Batch Script Add-DNS-Forwarders.bat

Project Objective:
We have multiple Windows DNS servers that need a forwarder configured for a specific domain.

Problem to be solved:
This is normally a setting that needs to be configured by hand on each DNS server.

@echo off

rem #***********************************************************************
rem # "Add-DNS-Forwarders.bat"
rem #
rem # Written by Aaron Wurthmann (aaron (AT) wurthmann (DOT) com)
rem # If you edit please keep my name as an original author and
rem # keep me apprised of the changes, see email address above.
rem # This code may not be used for commercial purposes.
rem # You the executor,runner,user accept all liability.
rem # This code comes with ABSOLUTELY NO WARRANTY.
rem # You may redistribute copies of the code under the terms of the GPL v2.
rem # -----------------------------------------------------------------------
rem # 2010.11.02 ver FINAL
rem #
rem # Summary:
rem # Creates conditional DNS forwards for domains.
rem # Be sure to adjust your settings below as needed.
rem #************************************************************************

rem    DNS Servers to contact/run against
set DNSserver1=192.168.1.100
set DNSserver2=192.168.1.101

rem    Conditional Zone to Forward For
set Zone=domain.ext

rem    DNS Forwards to contact for Conditional Zone seperated with a single space
set Forwarders=192.168.2.100 192.168.2.101

rem    Main
FOR /F "usebackq tokens=2 delims==" %%i IN (`set DNSserver`) DO (
    dnscmd %%i /zoneadd %Zone% /forwarder %Forwarders%
)

VisualBasic Script check_msmq.wsf

Project Objective:
Create a Nagios addon to be run with NRPE/NSClient++ that checks the Microsoft Message Queue for “stuck” messages.

Problem to be solved:
Increased monitoring of Microsoft Message Queue. Get notified when messages are not leaving message queue.

'***********************************************************************
' "check_msmq.wsf"
'
' Written by Aaron Wurthmann (aaron (AT) wurthmann (DOT) com)
'
' If you edit please keep my name as an original author and
' keep me apprised of the changes, see email address above.
' This code may not be used for commercial purposes.
' You the executor,runner,user accept all liability.
' This code comes with ABSOLUTELY NO WARRANTY.
' You may redistribute copies of the code under the terms of the GPL v2.
' -----------------------------------------------------------------------
' 2010.09.26 ver 1.0
' Checks number of messages in the Microsoft Message Queue. If warning or
' critical thresholds are reached number of messages are outputted.
'************************************************************************

<job>
<runtime>
  <description>

check_msmq (nrpe_nt-plugin) 1.0
This nrpe_nt plugin come with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.

  </description>
    <named
      name="h"
      helpstring="Help"
      type="simple"
      required="false"
    />
  />

  <example>

  You do not need a string for this plugin.

 Checks number of messages in the Microsoft Message Queue. If warning or
 critical thresholds are reached number of messages are outputted.

  Usage: command [check_msmq]
  c:Windowssystem32cscript.exe //NoLogo //T:10 check_msmq.wsf

  </example>

</runtime>

<script language="VBScript">

'*******************************************************************
' Help
'*******************************************************************
If Wscript.Arguments.Named.Exists("h") Then
      Wscript.Echo "Plugin help screen:"
      Wscript.Arguments.ShowUsage()
      Wscript.Quit(3)
End If

'*******************************************************************
' Main
'*******************************************************************
Dim objLocator
Dim objServices
Dim colItems
Dim colServiceList
Dim objExchService
Dim SumMessages
Dim intWarning
Dim intCritical
Dim objItem
Dim intResult
Dim strResult
Dim strComputer
Dim strServiceName

SumMessages = 0

strComputer = "."
strServiceName = "MSMQ"

intWarning = 100000
intCritical = 200000

On Error Resume Next
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objServices = objLocator.ConnectServer(strComputer, "Root/CimV2")

Set colServiceList = objServices.ExecQuery("Select * From Win32_Service Where Name='" & strServiceName & "'")

If (Err.Number = 0) And IsObject(colServiceList) Then
    If colServiceList.Count > 0 Then

        '
        Set colItems = objServices.ExecQuery("Select * From Win32_PerfRawData_MSMQ_MSMQQueue where MessagesInQueue > 1")
        For Each objItem in colItems
            SumMessages = SumMessages + objItem.MessagesInQueue
        Next
        If IsEmpty(SumMessages) Then
            strResult = "WARNING ALERT! Message Queue UNAVAILABLE"
            intResult = 1
        ElseIf SumMessages > intCritical Then
            strResult = "CRITICAL ALERT! Number of messages in queue: " & SumMessages
            intResult = 2
        ElseIf SumMessages > intWarning Then
            strResult = "WARNING ALERT! Number of messages in queue: " & SumMessages
            intResult = 1
        ElseIf SumMessages < intWarning Then
            strResult = "No Alert. Number of messages in queue: " & SumMessages
            intResult = 0
        End If
    Else
        strResult = "No Alert. System is not a MSMQ server."
        intResult = 0
    End If
End If

Select case intResult
  Case 0 wscript.echo strResult
         wscript.quit(0)
  Case 1 wscript.echo strResult
         wscript.quit(1)
  Case 2 wscript.echo strResult
         wscript.quit(2)
end select

VisualBasic Script check_exch_mq.wsf

PLEASE NOTE:
This script has been replaced with a PowerShell version that works with Exchange 2003 as well as Exchange 2010.
http://irl33t.com/blog/2011/08/powershell-script-watch-exchange-queues.ps1

Project Objective:
Create a Nagios addon to be run with NRPE/NSClient++ that checks the Exchange 2003 message queue for “stuck” messages.

Problem to be solved:
Increased monitoring of Exchange 2003 server. Get notified when messages are not leaving message queue.

'***********************************************************************
' "check_exch_mq.wsf"
'
' Written by Aaron Wurthmann (aaron (AT) wurthmann (DOT) com)
'
' If you edit please keep my name as an original author and
' keep me apprised of the changes, see email address above.
' This code may not be used for commercial purposes.
' You the executor,runner,user accept all liability.
' This code comes with ABSOLUTELY NO WARRANTY.
' You may redistribute copies of the code under the terms of the GPL v2.
' -----------------------------------------------------------------------
' 2010.09.26 ver 1.0
' Checks number of messages in Exchange message queue. If warning or
' critical thresholds are reached number of messages are outputted.
'************************************************************************

<job>
<runtime>
  <description>

check_exch_mq (nrpe_nt-plugin) 1.0
This nrpe_nt plugin come with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.

  </description>
    <named
      name="h"
      helpstring="Help"
      type="simple"
      required="false"
    />
  />

  <example>

  You do not need a string for this plugin.

 Checks number of messages in Exchange message queue. If warning or
 critical thresholds are reached number of messages are outputted.

  Usage: command [check_exch_mq]
  c:Windowssystem32cscript.exe //NoLogo //T:10 check_exch_mq.wsf

  </example>

</runtime>

<script language="VBScript">

'*******************************************************************
' Help
'*******************************************************************
If Wscript.Arguments.Named.Exists("h") Then
      Wscript.Echo "Plugin help screen:"
      Wscript.Arguments.ShowUsage()
      Wscript.Quit(3)
End If

'*******************************************************************
' Main
'*******************************************************************
Dim objLocator
Dim objServices
Dim colItems
Dim colServiceList
Dim objExchService
Dim SumMessages
Dim intWarning
Dim intCritical
Dim objItem
Dim intResult
Dim strResult
Dim strComputer
Dim strServiceName

SumMessages = 0

strComputer = "."
strServiceName = "MSExchangeSA"

intWarning = 10
intCritical = 20

On Error Resume Next
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
Set objServices = objLocator.ConnectServer(strComputer, "Root/CimV2")

Set colServiceList = objServices.ExecQuery("Select * From Win32_Service Where Name='" & strServiceName & "'")

If (Err.Number = 0) And IsObject(colServiceList) Then
    If colServiceList.Count > 0 Then

        Set objExchService = objLocator.ConnectServer (strComputer, "rootcimv2ApplicationsExchange")
        Set colItems = objExchService.ExecQuery("SELECT * FROM ExchangeQueue",,48)
        For Each objItem in colItems
            SumMessages = SumMessages + objItem.NumberOfMessages
        Next
        If IsEmpty(SumMessages) Then
            strResult = "WARNING ALERT! Message Queue UNAVAILABLE"
            intResult = 1
        ElseIf SumMessages > intCritical Then
            strResult = "CRITICAL ALERT! Number of messages in queue: " & SumMessages
            intResult = 2
        ElseIf SumMessages > intWarning Then
            strResult = "WARNING ALERT! Number of messages in queue: " & SumMessages
            intResult = 1
        ElseIf SumMessages < intWarning Then
            strResult = "No Alert. Number of messages in queue: " & SumMessages
            intResult = 0
        End If
    Else
        strResult = "No Alert. System is not an Exchange server."
        intResult = 0
    End If
End If

Select case intResult
  Case 0 wscript.echo strResult
         wscript.quit(0)
  Case 1 wscript.echo strResult
         wscript.quit(1)
  Case 2 wscript.echo strResult
         wscript.quit(2)
end select

PowerShell Script Get-Quova-Ipinfo.ps1

Project Objective:
More or less this is a proof of concept script to show how easy it can be to query Quova’s IP info data. The script takes a parameter (an IPv4 address) and returns all known information on that IP address’ user including the city, where available.

Future Versions:
I may re-add a Get-NSlookup function I took out which converts hostnames to IP addresses (duh!). I removed it for this version so that I could make error handling simpler. See notes below, it appears that the simple error handling I was going for has a problem that I should address first.

Mandatory Requirements:
Requires Get-Hash from the PowerShell Community Extensions http://pscx.codeplex.com/
Requires system to have correct time. There are no time zone restrictions. Script uses UTC.
Requires API Key and Shared Secret from Quova’s developer program. http://developer.quova.com
As of this post, September 15th 2010, Quova gives you 1k queries a day and 2 queries per second for free.

Syntax:
Get-Quova-Ipinfo.ps1 <IPv4 ADDRESS>
Example:
Get-Quova-Ipinfo.ps1 64.41.241.254

Notes:
The default output of this script is verbose, you may want to comment out fields you don’t care to see. The error “No data is available for IP” is also given if api.quova.com isn’t reachable. For example you aren’t on the interweb. To fix that I’m going to have to add some real error handling in the next version.

# Get-Quova-Ipinfo.ps1
#
# Written by Aaron Wurthmann (aaron <AT> wurthmann <DOT> com)
#
# If you edit please keep my name as an original author and
# keep me apprised of the changes, see email address above.
# This code may not be used for commercial purposes.
# You the executor,runner,user accept all liability.
# This code comes with ABSOLUTELY NO WARRANTY.
# You may redistribute copies of the code under the terms of the GPL v2.
# -----------------------------------------------------------------------
# Prerequisites:
# Written for PowerShell v2
# Requires Get-Hash from the PowerShell Community Extensions
#    http://http://pscx.codeplex.com/
# Requires system to have correct time.
#    There are no time zone restrictions. Script uses UTC.
# Requires API Key and Shared Secret from Quova's developer program.
#    http://developer.quova.com
#    As of this post, September 15th 2010, Quova gives you 1k queries a day
#    and 2 queries per second for free.
#
# -----------------------------------------------------------------------
# 2010.09.15 ver 1.1
#
# Summary:
# This script can be used as is to gather geographic information on a
# provided IP address, or this script could be incorporated into a webpage
# that uses the geographic information, be it for ads, custom content,
# fraud, or other uses.
#
# Syntax:
#     Get-Quova-Ipinfo.ps1 <IPv4 ADDRESS>
# Example:
#     Get-Quova-Ipinfo.ps1 64.41.241.254
#
# Notes:
# In order to display the majority of the fields a given IP address has
# I opted for writing them all out to standard out. However I also wanted
# to show of the feature I find more interesting which is the exact location
# IF the exact location is available. Please edit as you see fit.
# I also opted for some mild error checking inline opposed to up front.
#************************************************************************

Param([string]$ip = '64.41.241.254')

# Edit Varibles Here, enter your API key and shared secret
$apikey = 'YOUR_API_KEY_HERE'
$secret = 'YOUR_SHARED_SECRET_HERE'
# End Editable Varibles Section

$service = 'http://api.quova.com/'
$version  = 'v1/'
$method = 'ipinfo/'

Function Check-IP {
    $IPAddress=$null
    $chkipresult=[System.Net.IPAddress]::tryparse($ip,[ref]$IPAddress) -and $ip -eq $IPaddress.tostring()
    return $chkipresult
}

Function Get-Sig {
    [int]$epochtime = Get-Date -date (Get-Date).ToUniversalTime()-uformat %s
    [string]$timestamp = $epochtime
    [string]$string=$apikey+$secret+$timestamp
    [string]$hash=$string | Get-Hash -StringEncoding ascii
    [string]$hashresult=$hash.ToLower()
    return $hashresult
}

$isIP=Check-IP
If ($isIP -eq $true) {
    $sig=Get-Sig
    If ($sig.Length -eq 32) {
        [string]$url=$service+$version+$method+$ip+'?apikey='+$apikey+'&sig='+$sig
        $ErrorActionPreference='SilentlyContinue'
        $content = (new-object System.Net.WebClient).DownloadString($url)
        write-host ''
        if ($content) {
            #$content
            $xml = New-Object xml
            $xml.Loadxml($content)
            $ipinfo=$xml.ipinfo
            $ip_address = $ipinfo.ip_address
            $ip_type = $ipinfo.ip_type
            $network = $ipinfo.network
            $domain = $ipinfo.network.domain
            $location = $ipinfo.location
            $countrydata = $ipinfo.location.countrydata
            $country = $ipinfo.location.countrydata.country
            $statedata = $ipinfo.location.statedata
            $state = $ipinfo.location.statedata.state
            $citydata = $ipinfo.location.citydata
            $city = $ipinfo.location.citydata.city

            write-host 'ip_address : '$ip_address
            write-host 'ip_type    : '$ip_type
            if ($ip_type -ne 'Reserved') {
                $network
                $domain
                $location
                $countrydata
                $citydata
                $statedata
                if ($city) {
                    $specificlocation = $city +', ' +$state +', ' +$country
                }
                Else {
                    if ($state) {
                        $specificlocation = $state +', ' +$country
                    }
                    Else {
                        $specificlocation = $country
                    }
                }
                $specificlocation
            }
        }
        Else {
            write-host 'No data is availible for:' $ip
        }
    }
    Else {
        write-host 'ERROR: Invalid signature length.'
    }
}
Else {
    write-host 'ERROR:' $ip 'is not a valid IPv4 address.'
}

Reading Windows Minidump Debug (How to)

Intro:
It’s been years since Windows NT first came out, over 14 for just Windows NT 3.5, and it still amazes me how difficult it can be to troubleshoot a user’s BSoD.

At times it is easy, if you were sitting in front of the system when it BSoD’ed and you saw that there was a problem with the agp.sys driver you knew that 1) you were in the 90s and 2) that the graphics driver had a problem. (yes there is always 3) that the disk has a problem and it happens to be were the driver is or 4) RAM where the driver happened to be loaded, etc SHUT UP! the point is it is or was likely the driver). By the same token back then or today a Paged Fault in a Non-paged Area usually means its RAM issue, again not 100%, just most of the time. Now… today I’m working on a ticket and that ticket says that the user’s machine is BSoDing twice a day after some crazed pattern comes on to the screen. My first reaction was to replace the video card, we’ve seen board warping issues with this particular card and it usually resolves the issue… but not this time this time I actually had to do my job (ugggh) and troubleshoot. Enter… the minidump. A minidump file or small memory dump file “records the smallest set of useful information that may help identify why your computer has stopped unexpectedly.” Source: Microsoft Support. Now… here is my bewilderment, in order to read a minidump you need to install the Windows debug tools AND load the debugging Symbols, basically you are doing the job of a QA person or Dev and not a Systems Administrator. Sysadmins you see are a lazy bunch… well.. the good ones are anyway. Where was I? Oh yeah… mindumps. Today reading them is still a hassle, though albeit a smaller hassle than it has been in years past. My question is.. why? If the minidump is something that a Sysadmin might have to look at then why make me load debugging tools and symbols to do it? Why not just flat out tell me what the minidump says next reboot? None the less.. here is how you do it with Windows 7 x64.

How To:
Excerpts from: http://support.microsoft.com/kb/315263

First go get the Debugging Tools from the Windows SDK and install them: http://www.microsoft.com/whdc/devtools/debugging/default.mspx

(I was prompted that I didn’t have .NET Framework 4, which is true I don’t so you can ignore that)

Create a folder where you are going to put the Symbols. I put mine on the root of the C drive. Open a Command Prompt with Administrator rights then make the directory.

C:> mkdir c:symbols

Open a Command Prompt and navigate to the location where the debugging tools are.

C:> cd “C:Program FilesDebugging Tools for Windows (x64)”

I like GUI so I run the GUI debugger while loading the symbols from Microsoft’s site and storing them in my c:Symbols directory.

C:..Debugging Tools for Windows (x64)> windbg -y srv*c:symbols*http://msdl.microsoft.com/download/symbols -z c:windowsminidumpminidump.dmp

The debugger will now download the symbols and start to read the minidump. While it is doing this it is going to display some links such as, !analyze –v, Click on it. The analysis revealed a few things to me this run. Right off the back it told me that there was a problem while loading SystemRootsystem32DRIVERSnvlddmkm.sys. (thats an Nvidia display driver). As the debug continues it seems that a few recovery attempts were made before the system BSoD but the time stamp on the driver couldn’t be verified and thus the system had no choice but to BSoD. You can’t run a Windows system without a display driver, even the generic display driver is a driver.

PowerShell Script Remove-StartupItems.ps1

Project Objective:
Cleanse StartUp locations of unwanted/unneeded items that automatically start hen the system starts or user logs in.

Problem to be solved:
Unneeded applications that “run in the background” consume CPU and memory, slowing Windows startup and login down while giving the impression that the application in question runs and starts faster. (And it does, because it was already running).

Suggestions:
Use Autoruns.exe from Sysinternals/Microsoft to remove startup items manually – REJECED
Autoruns is by far one of my favorite tools to run on problem systems or even new systems that might have some unneeded programs starting, however your average user has too much choice and a lack of understanding in this area which leads to confusion. 
Accepted Solution: Create a safe list of registry entries, files and companies to check against. Anything out of those conditions is removed or any entry whose file name is not the same as its original file name.

Future Versions:
In this first version of Remove-StartupItems.ps1 we focus only on the Run keys in registry (both 32bit and 64bit). Future versions will include StartUp folders, then Services. I would also like to create a version that takes params and offers the ability to report, record, backup, restore and lock down. I will also add common virus scan vendors or helpful tools as people send me feedback. Please send me feedback. :)

 

#***********************************************************************
# "Remove-StartupItems.ps1"
#
# Written by Aaron Wurthmann (aaron <AT> wurthmann <DOT> com)
#
# If you edit please keep my name as an original author and
# keep me apprised of the changes, see email address above.
# This code may not be used for commercial purposes.
# You the executor, runner, user accept all liability.
# This code comes with ABSOLUTELY NO WARRANTY.
# You may redistribute copies of the code under the terms of the GPL v2.
# -----------------------------------------------------------------------
# Prerequisite:
# Possibly PowerShell v2. I haven't tested with v1 yet.
# -----------------------------------------------------------------------
# 2010.04.07 ver 1.0
#
# Summary:
# Enumerate items in Startup locations, checks for original file name then,
# if changed remove item, checks against custom safe list and safe vendor
# list. If not in either safe list, remove item.
#
# Instructions:
# You need to customize your safe list for your environment BEFORE trying.
# Autoruns for Windows (see credit below) works great for this. Remember
# in Autoruns the display pane on the bottom shows you the Company Name.
# The 'Publisher Name' is not always the same as the Company Name.
#
# Known Issues:
# This method won't work forever and can easily be bypassed, its not the 
# end all be all of startup security. For that we need all the legit vendors
# Microsoft included, to digitally sign their apps all the time.
#
# Furture Versions:
# In future versions I'll check PowerShell v1 compatability as well as add
# Schecduled tasks, Services AND a way to autogenerate a safe list.
#
# Greets:
# The inspiration for this script was from... 
# Mark Russinovich and Bryce Cogswell of SysinternalsMicrosoft
# Thank you guys for Autoruns and so many other tools that I use everyday.
#
# Shay Levy, PowerShell MVP - Helped me with parsing the registry.
# Thank you Shay I would probably still be banging my head on my desk.
#
# Tobias Speckbacher, Thanks for being a second set of eyes and my own
# personal regex dictionary.
#************************************************************************

