tag:blogger.com,1999:blog-63419278521442814932024-03-13T16:17:06.568-04:00IT Stuff I Learned TodayStuff I learned as a System Administrator.Unknownnoreply@blogger.comBlogger178125tag:blogger.com,1999:blog-6341927852144281493.post-38057070006952205862021-10-28T10:56:00.001-04:002021-10-28T10:56:30.745-04:00Increase in Password Spraying AttacksPer <a href="https://www.the-sun.com/tech/3950378/microsoft-billions-passwords-hacked-check-now/">Microsoft</a>, there is a marked increase in Password Spraying attacks. With this being security awareness month, take the opportunity to educate your users NOT to reuse passwords on different sites/applications. <div><br></div><div>If you have the capabilities, I recommend watching your logs for login failures for different users from the same IP. Do some diligence in looking up WHOIS and geolocation data, then block IPs for unexplainable failures at your ingress points. <br><div><br></div><div><br></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-65696620397402582762021-10-17T11:16:00.004-04:002021-10-17T11:16:38.193-04:00I'm Back, with my Master Inventory Database methodology<p></p><p class="MsoNormal">I’m going to start writing again!</p>
<p class="MsoNormal">I was able to pivot my career from a Senior System Admin
into a Security Engineer role for my organization a few years ago. I was very
busy and kind of let this blog go while I sunk my teeth into building and
managing organizational standards related to the CIS 20.</p>
<p class="MsoNormal">I learned a lot in my journey, and I have a lot of ideas for
new articles that may help you in getting your organization up to snuff with
regards to security.</p>
<p class="MsoNormal">One of my primary passions during this time was building a
Master Inventory Database. I did this by pulling data from various sources within
my environment, combining the data, and then asking questions of the data. I
built a suite of Powershell commands and deployed these through profiles that
could be used by various roles within the organization to view role-relevant data
in a single pane of glass.</p>
<p class="MsoNormal">To retrieve this data, I mostly used tool-specific automated
reporting (at midnight the tool exports its inventory to a CSV file, which I
would then ingest), though I used Powershell where modules existed for the tool
(WSUS/DNS/AD/DHCP), and I was in the process of branching out into querying
APIs before I left the position.</p>
<p class="MsoNormal">DATA IS THE KEY. If you have the data, you can present it in
a way that allows management to make good decisions for your organizations,
tailored to risk appetite and security program maturity.</p>
<p class="MsoNormal">Controls 1 and 2 of the CIS 20 deal with inventory. If you
start reading through the rest of the controls, you really can’t say that you
conform to many of the other controls without having first identified every
device and piece of software that exists within your environment. This Master
Inventory Database project aimed to thoroughly satisfy those first two controls
and pave the way for the implementation success on the rest of them.</p>
<p class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">1.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->DNS<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Every system should have a DNS record, though
logic should exist to weed out client systems that may be transient. The DNS
record usually informs the other systems mentioned below on the name of a
system.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->The DNS name should conform to a naming standard
(note that this initiative may take years to accomplish – it’s much easaier to
change system names on upgrade or replacement that renaming systems)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Does a record exist?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">d.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Does the system have a PTR record?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">e.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Are there any aliases?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">2.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Basic network queries:<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is ping successful?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">3.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Client Management System, which hopefully
includes third party patch management:<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Form Factor/Bitlocker Status<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Protected Mobile System or not?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->RAM<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Standardize/Replacement Info Purposes<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->CPU<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Standardize/Replacement Info Purposes<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">d.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Make</p><p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><span style="text-indent: -1.5in;"><span style="font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;"><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span><span> </span></span>i.<span style="font-size: 7pt; font-stretch: normal; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: normal;">
</span></span><span style="text-indent: -1.5in;">Standardize/Replacement Info Purposes</span></p><p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">e.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Model<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Standardize/Replacement Info Purposes<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">f.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->HDD Space<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Ensure there’s space to start saving logs<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">g.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Last Logon User<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Who is using this system?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">h.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Installed Software<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Have an idea of what’s running in your
environment, so when you’re going through the days’ news you can identify
things that may affect you. For example, seeing the headline “Google Chrome
releases patch for 0-day vulnerability”.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>ii.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Licensing<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>iii.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Are all systems running the software required by
IT Operations/Security (Agents, Antivirus, etc)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">4.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->AD Computers<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is the Bitlocker key successfully stored here?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Last Logon Time<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Who is the “owner” of this system?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">5.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->AD Users<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is there an employee number on file to verify
identity for helpdesk calls?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is the user account a member of any special
groups (Domain Admins, etc)?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is there a manager listed for out-of-the-ordinary
requests, such as user requesting access to a share, or forgetting their
employee ID during identity verification?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">6.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Antivirus<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Has the system checked in recently?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">7.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->WSUS Status<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is the system patched?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Has it reported recently?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">8.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Vulnerability Management Reports (I’ve worked
with Rapid7 Insight IVM)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->System risk<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Open Ports (Can also get this through automating
nmap scans)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Configuration Standard scanning results
(CIS/DISA/STIG)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">d.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Software Installed<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Have an idea of what’s running in your
environment, so when you’re going through the days’ news you can identify
things that may affect you. For example, seeing the headline “Google Chrome
releases patch for 0-day vulnerability”.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>ii.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Licensing<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>iii.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Are all systems running the software required by
IT Operations/Security (Agents, Antivirus, etc)?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">9.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Wireless Network<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->SSID Connection/VLAN<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">10.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->DHCP<span style="mso-tab-count: 1;"> </span><o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->What’s the system’s IP address<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->In what DHCP zone does the system pull from?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">11.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Network Scanner (ManageEngine OpUtils, NetDisco,
etc)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->What switch port is the system plugged into?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->VLAN<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">12.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Other things you could assess, but I didn’t get
there:<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Are Backups present, up to date, and successful?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Is the system being monitored for outages?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Browser Plugins and/or Office Add-Ons Installed<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">d.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->O365 user info/Conditional Access/Licensing/Sensitive
email groups<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">e.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Local registry settings, cross referenced with
group policy since all GPOs do is set registry settings<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">f.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->System User Rights assignment<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Who’s a local admin?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>ii.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Make sure that sensitive rights are appropriate
(who can log in as batch user)<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">g.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->System logging configuration<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Best configured via group policy<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">h.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Windows Firewall status<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Best configured via group policy<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->System Shares and permission settings<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Tell me ‘Everyone’ doesn’t have access<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: 1.5in; mso-add-space: auto; mso-list: l0 level3 lfo1; mso-text-indent-alt: -9.0pt; text-indent: -1.5in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;"><span style="font: 7.0pt "Times New Roman";">
</span>ii.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Client systems shouldn’t have shares, typically<o:p></o:p></p>
<p class="MsoListParagraphCxSpLast" style="margin-left: 1.0in; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">j.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->Any other tooling you may have that contains information
of value that has an API or reporting capability. For instance, you could pull Security
Awareness Training records and phishing test results in to help identify your
riskiest users and tailor future training accordingly.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Once you get a handle on even some of the above, you can
start sorting systems into groups and creating standards (security or otherwise).
You can build reports that you can hand to operations to resolve. For example:<o:p></o:p></p>
<p class="MsoListParagraphCxSpFirst" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">a.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These mobile systems don’t have Bitlocker enabled.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">b.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems don’t have antivirus installed.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">c.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems don’t have a DNS name – what are
they?<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">d.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems still have Adobe Flash installed!<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">e.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems have Office 2010 installed!<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">f.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems have open Telnet ports.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">g.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems haven’t installed this months’
patches yet.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">h.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems don’t have our web filter agent
installed or proxy set correctly for protected web access.<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">i.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems haven’t been seen by <Insert
tool here> for X Days (meaning their agents are broken, or they aren’t
checking in, or maybe the computer isn’t being used). Such a rule exists to
make sure you don’t have some device coming back online after 3 months and not
have the appropriate patch levels. I didn’t have a network posturing capability….<o:p></o:p></p>
<p class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">j.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These users have high level access – do they
need it?<o:p></o:p></p>
<p class="MsoListParagraphCxSpLast" style="margin-left: .75in; mso-add-space: auto; mso-list: l1 level1 lfo2; text-indent: -.25in;"><!--[if !supportLists]--><span style="mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;"><span style="mso-list: Ignore;">k.<span style="font: 7.0pt "Times New Roman";">
</span></span></span><!--[endif]-->These systems have an agent that’s out of date.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any exceptions to your standards should be tracked in a risk
register and reviewed regularly with management.</p>
<p class="MsoNormal">Remember, it is up to management to assume (do nothing),
remediate (fix), mitigate (lessen the risk, typically by putting such devices
into their own VLAN), or transfer the risk (insurance, out-sourcing management).</p>
<p class="MsoNormal">I feel like most of the stress I’ve encountered in my career
is due to this risk. I know the risk is there, and I’ve communicated this risk
to management in a data-based fashion (keeping FUD to a minimum, which is a
nebulous line).</p>
<p class="MsoNormal">Theoretically I should be off the hook, psychologically.
HOWEVER, where this breaks down is that historically I’ve been the individual
responsible for incident response.</p>
<p class="MsoNormal">So, the way this plays out in my brain a lot of the time is
that I’ve given the powers that be all the data, and they’ve decided to accept
the risk, BUT I’m the one waiting for the 3am phone call that we’ve been
compromised, possibly because of the flaw I identified.</p>
<p class="MsoNormal">I’m still wrangling with this. In my security engineering
role, I let the stress get to me. I took the stress out on my family and made some
very bad life choices. Ultimately, I ended up quitting my job for my mental health.
<o:p></o:p></p>
<p class="MsoNormal">I urge you to try to come to terms with the fact that you
may not be able to control your security environment, and you need to steel
yourself from the fallout that may land on you because of it.<o:p></o:p></p><br /><p></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-87496279759463544242016-09-24T20:02:00.000-04:002016-09-24T20:02:23.958-04:00AD Sites and Services: Show ServicesTonight I was working on something and deauthorized my DHCP server in Active Directory (long and not very interesting story - I promise I wasn't randomly clicking things..... ).<br />
<br />
So I just went in to reauthorize it, and I get a very helpful (ahem) message that tells me that "The specified servers are already present in the Directory Service".<br />
<br />
Yay Google, turns out that there's a very cool part of Active Directory Sites and Service that I'd never even seen before!<br />
<br />
From a DC, open up Active Directory Sites and Services. Normally this is where you do all of the fancy site replication stuff if you have multiple AD sites, but if you highlight the root of the structure, choose the "View" menu, and select "Show Services Node", there's a lot more to see.<br />
<br />
Most of this stuff I wouldn't touch without explicit instructions, of course, but still neat. You can see Exchange stuff, and your certificate info under the Public Key Services folder.<br />
<br />
What I needed to do was to delete my server's entry under the NetServices folder, and then I was able to again authorize my DHCP server.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-74887507232613622552016-06-24T14:28:00.001-04:002016-06-24T14:28:29.310-04:00Gathering Important NTP Settings with PowershellI started a new gig recently, and noticed some time issues. So, once I got all of the servers set up to speak Powershell, I pieced together the following script to do an audit of all of my servers and what they were doing for NTP. I found a really nice <a href="https://nchrissos.wordpress.com/2013/04/26/configuring-time-on-windows-2008-r2-servers/" target="_blank">blog entry</a> that explains what all of this means....<br />
<br />
One thing I'm much more cognizant about is putting any constant variables at the TOP of my scripts. This allows me to more easily reuse my scripts, and also to change the variables quickly without having to look all over the place.<br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#BEGIN SCRIPT</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"><#</span><br />
<span style="font-family: Courier New, Courier, monospace;">REQUIRED: Make a folder called c:\lists, and put a file in it named ServerNTPSettingsAudit.txt that contains your servers' names (one per line). Also, this script assumes that you have a C:\temp folder.</span><br />
<span style="font-family: Courier New, Courier, monospace;">#></span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Variables</span><br />
<span style="font-family: Courier New, Courier, monospace;">$List = "C:\Lists\ServerNTPSettingsAudit.txt"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Attachment = "C:\Temp\NTPSettings.csv"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Email Variables</span><br />
<span style="font-family: Courier New, Courier, monospace;">$To = "reporting@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$From = "reporting@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$SMTPServer = "mail.contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Subject = "PS Report - NTP Settings Audit"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Body = "See Attached"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Get the list of servers</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Servers = Get-Content $List</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Create an empty array to hold the data</span><br />
<span style="font-family: Courier New, Courier, monospace;">$NTPSettings = @()</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Foreach server, get some NTP settings from the registry (remotely, obviously)</span><br />
<span style="font-family: Courier New, Courier, monospace;">Foreach ($Server in $Servers){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> $HKLM = 2147483650 #HKEY_LOCAL_MACHINE</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> $reg = [wmiclass]"\\$Server\root\default:StdRegprov"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> $key = "SYSTEM\CurrentControlSet\Services\W32Time\Parameters"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $value = "Type"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $NTPType = $reg.GetStringValue($HKLM, $key, $value) ## REG_SZ</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> $key = "SYSTEM\CurrentControlSet\Services\W32Time\Config"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $value = "AnnounceFlags"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $NTPFlags = $reg.GetDWordValue($HKLM, $key, $value) ## REG_DWORD</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> $key = "SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NTPServer"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $value = "Enabled"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $NTPServer = $reg.GetDWordValue($HKLM, $key, $value) ## REG_DWORD</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> $ServerItem = New-Object System.Object</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ServerItem | Add-Member -type NoteProperty -Name "Server Name" -value $Server</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ServerItem | Add-Member -type NoteProperty -Name "NTP Type" -value $NTPType.sValue</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ServerItem | Add-Member -type NoteProperty -Name "AnnounceFlags" -value $NTPFlags.uValue</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ServerItem | Add-Member -type NoteProperty -Name "IsNTPServer" -value $NTPServer.uValue</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> $NTPSettings += $ServerItem</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">} #End Foreach</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Export the array to CSV</span><br />
<span style="font-family: Courier New, Courier, monospace;">$NTPSettings | Export-csv -NoTypeInformation $Attachment</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Send me the list as an email attachment</span><br />
<span style="font-family: Courier New, Courier, monospace;">Send-mailmessage -To $To -From $From -SmtpServer $SMTPServer -Subject $Subject -Body $Body -Attachments $Attachment</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Delete the temp file</span><br />
<span style="font-family: Courier New, Courier, monospace;">Remove-Item $Attachment -Force -ErrorAction SilentlyContinue</span><br />
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#END SCRIPT</span></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-6341927852144281493.post-5243526958189335592016-06-23T12:18:00.001-04:002016-06-23T12:18:36.622-04:00Windows Allegedly Fixes Slow Windows 7 Updating IssuesIn case any of you have seen Windows 7 take literally HOURS to scan for updates when the Check For Updates is initiated manually, try out the newest fix from MS:<br />
<br />
<a href="http://www.infoworld.com/article/3086811/microsoft-windows/microsoft-releases-kb-3161647-kb-3161608-to-fix-slow-windows-7-update-scans.html">http://www.infoworld.com/article/3086811/microsoft-windows/microsoft-releases-kb-3161647-kb-3161608-to-fix-slow-windows-7-update-scans.html</a>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-6341927852144281493.post-63038736296075115022016-04-12T20:55:00.003-04:002016-04-13T10:59:50.410-04:00Report on Cisco VPN Logins from Syslog..... Logs....Man it's been a long time! Don't know what to say; sometimes I feel like writing and sometimes I don't. I definitely have a long list of things to Blog about. Maybe I'm just destined to be an "in spurts" type of blogger.<br />
<br />
The rest of this is a script I created to keep track of people that were using the VPN for licensing purposes, though it does have security implications as well. I wanted to get rid of accounts that very rarely or never used our VPN capabilities.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;"><#</span><br />
<span style="font-family: Courier New, Courier, monospace;">What we want is to parse the ASA syslog files stored in the syslog folder. These are in txt format and are rather large.</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">This Powershell script is scheduled to run after midnight on the syslog server every day.</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: 'Courier New', Courier, monospace;">The script autogenerates a new CSV file if it doesn't exist. </span><span style="font-family: 'Courier New', Courier, monospace;">Results should append to the CSV file daily, and we pull down and remove the csv file weekly.</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: 'Courier New', Courier, monospace;">On Mondays (or a day of your choosing, see the variables section), it counts the entries, keeps only unique logins, and sends the file as an attachment to me. It then deletes the concatenated csv file.</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: 'Courier New', Courier, monospace;">#></span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">############</span><br />
<span style="font-family: Courier New, Courier, monospace;"># Variables</span><br />
<span style="font-family: Courier New, Courier, monospace;">############</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Get Today's Date</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Today = Get-Date</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Get yesterdays date</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Yesterday = $Today.AddDays(-1)</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Path to txt Syslog Files</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$SyslogFilePath = "D:\ASA Syslog Files\ASA1\"</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Name of output file</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$OutputFile = "D:\PowershellLogData\ASA1_VPNConnections.csv"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Specify the day of the week to report (Monday by default)</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$ReportDayOfWeek = "Monday"</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Build filename of yesterday's log file, with the path</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$FileName = $SyslogFilePath + ($Yesterday.ToString('yyyy-MM-dd')) + ".txt"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Mail Variables</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$To = "me@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$From = "me@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$SMTPServer = "mail.contoso.com"</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Get the day of the week</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$DayOfWeek = ((Get-Date).DayOfWeek).ToString()</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;">#If the Output CSV File Doesn't Exit, create one</span><br />
<span style="font-family: Courier New, Courier, monospace;">If ((Test-Path $OutputFile) -eq $False){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Headers = @()</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $HeadersEntry = New-Object psobject</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $HeadersEntry | Add-Member -MemberType NoteProperty -Name Timestamp -Value "ScriptEntry"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $HeadersEntry | Add-Member -MemberType NoteProperty -Name Group -Value "ScriptEntry"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $HeadersEntry | Add-Member -MemberType NoteProperty -Name User -Value "ScriptEntry"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $HeadersEntry | Add-Member -MemberType NoteProperty -Name IPAddress -Value "ScriptEntry"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Headers += $HeadersEntry</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Headers | Export-CSV $OutputFile -NoTypeInformation</span><br />
<span style="font-family: Courier New, Courier, monospace;">}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Parse Yesterday's log file for only VPN connection entries</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ConnectionEvents = select-string -path $FileName -Pattern "722022"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Create an array</span><br />
