Skip to main content

Posts

Showing posts from April, 2011

Remove Adobe Flash Player Cookies

Here is a new worry for you and your users.  Adobe Flash creates cookies that are deleted through traditional methods.  In researching this tasty little dessert, I found reports that suggest that these super cookies can be use to restore traditional cookies that you deleted.  Other reports suggest that half of the internet's websites use this form of cookie.  OK, so how do you get ride of them? Open the link below in a new browser: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html Click Delete all sites . Next click the tab the is marked below: Drag the slider bar so it says " None ” and check Never Ask Again . This will prevent new cookies from being written.

Enumerate Members of local groups in PowerShell

Here is another script from my last PowerShell class.  After we took a look at the script to enumerate the users who had User Rights assigned to them on a server, one the delegates in class asked if it was possible to enumerate the local users in local groups.  I had to resort to some PowerShell V1 tactics, but it works.  I also got a little help from Steve Schofield’s blog . <# =========================================================== Script Name: LocalGroups.ps1 Author: Jason A. Yoder, MCT Website: WWW.MCTExpert.com Blogsite: WWW.MCTExpert.Blogspot.com ----------------------------------------------------------- Script Purpose: Enumerate the local user accounts that are members of local groups ----------------------------------------------------------- Variables: $GroupList : Holds the names of all the groups on the              client. $StrComputer : Used to store the name of the client to                run this script on.  The "." means the                local c

View the NIC configuration of a VM in Virtual Machine Manager

System Center Virtual Machine Manager as a neat little graphical way of viewing the NIC configuration of a VM to see which physical NIC, or virtual network the VM is connected to. In Virtual Machine Manager, right click the VM you are interested in. Click View Networking . You will get a window similar to the one below. This particular VM has its NIC connected to a virtual network called MCT Network .

PowerShell Script to replace items in a text file

This script is a product of one my PowerShell classes in March 2011.  The problem was presented by a learner in the class.  His task was to take a large text file that needed to be parsed for question marks and have them replaced with spaces.  We expanded the script to make it more portable and useful in more situations. As with all my PowerShell classes, I encourage the participants to have a project in mind when they arrive.  With a project in hand, the light bulb in the participants head turns on as they learn more and more skills to make their project a success. <# ======================================================== Script: Replace.ps1 ----------------------------------------------------------- The input parameters are the input file, the new output file.  We also needed to provide what we wanted to replace with what.  Adding these extra parameters made the script more portable. --------------------------------------

Use Group Policy to populate IE Favorites

Using Group Policy to populate the favorites in Internet Explorer allows you to make sure your users have quick access to mission critical websites.  To do this, create or use an existing GPO that is properly scoped to the users you want to publish the links to. In Group Policy Manager right click the GPO and click Edit . Expand User Configuration / Policies \ Windows Settings / Internet Explorer Maintenance / URLs Double click Favorites and Links Click Add URL Provide a name and a URL.  You can even provide the location for a custom icon for the site. Click OK . Once you are finished, click OK in the Favorites and Links window. Close the Group Policy Management Editor to save the policy. Refresh the Group Polices on a client and test. Should the user delete this link, it will re-appear at the next Group Policy refresh.

How to prevent users from opening PowerShell in a different Execution Policy than you require.

Users have the ability to open PowerShell with any Execution Policy level that they want.  The idea behind the Execution Policy is to prevent unintentional execution of scripts.  Your users do this by typing at a command line: PowerShell –ExecutionPolicy PolicyLevel The PolicyLevel is the desired Execution Policy.  Through Social Engineering, an attacker could instruct a user how to execute their malicious scripts by using the above method of the Set-ExecutionPolicy cmdlet. You can prevent this by using Group Policy. I created a GPO with the sole purpose of setting the PowerShell Execution Policy to AllSigned .  This setting is located at Computer Configuration \ Policies \ Administrative Templates \ Windows Components \ Windows PowerShell \ Turn on Script Execution .   I applied the policy and verified that the client’s default execution policy was set to AllSigned by opening PowerShell using the GUI. I then closed PowerShell and then opened it again.  This time by using

How to return data from a PowerShell function

Functions allow us to modularize our scripts and reuse code over and over again.  In some cases, you may want PowerShell to return information back to the parent scope so it can continue to be used.  Below is a very simple function. Function DoMath {     $a = 5 + 5    }  DoMath When we call this function, it returns our data.  We can set it up to return the data to a variable by calling the function with this command:   $a   =  DoMath The Return keyword is available. Return acts as a break for the function.  It will return the data specified, and stop processing the rest of the function. Function   DoMath {      $a  =   5  +  5     Return    Write-Host $a }  DoMath  Even though there is a Write-Host  statement, the Return  keyword prevents its execution.

