Windows DevCenter    
 Published on Windows DevCenter (
 See this if you're having trouble printing code examples

O'Reilly Book Excerpts: Windows Server Hacks

Hacking Windows Server

by Mitch Tulloch

Related Reading

Windows Server Hacks
100 Industrial-Strength Tips & Tools
By Mitch Tulloch

Editor's Note: Mitch Tulloch has gathered 100 hacks for his Windows Server Hacks book to help system administrators master the more powerful features of Windows Server. To provide a real look at what these hacks can help you do, we offer three excerpts from the book: How to use an ADSI-based script to search for domain users; how to use the Hyena utility to quickly find out which user on your network has a particular file open; and how to quickly locate all machines that have automatic logon enabled in their registry. And if you like what you see here, pick up the book--there are 97 more cool techniques you can use in your everyday Windows administration tasks.

Hack #25: Search for Domain Users

Programmatically search for a user in a mixed Windows NT/2000 environment.

If you are in the process of migrating from Windows NT to Windows 2000, you can certainly appreciate the search capabilities provided in Active Directory administrative tools. At the same time, more than ever, you suffer from its absence in the User Manager. This issue becomes especially acute in environments where there is no consistent naming convention or when the naming convention happened to change several times over years. The sorting feature might help, but only provided that a person responsible for creating accounts entered the full name correctly and in the same format. Misspellings or using diminutives and nicknames are other frequent causes of confusion. Your search becomes considerably more time consuming if you manage multiple domains with different naming conventions.

To resolve a problem, you can employ a couple of approaches. The first one involves exporting a user list, along with each user's properties, into a comma-delimited file or a database (e.g., Access or SQL). The main drawback of this solution is the need for regular updates of the exported list. The second drawback, which eliminates the need for maintenance, is using an ADSI-based script.

This approach is shown in the script that follows.

The Code

The script allows searches against multiple domains. In order to accomplish this, you need to provide as the second input argument the list of domains (individual names need to be separated by semicolons). The first argument of the script is the part of the username (of any length) that you want to match against account names. Type the script into Notepad (with Word Wrap disabled) and save it with a .vbs extension as FindUser.vbs:

'*** The script searches for a username in one on more domains by
'*** looking for a match on the string of characters you specify.
'*** The syntax:
'*** cscript //nologo FindUser.vbs string dom1[;dom2]
'*** where string is used to match against the username
'*** dom1;dom2 is the semicolon separated list of one or
'*** more domains to search (no limit on number of entries)
'*** variable declaration
Dim sName 'string to match against
Dim sDom 'string storing list of domains
Dim aDom 'array storing list of domains
Dim iCount 'counter variable
Dim oDomain 'object representing domain
Dim oUser 'object representing user account
Dim sLine 'string containing results of the search
'*** variable initialization
sName = Wscript.Arguments(0)
sDom = Wscript.Arguments(1)
aDom = Split(sDom, ";")
'*** search for matches in the loop
For iCount=0 To UBound(aDom)
Set oDomain = GetObject("WinNT://" & aDom(iCount))
oDomain.Filter = Array("user")
For Each oUser in oDomain
If InStr(1,, sName, 1) > 0 Then
sLine = oDomain.Name & "\" & oUser.Name & ";"
SLine = sLine & oUser.Description & ";"
SLine = sLine & OUser.FullName & ";"
WScript.Echo sLine
End If

Running the Hack

When you run FindUser.vbs using Cscript.exe in a command-prompt window, you can easily find the full name and domain for a user, given his username. For example, when I search to see if the username bsmith is present in the MTIT domain, I find that user BobSmith is assigned that username (Figure 3-1).

Figure 3-1
Figure 3-1. Using FindUser.vbs to check whether username bsmith is already used.

—Marcin Policht

Hack #49: Determine Who Has a Particular File Open on the Network

Use the Hyena utility to quickly find out which user on your network has a particular file open.

One of the biggest problems for system administrators is dealing with helpdesk or user requests that ask you to see who has a particular document open on the network. This can be most effectively completed using a utility called Hyena from With this utility, you can even disconnect the user who has the open file or send her a message asking her to close the file in question.

Here's a quick walkthrough on how to use the product, so you can see how easy it is to use. Start Hyena and begin by selecting the server name where the file is stored. Expand the + sign and the Shares leaf, and select the share you want to examine. Then, drill through the directories until you find the subdirectory you want, such as SqlDev in Figure 5-1.

Figure 5-1
Figure 5-1. Finding open files in Hyena.

Now, select the file you want (SMS_ABC_Database.mdb in our example) in the right pane to see who has it open. Right-click it, and from the context menu select More Functions and then Open By (Figure 5-2).

Figure 5-2
Figure 5-2. Selecting an open file.

Now, in the menu to the right, you will see who the user is by examining the User Name column, as shown in Figure 5-3.

Figure 5-3
Figure 5-3. Viewing who has the file open.

Now it is just a matter of either sending the user a message or, if he is unavailable, disconnecting him, by right-clicking on the file and choosing the appropriate menu option (Figure 5-4). If you opt for the latter, keep in mind that the file will be closed without giving the user the opportunity to make any final changes.

Figure 5-4
Figure 5-4. Disconnecting the user.

You can download a free, 30-day, fully functional, evaluation copy of this great tool from Enjoy!

—Don Hite

Hack #76: Find Computers with Automatic Logon Enabled

Having automatic logon enabled on a computer can be a security risk. Here's a quick way to find out which machines on your network have automatic logon enabled.

While enabling automatic logon [Hack #4] in Chapter 1 can be useful in certain scenarios, such as a test network, it can also be a security risk, especially if it is enabled on a computer without the administrator's knowledge. Here is a quick and dirty way to locate all machines that have automatic logon enabled in their Registry.

You'll need the following tools:

Create a batch file that will use the provided list and kick off regfind. For this we will use the FOR DOS command (all on one line - text is wrapped here to fit the constraints of the page):

for /F %%A in (serverlist.txt) do (regfind.exe -m \\%%A -p "hkey_local_
machine\software\microsoft\windows nt\currentversion\winlogon" -n
"Autoadminlogon" >results.txt)

You can see that we are simply parsing the serverlist.txt file for each server name, then instructing regfind to locate that Registry key. There are two caveats, though. First, the results can be hard to read while the search is going on. It is recommended that you pipe the results to a text file (the preceding example does this). Second, regfind is case-sensitive. This can make the search a bit longer, but it's still fairly easy. Instead of just a one-line batch file, you simply have a few more (almost identical) lines. A larger sample of the completed batch file looks something like this (again, all on one line -- beware of line wrap):

for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "Autoadminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "AutoadminLogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "AutoAdminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "AutoAdminLogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoAdminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoadminlogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoAdminLogon" >results.txt)
for /F %%A in (serverlist.txt) do (c:\work\adminlogon\regfind.exe -m \\%%A
-p "hkey_local_machine\software\microsoft\windows nt\currentversion\
winlogon" -n "autoadminLogon" >results.txt)

Using this method, you can scan a select list of workstations/servers for this key fairly quickly.

Hacking the Hack

This procedure can easily be modified to find out other Registry keys as well, simply by changing the key name to search for. Enjoy!

—Donnie Taylor

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

Return to

Copyright © 2009 O'Reilly Media, Inc.