===== ULS-Agent for Windows =====

The WIN_TOOLS are the [[http://www.gnu.org/licenses/gpl.txt|GPLv3]]-based ULS-agent for the Windows operating system. 
It gathers inventory information and configuration settings 
as well as runtime metrics of the operating system 
and checking, with applied filters, the event log for new entries.

All resulting values are sent to the ULS-server for further monitoring and analysis.


==== Overview ====

The directories used in this description are examples only, 
use others as you like.

  * copy the WIN_TOOLS.zip to e.g. C:\ADMIN\WIN_TOOLS
  * extract WIN_TOOLS.zip
  * customize the *.conf files for the different WIN_TOOLS scripts
  * create the directory for temporary work value files for the WIN_TOOLS scripts
  * create the destination directory for ULS value files
  * create the scheduled task entries

The default directories are:

{|
| installation and execution directory of the WIN_TOOLS
| C:\ADMIN\WIN_TOOLS
|-
| temporary work value and log file directory
| C:\TEMP\WIN_TOOLS
|-
| destination directory for the generated ULS value files
| C:\TEMP\ULS
|}

-----

==== Download & Installation ====

Change to a directory of your choice or create one 
in which you want to put the WIN_TOOLS:

<code winbatch>
C:\> md C:\ADMIN\WIN_TOOLS
C:\> cd C:\ADMIN\WIN_TOOLS
</code>

**Download** the 
{{:uls:agents:win_tools:win_tools_2013-12-03.zip|current version of the WIN_TOOLS}}
to the just created directory and check the checksums.

You may need:
  * to use the fciv.exe from [[http://support.microsoft.com/kb/841290]]
  * or use an online service like [[http://onlinemd5.com|MD5 & SHA1 Hash Generator For File]]

<code winbatch>
C:\ADMIN\WIN_TOOLS> md5sum.exe WIN_TOOLS_*.zip
</code>

checksums for WIN_TOOLS_2013-12-03.zip:

  * md5: 7463FCC757EE51AD17B6ADA7E62CCC4E
  * sha1: FF3C8A62CEDBF9B8018B18351862391C482359CC
  * sha256: 01644C484905BB1B820FC94A42EF712208DB44B8C190E3F1FE64828A2AF237D2

<!-- use http://www.fileformat.info/tool/hash.htm or http://onlinemd5.com/ -->

Before unzipping, open the property page of the .zip and click the unblock button.
That should prevent the message:

''This file came from another computer and might be blocked to help protect this computer''

-----

==== Software Installation ====

Unpack the WIN_TOOLS*.zip into that directory. The password is "win_tools", 
it is only set to avoid the typical virus scanners to eliminate the 
zip-archive because of the contained .exe and .bat files.
You will find a list of files like (the output may differ slightly 
depending on the version/release date):

<code>
C:\ADMIN\WIN_TOOLS> dir
03.12.2013  12:22    <DIR>          .
03.12.2013  12:22    <DIR>          ..
03.12.2013  11:49               978 CHANGES.txt
06.12.2011  10:06            33.094 COPYING.txt
21.12.2011  18:29         1.472.512 libeay32.dll
03.12.2013  11:57               213 perf_counter_categories.bat
30.10.2012  14:14             7.337 perf_counter_categories.ps1
22.11.2013  09:55            81.549 send2uls.exe
21.12.2011  18:29           303.616 ssleay32.dll
30.10.2012  12:02               254 win_eventlog.bat
25.11.2013  10:52             8.796 win_eventlog.conf
03.12.2013  11:47            33.088 win_eventlog.ps1
18.09.2012  14:33               127 win_inventory.bat
22.02.2013  15:43            18.844 win_inventory.ps1
29.11.2013  10:26            13.386 win_misc.ps1
06.03.2013  15:00               232 win_watch.bat
03.12.2013  11:59             5.056 win_watch.conf
03.12.2013  11:47            49.719 win_watch.ps1
              16 Datei(en),      2.028.801 Bytes
</code>

There is a calling .bat file for each powershell script and 
the main scripts got configuration files.

Check your execution policy of the W*ndows machine:

<code>
c:\> powershell Get-ExecutionPolicy
</code>

"RemoteSigned" or even "Unrestricted" will allow you to execute the 
powershell scripts. With a "Restricted" execution policy you will not 
be able to execute the powershell scripts. Change it to:

<code>
c:\> powershell Set-ExecutionPolicy RemoteSigned
</code>

:!: Alternatively, you can use the command line parameter ''-executionpolicy bypass''
<code>
c:\> powershell.exe -executionpolicy bypass -File <script.ps1> <arguments>
</code>
when starting the win_watch powershell script.

-----

==== What You Get ====

You get scripts to check the state and performance of a running W*ndows computer, 
as well as event log checking with filtering and gathering of inventory information.

  * [[uls:agents:win_tools:win_watch]]: gathers W*ndows performance metrics and status information
  * [[uls:agents:win_tools:win_eventlog]]: searches all or selectable event logs
  * [[uls:agents:win_tools:win_inventory]]: collects inventory information
  * [[uls:agents:win_tools:send2uls]]: transfers files in [[uls:agents:value_file_format]] to the ULS-server
  * [[uls:agents:win_tools:perf_counter_categories]]: compiles all existing performance counter categories of a W*ndows computer