Modify the Internet Explorer Compatibility List with PowerShell

Here is a good, real world question.  While examining the Group Policies settings for Internet Explorer in class.  The question came about as to whether or not the list can be modified in Group Policy by using PowerShell.  Well, yes you can. The first thing is to determine what registry key we need to modify.  For the Compatibility list, the key is: “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList” To utilize PowerShell for this task, we first need to add the Group Policy Module. Import-Module GroupPolicy Next, to add the website names www.abc.com to the GPO named IE Settings , type: Set-GPRegistryValue –Name “IE Settings” –Key “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList” –ValueName “www.abc.com” –Type String –Value “www.abc.com” Opening the GPO in the Group Policy Management Editor and manually entering the web site would be faster for a single site.  But what if you have a whole

Creating a PowerShell Module

In Monday’s post , I showed you how to use Dot Sourcing to utilize the functions in one script, in the shell or in another script.  Today we are going to look at how to create a module.  First, we need to create a few files in your local profile.  We are going to call this our Library module.  Create the following folders inside your My Documents folder. WindowsPowerShell/Modules/Library Now save this function to a script called Library.psm1 . Function Display-Info {   Write-Host ( Get-WmiObject Win32_LocalTime ).Year } Copy Libray.psm1 into the folder you just created. Remember, the name of the .psm1 file needs to match the directory name. Now, open a PowerShell session. Type Get-Module –ListAvailable .  You should see your module listed. Type Import-Module Library and press enter. Now execute the function Display-Info .  The tab completion functionality of PowerShell should be available to you. You can remove this module from memory by typing

Dot sourcing a PowerShell script.

PowerShell works in scopes.  At the very top layer, you have a global scope.  When you run a script, it is ran in a script scope inside the global.  If you run any functions inside that script, they run in their own function scope inside the script scope, which is inside the global scope. When the function is finished and it exits its scope, all the data in the function is lost.  When the script ends, all of its data and the knowledge of the existence of the scripts functions are also lost.  What if you wanted to keep the functions from the script available to the shell?  That is where dot sourcing comes into play.   Let’s take a look at this simple function:   Function Display-Info { Write-Host ( Get-WmiObject Win32_OperatingSystem ).Caption } Display-Info   The output of this function, which changes depending on the client it is ran on, is: Microsoft Windows 7 Ultimate I know, this is a very simple function.  the problem is, after the execution is com

Enable Windows 7/2008 features using DISM offline servicing

One of the strong management points of Windows 7 deployment is the ability to manage you images without having to apply the image, make the changes, and then recapture the image.  DISM (Deployment Image Servicing and Management) allows you to mount a Windows image and make configuration changes to it.  All this while not having to take the time to first deploy the image. To begin working with an image, we need to mount it.  First, make a new folder to hold the mounted image.  For this demo, I made one called ImageMount .  Both the folder and the image file are on my D: drive. Next, open a command prompt with elevated permissions. The .wim file I’m using for this demo is the install.wim file from the Windows Server 2008 R2 installation media. Browse to the location where you stored the image file and the folder to mount it in. Type DISM /mount-wim /wimfile:d:\install.wim /index:1 /Mountdir:d:\ImageMount Depending on the size of the WIM file, this may take a few minutes,

How to force a client to reboot with PowerShell

OK, the actual question from class was how to force a client to reboot while someone is logged in.  Be careful with this one.  This will not give the user at the other end the opportunity to save anything. Restart-Computer –ComputerName ComputerName –Force Don’t sweat, standard user accounts cannot shutdown a domain controller.  If you check the user rights on a domain controller, only the members of the Administrators , Backup Operators , Print Operators , and Server Operators groups can do this.  Everyone else gets this: Restart-Computer : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

What does the /Check switch do with the ImageX command?

ImageX allows us to work with images.  We can use ImageX to capture and apply them.  We can also mount the images for servicing. The /check switch will check the integrity of the .wim file when the command is executed. The /check switch is available to be used with the following ImageX operations: /append /apply /capture /delete /export /info /mountrw /split

How to Enable / Disable a basic GPO Setting with PowerShell

PowerShell allows you to make changes to your Group Policy objects.  This is a good way to create an automatic response to changes in your network environment.   The script below will show you how to configure a basic GPO setting. A Basic GPO setting has three possible states: Not Configured Enabled Disabled We are going to use the GPO setting of Automatically Publish new Printers in Active Directory as our test subject.  A GPO called GPO-Test was created to house this setting.  Using the Group Policy Settings Reference from Microsoft, I located the registry key in question: HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Auto Publishing The value name is Auto Publishing . When set to Enabled , the REG-DWORD is set to 0x00000001 (1) When set to Disabled , the value is set to 0x00000000 (0) When set to Not Configured , The value of Printers is not present in the registry. This script is designed to show you how to achieve all three settings.  You can complet

Create a Power Plan in Group Policy

With Group Policy Preferences, you can now design power plans for you organizations mobile users and deploy them using GPOs.  To access this feature, open or create a Group Policy. Expand Computer Configuration \ Preferences \ Control Panel Settings \ Power Options . When you right click Power Options and then select New , you get the option of creating Windows XP Power Options, Windows XP Power Scheme, or Windows Vista/7 Power Plan .  Remember, before you can use GPO Preferences on Windows XP, you need to install an update.  This article will help you with that. Click Power Plan (Windows Vista and Later) . In the Action drop down list, you are given 4 choices. The Create action will create a new power plan. The Replace action will replace an existing power plan or create on if non exists. Update will only changes settings that you specify, but will not remove any that are currently present The Delete action will remove the power plan. Under the Action

Installing System Center Virtual Machine Manager

System Center Virtual Machine Manager (SCVMM) allows you to manage multiple virtualization hosts from one console.  With other virtual management software, you can only manage the virtual machines (VMs) on the local host.  With SCVMM, you can manage the VMs on hosts running Hyper-V, Virtual Server 2005 R2, and VMWare ESX Server. First off, you need a copy of SCVMM.  You can download a 180 day trial version here.   Once you download a copy, you simple need to install it.  First, execute the installation file with administrative level permissions. Click VMM Server Select I accept the terms of this agreement and click Next On the Microsoft Update window, click what is appropriate for your environment and then click Next . On the Customer Experience Improvement Program window, click what is appropriate for you and then click Next . On the Product Registration page, enter your name and organization.  Click Next . The Prerequisites Check page will automatically check fo

How to Change the metrics that VMM uses in placing VMs

System Center Virtual Machine Manager uses metrics on each managed host to determine if the host is suitable for the placement of a new VM.  The metrics that are evaluated are: CPU Usage Memory Free Disk I/O Network Utilization These metrics are updated every 10 minutes. You can configure VMM to place a higher or lower weight on each of these metrics to better fit your needs.  For example, if you are placing a high degree of emphasis on CPU utilization and you are deploying a VM that will require 4 CPUs, then only hosts with low CPU utilization will be selected for placement of that VM.  Here is how you can customized the metrics. Open SCVMM. In the left pane at the bottom, click Administration In the General pane, click Placement Settings . The first two radio buttons allow you to balance the VM load or to maximize the servers resource utilization.  The slider bars tell SCVMM what metrics are the most important to you.

Enumerate all Users that are assigned User Rights with PowerShell

One of the security questions that came up in my last PowerShell class was who has the User Rights to shut down a server. I went with this and created a script that searches all the User Rights that have a user or group assigned to them.  It performs a recursive search through all groups and provides you with a list of users who have that certain right.  Below is a screen shot part of the output. Here is the PowerShell script. <# =========================================================== Script Name:EnumerateUserRights.ps1 Author: Jason A. Yoder, MCT Website: www.MCTExpert.com Blog site: www.MCTExpert.Blogspot.com ----------------------------------------------------------- Script Purpose: Enumerates all the user accounts that are listed as having a user right.  This script will do a recursive search through all nested groups and will also report on user accounts that have been directly assigned a User Right outside of an Active Directory Group. -----------------------------