Service and Scheduled Task User Manager

July 19, 2010 35 comments

Sometimes, SOX regulations, customer agreement or your boss, forces you to have the password periodically changed for all service accounts and/or accounts running scheduled tasks. So either you have a detailed list of who (the user account) runs what (the service or scheduled task) where (on which computer), and manually change the password at the GUI, or you create a script to help you do the job.

A friend of mine, asked me to help him out and write the script he needed. I thought of creating a script that asks the user for input (account name, new password and a list of computers) and then runs against all the computers in the list and changes the password accordingly… but wouldn’t it be nicer to have a nifty application that does all that, and that you wouldn’t have to edit a text file, or type-in all the parameters each time you want to run the process but with a different set of arguments?

So I decided to write the application. The list of requirements included:

  • The computer list should be easy to manage, and the user should be able to easily add a computer to the list, or a pre-created list from a text file, or even directly from an Active Directory container.
  • The process results should be easy to understand, and even available to export and save for future references.
  • Have an option to manage only services, only scheduled tasks or both.
  • Have an option to restart the services after the password was changed.
  • Have an option to change the user account running the services and/or scheduled tasks.
  • Have a “dry-run” option that would only show the objects (services and scheduled tasks) that their credentials would have been changed.
  • Have an option to quickly connect using Remote Desktop to a selected computer in the list, and to edit the properties of scheduled task listed in the results.

The result from this list, together with other ideas and suggestions that came along the way is SSTUM (Service and Scheduled Task User Manager).

I think it’s easy to use, and the GUI is pretty much self explanatory:

Service and Scheduled Task User Manager

AddComputers ContextMenu


1. Add computers to the list. you can add a specific computer name, a list of computers from an Active Directory container or from a csv or text file) using the buttons in the Computer List box, right-click the list area and use the context menu, or drag-and-drop a csv or a text file to the computers list area.


Note: When using the specific computer option you can use a comma (“,”) to add many computers or an asterisk (“*”) to be used with a search filter to add computers from Active Directory. As a combined example: by typing in “SQL*,*TEST” in the Add a specific computer box, you will be adding to the list all computer accounts in Active Directory that start with “SQL” and all computer accounts that end with “TEST”.

2. Type-in the Current User that you want to change it’s password on all the listed computers, type in the New User if you want the change the user account running the services and scheduled tasks (or type-in the same account as in the current user text box, to leave the account information unchanged)

3. Enter the new password, and type it again in the validate field.

4. Select to Manage Scheduled Tasks, Manage Services and whether to Restart the services after the password was changed or not.

5. Click the Report Objects for a “dry-run”, or the Change Credentials to run the process and actually change the credentials for the selected objects (Services and Scheduled Tasks) on the listed computers.

Note: For the Report Objects option, you need only the Current User information.

Results ContextMenu


6. You can right-click the Results pane to quickly connect to a computer using Remote Desktop, to open the Task Properties window, or to export the results report to a CSV or an XML file to be later opened as an XML table in Excel.



SSTUM uses TaskScheduler.dll from and dsuiext.dll from the Active Directory Service Interfaces, both included in the downloadable zipped file.

Please note it requires you to have at least .NET Framework 2.0 installed


IT Posters for you empty walls

May 29, 2010 1 comment

Microsoft just released a new poster. The Windows Server 2008 R2 Hyper-V Component Architecture poster:

Windows Server 2008 R2 Hyper-V Component Architecture
This poster provides a visual reference for understanding key Hyper-V technologies in Windows Server 2008 R2. It focuses on architecture, snapshots, live migration, virtual networking, storage, and import/export.

Additional IT posters available:

Windows Server 2008 R2 Feature Components poster:
Windows Server 2008 R2 Feature Components
This poster provides a visual reference for understanding key technologies in Windows Server 2008 R2. It focuses on Active Directory Domain Services, Hyper-V, Internet Information Services, Remote Desktop Services (including Virtual Desktop Infrastructure (VDI)), BranchCache, and DirectAccess technologies. In addition, updates to core file services and server management are illustrated. You can use this poster in conjunction with the previously published Windows Server 2008 Component Posters.

