Author Archives: Ed Rockwell

How To: Powershell Get Local Administrators and Active Directory Nested Groups – SOX

For the past few years, I’ve been tasked with ensuring that our in-scope servers for Sarbanes-Oxley (SOX) have the correct users and groups in them. Before we would have to screen shot the members of the local admins and all the groups that are in the local admins. I decided to take the time to create a script that gets the local admins of the server and write the output to a transcript file.

Script to get Server Local Administrators:

I named the script Get-ServerLocalAdministrators:

The steps the PowerShell script goes through are:

  • Get domain and server
  • Import PowerShell Modules
  • Get Date and Time
  • Get the working directory
  • Convert the domain and computername to upper and lower for pattern matches
  • Start the transcript in the current directory and use some variables for naming the transcript
  • Get the server’s local administrators object using Get-WmiObject and a where cause for the group component
  • Get the members of the local admins and determine if it’s a user or group.
  • If user, put it in the transcript and tag the user as uer
  • If Group, put the group in a variable to loop through later
  • In the transcript, I’m doing a Write-Host to tag each group. If the group has a sub group, (nested group), then put that in another variable to loop through that as well

Since we have Group Memebers that are cross domain, I had to include the -Server paramater get the object’s distinguished Name and use that for -Server.
The only line you have to change in this script (because I was lazy) is to change line 32 to your domain. So, if your server FQDN is server.subdomain.domain.com you would call this “Domain.com” if it was simply “server.domain.com” then you would call this “com”.

Limitations: This script only loops through to levels of Active Directory groups on the server. So, if you have nested groups more than that, it won’t continue deeper. I’m going to rewrite this to do full recursion in a function so you can look for that post in the future.

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Adding Folder Permissions to IIS_IUSRS via Powershell

For you scripting guys that want to automate everything, For website deployments, you can modify your permissions using the NTFSSecurity Module. This is a simple way to modify ACL’s with powershell. Much easier to use the NTFSSecurity module…

First download the module from here: https://ntfssecurity.codeplex.com/

I would put it in your modules directory on the server. Then import the module with Get-Module -ListAvailable and Import-Module NTFSSecurity.

Now, on to the simple and easy code:

You can also use the following AccessRights. Actually, you should be able to get any name as the parameter but these are the most common:
Modify
Read

Also, as a note, IIS_IUSRS is a special internal group that you shouldn’t/can’t prefix with the computer or domain name.

For the Network Service or IUSR, you have to use “NT AUTHORITY\NETWORK SERVICE” OR “NT AUTHORITY\IUSR”

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Install / Setup Docker on Windows Server 2016

I’ve been working on installing Docker on Server 2016. Here are the steps I’ve followed and some issues I ran into:

First, you have to have Windows Server 2016.

Run Powershell as Administrator (Right click on PowerShell and RunAs Administrator) – yes, you also have to be a local administrator of the box.

Commands in order:

Then you want to see what operating system container images are available:

This step wasn’t in the instructions I was following but is necessary and was raised on the GitHub site as well. The server will reboot after the below command is executed. After it reboots, you need to run the command again. Ugh. I thought it was done and tried to install Windows Server Core and it failed after about 30 minutes.

This is installing and then enabling the Docker Container feature on Windows

As stated above, run the command again. Once done, it will actually tell you that it’s Online and True:

Install Windows Server Core Container Image

Install the WindowsServerCore Container Image by typing the following command below. This does take a while as it downloads Windows Server Core Container Image:

I went to have a bite to eat, took a nap, Surfed Reddit for a while, went to the bathroom and then it was done!

You can check if the image was downloaded by running looking in the directory:

The output should look like this:

 

Now we’re going to install Docker in Windows Server 2016

First, you want to download the Update-ContainerHost.ps1 powershell script. Here is the command:

Run the command. I actually ran this to download the script while the above install of the Windows Server Core was running:

To be continued…

 

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How To: Modify Trusted Hosts to connect via Powershell

We have to connect to untrusted machines via PowerShell. To do this, you have to add the machines,

First, if you have settings in there run this command to get a backup:

Then to get them to modify:

copy that out, add your hosts to it with comma delimited and add it with powershell:

To use it in code (so it doesn’t ask you if you’re sure), you can force it by using the -Force switch

then check again:

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

[Resolved] OnePlus 3 3T Screen Goes Blank or Locked when Dialing Someone

I had a problem last week where my phone started to lock the screen the moment I clicked on dial. It seemed that the proximity sensor on the OnePlus 3T was stuck and it assumed that I had the phone up to my face. I contacted OnePlus about this issue and their solution (As Always) was to reinstall the entire operating system. Basically wipe the phone.

