Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
By Bryan Keadle
If you have taken the time to develop a standard load (and perhaps, even, a single, works-on-anything base image), you know the advantages of managing a standard load. You are able to have a consistent operating system environment, that is pre-configured with your standard applications, performance and useability tweaks implemented, and have "on-board" utilities that make using or supporting your load that much easier. Additionally, the consistency and standardization makes it easier to provide documentation and training for your end-users.
It also makes supporting and troubleshooting a lot easier, since you know what is "normal" (or standardized) and anything that deviates from your standard load is suspect to be the cause of the issue you're having to remedy.
One tool I previously posted, ServiceDescriptions.exe, provides you a method for identifying Windows services that have either been added, changed startup type, or are not in the running state that they should be.
Here is another tool that let's you easily identify applications that have been added to the Add/Remove Items list that are not part of your standard load.
For example, here's a Add/Remove Programs list from a Windows 2000 machine:
You're probably accustomed to having to scroll through this list and try to pick out the applications that don't belong. Wouldn't it be nice to be able to filter this list, to show all items *NOT* part of your standard load? So, instead of the list you see above, you can open the Add/Remove Programs applet and see this instead?
This is what HideAddRemoveItems.exe will do for you. Simply run this program against your standard load, and generate a list of your "approved" programs that should be hidden:
Select from this list the items that you want to HIDE from the Add/Remove List...that is, are part of your standard load.
This will then hide these selected items from the Add/Remove Programs list, and create a list file of these selected items. This list file is useful for "applying" against other machines to hide the same standard applications.
NOTE: Some items may be listed more than once. This is because there is more than one reference in the registry related to the installed item that the Add/Remove Programs applet will recognize.
With your standard applications now hidden, not only is it easier to identify added, non-standard programs (if you actually allow applications to be installed on the workstation by the user), but it also prevents the user from modifying or removing your standard applications through this interface.
But, what if you need to reveal these standard applications so that you, as the support person, do have the ability to uninstall or modify the installed application? Simply run:
HideAddRemoveItems SHOW ALL
And all the previously hidden items will be revealed. When you're done, simply re-run the program, specifying the list file containing your standard load programs, and they will be hidden once again:
HideAddRemoteItems HIDE F:\PUBLIC\StdLoadApps.lst
When it comes time to troubleshoot a mis-behaving computer, you often want (or need) to identify "what's changed" to help you identify what the issue might be. Having tools like this hopefully will help you reduce your time to resolution, and perhaps provide another measure of security to hide from the end user what they don't need to be messing with while still giving you, the support person, a way to provide the quality support you want to provide...easily.
(This is tested and known to work for Win2K and WinXP)
SYNTAX:
HideAddRemoveItems (HIDE | SHOW) (ListFile | ALL) (QUIET)
SHOW - Reveal Add/Remove Program items previously hidden
ListFile - Full path and filename to a list file containing items to hide
If a list file is specified, the items contained in the list file
that are in the local worksation's Add/Remove Programs list will
be hidden.
A list file is generated in the %TEMP% directory each time
the program is run without a ListFile specified:
ALL - HIDE (or SHOW) ALL Items
QUIET - No Done message boxes
If ListFile or ALL is not specified, you will be prompted with a list
of Add/Remove Program items that you want to either HIDE or SHOW,
depending on which option you specified.
EXAMPLES: