powershell

PrintNightmare Discover Print Servers

Alex Mags
CVE-2021-1675 aka PrintNightmare Tl;dr find all servers, with printer published to users in AD, by looking for printerqueue objects. Lots of interest in figuring out which servers offer network printing services due to CVE-2021-1675 aka PrintNightmare. Ideally your org has a well managed print service with DNS aliases to your regional print servers. Or maybe a managed print service over internet? If your print servers are less easy to find try hunting in Active Directory.

Auto Configure Git client proxy authentication

Alex Mags
This post has some PowerShell to make Git client work on Windows in corporate environment. Short version Use the Microsoft Credential Manager for Git. Don’t expose passwords in plaintext in Git config or environment variable. The Microsoft Credential Manager will store creds for proxy amd git repo in Windows Credential Manager Git client doesn’t accept domain name in Git config, when you enter creds in Credential Manager change ID to <userID> format Automatically configurge Git client to authenticate with corporate proxy Git client doesn’t support Web Proxy Auto Discovery (WPAD).

PowerShell wait music

Alex Mags
My long running PowerShell scripts now have background musak thanks to: http://www.adminarsenal.com/admin-arsenal-blog/powershell-music-remotely https://www.youtube.com/watch?v=FsoIfkNQYEg http://youtube-mp3.org/ $scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent $musakFilePath="$scriptDir\musak.mp3" $wmplayer = New-Object System.Windows.Media.MediaPlayer $wmplayer.Open($musakFilePath) Start-Sleep 2 # This allows the $wmplayer time to load the audio file $duration = $wmplayer.NaturalDuration.TimeSpan.TotalSeconds $wmplayer.Play() $stopwatch=[system.diagnostics.stopwatch]::StartNew() while ($stopwatch.Elapsed.Seconds -lt $duration) { Write-Progress -Activity "Doing stuff, please hold…" -status "$($stopwatch.Elapsed.Seconds)seconds" -percentComplete ($stopwatch.Elapsed.Seconds / $duration*100) # do something # break when done start-Sleep -s 1 } $wmplayer.

AD authentication to AWS from PowerShell

Alex Mags
I’ve done a couple of other posts on using AD credentials with AWS API. You setup AWS IAM to trust AD Federation Services (ADFS) for authentication. You get temporary access keys to use with the AWS API. This is safer than making lots of IAM accounts with long term passwords (Secret Access Keys) that end up embedded in code and stored who knows where. See previous posts for an overview of AD authentication to AWS.

AWS API without keys

Alex Mags
Hey there Enterprise Administrator! Avoid storing AWS API keys by using Windows authentication instead[/caption] Are you an Enterprise investigating AWS? Don’t want to become a security news story like these guys? https://www.google.co.uk/search?q=news+aws+secret+access+key+hack Are you used to multiple levels of physical and logical security for access to your equipment? https://www.youtube.com/watch?v=_qc5TG2ulx8 Is access to your VPC config shielded by nothing but some AWS API credentials? (which are probably stored in plain text.

Windows Server 2012 nic teaming with powershell

Alex Mags
Some PowerShell to configure Nic Teaming on Windows Server 2012. Note: pick teaming mode and load balancing algorithm to suit your networking environment. The config below is for two NICs going to independent switches in active-passive mode (no LACP). Also note that the order Windows discovers and labels NICs may not match your hardware vendor’s labelling at the back of the server. # Check current state of NICs and do teaming if (get-netLbfoTeam) {write-host "Nic Team already exists"} else { write-host "Renaming NICs" #Rename Ethernet & Ethernet2 to Nic1 & Nic2 etc $nicIndex=1 get-netAdapter | ForEach-Object { $\_ | Rename-NetAdapter -NewName "Nic$nicIndex" ; $nicIndex++} #Create team for Nic1,2 write-host "Teaming Nic1 and Nic2" $team = new-netlbfoteam -name NicTeam -teammembers Nic1,Nic2 -TeamingMode **SwitchIndependent** -loadBalancingAlgorithm **TransportPorts** -Confirm:$false #Configure NIC2 as standby write-host "Configuring Nic2 as standby" Set-NetLbfoTeamMember -Name "Nic2" -AdministrativeMode Standby # loop until this NIC team is up while ($team.

Powershell to disable NetBIOS over TCP/IP

Alex Mags
You don’t need your machines talking to each other via NetBIOS over TCP/IP. Turn this off to cut down on network chatter and reduce your attack surface. The following PowerShell is useful as step during OS deployment (one-off config), or as a Group Policy startup script (every boot). # disable NetBIOS over TCP/IP on new adapter (legacy protocol not required) $NETBIOS_DISABLED=2 Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'" | ForEach-Object { $_.

Website change alerts with powershell

Alex Mags
Had a requirement to monitor a website for changes. Used free online tool www.changedetection.com. But set up a second monitoring tool using PowerShell and a scheduling system. Remix the following code in your own monitoring projects. Maybe turn it into a function. Maybe test for an expected string (eg the HTML for login form). There’s no defensive code to recover if the website is inaccessible (needs a try-catch there). Could add some code to raise a SNMP trap, or create a support ticket.

PowerShell update-help proxy authentication

Alex Mags
PowerShell 3 installs without help files. You download these from Microsoft using the command update-help. Use the following PowerShell to make the .Net web client pass your session credentials to the (auto detected) proxy. Now you can wget, curl or update-help $wc = New-Object System.Net.WebClient $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials update-help This tip was from_:_ http://blog.stangroome.com/2013/08/02/powershell-update-help-and-an-authenticating-proxy/

.Net application publisher certificate checking

Alex Mags
Have a server app (NetApp SnapDrive 7) which installs a .Net service. The service fails to start and the MSI package rolls back. It fails to start because it’s doing publisher cert checking and the servers don’t have internet access via proxy. The workaround offered was to edit the app .config file and add Described in this article: http://msdn.microsoft.com/en-us/library/bb629393(v=vs.110).aspx And: http://msdn.microsoft.com/en-us/library/system.security.permissions.publisheridentitypermission(v=vs.110).aspx Found this cert check can be turned off per machine in machine.