I need to extract all the Event IDs with their tasks (or subcategory) for the Windows-Microsoft-Security-Auditing provider.
it works, via Powershell to extract all the Tasks with this command:
PS C:\WINDOWS\system32> (Get-WinEvent -listprovider "microsoft-windows-security-auditing").Tasks
Name Value DisplayName EventGuid
---- ----- ----------- ---------
SE_ADT_SYSTEM_SECURITYSTATECHANGE 12288 Security State Change 00000000-0000-0...
SE_ADT_SYSTEM_SECURITYSUBSYSTEMEXTENSION 12289 Security System Extension 00000000-0000-0...
SE_ADT_SYSTEM_INTEGRITY 12290 System Integrity 00000000-0000-0...
SE_ADT_SYSTEM_IPSECDRIVEREVENTS 12291 IPsec Driver 00000000-0000-0...
SE_ADT_SYSTEM_OTHERS 12292 Other System Events 00000000-0000-0...
SE_ADT_LOGON_LOGON 12544 Logon 00000000-0000-0...
SE_ADT_LOGON_LOGOFF 12545 Logoff 00000000-0000-0...
SE_ADT_LOGON_ACCOUNTLOCKOUT 12546 Account Lockout 00000000-0000-0...
SE_ADT_LOGON_IPSECMAINMODE 12547 IPsec Main Mode 00000000-0000-0...
I can also list an Event ID.
(Get-WinEvent -listprovider "microsoft-windows-security-auditing").events[100]
Id : 4734
Version : 0
LogLink : System.Diagnostics.Eventing.Reader.EventLogLink
Level : System.Diagnostics.Eventing.Reader.EventLevel
Opcode : System.Diagnostics.Eventing.Reader.EventOpcode
Task : System.Diagnostics.Eventing.Reader.EventTask
Keywords : {}
Template : <template xmlns="http://schemas.microsoft.com/win/2004/08/events">
<data name="TargetUserName" inType="win:UnicodeString" outType="xs:string"/>
<data name="TargetDomainName" inType="win:UnicodeString" outType="xs:string"/>
<data name="TargetSid" inType="win:SID" outType="xs:string"/>
<data name="SubjectUserSid" inType="win:SID" outType="xs:string"/>
<data name="SubjectUserName" inType="win:UnicodeString" outType="xs:string"/>
<data name="SubjectDomainName" inType="win:UnicodeString" outType="xs:string"/>
<data name="SubjectLogonId" inType="win:HexInt64" outType="win:HexInt64"/>
<data name="PrivilegeList" inType="win:UnicodeString" outType="xs:string"/>
</template>
Description : Un groupe local dont la sécurité est activée a été supprimé.
Sujet :
ID de sécurité : %4
Nom du compte : %5
Domaine du compte : %6
ID d’ouverture de session : %7
Groupe :
ID de sécurité : %3
Nom du groupe : %1
Domaine du groupe : %2
Informations supplémentaires :
Privilèges : %8
But when I ask for the Task of an EventID it always output 0
PS C:\WINDOWS\system32> (Get-WinEvent -listprovider "microsoft-windows-security-auditing").events[100].Task
Name Value DisplayName EventGuid
---- ----- ----------- ---------
0 00000000-0000-0000-0000-000000000000
Same problems with wevtutil MSDOS command :
wevtutil gp Microsoft-Windows-Security-Auditing /ge /gm:true
event:
value: 4615
version: 0
opcode: 0
channel: 10
level: 4
task: 0
keywords: 0x8000000000000000
message: Utilisation incorrecte du port LPC.
Sujet :
ID de sécurité : %1
Nom du compte : %2
Domaine du compte : %3
ID d’ouverture de session : %4
Informations sur le processus :
PID : %7
Nom : %8
Any help ? =D
Related
1. for example when i run "expo start" it shows the following message:
'expo' n’est pas reconnu en tant que commande interne
ou externe, un programme exécutable ou un fichier de commandes
2. My system variables are set to the following:
Path: C:\Windows\system32; C:\Windows ; C:\Windows\System32\Wbem ;
C:/Users/Microk/AppData/Roaming/npm; C:\Programmes\Nodejs;
C:\Programmes\Git;
pathtext:.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
windir: C:\Windows
3. My user variables are set to the following:
Path:c:\windows\system32; c:\windows ; c:\windows\system32\wbem; c:/Users/Microk/AppData/Roaming/npm; C:\Programmes\nodejs; C:\Programmes\Git;
pathtext:.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
windir: C:\Windows
the solution was to set my enviroment variables to the following:
1. user variables:
path:C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Programmes\Nodejs\node.js;C:\Programmes\Git;C:\Windows\System32;C:Wwindows;C:\Windows\System32\wbem;C:\Users\Microk\AppData\Roaming\npm;C:\Users\Microk\AppData\Roaming\npm\node_modules\expo-cli\bin;C:\Programmes\Git;C:\Program Files\nodejs
PATHEXT: %PATHEXT%;.RB;.RBW
node:C:\Programmes\nodejs\node.js
NODE_PATH:C:\Users\Microk\AppData\Roaming\npm\node_modules
2. System variables:
Path:C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Programmes\Nodejs\node.js;C:\Programmes\Git;
I was writting my first powershell script to get statistics about around 300 servers dispatched on 3 WSUS servers. There's an upstream and two downstream servers (one autonomous and one replica).
The powershell script is sent to the upstream server before execution with the help of an ansible playbook (using winrm connection).
The script simply parses two configured hosts (the upstream and the autonomous downstream) then calls the Get-WsusServer and subsequent routines to get the data i need.
When the powershell script is ran directly on the upstream host, all is fine, and the Get-WsusServer with the autonomous server works.
When the powershell script is ran by the ansible playbook, it fails with the following error when the Get-WsusServer routine calls the autnonomous downstream server :
"stderr_lines": [
"Get-WsusServer : The request failed with HTTP status 401: Unauthorized.",
"At D:\\Reports\\wsusreport.ps1:74 char:11",
"+ $wsus = Get-WsusServer -Name $wsusserver -PortNumber 8530",
"+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
" + CategoryInfo : InvalidData: (Microsoft.Updat...usServerCommand:GetWsusServerCommand) [Get-WsusServer], ",
" WebException",
" + FullyQualifiedErrorId : ServerIsInvalid,Microsoft.UpdateServices.Commands.GetWsusServerCommand",
" ",
"You cannot call a method on a null-valued expression.",
"At D:\\Reports\\wsusreport.ps1:80 char:3",
"+ $classifications=$wsus.GetUpdateClassifications() |",
"+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~",
" + CategoryInfo : InvalidOperation: (:) [], RuntimeException",
" + FullyQualifiedErrorId : InvokeMethodOnNull",
" ",
"Exception calling \"AddRange\" with \"1\" argument(s): \"Value cannot be null.",
"Parameter name: value\"",
I tried using a domain account, with local admin privileges, and also with local admin accounts. But i cant put the finger on what the problem really is.
And i cant manage to explain the behavior difference between the local execution which is successful, and the execution with the playbook which fails when calling Get-WsusServer against the autonomous downstream server.
Additional information :
The powershell script loop looks like :
$Target_WSUS_Server_host = "upstream", "downstream"
foreach ($domain in $Target_WSUS_Server_Host) {
Write-Host "Working on : $domain"
[void][reflection.assembly]::LoadWithPartialName('Microsoft.UpdateServices.Administration')
$wsus = Get-WsusServer -Name $domain -PortNumber 8530
# Scope initialization
$computerscope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerscope.IncludeDownstreamComputerTargets = 'true'
etc....
The ansible piece of playbook is quite basic and just plays the win_shell module after the script is copied. If i only query the upstream, the ansible play is 100% OK.
---
- name: wsus report generation
hosts: upstream
vars:
local_dir: "./data/"
local_script: "wsusreport.ps1"
remote_script_log: "wsusreport.log"
remote_dir: 'D:\Reports\'
script_log: "wsusreport.log"
yearmonth: "{{ lookup('pipe', 'date +%Y-%m') }}"
tasks:
- name: copy ps1 script to wsus server
tags:
- sendscript
win_copy:
src: "{{ local_dir }}/{{ local_script }}"
dest: "{{ remote_dir }}"
- name: execute script
tags:
- exescript
win_shell: "{{ remote_dir }}\\{{ local_script }} downstream {{ yearmonth }} > {{ remote_dir }}\\{{ remote_script_log }}"
The powershell script takes two parameters,
first one is a switch to determine if i want just the upstream data, the downstream data or both.
the second one is the time range i wanna retrieve, which defaults to current patch tuesday campaign.
Additionnal information
On the security event log, what happens when the script is dropped and called by ansible :
- There's a logon/logout events with those details :
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>2</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2020-01-03T15:44:11.016233500Z" />
<EventRecordID>3662170</EventRecordID>
<Correlation ActivityID="{1715CB99-B4FA-0001-A1CB-1517FAB4D501}" />
<Execution ProcessID="792" ThreadID="4316" />
<Channel>Security</Channel>
<Computer>*FQDN of the downstream server*</Computer>
<Security />
</System>
- <EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-5-7</Data>
<Data Name="TargetUserName">ANONYMOUS LOGON</Data> <===== /!\
<Data Name="TargetDomainName">NT AUTHORITY</Data>
<Data Name="TargetLogonId">0x13316e110</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp</Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">*Hostname of the upstream server*</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">NTLM V1</Data>
<Data Name="KeyLength">128</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">*IP Adress of the upstream server*</Data>
<Data Name="IpPort">55186</Data>
<Data Name="ImpersonationLevel">%%1833</Data>
<Data Name="RestrictedAdminMode">-</Data>
<Data Name="TargetOutboundUserName">-</Data>
<Data Name="TargetOutboundDomainName">-</Data>
<Data Name="VirtualAccount">%%1843</Data>
<Data Name="TargetLinkedLogonId">0x0</Data>
<Data Name="ElevatedToken">%%1843</Data>
</EventData>
</Event>
When the script is called directly on the upstream server, the logon process is far more verbose, and uses the local account which is the same between the two servers.
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>2</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2020-01-03T15:44:46.197671000Z" />
<EventRecordID>3662174</EventRecordID>
<Correlation ActivityID="{1715CB99-B4FA-0001-A1CB-1517FAB4D501}" />
<Execution ProcessID="792" ThreadID="5672" />
<Channel>Security</Channel>
<Computer>DOWNSTREAM_SERVER_FQDN</Computer>
<Security />
</System>
- <EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-5-21-910770422-2570656215-934337312-1006</Data>
<Data Name="TargetUserName">ACCOUNT_USED_ON_BOTH_SERVERS</Data> <====== OK !
<Data Name="TargetDomainName">DOWNSTREAM_SERVER_HOSTNAME</Data>
<Data Name="TargetLogonId">0x13319dcbb</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp</Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">UPSTREAM_SERVER_HOSTNAME</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">NTLM V2</Data>
<Data Name="KeyLength">128</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">UPSTREAM_SERVER_IP_ADDRESS</Data>
<Data Name="IpPort">55198</Data>
<Data Name="ImpersonationLevel">%%1833</Data>
<Data Name="RestrictedAdminMode">-</Data>
<Data Name="TargetOutboundUserName">-</Data>
<Data Name="TargetOutboundDomainName">-</Data>
<Data Name="VirtualAccount">%%1843</Data>
<Data Name="TargetLinkedLogonId">0x0</Data>
<Data Name="ElevatedToken">%%1842</Data>
</EventData>
</Event>
Ok,
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#authentication-options
https://docs.ansible.com/ansible/2.5/user_guide/become.html#become-and-windows
The ntlm method doesnt let you assume the correct grants of the account you are using to run a win_shell command or instruction.
I had to swap ntlm for kerberos and use become feature with runas method, and specify the exact same account i'm using for the winrm connection.
