Tuesday, August 20, 2024

Data Loss Prevention Deployment (new) Strategies

 In this video I have discussed about various strategic aspects of DLP solution deployment.



Friday, August 16, 2024

Data Loss Prevention Solution Basics

This video describes basics of a DLP solution and is not specific to a certain vendor.




Blocking RC4 Ciphers on a Linux Machine

This video explains how to block RC4 Ciphers on a Linux machine. The flavor used is CentOS however it is applicable to all similar OS like RHEL, Rocky and Fedora etc.




Wednesday, September 6, 2017

Power Shell Commands

🌟 Please Note, Power Shell commands shown in this post are based on my work on live environment, tried& tested several time over the years, however, copying them and using without any customization might not give desired results so get an idea, make your own them and use them well!

 #Adding a static route  

Route Add -p 172.xxx.xxx.xxx mask 255.255.255.xxx 172.xxx.xxx.xxx 


#Check Routes
route print


#Check BIOS
Get-WMIObject Win32_Bios


#Adding DNS Records
Import-Module DNSShell
Import-CSV c:\DNS\newHostserp.csv | %{
New-DNSRecord -Name $_."HostName" -RecordType A -ZoneName xyz.local -IPAddress $_."IPAddr"
}  


#Bulk adding Display Name against AD users
Import-Csv user.csv | Foreach { Set-ADUser -Identity $_.sAMAccountname -DisplayName $_.DisplayName }


#Display Services & Process of another computer "DC1"
TaskList /S DC1 /svc /fi “imagename eq svchost.exe"


# DHCP Remove authrized server from AD
Netsh DHCP delete server 2003-dc1.contoso.com 172.xxx.xxx.xxx


#Get a list of Users with last logon time from domain relic.local into a CSV file last_login.csv
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 -Prop CN,lastLogonTimestamp | Select CN,@{n="lastLogonDate";e={[datetime]::FromFileTim($_.lastLogonTimestamp)}} | Export-CSV -NoType last_login1.csv


#Get a List of AD Users in domain "relic.local" Exported to CSV file SamAccountNames.CSV at location C:\Temp
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 | ft SamAccountName >>c:\Temp\SamAccountNames.csv


#Get A List of Last Logon Timestamp for Users in a CSV File SamAccountNames.csv belonging to domain relic.local

Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 | ft SamAccountName >>c:\abc\SamAccountNames.csv
Import-Module c:\abc\GetADUserLastLogonTime.psm1
Get-OSCLastLogonTime -CsvFilePath "C:\Temp\SamAccountNames.csv" >>c:\abc\LogOnDetails.csv


#Get Extended Properties of a User
Get-Aduser -filter * -searchbase "dc=relic,dc=local" -properties Telephonenumber|select displayname, givenname, sn, telephonenumber 


#Set Extended properties of a user
Set-ADUser -Identity User1 -EmployeeId 1234


#Set Extended properties of users (employee ID only) in bulk from a file
Import-Csv user.csv | Foreach { Set-ADUser -Identity $_.sAMAccountname -EmployeeID $_.EmployeeID }


# Group Policies Applied on a Computer
GpResult /H test.HTML


#Reset WinRM and WinMGMT
Net Start winrm 
Enable-PSRemoting -Force 
net start winmgmt
winmgmt /salvagerepository


#Check Integration Services Version of a VM from Host
Get-VM | ft name, integrationservicesversion


#Check all MAC addresses against unicast and multicast NLB
WLBS
WLBS /?
WLBS Display
WLBS ip2mac 172.xxx.xxx.xxx


#Service Query net logon
sc query X netlogon


#Find and Forcefully Stop a not responding service
Get-Service | Where-Object {$_.Status -eq 'StopPending'} | Format-List * -Force

Get-Service | Where-Object {$_.Status -eq 'StopPending'} | Stop-Service -Force


#Find and Stop a not responding service on a remote server DC
Get-Service -ComputerName "DC" | Where-Object {$_.Status -eq 'StopPending'} | Format-List * -Force

Get-Service -ComputerName "DC" | Where-Object {$_.Status -eq 'StopPending'} | Stop-Service -Force


# Replication Status of Domain Controller named "DC"
repadmin /showrepl

dcdiag /replsource:DC


#Display full data in a column where you get "...." instead of data 
$FormatEnumerationLimit =-1


#Kill a task forcefully having PID 4692
TaskKill /F /PID 4692


#Find a Task PID for isactrl
sc queryex isactrl
sc queryex wuauserv


#Windows Update Commands
wuauclt /detectnow
wuauclt /reportnow
wuauclt /updatenow
wuauclt /resetauthorization /detectnow
wuauclt.exe /resetauthorization /detectnow


#NETSH WinHTTP (Works on CMD with Elevation)
Netsh WinHttp Show Proxy
Netsh WinHttp Reset Proxy


#Script to Reset WSUS Authorization (Make a bat file)
net stop wuauserv
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f 
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f
net start wuauserv
wuauclt.exe /resetauthorization /detectnow
pause


