MPS Reports

[gosh]

MPS Reports

MPS Reports are Microsoft Product Support reports. It is a tool used by Microsoft Support to gather more information about a problem computer. Typically MS support would have customer run the file, then email the resultant cab back to support. Then MS support would look through the cab for anything that might be related to the problem. MPS reports is also good when a new version of windows is launched to be able to find a bug.

You can download MPS reports at microsoft download center

http://www.microsoft.com/downloads/details...;DisplayLang=en

Anytime a friend of mine has a computer problem i have him run this and send me the cab file. MPS reports doesn't include any passwords so it's harmless to send to people. Typically i would use MPS reports to see what is hooking into the explorer process, look at event viewer logs, and to get a general idea what software they are running.

What mps reports is is basically a batch file that runs a bunch of command line tools and saves all output in a .cab file. These tools are very handy to have! Some might not be public.

Download MPS reports and open it using winrar (right click on it > open with winrar) to see the command line files. Since the files can be redirected theyre great for scripting.

Tools included

Choice.exe

Prompts user to make a choice, yes or no

clusmps.exe

Clusmps.exe --------- Created By Shon Hauck

Utility to parse the cluster configuration and generate a detailed report.

In order for this utility to work properly the cluster hive must be loaded under,

HKLM as Cluster. Example, HKLM\Cluster

The Cluster Reporting Tool will create a file called <ComputerName>_CLUSTER_MPS_INFORMATION.TXT

The Computer Name is the local computer name on the server the utility is to be run.

Example, (If the tool is going to be run on this system the file name will be:

%computername%_CLUSTER_MPS_INFORMATION.TXT

Usage: (Switches can be placed in any order.)

=============================================

Clusmps.exe [/P:[Target Path]] [/G] [/D]

/P Is the target location for the Report File

/G Will add a GUID to Resource Name Table in the report

/S Will dump out a list of all users for the privilages cluster needs to operate

Example:

Clusmps.exe "/P:C:\Report Folders\Cluster" /G /S

NOTE: Do not include a \ at the end of your path. Follow the example above

diskmap.exe

Usage:

diskmap.exe /d<drive#> [/h]

/d<drive#> 'drive#' is the number of the physical drive

to be checked. (Must be specified.)

/h Hexidecimal output. (default is decimal)

dumpel.exe

DUMPEL Usage:

dumpel -f file [-s \\server] [-l log [-m source]] [-e n1 n2 n3..] [-r] [-t] [-d

x]

-d <days> Filters for event last days (number larger than zero)

-e nn Filters for event id nn (up to 10 may be specified)

-f <filename> Output filename (default stdout)

-l <name> Dumps the specified log (system, application, security)

-b Dumps a backup file (use -l to specify file name)

-m <name> Filters for events logged by name

-r Filters out events logged by name (must use -m too)

-s <servername> Remote to servername

-t Use tab to separate strings (default is space)

-c Use comma to separate fields

-ns Do not output strings

-format <fmt> Specify output format. Default format is

dtTCISucs

where

t - time

d - date

T - event type

C - event category

I - event ID

S - event source

u - user

c - computer

s - strings

DumpEVT.exe

Microsoft ® Windows NT DumpEVT

Usage: J:\Flats\Microsoft\Tools\MPS Reports\MPSRPT_PFE\bin\DumpEVT.exe PathtoStoreFiles

-c (Optional Parameter to Clear Event Logs after Backup is done)

-s (Optional Parameter to Skip Backing up the Eventlog

specified. Can use more then once.)

Example:

Dumpevt d:\ -c -s Security -s Application

This will dump all event logs except Security and Application

It will also Clear the event log that it does backup, and no others.

fltrfind.exe

Displays a list of filters that are installed in Windows

FLTRFIND [/K:KeyName] [/?]

/K: Search a ControlSet other that CurrentControlSet

Keyname Must contain the full path to a valid ControlSet registry key

i.e. system\ControlSet001 or test\ControlSet002

/? Displays this help screen

htdump.exe

C:\Data\Users\Administrator>"J:\Flats\Microsoft\Tools\MPSReports\MPSRT_PFE\bin\htdump.exe" /?

Processors are not hyperthreading capable

A physical processor exposes logical processor(s): 0

A physical processor exposes logical processor(s): 1

System has 2 logical processors exposed by 2 physical processors

netdom.exe

\netdom.exe" /?

The syntax of this command is:

NETDOM HELP command

-or-

NETDOM command /help

Commands available are:

NETDOM ADD NETDOM RESETPWD NETDOM RESET

NETDOM COMPUTERNAME NETDOM QUERY NETDOM TRUST

NETDOM HELP NETDOM REMOVE NETDOM VERIFY

NETDOM JOIN NETDOM MOVENT4BDC

NETDOM MOVE NETDOM RENAMECOMPUTER

NETDOM HELP SYNTAX explains how to read NET HELP syntax lines.

NETDOM HELP command | MORE displays Help one screen at a time.

Note that verbose output can be specified by including /VERBOSE with

any of the above netdom commands.

The command completed successfully.

OEMInBox.exe

SYNTAX: J:\Flats\Microsoft\Tools\MPSReports\MPSRPT_PFE\bin\OEMInBox.exe [<ServerName>] [-v]

<ServerName> : Machine name (OPTIONAL)

-v : Verbose mode (OPTIONAL)

rpcdump.exe

RPCDump:Rpc endpoint diagnostic utility.

/S Name of server to interogate.(Defaults to local if not specified)

/V Verbose Mode.

/I Ping all registered endpoints.

/P Protocol:(default ncacn_ip_tcp)

ncacn_np (Connection-oriented named pipes)

ncacn_mq (Datagram (connectionless) over the Microsoft Message Queue Server)

ncadg_ipx (Datagram (connectionless) IPX)

ncacn_spx (Connection-oriented SPX)

ncacn_http (Connection-oriented TCP/IP using Microsoft Internet Information Server as HTTP proxy.)

ncacn_nb_nb (Connection-oriented NetBEUI)

ncacn_nb_tcp (Connection-oriented NetBIOS over TCP)

ncacn_nb_ipx (Connection-oriented NetBIOS over IPX)

ncacn_ip_tcp (Connection-oriented TCP/IP)

ncacn_at_dsp (AppleTalk DSP)

ncadg_ip_udp (Datagram (connectionless) UDP/IP)

ncacn_vns_spp (Connection-oriented Vines SPP transport)

ncacn_dnet_nsp (Connection-oriented DECnet transport)

ncacn_nb_xns (Connection-oriented XNS)

e.g. rpcdump /s foo /v /i

secinspect.exe

0001.030

Sector Inspector Copyright Microsoft Corporation 2004

===========================================================================

Command Line Help

===========================================================================

Display Help Screen

SECINSPECT.EXE -h

SECINSPECT.EXE -?

Generate a standard report that includes a complete hex dump.

SECINSPECT.EXE

Generate Report with no no hex dump information.

SECINSPECT.EXE -n

Dump a sector range using 64 bit LBN.

SECINSPECT.EXE -dsec DeviceName LBN NumberOfSectors

Example: SECINSPECT.EXE -dsec \\.\c: 63 2

Dump a sector range using Cylinder, Head, Sector notation.

SECINSPECT.EXE -dchs PhysicalDrive C/H/S NumberOfSectors

Example: SECINSPECT.EXE -dchs PhysicalDrive0 5/121/12 30

Dump a file in hex.

showpriv.exe

Displays the trustees assigned to a privilege (user right).

© 1999 Microsoft Corporation.

Usage: showpriv <privilegename>

where <privilegename> is a valid Windows NT privilege string.

Example: showpriv SeSecurityPrivilege

Privileges:

SeCreateTokenPrivilege SeAssignPrimaryTokenPrivilege

SeLockMemoryPrivilege SeIncreaseQuotaPrivilege

SeMachineAccountPrivilege SeTcbPrivilege

SeSecurityPrivilege SeTakeOwnershipPrivilege

SeLoadDriverPrivilege SeSystemProfilePrivilege

SeSystemtimePrivilege SeProfileSingleProcessPrivilege

SeIncreaseBasePriorityPrivilege SeCreatePagefilePrivilege

SeCreatePermanentPrivilege SeBackupPrivilege

SeRestorePrivilege SeShutdownPrivilege

SeDebugPrivilege SeAuditPrivilege

SeSystemEnvironmentPrivilege SeChangeNotifyPrivilege

SeRemoteShutdownPrivilege SeUndockPrivilege

SeSyncAgentPrivilege SeEnableDelegationPrivilege

SubInACL.exe

SubInAcl version

USAGE

-----

Usage : SubInAcl [/view_mode] [/test_mode] [/output=FileName] /object_type object_name

[/action[=parameter] [/action[=parameter]]...

/view_mode :

/noverbose /verbose (default=/verbose=2)

/verbose=1 /verbose=2

/test_mode :

/notestmode (default=/notestmode) /testmode

/object_type :

/service /keyreg /subkeyreg

/file /subdirectories /share

/clustershare /kernelobject /metabase

/printer /onlyfile

/action :

/display(default)

/setowner=owner

/replace=[DomainName\]OldAccount=[DomainName\]New_Account

/changedomain=OldDomainName=NewDomainName

/migratetodomain=SourceDomain=DestDomain

/findsid=[DomainName\]Account[=stop]

/suppresssid=[DomainName\]Account

/confirm

/ifchangecontinue

/cleandeletedsidsfrom=DomainName

/testmode

/accesscheck=[DomainName\]Username

/setprimarygroup=[DomainName\]Group

/grant=[DomainName\]Username[=Access]

/deny=[DomainName\]Username[=Access]

/revoke=[DomainName\]Username

Usage : SubInAcl [/view_mode] /playfile file_name

Usage : SubInAcl /help [keyword]

SubInacl /help /full

keyword can be :

features usage syntax sids view_mode test_mode object_type

domain_migration substitution_features editing_features

- or -

any [/action] [/object_type]

Other tools Included

Checksym.exe

dcdiag.exe

devon.exe

dmdiag.exe

dosdev.exe

gpotool.exe

gpresult.exe

memsnap.exe

netdiag.exe

pstat.exe

qfecheck.exe

repadmin.exe

tlist.exe

whoami.exe

UnsgnDrv.exe

-gosh

[cluberti]

Note that these are not going to be updated for Vista / Server 2008, and most tools in the MPS Report package do not work properly on these platforms. Microsoft has moved to a tool called MSDT, which is not available publicly.

[KevinMc]

Note that these are not going to be updated for Vista / Server 2008, and most tools in the MPS Report package do not work properly on these platforms. Microsoft has moved to a tool called MSDT, which is not available publicly.

Actually this statement is no longer correct. The new MPS reports that includes Vista/2008 support is in beta right now and should be released before the end of April according to MS. I suppose enough Premier support customers complained about the MSDT. I know I did.

Edited March 10, 2009 by KevinMc