function Test-Entry{
    Param($Entry,$File)
    $objFile=Get-Item (Find-Path $File)
    if ($objFile){
        if ($colSafeFiles -notcontains $File){
            if ($objFile.GetType().Name -eq 'FileInfo') {
                $Filename=$objFile.Name
                $OriginalFilename=[System.Diagnostics.FileVersionInfo]::GetVersionInfo($objFile).OriginalFilename
                $CompanyName=[System.Diagnostics.FileVersionInfo]::GetVersionInfo($objFile).CompanyName
                if ($Filename -ne $OriginalFilename -or $colSafeVendors -notcontains $CompanyName){
                    if ($Filename -ne $OriginalFilename){write-host 'Filename:'$Filename 'Expected:'$OriginalFilename 'Removing:' $Entry}
                    if ($colSafeVendors -notcontains $CompanyName){write-host $CompanyName 'not found in safe vendors list. Removing:' $Entry}
                    Remove-Entry $Entry
                }
            }
        }
    }
    ELSE{
        Remove-Entry $Entry
    }
}

function Find-Path{
param($Path, [switch]$All=$false, [Microsoft.PowerShell.Commands.TestPathType]$type="Any")
    if($(Test-Path $Path -Type $type)) {
        return $path
    } else {
        [string[]]$paths = @($pwd);
        $paths += "$pwd;$env:path".Replace(';;',';').Replace('%SystemRoot%',$env:SystemRoot).Split(";")
        $paths = Join-Path $paths $(Split-Path $Path -leaf) | ? { Test-Path $_ -Type $type }
        if($paths.Length -gt 0) {
            if($All) {
                return $paths;
            } else {
                return $paths[0]
            }
        }
    }
}

function Remove-Entry{
    Param($Entry)
    Remove-ItemProperty -Path $regLoc -Name $Entry
}

$colRegLocs=@(
    "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionRun",
    "HKLM:SOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun",
    "HKCU:SOFTWAREMicrosoftWindowsCurrentVersionRun",
    "HKCU:SOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun";
)

$colSafeVendors=@(
	'Alps Electric Co., Ltd.',		#Alps Touchpad
	'Microsoft Corporation',		#Office 2010, Security Essentials (Virus Scan)
	'Dell Inc.',				#Dell Wireless Card Tray, Control Point
	'Smith Micro Software, Inc.',		#Dell Connection Manager
	'Intel Corporation',			#Intel Event Monitor
	'NVIDIA Corporation',			#NVIDIA Display Properies, Hotkey Service, nView Wizard
	'IDT, Inc.',				#PC Audio Tray
	'Broadcom Corporation',			#Dell Security Device and Task Status
	'tzuk',					#SandboxIE Control
	'Elaborate Bytes AG',			#Virtual Clone Drive
	'Hewlett-Packard',			#Various Hardware Devices including Print Driver Modules
	'Safer Networking Ltd',			#Spybot Search and Destroy
	'Trend Micro Inc.';			#Virus Scan
)

$colSafeNames=@(
    'PSPath',
    'PSParentPath',
    'PSChildName',
    'PSDrive',
    'PSProvider',
    '(default)',
    'Synergy Client'                #Synergy, No vendor name.
    'Synergy Server'                #Synergy, No vendor name.
    'RESTART_STICKY_NOTES';            #Sticky Notes, Orginal filename mismatch
)

$colSafeFiles=@(
    'C:Program Files (x86)Synergysynergyc.exe',        #Synergy, No vendor name.
    'C:Program FilesSynergysynergyc.exe',            #Synergy, No vendor name.
    'C:Program Files (x86)Synergysynergy.exe',        #Synergy, No vendor name.
    'C:Program FilesSynergysynergy.exe';                #Synergy, No vendor name.
)

#Clean Registry Entries
foreach ($regLoc in $colRegLocs) {
    if (Test-Path $regLoc){
        $objRegLoc=Get-ItemProperty $regLoc
        $list=$objRegLoc.psobject.properties  | select name,value
        $list|ForEach-Object{
            if  ($colSafeNames -notcontains $_.Name) {
                $Entry=$_.Name
                $File=$_.Value.Split(',/')[0].Trim() -replace ('rundll32.exe ','') -replace ('^"','') -replace ('".*','')
                Test-Entry $Entry $File
            }
        }
    }
}

Scripts I Still Need to Edit for Upload

AutoIT
    OfficeSetup.exe -Proof of concept for IT EULA before Install
    ClientPassword.exe – Set Windows client Administrator password
    ServerPassword.exe – Set Windows Administrator server password
    StartOblivion.exe – Proof of concept for mount ISO and start exe

Batch
    Logon Scripts:
        mapDrives.bat                    – Map Drives
        wsus-client-detect.bat            – Run Windows Client Automatic Update
        register-dns.bat                – Register DNS (in case DHCP doesnt for you)
        printer-install.bat                – Install Printers from local site
        copy-tools.bat                    – Copy IT Tools, Sysinterals, etc locally
        exchange-profile.bat            – Setup Outlook
        3rd-party-software-check.bat    – Check for Virus Scan, Acrobat, Flash
        homeLogon.bat                    – Run Users own Batch script in their home dir
        checkAdmin.bat                    – Make sure Doman Admins and other admins are… admins and set local admin password
        spybot.bat                        – Update Spybot inf installed
        bginfo.bat                        – If server setup BGInfo from Sysinternals
        nsclient.bat                    – If server configure Nagios client
        restart-alg.bat                    – If Windows XP restart ALG Service (workaround for XP bug)
        report.bat                        – Writes session information to a hidden share/log, which is latter parsed by the ‘post logon script’ on a DC
    logonserver_log_parser.bat            – Post logon script, parses log created by report.bat and preforms actions on each client. For example system audits or adding the system to auto setup process.
    createDClogsFile.bat                – Create and archive report logs
    createDClogsShare.bat                – Create and setup report log share on DC
    default-client-ou.bat                – Move systems in Computer containers to default OU based on system name
    disable-account.cmd                    – Remove from groups, set up email forward to manager, re-assign all direct reports to manager, disable account delete mailbox
    give-local-admin.bat                – Left over from previous Setup
    healthcheck.bat                        – Check if Windows Update confgiured, run Windows
    old-accounts.bat                    – Disable user accounts that haven’t logged in in 8 weeks, delete computer accounts
    shutemdown.bat                        – Shut down all Windows Servers then DCs (for site power outages)
    LogonLimts.bat                        – Count total logon time for the day, force log off when threshold hit
    CrawlDomain-netdom                    – Connect to all systems on domain using netdom and run command
    CrawlDomain-dsquery                    – Connect to all systems on domain using a dsquery and run command
    CrawlDomain-browstat                – Connect to all systems on domain using browstat and run command

    Setup:
        ConnectToShare.bat                – Connect to \setupsetup$ and run next script
        Setup_Enviroment.bat            – Setup enviroment, join domain, rename based on Serial number, install apps, and more
        Prepare_for_User.bat            – Add username (based on system name) to local admins, active Windows 7 if needed, and more

    Tools:
        ifup.cmd                        – If system up do command. (rdp, http, etc)
        go.cmd                            – Change Directory to shortcut, sys, bin, doc, win, etc
        open.cmd                        – Open explorer to shortcut, sys, bin, doc, win, etc
        whenup.cmd                        – Wait for system to go down then wait for it to come up then do command
        rdp.cmd                            – Remote Desktop to host
    …and more
VBScript
    server_downtime.wsf                    – Log off script to tell Nagios server is shuting down and should be back up in 15 minutes, pause monitoring for 15 minutes
    getSerial.vbs                        – Get system serial number (used with serial number to system naming tying)
    ejectDVD.vbs                        – Ejects DVD *yawn*
    check_disks.wsf                        – Checks all ‘partiions’ free space (Nagios Plugin)
    check_disk_and_eMail.vbs            – Checks all ‘partiions’ free space (Stand-alone)
    sendMail.vbs                        – Umm sends mail DUH!
    …and more
PowerShell
    switch-wifi-auto.ps1                – Turns off Wifi adapter if Ethernet adapter is connected.
    remove-bloatware.ps1                – Remove known ‘bad’ entries from auto start locations in Registry
    …and more

PowerShell Script Uninstall-Toolbars.ps1

#***********************************************************************
# "Uninstall-Toolbars.ps1"
#
# Written by Aaron Wurthmann (aaron <AT> wurthmann <DOT> com)
#
# If you edit please keep my name as an original author and
# keep me apprised of the changes, see email address above.
# This code may not be used for commercial purposes.
# You the executor,runner,user accept all liability.
# This code comes with ABSOLUTELY NO WARRANTY.
# You may redistribute copies of the code under the terms of the GPL v2.
# -----------------------------------------------------------------------
# Prerequisite:
# Should work with both PowerShell v1 and v2. I wrote and tested it on XP
# as well was Windows 7 x64. Make sure to have your execution mode is set
# properly. PSH> get-help about_Execution_Policies
# In addition, WASP, Windows Automation Snapin for PowerShell, was used
# for the macros to run and click items as needed, it is not mandatory.
# -----------------------------------------------------------------------
# 2010.03.15 ver 1.2
#
# Summary:
# Removes software based on display name shown in "Add Remove Programs".
# In the majority of cases it just runs whatever uninstall program the
# program claims will uninstall itself. In a few cases a macro is run.
# See $apps array section and comments to add to the list of programs.
#
# Known Bugs:
# At this time I have noticed an issue with the "Bing Bar" attemping to
# re-install itself. Actually what is happening is a related install
# 'Bing Bar Platform' is being launched and as a result it asks if you
# want to reinstall. I haven't looked into solving this just yet. My advice
# at the moment is... don't reinstall it. *laugh*
#************************************************************************

#Function Section - Dont Touch, unless you Know what you are doing.
function Get-AppInfo {
    Param([string]$filter)
    $regkey=Get-Item "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionUninstall"
    $SubKeyNames = $regkey.GetSubKeyNames()
    foreach($SubKeyName in $SubKeyNames){
        $SubKeyString="$regkey$SubKeyName" -replace "HKEY_LOCAL_MACHINE\","HKLM:"
        $SubKey=Get-Item $SubKeyString
        $DisplayName=$SubKey.GetValue('DisplayName')
        If ($DisplayName -like "*$filter*"){
            $DisplayName
            $SubKey.GetValue('UninstallString')
        }
    }
}

function Remove-MSI {
    Param([string]$uninstallString)
    Stop-Webbrowser
    $uninstall=$uninstallString.Replace('/I','/X')
    $uninstallCmd=$uninstall.split(' ')[0]
    $uninstallParam=$uninstall.split(' ')[1]
    & $uninstallCmd $uninstallParam /qn
}

function Remove-Install {
    Param([string]$uninstallString)
    Stop-Webbrowser
    $uninstallCmd=$UninstallString.split('"')[1]
    if ($uninstallCmd){
        $uninstallCmd=$uninstallCmd.Trim()
        $uninstallParam=$UninstallString.split('"')[2]
        if ($uninstallParam){
            $uninstallParam=$uninstallParam.Trim()
        }
    }
    ELSE{
        $uninstallCmd=$UninstallString.split('/')[0].Trim()
        $uninstallParam=$UninstallString.split('/')[1]
        if ($uninstallParam){
            $uninstallParam='/' +$uninstallParam.Trim()
        }
    }