# Move WSUS Updates Directory to a new location at F:  Drive
1- Create Folder WSUS in new location F:\WSUS
2- Go to directory location of file WsusUtil.exe
3- WsusUtil.exe movecontent F:\WSUS\ F:\WSUS\move.log


# Troubleshoot WSUS Error 80004002
Go to RUN and try these one by one
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll


# Extract DHCP Reservations List
Get-DHCPServerV4Scope | ForEach {

    Get-DHCPServerv4Lease -ScopeID $_.ScopeID | where {$_.AddressState -like '*Reservation'}

} | Select-Object ScopeId,IPAddress,HostName,ClientID,AddressState | Export-Csv ".\$($env:COMPUTERNAME)-Reservations.csv" -NoTypeInformation

Monday, January 25, 2016

Listing Active Directory Users with Last Log On Time Stamp

In large Active Directory environments it is always a challenge for administrators to track down the users which have not logged on for while because they have either left the organization or were initially created twice due to some misunderstanding by Human Resource Department.

This thing impacts licensing cost as well as capacity planning.

In order to get a list of all users with their last log on time stamp, we can use combination of some commands and a script that will export the information in a ".CSV" file for our convenience.  

Environment:


Domain Name:   relic.org
Temporary Location on a DC:   C:\Scripts
Pre-Built Module Name:   "GetADUserLastLogonTime.psm1"   (Available Here)  Tech Net Gallery Link  

Step 1-


Create a new folder on one of your domain controllers on a suitable location.

I have used following example for this purpose

C:\Scripts 


Step 2- 


Log on to the domain controller and run following command

Get-ADUser -Filter * -SearchBase "DC=relic,DC=org" -ResultPageSize 0 | ft SamAccountName >>c:\Scripts\SamAccountNames.csv

This command will extract a list of user names to the desired destination in ".CSV" format

Step 3- 


Open this file and remove blank rows, blank spaces and any rows with dotted line (----)  from the list and save changes.

Here is an example of correct and incorrect file data for next steps

























Step 4- 


A pre-built script is used to perform two actions

(A) Read the list of users we created in step 2
(B) Put the last logon time stamps against each user ID

So first we will import this module into domain controller server using this command

Import-Module C:\Scripts\GetADUserLastLogonTime.psm1

Step 5- 


Run the following command to

Get List of Users, Put last logon time stamps against each and Export to another new ".CSV" file which is going to be our final output file

Get-OSCLastLogonTime -CsvFilePath "C:\Scripts\SamAccountNames.csv" >>c:\Scripts\LogOnDetails.csv

The result might look like as shown in screen shot below

Please note that encircled SAM accounts are the one which have never logged on and that is why they are all showing the same unrealistic time stamp.





Friday, December 18, 2015

Verifying the Integration Services Version on Host and Guest Machines

Hyper-V Integration services play a supportive role in administration of virtual environments by providing a lot of small but useful functionalities. 
For many third party components such as Veritas NetBackup to run smoothly there is a requirement that both client and server must be running the same version of integration services on them. 
There are two ways to determine the versions;
Method 1-
On the Server and Guest both; you may find the file "VMMS.EXE"on the following location
C:\Windows\System32
The "Properties" tab shows exact version of file


Method 2-
You can also verify the versions from registry
On the Guest: 
HKLM\SOFTWARE\Microsoft\Virtual Machine\Auto\IntegrationServicesVersion

On the Host: 
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Virtualization\GuestInstaller\Version\Microsoft-Hyper-V-Guest-Installer-Win60-Package

Monday, October 19, 2015

Adding Multiple Resource Records in a Microsoft Based DNS Server

It happens sometimes that you have to add multiple Host records in a Windows Server 2012 R2 based DNS server. Using Power Shell script can do the magic.
There are 3 main Phases,

      A-   Preparing DNS Server

In order to run DNS related commands we need “DNSShell” module to be extracted to DNS server. This module is not available by default and can be downloaded from this URL;


-          Download and extract the “DNSShell” module in following location (considering C: is the home directory on your server)
C:\Windows\System32\WindowsPowerShell\v1.0\Modules

      B-   Preparing the CSV File containing desired entries

-          You need at least two parameters
1-      Host Name
2-      IP Address



The entries should look like as shown in the screen shot



-          Save this file as .CSV, in this example I have used “newhosts.CSV” as file name.

 C- Execution of Script


-          Create a new Folder at this location
C:\DNS-Temp

-          Place the csv file in the folder “DNS-Temp”
Following script will be used to perform this job (I have done modifications in the script to fit in my example. These modifications can be seen as bold and italic)

Import-Module DNSShell
Import-CSV c:\DNS\newHosts.csv | %{
New-DNSRecord -Name $_."HostName" -RecordType A -ZoneName relic.org -IPAddress $_."IPAddr"
}  

-          The Power Shell the script must run without any error messages.




-          A comparison of Forward lookup zone before and after running the script can be seen in figures below.

Before:




           After: