How can I append the content of a.bin to b.bin in Powershell?
- by Alon
How can I append the content of the file a.bin to the file b.bin in Powershell?
Search Results
Search found 25534 results on 1022 pages for 'write powershell'.
Page 31/1022 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38 | Next Page >
-
-
How to select a user and remove all groups they are a member of using Powershell (with Quest)?
- by Don
I've read quite a bit online about this and thought I had found a solution, but it doesn't seem to be working like I would expect. I am wanting to get a user based on the username I input, then remove all groups that it is a member of. Basically the same thing as going into ADUC, selecting the user, selecting the Member Of tab, highlighting everything (except domain users of course) and selecting remove. Here's the command I'm trying to use: Get-QADUser -Name $username | Remove-QADMemberOf -RemoveAll Others have said online that it works for them, but so far it hasn't for me. It doesn't give an error, it accepts the command just fine, but when I look in ADUC, the groups are still there for the user. Any suggestions as to what I may be doing wrong? Executing from Windows 7 with domain admin rights, Exchange cmdlets and Quest snapin loaded. Thanks!Read the article
-
Hi, anyone met the sending issue like this? By using powershell
- by pansal
My script is about sending notfication email, and it was running well on my local machine, but when I removed it to an server 2k3, the email cannot be sent out with below error log: Exception calling "Send" with "1" argument(s): "The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated" At line:1 char:19 + $smtp_buglist.Send <<<< ($mail_buglist) + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException Please help me out of this, I am confused.Read the article
-
Samba smb.conf read only and read/write accounts
- by Pieter
Below you can see my smb.conf, pieter is my admin user read/write on the shares works good with that account. Then I have a leecher account that has been added with smbpasswd -a leecher to the smb users, it is set up so this user only has read access to the shares. This works on MegaSam and on Thumbnails but not on my other drives, leecher does not get any access on the other shares. [global] security = user [MegaSam] comment = MegaSam path = /media/MegaSam browsable = yes guest ok = no read list = leecher write list = pieter create mask = 0755 [SilentBob] comment = SilentBob path = /media/SilentBob browsable = yes guest ok = no read list = leecher write list = pieter create mask = 0755 [Thumbnails] comment = Thumbnails path = /media/Thumbnails browsable = yes guest ok = no read list = leecher write list = pieter create mask = 0755 [Downloads] comment = Downloads path = /media/Downloads browsable = yes guest ok = no read list = leecher write list = pieter create mask = 0755Read the article
-
PowerShell Script To Find Where SharePoint 2010 Features Are Activated
- by Brian Jackett
The script on this post will find where features are activated within your SharePoint 2010 farm. Problem Over the past few months I’ve gotten literally dozens of emails, blog comments, or personal requests from people asking “how do I find where a SharePoint feature has been activated?” I wrote a script to find which features are installed on your farm almost 3 years ago. There is also the Get-SPFeature PowerShell commandlet in SharePoint 2010. The problem is that these only tell you if a feature is installed not where they have been activated. This is especially important to know if you have multiple web applications, site collections, and /or sites. Solution The default call (no parameters) for Get-SPFeature will return all features in the farm. Many of the parameter sets accept filters for specific scopes such as web application, site collection, and site. If those are supplied then only the enabled / activated features are returned for that filtered scope. Taking the concept of recursively traversing a SharePoint farm and merging that with calls to Get-SPFeature at all levels of the farm you can find out what features are activated at that level. Store the results into a variable and you end up with all features that are activated at every level. Below is the script I came up with (slight edits for posting on blog). With no parameters the function lists all features activated at all scopes. If you provide an Identity parameter you will find where a specific feature is activated. Note that the display name for a feature you see in the SharePoint UI rarely matches the “internal” display name. I would recommend using the feature id instead. You can download a full copy of the script by clicking on the link below. Note: This script is not optimized for medium to large farms. In my testing it took 1-3 minutes to recurse through my demo environment. This script is provided as-is with no warranty. Run this in a smaller dev / test environment first. 001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 function Get-SPFeatureActivated { # see full script for help info, removed for formatting [CmdletBinding()] param( [Parameter(position = 1, valueFromPipeline=$true)] [Microsoft.SharePoint.PowerShell.SPFeatureDefinitionPipeBind] $Identity )#end param Begin { # declare empty array to hold results. Will add custom member ` # for Url to show where activated at on objects returned from Get-SPFeature. $results = @() $params = @{} } Process { if([string]::IsNullOrEmpty($Identity) -eq $false) { $params = @{Identity = $Identity ErrorAction = "SilentlyContinue" } } # check farm features $results += (Get-SPFeature -Farm -Limit All @params | % {Add-Member -InputObject $_ -MemberType noteproperty ` -Name Url -Value ([string]::Empty) -PassThru} | Select-Object -Property Scope, DisplayName, Id, Url) # check web application features foreach($webApp in (Get-SPWebApplication)) { $results += (Get-SPFeature -WebApplication $webApp -Limit All @params | % {Add-Member -InputObject $_ -MemberType noteproperty ` -Name Url -Value $webApp.Url -PassThru} | Select-Object -Property Scope, DisplayName, Id, Url) # check site collection features in current web app foreach($site in ($webApp.Sites)) { $results += (Get-SPFeature -Site $site -Limit All @params | % {Add-Member -InputObject $_ -MemberType noteproperty ` -Name Url -Value $site.Url -PassThru} | Select-Object -Property Scope, DisplayName, Id, Url) $site.Dispose() # check site features in current site collection foreach($web in ($site.AllWebs)) { $results += (Get-SPFeature -Web $web -Limit All @params | % {Add-Member -InputObject $_ -MemberType noteproperty ` -Name Url -Value $web.Url -PassThru} | Select-Object -Property Scope, DisplayName, Id, Url) $web.Dispose() } } } } End { $results } } #end Get-SPFeatureActivated Snippet of output from Get-SPFeatureActivated Conclusion This script has been requested for a long time and I’m glad to finally getting a working “clean” version. If you find any bugs or issues with the script please let me know. I’ll be posting this to the TechNet Script Center after some internal review. Enjoy the script and I hope it helps with your admin / developer needs. -Frog OutRead the article
-
How to mount a HFS partition in Ubuntu as Read/Write?
- by GiH
I plugged in my external harddrive (which was formatted on my Mac into HFS+ journaled) to my Ubuntu desktop 9.04 64bit. I am not able to get the drive to mount with write capability, how do I do that? Right now all I'm getting is read access, I tried sudo mount -t hfsplus /dev/sdf2 /media/"Portable HD" but that still gave me only read access... ideas??Read the article
-
Modify “Link”/ "HyperLink"/URL field using Powershell
- by KunaalKapoor
If you are trying to update a hyperlink/url type of column of a SharePoint list item using PowerShell and are getting the exception:Unable to index into an object of type Microsoft.SharePoint.SPListItem.At C:\mypowershell.ps1:39 char:10+ $item[ <<<< "Website"] = $itemUrl + CategoryInfo : InvalidOperation: (RW_Website:String) [], RuntimeException + FullyQualifiedErrorId : CannotIndexThen look no further :)The url is basically stored like a simple string with url, description divided by comma.So all you need to do is:$myUrl = "http://www.google.com, Google"$listitem["Link"] = $myUrlThat will, assuming "Link" is a type of "Hyperlink or Picture" (Hyperlink), create a link that says Google and links to http://www.google.com.Also make sure you don't miss out on the 'http://' part as without that the value will not pass the SharePoint validation of allowed values.Read the article
-
Can't write to NTFS formatted drives
- by mloman
I'm not sure what has happened, but I've all of a sudden lost write access to any of my NTFS external drives. I installed a few games and apps from the software center, and now I can't make new folders or copy and paste files to anything that is NTFS. Everything is now read only, and I've tried so many things to fix it, but it seems hopeless. Just to check if it wasn't the drives themselves, I made a little ntfs formatted truecrypt volume, and a fat formatted volume. And yes, it seems that Ubuntu is blocking me from writing anything to NTFS. What happened here? Whats a way I can simply get write access to my NTFS drives, so I can just backup all my stuff. I'll probably reinstall Ubuntu. Please help. UPDATE (and thanks everyone for their quick replies) The problem has been solved. Prior to noticing that I had lost NTFS write permission, I had installed GParted from the software center, and there was an extension called ntfsprogs that came with it. During my search for a solution to the problem, I uninstalled GParted (as that was one of the apps I installed just before the problem). But that did not solve the problem. I came across an app called 'NTFS Configuration Tool'. When I installed this, it said that the ntfsprogs extension needed to be removed (so I guess uninstalling GPARTED, didn't remove the ntfsprog extension). I launched the NTFS Configuration Tool and now I have write access to NTFS drives. Unfortunately, I didn't check if I had write permission prior to launching the NTFS Configuration Tool, so I'm not sure whether the NTFS Configuration Tool, or the un-installation of ntfsprog gave me back NTFS write permission. Hopefully if another newbee encounters this problem, they'll come across this page and know what to do.Read the article
-
Calling PowerShell from .NET
I have been working with Windows Server AppFabric caching lately and have found it to be very impressive. The more that I work with it the more that I can see areas that it can be utilized. One of the things that will become quite evident as you start using it is that much of the setup and configuration is done through PowerShell cmdlets. I am in the process of putting together an application and I want the application to be able to create and pre-populate the cache. As I looked...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.Read the article
-
Very slow write access to SSD disks on some Asus P8Z77 motherboards
- by lenik
I have Asus P8Z77-V LK motherboard, that ran Mint 13 (based on Ubuntu 12.04) just perfectly, but recently I've tried to install Mint 17 and noticed abysmal write performance. Write speed on SSD disk was about 1.5MB/sec, when it's supposed to be in 150-250MB/sec range. For write testing I've used dd if=/dev/zero of=/dev/sda bs=10M count=10 while booted up from LiveCD. I have also tested the read speed with hdparm -tT /dev/sda and got about 440MB/sec -- that's normal. I can tell, the read performance has not degraded at all and is not an issue here. Since I had a few different SSD disks and few motherboards, I've tested and tested and here are results: Asus P8H77 works fine with Mint13, has very slow write speed starting from Mint14. Asus P8Z77-V LK works with Mint13, has very slow write speed starting from Mint14. Asus P8Z77-V PRO works with Mint13, and works just fine with Mint14, 15, 16 and 17. The only difference between "PRO" version and others is that it has extra SATA controller onboard (in addition to the Z77 chipset SATA controller) providing extra 2 SATA ports. SSD disks work fine with "PRO" version when connected to the native SATA ports as well as to the ports provided by extra SATA controller, so this does not look like a hardware issue. As far as I can tell, there's something changed in the kernel while going from 3.2 to 3.5, that affects the detection of onboard SATA controller for Asus P8*77 motherboards, that screws up the write speed for SSD drives. Could anyone shed some light on how to fix this issue or, possibly, give a pointer to a more suitable place to ask this question?Read the article
-
Max Trinidad Sells PowerShell on the Puerto Rican Seashore
- by SQLBeat
In this episode, Max Trinidad, Powershell MVP lets me bait him into predicting the future of computing and helps me understand a thing or two about cultural misconceptions around locked men’s restrooms at busy cantinas. We are in beautiful Puerto Rico for this podcast and in honor of that, I try my hand at Espanol. I know as much Spanish as I do BizTalk Server and it shows, embarrassingly so. Max is always happy but I make him cry on this one and I feel really horrible about it. I promise. It is my function. CLICK BELOW TO LISTEN >>>>>>>CLICK HERE TO LISTEN >>>>>>>>>> CLICK ABOVE TO SHARPEN YOUR CLAYMORERead the article
-
Slides and Scripts from Metalogix Webcast Master Your SharePoint Migration With PowerShell
- by Brian Jackett
Thanks to everyone who attended the Metalogix webcast “Master Your SharePoint Migration with PowerShell” I guest presented on today. We had great attendance and no technical hitches which is always a plus. A number of attendees asked for my slide deck which you can find at the link below. As a bonus I am including a set of demo scripts that I typically use with the longer version of this presentation. If you have any questions or comments please feel free to reach out to me. A big thanks once again to Metalogix for giving me the opportunity to work with them. Scripts and Slidedeck Click Here -Frog OutRead the article
-
PowerShell script to find files that are consuming the most disk space
As you know, SQL Server databases and backup files can take up a lot of disk space. When disk is running low and you need to troubleshoot disk space issues, the first thing to do is to find large files that are consuming disk space. In this article I will show you a PowerShell script that you can use to find large files on your disks. 12 essential tools for database professionalsThe SQL Developer Bundle contains 12 tools designed with the SQL Server developer and DBA in mind. Try it now.Read the article
-
Email Job Failures Report to DBA using PowerShell
MySQL introduced its own brand of job scheduling, called Events, in version 5.1. However, some Database Administrators (DBAs) feel that it isn't quite ready for prime time. This article presents a hybrid solution that uses MySQL Event Scheduling to manage the batch jobs and Windows PowerShell for the error handling. Does your database ever get out of sync?SQL Connect is a Visual Studio add-in that brings your databases into your solution. It then makes it easy to keep your database in sync, and commit to your existing source control system. Find out more.Read the article
