Batch Script – How to Check if the Current User is a Member of a Group

Here is a batch script, using only DOS commands, to check if the current user is a member of a specific group. The way it is currently written, you can call a batch file containing this code using the CALL command and pass the short NetBIOS domain name (or possibly the computer name if it is a local account) and the group name to search for as arguments, and it will return a “1” if the user is a member of the specified group and “0” if they are not. Just be sure to put quotes around any group name that contains any spaces. Continue reading “Batch Script – How to Check if the Current User is a Member of a Group”

Windows – How to Run Elevated Scripts as a Regular User with Task Scheduler -OR- How to Restart Services as a Standard User

Here is a neat workaround you can use in Windows to run a batch script or any other command that would regularly require elevated administrator credentials. Using this method, you can essentially bypass UAC and allow a script to be ran as a standard user without them having to enter in an admin password. In theory, you could probably even use this same approach to install software as a regular user if you wanted to. For my example below, I was able to allow a standard user to kill processes and then restart the services.

The problem that I had to overcome was that one of my VPN users who used Shrewsoft VPN client would occasionally get disconnected and then never be able to fully connect again. Oddly enough, the client would show connected on the user’s end and immediately disconnect but it never made a connection on the server side. The problem was that the “iked” process would get hung up and then the VPN client would subsequently never fully connect all the way. Continue reading “Windows – How to Run Elevated Scripts as a Regular User with Task Scheduler -OR- How to Restart Services as a Standard User”

Batch Script – Ribbon UI Customization: Take Ownership and Change Permissions of the CommandStore Subkeys in the Registry

This is just a follow up to my experiences customizing the Ribbon UI icons in Server 2012 and where the path has taken me thus far. After many hours of research and development and a lot of head scratching, I’ve written several posts on how to disable the different icons in the Ribbon UI which requires the adding or editing of keys in the CommandStore section of the registry for Windows Explorer. For more information on how to disable the icons, see this post.

My whole goal as of late was to be able to add these registry items to the RDS server’s GPO to be able to deploy these settings to all 7 of my RDS servers but then I found out you can’t take ownership of the CommandStore subkeys with the local “SYSTEM” account. Yet another deliberate Microsoft setback meant to discourage people from editing the Ribbon UI, oh well, fuck ’em. I’ve encountered so many problems with this RDS server project it is unreal and this was just icing on the proverbial cake. Continue reading “Batch Script – Ribbon UI Customization: Take Ownership and Change Permissions of the CommandStore Subkeys in the Registry”

Batch Script – RDS Start Menu Application and Taskbar Shortcut Removal Tool

Customizing or locking down a new server for Remote Desktop Services in a Server 2012 environment can be quite a time consuming and daunting task. Countless hours will be spent setting up Group Policies, testing them, and deploying them. But far worse than that, you will waste massive amounts of time researching for jacked up ways to do simple things, such as unpinning items from the Taskbar and customizing the Start Screen.

In the past, I had already configured a company wide Group Policy for our old 2003 Terminal Server environment and it was simple and easy. No guesswork, no crazy workarounds, shit just worked. The Group Policies covered almost every scenario or task needed to lock down a server but unfortunately, that is not the case any more.

It seems Microsoft has made the process of doing pretty much anything ridiculous and overcomplicated. As a side rant, we (the world) desperetely need a good open source solution for a thin client type environment with something that mimicks Group Policy. I know I’m not the only person out there that would love to give Microsoft the old stink finger once and for all! I for one am tired of sitting and watching companies succumb to the endless money pit that is Microsoft licensing. Where you at Linux Devs?

Anyhow, I decided to write this script for a lot of shortcomings I’ve encountered along the way. One of which that I want to gripe about is that resorting to changing file permissions to remove shortcuts is just plain fucking retarded and redirecting all of the user’s start menus to a network share seemed like massive overkill to an already complicated scenario. On top of that, I had 6 separate Remote Desktop servers to fully setup and configure so I needed to streamline the process a bit. Suprisingly enough, my solution relies solely on batch scripting (and a little makeshift VB).

Enough chit chat, the script is extremely well documented so here are the highlights/features:

  • Removal of the Server Manager and PowerShell links in the Taskbar
  • Ability to backup the All User’s and Default User’s Programs directories to a zip file
  • Ability to copy the All Programs Start Menu shortcuts to a list of administrator or power user profile directories
  • Customized list of applications to remove from the Classic Shell Start Menu or the Windows Start Screen
  • Deleted Start Menu Program entries go into the active user’s Recycle Bin and can be restored if necessary
  • Remove System Tools, Accessories, Accessibility, Administrative Tools, Windows Store, PC Settings, Control Panel, Run, Command Prompt, and PowerShell shortcuts from Menus

Download the “Custom_RDS_Start_Menu.bat” script here.

:: RDS SERVER 2012 CUSTOM START MENU AND TASKBAR SHORTCUT REMOVAL
:: Author: Nathan Thomas
:: Date: 02/11/2015
::
:: This script should be ran on the RDS server after your server administrators have already
:: logged in at least once so that they get all the shortcuts they need (otherwise you will 
:: need to manually copy them later on) but before your end users log in for the first time.
:: In addition, it assumes you have not already made changes or any customizations to the
:: All User's or Default User's Start Menus profiles and that you have already installed all
:: of the applications that the server will be running. Please note that if you decide
:: to install software after you've ran the script, you will manually have to remove that
:: program from the All User's Start Menu folder and copy it to your administrator profiles
 Continue reading "Batch Script – RDS Start Menu Application and Taskbar Shortcut Removal Tool"

Batch Script – Sending Items to the Recycle Bin Without Calling Any Third-Party Applications

While writing another larger script, I wanted the ability to send folders or files to the Recycle Bin, which I found out you can’t do natively via the command line without using some third-party apps or PowerShell.

I also found that when looping through a list of files in a batch script, it makes it really difficult to delete folders versus files because you have to either use the “del” command for files or the “rmdir” command for folders. With no simple way to differentiate between the two without a bunch of extra code, I kept looking for an alternative solution.
Continue reading “Batch Script – Sending Items to the Recycle Bin Without Calling Any Third-Party Applications”

Batch Script – Zip/Compress Files Without Calling Any Third-Party Applications

While writing another batch script the last several days, I found out that you cannot zip or compress files or folders natively from the command line without having additional third-party software or PowerShell. After a while of scouring the forums, I came up with this pure batch solution that uses VB script.

Basically, from this chunk of code in a single batch file, we can both generate the VB script, zip up whatever files we want, and then just delete the VB script when we’re done. Within the batch file, we can just call on the VB script using “CScript” and it works pretty much like any other function in any other programming language.
Continue reading “Batch Script – Zip/Compress Files Without Calling Any Third-Party Applications”

Batch Script – Get User’s SID One-Liner

While researching a way to try and send files to a user’s Recycle Bin from a batch script, I came across this one liner either at StackExchange or SuperUser forums somewhere. FYI, there is no way natively to send something to the trash without using a VB script or some third party utility. Yes you can physically move the files into the C:\$Recycle.Bin\<UsersSID> folder, but the files will not show up in Explorer and won’t be removed when you empty the trash that way.
Continue reading “Batch Script – Get User’s SID One-Liner”