<span style="font-family: Courier New, Courier, monospace;">$LogInfo = @()</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Cycle through each VPN Login entry and extract the data, adding to the array</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ConnectionEvents | Foreach-Object {</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Extract the Info</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $infos = $_ -split '\t'</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $TimePre = $Infos[0] -split ':'</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Time = $TimePre[3] + ":" + $TimePre[4] + ":" + $TimePre[5]</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $BetterInfo = $Infos[3] -split '<'</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Group = ($BetterInfo[1] -split '>')[0]</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $User = ($BetterInfo[2] -split '>')[0]</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $IPFrom = ($BetterInfo[3] -split '>')[0]</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Build the Object</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $LogInfoItem = New-Object psobject</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $LogInfoItem | Add-Member -MemberType NoteProperty -Name Timestamp -Value $Time</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $LogInfoItem | Add-Member -MemberType NoteProperty -Name Group -Value $Group</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $LogInfoItem | Add-Member -MemberType NoteProperty -Name User -Value $User</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $LogInfoItem | Add-Member -MemberType NoteProperty -Name IPAddress -Value $IPFrom</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $LogInfo += $LogInfoItem</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End Foreach-Object</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Append the array to the csv output file</span><br />
<span style="font-family: Courier New, Courier, monospace;">$LogInfo | Export-CSV -Append $OutPutFile</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#If it's Monday, clean up the file and send it out, then remove the original CSV so it's rebuilt for the next reporting week</span><br />
<span style="font-family: Courier New, Courier, monospace;">#If it's NOT Monday, just do the data conversion and leave the file intact.</span><br />
<span style="font-family: Courier New, Courier, monospace;">If ($DayOfWeek -like $ReportDayOfWeek){</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Import the Output CSV File</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Entries = Import-CSV $OutputFile</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Keep only entries that have populated username fields and weren't created on CSV initialization (ScriptEntry piece)</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Entries = $Entries | select-object | Where-Object {$_.user -notlike "" -and $_user -notlike "ScriptEntry"}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Create Report information</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ReportObject = $Entries | select user -unique | sort user</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Create HTML Report</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ReportHTML = $ReportObject | ConvertTo-Html | out-string</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Count the Entries</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $VPNCount = (($Entries | Measure-Object).Count).ToString()</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Craft the Email Subject wit the count</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Subject = "PS Report - Cisco ASA VPN Logs - $VPNCount Logons Last Week"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Send the email</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Send-MailMessage -To $To -From $From -SmtpServer $SMTPServer -Body $ReportHTML -BodyAsHTML -Subject $Subject -Attachments $OutputFile</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Remove the CSV file</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Remove-Item $OutputFile -force -ErrorAction 0</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">} #End If Monday</span><br />
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-24401279170103724772016-04-12T15:03:00.002-04:002016-04-12T15:03:33.108-04:00VMware HA Testing Tool/SiteSomething I ran across today is <a href="http://hasimulator.vmware.com/html/index.html#/summary" target="_blank">this VMware tool/site</a> that allows you to upload a DRS dump file from your environment and simulates a host failure in your VMware HA cluster. It's always nice to have a test on what you think will happen, and this is much easier and less (possibly) disruptive than pulling out the power cords from your ESXi server.....<br />
<br />
Good stuff!<br />
<br />
PS, I passed, except for one VM that will only boot on one host.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-10103808033749979782015-12-09T10:27:00.000-05:002015-12-09T10:27:29.260-05:00Command by Command: My Standard Ubuntu Server BuildThese are the instructions that I use to build my Ubuntu Server VMs. Once I get done with these, I then add any other software that the server needs. I live in a Microsoft world, so creating this was quite an exercise and took a long time. It was initially created on Ubuntu 14.04.1, but I just ran through it on 14.04.3 and it was fine. To that end, I used to have a section on installing VMware Tools manually, but I got a prompt on 14.04.3 that I should use open-vm-tools, so I'm going that route.<br />
<br />
Here we go:<br />
<br />
Ubuntu 64-bit (14.04.3 tested (original written on 14.04.1)<br />
<br />
My Standard VM build:<br />
60GB HDD<br />
Network Connection (with internet)<br />
4GB RAM<br />
1 CPU<br />
Obviously change depending on your ultimate use case.<br />
<br />
During Installation:<br />
All defaults except:<br />
Hostname<br />
Non-Root User Account<br />
Password<br />
Proxy, if needed<br />
Security Automatic Updates only<br />
No Package Installation<br />
Remove disk, reboot<br />
<br />
Log in<br />
Change login to root:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>sudo su -<br />
<br />
Install open-vm-tools with<br />
apt-get update<br />
apt-get install open-vm-tools<br />
<br />
Configure static IP Address, etc:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>nano /etc/network/interfaces<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>change 'iface eth0 inet dhcp' to 'iface eth0 inet static'<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>add the following lines:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>address <ipaddress><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>gateway <gateway><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>netmask <Mask><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>dns-nameservers <DNSServersSeperatedByASpace><br />
Restart the computer<br />
Log in as non-root user<br />
Verify connectivity using ifconfig, ping, nslookup<br />
<br />
Update apt-get<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>sudo apt-get update<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
Install Ubuntu patches:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>sudo apt-get upgrade<br />
<br />
Install and configure OpenSSH:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>apt-get install openssh-server<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>cp /etc/ssh/sshd_config /etc/ssh/sshd_config.default<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>chmod a-w /etc/ssh/sshd_config.default<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>addgroup sshusers<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>nano /etc/ssh/sshd_config<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Change the following:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>X11Forwarding no<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>LogLevel VERBOSE<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>LoginGraceTime 30<br />
MaxStartups 2:30:10<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Add the following lines:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>AllowTcpForwarding no<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>AllowGroups sshusers<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>usermod -a -G sshusers <Non-Root User><br />
Restart the SSH service:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>sudo restart ssh<br />
Run this command to rate limit the SSH Connections (if more than 10 attempts within 30 seconds, all the following attempts will fail since the connections will be DROPped.)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>sudo ufw limit ssh<br />
<br />
Created DNS A and PTR records<br />
Verified SSH works for Non-Root user<br />
<br />
Set up UFW (Uncomplicated Firewall) (AS ROOT):<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ufw allow ssh<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ufw logging on<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ufw enable<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>TO SHOW STATUS: ufw status<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>LOG FILE LOCATION: /var/log/ufw.log<br />
<br />
Prior to setting up sendmail, ensure your mailserver will accept anonymous mail from this server's IP address.<br />
<br />
Set up the ability to send emails:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Install sendmail:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>apt-get install sendmail<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Create a copy of the default file before editing:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.defaults<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Configure sendmail:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>nano /etc/mail/sendmail.mc<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Your last two lines are as follows:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>MAILER('local')dnl<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>MAILER('smtp')dnl<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Put this code before those two lines:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>define('SMART_HOST','mailserver.contoso.com')dnl<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Save and exit<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Enable changes:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>cd /etc/mail<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>m4 sendmail.mc > sendmail.cf<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>make<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>/etc/init.d/sendmail reload<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Test sendmail functionality:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>echo "My test email being sent from sendmail" | /usr/sbin/sendmail youremail@contoso.com<br />
<br />
NTP Client Setup:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>apt-get install ntp<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>nano /etc/ntp.conf<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>comment all lines that begin with 'server' by placing a # in front of them<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Add the following line before the first 'server' line:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>server <NTPServerFQDN><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Restart NTP:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>service ntp restart<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Test NTP:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>ntpq --numeric --peers<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>In the results, you will see the remote IP of the server you configured.<br />
<br />
Fail2Ban setup:<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>apt-get install fail2ban<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>nano /etc/fail2ban/jail.local<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>change destemail = alertEmail@contoso.com<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>action = %(action_mwl)s<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>RESTARTING: /etc/init.d/fail2ban restart<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>LOG FILE AT: /var/log/fail2ban.log<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-25991304206648581972015-11-24T14:29:00.001-05:002015-11-24T14:29:53.745-05:00Using Powershell to Sift Through My EmailEvery morning I have over 100 new emails. Most of these I glance at and archive, because I only need to know that the processes ran. After thinking about how to better optimize this, it occured to me that I wasn't getting the information I needed.<br />
<br />
