Ping with a script

I was asked to make a script for monitoring and troubleshooting a network with communication issues. A script that would continuously ping a host server and write the timeouts to a file. I cannot script on my own though, so I went for professor Google, and I found something I want to keep for the future.

Salmon Trout posted it here

I’ll be posting 3 variants of the script, and for the below examples of the output files I have used two virtual servers. One has the IP address 192.168.1.101, which I am pinging from, and the other 192.168.1.105, which I am pinging to. I simply disabled the NIC on 192.168.1.105 to simulate timeouts.

Script 1

This script will continuously ping an end device, and will output every successful and not successful reply to a file.

hostIp      = wscript.arguments(0)
logfilename = wscript.arguments(1)
Set fso     = CreateObject(“Scripting.FileSystemObject”)
Set Shell   = CreateObject(“Wscript.Shell”)
Set logfile = fso.OpenTextFile(logfilename, 8, True)
shellstring = “%comspec% /c ping -t ” & hostIP
Set oExec   = Shell.Exec(shellstring)
wscript.echo “Ping Error log With Timestamp – Ctrl + C to halt”
Do While oExec.StdOut.AtEndOfStream <> True
        pingline = Date & ” ” & Time & ” ” & oExec.StdOut.ReadLine
        If Not InStr(pingline, “TTL=”) Then
            logfile.WriteLine(pingline)
        End If
Loop

Example:

24-01-2017 18:17:11
24-01-2017 18:17:11 Pinging 192.168.1.105 with 32 bytes of data:
24-01-2017 18:17:11 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:12 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:13 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:14 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:15 Request timed out.
24-01-2017 18:17:16 Request timed out.
24-01-2017 18:17:17 Request timed out.
24-01-2017 18:17:18 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:19 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:20 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:21 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:17:22 Ping statistics for 192.168.1.105:
24-01-2017 18:17:23     Packets: Sent = 26, Received = 23, Lost = 3 (11% loss),
24-01-2017 18:17:28 Approximate round trip times in milli-seconds:
24-01-2017 18:17:33     Minimum = 0ms, Maximum = 0ms, Average = 0ms
24-01-2017 18:17:38 Control-C

Script 2

This script will continuously ping an end device, and will output only failed replies to a text file. This will conserve disk space.

hostIp      = wscript.arguments(0)
logfilename = wscript.arguments(1)
Set fso     = CreateObject(“Scripting.FileSystemObject”)
Set Shell   = CreateObject(“Wscript.Shell”)
‘ OpenTextFile Method requires a Const value
‘ (Over)Write = 2  Append = 8   
Set logfile = fso.OpenTextFile(logfilename, 8, True)
shellstring = “%comspec% /c ping -t ” & hostIP
Set oExec   = Shell.Exec(shellstring)
wscript.echo “Ping Error log With Timestamp – Ctrl + C to halt”
Do While oExec.StdOut.AtEndOfStream <> True
      pingline = Date & ” ” & Time & ” ” & oExec.StdOut.ReadLine
      If InStr(pingline, “TTL=”) = 0 Then
         logfile.WriteLine(pingline)
      End If
Loop

Example:

24-01-2017 18:29:44
24-01-2017 18:29:44 Pinging 192.168.1.105 with 32 bytes of data:
24-01-2017 18:30:03 Request timed out.
24-01-2017 18:30:08 Request timed out.
24-01-2017 18:30:13 Request timed out.
24-01-2017 18:30:23
24-01-2017 18:30:23 Ping statistics for 192.168.1.105:
24-01-2017 18:30:23     Packets: Sent = 27, Received = 24, Lost = 3 (11% loss),
24-01-2017 18:30:23 Approximate round trip times in milli-seconds:
24-01-2017 18:30:23     Minimum = 0ms, Maximum = 0ms, Average = 0ms
24-01-2017 18:30:23 Control-C

Script 3

This script will continuously ping an end device, and will output all failed replies, and successful replies once every minute. This will conserve disk space.

hostIp      = wscript.arguments(0)
logfilename = wscript.arguments(1)
Set fso     = CreateObject(“Scripting.FileSystemObject”)
Set Shell   = CreateObject(“Wscript.Shell”)
‘ OpenTextFile Method requires a Const value
‘ (Over)Write = 2  Append = 8   
Set logfile = fso.OpenTextFile(logfilename, 8, True)
dateminuteOLD = “xx”
dateminuteNEW = “xx”
shellstring = “%comspec% /c ping -t ” & hostIP
Set oExec   = Shell.Exec(shellstring)
wscript.echo “Ping Error log With Timestamp – Ctrl + C to halt”
Do While oExec.StdOut.AtEndOfStream <> True
      pingline = Date & ” ” & Time & ” ” & oExec.StdOut.ReadLine
      If InStr(pingline, “TTL=”) = 0 Then
         logfile.WriteLine(pingline)
      End If
pingline = Date & ” ” & Time & ” ” & oExec.StdOut.ReadLine
dateminuteNEW = left(pingline, 16)

    if dateminuteNEW <> dateminuteOLD then
        logfile.WriteLine(pingline)
    End if
dateminuteOLD = dateminuteNEW

Loop

Example:

24-01-2017 13:30:31
24-01-2017 13:30:31 Pinging 192.168.1.105 with 32 bytes of data:
24-01-2017 13:31:00 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 13:31:08 Ping statistics for 192.168.1.105:
24-01-2017 13:31:08 Approximate round trip times in milli-seconds:
24-01-2017 13:31:08 Control-C
24-01-2017 18:32:52
24-01-2017 18:32:52 Pinging 192.168.1.105 with 32 bytes of data:
24-01-2017 18:33:00 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:34:01 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:35:00 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:35:49 Request timed out.
24-01-2017 18:35:59 Request timed out.
24-01-2017 18:36:02 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:37:01 Reply from 192.168.1.105: bytes=32 time<1ms TTL=128
24-01-2017 18:37:39
24-01-2017 18:37:39     Packets: Sent = 270, Received = 267, Lost = 3 (1% loss),
24-01-2017 18:37:39     Minimum = 0ms, Maximum = 2647ms, Average = 9ms

How to use the script

Copy the script content into notepad, and save it as pingtest3.vbs in a folder eg. c:\Pingtest

Open Notepad and type c:\windows\system32\cscript.exe C:\Pingtest\pingtest3.vbs 192.168.1.105 pingtest3.txt into the file, and then save it as Scriptcall3.bat in the same folder as the script. It is in this argument you define the name of the output file and which host you want to ping, and not in the script itself.

Now, simply execute Scriptcall3.bat to run the script.

How to configure DHCP in Cisco IOS

Switch(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.50
Switch(config)#ip dhcp pool Marketing
Switch(dhcp-config)#network 192.168.1.0 255.255.255.0
Switch(dhcp-config)#default-router 192.168.1.1
Switch(dhcp-config)#dns-server 192.168.1.5
Switch(dhcp-config)#exit
Switch(config)#

You have to know the network and its mask, and then start by excluding a desired IP range from the scope (if any). Remember to assign the default router and DNS if any exists.

It is possible to forward DHCP requests to other networks if you have a router. Here is how you configure DHCP relay on a router’s interface:

 

 

How to configure GPO Security Filtering

So I have spend quite a few hours researching the GPO Security Filtering, and followed a good bunch of reliable sources in my attempt to get it to work properly. None of the sources made it work, and some of them were:

• http://xtravirt.com/configuring-group-policy-security-filtering-2/blog
• https://technet.microsoft.com/en-us/library/cc752992(v=ws.11).aspx
• https://www.youtube.com/watch?v=CWqYCHth0mg
• https://www.petri.com/forums/forum/microsoft-networking-services/gpo/64348-security-filtering-on-gpo
• https://www.youtube.com/watch?v=1zmuOfxHM14
• https://community.spiceworks.com/topic/1138273-windows-2012-r2-gpo-security-filtering-not-working
• https://community.spiceworks.com/topic/1695019-gpo-security-filtering-not-working-when-assigned-to-ad-groups

Purpose of the Security Filtering

I applied a GPO to an OU with a handful of users, but I wanted the GPO to target only a subset of the users in the OU. So I wanted the GPO to target a group, where user members of that group would have the GPO applied.

How Security Filtering works

But a GPO does not process a Security Group. It process users and computers, but Security Filtering allows me to “scope” the GPO so that it applies only to members of the security group.

How to configure Security Filtering on a Security Group

For this test I used Server 2012 R2 domain controller, and two Windows 10 Pro each joined to the domain.

1. Create an OU with user accounts inside.
2. Create a Security Group and make the users you wish to be targeted by the GPO member of it. It does not matter if the Security Group is inside the OU or not. It can be anywhere in the domain, as long as the users themselves are in the OU.
3. Create a GPO and link it to the new OU (right-click OU and select “Create a GPO in this domain, and link it here”.)
4. Edit the GPO and make the desired changes. In this example I am going to Prohibit access to the control panel in User Configuration > Policies > Administrative Templates > Control Panel, and then enable Prohibit access to Control Panel and PC settings.
5. Now, in the gpmc.exe of the new GPO go to the Delegation tab and press Advanced.
6. Select Authenticated Users and remove Apply Group Policy, while still allowing Read. Authenticated Users consists of both users and computers, and the GPO is processed by both even though it is only a user configuration policy.
7. Add the security group to the list and allow Read and Apply Group Policy, and then verify that the Security Group with the user members you wish to be targeted by the GPO is in the Security Filtering of the Scope tab.
8. Next, reboot the target computer and login.
9. Sign out and sign in.

Step 8 and 9 had me confused since I thought a gpupdate /force in an elavated command prompt on the target computer would be enough. For this specific GPO setting though, I did 50+ tests to confirm even a reboot was not enough. I had to actually reboot + sign in, and then sign out and sign back in. I could also sign out and sign in, and then reboot and sign in… And then it’d work. No other constellation, with or without gpupdate /force worked for me. Gpupdate /force did nothing.

So I learned that gpupdate /force is not always reliable, and some GPO settings will need a reboot and “re-logins”…. Thanks Bill Gates..

So, having done this right I can now move domain members in and out of the security group based on whether I’d like the GPO applied to them or not. Just make sure all users are within the OU that has the GPO linked.

Example: If I wanted to make a new user Mark Anderson targeted by the GPO, I would then move him to the respective OU, join him to the Security Group, reboot the domain computer, sign into the computer as Mark, sign back out, sign back in as Mark again, and then it would work.

Pictures here: