Over the last year and a half I have developed several tools for use in my job. All the tools are written in AutoHotkey except two which are in AutoIT (I guess I need to rewrite those).
I help manage and troubleshoot several thousand PCs at work. Two of the tools I use regularly are pictured below. For those who may have similar type of work, let me know if you are interested in the code. I will need to make some variables more generic as far as defaults and domain names used. Let me know what you think.
DocWatch - a utility to watch for file changes on local and network shares, can be used to alert on Crypto malware activity and when someone is making massive changes to a lot of files in a short time. Sends visible alerts and emails to the administrator. The program runs in the background and comes visible when either malware named files are being created or a certain number of file changes are occurring per minute. It is highly configurable. I use it to monitor several network shares which may have well over 10,000 file changes per day. Embedded is DocWatch Reporter that allows user to view current or earlier log files and sort/select in many ways or export to Excel.
--------------------------------------------------------------------------------------------------
PC Dashboard - a utility that allows for multiple lists of PCs to be monitored for hung processes (uses Process Monitor on those PCs to generate logs). It also allows for lists of PCs to be created that you want to inventory or control in many different ways. It uses many Windows, Systernals and Nirsoft utilities behind the scenes. Users MUST have Domain Admin rights on their network for most of the commands to return information.
General Overview from the program:
The PC Dashboard is used for up to two list of Computers:
1) A list of computers that are being monitored for application problems - their associated Log files are displayed in a list. These computers must be running the Process Monitor application which creates and updates their Log file. Use the Inject Monitor option to copy Process Monitor and its shortcut to the user's PC so it will run the next time they log on.
2) A list of computers of your choice that you regularly work with or are helping other users with. These may be desktops, laptops, VDI terminals, servers and printers. But, very little information will be gathered unless the PC is a user desktop or laptop. VDI Terminals and Printers may be browsed to with Internet Explorer. Servers may be remote controlled via Bomgar, RDP and SCCM.
With both lists, each computer may be checked for Online status, Logged on user plus various other pieces of information. Any computer can be remote controlled, restarted, browsed, task listed, any task killed, and pinged. A password is required to restart any system. As a bonus function, you may reset a user's AD password and unlock their account with the Reset Password menu option. [If a computer has a Note associated with it then it will be checked. (Use Alt-N to create Notes)
These utilities are bundled with the PC Dashboard executable:
CSVFileView -> Log file viewer
PSlist -> Get PC Tasks
PSkill -> Kill PC Task
PSinfo -> Displaying PC Info and software
PSloggedon -> Get PC logged on user Info
SwithMail -> Generate email alerts
Process Monitor -> For injecting process monitor into another PC
IP_Scanner -> Allows users to enter a range of IPs and retrieve PC names to help create a List of PCs
Lockoutstatus -> Allows users retrieve Login info for selected user, unlock account, reset password
The program also uses the following commands and applications:
Net -> used to add/remove users as Administrators on a PC
ChkDsk -> Check Disk utility for use when disk errors are posted in a PC's System Event log
TaskKill -> Windows standard taskkill, has the option to kill all non responding apps
DsQuery -> used to retrieve user fullname, computer OU
DsMod, DsGet -> used to DsQuery to unlock an AD account and reset the user's password
WMIC -> Windows Machine Instrumentation Command line is used to retrieve PC Hardware Vendor, Model, RAM, BIOS Date
*CmRcViewer -> SCCM Remote Control Viewer, user must install
Mstsc -> Microsoft Remote Desktop
*Bomgar -> Bomgar Remote Control app, user must install
Over the last year and a half I have developed several tools for use in my job. All the tools are written in AutoHotkey except two which are in AutoIT (I guess I need to rewrite those).
I help manage and troubleshoot several thousand PCs at work. Two of the tools I use regularly are pictured below. For those who may have similar type of work, let me know if you are interested in the code. I will need to make some variables more generic as far as defaults and domain names used. Let me know what you think.
DocWatch - a utility to watch for file changes on local and network shares, can be used to alert on Crypto malware activity and when someone is making massive changes to a lot of files in a short time. Sends visible alerts and emails to the administrator. The program runs in the background and comes visible when either malware named files are being created or a certain number of file changes are occurring per minute. It is highly configurable. I use it to monitor several network shares which may have well over 10,000 file changes per day. Embedded is DocWatch Reporter that allows user to view current or earlier log files and sort/select in many ways or export to Excel.
[img]http://s355751075.onlinehome.us/wp-content/uploads/2016-12-31-DocWatch-Document-Changes-Monitor.png[/img]
[img]http://s355751075.onlinehome.us/wp-content/uploads/2016-12-31-Set-Watch-Parameters.png[/img]
--------------------------------------------------------------------------------------------------
PC Dashboard - a utility that allows for multiple lists of PCs to be monitored for hung processes (uses Process Monitor on those PCs to generate logs). It also allows for lists of PCs to be created that you want to inventory or control in many different ways. It uses many Windows, Systernals and Nirsoft utilities behind the scenes. Users MUST have Domain Admin rights on their network for most of the commands to return information.
[img]http://s355751075.onlinehome.us/wp-content/uploads/2016-12-31-PC-Dashboard-1.png[/img]
[img]http://s355751075.onlinehome.us/wp-content/uploads/2016-12-31-PC-Dashboard-2.png[/img]
[img]http://s355751075.onlinehome.us/wp-content/uploads/2016-12-31-PC-Dashboard-3.png[/img]
[img]http://s355751075.onlinehome.us/wp-content/uploads/2016-12-31-PC-Dashboard-4.png[/img]
General Overview from the program:
The PC Dashboard is used for up to two list of Computers:
1) A list of computers that are being monitored for application problems - their associated Log files are displayed in a list. These computers must be running the Process Monitor application which creates and updates their Log file. Use the Inject Monitor option to copy Process Monitor and its shortcut to the user's PC so it will run the next time they log on.
2) A list of computers of your choice that you regularly work with or are helping other users with. These may be desktops, laptops, VDI terminals, servers and printers. But, very little information will be gathered unless the PC is a user desktop or laptop. VDI Terminals and Printers may be browsed to with Internet Explorer. Servers may be remote controlled via Bomgar, RDP and SCCM.
With both lists, each computer may be checked for Online status, Logged on user plus various other pieces of information. Any computer can be remote controlled, restarted, browsed, task listed, any task killed, and pinged. A password is required to restart any system. As a bonus function, you may reset a user's AD password and unlock their account with the Reset Password menu option. [If a computer has a Note associated with it then it will be checked. (Use Alt-N to create Notes)
These utilities are bundled with the PC Dashboard executable:
CSVFileView -> Log file viewer
PSlist -> Get PC Tasks
PSkill -> Kill PC Task
PSinfo -> Displaying PC Info and software
PSloggedon -> Get PC logged on user Info
SwithMail -> Generate email alerts
Process Monitor -> For injecting process monitor into another PC
IP_Scanner -> Allows users to enter a range of IPs and retrieve PC names to help create a List of PCs
Lockoutstatus -> Allows users retrieve Login info for selected user, unlock account, reset password
The program also uses the following commands and applications:
Net -> used to add/remove users as Administrators on a PC
ChkDsk -> Check Disk utility for use when disk errors are posted in a PC's System Event log
TaskKill -> Windows standard taskkill, has the option to kill all non responding apps
DsQuery -> used to retrieve user fullname, computer OU
DsMod, DsGet -> used to DsQuery to unlock an AD account and reset the user's password
WMIC -> Windows Machine Instrumentation Command line is used to retrieve PC Hardware Vendor, Model, RAM, BIOS Date
*CmRcViewer -> SCCM Remote Control Viewer, user must install
Mstsc -> Microsoft Remote Desktop
*Bomgar -> Bomgar Remote Control app, user must install