In this video I have discussed about various strategic aspects of DLP solution deployment.
Tuesday, August 20, 2024
Friday, August 16, 2024
Data Loss Prevention Solution Basics
This video describes basics of a DLP solution and is not specific to a certain vendor.
Blocking RC4 Ciphers on a Linux Machine
This video explains how to block RC4 Ciphers on a Linux machine. The flavor used is CentOS however it is applicable to all similar OS like RHEL, Rocky and Fedora etc.
Wednesday, September 6, 2017
Power Shell Commands
🌟 Please Note, Power Shell commands shown in this post are based on my work on live environment, tried& tested several time over the years, however, copying them and using without any customization might not give desired results so get an idea, make your own them and use them well!
#Adding a static route
Route Add -p 172.xxx.xxx.xxx mask 255.255.255.xxx 172.xxx.xxx.xxx
#Check Routes
route print
#Check BIOS
Get-WMIObject Win32_Bios
#Adding DNS Records
Import-Module DNSShell
Import-CSV c:\DNS\newHostserp.csv | %{
New-DNSRecord -Name $_."HostName" -RecordType A -ZoneName xyz.local -IPAddress $_."IPAddr"
}
#Bulk adding Display Name against AD users
Import-Csv user.csv | Foreach { Set-ADUser -Identity $_.sAMAccountname -DisplayName $_.DisplayName }
#Display Services & Process of another computer "DC1"
TaskList /S DC1 /svc /fi “imagename eq svchost.exe"
# DHCP Remove authrized server from AD
Netsh DHCP delete server 2003-dc1.contoso.com 172.xxx.xxx.xxx
#Get a list of Users with last logon time from domain relic.local into a CSV file last_login.csv
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 -Prop CN,lastLogonTimestamp | Select CN,@{n="lastLogonDate";e={[datetime]::FromFileTim($_.lastLogonTimestamp)}} | Export-CSV -NoType last_login1.csv
#Get a List of AD Users in domain "relic.local" Exported to CSV file SamAccountNames.CSV at location C:\Temp
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 | ft SamAccountName >>c:\Temp\SamAccountNames.csv
#Get A List of Last Logon Timestamp for Users in a CSV File SamAccountNames.csv belonging to domain relic.local
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 | ft SamAccountName >>c:\abc\SamAccountNames.csv
Import-Module c:\abc\GetADUserLastLogonTime.psm1
Get-OSCLastLogonTime -CsvFilePath "C:\Temp\SamAccountNames.csv" >>c:\abc\LogOnDetails.csv
#Get Extended Properties of a User
Get-Aduser -filter * -searchbase "dc=relic,dc=local" -properties Telephonenumber|select displayname, givenname, sn, telephonenumber
#Set Extended properties of a user
Set-ADUser -Identity User1 -EmployeeId 1234
#Set Extended properties of users (employee ID only) in bulk from a file
Import-Csv user.csv | Foreach { Set-ADUser -Identity $_.sAMAccountname -EmployeeID $_.EmployeeID }
# Group Policies Applied on a Computer
GpResult /H test.HTML
#Reset WinRM and WinMGMT
Net Start winrm
Enable-PSRemoting -Force
net start winmgmt
winmgmt /salvagerepository
#Check Integration Services Version of a VM from Host
Get-VM | ft name, integrationservicesversion
#Check all MAC addresses against unicast and multicast NLB
WLBS
WLBS /?
