Andrew Healey’s Blog
Smash forehead on keyboard to continue…
Powershell: Using PoSH to Search Across Multiple Domains in Forest
Jan 25th
I was recently asked to get a quick report of all Windows 7 computers within a multi-domain AD forest. After banging my head into the keyboard for a while, I finally figured it out. The script below should do the trick.
Also, if you use the OperatingSystemVersion attribute, you will find that Server 2008 R2 shares version “6.1 (7600)”. So, the best way to find Windows 7 only, is to search for “Windows 7*” with the wildcard character against the OperatingSystem attribute. That will ensure all Windows 7 versions are returned and will exclude Server 2008 R2 from your results.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | #Get Domain List $objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $DomainList = @($objForest.Domains | Select-Object Name) $Domains = $DomainList | foreach {$_.Name} #Act on each domain foreach($Domain in ($Domains)) { Write-Host "Checking $Domain" -fore red $ADsPath = [ADSI]"LDAP://$Domain" $objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath) $objSearcher.Filter = "(&(objectCategory=Computer)(operatingSystem=Windows 7*))" $objSearcher.SearchScope = "Subtree" $colResults = $objSearcher.FindAll() foreach ($objResult in $colResults) { $Computer = $objResult.GetDirectoryEntry() $Computer.DistinguishedName } } |
Part 3: Blocking Bad Hosts – Blocking Them, Easily (CLI Edition)
Dec 25th
In part two, I showed you how to use the Local Security Policy GUI to block the bad guys. There were a lot of pretty pictures for those tha
t prefer the GUI. In this version, I’ll show you how to accomplish the same thing from the command line. This is my preferred method. It is much simpler to automate and explain.
By following the steps below, you will be able to create a new policy and manage the filter lists and actions. The goal here will be to put all these pieces together into a nice tidy package that is fully automated. More >
Part 2: Blocking Bad Hosts – Blocking Them, Easily (GUI Edition)
Dec 23rd
In part two, I want to show how you can quickly setup an ipsec policy to block the bad hosts you identified in part one. While many methods can be used to block hosts, using the Local Security Policy (secpol.msc) and ipsec is a simple method which can be fully automated.
By following the steps below, you will be able to create a new policy and manage the filter lists and actions. In part three, I will explain how this can be done from the command line for all you CLI warriors. This tutorial should be accurate for: Windows XP, Vista, 7 and Server 2003, 2008, 2008R2 (possibly even 2000) More >
Part 1: Blocking Bad Hosts – Finding Them, Easily
Dec 21st
Download Script: get-bad-hosts.zip
While troubleshooting some issues on an OWA Front-End server, I went over to the security log to see if the authentication attempts were getting past this box. The problem I found was the log was so full of failed logon attempts it was difficult to filter out what I was looking for. In a twelve hour period, there were thousands of 529 events in the security log. Now, I know this is nothing new, but I found a few patterns. I manually exported the log to a CSV, parsed out all the source ip addresses and opened it up in Excel. What I found was that 98.7% of failed logon attempts were made by just four different ip addresses. (I recommend using MaxMind’s GeoIP Address Locator for help in determining where the source addresses are located.) More >
Logon Script: Move Local PST Files To Network Share
Oct 14th
Download Script: move-pst-to-network.zip
So, my buddy (and former co-worker) called me yesterday for some help with a script he put together. His script checked the local profile in Outlook for any PST files that were stored locally. If it found any, it would them move them to the users home space. We tried and tried to get the script to work properly but it never seemed to work 100%. Being that he is a good friend and this would be useful at work, I decided to take the work he had put in and get the thing working. More >
Unexplained Phenomenom: Google’s Doodle Gogle
Sep 5th
NOOO!!!! Not my O!
Okay, okay. I know you are expecting another brain-dead response to Go_gle’s recent doodle. However, I am sick of it and I want to debunk several of the pages that say they have solved the mystery. Here are a few interesting events: More >
Windows Server 2008 Print Services – ntprint.inf and 64-bit
Aug 6th
The Good Ole' Days
Due to some unforeseen issues with our 2003 R2 print server, I decided it was about time to build up a new print server. The old print server was built up by another person and it was never very stable so this was a good time to start with a clean slate.
Our old server was a Dell Poweredge with a 32-bit proc. This time, we are going to use our new VMWare ESX environment to stand up a 2008 Server in 64-bit.
Everything went well until I got to our Dell Printers. I added the 64-bit drivers and setup the printer. All was well. I went to the sharing tab in the printer properties to add x86 (32-bit) support. I checked the box and got an error: More >
Should I be excited to finally receive a Nigerian scam e-mail?
Apr 7th
This weekend, I finally received my first Nigerian scam e-mail. In actuality, this is probably not the first but it is the first one to make it through the e-mail filters. I have to admit, I have felt a little left out over the past few years. I always heard about these e-mails but I never received one. Here is the text from the message:
Subject: PLEASE I NEED YOUR ASSISTANCE
From: clementmattins
Sincere Greeting,
I’m Mr. Clement Mattins from bank of Africa. firstly,accept my apologies ,am the personal accountant to Dr. Ravindra F. Shah who died with his wife Mrs. Manjula Parikh-Shah in a plane crash on 1st Oct. 2003 on their way to Boston. i came across ($8,500.000.00USD) in his balance with our Bank (B.O.A), then i want you to provide an account where this money will be transfer into for both of us, If you are willing to assist me, therefore you should contact me immediately you receive this E-mail for more detail, Regards Mr Clement Mattins Telephone: +226 78 31 77 67
After looking around the net, it became obvious that this is a 419 scam. A few ideas came to mind. Should I play along and screw with the scammer? Should I report this to some official government agency? More >
Fedora 11 Beta: First Reactions
Mar 28th
It seems like just yesterday that I got home from Iraq and refreshed my laptop (Dell Latitude D610). I ran Fedora 8 the entire time I was in Habbaniyah. After getting home, I was excited to get a chance to skip 9 and go right to Fedora 10. I didn’t use it long before I got a new laptop (Dell Latitude D630). Linux never made it on the new laptop. After I read a review of Fedora 11 Beta, I figured it was worth a shot. I downloaded Gparted LiveCD, opened up 20GB of space and popped in the DVD. I split this posting into three sections: the good, the mediocre and the ugly. More >
Backups In The Cloud: Weighing The Risks
Mar 24th
I have been asked by several small businesses and individuals regarding services like those offered by Carbonite, Mozy and iDrive. I’ve always had a bad feeling about the idea. Recently though, I thought a little harder about the reasons why I could never store all my data online. Of course, online backup systems are infinitely more valuable than no backup solution at all. As some readers have pointed out, online backup services have saved a lot of butts. At the same time, there are some factors that make online backups less attractive to the “old fashioned way” of backing up data. There are three main factors that I feel give standard backups an upper hand.
- Storage is cheap.
- Your data is only as safe as your password.
- When stored online, your data is no longer yours.
While these factors are why I do not recommend online backups, I want to take a moment to discuss when online backups do make sense. More >