    & $uninstallCmd $uninstallParam
}

function Stop-Webbrowser {
    Get-Process | Where {$_.Name -eq "iexplore"} | kill
    #Get-Process | Where {$_.Name -eq "firefox"} | kill
}

function Remove-AltavistaToolbar {
    Param([string]$uninstallString)
    Stop-Webbrowser
    & $UninstallString.split('/')[0]
    Add-PSSnapin WASP -ea "SilentlyContinue"
    Select-Window > $nul
    if ($? -eq $True){
        Start-Sleep 1
        Select-Window uninstall | Send-Keys "y"
        Start-Sleep 1
        Stop-Webbrowser
    }
    ELSE{
        Remove-Install $UninstallString
    }
}

function Remove-BingBar {
    Param([string]$uninstallString)
    Stop-Webbrowser
    & $UninstallString.split('/')[0]
    Add-PSSnapin WASP -ea "SilentlyContinue"
    Select-Window > $nul
    if ($? -eq $True){
        Start-Sleep 1
        Select-Window InstallManager | Send-Keys "{TAB}","{ENTER}"
        Stop-Webbrowser
    }
    ELSE{
        Remove-Install $UninstallString
    }
}

function Remove-Yahoo!Toolbar {
    Param([string]$uninstallString)
    Stop-Webbrowser
    & $UninstallString.split('/')[0]
    Add-PSSnapin WASP -ea "SilentlyContinue"
    Select-Window > $nul
    if ($? -eq $True){
        Start-Sleep 1
        Select-Window UNYT_W~1 | Send-Keys "y"
        Start-Sleep 2
        Select-Window BU_ | Select-ChildWindow | Send-Keys "n"
        Start-Sleep 1
        Select-Window BU_ | Send-Keys "c"
        Start-Sleep 1
        Stop-Webbrowser
    }
    ELSE{
        Remove-Install $UninstallString
    }
}
#End Fuction Section

#    Add Apps here that you want to remove. Use the exact name as it appears in "Add Remove Programs"
#    For all toolbars uncomment 'Toolbar' and remove all other toolbars except 'Bing Bar'
$apps=@(
    'Ask Toolbar',
    'Altavista Toolbar',
    'Bing Bar',
    'Google Toolbar for Internet Explorer',
    'Yahoo! Toolbar';
    #'Toolbar';
)

#These apps have extra routines, so there are custom functions.
#WASP, Windows Automation Snapin for PowerShell, is required for macros to run
$macroapps=@(
    'Altavista Toolbar',
    'Bing Bar',
    'Yahoo! Toolbar';
)
#End Editable Section

#Main
if ($apps){
    foreach($app in $apps){
        $AppInfo=(Get-AppInfo $app)
        $DisplayName=$AppInfo[0]
        $UninstallString=$AppInfo[1]
        if ($UninstallString -like "*MsiExec*"){
            Remove-MSI $UninstallString
        }
        Else{
            if ($macroapps -contains $DisplayName){
                $cutomRemove='Remove-' + $DisplayName.Replace(' ','')
                & $cutomRemove
            }
            ELSE{
                Remove-Install $UninstallString
            }
        }
    }
}

PowerShell Script Install-Printers.ps1

#***********************************************************************
# "Install-Printers.ps1"
#
# Written by Aaron Wurthmann (aaron <AT> wurthmann <DOT> com)#

# If you edit please keep my name as an original author and
# keep me apprised of the changes, see email address above.
# This code may not be used for commercial purposes.
# You the executor,runner,user accept all liability.
# This code comes with ABSOLUTELY NO WARRANTY.
# You may redistribute copies of the code under the terms of the GPL v2.
# -----------------------------------------------------------------------
# 2010.03.01 ver 1.2
#
# Summary:
# Enumerates Print shares on Print Server and installs them.
#
# Known Limitations:
# In its present form the script will work only with a single site and
# a single print server. You'll have to edit it to do more if need be.
#************************************************************************

#Function Section - Dont Touch, unless you Know what you are doing.
function Test-Port{
    Param([string]$srv="localhost",$port=135,$timeout=300)
    $ErrorActionPreference = "SilentlyContinue"
    $tcpclient = new-Object system.Net.Sockets.TcpClient
    $iar = $tcpclient.BeginConnect($srv,$port,$null,$null)
    $wait = $iar.AsyncWaitHandle.WaitOne($timeout,$false)
    if(!$wait)
    {
        $tcpclient.Close()
        Return $false
    }
    else
    {
        $error.Clear()
        $tcpclient.EndConnect($iar) | out-Null
        Return $true
        $tcpclient.Close()
    }
}

function Add-Printer{
    Param([string]$server="",$printer="")
    if (!$server -or !$printer){
        exit
    }
    if (!$net){
        $net = new-Object -com WScript.Network
    }
    $PrinterPath = "\" + $server + "" + $printer
    write-host "Attempting to Silent Install:" $PrinterPath
    $net.AddWindowsPrinterConnection($PrinterPath)
}
# End Function Section

# Print Server
[string]$strPrintserver = "PRINTSERVER"

# Exempt Sites/DCs - Add DCs here for sites you want to skip
$DCs=@(
    '\DC101',
    '\DC02';
)

[string]$strLogonserver = ($env:logonserver)
[string]$strComputername = ("\" + $env:computername)
$net = new-Object -com WScript.Network

if ($DCs -contain $strLogonserver) {
    exit
}

if ($strLogonserver -eq $strComputername -or $strComputername -eq "\" + $strPrintserver){
    exit
}

[string]$portResult=Test-Port $strPrintserver 135 1
if($portResult -eq $false){
    exit
}

$netviewResult=@(net view \$strPrintserver | Select-String Print)
$printerShares = $netviewResult |foreach-object { $_.toString().Split('  +')[0] }

$errorActionPreference="SilentlyContinue"

$printerShares | ForEach-Object {
    Add-Printer $strPrintserver $_
}

PowerShell Script Install-WindowsUpdates.ps1

#***********************************************************************
# "Install-WindowsUpdates.ps1"
#
# Re-posted by Aaron Wurthmann (aaron <AT> wurthmann <DOT> com)
#
# If you edit please keep my name as an author and
# keep me apprised of the changes, see email address above.
# This code may not be used for commercial purposes.
# You the executor,runner,user accept all liability.
# This code comes with ABSOLUTELY NO WARRANTY.
# You may redistribute copies of the code under the terms of the GPL v2.
# -----------------------------------------------------------------------
# 2010.03.01 ver 1.1
#
# Summary:
# Gets and installed Windows Updates
#
# Background:
# A friend of mine posted this code into a chat Window one day to aid me
# with a project I was working on. Converting my batch scripts to PowerShell
# He couldn't remember where he got the code from so as a result I can't give
# the original author the credit they deserve. I made some very minor edits
# in order to change the code/script to what I use it for. Mainly a module
# to my Windows Logon Script.
#************************************************************************

clear-host
Write-host "Starting Update Process..." -foregroundcolor blue
Write-host ""
$UpdateSession = New-Object -com Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateupdateSearcher()
$SearchResult =  $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
$UpdateLowNumber = 0
$UpdateHighNumber = 1
$NumberofUpdates = $searchResult.Updates.Count
while ($UpdateHighNumber -le $NumberofUpdates) {
$UpdatesToDownload = New-Object -com Microsoft.Update.UpdateColl
$Update = $searchResult.Updates.Item($UpdateLowNumber)
if ($Update.EulaAccepted -eq 0) {$Update.AcceptEula()}
[void]$UpdatesToDownload.Add($Update)
$Downloader = $UpdateSession.CreateUpdateDownloader()
$Downloader.Updates = $UpdatesToDownload
[void]$Downloader.Download()
$UpdatesToInstall = New-Object -com Microsoft.Update.UpdateColl
[void]$UpdatesToInstall.Add($Update)
$Title = $update.Title
$KBArticleIDs = $update.KBArticleIDs
$SecurityBulletinIDs = $update.SecurityBulletinIDs
$MsrcSeverity = $update.MsrcSeverity
$LastDeploymentChangeTime = $update.LastDeploymentChangeTime
$MoreInfoUrls = $update.MoreInfoUrls
Write-host "Installing Update $UpdateHighNumber of $NumberofUpdates"
Write-host "Title: $Title"
if ($KBArticleIDs -ne "") {Write-host "KBID: $KBArticleIDs"}
if ($SecurityBulletinIDs -ne "") {write-host "Security Bulletin: $SecurityBulletinIDs"}
if ($MsrcSeverity -eq "Critical") {Write-host "Rating: $MsrcSeverity" -foregroundcolor red} else {Write-host "Rating: $MsrcSeverity"}
if ($LastDeploymentChangeTime -ne "") {Write-host "Dated: $LastDeploymentChangeTime"}
if ($MoreInfoUrls -ne "") {Write-host "$MoreInfoUrls"}
$Installer = $UpdateSession.CreateUpdateInstaller()
$Installer.Updates = $UpdatesToInstall
$InstallationResult = $Installer.Install()
Write-host "--------------------------------------------"
if ($InstallationResult.ResultCode -eq "2") {Write-host "  Installation Succeeded" -foregroundcolor green}  else {Write-host "  INSTALLATION FAILED, check event log for details" -foregroundcolor red}
if ($InstallationResult.RebootRequired -eq "False") {Write-host "  Reboot not required" -foregroundcolor green} else {Write-host "  REBOOT REQUIRED" -foregroundcolor red}
Write-host "--------------------------------------------"
Write-host ""
Write-host ""
$Title = ""
$KBArticleIDs =  ""
$SecurityBulletinIDs =  ""
$MsrcSeverity =  ""
$LastDeploymentChangeTime =  ""
$MoreInfoUrls =  ""
$UpdateLowNumber = $UpdateLowNumber + 1
$UpdateHighNumber = $UpdateHighNumber + 1
if ($ProgressValue -lt $NumberofUpdates) {$ProgressValue = $ProgressValue + 1}
}
$ComputerStatus = New-Object -com Microsoft.Update.SystemInfo
 if ($ComputerStatus.RebootRequired -eq 1) {Write-host "A Reboot is Required"}