-
How to troubleshoot a 'System.Management.Automation.CmdletInvocationException'
- by JamesD
Does anyone know how best to determine the specific underlying cause of this exception? Consider a WCF service that is supposed to use Powershell 2.0 remoting to execute MSBuild on remote machines. In both cases the scripting environments are being called in-process (via C# for Powershell and via Powershell for MSBuild), rather than 'shelling-out' - this was a specific design decision to avoid command-line hell as well as to enable passing actual objects into the Powershell script. The Powershell script that calls MSBuild is shown below: function Run-MSBuild { [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Build.Engine") $engine = New-Object Microsoft.Build.BuildEngine.Engine $engine.BinPath = "C:\Windows\Microsoft.NET\Framework\v3.5" $project = New-Object Microsoft.Build.BuildEngine.Project($engine, "3.5") $project.Load("deploy.targets") $project.InitialTargets = "DoStuff" # # Set some initial Properties & Items # # Optionally setup some loggers (have also tried it without any loggers) $consoleLogger = New-Object Microsoft.Build.BuildEngine.ConsoleLogger $engine.RegisterLogger($consoleLogger) $fileLogger = New-Object Microsoft.Build.BuildEngine.FileLogger $fileLogger.Parameters = "verbosity=diagnostic" $engine.RegisterLogger($fileLogger) # Run the build - this is the line that throws a CmdletInvocationException $result = $project.Build() $engine.Shutdown() } When running the above script from a PS command prompt it all works fine. However, as soon as the script is executed from C# it fails with the above exception. The C# code being used to call Powershell is shown below (remoting functionality removed for simplicity's sake): // Build the DTO object that will be passed to Powershell dto = SetupDTO() RunspaceConfiguration runspaceConfig = RunspaceConfiguration.Create(); using (Runspace runspace = RunspaceFactory.CreateRunspace(runspaceConfig)) { runspace.Open(); IList errors; using (var scriptInvoker = new RunspaceInvoke(runspace)) { // The Powershell script lives in a file that gets compiled as an embedded resource TextReader tr = new StreamReader(Assembly.GetExecutingAssembly().GetManifestResourceStream("MyScriptResource")); string script = tr.ReadToEnd(); // Load the script into the Runspace scriptInvoker.Invoke(script); // Call the function defined in the script, passing the DTO as an input object var psResults = scriptInvoker.Invoke("$input | Run-MSBuild", dto, out errors); } } Assuming that the issue was related to MSBuild outputting something that the Powershell runspace can't cope with, I have also tried the following variations to the second .Invoke() call: var psResults = scriptInvoker.Invoke("$input | Run-MSBuild | Out-String", dto, out errors); var psResults = scriptInvoker.Invoke("$input | Run-MSBuild | Out-Null", dto, out errors); var psResults = scriptInvoker.Invoke("Run-MSBuild | Out-String"); var psResults = scriptInvoker.Invoke("Run-MSBuild | Out-String"); var psResults = scriptInvoker.Invoke("Run-MSBuild | Out-Null"); I've also looked at using a custom PSHost (based on this sample: http://blogs.msdn.com/daiken/archive/2007/06/22/hosting-windows-powershell-sample-code.aspx), but during debugging I was unable to see any 'interesting' calls to it being made. Do the great and the good of Stackoverflow have any insight that might save my sanity?Read the article
-
How to extract $lastexitcode from c# powershell script execution.
- by scope-creep
Hi, I've got a scipt executing in C# using the powershell async execution code on code project here: http://www.codeproject.com/KB/threads/AsyncPowerShell.aspx?display=PrintAll&fid=407636&df=90&mpp=25&noise=3&sort=Position&view=Quick&select=2130851#xx2130851xx I need to return the $lastexitcode and Jean-Paul describes how you can use a custom pshost class to return it. I can't find any method or property in pshost that returns the exit code. This engine I have needs to ensure that script executes correctly. Any help would be appreciated. regards Bob. Its the $lastexitcode and the $? variables I need to bring back. Hi, Finally answered. I found out about the $host variable. It implements a callback into the host, specifically a custom PSHost object, enabling you to return the $lastexitcode. Here is a link to an explanation of $host. http://mshforfun.blogspot.com/2006/08/do-you-know-there-is-host-variable.html It seems to be obscure, badly documented, as usual with powershell docs. Using point 4, calling $host.SetShouldExit(1) returns 1 to the SetShouldExit method of pshost, as described here. http://msdn.microsoft.com/en-us/library/system.management.automation.host.pshost.setshouldexit(VS.85).aspx Its really depends on defining your own exit code defintion. 0 and 1 suffixes I guess. regards Bob.Read the article
-
How do I use Powershell to print a list of hyperlinks that appear in a Word document?