Windows Server 2008 Component posters:
Windows Server 2008 Active Directory Feature Components Windows Server 2008 Feature Components

These two posters provide a strong visual tool to aide in the understanding of various features and components of Windows Server 2008. One poster focuses exclusively on powerful new Active Directory technologies, while the other provides a technical look at a variety of new features available in Windows Server 2008 (such as Server Core, Network Access Protection, and more).

Exchange Server 2007 Component Architecture poster:

Microsoft Exchange Server 2007 Component Architecture
Aside from showing the high-level architecture, this poster highlights the feature set of Exchange Server 2007. Sections include Management and Monitoring, High Availability, Client Access, Edge Transport, Hub Transport, Mailbox, and Unified Messaging server roles

Exchange Server 2010 Transport Server Role Architecture diagrams:

Exchange 2010 Hub Transport Extensibility Exchange 2010 Hub Transport Role Architecture
Many components are involved in the transport of messages through the Exchange Server 2010 mail flow pipeline. The Hub Transport server role diagram can help you understand the role each component plays in the processing of messages that enter the Exchange 2010 mail flow pipeline. Exchange administrators can use this information to help diagnose mail flow problems. The Hub Transport extensibility diagram can help you understand how the agents process a message that is in the Exchange 2010 mail flow pipeline. Developers can use this information to help create third-party agents and applications to work with Exchange 2010.


Active Directory 2003 Component Jigsaw poster:

Microsoft Windows Server 2003 Active Directory Component Jigsaw
This poster provides a strong visual tool to aide in the understanding of Active Directory components and technologies. From Site Component Topology, to Security, to Group Policy and more, this poster distills all of the must-have information about Active Directory into one easy reference.

Windows 3.0, Happy 20th Birthday!

May 22, 2010 1 comment

Microsoft Windows 3.020 years ago today, Windows 3.0 was released.

These days, almost everyone is familiar with the "Start" menu in the left-bottom corner of their Windows desktop, the fancy themes, toolbars, and menus. All computers running modern Windows now have these features. But it wasn’t always that way. Very few people remember about the days back before the "Start" button, when they had the simple desktop and the file manager.

Windows 3.0 was not really an operating system. It was a graphical environment with many application services. You had to start it by running the ‘win’ command from the DOS prompt. It relied on DOS not only for booting the computer, but for many basic services like file I/O.

As the third major release of the Windows platform from Microsoft, it offered improved performance, advanced graphics with 16 colors, and full support of the more powerful Intel 386 processor. A new wave of 386 PCs helped drive the popularity of Windows 3.0, which offered a wide range of useful features and capabilities, such as File Manager, Write, Paint Brush, Print manager and Program manager.

The Windows 3.0 GUI is also widely regarded as the reason why IBM killed its own OS/2 operating system. Microsoft launched Windows 3.0 despite the fact that it had signed a strategic partnership with Big Blue to support OS/2.

The rest, as they say, is history. Windows 3.0 was soon to be forgotten as Windows NT and Windows 3.11 were launched a few years later.

For those looking to have a quick play with the Windows 3.1 Program Manager, can visit Michael Vincent’s website and fool around with the Windows 3.1 emulator:

Michael Vincent's Windows 3.1 emulator Michael Vincent's Windows 3.1 emulator


See the Windows History at and at, and read more about Windows 3.0 at

Best Practices Analyzers

May 19, 2010 Leave a comment

Best Practices In Windows management, best practices are guidelines to configure a server as defined by experts. For example, it is considered a best practice for most server technologies to keep open ports that are required for the technologies to communicate with other networked computers and also block unused ports. Whereas best practice violations, even very important best practice violations, are not necessarily problematic, they indicate server configurations that can result in poor performance, poor reliability, unexpected conflicts, increased security risks, or other potential problems.

The resulting report of the Best Practices Analyzers, details critical configuration issues, potential problems, and other vital information. By following the recommendations of the tool, administrators can achieve greater performance, scalability, reliability, and uptime.

Some of the IT related BPAs are:

Hyper-V Best Practices Analyzer for Windows Server 2008 R2

You can use Hyper-V Best Practices Analyzer to scan a server that is running the Hyper-V role, and help identify configurations that do not comply with the best practices of Microsoft for this role. BPA scans the configuration of the physical computer, the virtual machines, and other resources such as virtual networking and virtual storage. Scan results are displayed as a list of issues that you can sort by severity, and include recommendations for fixing issues and links to instructions. No configuration changes are made by running the scan.

Microsoft Exchange Best Practices Analyzer v2.8

The Exchange Best Practices Analyzer programmatically collects settings and values from data repositories such as Active Directory, registry, metabase and performance monitor. Once collected, a set of comprehensive ‘best practice’ rules are applied to the topology.

Note: Exchange Best Practices Analyzer v2.8 should not be used to scan Exchange Server 2007 and Exchange Server 2010. In Exchange Server 2007 and Exchange Server 2010, the Best Practices Analyzer is installed during Exchange Setup and can be run from the Exchange Management Console Toolbox.

Microsoft Exchange Troubleshooting Assistant v1.1

The Exchange Troubleshooting Assistant programmatically executes a set of troubleshooting steps to identify the root cause of performance, mail flow, and database mounting issues. The tool automatically determines what set of data is required to troubleshoot the identified symptoms and collects configuration data, performance counters, event logs and live tracing information from an Exchange server and other appropriate sources. The tool analyzes each subsystem to determine individual bottlenecks and component failures, then aggregates the information to provide root cause analysis.

SQL Server 2000 Best Practices Analyzer

The SQL Server 2000 Best Practices Analyzer is a database management tool that lets you verify the implementation of common Best Practices. These best practices typically relate to the usage and administration aspects of SQL Server databases and ensure that your SQL Servers are managed and operated well.

SQL Server 2005 Best Practices Analyzer

The SQL Server 2005 Best Practices Analyzer gathers data from Microsoft Windows and SQL Server configuration settings. BPA uses a predefined list of SQL Server 2005 recommendations and best practices to determine if there are potential issues in the database environment.

Windows SharePoint Services 3.0 and Microsoft Office System 2007 Best Practices Analyzer

The Windows SharePoint Services 3.0 and Microsoft Office System 2007 Best Practices Analyzer programmatically collects settings and values from data repositories such as MS SQL, registry, metabase and performance monitor. Once collected, a set of comprehensive ‘best practice’ rules are applied to the topology.

Internet Security and Acceleration (ISA) Server Best Practices Analyzer

The ISA Server Best Practices Analyzer (BPA) is a diagnostic tool that automatically performs specific tests on configuration data collected on the local ISA Server computer from the ISA Server hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings.

Forefront Threat Management Gateway Best Practices Analyzer

The Forefront Threat Management Gateway Best Practices Analyzer is a diagnostic tool that automatically performs specific tests on configuration data collected on the local Forefront TMG computer from the Forefront TMG hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings.

Tags: ,

Performance Tuning your Windows Server (Part 4)

May 2, 2010 6 comments

This is the 4th part of a series of posts I’ll be describing several settings and parameters that can be tuned to optimize your server performance. I hope you’ll find them useful and help you improve your servers performance.

Note: As with all changes, you should implement the following suggestions one at a time and verify that there was a performance improvement. If system performance decreases after making a change, you should reverse the change.



Windows servers often have more network services and protocols Networkinginstalled than are actually required. Each additional network client, service or protocol places additional overhead on system resources. In addition, each protocol generates network traffic. By removing unnecessary network clients, services and protocols, system resources are made available for other processes.

On a system supporting more than one network protocol, the order in which they are bound to the network clients and services running on the server is important. All network communications for a given service or client start with the protocol listed at the top of the binding list. If after a given period, no response is received, communications are routed to the next protocol in the list until all protocols are exhausted. As a result it is crucial to ensure the most frequently used protocol for a given client or service is moved to the top of the binding list to offer the best network I/O performance possible.