Well, the simple fix is to toggle double tap!

So, to do this, go into your settings and find Gestures. In Gestures, turn off Double Tap. At this point, I rebooted my phone, made a phone call and verified that the problem was gone.

Then I turned on Double Tap again and made another call.

Problem resolved!

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

PowerShell How To: Find all users where account is inactive

I was recently asked asked to find all the users in Active Directory where their account was inactive.

There is a PowerShell commandlet called Search-ADAccount that you can use to find if the account is inactive by using the parameter -AccountInactive.

This is kind of crude but works well. I couldn’t figure out how to get the headers into the csv so I simply did a write-output for the first section.

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How to change the Friendly Name on a certificate -Windows

I ran into the situation where someone created and applied a certificate in IIS and the friendlyName was wrong. During automatic deployments of the software, they would call into the cert store and select the certificate to use for their 443 bindings based on the friendly name. The certificate was named wrong and wouldn’t get applied during deployment or it would apply the wrong one.

Here is how to fix this using PowerShell without re-issuing the certificate.

Open up PowerShell with administrative rights and change your location to the certificate store.

We will change the certificate with the thumbprint named wrong_internal_wildcard to right_internal_wildcard

In the above example, I have done the following:

    1. Opened Powershell

 

    1. Set-Location to the certificate store by typing Set-Location cert:

 

    1. Listed out the certs by typing Get-ChildItem

 

    1. Located the cert I wanted to change the friendly name of

 

    1. Put that cert in a variable so I could view it’s properties

 

    1. Verified that the cert is the right one by typing $cert.friendlyname

 

    1. Then changed the friendlyname by typing $cert.FriendlyName = “right_internal_wildcard”

 

    lastly, I verifed the cert friendlyname by typing $cert.FriendlyName
  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Certificates – Convert pfx to PEM and remove the encryption password on private key

I’ve recently ran into a few times where we had to move a certificate from Microsoft Exchange to a HAProxy load balancer. I was provided an exported key pair that had an encrypted private key (Password Protected).

We will seperate a .pfx ssl certificate to an unencrypted .key file and a .cer file

The end state is to get the private key decrypted, the public cert and the certificate chain in the .pem file to make it work with openssl/HAProxy.

Requirements:
Openssl installed
.pfx file (you need to know the password)
intermediate public cert (you can obatin this from your provider like Thawte)
root public cert (you can obatin this from your provider like Thawte)

Step 1
Extract the private key from the .pfx file (you need to know the password:

Step 2
Now lets decrypt the key:

Step 3
Now lets extract the public certificate:

Step 4
You also need all the public certs in the chain up to the root. I’m talking about these:
Root and Intermediate Certs

Step 5
now create a new text file (don’t use notepad) and put your public, private, intermediate public and root public together. It’s simple and should look like this:

Save the file as a .pem file.
If you want to view the cert on windows, simply rename the .pem to .cer

…This is how Ed does it 🙂

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Disable SSLv2, SSLv3 and Enable TLS 1.2 and pass Qualis SSL Test

I was tasked with securing one of our internet facing web servers against the POODLE SSL vulnerability and weaker old SSL technologies. After doing many searches online, I finally wrote a script to run against our Windows 2008 R2 server to disable the protocols in IIS via the registry. The following is a simple script that you can run to change the STUNNEL ciphers to make your server secure.

FIRST and most important, backup the registry hive that you will be changing. << You have been warned! Do this by going to the following hive and right clicking it and exporting the hive:

HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Then simply run this script and reboot your server:

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

SSH with Powershell: Backup multiple Cisco devices

Today, I was asked to write a script to connect to all our Cisco devices and backup the configs to our fileserver. After a few hours of figuring it out, this is what I came up with

You ONLY need a READ ONLY account on the Cisco devices.

We run this every day at 2:00 AM and backup many Cisco devices.

I downloaded and use this SSH.NET Library: SSH With Powershell

You have to move it to your powershell modules directory and then import-module

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS