Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Saturday, September 24, 2016

AD Sites and Services: Show Services

Tonight I was working on something and deauthorized my DHCP server in Active Directory (long and not very interesting story - I promise I wasn't randomly clicking things..... ).

So I just went in to reauthorize it, and I get a very helpful (ahem) message that tells me that "The specified servers are already present in the Directory Service".

Yay Google, turns out that there's a very cool part of Active Directory Sites and Service that I'd never even seen before!

From a DC, open up Active Directory Sites and Services. Normally this is where you do all of the fancy site replication stuff if you have multiple AD sites, but if you highlight the root of the structure, choose the "View" menu, and select "Show Services Node", there's a lot more to see.

Most of this stuff I wouldn't touch without explicit instructions, of course, but still neat. You can see Exchange stuff, and your certificate info under the Public Key Services folder.

What I needed to do was to delete my server's entry under the NetServices folder, and then I was able to again authorize my DHCP server.

Friday, June 24, 2016

Gathering Important NTP Settings with Powershell

I started a new gig recently, and noticed some time issues. So, once I got all of the servers set up to speak Powershell, I pieced together the following script to do an audit of all of my servers and what they were doing for NTP. I found a really nice blog entry that explains what all of this means....

One thing I'm much more cognizant about is putting any constant variables at the TOP of my scripts. This allows me to more easily reuse my scripts, and also to change the variables quickly without having to look all over the place.


REQUIRED: Make a folder called c:\lists, and put a file in it named ServerNTPSettingsAudit.txt that contains your servers' names (one per line). Also, this script assumes that you have a C:\temp folder.

$List = "C:\Lists\ServerNTPSettingsAudit.txt"
$Attachment = "C:\Temp\NTPSettings.csv"

#Email Variables
$To = ""
$From = ""
$SMTPServer = ""
$Subject = "PS Report - NTP Settings Audit"
$Body = "See Attached"

#Get the list of servers
$Servers = Get-Content $List

#Create an empty array to hold the data
$NTPSettings = @()

#Foreach server, get some NTP settings from the registry (remotely, obviously)
Foreach ($Server in $Servers){
    $HKLM = 2147483650 #HKEY_LOCAL_MACHINE

    $reg = [wmiclass]"\\$Server\root\default:StdRegprov"

    $key = "SYSTEM\CurrentControlSet\Services\W32Time\Parameters"
    $value = "Type"
    $NTPType = $reg.GetStringValue($HKLM, $key, $value)  ## REG_SZ

    $key = "SYSTEM\CurrentControlSet\Services\W32Time\Config"
    $value = "AnnounceFlags"
    $NTPFlags = $reg.GetDWordValue($HKLM, $key, $value)  ## REG_DWORD

    $key = "SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NTPServer"
    $value = "Enabled"
    $NTPServer = $reg.GetDWordValue($HKLM, $key, $value)  ## REG_DWORD

    $ServerItem = New-Object System.Object
    $ServerItem | Add-Member -type NoteProperty -Name "Server Name" -value $Server
    $ServerItem | Add-Member -type NoteProperty -Name "NTP Type" -value $NTPType.sValue
    $ServerItem | Add-Member -type NoteProperty -Name "AnnounceFlags" -value $NTPFlags.uValue
    $ServerItem | Add-Member -type NoteProperty -Name "IsNTPServer" -value $NTPServer.uValue
    $NTPSettings += $ServerItem

} #End Foreach

#Export the array to CSV
$NTPSettings | Export-csv -NoTypeInformation $Attachment

#Send me the list as an email attachment
Send-mailmessage -To $To -From $From -SmtpServer $SMTPServer -Subject $Subject -Body $Body -Attachments $Attachment

#Delete the temp file
Remove-Item $Attachment -Force -ErrorAction SilentlyContinue


Tuesday, April 12, 2016

Report on Cisco VPN Logins from Syslog..... Logs....

Man it's been a long time! Don't know what to say; sometimes I feel like writing and sometimes I don't. I definitely have a long list of things to Blog about. Maybe I'm just destined to be an "in spurts" type of blogger.

The rest of this is a script I created to keep track of people that were using the VPN for licensing purposes, though it does have security implications as well. I wanted to get rid of accounts that very rarely or never used our VPN capabilities.

What we want is to parse the ASA syslog files stored in the syslog folder. These are in txt format and are rather large.

This Powershell script is scheduled to run after midnight on the syslog server every day.

The script autogenerates a new CSV file if it doesn't exist. Results should append to the CSV file daily, and we pull down and remove the csv file weekly.

On Mondays (or a day of your choosing, see the variables section), it counts the entries, keeps only unique logins, and sends the file as an attachment to me. It then deletes the concatenated csv file.


# Variables

#Get Today's Date
$Today = Get-Date

#Get yesterdays date
$Yesterday = $Today.AddDays(-1)

#Path to txt Syslog Files
$SyslogFilePath = "D:\ASA Syslog Files\ASA1\"

#Name of output file
$OutputFile = "D:\PowershellLogData\ASA1_VPNConnections.csv"

#Specify the day of the week to report (Monday by default)
$ReportDayOfWeek = "Monday"

#Build filename of yesterday's log file, with the path
$FileName = $SyslogFilePath + ($Yesterday.ToString('yyyy-MM-dd')) + ".txt"

#Mail Variables
$To = ""
$From = ""
$SMTPServer = ""

#Get the day of the week
$DayOfWeek = ((Get-Date).DayOfWeek).ToString()

#If the Output CSV File Doesn't Exit, create one
If ((Test-Path $OutputFile) -eq $False){
    $Headers = @()
    $HeadersEntry = New-Object psobject
    $HeadersEntry | Add-Member -MemberType NoteProperty -Name Timestamp -Value "ScriptEntry"
    $HeadersEntry | Add-Member -MemberType NoteProperty -Name Group -Value "ScriptEntry"
    $HeadersEntry | Add-Member -MemberType NoteProperty -Name User -Value "ScriptEntry"
    $HeadersEntry | Add-Member -MemberType NoteProperty -Name IPAddress -Value "ScriptEntry"
    $Headers += $HeadersEntry
    $Headers | Export-CSV $OutputFile -NoTypeInformation

#Parse Yesterday's log file for only VPN connection entries
$ConnectionEvents = select-string -path $FileName -Pattern "722022"

#Create an array
$LogInfo = @()

#Cycle through each VPN Login entry and extract the data, adding to the array
$ConnectionEvents | Foreach-Object {
    #Extract the Info
    $infos = $_ -split '\t'
    $TimePre = $Infos[0] -split ':'
    $Time = $TimePre[3] + ":" + $TimePre[4] + ":" + $TimePre[5]
    $BetterInfo = $Infos[3] -split '<'
    $Group = ($BetterInfo[1] -split '>')[0]
    $User = ($BetterInfo[2] -split '>')[0]
    $IPFrom = ($BetterInfo[3] -split '>')[0]
    #Build the Object
    $LogInfoItem = New-Object psobject
    $LogInfoItem | Add-Member -MemberType NoteProperty -Name Timestamp -Value $Time
    $LogInfoItem | Add-Member -MemberType NoteProperty -Name Group -Value $Group
    $LogInfoItem  | Add-Member -MemberType NoteProperty -Name User -Value $User
    $LogInfoItem  | Add-Member -MemberType NoteProperty -Name IPAddress -Value $IPFrom
    $LogInfo += $LogInfoItem
    } #End Foreach-Object

#Append the array to the csv output file
$LogInfo | Export-CSV -Append $OutPutFile

#If it's Monday, clean up the file and send it out, then remove the original CSV so it's rebuilt for the next reporting week
#If it's NOT Monday, just do the data conversion and leave the file intact.
If ($DayOfWeek -like $ReportDayOfWeek){

    #Import the Output CSV File
    $Entries = Import-CSV $OutputFile

    #Keep only entries that have populated username fields and weren't created on CSV initialization (ScriptEntry piece)
    $Entries = $Entries | select-object  | Where-Object {$_.user -notlike "" -and $_user -notlike "ScriptEntry"}

    #Create Report information
    $ReportObject = $Entries | select user -unique | sort user
    #Create HTML Report
    $ReportHTML = $ReportObject | ConvertTo-Html | out-string
    #Count the Entries
    $VPNCount = (($Entries | Measure-Object).Count).ToString()

    #Craft the Email Subject wit the count
    $Subject = "PS Report - Cisco ASA VPN Logs - $VPNCount Logons Last Week"

    #Send the email
    Send-MailMessage -To $To -From $From -SmtpServer $SMTPServer -Body $ReportHTML -BodyAsHTML -Subject $Subject -Attachments $OutputFile

    #Remove the CSV file
    Remove-Item $OutputFile -force -ErrorAction 0

} #End If Monday