To view the order of network bindings, Open the Network Connections applet from the Control Panel, and from the menu bar, click Advanced → Advanced Settings.

By selecting a protocol and clicking the up and down buttons, you can change the binding priority of your protocols. If an installed protocol is not required by a particular service or client, it should be disabled.Do so by removing the tick in the check box beside the protocol in question. This will improve system performance and possibly improve security.


Disable Chimney and Offload features

Network Interface Card

TCP Offload Engine is an emerging technology which is designed to offload TCP stack handling from the main system CPU to a processor built into NIC cards. This technology is still relatively new, and when engaged, has been known to cause unstable connections. This results in dropped sockets, dropped packets, packet reordering and packet retransmits.

To disable the TCP Chimney Offload features:

1. Install the KB948496 update that turns off default SNP features

2. Run the following command at the command prompt:

netsh int ip set chimney DISABLED


3. Set the registry values as described below, or use the Microsoft Fix it #50051

Disable TCP Chimney:





Set to:

0x0 (0)


Disable Receive Side Scaling:





Set to:

0x0 (0)


Disable TCP Window Auto-Tuning:





Set to:

0x0 (0)


4. Open Network Connections, locate each connection to see its properties and click Configure  → Advanced. Look for one or more entries as listed below (or similar, it depends on the manufacturer) and verify they are set to Off / Disabled / False:

  • TCP/IP Offload
  • Checksum Offload
  • IPv4 Checksum Offload
  • Large Send Offload (IPv4)
  • Large Send Offload


Harmful code detection (Antivirus) exclude settings:


Important: This section contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. You can make these changes to understand the nature of a specific problem. Before you make these changes, you should evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

Exclude the Windows Update or Automatic Update database file:

Folder Path:


Files Mask:



Exclude the Windows Update or Automatic Update log files:

Folder Path:


Files Mask:

Res*.log, Res*.jrs, Edb.chk, Tmp.edb


Exclude the Windows Security files:

Folder Path:


Files Mask:

*.edb, *.sdb, *.log, *.chk, *.jrs

Note: If these files are not excluded, antivirus software may prevent proper access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files. These files should not be scanned because antivirus software may not correctly treat them as proprietary database files.

Exclude the Group Policy user registry information:

Folder Path:


Files Mask:



Exclude the Group Policy client settings file:

Folder Path:


Files Mask:



Exclude the Active Directory and Active Directory main NTDS database files:

Folder Path:


Files Mask:

Ntds.dit, Ntds.pat


Exclude the Active Directory transaction log files:

Folder Path:


Files Mask:

EDB*.log, Res*.log, Res*.jrs


Exclude the files in the NTDS Working folder:

Folder Path:

Specified in the registry value: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory

Files Mask:

Temp.edb, Edb.chk


Exclude the Database Log files and other files in the File Replication Service (FRS) Working folder:

Folder Path:


Files Mask:

edb.chk, Ntfrs.jdb, *.log


Drivers, Firmware and Service Packs:

Drivers, Firmware and Service Packs Use the latest drivers, firmware, and service packs.
Installing the latest version of a device driver, patch, BIOS update, microcode, or firmware revision for hardware is a very important part of routine server maintenance. Newer device drivers not only fix bugs and increase system stability, but can also increase the performance and efficiency of a device, improving overall system performance.
Microsoft periodically issues service packs and hot fixes for their operating systems. After a period of testing in your environment, these should be deployed to production systems.
Service packs and hot fixes often introduce updated code to key kernel and sub-system components of the operating system and can add extra performance and functionality benefits.

Script: Exchange Mailbox Statistics Report

April 25, 2010 13 comments

A colleague asked me if I had any script in my repository that will create him a detailed report of users, mailboxes and their quota limits. I didn’t have one, so I told him I’d write it for him.

The first thing that came into my mind was the Get-MailboxStatistics PowerShell cmdlet. But then he said that the environment he needed the script for, was a Windows 2003 Domain with Exchange 2003. So I decided I’d do it VBS style.

The details he needed for the report were not only from the Exchange Mailbox but also from the Active Directory:

Property Where to get it from
Account Name Active Directory: samAccountName
User Principal Name Active Directory: userPrincipalName
Display Name Active Directory: displayName
Email Address Active Directory: mail
Issue Warning Active Directory: mDBStorageQuota *
Prohibit Send Active Directory: mDBOverQuotaLimit *
Prohibit Send and Receive Active Directory: mDBOverHardQuotaLimit *
Limit Status Exchange: StorageLimitInfo
Mailbox Size Exchange: Size
Total Items Exchange: TotalItems
Mailbox Location Exchange: ServerName + StorageGroupName + StoreName


So I started with an ADSI query to the configurationNamingContext to get the Exchange Servers listed in Active Directory.


For each server, a WMI query to the Exchange_Mailbox Class under the  /root/MicrosoftExchangeV2 namespace to get the StorageLimitInfo, Size, TotalItems, ServerName, StorageGroupName, StoreName and the MailboxDisplayName.

And for each mailbox, query the Active Directory for the additional required details (samAccountName, userPrincipalName, displayName, mail, mDBStorageQuota, mDBOverQuotaLimit and the mDBOverHardQuotaLimit). I used the legacyExchangeDN to match the mailbox to the user account in Active Directory.

(&(ObjectClass=user)(ObjectCategory=person)(legacyExchangeDN=" & legacyExchangeDN & "))

* But then, It got to me that the user may not have specific quota limits set to his user in the Active Directory, and that those settings would be inherited from the mailbox store.

So I added an ADSI query to get the information from the Mailbox Stores,


and put the needed values (mDBStorageQuota, mDBOverQuotaLimit and mDBOverHardQuotaLimit) into to a key-paired Dictionary Object (like a Hashtable). Then, when a user had the mDBUseDefaults set to true, I’d pull the information from the dictionary using his homeMDB property. Actually what I used was the value of:

GetObject("LDAP://" & oRs.Fields("homeMDB")).cn


After a few dry runs, I came across mailboxes that failed to be fully reported. I did some debugging (wscript.echo this and wscript.echo that), and noted that I forgot to handle disconnected mailboxes. So by checking if the DateDiscoveredAbsentInDS property had a value I was able to separate the “connected” from the “disconnected” mailboxes.

The script could still be tweaked for better performance and could use a bit more of logging, but I think it’s good enough to share here and definitely meets my colleague needs.

You can download the full script from here or here.

Just remember to run it using the cscript engine:

cscript //NoLogo ExchMailBoxStats.vbs



  • You will need administrative rights on the Exchange Server to connect to it using WMI.
  • The CSV report will be created in the format of ExchMailBoxStats.yyyyMMdd.csv and located on the same folder as the ExchMailBoxStats.vbs is on.

Windows PowerShell Quick Reference

April 23, 2010 Leave a comment

Windows PowerShell Quick Reference


Microsoft has released a Quick-reference guide to commonly-used Windows PowerShell commands.

For best results, open the file in Microsoft Word, print the contents to legal-sized paper (8 inches by 14 inches), and fold the resulting printout in half, making a four-page booklet.


Download: Windows PowerShell Quick Reference.


Related Download:
Windows PowerShell 1.0 Graphical Help File (including cmdlet help and the About topics) in a fully-searchable, graphical format (a standard Windows .chm file). Also included in the help file is the VBScript to Windows PowerShell Conversion Guide and a collection of PowerShell Tips of the Week.


Related Video:
How Do I: Windows PowerShell 2.0?
Explore how Windows PowerShell 2.0 can help increase the productivity of IT professionals by providing a powerful, complete scripting language to automate repetitive tasks and conduct remote troubleshooting. It delivers a growing set of cmdlets that can be used to manage Windows–based PCs and servers, and it can be easily extended.


PowerShell Code Repositories:


Happy scripting.