It is working.
I am working with scantailor-cli and I can't get any output images, only the creation of the project with the input images and also without respecting the configuration.
The sample bash script is:
#!/bin/bash
# Este script requiere: xsane, perl-rename, Scan Tailor
impresora="hpaio:/usb/Deskjet_F4400_series?serial=CN01BC111V05C5" # Nombre de la impresora: usar scanimage -L para ver los dispositivos disponibles
dpi=150 # DPI a usar
directorio_padre="scan" # Nombre de la carpeta donde se creará todo
nombre_proyecto="proyecto" # Nombre del proyecto de Scan Tailor
orientacion=left # Orientación para rotar las hojas en Scan Tailor; posibles: left, right, upsidedown y none
plantilla=2 # Tipo de proyecto en Scan Tailor; posibles: 0 (automático), 1 (una sola página), 1.5 (página y media) y 2 (dos páginas)
contenido=normal # Tipo de detención del contenido en Scan Tailor; posibles: cautious, normal y aggressive
margenes=10 # Cantidad de margen que se agregará en todos los lados en Scan Tailor
alineacion_vertical=center # Alienación vertical de los contenidos en Scant Tailor; posibles: top, center y bottom
alineacion_horizontal=center # Alienación horizontal de los contenidos en Scant Tailor; posibles: left, center y right
# Para obtener la ruta absoluta del repositorio; viene de http://stackoverflow.com/questions/59895/can-a-bash-script-tell-which-directory-it-is-stored-in
SCRIPT_PATH="${BASH_SOURCE[0]}";
if ([ -h "${SCRIPT_PATH}" ]) then
while([ -h "${SCRIPT_PATH}" ]) do SCRIPT_PATH=`readlink "${SCRIPT_PATH}"`; done
fi
pushd . > /dev/null
cd `dirname ${SCRIPT_PATH}` > /dev/null
SCRIPT_PATH=`pwd`;
popd > /dev/null
# Va a la carpeta donde está el script
echo "Yendo a «$SCRIPT_PATH»."
cd $SCRIPT_PATH
# Busca si ya existe un directorio con el nombre a utilizar; viene de https://stackoverflow.com/questions/59838/check-if-a-directory-exists-in-a-shell-script
if [ -d "$directorio_padre" ]; then
echo "ERROR: Ya existe el directorio con nombre «$directorio_padre»."
exit
fi
# Indica si se mencionó un número entero; viene de https://unix.stackexchange.com/questions/151654/checking-if-an-input-number-is-an-integer
if ! [[ "$1" =~ ^[0-9]+$ ]]; then
echo "ERROR: Un número entero es necesario para el número de páginas a escanear."
exit
fi
# Escaner con xsane
echo "Iniciando escaneando en nueva carpeta llamada «$directorio_padre»..."
mkdir $directorio_padre && cd $directorio_padre
mkdir originales && cd originales
echo "Escaneando portada a color..."
scanimage -d $impresora -v -p --resolution $dpi --format tiff > out0.tif
echo "Escaneando interiores en grises..."
scanimage -d $impresora -v -p --resolution $dpi --format tiff --mode Gray --batch --batch-start=1 --batch-count=$1
# Cambio de nombres con perl-rename
echo "Cambiando nombres de los archivos..."
perl-rename -v "s/out(\d\d\.tif)/p_0\1/" *.tif
perl-rename -v "s/out(\d\.tif)/p_00\1/" *.tif
# Postprocesamiento con Scan Tailor
cd ..
scantailor-cli -v --orientation=$orientacion --layout=$plantilla --deskew=auto --content-detection=$contenido --margins=$margenes --alignment-vertical=$alineacion_vertical --alignment-horizontal=$alineacion_horizontal --output-dpi=$dpi -o=$SCRIPT_PATH/$directorio_padre/$nombre_proyecto.ScanTailor $SCRIPT_PATH/$directorio_padre/originales $SCRIPT_PATH/$directorio_padre/scan-tailor
The Scan Tailor command in this script is: scantailor-cli -v --orientation=left --layout=2 --deskew=auto --content-detection=normal --margins=10 --alignment-vertical=center --alignment-horizontal=center --output-dpi=150 -o=path/to/proyecto.ScanTailor path/to/originales path/to/scan-tailor.
