A Quick Way to Manage Multiple Amazon AWS Accounts

I’m often switching between different Amazon AWS accounts. So to speed things along I’ve set up some simple scripts to easily switch between accounts while at the command line

On Linux (aws_setup):

<code>#!/bin/bash
export EC2_URL=https://eu-west-1.ec2.amazonaws.com
export EC2_CERT=/home/john/cert-12345678901234567890123456789012.pem
export EC2_PRIVATE_KEY=/home/john/pk-12345678901234567890123456789012.pem</code>

Once saved, run chmod +x aws_setup
On Windows (aws_setup.cmd):

<code>SET EC2_URL=https://eu-west-1.ec2.amazonaws.com
SET EC2_CERT=C:\Users\John\cert-12345678901234567890123456789012.pem
SET EC2_PRIVATE_KEY=C:\Users\John\pk-12345678901234567890123456789012.pem</code>

Save as many files with the paths to your various AWS key pairs, and simply run the script from within a terminal before using the ec2 tools.

NOTE, when you run the scripts on Linux (and I guess Macs), add an extra dot before you run it. This will allow the environment variable to persist when the script ends.

<code>. ./aws_setup</code>

Prevent Windows from Reinstalling Group Policy Programs

While Group Policy software distribution is a quick and easy way to get software around a network, it isn’t without its problems. One such problem is when a computer is attached to a new domain. If your software distribution is the same, Windows will still reinstall the MSI packages.

The simplest way is to join export a registry key from a computer that is currently joined to the new domain, and then import it into the new system.

And here it is:

<code>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt</code>

Remove Network Printers from Users Before they Log On

Dos Batch FileI had a little trouble with an HP Printer driver that was causing the Vista PCs to hang at logon.

Without going into the specifics of the problem (which comes down to poor HP drivers), I needed a way to ensure that the driver wouldn’t be active the next time that a user logged onto a computer.

A bit of quick thinking, and I quickly knocked up this command, that will enumerate all users in a folder and make the appropriate change while they are offline. Hurrah!

<code>for /D %D in (\\domain.local\users\*.*) DO (
  reg load HKU\UserLoad %D\profile.V2\ntuser.dat
  reg delete "HKU\UserLoad\Printers\Connections\,,domainsrv1,Suite Mono Printer" /f
  reg delete "HKU\UserLoad\Printers\Connections\,,domainsrv1,Suite Colour Printer" /f
  reg unload HKU\UserLoad
)</code>

This assumes that all of your users live in \\domain.local\users and that you are cleaning up vista profiles. Needless to say, you’d probably want to adjust this if you need to do something similar.

Uninstall Ranger from a Computer without the RangerRemove User

Dos Batch FileSometimes it might be necessary to remove Sentinel’s Ranger software from a computer with the minimum of fuss. Even though there is a removal user account. For instance, this may not work.

So here’s a handy script to automitcally disable Ranger on a workstation. This returns some Windows settings back to normal and backs up the Ranger computer info. Just save the code as DeRanger.cmd and run it on any machine that you want to uninstall Ranger.

If you’re having trouble logging into a workstation, either logon as a local administrator or use the Task Manager to stop rgrUIniut.exe in the Processes tab.

DeRanger.cmd

<code>
@echo off

::Stop ranger services
Net Stop ClntCMan
Net Stop SecMon
Net Stop RMNETMON
Net Stop RMNetworkMonitorService

::Remove ranger from winlogon and reset Windows Shell
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v UserInit /t REG_SZ /f /d C:\WINDOWS\system32\userinit.exe
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /f /d Explorer.exe

::Disable ranger services
reg add "HKLM\SYSTEM\CurrentControlSet\Services\ClntCMan" /v Start /t REG_DWORD /f /d 4
reg add "HKLM\SYSTEM\CurrentControlSet\Services\SecMon" /v Start /t REG_DWORD /f /d 4
reg add "HKLM\SYSTEM\CurrentControlSet\Services\RMNETMON" /v Start /t REG_DWORD /f /d 4
reg add "HKLM\SYSTEM\CurrentControlSet\Services\RMNetworkMonitorService" /v Start /t REG_DWORD /f /d 4

::Rename Ranger Registry
reg copy "HKLM\SOFTWARE\Hyperion Security Software" "HKLM\SOFTWARE\Hyperion Security Software_backup" /s /f
reg delete "HKLM\SOFTWARE\Hyperion Security Software" /f

::Rename Rnager Installation Folder
rename "%programfiles%\Ranger" Ranger_

::Now restart
shutdown -f -r -t 0</code>

Adding Printers will Hang a Vista Logon to a Domain

When you’re setting up a Windows Vista system on your network for the first time, you might find that adding printers becomes an issue because the UAC prompt appears.

Unfortunately, if you do this with a logon script – then the logon will hang until the script timeout expires. Worse still, if you’re using Group Policy Preferences to set up the printer it will cause the logon to hang indefinitely.

If you’re experiencing this problem – then you need to make sure that the Trusted Printer settings are either configured correctly, or disabled so that printer installation behaves as it would in previous versions of Windows such as 2000 and XP.

Firstly, you’ll need to open the Group Policy Management console, and navigate to the OU which contains the user accounts that are likely to add printers and edit the policy.

Open User Settings >Administrative Templates > Control Panel > Printers.

To prevent Vista from ever prompting to install the printer drivers, simply disable the Point and Print Restrictions setting. If you need to control where printers can be installed from then you need to edit the Approved Servers setting instead.

If you’ve used group policy preferences, make sure that you’ve set the Run in logged-on user’s security context option.

Once configured, you should be able to log on with a user account that automatically adds the printer without a hitch.