- by dwwilson66
I asked this question last week, and my script cannot find any hyperlinks to change. Now I'm backing up and trying to simply open a single document and list the hyperlinks within. I've verified that the document includes hyperlinks to a number of anchors in the same document, and two hyperlinks to documents in the same directory. However, either Powershell isn't finding links in the doc or I'm outputting the list to the console improperly. Here's my bare-bones code $word = New-Object -ComObject Word.Application $doc ="R:\path\Reporting_Emergency_Or_Hazardous_Situation_-_BC_CC.doc" $hyperlinks = @($doc.Hyperlinks) $hyperlinks $word.quit() or, for line 4 Write-Host $hyperlinks or, again for line 4 $hyperlinks | % {Write-Host $_.address} No errors, just blank results. Not even an object reference to the $hyperlinks array. When I modify line 4 to % $address in $hyperlinks { Write-Host $._address } I get the following error...but it's unclear if I'm trying to read a null array? or if the value is blank. ForEach-Object : Cannot bind parameter 'Process'. Cannot convert the "in" value of type "System.String" to type "System.Management.Automation.ScriptBlock". At F:\path\HyperLinkScrub.ps1:46 char:2 + % <<<< $address in $hyperlinks { + CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand What am I missing here? I've verified that the Word doc has hyperlinks, and ultimately, I'm trying to diagnose if my script isn't looking for them properly, or if I'm not outputting them to the console properly.Read the article
-
How to test for existence of a script-scoped variable in PowerShell?
- by Damian Powell
Is it possible to test for the existence of a script-scoped variable in PowerShell? I've been using the PowerShell Community Extensions (PSCX) but I've noticed that if you import the module while Set-PSDebug -Strict is set, an error is produced: The variable '$SCRIPT:helpCache' cannot be retrieved because it has not been set. At C:\Users\...\Modules\Pscx\Modules\GetHelp\Pscx.GetHelp.psm1:5 char:24 While investigating how I might fix this, I found this piece of code in Pscx.GetHelp.psm1: #requires -version 2.0 param([string[]]$PreCacheList) if ((!$SCRIPT:helpCache) -or $RefreshCache) { $SCRIPT:helpCache = @{} } This is pretty straight forward code; if the cache doesn't exist or needs to be refreshed, create a new, empty cache. The problem is that calling $SCRIPT:helpCache while Set-PSDebug -Strict is in force casues the error because the variable hasn't been defined yet. Ideally, we could use a Test-Variable cmdlet but such a thing doesn't exist! I thought about looking in the variable: provider but I don't know how to determine the scope of a variable. So my question is: how can I test for the existence of a variable while Set-PSDebug -Strict is in force, without causing an error?Read the article
-
PowerShell function arguments: Can the first one be optional first?
- by Johannes Rössel
I have an advanced function in PowerShell, which roughly looks like this: function Foo { [CmdletBinding] param ( [int] $a = 42, [int] $b ) } The idea is that it can be run with either two, one or no arguments. However, the first argument to become optional is the first one. So the following scenarios are possible to run the function: Foo a b # the normal case, both a and b are defined Foo b # a is omitted Foo # both a and b are omitted However, normally PowerShell tries to fit the single argument into a. So I thought about specifying the argument positions explicitly, where a would have position 0 and b position 1. However, to allow for only b specified I tried putting a into a parameter set. But then b would need a different position depending on the currently-used parameter set. Any ideas how to solve this properly? I'd like to retain the parameter names (which aren't a and b actually), so using $args is probably a last resort. I probably could define two parameter sets, one with two mandatory parameters and one with a single optional one, but I guess the parameter names have to be different in that case, then, right?Read the article
-
Is there a way to create a copy-on-write copy of a directory?
- by BCS
I'm thinking of a situation where I would have something that creates a copy of a directory, tweaks a few files, and then does some processing on the result. This wold be done fairly often, maybe a few dozen times a day. (The exact use case is testing patch submissions; dupe the code, patch it, build/test/report/etc.) What I'm looking for could be done by creating a new directory structure and populating it with hard links from the origonal. However this only works if all the tools you use delete and recreate files rather than edit them in place. Is there a way to have the file system do copy-on-write for a file? Note: I'm aware that many FSs use COW at a block level (all updates are done via writes to new blocks) but this is not what I want.Read the article
-
Php efficiency question --> Database call vs. File Write vs. Calling C++ executable
- by JP19
Hi, What I wish to achieve is - log all information about each and every visit to every page ofmy website (like ip address, browser, referring page, etc). Now this is easy to do. What I am interested is doing this in a way so as to cause minimum overhead (runtime) in the php scripts. What is the best approach for this efficiency-wise: 1) Log all information to a database table 2) Write to a file (from php directly) 3) Call a C++ executable, that will write this info to a file in parallel [so the script can continue execution without waiting for the file write to occur ...... is this even possible] I may be trying to optimize unnecessarily/prematurely, but still - any thoughts / ideas on this would be appreciated. (I think efficiency of file write/logging can really be a concern if I have say 100 visits per minute...) Thanks & Regards, JPRead the article
-
Auto blocking attacking IP address
- by dong
This is to share my PowerShell code online. I original asked this question on MSDN forum (or TechNet?) here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/f950686e-e3f8-4cf2-b8ec-2685c1ed7a77 In short, this is trying to find attacking IP address then add it into Firewall block rule. So I suppose: 1, You are running a Windows Server 2008 facing the Internet. 2, You need to have some port open for service, e.g. TCP 21 for FTP; TCP 3389 for Remote Desktop. You can see in my code I’m only dealing with these two since that’s what I opened. You can add further port number if you like, but the way to process might be different with these two. 3, I strongly suggest you use STRONG password and follow all security best practices, this ps1 code is NOT for adding security to your server, but reduce the nuisance from brute force attack, and make sys admin’s life easier: i.e. your FTP log won’t hold megabytes of nonsense, your Windows system log will not roll back and only can tell you what happened last month. 4, You are comfortable with setting up Windows Firewall rules, in my code, my rule has a name of “MY BLACKLIST”, you need to setup a similar one, and set it to BLOCK everything. 5, My rule is dangerous because it has the risk to block myself out as well. I do have a backup plan i.e. the DELL DRAC5 so that if that happens, I still can remote console to my server and reset the firewall. 6, By no means the code is perfect, the coding style, the use of PowerShell skills, the hard coded part, all can be improved, it’s just that it’s good enough for me already. It has been running on my server for more than 7 MONTHS. 7, Current code still has problem, I didn’t solve it yet, further on this point after the code. :) #Dong Xie, March 2012 #my simple code to monitor attack and deal with it #Windows Server 2008 Logon Type #8: NetworkCleartext, i.e. FTP #10: RemoteInteractive, i.e. RDP $tick = 0; "Start to run at: " + (get-date); $regex1 = [regex] "192\.168\.100\.(?:101|102):3389\s+(\d+\.\d+\.\d+\.\d+)"; $regex2 = [regex] "Source Network Address:\t(\d+\.\d+\.\d+\.\d+)"; while($True) { $blacklist = @(); "Running... (tick:" + $tick + ")"; $tick+=1; #Port 3389 $a = @() netstat -no | Select-String ":3389" | ? { $m = $regex1.Match($_); ` $ip = $m.Groups[1].Value; if ($m.Success -and $ip -ne "10.0.0.1") {$a = $a + $ip;} } if ($a.count -gt 0) { $ips = get-eventlog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+10"} | foreach { ` $m = $regex2.Match($_.Message); $ip = $m.Groups[1].Value; $ip; } | Sort-Object | Tee-Object -Variable list | Get-Unique foreach ($ip in $a) { if ($ips -contains $ip) { if (-not ($blacklist -contains $ip)) { $attack_count = ($list | Select-String $ip -SimpleMatch | Measure-Object).count; "Found attacking IP on 3389: " + $ip + ", with count: " + $attack_count; if ($attack_count -ge 20) {$blacklist = $blacklist + $ip;} } } } } #FTP $now = (Get-Date).AddMinutes(-5); #check only last 5 mins. #Get-EventLog has built-in switch for EventID, Message, Time, etc. but using any of these it will be VERY slow. $count = (Get-EventLog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+8" -and ` $_.TimeGenerated.CompareTo($now) -gt 0} | Measure-Object).count; if ($count -gt 50) #threshold { $ips = @(); $ips1 = dir "C:\inetpub\logs\LogFiles\FPTSVC2" | Sort-Object -Property LastWriteTime -Descending ` | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} ` | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object ` | where {$_.Count -ge 10} | select -ExpandProperty Name; $ips2 = dir "C:\inetpub\logs\LogFiles\FTPSVC3" | Sort-Object -Property LastWriteTime -Descending ` | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} ` | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object ` | where {$_.Count -ge 10} | select -ExpandProperty Name; $ips += $ips1; $ips += $ips2; $ips = $ips | where {$_ -ne "10.0.0.1"} | Sort-Object | Get-Unique; foreach ($ip in $ips) { if (-not ($blacklist -contains $ip)) { "Found attacking IP on FTP: " + $ip; $blacklist = $blacklist + $ip; } } } #Firewall change <# $current = (netsh advfirewall firewall show rule name="MY BLACKLIST" | where {$_ -match "RemoteIP"}).replace("RemoteIP:", "").replace(" ","").replace("/255.255.255.255",""); #inside $current there is no \r or \n need remove. foreach ($ip in $blacklist) { if (-not ($current -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $c= 'netsh advfirewall firewall set rule name="MY BLACKLIST" new RemoteIP="{0},{1}"' -f $ip, $current; Invoke-Expression $c; } } #> foreach ($ip in $blacklist) { $fw=New-object –comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx $myrule = $fw.Rules | where {$_.Name -eq "MY BLACKLIST"} | select -First 1; # Potential bug here? if (-not ($myrule.RemoteAddresses -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $myrule.RemoteAddresses+=(","+$ip); } } Wait-Event -Timeout 30 #pause 30 secs } # end of top while loop. Further points: 1, I suppose the server is listening on port 3389 on server IP: 192.168.100.101 and 192.168.100.102, you need to replace that with your real IP. 2, I suppose you are Remote Desktop to this server from a workstation with IP: 10.0.0.1. Please replace as well. 3, The threshold for 3389 attack is 20, you don’t want to block yourself just because you typed your password wrong 3 times, you can change this threshold by your own reasoning. 4, FTP is checking the log for attack only to the last 5 mins, you can change that as well. 5, I suppose the server is serving FTP on both IP address and their LOG path are C:\inetpub\logs\LogFiles\FPTSVC2 and C:\inetpub\logs\LogFiles\FPTSVC3. Change accordingly. 6, FTP checking code is only asking for the last 200 lines of log, and the threshold is 10, change as you wish. 7, the code runs in a loop, you can set the loop time at the last line. To run this code, copy and paste to your editor, finish all the editing, get it to your server, and open an CMD window, then type powershell.exe –file your_powershell_file_name.ps1, it will start running, you can Ctrl-C to break it. This is what you see when it’s running: This is when it detected attack and adding the firewall rule: Regarding the design of the code: 1, There are many ways you can detect the attack, but to add an IP into a block rule is no small thing, you need to think hard before doing it, reason for that may include: You don’t want block yourself; and not blocking your customer/user, i.e. the good guy. 2, Thus for each service/port, I double check. For 3389, first it needs to show in netstat.exe, then the Event log; for FTP, first check the Event log, then the FTP log files. 3, At three places I need to make sure I’m not adding myself into the block rule. –ne with single IP, –like with subnet. Now the final bit: 1, The code will stop working after a while (depends on how busy you are attacked, could be weeks, months, or days?!) It will throw Red error message in CMD, don’t Panic, it does no harm, but it also no longer blocking new attack. THE REASON is not confirmed with MS people: the COM object to manage firewall, you can only give it a list of IP addresses to the length of around 32KB I think, once it reaches the limit, you get the error message. 2, This is in fact my second solution to use the COM object, the first solution is still in the comment block for your reference, which is using netsh, that fails because being run from CMD, you can only throw it a list of IP to 8KB. 3, I haven’t worked the workaround yet, some ideas include: wrap that RemoteAddresses setting line with error checking and once it reaches the limit, use the newly detected IP to be the list, not appending to it. This basically reset your block rule to ground zero and lose the previous bad IPs. This does no harm as it sounds, because given a certain period has passed, any these bad IPs still not repent and continue the attack to you, it only got 30 seconds or 20 guesses of your password before you block it again. And there is the benefit that the bad IP may turn back to the good hands again, and you are not blocking a potential customer or your CEO’s home pc because once upon a time, it’s a zombie. Thus the ZEN of blocking: never block any IP for too long. 4, But if you insist to block the ugly forever, my other ideas include: You call MS support, ask them how can we set an arbitrary length of IP addresses in a rule; at least from my experiences at the Forum, they don’t know and they don’t care, because they think the dynamic blocking should be done by some expensive hardware. Or, from programming perspective, you can create a new rule once the old is full, then you’ll have MY BLACKLIST1, MY BLACKLIST2, MY BLACKLIST3, … etc. Once in a while you can compile them together and start a business to sell your blacklist on the market! Enjoy the code! p.s. (PowerShell is REALLY REALLY GREAT!)Read the article