Is it possible to execute all the workflow with the cli interface?
I just had the same problem. As far as I understand the logic, this is currently (version 0.9.12.2-1, Arch community repo) a bug in the program (I now filed it here).
These are the steps called "filters":
Fix Orientation
Split Pages
Deskew
Select Content
Margins
Output
The default range claims to be 4..6 according to scantailor-cli -h but it really is 1..4 what you can see via -v. Hence you need to set --start-filter=4 --end-filter=6.
I'm using Microsoft Flow to store files from an FTP. I've three flows for different folders from the FTP which store each in the different containers.
For example:
ftp/folder A a blob/container A
ftp/folder B a blob/container B
ftp/folder C a blob/container C
Each folder from the ftp updates diary and uploads 3 files: summary (*.txt) , lookup data (*.tar.gz) and data file (*.tsv.gz).
But just one flow works as it has to, it means, upload the three files on the container. The others just upload only two files: summary and lookup data but not the data file. I don't know why the flow doesn't upload the data files.
Just to give you more information,
the size of the files are:
Folder A (flow don't work)
summary: 358 B
lookup data: 3.58 MB
data file: 2181 MB
Folder B (flow don't work)
summary: 341 B
lookup data: 3.59 MB
data file: 1135MB
Folder C (flow work)
summary: 339 B
lookup data: 3.55 MB
data file: 15.58 MB
Flow Design:
Folder A:
FTP- When a file is added or modified
ENTRADAS
Carpeta
/Folder A
Include file content
True
SALIDAS
Contenido del archivo
Datafeed-Manifest-Version: 1.0
Lookup-Files: 1
Data-Files: 1
Total-Records: 1374468
Lookup-File: folderA-fecha.tar.gz
MD5-Digest: ****
File-Size: 3775354
Data-File: folderA-fecha.tsv.gz
MD5-Digest: *****
File-Size: 152845674
Record-Count: 1374468
Nombre de archivo
folderA-fecha.txt
Ruta del archivo
/folderA-fecha/folderA-fecha.txt
Etiqueta de entidad de archivo
+++++
Tipo de contenido del archivo
text/plain
Blob Storage - Create Blob
ENTRADAS
Ruta de acceso de la carpeta
/folder A
Nombre del blob
folderA-fecha.txt
Contenido del blob
Datafeed-Manifest-Version: 1.0
Lookup-Files: 1
Data-Files: 1
Total-Records: 1374468
Lookup-File: folderA-fecha.tar.gz
MD5-Digest: ******
File-Size: 3775354
Data-File: folderA-fecha.tsv.gz
MD5-Digest: ******
File-Size: 152845674
Record-Count: 1374468
SALIDAS
Id
+++
Name
folderA-fecha.txt
DisplayName
folderA-fecha.txt
Path
/folderA/folderA-fecha.txt
LastModified
2017-02-10T07:01:56Z
Size
358
MediaType
text/plain
IsFolder
false
ETag
+++++
FileLocator
+++++
Folder B:
FTP- When a file is added or modified
ENTRADAS
Carpeta
/folderB
Include file content
True
SALIDAS
Contenido del archivo
Datafeed-Manifest-Version: 1.0
Lookup-Files: 1
Data-Files: 1
Total-Records: 614946
Lookup-File: folderB-fecha.tar.gz
MD5-Digest: ****
File-Size: 3774897
Data-File: folderB-fecha.tsv.gz
MD5-Digest: *****
File-Size: 88794131
Record-Count: 614946
Identificador de archivo
+++++
Nombre de archivo
folderB.txt
Ruta del archivo
/folderB/folderB-fecha.txt
Etiqueta de entidad de archivo
+++++
Tipo de contenido del archivo
text/plain
Blob Storage - Create Blob
ENTRADAS
Ruta de acceso de la carpeta
/folderB
Nombre del blob
folderB-fecha.txt
Contenido del blob
Datafeed-Manifest-Version: 1.0
Lookup-Files: 1
Data-Files: 1
Total-Records: 614946
Lookup-File: folderB-fecha.tar.gz
MD5-Digest: ******
File-Size: 3774897
Data-File: folderB-fecha.tsv.gz
MD5-Digest: *****
File-Size: 88794131
Record-Count: 614946
SALIDAS
Id
+++++
Name
folderB-fecha.txt
DisplayName
folderB-fecha.txt
Path
/folderB/folderB-fecha.txt
LastModified
2017-02-10T06:46:51Z
Size
341
MediaType
text/plain
IsFolder
false
ETag
+++++
FileLocator
+++++
Folder C:
FTP- When a file is added or modified
SALIDAS
Contenido del archivo
Datafeed-Manifest-Version: 1.0
Lookup-Files: 1
Data-Files: 1
Total-Records: 71323
Lookup-File: folderC-fecha.tar.gz
MD5-Digest: *******
File-Size: 3774936
Data-File: folderC-fecha.tsv.gz
MD5-Digest: *******
File-Size: 14724852
Record-Count: 71323
Nombre de archivo
folderC-fecha.txt
Ruta del archivo
/folder C/folderC-fecha.txt
Etiqueta de entidad de archivo
+++++
Tipo de contenido del archivo
text/plain
Blob Storage - Create Blob
ENTRADAS
Ruta de acceso de la carpeta
/folderC
Nombre del blob
folderC-fecha.txt
Contenido del blob
Datafeed-Manifest-Version: 1.0
Lookup-Files: 1
Data-Files: 1
Total-Records: 71323
Lookup-File: folderC-fecha.tar.gz
MD5-Digest: *****
File-Size: 3774936
Data-File: folcerC-fecha.tsv.gz
MD5-Digest: ****
File-Size: 14724852
Record-Count: 71323
SALIDAS
Id
++++++
Name
folderC-fecha.txt
DisplayName
folderC-fecha.txt
Path
/folderC/folderC-fecha.txt
LastModified
2017-02-10T06:20:05Z
Size
339
MediaType
text/plain
IsFolder
false
ETag
++++++
FileLocator
++++++
The maximum size of a file should be 50MB.
I'm looking to get computers names from my network, so i decided to use this following script :
for /L %%N in (1,1,10) do nslookup 132.147.160.%%N
PAUSE
With this command everything is displaying correctly on the command prompt.
But with this last one not so well :
for /L %%N in (1,1,256) do nslookup 132.147.160.%%N >nslookup.txt
PAUSE
First of all, the command prompt is displaying wrong things (there's a non-desired "1" added and i don't know why):
C:\Users\Toshiba\Desktop>nslookup 132.147.160.1 1>nslookup.txt
C:\Users\Toshiba\Desktop>nslookup 132.147.160.2 1>nslookup.txt
*** serveur1.mycompany.fr ne parvient pas à trouver 132.147.160.2 : Non-exi
stent domain
C:\Users\Toshiba\Desktop>nslookup 132.147.160.3 1>nslookup.txt
*** serveur1.mycompany.fr ne parvient pas à trouver 132.147.160.3 : Non-exi
stent domain
C:\Users\Toshiba\Desktop>nslookup 132.147.160.4 1>nslookup.txt
*** serveur1.mycompany.fr ne parvient pas à trouver 132.147.160.4 : Non-exi
stent domain
[ ... etc]
And also in nslookup.txt
i've got NO MORE THAN this output :
Serveur : serveur1.mycompany.fr
Address: 132.147.160.1
Nom : 132.147.160.256
Address: 60.200.60.100
Please, what am i doing wrong ?
Thank you
try this:
#ECHO OFF &SETLOCAL
for /L %%N in (1,1,10) do nslookup 132.147.160.%%N >>nslookup.txt 2>&1
TYPE nslookup.txt
To remove the error messages from nslookup.txt, simply delete 2>&1.