For example, I get over 20 emails from Veeam about Backup Jobs and BackupCopy Jobs. They're successful (if they aren't there's a rule that forwards the offending email to my normal email address), so what's the problem? Well, the problem is that I see that they're successful, grab the whole chunk, and mark as read/archive. Was there 20? Or only 19? Now, in this example I would know if one of the jobs was hung or something because I'm running another script to check for snapshots before the workday, but what about other things like MySQL backups, or Backup Exec jobs (yes, shudder)?<br />
<br />
So, here's what I'm doing. These emails are all sent to a reporting mailbox, that forwards any emails with issues to the appropriate personnel. I will use Veeam email as an example.<br />
<br />
An email with a subject of "Veeam Job [Success] Daily-Job" comes in. A rule on my reporting mailbox marks it as read and throws it into an "Archive" subfolder.<br />
<br />
At 7:15AM, a scheduled task runs on my computer at work, with Outlook open and the reporting mailbox loaded. I'm going to do this script in pieces, explaining each part in between.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">#Mailbox Name</span><br />
<span style="font-family: Courier New, Courier, monospace;">$account_address = "reporting"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Folder in that Mailbox</span><br />
<span style="font-family: Courier New, Courier, monospace;">$mails_folders = "archive"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Email Variables</span><br />
<span style="font-family: Courier New, Courier, monospace;">$To = "me@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$From = "reporting@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$SMTPServer = "mail.contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Subject = "Reporting Mailbox Summary"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">##########################################################################</span><br />
<span style="font-family: Courier New, Courier, monospace;"># Date/Time Variables #</span><br />
<span style="font-family: Courier New, Courier, monospace;">##########################################################################</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Begin: 5pm yesterday </span><br />
<span style="font-family: Courier New, Courier, monospace;">$BeginningDateTimeString = (((Get-Date).AddDays(-1)).ToString("yyyy-MM-dd") + " 17:00:00")</span><br />
<span style="font-family: Courier New, Courier, monospace;">[datetime]$BeginningDateTime = $BeginningDateTimeString</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#End 7am today</span><br />
<span style="font-family: Courier New, Courier, monospace;">$EndDateTimeString = ((Get-Date).ToString("yyyy-MM-dd")) + " 07:00:00"</span><br />
<span style="font-family: Courier New, Courier, monospace;">[datetime]$EndDateTime = $EndDateTimeString</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">##########################################################################</span><br />
<span style="font-family: Courier New, Courier, monospace;"># Stuff with Outlook #</span><br />
<span style="font-family: Courier New, Courier, monospace;">##########################################################################</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Create outlook.application object</span><br />
<span style="font-family: Courier New, Courier, monospace;">$outlook = new-object -com outlook.application</span><br />
<span style="font-family: Courier New, Courier, monospace;">$MailNameSpace = $outlook.GetNameSpace("MAPI")</span><br />
<span style="font-family: Courier New, Courier, monospace;">$MailFolders = $MailNameSpace.Folders |? {$_.Name -eq $account_address}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Getting main inbox folder</span><br />
<span style="font-family: Courier New, Courier, monospace;">$inbox = $MailFolders.Folders |? {$_.Name -eq "Inbox"}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Specify folder of mails to calculate</span><br />
<span style="font-family: Courier New, Courier, monospace;">$folder_to_calculate = $inbox.Folders |? {$_.Name -eq "$mails_folders"}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Get the mail</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Emails = $folder_to_calculate.Items</span><br />
<br />
<br />
At this point, $Emails has all of my mail in it (I have autoarchive enabled on the mailbox to delete after 30 days). Now, I'm only interested in a subset of this data. Searching through a months worth of email would take awhile, so I constrain the dataset with the following line, so I only get email received last night after 5pm and before this morning at 7am (see date/time variables above):<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">$TimePeriodMails = $Emails | Where-Object {$_.ReceivedTime -gt $BeginningDateTime -and $_.ReceivedTime -lt $EndDateTime}</span><br />
<br />
Now I filter what I'm interested in by subject. Here's 4 lines:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">$ApplicableMails = $TimePeriodMails | where-object {</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $_.TaskSubject -like 'Backup Exec Alert: Job Success *' -or `</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $_.TaskSubject -like "PS Report - GPO Backup Report" -or `</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $_.TaskSubject -like "PS Report - MySQL Backup Status - SUCCESS - *" -or `</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $_.TaskSubject -like "Veeam Job ``[Success``] Daily-*"}</span><br />
<br />
One interesting tidbit I discovered, through much gnashing of teeth and Googling, is that when you do a string comparison, and the string includes square brackets you have to double-escape them (using the backtick)!<br />
<br />
Once I have my emails, I just need to gather a count of the data, which I did like so:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">#Create an array to hold the data</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ResultArray = @()</span><br />
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#Look for the Backup Exec Emails and count them</span></div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$ArrayItem = New-Object psobject</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$ArrayItem | Add-Member -MemberType NoteProperty -Name Name -Value "BE Backup Successful"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$BESuccessMails = $ApplicableMails | where-object {$_.TaskSubject -like 'Backup Exec Alert: Job Success (Server: *'}</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#Count those, and convert that number to a string</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$BESuccessMailsCount = (($BESuccessMails | measure-Object).count).ToString()</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#This next line is for my reference, once I get the process down, I'll put in here how many emails I should see. </span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#You'll see why this is important (to me) later.</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$BESuccessMailsCountShouldBe = "777"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#Make an array item and add the data I want to the result array</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$ArrayItem | Add-Member -MemberType NoteProperty -Name ShouldBe -Value $BESuccessMailsCountShouldBe</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$ArrayItem | Add-Member -MemberType NoteProperty -Name Is -Value $BESuccessMailsCount</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$ResultArray += $ArrayItem</span></div>
</div>
<br />
I'll spare you the other 4 search blocks; they're the same format, just with different names and data to look for.<br />
<div>
<br /></div>
<div>
The last step is to add some formatting, because who doesn't like a nice table to look at? You'll see here that I've included the number of emails I SHOULD see, so that with minimal effort I can deduce that all of my stuff ran.</div>
<div>
<br /></div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace;">##########################################################################</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"># Format and Send #</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">##########################################################################</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#HTML Style Formatting</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$style = "<style>BODY{font-family: Arial; font-size: 10pt;}"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$style = $style + "TABLE{border: 2px solid black; border-collapse: collapse;}"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$style = $style + "TH{border: 2px solid black; background: #dddddd; padding: 5px; }"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$style = $style + "TD{border: 2px solid black; padding: 5px; }"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$style = $style + "</style>"</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">#Export the array, with the style, to HTML</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">$Body = $ResultArray | ConvertTo-Html -Head $style | out-string</span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">Send-Mailmessage -To $To -From $From -SMTPServer $SMTPServer -Subject $Subject -Body $Body -BodyAsHTML</span></div>
</div>
<div>
<br /></div>
<div>
It looks like this , which is much abbreviated, and not using the same fields as above (sorry):</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-hIabf1g2UIE/VlS5-mRmTcI/AAAAAAAAkwY/0o6VvFnDFVQ/s1600/Capture.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="51" src="http://4.bp.blogspot.com/-hIabf1g2UIE/VlS5-mRmTcI/AAAAAAAAkwY/0o6VvFnDFVQ/s320/Capture.PNG" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You'll notice here that I haven't received the number I expected, which I've since fixed (this was due to that double-escaping of square brackets!).</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Thanks for reading, and Happy Thanksgiving!</div>
<div>
<br /></div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-6341927852144281493.post-91087361961208765302015-11-19T07:59:00.001-05:002015-11-19T07:59:03.742-05:00Getting Installed Chrome Extensions RemotelyI was looking into whitelisting Chrome extensions via the Google Chrome Group Policy, and I needed to find out which extensions my employees were using. So, I made the following function to help with that. You need to run the function as an account with local admin group membership, since it will use the administrative shares to find the installed extensions. Also worth noting is that all of those "Apps" icons count as extension from Google perspective. Comments in the code, as usual:<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">################ BEGIN SCRIPT ################</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Example: Get-ChromeExtensions -Computername $Computername -Username $Username</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Define the function with computername and username</span><br />
<span style="font-family: Courier New, Courier, monospace;">function Get-ChromeExtensions {</span><br />
<span style="font-family: Courier New, Courier, monospace;">[CmdletBinding()] </span><br />
<span style="font-family: Courier New, Courier, monospace;"> Param </span><br />
<span style="font-family: Courier New, Courier, monospace;"> ( </span><br />
<span style="font-family: Courier New, Courier, monospace;"> [Parameter(Mandatory=$true,</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Position=0, </span><br />
<span style="font-family: Courier New, Courier, monospace;"> ValueFromPipeline=$true, </span><br />
<span style="font-family: Courier New, Courier, monospace;"> ValueFromPipelineByPropertyName=$true)] </span><br />
<span style="font-family: Courier New, Courier, monospace;"> [String[]]$ComputerName,</span><br />
<span style="font-family: Courier New, Courier, monospace;"> [Parameter(Mandatory=$true,</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Position=1, </span><br />
<span style="font-family: Courier New, Courier, monospace;"> ValueFromPipeline=$true, </span><br />
<span style="font-family: Courier New, Courier, monospace;"> ValueFromPipelineByPropertyName=$true)] </span><br />
<span style="font-family: Courier New, Courier, monospace;"> [String[]]$UserName</span><br />
<span style="font-family: Courier New, Courier, monospace;"> )#End Param</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">Process</span><br />
<span style="font-family: Courier New, Courier, monospace;">{</span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Get Webpage Title</span><br />
<span style="font-family: Courier New, Courier, monospace;"> #I ripped off this function from https://gallery.technet.microsoft.com/scriptcenter/e76a4213-cd05-4735-bf80-d5903171ae11 -Thanks Mike Pfeiffer!</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Function Get-Title { </span><br />
<span style="font-family: Courier New, Courier, monospace;"> param([string] $url) </span><br />
<span style="font-family: Courier New, Courier, monospace;"> $wc = New-Object System.Net.WebClient </span><br />
<span style="font-family: Courier New, Courier, monospace;"> $data = $wc.downloadstring($url) </span><br />
<span style="font-family: Courier New, Courier, monospace;"> $title = [regex] '(?<=<title>)([\S\s]*?)(?=</title>)' </span><br />
<span style="font-family: Courier New, Courier, monospace;"> write-output $title.Match($data).value.trim() </span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End Function Get-Title</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Build the path to the remote Chrome Extension folder</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionPath = "\\" + $ComputerName + "\C$\Users\" + $Username + "\AppData\Local\Google\Chrome\User Data\Default\Extensions"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Check that the computer is reachable</span><br />
<span style="font-family: Courier New, Courier, monospace;"> If ((Test-Connection $Computername -Quiet -Count 1) -eq $False){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Write-Host -foregroundcolor Red "$ComputerName is not online"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> return</span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Check that the path exists</span><br />
<span style="font-family: Courier New, Courier, monospace;"> If ((Test-Path $GoogleExtensionPath) -eq $False){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Write-Host -foregroundcolor Red "Path not Found: $GoogleExtensionPath"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Write-Host -foregroundcolor Red "Chrome is probably not installed OR the username has no profile/is wrong" </span><br />
<span style="font-family: Courier New, Courier, monospace;"> return</span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Get the foldernames, which are the Google Play Store ID #s</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ExtensionIDNumbers = Get-Childitem $GoogleExtensionPath *. | select name</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Build a name for the output file</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $OutputFileName = "C:\Temp\GoogleExtensionList_" + $Computername + "_" + $Username + ".csv"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Create an array</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionsArray = @()</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Cycle through each Google ID, and look up the Google Play Store Title, which is the extension name</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Foreach ($GoogleID in $ExtensionIDNumbers){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionsArrayItem = New-Object system.object</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ExtensionSite = "https://chrome.google.com/webstore/detail/adblock-plus/" + $GoogleID.Name</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Title = ((Get-Title $ExtensionSite).split("-"))[0]</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionsArrayItem | Add-Member -MemberType NoteProperty -Name AppName -Value $Title</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionsArrayItem | Add-Member -MemberType NoteProperty -Name ExtensionID -Value ($GoogleID.Name)</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionsArray += $GoogleExtensionsArrayItem</span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End Foreach</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Export the list of extensions</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $GoogleExtensionsArray | export-csv $OutputFileName -NoTypeInformation</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">}#Process</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">}#Get-ChromeExtensions</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">################ END SCRIPT ################</span><br />
<div>
<br /></div>
<div>
What struck me is that we really need to think of the Chrome browser as almost its own OS. You've removed the ability for your users to install applications on their computer (they don't have local admin privs, right?), but what's to stop them from installing Chrome Extensions. Solitaire and Minesweeper are bad, but Bejeweled is ok?</div>
Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-6341927852144281493.post-75667630568940888192015-10-12T10:47:00.000-04:002015-10-12T10:47:27.908-04:00My Neverending Ping ScriptIt happened that I needed to remote into every one of our computers to do some work. Of course, some systems were offline, go figure. After working through my computer list and removing the ones I was able to access and fix, I wrote a script to ping the rest of them and email me when they were found to be online.<br />
<br />
The way the script works, is that you feed it a list of computers, and it goes through trying to ping them. If the ping is successful, it send me an email, then removes that system from the list. The script keeps running until the amount of systems in the list reaches 0.<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">########################### BEGIN SCRIPT ###########################</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Variables</span><br />
<span style="font-family: Courier New, Courier, monospace;">$ComputerListPath = "C:\Temp\NeverendingPingList.txt"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$To = "me@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$From = "help@contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Body = "Responding to pings!"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$SMTPServer = "mailserver.contoso.com"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Get Computer List</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Computers = Get-Content $ComputerListPath</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Count the number of computers</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Count = ($Computers | Measure-Object).count</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">If ($Count -le 0)</span><br />
<span style="font-family: Courier New, Courier, monospace;">{</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Write-Host "No computers to ping, exiting"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>exit</span><br />
<span style="font-family: Courier New, Courier, monospace;">}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Create a "matchlist" - if a computer responds, it is added to this list, then when the script iterates through the foreach loop, it skips the computers that exist in this list</span><br />
<span style="font-family: Courier New, Courier, monospace;">[System.Collections.ArrayList]$Matchlist = @()</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Clear the screen</span><br />
<span style="font-family: Courier New, Courier, monospace;">Clear-host</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#For each computer in the list, ping it, while the count is greater than 0</span><br />
<span style="font-family: Courier New, Courier, monospace;">Do</span><br />
<span style="font-family: Courier New, Courier, monospace;">{</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>foreach ($Computer in $Computers)</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>{</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#If the computer matches a member of the matchlist, skip to the next iteration of the foreach loop</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>If ($Matchlist -contains $Computer) { Continue }</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#Test the connection to the computer, using 1 ping packet</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Result = (Test-Connection -ComputerName $Computer -Count 1 -Quiet)</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#If no ping response, write to host</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>If ($Result -eq $false) { Write-Host "No ping received from $Computer - will pass again" }</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>#If it responds, email me AND remove it from the list of computers, then recount computers</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>If ($Result -eq $true)</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>{</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Subject = "$Computer is on the network!!!"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Send-MailMessage -To $To -From $From -SmtpServer $SMTPServer -Body $Body -Subject $Subject</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>$Matchlist.Add($Computer)</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>} #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;"><span class="Apple-tab-span" style="white-space: pre;"> </span>} #End Foreach</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">Write-Host "`r`n========================================================`r`n========================================================`r`n"</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;">#Sleep for 30 seconds<span class="Apple-tab-span" style="white-space: pre;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;">Start-Sleep -Seconds 30</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="font-family: Courier New, Courier, monospace;"> </span></span><br />
<span style="font-family: Courier New, Courier, monospace;">} while ($Count -gt 0)</span><br />
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">########################### END SCRIPT ###########################</span></div>
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-6905998289671049722015-10-08T09:41:00.004-04:002015-10-13T08:55:26.405-04:00Getting the Windows Install Date from ALL of Your ComputersThis script is inspired by a <a href="http://www.windowsnetworking.com/kbase/WindowsTips/WindowsServer2012/AdminTips/Admin/determine-when-windows-was-installed.html" target="_blank">post I ran across</a> on Windows Networking showing how to extract and format the Windows installation date via Powershell. This data would be useful to me for planning hardware refreshes.<br />
<br />
On to the script!<br />
<br />
<span style="font-family: Courier New, Courier, monospace;">################ BEGIN SCRIPT ################</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Purpose: To scan computers for Windows Install Date</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Choose whether this is an initial scan or a rescan</span><br />
<span style="font-family: Courier New, Courier, monospace;">$InitialChoice = Read-Host "Enter 'I' for initial scan, or 'R' for rescan"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Output file variables</span><br />
<span style="font-family: Courier New, Courier, monospace;">$MissedComputersFile = "C:\Temp\Script - InstallDatesMissed.txt"</span><br />
<span style="font-family: Courier New, Courier, monospace;">$OutputFile = "C:\Temp\Script - InstallDates.csv"</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Get the computer list, depending on initial choice</span><br />
<span style="font-family: Courier New, Courier, monospace;">If ($InitialChoice -like "I"){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Computers = get-adcomputer -filter * | select name | sort name</span><br />
<span style="font-family: Courier New, Courier, monospace;">} #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">If ($InitialChoice -like "R"){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Computers = Get-Content $MissedComputersFile</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Remove-Item $MissedComputersFile -Force</span><br />
<span style="font-family: Courier New, Courier, monospace;">} #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Build an empty array for the data</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Results = @()</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Foreach computer in the list</span><br />
<span style="font-family: Courier New, Courier, monospace;">Foreach ($Computer in $Computers){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Here I need to pick a naming method but it's dependent on where the data came from (the initial choice and subsequent computer name import)</span><br />
<span style="font-family: Courier New, Courier, monospace;"> #For the initial scan, where data comes from AD:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> If ($InitialChoice -like "I"){$TestSystem = ($Computer.Name)}</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #For the rescan, where data comes from the text file:</span><br />
<span style="font-family: Courier New, Courier, monospace;"> If ($InitialChoice -like "R"){$TestSystem = $Computer}</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Test the connection</span><br />
<span style="font-family: Courier New, Courier, monospace;"> If (Test-Connection -ComputerName $TestSystem -count 1 -quiet){</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Create a new object to populate</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ResultsEntry = New-Object System.Object</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Get the computer's install date from WMI</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $InstallDate = (Get-WmiObject -ComputerName $TestSystem win32_operatingsystem | select @{Name="InstallDate"; Expression={$_.ConvertToDateTime($_.InstallDate)}}).InstallDate</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Reformat the install date</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $InstallDateRefined = ($InstallDate.Year).ToString() + "-" + ($InstallDate.Month).ToString() + "-" + ($InstallDate.Day).ToString()</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Add the name of the computer to the object</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ResultsEntry | Add-Member -type NoteProperty -name Name -value $TestSystem</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Add the install date to the object</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $ResultsEntry | Add-Member -type NoteProperty -name OSInstallDate -value $InstallDateRefined</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Add the object to the array</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $Results += $ResultsEntry</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Print a status message to the screen</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Write-Host -ForegroundColor Green "$TestSystem - Windows Install Date is $InstallDateRefined"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #This runs if the test-connection is no good</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Else {</span><br />
<span style="font-family: Courier New, Courier, monospace;"> </span><br />
<span style="font-family: Courier New, Courier, monospace;"> #Adds the name of the system to the "Missed" file</span><br />
<span style="font-family: Courier New, Courier, monospace;"> $TestSystem | Add-Content $MissedComputersFile</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;"> #Print a status message to the screen</span><br />
<span style="font-family: Courier New, Courier, monospace;"> Write-Host -ForegroundColor Red "$TestSystem - Not Online"</span><br />
<span style="font-family: Courier New, Courier, monospace;"> } #End If</span><br />
<span style="font-family: Courier New, Courier, monospace;">} #End Foreach</span><br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">#Export the array to CSV</span><br />
<span style="font-family: Courier New, Courier, monospace;">$Results | sort name | export-csv $OutputFile -NoTypeInformation</span><br />
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;"><br /></span></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">################ END SCRIPT ################</span></div>
<div>
<br /></div>
<div>
So after the initial script, you just feed it the "Missed" file over and over until you get everything.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-11613704757767068702015-10-07T12:52:00.000-04:002015-10-07T12:52:10.656-04:00Exchange Issues with Delegation due to AdminSDHolder and Protected GroupsWe had some really weird issues going on delegating permissions to certain users within Active Directory. Basically, when we would assign them some rights, the rights would just disappear for no rhyme nor reason. What we discovered was Protected Groups. I'm not going to try to explain it, because I don't completely understand it (<a href="https://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx" target="_blank">here's</a> someone much more intelligent doing so on Technet), but I'm going to tell you how to fix it!<br />
<br />
The jist of it is that you can't delegate stuff to a user account that is a member of a protected group. Complicating matters is that when you remove someone from a protected group, the setting does not change! You have to go into ADSIEdit and change the AdminCount property on the user's AD object from 1 to 0 manually. Well, you could script that too, but I only had this happen with a few users so I didn't bother with that.<br />
<br />
WHY we ran across this is that we had removed some user accounts from the Domain Admins group and had issues with delegating in Exchange. I hear it's a problem with Lync, too, but we don't run that. Again, simply removing someone from the protected group (Domain Admins in this example) does not change the setting. It also bears mentioning that nesting counts. So if User A is a member of a group that's a member of Domain Admins, their AdminCount value will change to 1.<br />
<br />
The following commands must be performed inside an Active Directory Powershell Session.<br />
<br />
To find which groups are protected, use this command:<br />
Get-ADGroup -LDAPFilter "(objectcategory=group)(admincount=1)" | select name | sort name<br />
<br />
To find out which users are protected, use this:<br />
Get-ADUser -LDAPFilter "(objectcategory=person)(samaccountname=*)(admincount=1)" | select name<br />
<br />
So what you have to do is get the list of protected users, then cross out any users that are direct or indirect members of the protected groups. The users that remain are unjustly protected. To resolve, simply change the AdminCount value on the remaining users.<br />
<br />
<a href="https://gallery.technet.microsoft.com/scriptcenter/Get-nested-group-15f725f2" target="_blank">Here's</a> a handy function I ran across to get nested group memberships (shout out to Piotr Lewandowski for that).<br />
<br />
The protected groups by default include:<br />
Account Operators<br />
Administrators<br />
Backup Operators<br />
Cert Publishers<br />
Domain Admins<br />
Domain Controllers<br />
Enterprise Admins<br />
Print Operators<br />
Read-only Domain Controllers<br />
Replicator<br />
Schema Admins<br />
Server Operators<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-27168542669915778782015-10-01T10:35:00.002-04:002015-10-01T10:35:32.810-04:00All OUs in this Domain Should be Protected from Accidental DeletionI run the best practices analyzer on my domain controllers on the first of the month, every month.<br />
<br />
Today I got this result: All OUs in this Domain Should be Protected from Accidental Deletion<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-bjiXiYAaz5w/Vg1DoXogqEI/AAAAAAAAkcw/PMW5kK1XJBs/s1600/UnProtectedOUs.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://2.bp.blogspot.com/-bjiXiYAaz5w/Vg1DoXogqEI/AAAAAAAAkcw/PMW5kK1XJBs/s400/UnProtectedOUs.PNG" width="331" /></a></div>
<br />
So this begets the question: How do I find out which OUs are not protected?<br />
<br />
Answer: Of course, make sure you are running this command after doing an import-module activedirectory, from a computer that has the Active Directory Powershell module installed.<br />
<br />
The command is:<br />
<span style="font-family: Courier New, Courier, monospace;">Get-ADOrganizationalUnit -filter * -Properties * | where {$_.ProtectedFromAccidentalDeletion -eq $False} | select DistinguishedName</span><br />
<br />
There may be a good reason for them not to be protected, but if you want to go ahead and set protection on each OU, you can run this command:<br />
<span style="font-family: Courier New, Courier, monospace;">Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true</span>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-61594818924765328752015-09-25T19:41:00.002-04:002015-09-25T19:41:23.105-04:00Spiceworld 2015So I'm still in Austin for one more night. I attended Spiceworld 2015 for the first time, and what an amazing conference! I was a little disappointed in a couple of the breakout sessions but that's to be expected. For the price, it was well worth it to network with other admins, get my "business" card out there with my blog's address, and talk to some vendors. We're looking at a possible converged infrastructure project, and possibly a new backup solution (even though I love Veeam, they don't support KVM). I got a lot of questions answered and met a lot of great people, including from my municipal sector. Hopefully we can keep the relationships going and help each other out. It was really cool, and a little bit overwhelming, to get so much swag from the vendors. Here's a picture from day one, and day two was just as much.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-z_zu39k1_8Y/VgXbfcarYhI/AAAAAAAAkOw/RoHoWWTyqGs/s1600/20150923213431413.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="476" src="http://1.bp.blogspot.com/-z_zu39k1_8Y/VgXbfcarYhI/AAAAAAAAkOw/RoHoWWTyqGs/s640/20150923213431413.jpg" width="640" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-92069781298989852272015-09-02T14:41:00.002-04:002015-09-02T14:41:52.020-04:00Windows 10 - Useful Group Policies (Part 2 of ??) - Get Rid of Microsoft Edge Taskbar PinI'm crunched for time today, but I thought I would at least throw out something today.<br />
<br />
One of my current sticking points in creating a workable Windows 10 machine for my users is getting rid of the Microsoft Edge icon that's pinned to the taskbar.<br />
<br />
Yes, Edge looks appealing as a browser. My helpdesk, though, is going to have all kinds of questions and issues related to Edge. I don't have the manpower, so we're getting rid of Edge as much as we can.<br />
<br />
The only way I've found to get rid of the pinned Edge icon is to nuke all of the pinned items.<br />
<br />
To accomplish this, I use a Group Policy Preferences Registry item under User Configuration.<br />
<br />
Create a delete action for HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband, but remember to go to the "Common" tab and check the box that says "Apply once and do not reapply", or else your users' pinned items will be disappearing on them!<br />
<br />
Now if I could just figure out how to get rid of the Start Menu pinned item.....Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-6341927852144281493.post-78654658205424478202015-08-31T20:16:00.002-04:002015-08-31T20:16:52.215-04:00Windows 10 - Useful Group Policies (Part 1 of ??)So I've got the RTM version of Windows 10 x64 Pro installed in a VM and on a laptop. My first step with an OS is to pin down irritating things and figure out how to get rid of them in an automated fashion. Once I figure out all of that, I can then dip my toe into the MDT/WDS world and get a standard build going.<br />
<br />
I put my Windows 10 computers in the same OU as my other computers.<br />
<br />
You also need to import the Windows 10 Group Policies into your Central Store. You can read about how to do this on Technet <a href="https://msdn.microsoft.com/en-us/library/Bb530196.aspx" target="_blank">here</a>.<br />
<br />
<h3>
Create a Windows 10 WMI Filter</h3>
For your WMI filter, you'll want to use this query:<br />
select * from Win32_OperatingSystem where Version like "10.%"<br />
<br />
Now, create a Windows 10 GPO, link that WMI filter to it, and link it to your OU.<br />
<br />
With that accomplished, we can now begin setting up the Windows 10 GPO.<br />
<br />
First GPO setting: Loopback Processing<br />
I'll split these GPOs up to apply to user/computer OUs later, but right now I want everything together, and I want any user that logs into a Windows 10 box to get the same settings. To do this, I will use loopback processing. This can be a tricky feature, so I always refer to <a href="http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx" target="_blank">this handy guide</a> when I do it. Basically, you use this when you want a set of "user" group policies to apply to computers in an OU no matter who logs in. Loopback processing is usually used when you have a single-purpose computer that is locked down, like a kiosk, but in this case it's a test machine. You will find the policy in Computer\Policies\Administrative Templates\System\Group Policy, and it's called "Configure Group Policy loopback processing mode. I set that the to enabled and replace (see the article linked above).<br />
<br />
<h3>
Now how about some settings?</h3>
Ok, Ok. Here's what I'm using so far:<br />
<br />
Computer\Policies\Administrative Templates\System\Logon<br />
Show first sign-in animation, Disabled<br />
Turn off picture password sign-in, Enabled<br />
Turn on PIN sign-in, Disabled<br />
<br />
Computer\Policies\Administrative Templates\Windows Components\Data Collection and Preview Builds<br />
Disable pre-release features or settings, Disabled (this one is confusing, pay attention to the description!)<br />
Toggle user control over Insider builds, Disabled<br />
<br />
Computer\Policies\Administrative Templates\Windows Components\Delivery Optimization<br />
Download Mode: Enabled (None)<br />