WLBS Display
WLBS ip2mac 172.xxx.xxx.xxx
#Service Query net logon
sc query X netlogon
#Find and Forcefully Stop a not responding service
Get-Service | Where-Object {$_.Status -eq 'StopPending'} | Format-List * -Force
Get-Service | Where-Object {$_.Status -eq 'StopPending'} | Stop-Service -Force
#Find and Stop a not responding service on a remote server DC
Get-Service -ComputerName "DC" | Where-Object {$_.Status -eq 'StopPending'} | Format-List * -Force
Get-Service -ComputerName "DC" | Where-Object {$_.Status -eq 'StopPending'} | Stop-Service -Force
# Replication Status of Domain Controller named "DC"
repadmin /showrepl
dcdiag /replsource:DC
#Display full data in a column where you get "...." instead of data
$FormatEnumerationLimit =-1
#Kill a task forcefully having PID 4692
TaskKill /F /PID 4692
#Find a Task PID for isactrl
sc queryex isactrl
sc queryex wuauserv
#Windows Update Commands
wuauclt /detectnow
wuauclt /reportnow
wuauclt /updatenow
wuauclt /resetauthorization /detectnow
wuauclt.exe /resetauthorization /detectnow
#NETSH WinHTTP (Works on CMD with Elevation)
Netsh WinHttp Show Proxy
Netsh WinHttp Reset Proxy
#Script to Reset WSUS Authorization (Make a bat file)
net stop wuauserv
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f
net start wuauserv
wuauclt.exe /resetauthorization /detectnow
pause
# Move WSUS Updates Directory to a new location at F: Drive
1- Create Folder WSUS in new location F:\WSUS
2- Go to directory location of file WsusUtil.exe
3- WsusUtil.exe movecontent F:\WSUS\ F:\WSUS\move.log
# Troubleshoot WSUS Error 80004002
Go to RUN and try these one by one
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll
# Extract DHCP Reservations List
Get-DHCPServerV4Scope | ForEach {
Get-DHCPServerv4Lease -ScopeID $_.ScopeID | where {$_.AddressState -like '*Reservation'}
} | Select-Object ScopeId,IPAddress,HostName,ClientID,AddressState | Export-Csv ".\$($env:COMPUTERNAME)-Reservations.csv" -NoTypeInformation
#Adding a static route
Route Add -p 172.xxx.xxx.xxx mask 255.255.255.xxx 172.xxx.xxx.xxx
#Check Routes
route print
#Check BIOS
Get-WMIObject Win32_Bios
#Adding DNS Records
Import-Module DNSShell
Import-CSV c:\DNS\newHostserp.csv | %{
New-DNSRecord -Name $_."HostName" -RecordType A -ZoneName xyz.local -IPAddress $_."IPAddr"
}
#Bulk adding Display Name against AD users
Import-Csv user.csv | Foreach { Set-ADUser -Identity $_.sAMAccountname -DisplayName $_.DisplayName }
#Display Services & Process of another computer "DC1"
TaskList /S DC1 /svc /fi “imagename eq svchost.exe"
# DHCP Remove authrized server from AD
Netsh DHCP delete server 2003-dc1.contoso.com 172.xxx.xxx.xxx
#Get a list of Users with last logon time from domain relic.local into a CSV file last_login.csv
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 -Prop CN,lastLogonTimestamp | Select CN,@{n="lastLogonDate";e={[datetime]::FromFileTim($_.lastLogonTimestamp)}} | Export-CSV -NoType last_login1.csv
#Get a List of AD Users in domain "relic.local" Exported to CSV file SamAccountNames.CSV at location C:\Temp
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 | ft SamAccountName >>c:\Temp\SamAccountNames.csv
#Get A List of Last Logon Timestamp for Users in a CSV File SamAccountNames.csv belonging to domain relic.local
Get-ADUser -Filter * -SearchBase "DC=relic,DC=local" -ResultPageSize 0 | ft SamAccountName >>c:\abc\SamAccountNames.csv
Import-Module c:\abc\GetADUserLastLogonTime.psm1
Get-OSCLastLogonTime -CsvFilePath "C:\Temp\SamAccountNames.csv" >>c:\abc\LogOnDetails.csv
#Get Extended Properties of a User
Get-Aduser -filter * -searchbase "dc=relic,dc=local" -properties Telephonenumber|select displayname, givenname, sn, telephonenumber
#Set Extended properties of a user
Set-ADUser -Identity User1 -EmployeeId 1234
#Set Extended properties of users (employee ID only) in bulk from a file
Import-Csv user.csv | Foreach { Set-ADUser -Identity $_.sAMAccountname -EmployeeID $_.EmployeeID }
# Group Policies Applied on a Computer
GpResult /H test.HTML
#Reset WinRM and WinMGMT
Net Start winrm
Enable-PSRemoting -Force
net start winmgmt
winmgmt /salvagerepository
#Check Integration Services Version of a VM from Host
Get-VM | ft name, integrationservicesversion
#Check all MAC addresses against unicast and multicast NLB
WLBS
WLBS /?
WLBS Display
WLBS ip2mac 172.xxx.xxx.xxx
#Service Query net logon
sc query X netlogon
#Find and Forcefully Stop a not responding service
Get-Service | Where-Object {$_.Status -eq 'StopPending'} | Format-List * -Force
Get-Service | Where-Object {$_.Status -eq 'StopPending'} | Stop-Service -Force
#Find and Stop a not responding service on a remote server DC
Get-Service -ComputerName "DC" | Where-Object {$_.Status -eq 'StopPending'} | Format-List * -Force
Get-Service -ComputerName "DC" | Where-Object {$_.Status -eq 'StopPending'} | Stop-Service -Force
# Replication Status of Domain Controller named "DC"
repadmin /showrepl
dcdiag /replsource:DC
#Display full data in a column where you get "...." instead of data
$FormatEnumerationLimit =-1
#Kill a task forcefully having PID 4692
TaskKill /F /PID 4692
#Find a Task PID for isactrl
sc queryex isactrl
sc queryex wuauserv
#Windows Update Commands
wuauclt /detectnow
wuauclt /reportnow
wuauclt /updatenow
wuauclt /resetauthorization /detectnow
wuauclt.exe /resetauthorization /detectnow
#NETSH WinHTTP (Works on CMD with Elevation)
Netsh WinHttp Show Proxy
Netsh WinHttp Reset Proxy
#Script to Reset WSUS Authorization (Make a bat file)
net stop wuauserv
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f
reg Delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientIDValidation /f
net start wuauserv
wuauclt.exe /resetauthorization /detectnow
pause
# Move WSUS Updates Directory to a new location at F: Drive
1- Create Folder WSUS in new location F:\WSUS
2- Go to directory location of file WsusUtil.exe
3- WsusUtil.exe movecontent F:\WSUS\ F:\WSUS\move.log
# Troubleshoot WSUS Error 80004002
Go to RUN and try these one by one
regsvr32 wuapi.dll
regsvr32 wuaueng.dll
regsvr32 wuaueng1.dll
regsvr32 wucltui.dll
regsvr32 wups.dll
regsvr32 wups2.dll
regsvr32 wuweb.dll
# Extract DHCP Reservations List
Get-DHCPServerV4Scope | ForEach {
Get-DHCPServerv4Lease -ScopeID $_.ScopeID | where {$_.AddressState -like '*Reservation'}
} | Select-Object ScopeId,IPAddress,HostName,ClientID,AddressState | Export-Csv ".\$($env:COMPUTERNAME)-Reservations.csv" -NoTypeInformation
Monday, January 25, 2016
Listing Active Directory Users with Last Log On Time Stamp
In large Active Directory environments it is always a challenge for administrators to track down the users which have not logged on for while because they have either left the organization or were initially created twice due to some misunderstanding by Human Resource Department.
This thing impacts licensing cost as well as capacity planning.
In order to get a list of all users with their last log on time stamp, we can use combination of some commands and a script that will export the information in a ".CSV" file for our convenience.
Domain Name: relic.org
Temporary Location on a DC: C:\Scripts
Pre-Built Module Name: "GetADUserLastLogonTime.psm1" (Available Here) Tech Net Gallery Link
Create a new folder on one of your domain controllers on a suitable location.
I have used following example for this purpose
C:\Scripts
Log on to the domain controller and run following command
Get-ADUser -Filter * -SearchBase "DC=relic,DC=org" -ResultPageSize 0 | ft SamAccountName >>c:\Scripts\SamAccountNames.csv
This command will extract a list of user names to the desired destination in ".CSV" format
Open this file and remove blank rows, blank spaces and any rows with dotted line (----) from the list and save changes.
Here is an example of correct and incorrect file data for next steps
A pre-built script is used to perform two actions
(A) Read the list of users we created in step 2
(B) Put the last logon time stamps against each user ID
So first we will import this module into domain controller server using this command
Import-Module C:\Scripts\GetADUserLastLogonTime.psm1
Run the following command to
Get List of Users, Put last logon time stamps against each and Export to another new ".CSV" file which is going to be our final output file
Get-OSCLastLogonTime -CsvFilePath "C:\Scripts\SamAccountNames.csv" >>c:\Scripts\LogOnDetails.csv
The result might look like as shown in screen shot below
Please note that encircled SAM accounts are the one which have never logged on and that is why they are all showing the same unrealistic time stamp.
This thing impacts licensing cost as well as capacity planning.
In order to get a list of all users with their last log on time stamp, we can use combination of some commands and a script that will export the information in a ".CSV" file for our convenience.
Environment:
Domain Name: relic.org
Temporary Location on a DC: C:\Scripts
Pre-Built Module Name: "GetADUserLastLogonTime.psm1" (Available Here) Tech Net Gallery Link
Step 1-
Create a new folder on one of your domain controllers on a suitable location.
I have used following example for this purpose
C:\Scripts
Step 2-
Log on to the domain controller and run following command
Get-ADUser -Filter * -SearchBase "DC=relic,DC=org" -ResultPageSize 0 | ft SamAccountName >>c:\Scripts\SamAccountNames.csv
This command will extract a list of user names to the desired destination in ".CSV" format
Step 3-
Open this file and remove blank rows, blank spaces and any rows with dotted line (----) from the list and save changes.
Here is an example of correct and incorrect file data for next steps
Step 4-
A pre-built script is used to perform two actions
(A) Read the list of users we created in step 2
(B) Put the last logon time stamps against each user ID
So first we will import this module into domain controller server using this command
Import-Module C:\Scripts\GetADUserLastLogonTime.psm1
Step 5-
Run the following command to
Get List of Users, Put last logon time stamps against each and Export to another new ".CSV" file which is going to be our final output file
Get-OSCLastLogonTime -CsvFilePath "C:\Scripts\SamAccountNames.csv" >>c:\Scripts\LogOnDetails.csv
The result might look like as shown in screen shot below
Please note that encircled SAM accounts are the one which have never logged on and that is why they are all showing the same unrealistic time stamp.
Friday, December 18, 2015
Verifying the Integration Services Version on Host and Guest Machines
Hyper-V Integration services play a supportive role in administration of virtual environments by providing a lot of small but useful functionalities.
For many third party components such as Veritas NetBackup to run smoothly there is a requirement that both client and server must be running the same version of integration services on them.
There are two ways to determine the versions;
Method 1-
On the Server and Guest both; you may find the file "VMMS.EXE"on the following location
C:\Windows\System32
The "Properties" tab shows exact version of file
Method 2-
You can also verify the versions from registry
On the Guest:
HKLM\SOFTWARE\Microsoft\Virtual Machine\Auto\IntegrationServicesVersion
On the Host:
HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Virtualization\GuestInstaller\Version\Microsoft-Hyper-V-Guest-Installer-Win60-Package
Monday, October 19, 2015
Adding Multiple Resource Records in a Microsoft Based DNS Server
It happens sometimes that you have to add multiple Host
records in a Windows Server 2012 R2 based DNS server. Using Power Shell script can
do the magic.
There are 3 main Phases,
A- Preparing DNS Server
In order to run DNS related commands we
need “DNSShell” module to be extracted to DNS server. This module is not
available by default and can be downloaded from this URL;
-
Download and extract the “DNSShell”
module in following location (considering C: is the home directory on your
server)
C:\Windows\System32\WindowsPowerShell\v1.0\Modules
B- Preparing the CSV File
containing desired entries
-
You need at least two
parameters
1-
Host Name
2-
IP Address
The
entries should look like as shown in the screen shot
-
Save this file as .CSV, in
this example I have used “newhosts.CSV” as file name.
-
Create a new Folder at this
location
C:\DNS-Temp
-
Place the csv file in the
folder “DNS-Temp”
Following script will be used to perform this job (I have
done modifications in the script to fit in my example. These modifications can
be seen as bold and italic)
Import-Module DNSShell
Import-CSV c:\DNS\newHosts.csv | %{
New-DNSRecord -Name $_."HostName" -RecordType A
-ZoneName relic.org -IPAddress $_."IPAddr"
}
-
The Power Shell the script
must run without any error messages.
-
A comparison of Forward
lookup zone before and after running the script can be seen in figures below.
Before:
After:
Subscribe to:
Posts (Atom)