-
PowerShell One Liner: Duplicating a folder structure in a Sharepoint document library
- by Darren Gosbell
I was asked by someone at work the other day, if it was possible in Sharepoint to create a set of top level folders in one document library based on the set of folders in another library. One document library has a set of top level folders that is basically a client list and we needed to create the same top level folders in another library. I knew that it was possible to open a Sharepoint document library in explorer using a UNC style path and that you could map a drive using a technique like this one: http://www.endusersharepoint.com/2007/11/16/can-i-map-a-document-library-as-a-mapped-drive/. But while explorer would let us copy the folders, it would also take all of the folder contents too, which was not what we wanted. So I figured that some sort of PowerShell script was probably the way to go and it turned out to be even easier than I thought. The following script did it in one line, so I thought I would post it here in my "online memory". :) dir "\\sharepoint\client documents" | where {$_.PSIsContainer} | % {mkdir "\\sharepoint\admin documents\$($_.Name)"} I use "dir" to get a listing from the source folder, pipe it through "where" to get only objects that are folders and then do a foreach (using the % alias) and call "mkdir".Read the article
-
PowerShell a constant in a changing world
- by Rob Addis
I've been programming for about 20 years now some of my friends have been at it for over 30. I have read many, many manuals and yes it's not my favourite past time. So 10 years ago I made a promise to myself to try and only learn about products which have long life times. I immediately gave up programming GUIs and concentrated on back end development as I decided that these products (Oracle, MQ Series, SQL Server, BizTalk and later WCF, WF) have longer life times and smaller incremental changes than front end products.10 years ago I had no idea how good a decision that would turn out to be. There have been so many different Microsoft products for the front end in that time; multiple versions of Windows Forms, FrontPage, Html, Javascript, ASP.net, Silverlight, SharePoint, WPF and now hopefully a stayer Metro.I remember being at a Microsoft conference in 2006 when Martin Fowler told a crowd of developers (I'm paraphrasing) "If you don't like change then you're in the wrong business!". Well I've been in the business for 20 years and yes I'm a little resistant to change. I like my investment in reading manuals and getting certified to be time well spent!Over the last 2 years I have been writing A LOT of PowerShell script, I think there is a good chance this product will still be around and be used for new development in 10 years, learning it is a good investment.Read the article
-
Import-Pssession is not importing cmdlets when used in a custom module
- by Douglas Plumley
I have a PowerShell script/function that works great when I use it in my PowerShell profile or manually copy/paste the function in the PowerShell window. I'm trying to make the function accessible to other members of my team as a module. I want to have the module stored in a central place so we can all add it to our PSModulePath. Here is a copy of the basic function: Function Connect-O365{ $o365cred = Get-Credential [email protected] $session365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $o365cred -Authentication Basic -AllowRedirection Import-PSSession $session365 -AllowClobber } If I save this function in my PowerShell profile it works fine. I can dot source a *.ps1 script with this function in it and it works as well. The issue is when I save the function as a *.psm1 PowerShell script module. The function runs fine but none of the exported commands from the Import-PSSession are available. I think this may have something to do with the module scope. I'm looking for suggestions on how to get around this. EDIT When I create the following module and run Connect-O365 the imported cmdlets will not be available. $scriptblock = { Function Connect-O365{ $o365cred = Get-Credential [email protected] $session365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $o365cred -Authentication Basic -AllowRedirection Import-PSSession $session365 -AllowClobber } } New-Module -Name "Office 365" -ScriptBlock $scriptblock When I import the next module without the Connect-O365 function the imported cmdlets are available. $scriptblock = { $o365cred = Get-Credential [email protected] $session365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $o365cred -Authentication Basic -AllowRedirection Import-PSSession $session365 -AllowClobber } New-Module -Name "Office 365" -ScriptBlock $scriptblock This appears to be a scope issue of some sort, just not sure how to get around it.Read the article