We're still talking about what we're going to do about Windows 10's bittorrent-like ability to propagate downloads. It seems really cool, but we need to do our due diligence and all of that.<br />
<br />
Computer\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features<br />
Allow fallback to SSL 3.0 (Internet Explorer), Enabled (No Sites)<br />
<a href="https://en.wikipedia.org/wiki/POODLE" target="_blank">Beware the Poodle!</a><br />
<br />
Computer\Policies\Administrative Templates\Windows Components\Microsoft Edge<br />
Send all intranet traffic over to Internet Explorer, Enabled<br />
<br />
Computer\Policies\Administrative Templates\Windows Components\OneDrive<br />
Prevent the usage of OneDrive for file storage, set to HELL YES.<br />
<br />
These turn off Cortana, and also disable the "web" part of the start menu search. I only want to search my computer.<br />
Computer\Policies\Administrative Templates\Windows Components\Search<br />
Allow Cortana, Disabled<br />
Do not allow web search, Enabled<br />
Don't search the web or display web results in search, Enabled<br />
<br />
<br />
<br />
Tomorrow, I'll post some Group Policy Preferences, covering some registry entries that turn off some undesired features.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-7206750735986352942015-08-28T13:52:00.003-04:002015-08-28T13:52:28.904-04:00Powershell Script to report all Exchange Public Folder PermissionsOne project I'm currently working on is to go through all of our groups and make us a one-resource/one-group shop as far as AD is concerned. This has been a BIG job. Security-enabled distribution groups have been given rights to file shares and added to local server groups, among a ton of other miscellaneous crap.<br />
<br />
One step in organizing what each group actually has rights to is for me to go through our Public Folder infrastructure and ferret out who has access to what. We've got over a hundred public folders. I started doing this manually and after about two folders I thought, "This has to be possible with Powershell." Well, guess what?<br />
<br />
As usual, make sure c:\temp is present, as that's where I write my files. Also, I wrote this to run from my local (Exchange 2010) management shell.<br />
<br />
Further comments are within the script.<br />
<span style="font-family: Courier New, Courier, monospace;"><br /></span>
<span style="font-family: Courier New, Courier, monospace;">######### BEGIN SCRIPT #########</span><br />
<br />
Write-Host -Foreground Red "This script must be run from the Exchange Management Shell!"<br />
$Init = Read-Host "Press Enter to Continue"<br />
<br />
#Get all of the Public Folders<br />
$PublicFolders = get-publicfolder -recurse<br />
<br />
#Create a new array to hold the data<br />
$Permissions = @()<br />
<br />
Foreach ($Folder in $PublicFolders){<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Full path and name of the public folder<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>[string]$Foldername = ($Folder.ParentPath) + '\' + ($Folder.Name)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Get the permissions of the public Folder<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$FolderPermissions = Get-PublicFolderClientPermission $Folder<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Foreach ($Entry in $Folderpermissions){<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#If the User identity in NOT Null<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>If (($Entry.User).ActiveDirectoryIdentity){<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Get the User Identity of the permission<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$UserIdentity = (($Entry.User).ActiveDirectoryIdentity).ToString()<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Create a new object to hold the data<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$PermissionItem = New-Object System.Object<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Put the Full path and name of the public folder into the object<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$PermissionItem | Add-Member -type NoteProperty -name Folder -value $FolderName<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Put the User Identity of the permission into the object<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$PermissionItem | Add-Member -type NoteProperty -name User -value ($Entry.User).ExchangeAddressBookDisplayName<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Had to get funky here, and the Accessrights are an array and not readily enumaratable (is that even a word?)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>Foreach ($Value in ($Entry.AccessRights)){$Rights = (($Value.Permission).ToString())}<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Add the user's rights to the object<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$PermissionItem | Add-Member -type NoteProperty -name Rights -value $Rights<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Add the object into the array<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$Permissions += $PermissionItem<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>} #End If<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>} #End Foreach $Entry<br />
} #End Foreach $Folder<br />
<br />
#Export unique user values to a text document<br />
$Permissions | select user -unique | sort user | out-file "C:\temp\UniquePublicFolderPermissions.txt"<br />
<br />
#Export the permissions for all folders to CSV<br />
$Permissions | Export-CSV "C:\temp\AllPublicFolderPemissions.csv" -NoTypeInformation<br />
<div>
<br /></div>
<div>
<span style="font-family: Courier New, Courier, monospace;">######### END SCRIPT #########</span></div>
Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-6341927852144281493.post-79188943117934068272015-08-26T09:27:00.000-04:002015-08-26T09:27:30.038-04:00Windows 10 - Crappy Update Release KB ArticlesIT Pros are having a lot of problems with the lack of explanation in Windows 10 updates. Microsoft's position on these seems to be "Trust us, you should install this update."<br />
<br />
I can't say it any better than <a href="https://windows.uservoice.com/forums/265757-windows-feature-suggestions/suggestions/9483897-we-need-coherent-knowledge-base-articles-for-windo" target="_blank">this user voice feature request</a> did.<br />
<br />
Do MS sysadmins a favor and vote this feature request up!Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-6341927852144281493.post-59645630637557772782015-08-25T09:42:00.002-04:002015-08-25T13:33:12.669-04:00WDS Server not Responding to PXE Requests?A curious issue befell me yesterday. I was trying to image a PC using our tried and true WDS server. I think WDS is WAY too complicated, and for some reason my eyes start to gloss over when I'm trying to read the documentation. This Windows service really needs an easy button. I realize the complexity lends to WDS's vast customization, but I've got a fairly simple environment; it shouldn't be this complicated.<br />
<br />
Anyway, so I press F12 to PXE boot the computer, and it times out. I restart my DHCP service, which is on a different server, double-check that the DHCP options are what they should be, and try again, multiple times. Rebooting the WDS server accomplished zilch. I try a network drop in a different office; nothing. I try a new laptop and it works! Well, so it's not DHCP, and it's not the WDS server. It's not the network. What the crap?<br />
<br />
Multiple blog posts and Technet articles regurgitate the same advice, that the DHCP settings are wrong. Nope. THEN I finally found the needle in the haystack, this Technet post.<br />
<br />
The first solution outlined was a bit scary: run WDSUTIL /delete-AutoAddDevices /devicetype:approveddevices<br />
<br />
In the past, I removed computers listed in the "Active Directory Prestaged Devices" only to find that they had also been removed from Active Directory. Again, I'll admit that I don't really know what I'm doing with this thing. I claim ignorance! So, removing devices with WDSUTIL is scary to me.<br />
<br />
The second option, though, turned out to be the magical one that made everything work again!<br />
<br />
1. On the WDS server, open Windows Deployment Services and stop the services.<br />
2. Copy all files in \RemoteInstall\Mgmt and paste them to a temp folder<br />
3. Start the WDS service (those files will be recreated)<br />
4. Try your PXE boot.<br />
5. When it works, delete the files you copied to the temp folderUnknownnoreply@blogger.com4tag:blogger.com,1999:blog-6341927852144281493.post-63467231751819298942015-07-08T14:10:00.000-04:002015-07-08T15:48:14.493-04:00Problems Pushing Software via GPO Leads Me to Group Policy 1058 Error 65After I pushed out this month's Adobe Patch via group policy, I wasn't getting one of my test systems to process the patch. I found the following message in the system log:<br />
<br />
Source: Group Policy<br />
Event ID: 1058<br />
The processing of Group Policy failed. Windows attempted to read the file \\contoso.com\SysVol\contoso.com\Policies\{49BA4D4E-A307-40D3-A809-67CE80C5165A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: <br />
a) Name Resolution/Network Connectivity to the current domain controller. <br />
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). <br />
c) The Distributed File System (DFS) client has been disabled.<br />
<br />
If you flip over to the details tab, it says ErrorCode 65, and farther down that Network access is denied.<br />
<br />This problem is directly related to the group policy settings that Microsoft recommended to harden group policy, and is outlined in <a href="https://support.microsoft.com/en-us/kb/3000483" target="_blank">MS15-011</a> and <a href="https://support.microsoft.com/en-us/kb/3004361" target="_blank">MS15-014</a>.<br />
<br />
Apparently, some enterprising gent had this issue before, opened a case with Microsoft, and posted the case resolution at the bottom of <a href="http://blogs.technet.com/b/askpfeplat/archive/2015/02/23/guidance-on-deployment-of-ms15-011-and-ms15-014.aspx" target="_blank">this Technet forum post</a>.<br />
<br />
Resolution:- Suggested to edit the GPO for UNC hardening and change value of RequireMutualAuthentication & RequireIntegrity to 0 from 1 (previous value) for path \\*\NETLOGON & \\*\SYSVOL. We have confirmed that this is a known reported problem where we get ErrorDescription Network access is denied. In event id 1058 and group policy processing fails for computers when KB3004361 is applied.<br />
<br />
I left NETLOGON alone - all of our login scripts in there appear to be processing normally, but I did change the SYSVOL to 0 and 0. After I performed gpupdate /force and rebooted twice, my software installed successfully and there was no GP 1058 error.Unknownnoreply@blogger.com7tag:blogger.com,1999:blog-6341927852144281493.post-61294893865163754602015-07-07T15:46:00.001-04:002015-07-07T15:46:45.645-04:00Adobe Flash Player patch due out tomorrow. Exploit in the wild! Security Advisory for Adobe Flash Player (APSA15-03) http://blogs.adobe.com/psirt/?p=1223Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-6341927852144281493.post-46429944404288572582015-06-30T23:33:00.001-04:002015-07-02T11:49:50.826-04:00So, Which of My Computers is Using Cached Exchange Mode?I know a lot of scripts that I write about on here can be rendered unnecessary by good use of the technology available to me. Unfortunately, it seems that often there is something in the way (politics, money, manual process, complexity, etc) that makes it a whole lot easier for me to just script out something and send myself a report once in a while.<br />
<br />
I don't know about you, but I've had my share of problems with Outlook caused by cached mode being enabled. I know this is controllable by Group Policy, but we have a lot of people that use Outlook Calendars extensively, and they need cached mode on. This is one of those cases where it's easier to run this monthly and keep things tight, than it would be for me to try and scope a group policy to omit people from all over the place, and remember to incorporate new hires that match this profile.<br />
<br />
The trick here was to find out how I would know if a client connected and was on cached mode. The best option, it turned out, was to look in the RPC logs of the Exchange server itself.<br />
<br />
#########################################################<br />
# BEGIN SCRIPT<br />
#########################################################<br />
# Phase One: Preperation<br />
#########################################################<br />
<br />
#Import Active Directory Module<br />
Import-Module activedirectory<br />
<br />
#Function to find Hostnames from IP Addresses<br />
Function Get-HostFromIP<br />
{<br />
$IP = $args[0]<br />
$result = $null<br />
