Settings Enabled?, Auto Reboot? >> Result.csv

SET Crash_Ctrl=

SET Auto_Rbt=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\SYSTEM\CurrentControlSet\Control\CrashControl”

REG.exe Query %RegQry% > CheckCC.txt

Find /i “CrashDumpEnabled REG_DWORD 0x3” < CheckCC.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Crash_Ctrl=Enabled

) ELSE (

SET Crash_Ctrl=Disabled

)

Find /i “AutoReboot REG_DWORD 0x1” < CheckCC.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Auto_Rbt=Enabled

) ELSE (

SET Auto_Rbt=Disabled

)

Echo %Comp_name, %Crash_Ctrl%, %Auto_Rbt% >> Result.csv

)

*** End ***

The above script will check remote computer for two registry entries to check whether Crash Control is enabled or not and the results will be saved in a CSV format file.

How To Check What All Programs Will Run When User Logged On To Computer.

The following knowledgebase will tell you how you can check what all programs will run when user has logged on to the computer.

When user logs on to the computer the Winlogon service will use the following registry entry to run any programs (if specified):

HKLM\Software\Micrsofot\Windows\CurrentVersion\Run

HKLM\Software\Micrsofot\Windows\CurrentVersion\RunOnce

The above two registry entries are used by Winlogon service after user has logged on to the system successfully. The Winlogon service will create a list of programs to run.

Please note that domain policy may override this setting if specified. You can also use Group Policy settings to block any program to run.

You can use the following script to check the programs in Run or RunOnce registry key on remote computer.

*** Start ***

@echo off

Set RegQry=HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Set RegQry1=HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

REG.exe Query \\remote_computer\%RegQry% > CheckRun.txt

REG.exe Query \\remote_computer\%RegQry1% > CheckRunOnce.txt

Echo Programs on Computer : Remote_Computer >> Programs.txt

For /F “Skip=5 Tokens=*” %%a In (CheckRun.txt) Do (

Echo %%a >> Programs.txt

)

For /F “Skip=5 Tokens=*” %%a In (CheckRunOnce.txt) Do (

Echo %%a >> Programs.txt

)

*** End ***

You can use PSEXEC (a tool from Sysinternals) to run this script remotely and then redirect the output in a Text file.

How To Check If All The Computers Running On Network Are Using Default Windows Shell.

The following knowledgebase explains the method you can use to check if the user or computer is using the Windows default Explorer Shell. The Windows Default Shell is Explorer.exe for computer (it will apply to all the users who have logged on to the computer successfully). The user shell is Userinit.exe (This shell will apply to users who have logged on to the computer successfully).

Windows default Shell and Users Shell reside in the following registry entry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.

In the right pane you can see the following entries:

Shell REG_SZ Explorer.exe

Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

You can use the following script to check whether all the computers in your network are using default shell or not:

@echo off

Srvlist=C:\Temp\Srvlist.txt

Echo Computer Name, Windows Default Shell?, User Shell? >> Result.csv

SET Win_Def=

SET Usr_Def=

For /F “Tokens=*” %%a In (%srvlist%) Do (

Set Comp_name=%%a

Set RegQry=”\\%%a\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon”

REG.exe Query %RegQry% > CheckShell.txt

Find /i “Explorer.exe” < CheckShell.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Win_Def=Yes

) ELSE (

SET Win_Def=No

)

Find /i “userinit.exe” < CheckShell.txt > StringCheck.txt

If %errorlelvel% == 0 (

SET Usr_Def=Yes

) ELSE (

SET Usr_Def=No

)

Echo %Comp_name, %Win_Def%, %Usr_Def% >> Result.csv

)

*** End ***

The above script will run the Reg.exe command on all the computers specified in ComputerList.txt and will save the result in Result.csv for computers who have Windows Default Shell and user default shell specified in registry.

How to find the DNS Name of a domain

The following knowledgebase will tell you the procedure you can use to retrieve the DNS name of a domain from registry.

The following registry location is the best place to find the DNS name of a domain controller.

HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\History.

In the right pane, you will see an entry by name DCName=

The above entry will contain the DNS name of the domain. This DNS name of domain is stored in registry key after Winlogon retrieves the Domain controller by using the DcGetDCName API call.

How to Create A Service Dependable on Another Service.

The following knowledgeable article will explains the procedure you can use to make a service dependable on another service.

You need to know the following things before you can proceed with this:

  1. Short name of the service you are making dependent of.
  2. The registry location of the service.

For example, we have two services: Alerter and ThirdPartyService. Both the Services must exist in registry in order to make this work.

We need to find out the short name of ThirdPartyService. Now, navigate to the following location in registry to locate the short name of ThirdPartyService:

HKLM\System\CurrentControlSet\Services\thirdpartysvc — this would be the short name of ThirdPartyService.

Next, navigate to the following location in registry:

HKLM\System\CurrentControlSet\Services\Alerter

In the right pane, create a Multi SZ entry as explained below:

Right Click > select Multi-String Value

Then create a entry DependOnService entry and put the short service name of ThirdPartyService as a value of this entry.

Exit the registry editor and restart the Alerter service.

Net Commands

Net Commands

The following Net Commands can be used to perform operations on Groups, users, account policies, shares etc.

NET    ACCOUNTS

COMPUTER CONFIG CONTINUE FILE GROUP HELP HELPMSG LOCALGROUP NAME PAUSE PRINT SEND SESSION SHARE START STATISTICS STOP TIME USE USER VIEW

The “Net Accounts” command is used to set the policy settings on local computer such as Account policies and password policies. This command can not be used on domain controller. This command is only used on local computer.

When you type Net Accounts you will see the default settings in local computer for the Account Lockout policy and Password Policy as shown below:

clip_image002

The above settings displayed as per the role of the computer. If computer is joined to a domain, the domain settings will take effect and only the settings coming from domain will be displayed. The rest settings will be the local settings if its not coming from the Domain GPO.

You can change the following use the following options in Net Accounts option:

NET ACCOUNTS

[/FORCELOGOFF:{minutes | NO}]

[/MINPWLEN:length]

[/MAXPWAGE:{days | UNLIMITED}]

[/MINPWAGE:days]

[/UNIQUEPW:number] [/DOMAIN]

Two conditions are required in order for options used with

NET ACCOUNTS to take effect:

/FORCELOGOFF:{minutes | NO} Sets the number of minutes a user has before being forced to log off when the account expires or valid logon hours expire. NO, the default, prevents forced logoff.

/MINPWLEN:length Sets the minimum number of characters for a password. The range is 0-14 characters; the default is 6 characters.

/MAXPWAGE:{days | UNLIMITED} Sets the maximum number of days that a

password is valid. No limit is specified by using UNLIMITED. /MAXPWAGE can’t be less than /MINPWAGE. The range is 1-999; the default is 90 days.

/MINPWAGE:days Sets the minimum number of days that must pass before a user can change a password. A value of 0 sets no minimum time. The range is 0-999; the default is 0 days. /MINPWAGE can’t be more than /MAXPWAGE.\

/UNIQUEPW:number Requires that a user’s passwords be unique through the specified number of password changes. The maximum value is 24.

/DOMAIN Performs the operation on a domain controller of the current domain. Otherwise, the operation is performed on the local computer.

How To Reregister SRV records of a Domain Controller In DNS Zone

The following knowledgebase article explains how you can use the tools described below to re-register SRV records of a domain controller in the DNS domain Zone.

You can use the following tools or methods:

  1. Restart the Netlogon service on Domain Controller.
  1. Use DcDiag /Fix or NetDiag /fix
  1. Manually enter the SRV records from Netlogon.dns file in \Windows or \Winnt\System32\Config directory.

How To Delete All The Active Connections From Local Computer.

The following knowledgebase explains how you can delete all the active connections on a local computer using Net Use command:

You can use the following command to delete Active Connections on a local computer:

Net Use * /delete.

The above command deletes all the active connections in local computer.

Please note this command can also be used on remote computer. Please see the Net help use for more options.

Client Machines Are Taking Too Long To Log On To Domain

The following knowledgebase explains the issue when client machines take too long to log on to domain:

Client computers use DNS to find the domain controller. If DNS is not running or SRV records of domain controllers are not registered then client computers will not be able to log on to the domain.

You can use the following tools to verify the SRV registration in the domain:

NetDiag /v

The above command will display if there is any problem with the SRV records of the domain controller.

If all the client computes in your network are taking too long to log on to the network then please verify if the SRV records of the domain controllers are registered in the domain.

You can use the following options to re-register the SRV records of a domain controller in the DNS:

  1. Restart the Netlogon Serivce.
  1. Use DcDiag /fix or NetDiag /fix
  1. Local the Netlogon.dns file in \Windows\System32\Config directory and manually add them into the DNS Zone of that domain.