$result = [System.Net.Dns]::gethostentry($ip)<br />
If ($Result){<br />
$DNS = [string]$Result.HostName<br />
}<br />
Else<br />
{<br />
$DNS = "No HostName Found"<br />
}<br />
$DNS<br />
} #End Function<br />
<br />
#Path Variables<br />
$ExchangeLogFolder = "\\mailserver\c$\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access"<br />
$LocalHoldingFolder = "C:\Logs\ExchangeCachedMode"<br />
$OutputFile = "C:\Temp\Cached Mode On - Desktops.csv"<br />
<br />
#Email Variables<br />
$SMTPServer = "mail.contoso.com"<br />
$To = "reporting@contoso.com"<br />
$From = "helpdesk@contoso.com"<br />
$Body = "See Attached"<br />
<br />
#Remove any output file if it already exists<br />
Remove-item $OutputFile -force -ErrorAction SilentlyContinue<br />
<br />
#Delete any pre-existing file in the Local Holding Folder<br />
Get-Childitem -Path $LocalHoldingFolder | remove-item -force -ErrorAction SilentlyContinue<br />
<br />
#########################################################<br />
# Phase Two: Copying over the RPC logs from Exchange<br />
#########################################################<br />
<br />
#Copy the files<br />
$Files = get-childitem -Path $ExchangeLogFolder | select fullname<br />
Foreach ($File in $Files){<br />
Copy-Item $File.fullname -Destination $LocalHoldingFolder<br />
}<br />
<br />
#Remove the first 5 lines of each LOG file, change the fields row, and output in a consistent CSV format<br />
$Files = get-childitem -Path $LocalHoldingFolder | select fullname<br />
Foreach ($File in $Files){<br />
$Text = Get-Content $File.Fullname<br />
$Output = $Text[4..($Text.count)]<br />
$Output[0] = $Output[0] -replace "`#Fields: ",""<br />
$Newfile = (($File.Fullname)+"OUT.csv")<br />
$Newerfile = (($File.Fullname)+"FINAL.csv")<br />
$Output | %{$_ | Add-content $NewFile}<br />
$NewFileContent = Import-csv $Newfile<br />
$NewFileContent | select client-name,client-mode,client-ip | export-csv -NoTypeInformation $Newerfile<br />
} #End Foreach<br />
<br />
#Remove the old files that I don't need anymore<br />
Get-childitem $LocalHoldingFolder -Filter "*.LOG" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}<br />
Get-childitem $LocalHoldingFolder -Filter "*.LOGOUT.csv" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}<br />
<br />
#########################################################<br />
# Phase Three; Merging the CSV files<br />
#########################################################<br />
<br />
#Get some info<br />
$CSVFilePath = $LocalHoldingFolder<br />
<br />
#Get info from the CSV file path<br />
$CSVFiles = get-childitem $CSVFilePath | select fullname, name<br />
<br />
#Initialize/Clear the output array<br />
$Output = @()<br />
<br />
#Cycle through and add csv content to array<br />
foreach($CSV in $CSVFiles) { <br />
if(Test-Path $CSV.fullname) { <br />
$FileName = [System.IO.Path]::GetFileName($CSV.FullName) <br />
$temp = Import-CSV -Path $CSV.fullname | select *, @{Expression={$FileName};Label="FileName"} <br />
$Output += $temp <br />
} else { <br />
Write-Warning "$CSV.fullname : No such file found" <br />
}<br />
} #End Foreach<br />
<br />
#Export Array content to specified output file<br />
$Output | Export-Csv -Path ($LocalHoldingFolder + "\temp.csv") -NoTypeInformation<br />
<br />
#Remove the old files that I don't need anymore<br />
Get-childitem $LocalHoldingFolder -Filter "*.LOGFINAL.csv" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}<br />
<br />
#########################################################<br />
# Phase 4: Getting the data together<br />
#########################################################<br />
<br />
#Import the data for further refinement<br />
$Content = Import-CSV ($LocalHoldingFolder + "\temp.csv")<br />
<br />
#Select only the properties I want<br />
$Refined = $Content | select client-name,client-mode,client-ip<br />
<br />
#Run through some filters<br />
$Refined2 = $Refined | where-object {<br />
#Don't care about entries that list no ip address<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$_."client-ip" -ne "" -and<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#Here's the interesting bit: Classic means cached exchange mode is NOT on<br />
$_."client-mode" -ne "Classic" -and<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#There are some IP scopes that I can't do anything about<br />
($_."client-ip" -like "*192.168.98*" -or<br />
$_."client-ip" -like "*192.168.99*") -and<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>#I don't care about Exchange traffic<br />
$_."client-name" -notlike "*Exchange*"<br />
}<br />
<br />
#Removing duplicate IPs<br />
$Refined2 = $Refined2 | Sort-Object client-ip -Unique<br />
<br />
#Initialize a new array<br />
$Refined3 = @()<br />
<br />
#Put the same data into the new array, but also include the hostname based on the IP<br />
Foreach ($Item in $Refined2){<br />
$SubRefined3 = New-Object System.Object<br />
$ClientHostName = Get-HostFromIP $Item."Client-IP"<br />
$ClientDescription = (Get-ADComputer ($ClientHostname -replace (".contoso.com","")) -Properties * | select Description).Description<br />
$SubRefined3 | Add-Member -type NoteProperty -name ClientName -value $Item."Client-Name"<br />
$SubRefined3 | Add-Member -type NoteProperty -name ClientMode -value $Item."Client-Mode"<br />
$SubRefined3 | Add-Member -type NoteProperty -name ClientIP -value $Item."Client-IP"<br />
$SubRefined3 | Add-Member -type NoteProperty -name ClientHostName -value $ClientHostName<br />
$SubRefined3 | Add-Member -type NoteProperty -name ClientDescription -value $ClientDescription<br />
$Refined3 += $SubRefined3<br />
} #End Foreach<br />
<br />
#Remove any items where a DNS hostname could not be found<br />
$Refined3 = $Refined3 | where-object {$_.ClientHostname -notlike "No Hostname Found"}<br />
<br />
#Do AD Lookups to remove any computers that are laptops, based on AD OU. I have no issue with laptops being on cached exchange mode.<br />
$Refined3 = $Refined3 | where-object {((get-adcomputer ($_.ClientHostName -replace (".contoso.com","")) | select DistinguishedName).DistinguishedName) -notlike "*OU=Laptop*"} | sort-object ClientHostName<br />
<br />
#Filter out any hostnames that I don't want in the report<br />
$Refined4 = $Refined3 | Where-Object {<br />
$_.ClientHostName -notlike "def*" -and<br />
$_.ClientHostName -notlike "ghi*" -and<br />
$_.ClientHostName -notlike "No Hostname Found"}<br />
<br />
#Final Export, excluding computers where Cached Exchange Mode is needed<br />
$Refined4 | Where-Object {$_.ClientHostName -notlike "A123456*" -and<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>$_.ClientHostName -notlike "B4545875*"} | export-csv $OutputFile -NoTypeInformation<br />
<br />
#Get some counts<br />
$Count = (($Refined4 | Measure-Object).count)<br />
$CountString = (($Refined4 | Measure-Object).count).ToString()<br />
$Subject = "PS Report - Clients Using Cached Exchange Mode - $CountString"<br />
<br />
#Only send an email if there are more than zero results<br />
If ($Count -gt 0){<br />
#Send Email<br />
Send-Mailmessage -To $To -From $From -SMTPServer $SMTPServer -Subject $Subject -Body $Body -Attachments $OutputFile<br />
} #End If<br />
<br />
#Remove Temp Files<br />
Remove-Item $OutputFile -Force -Erroraction SilentlyContinue<br />
Remove-Item ($LocalHoldingFolder + "\temp.csv") -Force -Erroraction SilentlyContinue<br />
<div>
<br /></div>
<div>
#########################################################<br />
# END SCRIPT<br />
#########################################################</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-29718690495898841812015-06-30T23:11:00.000-04:002015-07-06T09:45:43.507-04:00My Daily Certificate Authority CheckEarlier this year I rolled out my organizations own Public Key Infrastructure. Certificates.<br />
<br />
I use the script below to send me an email that includes the following in the subject:<br />
How many days until the next certificate will expire<br />
A list of all issued certificates<br />
How many requests are pending.<br />
<br />
Like this subject, for example: PS Report - Issuing CA Info (Next Expiration is 296 days from now, 0 Requests Pending). A list of all issued certificates, with common name, issue date, and the template they are based on is attached as an HTML file.<br />
<br />
A prerequisite for this script is the PS PKI Module, which can be found <a href="https://pspki.codeplex.com/" target="_blank">here</a> on Codeplex.<br />
<br />
This script runs from my issuing certificate authority server.<br />
<br />
######################################################################<br />
# BEGIN SCRIPT<br />
######################################################################<br />
<div>
<br /></div>
#Import the PS PKI Module<br />
Import-Module PSPKI<br />
<br />
#Variables<br />
$TempFile = "C:\Temp\CA_Report.html"<br />
$Today = get-date<br />
$To = "reportingaddress@contoso.com"<br />
$From = "me@contoso.com"<br />
$SMTPServer = "mailserver.contoso.com"<br />
<br />
#Get the CA Name<br />
$CAName = (Get-CA | select Computername).Computername<br />
<br />
#Get Details on Issued Certs<br />
$Output = Get-CA | Get-IssuedRequest | select RequestID, CommonName, NotAfter, CertificateTemplate | sort Notafter<br />
<br />
#Take the above, and exclude CAExchange Certs, Select the first one, and get an integer value on how many days until the earliest renewal is necessary<br />
$RelevantInfo = ($Output | where-Object {$_.CertificateTemplate -notlike "CAExchange"})<br />
$EarliestExpiryInteger = ([math]::abs(($Today - ($RelevantInfo[0].Notafter)).Days)).ToString()<br />
<br />
#Write the Relevant Info to a temp file<br />
$RelevantInfo | ConvertTo-HTML | out-file $TempFile<br />
<br />
#Get Details on Pending Requests<br />
$Pending = Get-CA | Get-PendingRequest<br />
<br />
#Get number of pending requests - If pending requests is null, then PendingCount is left at zero<br />
If ($Pending){$PendingCount = ($Pending | Measure-Object).count}<br />
Else {<br />
$PendingCount = 0<br />
$Pending = "`r`nNone"<br />
} #End Else<br />
$PendingCountStr = $PendingCount.ToString()<br />
<br />
#Make the mail body<br />
$Body = "See Attached"<br />
<br />
$Subject = "PS Report - Issuing CA Info (Next Expiration is $EarliestExpiryInteger from now, $PendingCountStr Requests Pending)"<br />
<br />
Send-mailmessage -To $To -From $From -SmtpServer $SMTPServer -Subject $Subject -Body $Body -Attachments $TempFile<br />
<br />
Remove-Item $TempFile -force<br />
<br />
######################################################################<br />
# END SCRIPT<br />
######################################################################<br />
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-6341927852144281493.post-78408090197672480802015-06-30T22:58:00.002-04:002015-07-01T19:30:22.735-04:00Get a List of All Files with a Certain ExtensionIt happens sometimes that I need to find all files with a certain extension on a given drive. I accomplish this in a more automated way through Microsoft's File Server Resource Manager (FSRM), These cases include reporting on ISO, MP3, and video files that I don't really want cluttering up my file servers. Occasionally however, I just want a list of Access database files, or something. The outlier cases. For that, I have this little script:<br />
<br />
#####################################################################<br />
# BEGIN SCRIPT<br />
#####################################################################<br />
<div>
<br /></div>
#This script prompts for a file extension and a root path, then searches recursively within that path for that extension and sends you a report of all the files.<br />
<br />
#Get Hostname<br />
$Hostname = ($env:computername)<br />
<br />
#Prompt for file extension to search for<br />
$ext = Read-host "File Extension (do not enter a period)"<br />
$ext = $ext.ToUpper()<br />
<br />
#Create Temp File Location<br />
$TempFile = "C:\Temp\FileQuery $ext.csv"<br />
<br />
#Get Root Path to search in<br />
$PathToSearch = Read-Host "Path to search (i.e. P:\)"<br />
<br />
#Get your email address<br />
$EmailAddress = Read-Host "Your email address (to send the report to)"<br />
<br />
#Conduct search, export to CSV (Temp File)<br />
get-childitem -Path $PathToSearch -Filter *.$ext -recurse | select name, Length, DirectoryName | export-csv -NoTypeInformation $TempFile<br />
<br />
#Send CSV via email<br />
Send-Mailmessage -to $EmailAddress -from me@contoso.com -smtpserver mailserver.contoso.com -Subject "$Ext Files on $Hostname in $PathToSearch" -Body "See Attached" -attachments $TempFile<br />
<br />
#Delete the Temp File<br />
remove-item $Tempfile<br />
<br />
#####################################################################<br />
# END SCRIPT<br />
#####################################################################<br />
<div>
<br /></div>
Unknownnoreply@blogger.com0